aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README13
-rw-r--r--README.md11
-rw-r--r--RELNOTES8
-rwxr-xr-xconfigure18
-rw-r--r--configure.ac2
-rw-r--r--etc/0ad.profile17
-rw-r--r--etc/2048-qt.profile19
-rw-r--r--etc/7z.profile7
-rw-r--r--etc/7za.profile6
-rw-r--r--etc/7zr.profile6
-rw-r--r--etc/Cryptocat.profile15
-rw-r--r--etc/Cyberfox.profile2
-rw-r--r--etc/Discord.profile6
-rw-r--r--etc/DiscordCanary.profile6
-rw-r--r--etc/FossaMail.profile2
-rw-r--r--etc/Fritzing.profile19
-rw-r--r--etc/Gitter.profile2
-rw-r--r--etc/JDownloader.profile21
-rw-r--r--etc/Mathematica.profile16
-rw-r--r--etc/Natron.profile2
-rw-r--r--etc/QMediathekView.profile16
-rw-r--r--etc/QOwnNotes.profile56
-rw-r--r--etc/Telegram.profile2
-rw-r--r--etc/Thunar.profile14
-rw-r--r--etc/Viber.profile16
-rw-r--r--etc/VirtualBox.profile2
-rw-r--r--etc/XMind.profile17
-rw-r--r--etc/Xephyr.profile7
-rw-r--r--etc/Xvfb.profile7
-rw-r--r--etc/abrowser.profile6
-rw-r--r--etc/acat.profile6
-rw-r--r--etc/adiff.profile6
-rw-r--r--etc/akonadi_control.profile17
-rw-r--r--etc/akregator.profile19
-rw-r--r--etc/als.profile6
-rw-r--r--etc/amarok.profile19
-rw-r--r--etc/amule.profile17
-rw-r--r--etc/android-studio.profile12
-rw-r--r--etc/anydesk.profile17
-rw-r--r--etc/aosp.profile14
-rw-r--r--etc/apack.profile6
-rw-r--r--etc/apktool.profile15
-rw-r--r--etc/arch-audit.profile17
-rw-r--r--etc/archaudit-report.profile18
-rw-r--r--etc/ardour4.profile2
-rw-r--r--etc/ardour5.profile17
-rw-r--r--etc/arduino.profile16
-rw-r--r--etc/arepack.profile6
-rw-r--r--etc/aria2c.profile17
-rw-r--r--etc/ark.profile17
-rw-r--r--etc/arm.profile17
-rw-r--r--etc/artha.profile46
-rw-r--r--etc/asunder.profile19
-rw-r--r--etc/atom-beta.profile4
-rw-r--r--etc/atom.profile11
-rw-r--r--etc/atool.profile15
-rw-r--r--etc/atril-previewer.profile6
-rw-r--r--etc/atril-thumbnailer.profile6
-rw-r--r--etc/atril.profile19
-rw-r--r--etc/audacious.profile19
-rw-r--r--etc/audacity.profile19
-rw-r--r--etc/aunpack.profile6
-rw-r--r--etc/authenticator.profile16
-rw-r--r--etc/aweather.profile19
-rw-r--r--etc/awesome.profile6
-rw-r--r--etc/baloo_file.profile17
-rw-r--r--etc/baloo_filemetadata_temp_extractor.profile6
-rw-r--r--etc/baobab.profile15
-rw-r--r--etc/basilisk.profile6
-rw-r--r--etc/beaker.profile12
-rw-r--r--etc/bibletime.profile17
-rw-r--r--etc/bitcoin-qt.profile19
-rw-r--r--etc/bitlbee.profile17
-rw-r--r--etc/blackbox.profile6
-rw-r--r--etc/bleachbit.profile15
-rw-r--r--etc/blender-2.8.profile2
-rw-r--r--etc/blender.profile15
-rw-r--r--etc/bless.profile17
-rw-r--r--etc/bluefish.profile17
-rw-r--r--etc/bnox.profile6
-rw-r--r--etc/brackets.profile11
-rw-r--r--etc/brasero.profile14
-rw-r--r--etc/brave.profile6
-rw-r--r--etc/bsdcat.profile2
-rw-r--r--etc/bsdcpio.profile2
-rw-r--r--etc/bsdtar.profile15
-rw-r--r--etc/bunzip2.profile6
-rw-r--r--etc/caja.profile14
-rw-r--r--etc/calibre.profile17
-rw-r--r--etc/calligra.profile15
-rw-r--r--etc/calligraauthor.profile2
-rw-r--r--etc/calligraconverter.profile2
-rw-r--r--etc/calligraflow.profile2
-rw-r--r--etc/calligraplan.profile2
-rw-r--r--etc/calligraplanwork.profile2
-rw-r--r--etc/calligrasheets.profile2
-rw-r--r--etc/calligrastage.profile2
-rw-r--r--etc/calligrawords.profile2
-rw-r--r--etc/catfish.profile16
-rw-r--r--etc/checkbashisms.profile19
-rw-r--r--etc/cherrytree.profile17
-rw-r--r--etc/chromium-browser.profile2
-rw-r--r--etc/chromium-common.profile17
-rw-r--r--etc/chromium.profile6
-rw-r--r--etc/cin.profile15
-rw-r--r--etc/cinelerra.profile2
-rw-r--r--etc/clamav.profile5
-rw-r--r--etc/clamdscan.profile2
-rw-r--r--etc/clamdtop.profile2
-rw-r--r--etc/clamscan.profile2
-rw-r--r--etc/clamtk.profile5
-rw-r--r--etc/claws-mail.profile14
-rw-r--r--etc/clementine.profile19
-rw-r--r--etc/clion.profile11
-rw-r--r--etc/clipit.profile17
-rw-r--r--etc/cliqz.profile6
-rw-r--r--etc/cmus.profile16
-rw-r--r--etc/code.profile11
-rw-r--r--etc/conkeror.profile10
-rw-r--r--etc/conky.profile17
-rw-r--r--etc/corebird.profile19
-rw-r--r--etc/cower.profile15
-rw-r--r--etc/cpio.profile11
-rw-r--r--etc/cryptocat.profile2
-rw-r--r--etc/curl.profile11
-rw-r--r--etc/cvlc.profile6
-rw-r--r--etc/cyberfox.profile6
-rw-r--r--etc/darktable.profile17
-rw-r--r--etc/deadbeef.profile17
-rw-r--r--etc/default.profile16
-rw-r--r--etc/deluge.profile19
-rw-r--r--etc/desktop.profile16
-rw-r--r--etc/devilspie.profile14
-rw-r--r--etc/devilspie2.profile14
-rw-r--r--etc/dex2jar.profile19
-rw-r--r--etc/dia.profile17
-rw-r--r--etc/dig.profile21
-rw-r--r--etc/digikam.profile18
-rw-r--r--etc/dillo.profile19
-rw-r--r--etc/dino.profile17
-rw-r--r--etc/disable-common.inc2
-rw-r--r--etc/disable-devel.inc2
-rw-r--r--etc/disable-interpreters.inc2
-rw-r--r--etc/disable-passwdmgr.inc3
-rw-r--r--etc/disable-programs.inc11
-rw-r--r--etc/disable-xdg.inc2
-rw-r--r--etc/discord-canary.profile6
-rw-r--r--etc/discord-common.profile13
-rw-r--r--etc/discord.profile6
-rw-r--r--etc/display.profile19
-rw-r--r--etc/dnox.profile6
-rw-r--r--etc/dnscrypt-proxy.profile17
-rw-r--r--etc/dnsmasq.profile17
-rw-r--r--etc/dolphin.profile14
-rw-r--r--etc/dooble-qt4.profile2
-rw-r--r--etc/dooble.profile17
-rw-r--r--etc/dosbox.profile19
-rw-r--r--etc/dragon.profile19
-rw-r--r--etc/dropbox.profile17
-rw-r--r--etc/easystroke.profile14
-rw-r--r--etc/ebook-viewer.profile2
-rw-r--r--etc/electron.profile10
-rw-r--r--etc/electrum.profile21
-rw-r--r--etc/elinks.profile17
-rw-r--r--etc/emacs.profile10
-rw-r--r--etc/empathy.profile12
-rw-r--r--etc/enchant-2.profile6
-rw-r--r--etc/enchant-lsmod-2.profile6
-rw-r--r--etc/enchant-lsmod.profile6
-rw-r--r--etc/enchant.profile17
-rw-r--r--etc/engrampa.profile17
-rw-r--r--etc/enox.profile6
-rw-r--r--etc/enpass.profile19
-rw-r--r--etc/eog.profile17
-rw-r--r--etc/eom.profile17
-rw-r--r--etc/epiphany.profile14
-rw-r--r--etc/etr.profile15
-rw-r--r--etc/evince-previewer.profile6
-rw-r--r--etc/evince-thumbnailer.profile6
-rw-r--r--etc/evince.profile19
-rw-r--r--etc/evolution.profile15
-rw-r--r--etc/exiftool.profile15
-rw-r--r--etc/falkon.profile19
-rw-r--r--etc/fbreader.profile19
-rw-r--r--etc/feh.profile15
-rw-r--r--etc/fetchmail.profile15
-rw-r--r--etc/ffmpeg.profile17
-rw-r--r--etc/file-roller.profile17
-rw-r--r--etc/file.profile11
-rw-r--r--etc/filezilla.profile15
-rw-r--r--etc/firefox-beta.profile6
-rw-r--r--etc/firefox-common-addons.inc2
-rw-r--r--etc/firefox-common.profile19
-rw-r--r--etc/firefox-developer-edition.profile6
-rw-r--r--etc/firefox-esr.profile6
-rw-r--r--etc/firefox-nightly.profile6
-rw-r--r--etc/firefox-wayland.profile6
-rw-r--r--etc/firefox.profile6
-rw-r--r--etc/firejail.config3
-rw-r--r--etc/flameshot.profile17
-rw-r--r--etc/flashpeak-slimjet.profile6
-rw-r--r--etc/flowblade.profile15
-rw-r--r--etc/fluxbox.profile6
-rw-r--r--etc/fontforge.profile17
-rw-r--r--etc/fossamail.profile8
-rw-r--r--etc/franz.profile15
-rw-r--r--etc/freecad.profile17
-rw-r--r--etc/freecadcmd.profile2
-rw-r--r--etc/freshclam.profile5
-rw-r--r--etc/frozen-bubble.profile19
-rw-r--r--etc/gajim.profile17
-rw-r--r--etc/galculator.profile19
-rw-r--r--etc/gcloud.profile11
-rw-r--r--etc/geany.profile11
-rw-r--r--etc/geary.profile8
-rw-r--r--etc/gedit.profile17
-rw-r--r--etc/geeqie.profile15
-rw-r--r--etc/ghb.profile2
-rw-r--r--etc/gimp-2.10.profile2
-rw-r--r--etc/gimp-2.8.profile2
-rw-r--r--etc/gimp.profile15
-rw-r--r--etc/git.profile11
-rw-r--r--etc/gitg.profile17
-rw-r--r--etc/gitter.profile17
-rw-r--r--etc/gjs.profile15
-rw-r--r--etc/globaltime.profile17
-rw-r--r--etc/gnome-2048.profile19
-rw-r--r--etc/gnome-books.profile19
-rw-r--r--etc/gnome-builder.profile11
-rw-r--r--etc/gnome-calculator.profile21
-rw-r--r--etc/gnome-chess.profile19
-rw-r--r--etc/gnome-clocks.profile19
-rw-r--r--etc/gnome-contacts.profile21
-rw-r--r--etc/gnome-documents.profile17
-rw-r--r--etc/gnome-font-viewer.profile19
-rw-r--r--etc/gnome-logs.profile19
-rw-r--r--etc/gnome-maps.profile19
-rw-r--r--etc/gnome-mplayer.profile17
-rw-r--r--etc/gnome-mpv.profile19
-rw-r--r--etc/gnome-music.profile19
-rw-r--r--etc/gnome-photos.profile17
-rw-r--r--etc/gnome-pie.profile43
-rw-r--r--etc/gnome-recipes.profile19
-rw-r--r--etc/gnome-ring.profile16
-rw-r--r--etc/gnome-twitch.profile17
-rw-r--r--etc/gnome-weather.profile19
-rw-r--r--etc/goobox.profile17
-rw-r--r--etc/google-chrome-beta.profile6
-rw-r--r--etc/google-chrome-stable.profile2
-rw-r--r--etc/google-chrome-unstable.profile6
-rw-r--r--etc/google-chrome.profile6
-rw-r--r--etc/google-earth.profile17
-rw-r--r--etc/google-play-music-desktop-player.profile17
-rw-r--r--etc/gpa.profile15
-rw-r--r--etc/gpg-agent.profile15
-rw-r--r--etc/gpg.profile15
-rw-r--r--etc/gpicview.profile17
-rw-r--r--etc/gpredict.profile17
-rw-r--r--etc/gradio.profile18
-rw-r--r--etc/gtar.profile2
-rw-r--r--etc/gthumb.profile15
-rw-r--r--etc/guayadeque.profile17
-rw-r--r--etc/gucharmap.profile17
-rw-r--r--etc/gunzip.profile6
-rw-r--r--etc/gwenview.profile17
-rw-r--r--etc/gzip.profile7
-rw-r--r--etc/handbrake-gtk.profile2
-rw-r--r--etc/handbrake.profile19
-rw-r--r--etc/hashcat.profile17
-rw-r--r--etc/hedgewars.profile17
-rw-r--r--etc/hexchat.profile19
-rw-r--r--etc/highlight.profile15
-rw-r--r--etc/hugin.profile17
-rw-r--r--etc/i3.profile6
-rw-r--r--etc/icecat.profile6
-rw-r--r--etc/icedove.profile8
-rw-r--r--etc/iceweasel.profile6
-rw-r--r--etc/idea.profile6
-rw-r--r--etc/idea.sh.profile11
-rw-r--r--etc/ideaIC.profile6
-rw-r--r--etc/imagej.profile15
-rw-r--r--etc/img2txt.profile17
-rw-r--r--etc/inkscape.profile19
-rw-r--r--etc/inox.profile6
-rw-r--r--etc/iridium-browser.profile2
-rw-r--r--etc/iridium.profile6
-rw-r--r--etc/itch.profile17
-rw-r--r--etc/jd-gui.profile19
-rw-r--r--etc/jdownloader.profile6
-rw-r--r--etc/jitsi.profile14
-rw-r--r--etc/k3b.profile18
-rw-r--r--etc/kaffeine.profile19
-rw-r--r--etc/karbon.profile2
-rw-r--r--etc/kate.profile17
-rw-r--r--etc/kcalc.profile19
-rw-r--r--etc/kdeinit4.profile17
-rw-r--r--etc/kdenlive.profile15
-rw-r--r--etc/keepass.profile17
-rw-r--r--etc/keepass2.profile2
-rw-r--r--etc/keepassx.profile19
-rw-r--r--etc/keepassx2.profile2
-rw-r--r--etc/keepassxc.profile19
-rw-r--r--etc/kget.profile17
-rw-r--r--etc/kino.profile15
-rw-r--r--etc/kmail.profile17
-rw-r--r--etc/knotes.profile6
-rw-r--r--etc/kodi.profile19
-rw-r--r--etc/konversation.profile17
-rw-r--r--etc/kopete.profile17
-rw-r--r--etc/krita.profile17
-rw-r--r--etc/krunner.profile16
-rw-r--r--etc/ktorrent.profile19
-rw-r--r--etc/kwin_x11.profile17
-rw-r--r--etc/kwrite.profile19
-rw-r--r--etc/lbunzip2.profile7
-rw-r--r--etc/lbzcat.profile7
-rw-r--r--etc/lbzip2.profile7
-rw-r--r--etc/leafpad.profile17
-rw-r--r--etc/less.profile7
-rw-r--r--etc/libreoffice.profile15
-rw-r--r--etc/liferea.profile19
-rw-r--r--etc/linphone.profile17
-rw-r--r--etc/lmms.profile17
-rw-r--r--etc/lobase.profile2
-rw-r--r--etc/localc.profile2
-rw-r--r--etc/lodraw.profile2
-rw-r--r--etc/loffice.profile2
-rw-r--r--etc/lofromtemplate.profile2
-rw-r--r--etc/loimpress.profile2
-rw-r--r--etc/lollypop.profile19
-rw-r--r--etc/lomath.profile2
-rw-r--r--etc/loweb.profile2
-rw-r--r--etc/lowriter.profile2
-rw-r--r--etc/luminance-hdr.profile17
-rw-r--r--etc/lximage-qt.profile15
-rw-r--r--etc/lxmusic.profile19
-rw-r--r--etc/lynx.profile17
-rw-r--r--etc/lzcat.profile7
-rw-r--r--etc/lzcmp.profile7
-rw-r--r--etc/lzdiff.profile7
-rw-r--r--etc/lzegrep.profile7
-rw-r--r--etc/lzfgrep.profile7
-rw-r--r--etc/lzgrep.profile7
-rw-r--r--etc/lzip.profile7
-rw-r--r--etc/lzless.profile7
-rw-r--r--etc/lzma.profile7
-rw-r--r--etc/lzmadec.profile2
-rw-r--r--etc/lzmainfo.profile7
-rw-r--r--etc/lzmore.profile7
-rw-r--r--etc/macrofusion.profile17
-rw-r--r--etc/makepkg.profile10
-rw-r--r--etc/masterpdfeditor.profile50
-rw-r--r--etc/masterpdfeditor4.profile12
-rw-r--r--etc/masterpdfeditor5.profile12
-rw-r--r--etc/mate-calc.profile15
-rw-r--r--etc/mate-calculator.profile2
-rw-r--r--etc/mate-color-select.profile15
-rw-r--r--etc/mate-dictionary.profile15
-rw-r--r--etc/mathematica.profile2
-rw-r--r--etc/mcabber.profile15
-rw-r--r--etc/mediainfo.profile15
-rw-r--r--etc/mediathekview.profile17
-rw-r--r--etc/meld.profile15
-rw-r--r--etc/mencoder.profile28
-rw-r--r--etc/midori.profile14
-rw-r--r--etc/min.profile17
-rw-r--r--etc/minetest.profile19
-rw-r--r--etc/mousepad.profile17
-rw-r--r--etc/mpd.profile17
-rw-r--r--etc/mplayer.profile19
-rw-r--r--etc/mpv.profile19
-rw-r--r--etc/ms-excel.profile6
-rw-r--r--etc/ms-office.profile15
-rw-r--r--etc/ms-onenote.profile6
