diff options
-rw-r--r-- | etc/bless.profile | 14 | ||||
-rw-r--r-- | etc/jd-gui.profile | 13 | ||||
-rw-r--r-- | etc/lollypop.profile | 11 | ||||
-rw-r--r-- | etc/multimc5.profile | 11 | ||||
-rw-r--r-- | etc/pdfsam.profile | 13 | ||||
-rw-r--r-- | etc/pithos.profile | 10 | ||||
-rw-r--r-- | etc/xonotic.profile | 9 |
7 files changed, 77 insertions, 4 deletions
diff --git a/etc/bless.profile b/etc/bless.profile index b8325de39..08a756989 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -18,7 +18,19 @@ include /etc/firejail/disable-devel.inc | |||
18 | #Options | 18 | #Options |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nogroups | ||
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
23 | protocol unix,inet,inet6 | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
26 | shell none | ||
27 | |||
28 | private-dev | ||
29 | private-etc fonts,mono | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
34 | |||
35 | no3d | ||
36 | nosound | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 2ba1a4380..25b7b5bb1 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -17,7 +17,18 @@ include /etc/firejail/disable-devel.inc | |||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | nogroups | ||
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
22 | protocol unix,inet,inet6 | 23 | #protocol unix |
23 | seccomp | 24 | seccomp |
25 | shell none | ||
26 | |||
27 | private-dev | ||
28 | private-tmp | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
32 | |||
33 | no3d | ||
34 | nosound | ||
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 06ed415d6..4b51f69b0 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -18,7 +18,18 @@ include /etc/firejail/disable-devel.inc | |||
18 | #Options | 18 | #Options |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nogroups | ||
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
26 | shell none | ||
27 | |||
28 | private-dev | ||
29 | private-etc fonts | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
34 | |||
35 | no3d | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 6b8946be3..8a6211984 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -26,6 +26,15 @@ include /etc/firejail/whitelist-common.inc | |||
26 | #Options | 26 | #Options |
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
29 | nogroups | ||
29 | nonewprivs | 30 | nonewprivs |
30 | noroot | 31 | noroot |
31 | protocol unix,inet,inet6 | 32 | #protocol unix,inet,inet6 |
33 | seccomp | ||
34 | shell none | ||
35 | |||
36 | private-dev | ||
37 | private-tmp | ||
38 | |||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 37adabb39..92bad8751 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -15,7 +15,18 @@ include /etc/firejail/disable-devel.inc | |||
15 | #Options | 15 | #Options |
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nogroups | ||
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | protocol unix,inet,inet6 | 21 | #protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
23 | shell none | ||
24 | |||
25 | private-dev | ||
26 | private-tmp | ||
27 | |||
28 | noexec ${HOME} | ||
29 | noexec /tmp | ||
30 | |||
31 | no3d | ||
32 | #nosound | ||
diff --git a/etc/pithos.profile b/etc/pithos.profile index 500e35989..beb76909f 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -17,7 +17,17 @@ include /etc/firejail/whitelist-common.inc | |||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | nogroups | ||
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
25 | shell none | ||
26 | |||
27 | private-dev | ||
28 | private-tmp | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
32 | |||
33 | no3d | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index f2690c6c3..6bfb26484 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc | |||
23 | #Options | 23 | #Options |
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | nogroups | ||
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
31 | shell none | ||
32 | |||
33 | private-bin xonotic-sdl,xonotic-glx,blind-id | ||
34 | private-dev | ||
35 | private-tmp | ||
36 | |||
37 | noexec ${HOME} | ||
38 | noexec /tmp | ||