diff options
-rw-r--r-- | etc/catfish.profile | 7 | ||||
-rw-r--r-- | etc/evince.profile | 2 | ||||
-rw-r--r-- | etc/gnome-calculator.profile | 1 | ||||
-rw-r--r-- | etc/whitelist-common.inc | 1 | ||||
-rw-r--r-- | etc/whitelist-var-common.inc | 2 |
5 files changed, 11 insertions, 2 deletions
diff --git a/etc/catfish.profile b/etc/catfish.profile index 498f3b6ee..5fc585d90 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -8,8 +8,13 @@ include /etc/firejail/globals.local | |||
8 | # We can't blacklist much since catfish | 8 | # We can't blacklist much since catfish |
9 | # is for finding files/content | 9 | # is for finding files/content |
10 | noblacklist ~/.config/catfish | 10 | noblacklist ~/.config/catfish |
11 | include /etc/firejail/disable-common.inc | ||
12 | # include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
11 | 15 | ||
12 | include /etc/firejail/disable-devel.inc | 16 | whitelist /var/lib/mlocate |
17 | include /etc/firejail/whitelist-var-common.inc | ||
13 | 18 | ||
14 | caps.drop all | 19 | caps.drop all |
15 | net none | 20 | net none |
diff --git a/etc/evince.profile b/etc/evince.profile index 5c6215bb2..f503b9a8e 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | no3d | 19 | no3d |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 6547c73df..326222426 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/whitelist-common.inc | 13 | include /etc/firejail/whitelist-common.inc |
14 | include /etc/firejail/whitelist-var-common.inc | ||
14 | 15 | ||
15 | caps.drop all | 16 | caps.drop all |
16 | netfilter | 17 | netfilter |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index ba4b91451..ef95a7e5e 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -16,6 +16,7 @@ whitelist ~/.drirc | |||
16 | whitelist ~/.mime.types | 16 | whitelist ~/.mime.types |
17 | whitelist ~/.local/share/applications | 17 | whitelist ~/.local/share/applications |
18 | read-only ~/.local/share/applications | 18 | read-only ~/.local/share/applications |
19 | whitelist ~/.config/ibus | ||
19 | 20 | ||
20 | # fonts | 21 | # fonts |
21 | whitelist ~/.fonts | 22 | whitelist ~/.fonts |
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc index 2229a9066..bd3473acc 100644 --- a/etc/whitelist-var-common.inc +++ b/etc/whitelist-var-common.inc | |||
@@ -3,7 +3,7 @@ include /etc/firejail/whitelist-var-common.local | |||
3 | 3 | ||
4 | # common /var whitelist for all profiles | 4 | # common /var whitelist for all profiles |
5 | 5 | ||
6 | #whitelist /var/lib/dbus/machine-id - problems on Xubuntu, it is a symlink to /etc/machine-id, whitelist will fail | 6 | whitelist /var/lib/dbus |
7 | whitelist /var/lib/menu-xdg | 7 | whitelist /var/lib/menu-xdg |
8 | whitelist /var/cache/fontconfig | 8 | whitelist /var/cache/fontconfig |
9 | whitelist /var/tmp | 9 | whitelist /var/tmp |