-rw-r--r--etc/ms-outlook.profile6
-rw-r--r--etc/ms-powerpoint.profile6
-rw-r--r--etc/ms-skype.profile6
-rw-r--r--etc/ms-word.profile6
-rw-r--r--etc/multimc5.profile17
-rw-r--r--etc/mumble.profile18
-rw-r--r--etc/mupdf.profile19
-rw-r--r--etc/mupen64plus.profile16
-rw-r--r--etc/musescore.profile18
-rw-r--r--etc/musixmatch.profile15
-rw-r--r--etc/mutt.profile15
-rw-r--r--etc/natron.profile14
-rw-r--r--etc/nautilus.profile14
-rw-r--r--etc/ncdu.profile5
-rw-r--r--etc/nemo.profile12
-rw-r--r--etc/netsurf.profile14
-rw-r--r--etc/neverball.profile17
-rw-r--r--etc/nheko.profile16
-rw-r--r--etc/nitroshare-cli.profile7
-rw-r--r--etc/nitroshare-nmh.profile7
-rw-r--r--etc/nitroshare-send.profile7
-rw-r--r--etc/nitroshare-ui.profile7
-rw-r--r--etc/nitroshare.profile50
-rw-r--r--etc/nylas.profile17
-rw-r--r--etc/obs.profile19
-rw-r--r--etc/odt2txt.profile17
-rw-r--r--etc/okular.profile19
-rw-r--r--etc/onionshare-gui.profile17
-rw-r--r--etc/open-invaders.profile17
-rw-r--r--etc/openbox.profile6
-rw-r--r--etc/openshot-qt.profile2
-rw-r--r--etc/openshot.profile17
-rw-r--r--etc/opera-beta.profile6
-rw-r--r--etc/opera.profile6
-rw-r--r--etc/orage.profile17
-rw-r--r--etc/p7zip.profile6
-rw-r--r--etc/palemoon.profile6
-rw-r--r--etc/parole.profile16
-rw-r--r--etc/patch.profile17
-rw-r--r--etc/pcmanfm.profile14
-rw-r--r--etc/pdfchain.profile19
-rw-r--r--etc/pdfmod.profile19
-rw-r--r--etc/pdfsam.profile17
-rw-r--r--etc/pdftotext.profile19
-rw-r--r--etc/peek.profile17
-rw-r--r--etc/picard.profile19
-rw-r--r--etc/pidgin.profile15
-rw-r--r--etc/ping.profile21
-rw-r--r--etc/pingus.profile17
-rw-r--r--etc/pinta.profile17
-rw-r--r--etc/pithos.profile21
-rw-r--r--etc/pitivi.profile17
-rw-r--r--etc/pix.profile15
-rw-r--r--etc/playonlinux.profile12
-rw-r--r--etc/pluma.profile17
-rw-r--r--etc/polari.profile15
-rw-r--r--etc/ppsspp.profile18
-rw-r--r--etc/psi-plus.profile17
-rw-r--r--etc/pybitmessage.profile17
-rw-r--r--etc/pycharm-community.profile13
-rw-r--r--etc/pycharm-professional.profile2
-rw-r--r--etc/qbittorrent.profile19
-rw-r--r--etc/qemu-launcher.profile10
-rw-r--r--etc/qemu-system-x86_64.profile10
-rw-r--r--etc/qlipper.profile17
-rw-r--r--etc/qmmp.profile15
-rw-r--r--etc/qpdfview.profile19
-rw-r--r--etc/qtox.profile19
-rw-r--r--etc/quassel.profile12
-rw-r--r--etc/quiterss.profile17
-rw-r--r--etc/qupzilla.profile19
-rw-r--r--etc/qutebrowser.profile14
-rw-r--r--etc/rambox.profile14
-rw-r--r--etc/ranger.profile15
-rw-r--r--etc/redeclipse.profile19
-rw-r--r--etc/remmina.profile19
-rw-r--r--etc/rhythmbox.profile19
-rw-r--r--etc/ricochet.profile17
-rw-r--r--etc/riot-desktop.profile6
-rw-r--r--etc/riot-web.profile8
-rw-r--r--etc/ristretto.profile15
-rw-r--r--etc/rocketchat.profile8
-rw-r--r--etc/rtorrent.profile15
-rw-r--r--etc/runenpass.sh.profile2
-rw-r--r--etc/rview.profile6
-rw-r--r--etc/rvim.profile6
-rw-r--r--etc/sayonara.profile15
-rw-r--r--etc/scallion.profile17
-rw-r--r--etc/scribus.profile19
-rw-r--r--etc/sdat2img.profile19
-rw-r--r--etc/seamonkey-bin.profile2
-rw-r--r--etc/seamonkey.profile14
-rw-r--r--etc/server.profile17
-rw-r--r--etc/shellcheck.profile19
-rw-r--r--etc/shotcut.profile15
-rw-r--r--etc/signal-desktop.profile19
-rw-r--r--etc/silentarmy.profile19
-rw-r--r--etc/simple-scan.profile16
-rw-r--r--etc/simutrans.profile17
-rw-r--r--etc/skanlite.profile16
-rw-r--r--etc/skype.profile15
-rw-r--r--etc/skypeforlinux.profile14
-rw-r--r--etc/slack.profile19
-rw-r--r--etc/smplayer.profile19
-rw-r--r--etc/smtube.profile19
-rw-r--r--etc/snap.profile12
-rw-r--r--etc/snox.profile6
-rw-r--r--etc/soffice.profile2
-rw-r--r--etc/soundconverter.profile19
-rw-r--r--etc/spectre-meltdown-checker.profile18
-rw-r--r--etc/spotify.profile19
-rw-r--r--etc/sqlitebrowser.profile19
-rw-r--r--etc/ssh-agent.profile10
-rw-r--r--etc/ssh.profile11
-rw-r--r--etc/standardnotes-desktop.profile17
-rw-r--r--etc/start-tor-browser.desktop.profile2
-rw-r--r--etc/start-tor-browser.profile19
-rw-r--r--etc/steam-native.profile2
-rw-r--r--etc/steam.profile17
-rw-r--r--etc/stellarium.profile19
-rw-r--r--etc/strings.profile7
-rw-r--r--etc/studio.sh.profile2
-rw-r--r--etc/supertux2.profile19
-rw-r--r--etc/surf.profile15
-rw-r--r--etc/sylpheed.profile15
-rw-r--r--etc/synfigstudio.profile15
-rw-r--r--etc/tar.profile7
-rw-r--r--etc/teamspeak3.profile17
-rw-r--r--etc/telegram-desktop.profile2
-rw-r--r--etc/telegram.profile12
-rw-r--r--etc/terasology.profile17
-rw-r--r--etc/thunar.profile2
-rw-r--r--etc/thunderbird-beta.profile2
-rw-r--r--etc/thunderbird.profile6
-rw-r--r--etc/tilp.profile14
-rw-r--r--etc/tor-browser-ar.profile2
-rw-r--r--etc/tor-browser-en-us.profile2
-rw-r--r--etc/tor-browser-en.profile2
-rw-r--r--etc/tor-browser-es-es.profile2
-rw-r--r--etc/tor-browser-es.profile2
-rw-r--r--etc/tor-browser-fa.profile2
-rw-r--r--etc/tor-browser-fr.profile2
-rw-r--r--etc/tor-browser-it.profile2
-rw-r--r--etc/tor-browser-ja.profile2
-rw-r--r--etc/tor-browser-ko.profile2
-rw-r--r--etc/tor-browser-pl.profile2
-rw-r--r--etc/tor-browser-pt-br.profile2
-rw-r--r--etc/tor-browser-ru.profile2
-rw-r--r--etc/tor-browser-vi.profile2
-rw-r--r--etc/tor-browser-zh-cn.profile2
-rw-r--r--etc/tor.profile17
-rw-r--r--etc/torbrowser-launcher.profile21
-rw-r--r--etc/totem.profile19
-rw-r--r--etc/tracker.profile14
-rw-r--r--etc/transmission-cli.profile15
-rw-r--r--etc/transmission-gtk.profile19
-rw-r--r--etc/transmission-qt.profile19
-rw-r--r--etc/transmission-show.profile15
-rw-r--r--etc/truecraft.profile17
-rw-r--r--etc/tuxguitar.profile19
-rw-r--r--etc/uefitool.profile17
-rw-r--r--etc/uget-gtk.profile15
-rw-r--r--etc/unbound.profile17
-rw-r--r--etc/unknown-horizons.profile13
-rw-r--r--etc/unlzma.profile7
-rw-r--r--etc/unrar.profile7
-rw-r--r--etc/unxz.profile7
-rw-r--r--etc/unzip.profile7
-rw-r--r--etc/uudeview.profile7
-rw-r--r--etc/uzbl-browser.profile14
-rw-r--r--etc/viewnior.profile15
-rw-r--r--etc/viking.profile17
-rw-r--r--etc/vim.profile11
-rw-r--r--etc/vimcat.profile6
-rw-r--r--etc/vimdiff.profile6
-rw-r--r--etc/vimpager.profile6
-rw-r--r--etc/vimtutor.profile6
-rw-r--r--etc/virtualbox.profile14
-rw-r--r--etc/vivaldi-beta.profile2
-rw-r--r--etc/vivaldi-snapshot.profile6
-rw-r--r--etc/vivaldi-stable.profile2
-rw-r--r--etc/vivaldi.profile6
-rw-r--r--etc/vlc.profile19
-rw-r--r--etc/vym.profile15
-rw-r--r--etc/w3m.profile17
-rw-r--r--etc/warzone2100.profile19
-rw-r--r--etc/waterfox.profile6
-rw-r--r--etc/webstorm.profile15
-rw-r--r--etc/weechat-curses.profile2
-rw-r--r--etc/weechat.profile8
-rw-r--r--etc/wesnoth.profile17
-rw-r--r--etc/wget.profile13
-rw-r--r--etc/whitelist-common.inc3
-rw-r--r--etc/whitelist-var-common.inc2
-rw-r--r--etc/whois.profile19
-rw-r--r--etc/wine.profile12
-rw-r--r--etc/wire-desktop.profile17
-rw-r--r--etc/wireshark-gtk.profile2
-rw-r--r--etc/wireshark-qt.profile2
-rw-r--r--etc/wireshark.profile19
-rw-r--r--etc/x-terminal-emulator.profile5
-rw-r--r--etc/xcalc.profile19
-rw-r--r--etc/xchat.profile10
-rw-r--r--etc/xed.profile17
-rw-r--r--etc/xfburn.profile14
-rw-r--r--etc/xfce4-dict.profile15
-rw-r--r--etc/xfce4-notes.profile15
-rw-r--r--etc/xiphos.profile17
-rw-r--r--etc/xmms.profile17
-rw-r--r--etc/xmr-stak.profile19
-rw-r--r--etc/xonotic-glx.profile2
-rw-r--r--etc/xonotic-sdl.profile2
-rw-r--r--etc/xonotic.profile19
-rw-r--r--etc/xpdf.profile19
-rw-r--r--etc/xplayer-audio-preview.profile6
-rw-r--r--etc/xplayer-video-thumbnailer.profile6
-rw-r--r--etc/xplayer.profile19
-rw-r--r--etc/xpra.profile15
-rw-r--r--etc/xreader-previewer.profile6
-rw-r--r--etc/xreader-thumbnailer.profile6
-rw-r--r--etc/xreader.profile19
-rw-r--r--etc/xviewer.profile17
-rw-r--r--etc/xxd.profile6
-rw-r--r--etc/xz.profile2
-rw-r--r--etc/xzcat.profile7
-rw-r--r--etc/xzcmp.profile7
-rw-r--r--etc/xzdec.profile7
-rw-r--r--etc/xzdiff.profile7
-rw-r--r--etc/xzegrep.profile7
-rw-r--r--etc/xzfgrep.profile7
-rw-r--r--etc/xzgrep.profile7
-rw-r--r--etc/xzless.profile7
-rw-r--r--etc/xzmore.profile7
-rw-r--r--etc/yandex-browser.profile6
-rw-r--r--etc/youtube-dl.profile19
-rw-r--r--etc/zaproxy.profile19
-rw-r--r--etc/zart.profile17
-rw-r--r--etc/zathura.profile17
-rw-r--r--etc/zoom.profile14
-rw-r--r--src/firecfg/firecfg.config5
-rw-r--r--src/firejail/firejail.h34
-rw-r--r--src/firejail/fs.c118
-rw-r--r--src/firejail/fs_home.c6
-rw-r--r--src/firejail/fs_hostname.c2
-rw-r--r--src/firejail/fs_lib2.c1
-rw-r--r--src/firejail/fs_mkdir.c4
-rw-r--r--src/firejail/fs_trace.c2
-rw-r--r--src/firejail/fs_whitelist.c16
-rw-r--r--src/firejail/join.c14
-rw-r--r--src/firejail/macros.c7
-rw-r--r--src/firejail/main.c66
-rw-r--r--src/firejail/network_main.c18
-rw-r--r--src/firejail/preproc.c4
-rw-r--r--src/firejail/profile.c143
-rw-r--r--src/firejail/sandbox.c14
-rw-r--r--src/firejail/usage.c2
-rw-r--r--src/firejail/util.c24
-rw-r--r--src/man/firejail-profile.txt29
-rw-r--r--src/man/firejail.txt23
-rwxr-xr-xtest/filters/apparmor.exp59
-rwxr-xr-xtest/filters/filters.sh6
635 files changed, 4634 insertions, 3516 deletions
diff --git a/README b/README
index 5f1bb35c5..b2f19b070 100644
--- a/README
+++ b/README
@@ -35,6 +35,7 @@ Maintainer:
35Committers 35Committers
36- chiraag-nataraj (https://github.com/chiraag-nataraj) 36- chiraag-nataraj (https://github.com/chiraag-nataraj)
37- crass (https://github.com/crass) 37- crass (https://github.com/crass)
38- glitsj16 (https://github.com/glitsj16)
38- Fred-Barclay (https://github.com/Fred-Barclay) 39- Fred-Barclay (https://github.com/Fred-Barclay)
39- Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) 40- Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
40- smithsohu (https://github.com/smitsohu) 41- smithsohu (https://github.com/smitsohu)
@@ -123,6 +124,8 @@ bn0785ac (https://github.com/bn0785ac)
123 - fix inox, add snox profile 124 - fix inox, add snox profile
124BogDan Vatra (https://github.com/bog-dan-ro) 125BogDan Vatra (https://github.com/bog-dan-ro)
125 - zoom profile 126 - zoom profile
127Brad Ackerman
128 - blacklist Bitwarden config in disable-passwdmgr.inc
126Bruno Nova (https://github.com/brunonova) 129Bruno Nova (https://github.com/brunonova)
127 - whitelist fix 130 - whitelist fix
128 - bash arguments fix 131 - bash arguments fix
@@ -277,7 +280,13 @@ glitsj16 (https://github.com/glitsj16)
277 - profile fixes: file, strings, claws-mail, 280 - profile fixes: file, strings, claws-mail,
278 - new profiles: QMediathekView, aria2c, Authenticator, checkbashisms 281 - new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
279 - new profiles: devilspie, devilspie2, easystroke, github-desktop, min 282 - new profiles: devilspie, devilspie2, easystroke, github-desktop, min
280 - new profiles: bsdcat, bsdcpio, bsdtar, lzmadec 283 - new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
284 - new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
285 - new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
286 - new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
287 - new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
288 - new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
289 - new profiles: masterpdfeditor
281graywolf (https://github.com/graywolf) 290graywolf (https://github.com/graywolf)
282 - spelling fix 291 - spelling fix
283greigdp (https://github.com/greigdp) 292greigdp (https://github.com/greigdp)
@@ -436,6 +445,8 @@ Paul Moore <pmoore@redhat.com>
436 -src/fsec-print/print.c extracted from libseccomp software package 445 -src/fsec-print/print.c extracted from libseccomp software package
437Paupiah Yash (https://github.com/CaffeinatedStud) 446Paupiah Yash (https://github.com/CaffeinatedStud)
438 - gzip profile 447 - gzip profile
448Pawel (https://github.com/grimskies)
449 - make --join return exit code of the invoked program
439Peter Millerchip (https://github.com/pmillerchip) 450Peter Millerchip (https://github.com/pmillerchip)
440 - memory allocation fix 451 - memory allocation fix
441 - --private.keep to --private-home transition 452 - --private.keep to --private-home transition
diff --git a/README.md b/README.md
index cb6c62d69..60ece1a49 100644
--- a/README.md
+++ b/README.md
@@ -98,10 +98,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
98````` 98`````
99 99
100````` 100`````
101# Current development version: 0.9.56.1 101# Current development version: 0.9.57
102
103This is probably a bugfix release: fixes, small features, new profiles. If we end up implementing something major
104we'll switch to a regular 0.9.57 release.
