diff options
-rw-r--r-- | etc/apktool.profile | 1 | ||||
-rw-r--r-- | etc/arm.profile | 2 | ||||
-rw-r--r-- | etc/baobab.profile | 1 | ||||
-rw-r--r-- | etc/bless.profile | 1 | ||||
-rw-r--r-- | etc/chromium.profile | 1 | ||||
-rw-r--r-- | etc/dex2jar.profile | 1 | ||||
-rw-r--r-- | etc/gitg.profile | 1 | ||||
-rw-r--r-- | etc/hashcat.profile | 3 | ||||
-rw-r--r-- | etc/jd-gui.profile | 1 | ||||
-rw-r--r-- | etc/meld.profile | 1 | ||||
-rw-r--r-- | etc/multimc5.profile | 2 | ||||
-rw-r--r-- | etc/obs.profile | 1 | ||||
-rw-r--r-- | etc/pdfsam.profile | 1 | ||||
-rw-r--r-- | etc/peek.profile | 1 | ||||
-rw-r--r-- | etc/pithos.profile | 1 | ||||
-rw-r--r-- | etc/sdat2img.profile | 1 | ||||
-rw-r--r-- | etc/strings.profile | 2 |
17 files changed, 21 insertions, 1 deletions
diff --git a/etc/apktool.profile b/etc/apktool.profile index 58854df3b..0ca0ea0b0 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -24,6 +24,7 @@ protocol unix | |||
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | 26 | ||
27 | private-bin apktool,bash,java,dirname,basename,expr | ||
27 | private-dev | 28 | private-dev |
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
diff --git a/etc/arm.profile b/etc/arm.profile index a75130e4d..4e6bb9b1c 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -32,7 +32,7 @@ shell none | |||
32 | tracelog | 32 | tracelog |
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | # private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig | 35 | # private-bin arm,tor,sh,bash,python2,python2.7,ps,lsof,ldconfig |
36 | private-dev | 36 | private-dev |
37 | private-etc tor,passwd | 37 | private-etc tor,passwd |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/baobab.profile b/etc/baobab.profile index 5eef557bc..c67f01503 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -24,6 +24,7 @@ protocol unix | |||
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | 26 | ||
27 | private-bin baobab | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | 30 | ||
diff --git a/etc/bless.profile b/etc/bless.profile index 6da8187b1..8c7cc5fe5 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | # private-bin bless,sh,bash,mono | ||
28 | private-dev | 29 | private-dev |
29 | private-etc fonts,mono | 30 | private-etc fonts,mono |
30 | private-tmp | 31 | private-tmp |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 7637b8ea5..3ccc8e4cb 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -31,6 +31,7 @@ nogroups | |||
31 | notv | 31 | notv |
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | # private-bin chromium,chromium-browser,chromedriver | ||
34 | private-dev | 35 | private-dev |
35 | # private-tmp - problems with multiple browser sessions | 36 | # private-tmp - problems with multiple browser sessions |
36 | 37 | ||
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index a3a1c4ad5..fab7ccb13 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep | ||
28 | private-dev | 29 | private-dev |
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
diff --git a/etc/gitg.profile b/etc/gitg.profile index f28fbe03f..273cc006c 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -26,6 +26,7 @@ protocol unix,inet,inet6 | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin gitg,git,ssh | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 677c47b13..189f364f8 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -7,8 +7,10 @@ include /etc/firejail/hashcat.local | |||
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hashcat | 9 | noblacklist ${HOME}/.hashcat |
10 | noblacklist /usr/include | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
14 | 16 | ||
@@ -25,6 +27,7 @@ seccomp | |||
25 | shell none | 27 | shell none |
26 | 28 | ||
27 | disable-mnt | 29 | disable-mnt |
30 | private-bin hashcat | ||
28 | private-dev | 31 | private-dev |
29 | private-tmp | 32 | private-tmp |
30 | 33 | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 2422d5b48..8df805895 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin jd-gui,sh,bash | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/meld.profile b/etc/meld.profile index 92aefaf78..280004f49 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | # private-bin meld,python2,python2.7 | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index a51defafa..e99876447 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -32,6 +32,8 @@ protocol unix,inet,inet6 | |||
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | # private-bin works, but causes weirdness | ||
36 | # private-bin multimc5,bash,mkdir,which,zenity,kdialog,ldd,chmod,valgrind,apt-file,pkgfile,dnf,yum,zypper,pfl,java,grep,sort,awk,readlink,dirname | ||
35 | private-dev | 37 | private-dev |
36 | private-tmp | 38 | private-tmp |
37 | 39 | ||
diff --git a/etc/obs.profile b/etc/obs.profile index f7d7ac310..11c18e0b6 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -22,6 +22,7 @@ seccomp | |||
22 | shell none | 22 | shell none |
23 | tracelog | 23 | tracelog |
24 | 24 | ||
25 | private-bin obs | ||
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
27 | 28 | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 4dbc05413..e2fbd81ae 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/peek.profile b/etc/peek.profile index 0157ca9d4..e65d3f172 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | # private-bin breaks gif mode, mp4 and webm mode work fine however | ||
28 | # private-bin peek,convert,ffmpeg | 29 | # private-bin peek,convert,ffmpeg |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
diff --git a/etc/pithos.profile b/etc/pithos.profile index be6e1b72a..2aaedd45e 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -25,6 +25,7 @@ seccomp | |||
25 | shell none | 25 | shell none |
26 | 26 | ||
27 | disable-mnt | 27 | disable-mnt |
28 | # private-bin pithos,python,python3,python3.6 | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 06889be33..578f623f0 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | # private-bin sdat2img,env,python,python3,python3.6 | ||
28 | private-dev | 29 | private-dev |
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
diff --git a/etc/strings.profile b/etc/strings.profile index 28f5598cf..d102cd445 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -17,7 +17,9 @@ novideo | |||
17 | shell none | 17 | shell none |
18 | tracelog | 18 | tracelog |
19 | 19 | ||
20 | private-bin strings | ||
20 | private-dev | 21 | private-dev |
22 | private-lib | ||
21 | 23 | ||
22 | memory-deny-write-execute | 24 | memory-deny-write-execute |
23 | 25 | ||