105 102
106# New Long Term Support (LTS) version 103# New Long Term Support (LTS) version
107 104
@@ -134,5 +131,7 @@ The new LTS branch is here: https://github.com/netblue30/firejail/tree/LTSbase
134# New profiles: 131# New profiles:
135 132
136QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min, 133QMediathekView, aria2c, Authenticator, checkbashisms, devilspie, devilspie2, easystroke, github-desktop, min,
137bsdcat, bsdcpio, bsdtar, lzmadec 134bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep,
138 135lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore,
136lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh, nirtoshare-send, nitroshare-ui, mencoder, gnome-pie,
137masterpdfeditor, QOwnNotes
diff --git a/RELNOTES b/RELNOTES
index 3ae5fe5de..74bdd3d2b 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,7 +3,13 @@ firejail (0.9.56.1) baseline; urgency=low
3 * --disable-mnt rework 3 * --disable-mnt rework
4 * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms 4 * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
5 * new profiles: devilspie, devilspie2, easystroke, github-desktop, min 5 * new profiles: devilspie, devilspie2, easystroke, github-desktop, min
6 * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec 6 * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
7 * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
8 * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
9 * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
10 * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
11 * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
12 * new profiles: masterpdfeditor, QOwnNotes
7 -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500 13 -- netblue30 <netblue30@yahoo.com> Thu, 11 Oct 2018 08:00:00 -0500
8 14
9firejail (0.9.56) baseline; urgency=low 15firejail (0.9.56) baseline; urgency=low
diff --git a/configure b/configure
index 9e117dcbe..a7ef3a392 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
1#! /bin/sh 1#! /bin/sh
2# Guess values for system-dependent variables and create Makefiles. 2# Guess values for system-dependent variables and create Makefiles.
3# Generated by GNU Autoconf 2.69 for firejail 0.9.56.1. 3# Generated by GNU Autoconf 2.69 for firejail 0.9.57.
4# 4#
5# Report bugs to <netblue30@yahoo.com>. 5# Report bugs to <netblue30@yahoo.com>.
6# 6#
@@ -580,8 +580,8 @@ MAKEFLAGS=
580# Identity of this package. 580# Identity of this package.
581PACKAGE_NAME='firejail' 581PACKAGE_NAME='firejail'
582PACKAGE_TARNAME='firejail' 582PACKAGE_TARNAME='firejail'
583PACKAGE_VERSION='0.9.56.1' 583PACKAGE_VERSION='0.9.57'
584PACKAGE_STRING='firejail 0.9.56.1' 584PACKAGE_STRING='firejail 0.9.57'
585PACKAGE_BUGREPORT='netblue30@yahoo.com' 585PACKAGE_BUGREPORT='netblue30@yahoo.com'
586PACKAGE_URL='https://firejail.wordpress.com' 586PACKAGE_URL='https://firejail.wordpress.com'
587 587
@@ -1275,7 +1275,7 @@ if test "$ac_init_help" = "long"; then
1275 # Omit some internal or obsolete options to make the list less imposing. 1275 # Omit some internal or obsolete options to make the list less imposing.
1276 # This message is too long to be a string in the A/UX 3.1 sh. 1276 # This message is too long to be a string in the A/UX 3.1 sh.
1277 cat <<_ACEOF 1277 cat <<_ACEOF
1278\`configure' configures firejail 0.9.56.1 to adapt to many kinds of systems. 1278\`configure' configures firejail 0.9.57 to adapt to many kinds of systems.
1279 1279
1280Usage: $0 [OPTION]... [VAR=VALUE]... 1280Usage: $0 [OPTION]... [VAR=VALUE]...
1281 1281
@@ -1337,7 +1337,7 @@ fi
1337 1337
1338if test -n "$ac_init_help"; then 1338if test -n "$ac_init_help"; then
1339 case $ac_init_help in 1339 case $ac_init_help in
1340 short | recursive ) echo "Configuration of firejail 0.9.56.1:";; 1340 short | recursive ) echo "Configuration of firejail 0.9.57:";;
1341 esac 1341 esac
1342 cat <<\_ACEOF 1342 cat <<\_ACEOF
1343 1343
@@ -1442,7 +1442,7 @@ fi
1442test -n "$ac_init_help" && exit $ac_status 1442test -n "$ac_init_help" && exit $ac_status
1443if $ac_init_version; then 1443if $ac_init_version; then
1444 cat <<\_ACEOF 1444 cat <<\_ACEOF
1445firejail configure 0.9.56.1 1445firejail configure 0.9.57
1446generated by GNU Autoconf 2.69 1446generated by GNU Autoconf 2.69
1447 1447
1448Copyright (C) 2012 Free Software Foundation, Inc. 1448Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1744,7 +1744,7 @@ cat >config.log <<_ACEOF
1744This file contains any messages produced by compilers while 1744This file contains any messages produced by compilers while
1745running configure, to aid debugging if configure makes a mistake. 1745running configure, to aid debugging if configure makes a mistake.
1746 1746
1747It was created by firejail $as_me 0.9.56.1, which was 1747It was created by firejail $as_me 0.9.57, which was
1748generated by GNU Autoconf 2.69. Invocation command line was 1748generated by GNU Autoconf 2.69. Invocation command line was
1749 1749
1750 $ $0 $@ 1750 $ $0 $@
@@ -4379,7 +4379,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
4379# report actual input values of CONFIG_FILES etc. instead of their 4379# report actual input values of CONFIG_FILES etc. instead of their
4380# values after options handling. 4380# values after options handling.
4381ac_log=" 4381ac_log="
4382This file was extended by firejail $as_me 0.9.56.1, which was 4382This file was extended by firejail $as_me 0.9.57, which was
4383generated by GNU Autoconf 2.69. Invocation command line was 4383generated by GNU Autoconf 2.69. Invocation command line was
4384 4384
4385 CONFIG_FILES = $CONFIG_FILES 4385 CONFIG_FILES = $CONFIG_FILES
@@ -4433,7 +4433,7 @@ _ACEOF
4433cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 4433cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
4434ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" 4434ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
4435ac_cs_version="\\ 4435ac_cs_version="\\
4436firejail config.status 0.9.56.1 4436firejail config.status 0.9.57
4437configured by $0, generated by GNU Autoconf 2.69, 4437configured by $0, generated by GNU Autoconf 2.69,
4438 with options \\"\$ac_cs_config\\" 4438 with options \\"\$ac_cs_config\\"
4439 4439
diff --git a/configure.ac b/configure.ac
index 2084b66f1..d1b827fef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
1AC_PREREQ([2.68]) 1AC_PREREQ([2.68])
2AC_INIT(firejail, 0.9.56.1, netblue30@yahoo.com, , https://firejail.wordpress.com) 2AC_INIT(firejail, 0.9.57, netblue30@yahoo.com, , https://firejail.wordpress.com)
3AC_CONFIG_SRCDIR([src/firejail/main.c]) 3AC_CONFIG_SRCDIR([src/firejail/main.c])
4#AC_CONFIG_HEADERS([config.h]) 4#AC_CONFIG_HEADERS([config.h])
5 5
diff --git a/etc/0ad.profile b/etc/0ad.profile
index f9320f6c7..674fb2c6a 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -2,19 +2,19 @@
2# Description: Real-time strategy game of ancient warfare 2# Description: Real-time strategy game of ancient warfare
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/0ad.local 5include 0ad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/0ad 9noblacklist ${HOME}/.cache/0ad
10noblacklist ${HOME}/.config/0ad 10noblacklist ${HOME}/.config/0ad
11noblacklist ${HOME}/.local/share/0ad 11noblacklist ${HOME}/.local/share/0ad
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/0ad 19mkdir ${HOME}/.cache/0ad
20mkdir ${HOME}/.config/0ad 20mkdir ${HOME}/.config/0ad
@@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/0ad
22whitelist ${HOME}/.cache/0ad 22whitelist ${HOME}/.cache/0ad
23whitelist ${HOME}/.config/0ad 23whitelist ${HOME}/.config/0ad
24whitelist ${HOME}/.local/share/0ad 24whitelist ${HOME}/.local/share/0ad
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
index 56b38f5a2..10f354f19 100644
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@@ -2,25 +2,25 @@
2# Description: Mathematics based puzzle game 2# Description: Mathematics based puzzle game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/2048-qt.local 5include 2048-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/2048-qt 9noblacklist ${HOME}/.config/2048-qt
10noblacklist ${HOME}/.config/xiaoyong 10noblacklist ${HOME}/.config/xiaoyong
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/2048-qt 18mkdir ${HOME}/.config/2048-qt
19mkdir ${HOME}/.config/xiaoyong 19mkdir ${HOME}/.config/xiaoyong
20whitelist ${HOME}/.config/2048-qt 20whitelist ${HOME}/.config/2048-qt
21whitelist ${HOME}/.config/xiaoyong 21whitelist ${HOME}/.config/xiaoyong
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/7z.profile b/etc/7z.profile
index e3f27b93f..363e301e2 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -2,10 +2,10 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/7z.local 5include 7z.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included default.profile 7# added by included default.profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -16,10 +16,11 @@ nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20shell none 21shell none
21tracelog 22tracelog
22 23
23private-dev 24private-dev
24 25
25include /etc/firejail/default.profile 26include default.profile
diff --git a/etc/7za.profile b/etc/7za.profile
index e035bf4f5..28e483a8c 100644
--- a/etc/7za.profile
+++ b/etc/7za.profile
@@ -1,10 +1,10 @@
1# Firejail profile for 7za 1# Firejail profile for 7za
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/7za.local 4include 7za.local
5# Persistent global definitions 5# Persistent global definitions
6# added by included profile 6# added by included profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/7z.profile 10include 7z.profile
diff --git a/etc/7zr.profile b/etc/7zr.profile
index e48c5494e..1b85badbc 100644
--- a/etc/7zr.profile
+++ b/etc/7zr.profile
@@ -1,10 +1,10 @@
1# Firejail profile for 7zr 1# Firejail profile for 7zr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/7zr.local 4include 7zr.local
5# Persistent global definitions 5# Persistent global definitions
6# added by included profile 6# added by included profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/7z.profile 10include 7z.profile
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile
index f1336be3e..e9cc07bd7 100644
--- a/etc/Cryptocat.profile
+++ b/etc/Cryptocat.profile
@@ -1,17 +1,17 @@
1# Firejail profile for Cryptocat 1# Firejail profile for Cryptocat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Cryptocat.local 4include Cryptocat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Cryptocat 8noblacklist ${HOME}/.config/Cryptocat
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24protocol unix,inet,inet6,netlink 25protocol unix,inet,inet6,netlink
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile
index 202bc26f4..2fb21e3cf 100644
--- a/etc/Cyberfox.profile
+++ b/etc/Cyberfox.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/cyberfox.profile 6include cyberfox.profile
diff --git a/etc/Discord.profile b/etc/Discord.profile
index 951357387..9a8957265 100644
--- a/etc/Discord.profile
+++ b/etc/Discord.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Discord 1# Firejail profile for Discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Discord.local 4include Discord.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discord 9noblacklist ${HOME}/.config/discord
@@ -15,4 +15,4 @@ private-bin Discord
15private-opt Discord 15private-opt Discord
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile
index f7b0e2c56..0624ff949 100644
--- a/etc/DiscordCanary.profile
+++ b/etc/DiscordCanary.profile
@@ -1,9 +1,9 @@
1# Firejail profile for DiscordCanary 1# Firejail profile for DiscordCanary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/DiscordCanary.local 4include DiscordCanary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discordcanary 9noblacklist ${HOME}/.config/discordcanary
@@ -15,4 +15,4 @@ private-bin DiscordCanary
15private-opt DiscordCanary 15private-opt DiscordCanary
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile
index 01e338ef2..55fd43515 100644
--- a/etc/FossaMail.profile
+++ b/etc/FossaMail.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/fossamail.profile 6include fossamail.profile
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile
index 2e4d235b6..55fb7bae7 100644
--- a/etc/Fritzing.profile
+++ b/etc/Fritzing.profile
@@ -2,21 +2,21 @@
2# Description: Easy-to-use electronic design software 2# Description: Easy-to-use electronic design software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Fritzing.local 5include Fritzing.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Fritzing 9noblacklist ${HOME}/.config/Fritzing
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/Gitter.profile b/etc/Gitter.profile
index b12dbd450..53e66d108 100644
--- a/etc/Gitter.profile
+++ b/etc/Gitter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gitter.profile 6include gitter.profile
diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile
index 659a41603..2803ebe07 100644
--- a/etc/JDownloader.profile
+++ b/etc/JDownloader.profile
@@ -1,9 +1,9 @@
1# Firejail profile for JDownloader 1# Firejail profile for JDownloader
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/JDownloader.local 4include JDownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.jd 9noblacklist ${HOME}/.jd
@@ -14,18 +14,18 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.jd 24mkdir ${HOME}/.jd
25whitelist ${HOME}/.jd 25whitelist ${HOME}/.jd
26whitelist ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31ipc-namespace 31ipc-namespace
@@ -38,6 +38,7 @@ nonewprivs
38noroot 38noroot
39nosound 39nosound
40notv 40notv
41nou2f
41novideo 42novideo
42protocol unix,inet,inet6 43protocol unix,inet,inet6
43seccomp 44seccomp
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index deff02028..6aba2678b 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -1,25 +1,25 @@
1# Firejail profile for Mathematica 1# Firejail profile for Mathematica
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Mathematica.local 4include Mathematica.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Mathematica 8noblacklist ${HOME}/.Mathematica
9noblacklist ${HOME}/.Wolfram Research 9noblacklist ${HOME}/.Wolfram Research
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.Mathematica 17mkdir ${HOME}/.Mathematica
18mkdir ${HOME}/.Wolfram Research 18mkdir ${HOME}/.Wolfram Research
19whitelist ${HOME}/.Mathematica 19whitelist ${HOME}/.Mathematica
20whitelist ${HOME}/.Wolfram Research 20whitelist ${HOME}/.Wolfram Research
21whitelist ${HOME}/Documents/Wolfram Mathematica 21whitelist ${HOME}/Documents/Wolfram Mathematica
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25nodvd 25nodvd
diff --git a/etc/Natron.profile b/etc/Natron.profile
index b21790fe4..aadd68c5c 100644
--- a/etc/Natron.profile
+++ b/etc/Natron.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/natron.profile 6include natron.profile
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index 558f62f0e..f969cd855 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -2,9 +2,9 @@
2# Description: Search, download or stream files from mediathek.de 2# Description: Search, download or stream files from mediathek.de
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/QMediathekView.local 5include QMediathekView.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/QMediathekView 9noblacklist ${HOME}/.config/QMediathekView
10noblacklist ${HOME}/.local/share/QMediathekView 10noblacklist ${HOME}/.local/share/QMediathekView
@@ -18,13 +18,13 @@ noblacklist ${HOME}/.local/share/totem
18noblacklist ${HOME}/.local/share/xplayer 18noblacklist ${HOME}/.local/share/xplayer
19noblacklist ${HOME}/.mplayer 19noblacklist ${HOME}/.mplayer
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile
new file mode 100644
index 000000000..1135b850b
--- /dev/null
+++ b/etc/QOwnNotes.profile
@@ -0,0 +1,56 @@
1# Firejail profile for QOwnNotes
2# Description: Plain-text file notepad with markdown support and ownCloud integration
3# This file is overwritten after every install/update
4# Persistent local customizations
5include QOwnNotes.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${DOCUMENTS}
10noblacklist ${HOME}/Nextcloud/Notes
11noblacklist ${HOME}/.config/PBE
12noblacklist ${HOME}/.local/share/PBE
13
14mkdir ${DOCUMENTS}
15mkdir ${HOME}/Nextcloud/Notes
16mkdir ${HOME}.config/PBE
17mkdir ${HOME}/.local/share/PBE
18whitelist ${DOCUMENTS}
19whitelist ${HOME}/Nextcloud/Notes
20whitelist ${HOME}/.config/PBE
21whitelist ${HOME}/.local/share/PBE
22include whitelist-common.inc
23include whitelist-var-common.inc
24
25include disable-common.inc
26include disable-devel.inc
27include disable-interpreters.inc
28include disable-passwdmgr.inc
29include disable-programs.inc
30include disable-xdg.inc
31
32caps.drop all
33machine-id
34netfilter
35no3d
36nodvd
37nogroups
38nonewprivs
39noroot
40nosound
41notv
42nou2f
43novideo
44protocol unix,inet,inet6,netlink
45seccomp
46shell none
47tracelog
48
49disable-mnt
50private-bin QOwnNotes,gio
51private-dev
52private-etc fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies
53private-tmp
54
55noexec ${HOME}
56noexec /tmp
diff --git a/etc/Telegram.profile b/etc/Telegram.profile
index df6557a90..51e4d9765 100644
--- a/etc/Telegram.profile
+++ b/etc/Telegram.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/telegram.profile 6include telegram.profile
diff --git a/etc/Thunar.profile b/etc/Thunar.profile
index 6de6cfb30..9937f3883 100644
--- a/etc/Thunar.profile
+++ b/etc/Thunar.profile
@@ -2,19 +2,19 @@
2# Description: File Manager for Xfce 2# Description: File Manager for Xfce
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Thunar.local 5include Thunar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/Trash 9noblacklist ${HOME}/.local/share/Trash
10noblacklist ${HOME}/.config/Thunar 10noblacklist ${HOME}/.config/Thunar
11noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml 11noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17# include /etc/firejail/disable-programs.inc 17# include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/Viber.profile b/etc/Viber.profile
index cb9d01e03..01bb49a99 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -1,22 +1,22 @@
1# Firejail profile for Viber 1# Firejail profile for Viber
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Viber.local 4include Viber.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.ViberPC 9noblacklist ${HOME}/.ViberPC
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.ViberPC 18whitelist ${HOME}/.ViberPC
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile
index c84b8a4ad..5fe8f1c57 100644
--- a/etc/VirtualBox.profile
+++ b/etc/VirtualBox.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/virtualbox.profile 7include virtualbox.profile
diff --git a/etc/XMind.profile b/etc/XMind.profile
index ff6258ca2..6b767555c 100644
--- a/etc/XMind.profile
+++ b/etc/XMind.profile
@@ -1,22 +1,22 @@
1# Firejail profile for XMind 1# Firejail profile for XMind
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/XMind.local 4include XMind.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmind 8noblacklist ${HOME}/.xmind
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.xmind 16mkdir ${HOME}/.xmind
17whitelist ${HOME}/.xmind 17whitelist ${HOME}/.xmind
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index c0c322b67..a95c8989a 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Xephyr 1# Firejail profile for Xephyr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Xephyr.local 4include Xephyr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# 8#
9# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. 9# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
@@ -18,7 +18,7 @@ include /etc/firejail/globals.local
18blacklist /media 18blacklist /media
19 19
20whitelist /var/lib/xkb 20whitelist /var/lib/xkb
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24# Xephyr needs to be allowed access to the abstract Unix socket namespace. 24# Xephyr needs to be allowed access to the abstract Unix socket namespace.
@@ -29,6 +29,7 @@ nonewprivs
29# noroot 29# noroot
30nosound 30nosound
31notv 31notv
32nou2f
32protocol unix 33protocol unix
33seccomp 34seccomp
34shell none 35shell none
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 4ae2d20d2..967946a6c 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -2,9 +2,9 @@
2# Description: Virtual Framebuffer 'fake' X server 2# Description: Virtual Framebuffer 'fake' X server
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Xvfb.local 5include Xvfb.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# 9#
10# This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. 10# This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb.
@@ -20,7 +20,7 @@ include /etc/firejail/globals.local
20blacklist /media 20blacklist /media
21 21
22whitelist /var/lib/xkb 22whitelist /var/lib/xkb
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26# Xvfb needs to be allowed access to the abstract Unix socket namespace. 26# Xvfb needs to be allowed access to the abstract Unix socket namespace.
@@ -31,6 +31,7 @@ nonewprivs
31#noroot 31#noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix 35protocol unix
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index d757d6f49..010247c6b 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for abrowser 1# Firejail profile for abrowser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/abrowser.local 4include abrowser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
@@ -18,4 +18,4 @@ whitelist ${HOME}/.mozilla
18 18
19 19
20# Redirect 20# Redirect
21include /etc/firejail/firefox-common.profile 21include firefox-common.profile
diff --git a/etc/acat.profile b/etc/acat.profile
index 08593585c..0b4579035 100644
--- a/etc/acat.profile
+++ b/etc/acat.profile
@@ -1,9 +1,9 @@
1# Firejail profile for acat 1# Firejail profile for acat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/acat.local 4include acat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/adiff.profile b/etc/adiff.profile
index 2c114d765..9073b1477 100644
--- a/etc/adiff.profile
+++ b/etc/adiff.profile
@@ -1,9 +1,9 @@
1# Firejail profile for adiff 1# Firejail profile for adiff
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/adiff.local 4include adiff.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
index 0cbe306e8..4d40e6594 100644
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@@ -1,8 +1,8 @@
1# Firejail profile for akonadi_control 1# Firejail profile for akonadi_control
2# Persistent local customizations 2# Persistent local customizations
3include /etc/firejail/akonadi_control.local 3include akonadi_control.local
4# Persistent global definitions 4# Persistent global definitions
5include /etc/firejail/globals.local 5include globals.local
6 6
7noblacklist ${HOME}/.cache/akonadi* 7noblacklist ${HOME}/.cache/akonadi*
8noblacklist ${HOME}/.config/akonadi* 8noblacklist ${HOME}/.config/akonadi*
@@ -20,13 +20,13 @@ noblacklist ${HOME}/.local/share/notes
20noblacklist /tmp/akonadi-* 20noblacklist /tmp/akonadi-*
21noblacklist /usr/sbin 21noblacklist /usr/sbin
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27include /etc/firejail/disable-programs.inc 27include disable-programs.inc
28 28
29include /etc/firejail/whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
31# disabled options below are not compatible with the apparmor profile for mysqld-akonadi. 31# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
32# this affects ubuntu and debian currently 32# this affects ubuntu and debian currently
@@ -42,6 +42,7 @@ nogroups
42noroot 42noroot
43nosound 43nosound
44notv 44notv
45nou2f
45novideo 46novideo
46# protocol unix,inet,inet6 47# protocol unix,inet,inet6
47# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice 48# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
diff --git a/etc/akregator.profile b/etc/akregator.profile
index af8dd2a3e..e7d0b74b9 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -2,26 +2,26 @@
2# Description: RSS/Atom feed aggregator 2# Description: RSS/Atom feed aggregator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/akregator.local 5include akregator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/akregatorrc 9noblacklist ${HOME}/.config/akregatorrc
10noblacklist ${HOME}/.local/share/akregator 10noblacklist ${HOME}/.local/share/akregator
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkfile ${HOME}/.config/akregatorrc 18mkfile ${HOME}/.config/akregatorrc
19mkdir ${HOME}/.local/share/akregator 19mkdir ${HOME}/.local/share/akregator
20whitelist ${HOME}/.config/akregatorrc 20whitelist ${HOME}/.config/akregatorrc
21whitelist ${HOME}/.local/share/akregator 21whitelist ${HOME}/.local/share/akregator
22whitelist ${HOME}/.local/share/kssl 22whitelist ${HOME}/.local/share/kssl
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36# chroot syscalls are needed for setting up the built-in sandbox 37# chroot syscalls are needed for setting up the built-in sandbox
diff --git a/etc/als.profile b/etc/als.profile
index 8cd9a9182..24b8b976b 100644
--- a/etc/als.profile
+++ b/etc/als.profile
@@ -1,9 +1,9 @@
1# Firejail profile for als 1# Firejail profile for als
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/als.local 4include als.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/amarok.profile b/etc/amarok.profile
index 3ee50a20b..6f2e6b3cc 100644
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@@ -2,20 +2,20 @@
2# Description: Easy to use media player based on the KDE Platform 2# Description: Easy to use media player based on the KDE Platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/amarok.local 5include amarok.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28# seccomp 29# seccomp
diff --git a/etc/amule.profile b/etc/amule.profile
index f052a312f..e969bb1df 100644
--- a/etc/amule.profile
+++ b/etc/amule.profile
@@ -2,22 +2,22 @@
2# Description: Client for the eD2k and Kad networks, like eMule 2# Description: Client for the eD2k and Kad networks, like eMule
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/amule.local 5include amule.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.aMule 10noblacklist ${HOME}/.aMule
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.aMule 19whitelist ${HOME}/.aMule
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index 8f5cd56cc..180e4871b 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -1,9 +1,9 @@
1# Firejail profile for android-studio 1# Firejail profile for android-studio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/android-studio.local 4include android-studio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.AndroidStudio* 8noblacklist ${HOME}/.AndroidStudio*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.local/share/JetBrains
16noblacklist ${HOME}/.ssh 16noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/anydesk.profile b/etc/anydesk.profile
index 17e083f4e..35b18bab4 100644
--- a/etc/anydesk.profile
+++ b/etc/anydesk.profile
@@ -1,21 +1,21 @@
1# Firejail profile for AnyDesk 1# Firejail profile for AnyDesk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/anydesk.local 4include anydesk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.anydesk 8noblacklist ${HOME}/.anydesk
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15 15
16mkdir ${HOME}/.anydesk 16mkdir ${HOME}/.anydesk
17whitelist ${HOME}/.anydesk 17whitelist ${HOME}/.anydesk
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/aosp.profile b/etc/aosp.profile
index 8622d6acd..a4eea4bad 100644
--- a/etc/aosp.profile
+++ b/etc/aosp.profile
@@ -1,9 +1,9 @@
1# Firejail profile for aosp 1# Firejail profile for aosp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/aosp.local 4include aosp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -18,12 +18,12 @@ noblacklist ${HOME}/.repoconfig
18noblacklist ${HOME}/.ssh 18noblacklist ${HOME}/.ssh
19noblacklist ${HOME}/.tooling 19noblacklist ${HOME}/.tooling
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29ipc-namespace 29ipc-namespace
diff --git a/etc/apack.profile b/etc/apack.profile
index ad44b227e..bd5e49a01 100644
--- a/etc/apack.profile
+++ b/etc/apack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for apack 1# Firejail profile for apack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/apack.local 4include apack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/apktool.profile b/etc/apktool.profile
index d157b1478..bad0c9346 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -3,16 +3,16 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/apktool.local 6include apktool.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13include /etc/firejail/disable-xdg.inc 13include disable-xdg.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index 9cd200ef2..7321f4e90 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/arch-audit.local 6include arch-audit.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10 10
11noblacklist /var/lib/pacman 11noblacklist /var/lib/pacman
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile
index 27b15412f..1b029d1ac 100644
--- a/etc/archaudit-report.profile
+++ b/etc/archaudit-report.profile
@@ -2,21 +2,21 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/archaudit-report.local 5include archaudit-report.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist /var/lib/pacman 10noblacklist /var/lib/pacman
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
index 7d1163174..5c22b57d0 100644
--- a/etc/ardour4.profile
+++ b/etc/ardour4.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/ardour5.profile 6include ardour5.profile
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index 99649cc3f..3c207b5b3 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -1,9 +1,9 @@
1# Firejail profile for ardour5 1# Firejail profile for ardour5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ardour5.local 4include ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/ardour4 8noblacklist ${HOME}/.config/ardour4
9noblacklist ${HOME}/.config/ardour5 9noblacklist ${HOME}/.config/ardour5
@@ -12,12 +12,12 @@ noblacklist ${HOME}/.vst
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13noblacklist ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix 32protocol unix
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/arduino.profile b/etc/arduino.profile
index 9f28cada4..6c2375fae 100644
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@@ -2,9 +2,9 @@
2# Description: AVR development board IDE and built-in libraries 2# Description: AVR development board IDE and built-in libraries
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/arduino.local 5include arduino.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.arduino15 9noblacklist ${HOME}/.arduino15
10noblacklist ${HOME}/.java 10noblacklist ${HOME}/.java
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/arepack.profile b/etc/arepack.profile
index f7a9f724a..f5584b2be 100644
--- a/etc/arepack.profile
+++ b/etc/arepack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for arepack 1# Firejail profile for arepack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/arepack.local 4include arepack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
index 4231c58ff..3015349b7 100644
--- a/etc/aria2c.profile
+++ b/etc/aria2c.profile
@@ -2,18 +2,18 @@
2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink 2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/aria2c.local 5include aria2c.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.aria2 9noblacklist ${HOME}/.aria2
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/ark.profile b/etc/ark.profile
index d5a7f45f4..37211682c 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -2,19 +2,19 @@
2# Description: Archive utility 2# Description: Archive utility
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ark.local 5include ark.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/arkrc 9noblacklist ${HOME}/.config/arkrc
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/arm.profile b/etc/arm.profile
index da9b45928..288dd972a 100644
--- a/etc/arm.profile
+++ b/etc/arm.profile
@@ -2,9 +2,9 @@
2# Description: Terminal status monitor for Tor relays 2# Description: Terminal status monitor for Tor relays
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/arm.local 5include arm.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.arm 9noblacklist ${HOME}/.arm
10 10
@@ -14,15 +14,15 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.arm 23mkdir ${HOME}/.arm
24whitelist ${HOME}/.arm 24whitelist ${HOME}/.arm
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28ipc-namespace 28ipc-namespace
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/artha.profile b/etc/artha.profile
new file mode 100644
index 000000000..7b0c6735b
--- /dev/null
+++ b/etc/artha.profile
@@ -0,0 +1,46 @@
1# Firejail profile for artha
2# Description: A free cross-platform English thesaurus based on WordNet
3# This file is overwritten after every install/update
4# Persistent local customizations
5include artha.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/artha.conf
10noblacklist ${HOME}/.config/enchant
11
12include disable-common.inc
13include disable-devel.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17
18caps.drop all
19ipc-namespace
20machine-id
21net none
22no3d
23# nodbus
24nodvd
25nogroups
26nonewprivs
27noroot
28nosound
29notv
30nou2f
31novideo
32protocol unix
33seccomp
34shell none
35
36disable-mnt
37private-bin artha,enchant,notify-send
38private-cache
39private-dev
40private-etc fonts
41private-lib libnotify.so.*
42private-tmp
43
44memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 9c059ed0a..3167dfe12 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -2,9 +2,9 @@
2# Description: Graphical audio CD ripper and encoder 2# Description: Graphical audio CD ripper and encoder
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/asunder.local 5include asunder.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/asunder 9noblacklist ${HOME}/.config/asunder
10noblacklist ${HOME}/.asunder_album_genre 10noblacklist ${HOME}/.asunder_album_genre
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.asunder_album_title
12noblacklist ${HOME}/.asunder_album_artist 12noblacklist ${HOME}/.asunder_album_artist
13noblacklist ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
@@ -28,6 +28,7 @@ nodbus
28# nogroups 28# nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31nou2f
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile
index a153d08b4..36baee5c4 100644
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@@ -1,6 +1,6 @@
1# Firejail profile for atom-beta 1# Firejail profile for atom-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atom-beta.local 4include atom-beta.local
5# Profile redirect 5# Profile redirect
6include /etc/firejail/atom.profile 6include atom.profile
diff --git a/etc/atom.profile b/etc/atom.profile
index 1ff4e162d..ceb68ef3d 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -2,16 +2,16 @@
2# Description: A hackable text editor for the 21st Century 2# Description: A hackable text editor for the 21st Century
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atom.local 5include atom.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.atom 9noblacklist ${HOME}/.atom
10noblacklist ${HOME}/.config/Atom 10noblacklist ${HOME}/.config/Atom
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17# net none 17# net none
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
28seccomp 29seccomp
diff --git a/etc/atool.profile b/etc/atool.profile
index 161b211eb..b7addf36e 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -2,9 +2,9 @@
2# Description: Tool for managing file archives of various types 2# Description: Tool for managing file archives of various types
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atool.local 5include atool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -15,11 +15,11 @@ noblacklist ${PATH}/perl
15noblacklist /usr/lib/perl* 15noblacklist /usr/lib/perl*
16noblacklist /usr/share/perl* 16noblacklist /usr/share/perl*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19# include /etc/firejail/disable-devel.inc 19# include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile
index 5d841bc0e..3f24acefa 100644
--- a/etc/atril-previewer.profile
+++ b/etc/atril-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for atril-previewer 1# Firejail profile for atril-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atril-previewer.local 4include atril-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/atril.profile 10include atril.profile
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile
index 88c74735d..de4a52514 100644
--- a/etc/atril-thumbnailer.profile
+++ b/etc/atril-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for atril-thumbnailer 1# Firejail profile for atril-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atril-thumbnailer.local 4include atril-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/atril.profile 10include atril.profile
diff --git a/etc/atril.profile b/etc/atril.profile
index 6e5286e5f..92fae21d4 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -2,9 +2,9 @@
2# Description: MATE document viewer 2# Description: MATE document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atril.local 5include atril.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/atril 9noblacklist ${HOME}/.cache/atril
10noblacklist ${HOME}/.config/atril 10noblacklist ${HOME}/.config/atril
@@ -13,14 +13,14 @@ noblacklist ${DOCUMENTS}
13#noblacklist ${HOME}/.local/share 13#noblacklist ${HOME}/.local/share
14# it seems to use only ${HOME}/.local/share/webkitgtk 14# it seems to use only ${HOME}/.local/share/webkitgtk
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25# apparmor 25# apparmor
26caps.drop all 26caps.drop all
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix 37protocol unix
37seccomp 38seccomp
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 627c1a72d..93a2f4b3e 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -2,22 +2,22 @@
2# Description: Small and fast audio player which supports lots of formats 2# Description: Small and fast audio player which supports lots of formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/audacious.local 5include audacious.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Audaciousrc 9noblacklist ${HOME}/.config/Audaciousrc
10noblacklist ${HOME}/.config/audacious 10noblacklist ${HOME}/.config/audacious
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 685319f7f..4dd412359 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -2,22 +2,22 @@
2# Description: Fast, cross-platform audio editor 2# Description: Fast, cross-platform audio editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/audacity.local 5include audacity.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.audacity-data 9noblacklist ${HOME}/.audacity-data
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -29,6 +29,7 @@ nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/aunpack.profile b/etc/aunpack.profile
index 4f03ac60d..cde9473e3 100644
--- a/etc/aunpack.profile
+++ b/etc/aunpack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for aunpack 1# Firejail profile for aunpack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/aunpack.local 4include aunpack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/authenticator.profile b/etc/authenticator.profile
index f10abdda8..9656bb3d7 100644
--- a/etc/authenticator.profile
+++ b/etc/authenticator.profile
@@ -2,9 +2,9 @@
2# Description: 2FA code generator for GNOME 2# Description: 2FA code generator for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/authenticator.local 5include authenticator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# blacklisted in 'disable-programs.local' 9# blacklisted in 'disable-programs.local'
10noblacklist ${HOME}/.config/Authenticator 10noblacklist ${HOME}/.config/Authenticator
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.config/Authenticator
13noblacklist ${PATH}/python3* 13noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22# apparmor 22# apparmor
23caps.drop all 23caps.drop all
@@ -30,8 +30,8 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33# novideo
34nou2f 33nou2f
34# novideo
35protocol unix 35protocol unix
36seccomp 36seccomp
37shell none 37shell none
diff --git a/etc/aweather.profile b/etc/aweather.profile
index 823b07c8c..d7228570f 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -2,22 +2,22 @@
2# Description: Advanced Weather Monitoring Program 2# Description: Advanced Weather Monitoring Program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/aweather.local 5include aweather.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/aweather 9noblacklist ${HOME}/.config/aweather
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/aweather 17mkdir ${HOME}/.config/aweather
18whitelist ${HOME}/.config/aweather 18whitelist ${HOME}/.config/aweather
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/awesome.profile b/etc/awesome.profile
index 49c1a4aad..5d1bf5071 100644
--- a/etc/awesome.profile
+++ b/etc/awesome.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/awesome.local 5include awesome.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.config/awesome 10noblacklist ${HOME}/.config/awesome
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 240573f44..5e749cac1 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -1,9 +1,9 @@
1# Firejail profile for baloo_file 1# Firejail profile for baloo_file
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/baloo_file.local 4include baloo_file.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/baloofilerc 8noblacklist ${HOME}/.config/baloofilerc
9noblacklist ${HOME}/.kde/share/config/baloofilerc 9noblacklist ${HOME}/.kde/share/config/baloofilerc
@@ -12,13 +12,13 @@ noblacklist ${HOME}/.kde4/share/config/baloofilerc
12noblacklist ${HOME}/.kde4/share/config/baloorc 12noblacklist ${HOME}/.kde4/share/config/baloorc
13noblacklist ${HOME}/.local/share/baloo 13noblacklist ${HOME}/.local/share/baloo
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24no3d 24no3d
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33# blacklisting of ioprio_set system calls breaks baloo_file 34# blacklisting of ioprio_set system calls breaks baloo_file
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile
index 87f2949e6..94496ede8 100644
--- a/etc/baloo_filemetadata_temp_extractor.profile
+++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -2,12 +2,12 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/baloo_filemetadata_temp_extractor.local 5include baloo_filemetadata_temp_extractor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9ignore read-write 9ignore read-write
10read-only ${HOME} 10read-only ${HOME}
11 11
12# Redirect 12# Redirect
13include /etc/firejail/baloo_file.profile 13include baloo_file.profile
diff --git a/etc/baobab.profile b/etc/baobab.profile
index d0c3f2712..c223b138e 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -2,15 +2,15 @@
2# Description: GNOME disk usage analyzer 2# Description: GNOME disk usage analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/baobab.local 5include baobab.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13# include /etc/firejail/disable-programs.inc 13# include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix 27protocol unix
27seccomp 28seccomp
diff --git a/etc/basilisk.profile b/etc/basilisk.profile
index 43ba5adcb..5f9fc8ef7 100644
--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@@ -1,9 +1,9 @@
1# Firejail profile for basilisk 1# Firejail profile for basilisk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/basilisk.local 4include basilisk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/moonchild productions/basilisk 8noblacklist ${HOME}/.cache/moonchild productions/basilisk
9noblacklist ${HOME}/.moonchild productions/basilisk 9noblacklist ${HOME}/.moonchild productions/basilisk
@@ -24,4 +24,4 @@ seccomp
24#private-opt basilisk 24#private-opt basilisk
25 25
26# Redirect 26# Redirect
27include /etc/firejail/firefox-common.profile 27include firefox-common.profile
diff --git a/etc/beaker.profile b/etc/beaker.profile
index 9215576c7..d18429408 100644
--- a/etc/beaker.profile
+++ b/etc/beaker.profile
@@ -1,19 +1,19 @@
1# Firejail profile for beaker 1# Firejail profile for beaker
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/beaker.local 4include beaker.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Beaker Browser 8noblacklist ${HOME}/.config/Beaker Browser
9 9
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12 12
13mkdir ${HOME}/.config/Beaker Browser 13mkdir ${HOME}/.config/Beaker Browser
14whitelist ${HOME}/.config/Beaker Browser 14whitelist ${HOME}/.config/Beaker Browser
15whitelist ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16include /etc/firejail/whitelist-common.inc 16include whitelist-common.inc
17 17
18# Redirect 18# Redirect
19include /etc/firejail/electron.profile 19include electron.profile
diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index 57595e8e2..0691b32c3 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -2,24 +2,24 @@
2# Description: Bible study tool 2# Description: Bible study tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bibletime.local 5include bibletime.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
11noblacklist ${HOME}/.bibletime 11noblacklist ${HOME}/.bibletime
12noblacklist ${HOME}/.sword 12noblacklist ${HOME}/.sword
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist ${HOME}/.bibletime 20whitelist ${HOME}/.bibletime
21whitelist ${HOME}/.sword 21whitelist ${HOME}/.sword
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25machine-id 25machine-id
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile
index 9b6affe24..46ce0775b 100644
--- a/etc/bitcoin-qt.profile
+++ b/etc/bitcoin-qt.profile
@@ -2,25 +2,25 @@
2# Description: Bitcoin is a peer-to-peer network based digital currency 2# Description: Bitcoin is a peer-to-peer network based digital currency
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bitcoin-qt.local 5include bitcoin-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.bitcoin 9noblacklist ${HOME}/.bitcoin
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.bitcoin 17mkdir ${HOME}/.bitcoin
18mkdir ${HOME}/.config/Bitcoin 18mkdir ${HOME}/.config/Bitcoin
19whitelist ${HOME}/.bitcoin 19whitelist ${HOME}/.bitcoin
20whitelist ${HOME}/.config/Bitcoin 20whitelist ${HOME}/.config/Bitcoin
21 21
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index e663d7799..2c2f88ed5 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -2,20 +2,20 @@
2# Description: IRC to other chat networks gateway 2# Description: IRC to other chat networks gateway
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bitlbee.local 5include bitlbee.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist /sbin 9noblacklist /sbin
10noblacklist /usr/sbin 10noblacklist /usr/sbin
11# noblacklist /var/log 11# noblacklist /var/log
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20netfilter 20netfilter
21no3d 21no3d
@@ -23,6 +23,7 @@ nodvd
23nonewprivs 23nonewprivs
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/blackbox.profile b/etc/blackbox.profile
index 2672c812a..13e83493d 100644
--- a/etc/blackbox.profile
+++ b/etc/blackbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/blackbox.local 5include blackbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.blackbox 10noblacklist ${HOME}/.blackbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 49d058ab4..fa850fe1a 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -2,9 +2,9 @@
2# Description: Delete unnecessary files from the system 2# Description: Delete unnecessary files from the system
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bleachbit.local 5include bleachbit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,11 +12,11 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19# include /etc/firejail/disable-programs.inc 19# include disable-programs.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile
index 4b907018e..9da0cb921 100644
--- a/etc/blender-2.8.profile
+++ b/etc/blender-2.8.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/blender.profile 6include blender.profile
diff --git a/etc/blender.profile b/etc/blender.profile
index 43a8622f7..77d073cd7 100644
--- a/etc/blender.profile
+++ b/etc/blender.profile
@@ -2,9 +2,9 @@
2# Description: Very fast and versatile 3D modeller/renderer 2# Description: Very fast and versatile 3D modeller/renderer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/blender.local 5include blender.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/blender 9noblacklist ${HOME}/.config/blender
10 10
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23# Allow usage of AMD GPU by OpenCL 23# Allow usage of AMD GPU by OpenCL
24noblacklist /sys/module 24noblacklist /sys/module
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/bless.profile b/etc/bless.profile
index 0da3436e8..cc03107a5 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -2,19 +2,19 @@
2# Description: A full featured hexadecimal editor 2# Description: A full featured hexadecimal editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bless.local 5include bless.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/bless 9noblacklist ${HOME}/.config/bless
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/bluefish.profile b/etc/bluefish.profile
index 23ba34d42..ce47cb9ab 100644
--- a/etc/bluefish.profile
+++ b/etc/bluefish.profile
@@ -2,17 +2,17 @@
2# Description: Advanced Gtk+ text editor for web and software development 2# Description: Advanced Gtk+ text editor for web and software development
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bluefish.local 5include bluefish.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/bnox.profile b/etc/bnox.profile
index 3207a2923..031f3f4bd 100644
--- a/etc/bnox.profile
+++ b/etc/bnox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for bnox 1# Firejail profile for bnox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/bnox.local 4include bnox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/bnox 8noblacklist ${HOME}/.cache/bnox
9noblacklist ${HOME}/.config/bnox 9noblacklist ${HOME}/.config/bnox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/bnox
14whitelist ${HOME}/.config/bnox 14whitelist ${HOME}/.config/bnox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 8f1068506..1c03b2119 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -1,17 +1,17 @@
1# Firejail profile for brackets 1# Firejail profile for brackets
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/brackets.local 4include brackets.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Brackets 8noblacklist ${HOME}/.config/Brackets
9#noblacklist /opt/brackets/ 9#noblacklist /opt/brackets/
10#noblacklist /opt/google/ 10#noblacklist /opt/google/
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6,netlink 26protocol unix,inet,inet6,netlink
26seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic 27seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic
diff --git a/etc/brasero.profile b/etc/brasero.profile
index 1c0b5f843..8ab9472ac 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -2,17 +2,17 @@
2# Description: CD/DVD burning application for GNOME 2# Description: CD/DVD burning application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/brasero.local 5include brasero.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/brasero 9noblacklist ${HOME}/.config/brasero
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/brave.profile b/etc/brave.profile
index 08bcea561..315564b05 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -1,9 +1,9 @@
1# Firejail profile for brave 1# Firejail profile for brave
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/brave.local 4include brave.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/brave 8noblacklist ${HOME}/.config/brave
9# brave uses gpg for built-in password manager 9# brave uses gpg for built-in password manager
@@ -17,4 +17,4 @@ whitelist ${HOME}/.gnupg
17ignore noexec /tmp 17ignore noexec /tmp
18 18
19# Redirect 19# Redirect
20include /etc/firejail/chromium-common.profile 20include chromium-common.profile
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile
index b900eb4bf..e95dfdf2d 100644
--- a/etc/bsdcat.profile
+++ b/etc/bsdcat.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/bsdtar.profile 6include bsdtar.profile
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile
index b900eb4bf..e95dfdf2d 100644
--- a/etc/bsdcpio.profile
+++ b/etc/bsdcpio.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/bsdtar.profile 6include bsdtar.profile
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index 57220ef4a..f6864386e 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -2,15 +2,15 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bsdtar.local 5include bsdtar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15blacklist /tmp/.X11-unix 15blacklist /tmp/.X11-unix
16 16
@@ -25,6 +25,7 @@ nonewprivs
25# noroot 25# noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29nonewprivs 30nonewprivs
30protocol unix 31protocol unix
diff --git a/etc/bunzip2.profile b/etc/bunzip2.profile
index f483a1d3d..891476cb1 100644
--- a/etc/bunzip2.profile
+++ b/etc/bunzip2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for bunzip2 1# Firejail profile for bunzip2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/bunzip2.local 4include bunzip2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/gzip.profile 9include gzip.profile
diff --git a/etc/caja.profile b/etc/caja.profile
index 20e690a14..f938792cd 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -2,9 +2,9 @@
2# Description: File manager for the MATE desktop 2# Description: File manager for the MATE desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/caja.local 5include caja.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there 9# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10# is already a caja process running on MATE desktops firejail will have no effect. 10# is already a caja process running on MATE desktops firejail will have no effect.
@@ -19,11 +19,11 @@ noblacklist ${PATH}/python3*
19noblacklist /usr/lib/python2* 19noblacklist /usr/lib/python2*
20noblacklist /usr/lib/python3* 20noblacklist /usr/lib/python3*
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25include /etc/firejail/disable-passwdmgr.inc 25include disable-passwdmgr.inc
26# include /etc/firejail/disable-programs.inc 26# include disable-programs.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/calibre.profile b/etc/calibre.profile
index 7a5d798c5..5c7d3e1e7 100644
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@@ -2,21 +2,21 @@
2# Description: Powerful and easy to use e-book manager 2# Description: Powerful and easy to use e-book manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/calibre.local 5include calibre.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/calibre 9noblacklist ${HOME}/.cache/calibre
10noblacklist ${HOME}/.config/calibre 10noblacklist ${HOME}/.config/calibre
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/calligra.profile b/etc/calligra.profile
index ab2845db4..84a60a196 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -2,15 +2,15 @@
2# Description: Extensive productivity and creative suite 2# Description: Extensive productivity and creative suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/calligra.local 5include calligra.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16ipc-namespace 16ipc-namespace
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix 26protocol unix
26seccomp 27seccomp
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraauthor.profile
+++ b/etc/calligraauthor.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraconverter.profile
+++ b/etc/calligraconverter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraflow.profile
+++ b/etc/calligraflow.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraplan.profile
+++ b/etc/calligraplan.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraplanwork.profile
+++ b/etc/calligraplanwork.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrasheets.profile
+++ b/etc/calligrasheets.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrastage.profile
+++ b/etc/calligrastage.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrawords.profile
+++ b/etc/calligrawords.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 422dc93e5..1afcd0365 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -2,9 +2,9 @@
2# Description: File searching tool 2# Description: File searching tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/catfish.local 5include catfish.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# We can't blacklist much since catfish 9# We can't blacklist much since catfish
10# is for finding files/content 10# is for finding files/content
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21# include /etc/firejail/disable-devel.inc 21# include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26whitelist /var/lib/mlocate 26whitelist /var/lib/mlocate
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30net none 30net none
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
index c8b8be04e..601ca58a9 100644
--- a/etc/checkbashisms.profile
+++ b/etc/checkbashisms.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/checkbashisms.local 6include checkbashisms.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
@@ -16,14 +16,14 @@ noblacklist ${PATH}/perl
16noblacklist /usr/lib/perl* 16noblacklist /usr/lib/perl*
17noblacklist /usr/share/perl* 17noblacklist /usr/share/perl*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29ipc-namespace 29ipc-namespace
@@ -36,6 +36,7 @@ nonewprivs
36noroot 36noroot
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix 41protocol unix
41seccomp 42seccomp
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 0159bddae..134a06c48 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -2,9 +2,9 @@
2# Description: Hierarchical note taking application 2# Description: Hierarchical note taking application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/cherrytree.local 5include cherrytree.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/cherrytree 9noblacklist ${HOME}/.config/cherrytree
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile
index 472841e92..f83052d9a 100644
--- a/etc/chromium-browser.profile
+++ b/etc/chromium-browser.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4# Redirect 4# Redirect
5include /etc/firejail/chromium.profile 5include chromium.profile
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index fc3df86db..e7062c5b8 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -1,23 +1,23 @@
1# Firejail profile for chromium-common 1# Firejail profile for chromium-common
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/chromium-common.local 4include chromium-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9noblacklist ${HOME}/.pki 9noblacklist ${HOME}/.pki
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.pki 16mkdir ${HOME}/.pki
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.pki 18whitelist ${HOME}/.pki
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.keep sys_chroot,sys_admin 23caps.keep sys_chroot,sys_admin
@@ -27,6 +27,7 @@ nodbus
27nodvd 27nodvd
28nogroups 28nogroups
29notv 29notv
30nou2f
30shell none 31shell none
31 32
32disable-mnt 33disable-mnt
diff --git a/etc/chromium.profile b/etc/chromium.profile
index a1488e3e9..dab9ce449 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -2,9 +2,9 @@
2# Description: A web browser built for speed, simplicity, and security 2# Description: A web browser built for speed, simplicity, and security
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/chromium.local 5include chromium.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/chromium 9noblacklist ${HOME}/.cache/chromium
10noblacklist ${HOME}/.config/chromium 10noblacklist ${HOME}/.config/chromium
@@ -19,4 +19,4 @@ whitelist ${HOME}/.config/chromium-flags.conf
19# private-bin chromium,chromium-browser,chromedriver 19# private-bin chromium,chromium-browser,chromedriver
20 20
21# Redirect 21# Redirect
22include /etc/firejail/chromium-common.profile 22include chromium-common.profile
diff --git a/etc/cin.profile b/etc/cin.profile
index 92baef33a..02511c478 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -1,17 +1,17 @@
1# Firejail profile for cin 1# Firejail profile for cin
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cin.local 4include cin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.bcast5 8noblacklist ${HOME}/.bcast5
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
@@ -21,6 +21,7 @@ nodvd
21#nogroups 21#nogroups
22nonewprivs 22nonewprivs
23notv 23notv
24nou2f
24noroot 25noroot
25protocol unix 26protocol unix
26 27
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile
index e6a1941b5..26f782384 100644
--- a/etc/cinelerra.profile
+++ b/etc/cinelerra.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/cin.profile 6include cin.profile
diff --git a/etc/clamav.profile b/etc/clamav.profile
index cf46b8582..a48fa8039 100644
--- a/etc/clamav.profile
+++ b/etc/clamav.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/clamav.local 6include clamav.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10caps.drop all 10caps.drop all
11ipc-namespace 11ipc-namespace
@@ -18,6 +18,7 @@ nonewprivs
18noroot 18noroot
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22protocol unix 23protocol unix
23seccomp 24seccomp
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamdscan.profile
+++ b/etc/clamdscan.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamdtop.profile
+++ b/etc/clamdtop.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamscan.profile
+++ b/etc/clamscan.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamtk.profile b/etc/clamtk.profile
index d916381b2..c3b5f3ce5 100644
--- a/etc/clamtk.profile
+++ b/etc/clamtk.profile
@@ -1,9 +1,9 @@
1# Firejail profile for clamtk 1# Firejail profile for clamtk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/clamtk.local 4include clamtk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8caps.drop all 8caps.drop all
9ipc-namespace 9ipc-namespace
@@ -16,6 +16,7 @@ nonewprivs
16noroot 16noroot
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20protocol unix 21protocol unix
21seccomp 22seccomp
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index f7f0fccca..f0656385f 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -2,19 +2,19 @@
2# Description: Fast, lightweight and user-friendly GTK+2 based email client 2# Description: Fast, lightweight and user-friendly GTK+2 based email client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/claws-mail.local 5include claws-mail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.claws-mail 9noblacklist ${HOME}/.claws-mail
10noblacklist ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11noblacklist ${HOME}/.signature 11noblacklist ${HOME}/.signature
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/clementine.profile b/etc/clementine.profile
index a72bc39cf..147b0de4b 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -2,27 +2,28 @@
2# Description: Modern music player and library organizer 2# Description: Modern music player and library organizer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clementine.local 5include clementine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/Clementine 9noblacklist ${HOME}/.cache/Clementine
10noblacklist ${HOME}/.config/Clementine 10noblacklist ${HOME}/.config/Clementine
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28# blacklisting of ioprio_set system calls breaks clementine 29# blacklisting of ioprio_set system calls breaks clementine
diff --git a/etc/clion.profile b/etc/clion.profile
index bcb18114e..e230a740d 100644
--- a/etc/clion.profile
+++ b/etc/clion.profile
@@ -1,9 +1,9 @@
1# Firejail profile for CLion 1# Firejail profile for CLion
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/clion.local 4include clion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.CLion* 8noblacklist ${HOME}/.CLion*
9noblacklist ${HOME}/.gitconfig 9noblacklist ${HOME}/.gitconfig
@@ -12,9 +12,9 @@ noblacklist ${HOME}/.local/share/JetBrains
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13noblacklist ${HOME}/.tooling 13noblacklist ${HOME}/.tooling
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/clipit.profile b/etc/clipit.profile
index fd6fbd61b..1b3ed8c62 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight GTK+ clipboard manager 2# Description: Lightweight GTK+ clipboard manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clipit.local 5include clipit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/clipit 9noblacklist ${HOME}/.config/clipit
10noblacklist ${HOME}/.local/share/clipit 10noblacklist ${HOME}/.local/share/clipit
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/cliqz.profile b/etc/cliqz.profile
index 4ff96311d..70277f1ce 100644
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@@ -1,9 +1,9 @@
1# Firejail profile for cliqz 1# Firejail profile for cliqz
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cliqz.local 4include cliqz.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/cliqz 8noblacklist ${HOME}/.cache/cliqz
9noblacklist ${HOME}/.config/cliqz 9noblacklist ${HOME}/.config/cliqz
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/cliqz
17#private-etc cliqz 17#private-etc cliqz
18 18
19# Redirect 19# Redirect
20include /etc/firejail/firefox-common.profile 20include firefox-common.profile
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 5744d462b..ee6600b76 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight ncurses audio player 2# Description: Lightweight ncurses audio player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/cmus.local 5include cmus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/cmus 9noblacklist ${HOME}/.config/cmus
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/code.profile b/etc/code.profile
index ab69008f1..6528b63ff 100644
--- a/etc/code.profile
+++ b/etc/code.profile
@@ -1,16 +1,16 @@
1# Firejail profile for Visual Studio Code 1# Firejail profile for Visual Studio Code
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/code.local 4include code.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.vscode 8noblacklist ${HOME}/.vscode
9noblacklist ${HOME}/.config/Code 9noblacklist ${HOME}/.config/Code
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6,netlink 26protocol unix,inet,inet6,netlink
26seccomp 27seccomp
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 2489e2df4..ca38600d1 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -1,14 +1,14 @@
1# Firejail profile for conkeror 1# Firejail profile for conkeror
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/conkeror.local 4include conkeror.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.conkeror.mozdev.org 8noblacklist ${HOME}/.conkeror.mozdev.org
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13whitelist ${HOME}/.conkeror.mozdev.org 13whitelist ${HOME}/.conkeror.mozdev.org
14whitelist ${HOME}/.conkerorrc 14whitelist ${HOME}/.conkerorrc
@@ -21,7 +21,7 @@ whitelist ${HOME}/.vimperatorrc
21whitelist ${HOME}/.zotero 21whitelist ${HOME}/.zotero
22whitelist ${HOME}/Downloads 22whitelist ${HOME}/Downloads
23whitelist ${HOME}/dwhelper 23whitelist ${HOME}/dwhelper
24include /etc/firejail/whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
diff --git a/etc/conky.profile b/etc/conky.profile
index f6d07d6de..846868be2 100644
--- a/etc/conky.profile
+++ b/etc/conky.profile
@@ -2,18 +2,18 @@
2# Description: Highly configurable system monitor 2# Description: Highly configurable system monitor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/conky.local 5include conky.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/corebird.profile b/etc/corebird.profile
index c7f8a8874..bf2e97356 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -2,20 +2,20 @@
2# Description: Native Gtk+ Twitter client for the Linux desktop 2# Description: Native Gtk+ Twitter client for the Linux desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/corebird.local 5include corebird.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/corebird 9noblacklist ${HOME}/.config/corebird
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/cower.profile b/etc/cower.profile
index dcc388f87..ebd83b326 100644
--- a/etc/cower.profile
+++ b/etc/cower.profile
@@ -8,20 +8,20 @@
8quiet 8quiet
9 9
10# Persistent local customizations 10# Persistent local customizations
11include /etc/firejail/cower.local 11include cower.local
12# Persistent global definitions 12# Persistent global definitions
13include /etc/firejail/globals.local 13include globals.local
14 14
15noblacklist ${HOME}/.config/cower/config 15noblacklist ${HOME}/.config/cower/config
16read-only ${HOME}/.config/cower/config 16read-only ${HOME}/.config/cower/config
17 17
18noblacklist /var/lib/pacman 18noblacklist /var/lib/pacman
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/cpio.profile b/etc/cpio.profile
index 3c7d0748c..f63e0a552 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -3,18 +3,18 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/cpio.local 6include cpio.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist /sbin 12noblacklist /sbin
13noblacklist /usr/sbin 13noblacklist /usr/sbin
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile
index 3d3de7268..7a9039ea4 100644
--- a/etc/cryptocat.profile
+++ b/etc/cryptocat.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/Cryptocat.profile 6include Cryptocat.profile
diff --git a/etc/curl.profile b/etc/curl.profile
index e77b8bf4f..d20e00740 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/curl.local 6include curl.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist ${HOME}/.curlrc 12noblacklist ${HOME}/.curlrc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index 81ccbc530..1070b602c 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -1,12 +1,12 @@
1# Firejail profile for cvlc 1# Firejail profile for cvlc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cvlc.local 4include cvlc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# cvlc doesn't like private-bin 8# cvlc doesn't like private-bin
9ignore private-bin 9ignore private-bin
10 10
11# Redirect 11# Redirect
12include /etc/firejail/vlc.profile 12include vlc.profile
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index ce51906ba..fcb448b30 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for cyberfox 1# Firejail profile for cyberfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cyberfox.local 4include cyberfox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.8pecxstudios 8noblacklist ${HOME}/.8pecxstudios
9noblacklist ${HOME}/.cache/8pecxstudios 9noblacklist ${HOME}/.cache/8pecxstudios
@@ -18,4 +18,4 @@ whitelist ${HOME}/.cache/8pecxstudios
18#private-etc cyberfox 18#private-etc cyberfox
19 19
20# Redirect 20# Redirect
21include /etc/firejail/firefox-common.profile 21include firefox-common.profile
diff --git a/etc/darktable.profile b/etc/darktable.profile
index 74144e68e..af834f90b 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -2,20 +2,20 @@
2# Description: Virtual lighttable and darkroom for photographers 2# Description: Virtual lighttable and darkroom for photographers
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/darktable.local 5include darktable.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/darktable 9noblacklist ${HOME}/.cache/darktable
10noblacklist ${HOME}/.config/darktable 10noblacklist ${HOME}/.config/darktable
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 8f5961647..f751b7bb0 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -2,19 +2,19 @@
2# Description: A GTK+ audio player for GNU/Linux 2# Description: A GTK+ audio player for GNU/Linux
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/deadbeef.local 5include deadbeef.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/deadbeef 9noblacklist ${HOME}/.config/deadbeef
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/default.profile b/etc/default.profile
index f8e54c8d3..27feb7dd1 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -1,19 +1,19 @@
1# Firejail profile for default 1# Firejail profile for default
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/default.local 4include default.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# generic gui profile 8# generic gui profile
9# depending on your usage, you can enable some of the commands below: 9# depending on your usage, you can enable some of the commands below:
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12# include /etc/firejail/disable-devel.inc 12# include disable-devel.inc
13# include /etc/firejail/disable-interpreters.inc 13# include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16#include /etc/firejail/disable-xdg.inc 16#include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19# ipc-namespace 19# ipc-namespace
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 27ca036ca..cb8bff07e 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client written in Python/PyGTK 2# Description: BitTorrent client written in Python/PyGTK
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/deluge.local 5include deluge.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/deluge 9noblacklist ${HOME}/.config/deluge
10 10
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18# include /etc/firejail/disable-devel.inc 18# include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.config/deluge 23mkdir ${HOME}/.config/deluge
24whitelist ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25whitelist ${HOME}/.config/deluge 25whitelist ${HOME}/.config/deluge
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30machine-id 30machine-id
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/desktop.profile b/etc/desktop.profile
index 8bfa885a3..bfb1618b2 100644
--- a/etc/desktop.profile
+++ b/etc/desktop.profile
@@ -2,20 +2,20 @@
2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop 2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/github-desktop.local 5include github-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9whitelist ${HOME}/.gitconfig 9whitelist ${HOME}/.gitconfig
10whitelist ${HOME}/.config/GitHub Desktop 10whitelist ${HOME}/.config/GitHub Desktop
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17 17
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index dbfb05798..b3558a038 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -2,17 +2,17 @@
2# Description: Window matching daemon 2# Description: Window matching daemon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/devilspie.local 5include devilspie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.devilspie 9noblacklist ${HOME}/.devilspie
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index 3a9a9659a..4ab2634e8 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -2,17 +2,17 @@
2# Description: Window matching daemon (Lua) 2# Description: Window matching daemon (Lua)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/devilspie2.local 5include devilspie2.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/devilspie2 9noblacklist ${HOME}/.config/devilspie2
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index da59fc71a..b0226f1e9 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dex2jar.local 5include dex2jar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow access to java 9# Allow access to java
10noblacklist ${PATH}/java 10noblacklist ${PATH}/java
@@ -12,14 +12,14 @@ noblacklist /usr/lib/java
12noblacklist /etc/java 12noblacklist /etc/java
13noblacklist /usr/share/java 13noblacklist /usr/share/java
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25net none 25net none
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/dia.profile b/etc/dia.profile
index fdc40980f..a0075acaf 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -2,19 +2,19 @@
2# Description: Diagram editor 2# Description: Diagram editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dia.local 5include dia.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dia 9noblacklist ${HOME}/.dia
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/dig.profile b/etc/dig.profile
index 4b6ab0975..a27ae6be4 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -2,20 +2,20 @@ quiet
2# Firejail profile for dig 2# Firejail profile for dig
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dig.local 5include dig.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11# include /etc/firejail/disable-interpreters.inc 11# include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14#include /etc/firejail/disable-xdg.inc 14#include disable-xdg.inc
15 15
16whitelist ~/.digrc 16whitelist ~/.digrc
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21# ipc-namespace 21# ipc-namespace
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 470f60779..ccc0a6544 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -2,9 +2,9 @@
2# Description: Digital photo management application for KDE 2# Description: Digital photo management application for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/digikam.local 5include digikam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/digikam 9noblacklist ${HOME}/.config/digikam
10noblacklist ${HOME}/.config/digikamrc 10noblacklist ${HOME}/.config/digikamrc
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.kde/share/apps/digikam
12noblacklist ${HOME}/.kde4/share/apps/digikam 12noblacklist ${HOME}/.kde4/share/apps/digikam
13noblacklist ${PICTURES} 13noblacklist ${PICTURES}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 8c3da1b3e..7103d0285 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -2,25 +2,25 @@
2# Description: Small and fast web browser 2# Description: Small and fast web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dillo.local 5include dillo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dillo 9noblacklist ${HOME}/.dillo
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.dillo 17mkdir ${HOME}/.dillo
18mkdir ${HOME}/.fltk 18mkdir ${HOME}/.fltk
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.dillo 20whitelist ${HOME}/.dillo
21whitelist ${HOME}/.fltk 21whitelist ${HOME}/.fltk
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -28,6 +28,7 @@ nodvd
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
33tracelog 34tracelog
diff --git a/etc/dino.profile b/etc/dino.profile
index a39ec8931..9844ce81a 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -1,22 +1,22 @@
1# Firejail profile for dino 1# Firejail profile for dino
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dino.local 4include dino.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/dino 8noblacklist ${HOME}/.local/share/dino
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.local/share/dino 16mkdir ${HOME}/.local/share/dino
17whitelist ${HOME}/.local/share/dino 17whitelist ${HOME}/.local/share/dino
18whitelist ${HOME}/Downloads 18whitelist ${HOME}/Downloads
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ceca17826..e6ba99874 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-common.local 3include disable-common.local
4 4
5# History files in $HOME and clipboard managers 5# History files in $HOME and clipboard managers
6blacklist-nolog ${HOME}/.*_history 6blacklist-nolog ${HOME}/.*_history
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc
index 627856803..5c41692da 100644
--- a/etc/disable-devel.inc
+++ b/etc/disable-devel.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-devel.local 3include disable-devel.local
4 4
5# development tools 5# development tools
6 6
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc
index 0e0caade1..0d5f5737e 100644
--- a/etc/disable-interpreters.inc
+++ b/etc/disable-interpreters.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-interpreters.local 3include disable-interpreters.local
4 4
5# Lua 5# Lua
6blacklist ${PATH}/lua* 6blacklist ${PATH}/lua*
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 6ef11780e..72e1a66ee 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -1,7 +1,8 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-passwdmgr.local 3include disable-passwdmgr.local
4 4
5blacklist ${HOME}/.config/Bitwarden
5blacklist ${HOME}/.config/KeePass 6blacklist ${HOME}/.config/KeePass
6blacklist ${HOME}/.config/keepass 7blacklist ${HOME}/.config/keepass
7blacklist ${HOME}/.config/keepassx 8blacklist ${HOME}/.config/keepassx
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 251362b77..edf3c7be5 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -1,8 +1,9 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-programs.local 3include disable-programs.local
4 4
5blacklist ${HOME}/Monero/wallets 5blacklist ${HOME}/Monero/wallets
6blacklist ${HOME}/Nextcloud/Notes
6blacklist ${HOME}/Standard Notes Backups 7blacklist ${HOME}/Standard Notes Backups
7blacklist ${HOME}/snap 8blacklist ${HOME}/snap
8blacklist ${HOME}/.*coin 9blacklist ${HOME}/.*coin
@@ -52,6 +53,7 @@ blacklist ${HOME}/.config/Beaker Browser
52blacklist ${HOME}/.config/Brackets 53blacklist ${HOME}/.config/Brackets
53blacklist ${HOME}/.config/Clementine 54blacklist ${HOME}/.config/Clementine
54blacklist ${HOME}/.config/Code 55blacklist ${HOME}/.config/Code
56blacklist ${HOME}/.config/Code Industry
55blacklist ${HOME}/.config/Cryptocat 57blacklist ${HOME}/.config/Cryptocat
56blacklist ${HOME}/.config/Franz 58blacklist ${HOME}/.config/Franz
57blacklist ${HOME}/.config/FreeCAD 59blacklist ${HOME}/.config/FreeCAD
@@ -72,7 +74,9 @@ blacklist ${HOME}/.config/Mumble
72blacklist ${HOME}/.config/MusE 74blacklist ${HOME}/.config/MusE
73blacklist ${HOME}/.config/MuseScore 75blacklist ${HOME}/.config/MuseScore
74blacklist ${HOME}/.config/MusicBrainz 76blacklist ${HOME}/.config/MusicBrainz
77blacklist ${HOME}/.config/Nathan Osman
75blacklist ${HOME}/.config/Nylas Mail 78blacklist ${HOME}/.config/Nylas Mail
79blacklist ${HOME}/.config/PBE
76blacklist ${HOME}/.config/Qlipper 80blacklist ${HOME}/.config/Qlipper
77blacklist ${HOME}/.config/QMediathekView 81blacklist ${HOME}/.config/QMediathekView
78blacklist ${HOME}/.config/QuiteRss 82blacklist ${HOME}/.config/QuiteRss
@@ -91,6 +95,7 @@ blacklist ${HOME}/.config/akregatorrc
91blacklist ${HOME}/.config/ardour4 95blacklist ${HOME}/.config/ardour4
92blacklist ${HOME}/.config/ardour5 96blacklist ${HOME}/.config/ardour5
93blacklist ${HOME}/.config/arkrc 97blacklist ${HOME}/.config/arkrc
98blacklist ${HOME}/.config/artha.conf
94blacklist ${HOME}/.config/asunder 99blacklist ${HOME}/.config/asunder
95blacklist ${HOME}/.config/atril 100blacklist ${HOME}/.config/atril
96blacklist ${HOME}/.config/audacious 101blacklist ${HOME}/.config/audacious
@@ -142,6 +147,7 @@ blacklist ${HOME}/.config/ghb
142blacklist ${HOME}/.config/globaltime 147blacklist ${HOME}/.config/globaltime
143blacklist ${HOME}/.config/gnome-mplayer 148blacklist ${HOME}/.config/gnome-mplayer
144blacklist ${HOME}/.config/gnome-mpv 149blacklist ${HOME}/.config/gnome-mpv
150blacklist ${HOME}/.config/gnome-pie
145blacklist ${HOME}/.config/google-chrome 151blacklist ${HOME}/.config/google-chrome
146blacklist ${HOME}/.config/google-chrome-beta 152blacklist ${HOME}/.config/google-chrome-beta
147blacklist ${HOME}/.config/google-chrome-unstable 153blacklist ${HOME}/.config/google-chrome-unstable
@@ -191,6 +197,7 @@ blacklist ${HOME}/.config/nautilus
191blacklist ${HOME}/.config/nemo 197blacklist ${HOME}/.config/nemo
192blacklist ${HOME}/.config/netsurf 198blacklist ${HOME}/.config/netsurf
193blacklist ${HOME}/.config/nheko 199blacklist ${HOME}/.config/nheko
200blacklist ${HOME}/.config/NitroShare
194blacklist ${HOME}/.config/okularpartrc 201blacklist ${HOME}/.config/okularpartrc
195blacklist ${HOME}/.config/okularrc 202blacklist ${HOME}/.config/okularrc
196blacklist ${HOME}/.config/onionshare 203blacklist ${HOME}/.config/onionshare
@@ -368,6 +375,7 @@ blacklist ${HOME}/.local/share/3909/PapersPlease
368blacklist ${HOME}/.local/share/Empathy 375blacklist ${HOME}/.local/share/Empathy
369blacklist ${HOME}/.local/share/JetBrains 376blacklist ${HOME}/.local/share/JetBrains
370blacklist ${HOME}/.local/share/Mumble 377blacklist ${HOME}/.local/share/Mumble
378blacklist ${HOME}/.local/share/PBE
371blacklist ${HOME}/.local/share/QMediathekView 379blacklist ${HOME}/.local/share/QMediathekView
372blacklist ${HOME}/.local/share/QuiteRss 380blacklist ${HOME}/.local/share/QuiteRss
373blacklist ${HOME}/.local/share/Ricochet 381blacklist ${HOME}/.local/share/Ricochet
@@ -458,6 +466,7 @@ blacklist ${HOME}/.local/share/xplayer
458blacklist ${HOME}/.local/share/xreader 466blacklist ${HOME}/.local/share/xreader
459blacklist ${HOME}/.local/share/zathura 467blacklist ${HOME}/.local/share/zathura
460blacklist ${HOME}/.lv2 468blacklist ${HOME}/.lv2
469blacklist ${HOME}/.masterpdfeditor
461blacklist ${HOME}/.mcabber 470blacklist ${HOME}/.mcabber
462blacklist ${HOME}/.mcabberrc 471blacklist ${HOME}/.mcabberrc
463blacklist ${HOME}/.mediathek3 472blacklist ${HOME}/.mediathek3
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc
index 519f00afb..22acf272d 100644
--- a/etc/disable-xdg.inc
+++ b/etc/disable-xdg.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-xdg.local 3include disable-xdg.local
4 4
5blacklist ${DOCUMENTS} 5blacklist ${DOCUMENTS}
6blacklist ${MUSIC} 6blacklist ${MUSIC}
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile
index b6958cbd3..12b5433b2 100644
--- a/etc/discord-canary.profile
+++ b/etc/discord-canary.profile
@@ -1,9 +1,9 @@
1# Firejail profile for discord-canary 1# Firejail profile for discord-canary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord-canary.local 4include discord-canary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discordcanary 9noblacklist ${HOME}/.config/discordcanary
@@ -15,4 +15,4 @@ private-bin discord-canary
15private-opt discord-canary 15private-opt discord-canary
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index babef37b1..9c6a40e8a 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -1,15 +1,15 @@
1# Firejail profile for discord 1# Firejail profile for discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord-common.local 4include discord-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14whitelist ${DOWNLOADS} 14whitelist ${DOWNLOADS}
15 15
@@ -20,6 +20,7 @@ nogroups
20nonewprivs 20nonewprivs
21noroot 21noroot
22notv 22notv
23nou2f
23novideo 24novideo
24protocol unix,inet,inet6,netlink 25protocol unix,inet,inet6,netlink
25seccomp 26seccomp
diff --git a/etc/discord.profile b/etc/discord.profile
index 63aed5eca..62c4a5658 100644
--- a/etc/discord.profile
+++ b/etc/discord.profile
@@ -1,9 +1,9 @@
1# Firejail profile for discord 1# Firejail profile for discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord.local 4include discord.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discord 9noblacklist ${HOME}/.config/discord
@@ -15,4 +15,4 @@ private-bin discord
15private-opt discord 15private-opt discord
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/display.profile b/etc/display.profile
index 41a426375..3182aebbe 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -1,9 +1,9 @@
1# Firejail profile for display 1# Firejail profile for display
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/display.local 4include display.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${PICTURES} 8noblacklist ${PICTURES}
9 9
@@ -13,14 +13,14 @@ noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2* 13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix 35protocol unix
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/dnox.profile b/etc/dnox.profile
index 505884ca6..e02395771 100644
--- a/etc/dnox.profile
+++ b/etc/dnox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for dnox 1# Firejail profile for dnox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dnox.local 4include dnox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/dnox 8noblacklist ${HOME}/.cache/dnox
9noblacklist ${HOME}/.config/dnox 9noblacklist ${HOME}/.config/dnox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/dnox
14whitelist ${HOME}/.config/dnox 14whitelist ${HOME}/.config/dnox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index ce73d7e72..0dc0cc793 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -2,21 +2,21 @@
2# Description: Tool for securing communications between a client and a DNS resolver 2# Description: Tool for securing communications between a client and a DNS resolver
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dnscrypt-proxy.local 5include dnscrypt-proxy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot 21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
22no3d 22no3d
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open 29seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
29 30
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index d68806945..bb41b71d1 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -2,21 +2,21 @@
2# Description: Small caching DNS proxy and DHCP/TFTP server 2# Description: Small caching DNS proxy and DHCP/TFTP server
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dnsmasq.local 5include dnsmasq.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.keep net_admin,net_bind_service,net_raw,setgid,setuid 21caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
22no3d 22no3d
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6,netlink 29protocol unix,inet,inet6,netlink
29seccomp 30seccomp
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index 819998edf..936876ddf 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -2,9 +2,9 @@
2# Description: File manager 2# Description: File manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dolphin.local 5include dolphin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 9# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
10 10
@@ -13,12 +13,12 @@ noblacklist ${HOME}/.local/share/Trash
13# noblacklist ${HOME}/.config/dolphinrc 13# noblacklist ${HOME}/.config/dolphinrc
14# noblacklist ${HOME}/.local/share/dolphin 14# noblacklist ${HOME}/.local/share/dolphin
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files 20# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
21# include /etc/firejail/disable-programs.inc 21# include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
index 4e1227a0f..075a24c92 100644
--- a/etc/dooble-qt4.profile
+++ b/etc/dooble-qt4.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/dooble.profile 6include dooble.profile
diff --git a/etc/dooble.profile b/etc/dooble.profile
index df68a4aef..bc4a4c348 100644
--- a/etc/dooble.profile
+++ b/etc/dooble.profile
@@ -1,23 +1,23 @@
1# Firejail profile for dooble 1# Firejail profile for dooble
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dooble-qt4.local 4include dooble-qt4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.dooble 9noblacklist ${HOME}/.dooble
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.dooble 17mkdir ${HOME}/.dooble
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.dooble 19whitelist ${HOME}/.dooble
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
index 319daf407..17ccc9b9a 100644
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@@ -2,21 +2,21 @@
2# Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS 2# Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dosbox.local 5include dosbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dosbox 9noblacklist ${HOME}/.dosbox
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/dragon.profile b/etc/dragon.profile
index 9f41bf87a..cdf941acd 100644
--- a/etc/dragon.profile
+++ b/etc/dragon.profile
@@ -2,22 +2,22 @@
2# Description: A multimedia player where the focus is on simplicity, instead of features 2# Description: A multimedia player where the focus is on simplicity, instead of features
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dragon.local 5include dragon.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/dragonplayerrc 9noblacklist ${HOME}/.config/dragonplayerrc
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 24b69e118..1b242d422 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -1,19 +1,19 @@
1# Firejail profile for dropbox 1# Firejail profile for dropbox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dropbox.local 4include dropbox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9noblacklist ${HOME}/.dropbox 9noblacklist ${HOME}/.dropbox
10noblacklist ${HOME}/.dropbox-dist 10noblacklist ${HOME}/.dropbox-dist
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.dropbox 18mkdir ${HOME}/.dropbox
19mkdir ${HOME}/.dropbox-dist 19mkdir ${HOME}/.dropbox-dist
@@ -23,7 +23,7 @@ whitelist ${HOME}/.config/autostart/dropbox.desktop
23whitelist ${HOME}/.dropbox 23whitelist ${HOME}/.dropbox
24whitelist ${HOME}/.dropbox-dist 24whitelist ${HOME}/.dropbox-dist
25whitelist ${HOME}/Dropbox 25whitelist ${HOME}/Dropbox
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 6fac08a5d..ddf967e55 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -2,17 +2,17 @@
2# Description: Control your desktop using mouse gestures 2# Description: Control your desktop using mouse gestures
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/easystroke.local 5include easystroke.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.easystroke 9noblacklist ${HOME}/.easystroke
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile
index 1e28b854a..b2fd635b1 100644
--- a/etc/ebook-viewer.profile
+++ b/etc/ebook-viewer.profile
@@ -5,4 +5,4 @@ net none
5nodbus 5nodbus
6 6
7# Redirect 7# Redirect
8include /etc/firejail/calibre.profile 8include calibre.profile
diff --git a/etc/electron.profile b/etc/electron.profile
index ccfde78bb..c24100f17 100644
--- a/etc/electron.profile
+++ b/etc/electron.profile
@@ -2,13 +2,13 @@
2# Description: Build cross platform desktop apps with web technologies 2# Description: Build cross platform desktop apps with web technologies
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/electron.local 5include electron.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-passwdmgr.inc 10include disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
14 14
diff --git a/etc/electrum.profile b/etc/electrum.profile
index b3e1ab36f..d24a31299 100644
--- a/etc/electrum.profile
+++ b/etc/electrum.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight Bitcoin wallet 2# Description: Lightweight Bitcoin wallet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/electrum.local 5include electrum.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.electrum 9noblacklist ${HOME}/.electrum
10 10
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.electrum 24mkdir ${HOME}/.electrum
25whitelist ${HOME}/.electrum 25whitelist ${HOME}/.electrum
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
@@ -37,6 +37,7 @@ nonewprivs
37noroot 37noroot
38nosound 38nosound
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/elinks.profile b/etc/elinks.profile
index bafc19e1a..6643c5fda 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -2,20 +2,20 @@
2# Description: Advanced text-mode WWW browser 2# Description: Advanced text-mode WWW browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/elinks.local 5include elinks.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.elinks 11noblacklist ${HOME}/.elinks
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/emacs.profile b/etc/emacs.profile
index 90b25bfcf..c2057f6fb 100644
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@@ -2,16 +2,16 @@
2# Description: GNU Emacs editor 2# Description: GNU Emacs editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/emacs.local 5include emacs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.emacs 9noblacklist ${HOME}/.emacs
10noblacklist ${HOME}/.emacs.d 10noblacklist ${HOME}/.emacs.d
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 007b51c35..5ca640d30 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -2,15 +2,15 @@
2# Description: GNOME multi-protocol chat and call client 2# Description: GNOME multi-protocol chat and call client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/empathy.local 5include empathy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/enchant-2.profile b/etc/enchant-2.profile
index ba7573289..295d74a38 100644
--- a/etc/enchant-2.profile
+++ b/etc/enchant-2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-2 1# Firejail profile for enchant-2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-2.local 4include enchant-2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant-lsmod-2.profile b/etc/enchant-lsmod-2.profile
index 1b646eef6..991ea63ef 100644
--- a/etc/enchant-lsmod-2.profile
+++ b/etc/enchant-lsmod-2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-lsmod-2 1# Firejail profile for enchant-lsmod-2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-lsmod-2.local 4include enchant-lsmod-2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant-lsmod.profile b/etc/enchant-lsmod.profile
index 3452b0421..d7bcae6a0 100644
--- a/etc/enchant-lsmod.profile
+++ b/etc/enchant-lsmod.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-lsmod 1# Firejail profile for enchant-lsmod
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-lsmod.local 4include enchant-lsmod.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant.profile b/etc/enchant.profile
index cf7d76b4c..e29e542ab 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -2,18 +2,18 @@
2# Description: Wrapper for various spell checker engines 2# Description: Wrapper for various spell checker engines
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/enchant.local 5include enchant.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index eaf246d3c..b9f2632c4 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -2,17 +2,17 @@
2# Description: Archive manager for MATE 2# Description: Archive manager for MATE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/engrampa.local 5include engrampa.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17apparmor 17apparmor
18caps.drop all 18caps.drop all
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/enox.profile b/etc/enox.profile
index 46f409346..d8ac8b24a 100644
--- a/etc/enox.profile
+++ b/etc/enox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enox 1# Firejail profile for enox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enox.local 4include enox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/Enox 8noblacklist ${HOME}/.cache/Enox
9noblacklist ${HOME}/.config/Enox 9noblacklist ${HOME}/.config/Enox
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/Enox
16whitelist ${HOME}/.config/Enox 16whitelist ${HOME}/.config/Enox
17 17
18# Redirect 18# Redirect
19include /etc/firejail/chromium-common.profile 19include chromium-common.profile
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 3a30f8b04..3208c9454 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -1,20 +1,20 @@
1# This file is overwritten after every install/update. 1# This file is overwritten after every install/update.
2# Persistent local customisations 2# Persistent local customisations
3include /etc/firejail/enpass.local 3include enpass.local
4# Persistent global definitions 4# Persistent global definitions
5include /etc/firejail/globals.local 5include globals.local
6 6
7noblacklist ${HOME}/.config/Sinew Software Systems 7noblacklist ${HOME}/.config/Sinew Software Systems
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20machine-id 20machine-id
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/eog.profile b/etc/eog.profile
index 017fe5c75..8cb64009c 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -2,22 +2,22 @@
2# Description: Eye of GNOME graphics viewer program 2# Description: Eye of GNOME graphics viewer program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/eog.local 5include eog.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.config/eog 10noblacklist ${HOME}/.config/eog
11noblacklist ${HOME}/.local/share/Trash 11noblacklist ${HOME}/.local/share/Trash
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22# apparmor - makes settings immutable 22# apparmor - makes settings immutable
23caps.drop all 23caps.drop all
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/eom.profile b/etc/eom.profile
index a0ce712c8..7d84cd3b4 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -2,22 +2,22 @@
2# Description: Eye of MATE graphics viewer program 2# Description: Eye of MATE graphics viewer program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/eom.local 5include eom.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.config/mate/eom 10noblacklist ${HOME}/.config/mate/eom
11noblacklist ${HOME}/.local/share/Trash 11noblacklist ${HOME}/.local/share/Trash
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22# apparmor - makes settings immutable 22# apparmor - makes settings immutable
23caps.drop all 23caps.drop all
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
index b04cf72b4..6868ca391 100644
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@@ -2,18 +2,18 @@
2# Description: Clone of Boulder Dash game 2# Description: Clone of Boulder Dash game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/epiphany.local 5include epiphany.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/epiphany 9noblacklist ${HOME}/.cache/epiphany
10noblacklist ${HOME}/.config/epiphany 10noblacklist ${HOME}/.config/epiphany
11noblacklist ${HOME}/.local/share/epiphany 11noblacklist ${HOME}/.local/share/epiphany
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/epiphany 18mkdir ${HOME}/.cache/epiphany
19mkdir ${HOME}/.config/epiphany 19mkdir ${HOME}/.config/epiphany
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/epiphany 22whitelist ${HOME}/.cache/epiphany
23whitelist ${HOME}/.config/epiphany 23whitelist ${HOME}/.config/epiphany
24whitelist ${HOME}/.local/share/epiphany 24whitelist ${HOME}/.local/share/epiphany
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/etr.profile b/etc/etr.profile
index 5c01636cc..6c3db897b 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -1,20 +1,20 @@
1# Firejail profile for etr 1# Firejail profile for etr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/etr.local 4include etr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.etr 8noblacklist ${HOME}/.etr
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14mkdir ${HOME}/.etr 14mkdir ${HOME}/.etr
15whitelist ${HOME}/.etr 15whitelist ${HOME}/.etr
16include /etc/firejail/whitelist-common.inc 16include whitelist-common.inc
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27protocol unix,netlink 28protocol unix,netlink
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile
index d5bc6db33..e43bb2da8 100644
--- a/etc/evince-previewer.profile
+++ b/etc/evince-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for evince-previewer 1# Firejail profile for evince-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/evince-previewer.local 4include evince-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/evince.profile 10include evince.profile
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile
index abc21632d..4036e1ecb 100644
--- a/etc/evince-thumbnailer.profile
+++ b/etc/evince-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for evince-thumbnailer 1# Firejail profile for evince-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/evince-thumbnailer.local 4include evince-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/evince.profile 10include evince.profile
diff --git a/etc/evince.profile b/etc/evince.profile
index ea46ccc40..1702daeff 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -2,21 +2,21 @@
2# Description: Document (PostScript, PDF) viewer 2# Description: Document (PostScript, PDF) viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/evince.local 5include evince.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/evince 9noblacklist ${HOME}/.config/evince
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/evolution.profile b/etc/evolution.profile
index f691b3c3d..1cce0656c 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -2,9 +2,9 @@
2# Description: Groupware suite with mail client and organizer 2# Description: Groupware suite with mail client and organizer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/evolution.local 5include evolution.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist /var/mail 9noblacklist /var/mail
10noblacklist /var/spool/mail 10noblacklist /var/spool/mail
@@ -15,11 +15,11 @@ noblacklist ${HOME}/.gnupg
15noblacklist ${HOME}/.local/share/evolution 15noblacklist ${HOME}/.local/share/evolution
16noblacklist ${HOME}/.pki 16noblacklist ${HOME}/.pki
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 2666397f4..3eac35bac 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/exiftool.local 5include exiftool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -13,11 +13,11 @@ noblacklist ${PATH}/perl
13noblacklist /usr/lib/perl* 13noblacklist /usr/lib/perl*
14noblacklist /usr/share/perl* 14noblacklist /usr/share/perl*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23net none 23net none
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/falkon.profile b/etc/falkon.profile
index 41e1386dd..9fd446fe1 100644
--- a/etc/falkon.profile
+++ b/etc/falkon.profile
@@ -2,24 +2,24 @@
2# Description: Lightweight web browser based on Qt WebEngine 2# Description: Lightweight web browser based on Qt WebEngine
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/falkon.local 5include falkon.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/falkon 9noblacklist ${HOME}/.cache/falkon
10noblacklist ${HOME}/.config/falkon 10noblacklist ${HOME}/.config/falkon
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/falkon 19whitelist ${HOME}/.cache/falkon
20whitelist ${HOME}/.config/falkon 20whitelist ${HOME}/.config/falkon
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32# blacklisting of chroot system calls breaks falkon 33# blacklisting of chroot system calls breaks falkon
33seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 34seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index c5afde9ec..701f14dce 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -2,21 +2,21 @@
2# Description: E-book reader 2# Description: E-book reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fbreader.local 5include fbreader.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.FBReader 9noblacklist ${HOME}/.FBReader
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/feh.profile b/etc/feh.profile
index 197581ae7..ddf0fa154 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -2,15 +2,15 @@
2# Description: imlib2 based image viewer 2# Description: imlib2 based image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/feh.local 5include feh.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix 27protocol unix
27seccomp 28seccomp
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile
index d9b347d70..46d0bd08e 100644
--- a/etc/fetchmail.profile
+++ b/etc/fetchmail.profile
@@ -2,18 +2,18 @@
2# Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder 2# Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fetchmail.local 5include fetchmail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.fetchmailrc 9noblacklist ${HOME}/.fetchmailrc
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index 09574ffb7..8aa6198df 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/ffmpeg.local 6include ffmpeg.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -22,6 +22,7 @@ nodbus
22nodvd 22nodvd
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26nonewprivs 27nonewprivs
27noroot 28noroot
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 11883f03e..d79b4de4b 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -2,17 +2,17 @@
2# Description: Archive manager for GNOME 2# Description: Archive manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/file-roller.local 5include file-roller.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17apparmor 17apparmor
18caps.drop all 18caps.drop all
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/file.profile b/etc/file.profile
index fbeea83a8..daf2a524e 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -3,15 +3,15 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/file.local 6include file.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17hostname file 17hostname file
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 7a5ad4301..2e77937ea 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -2,9 +2,9 @@
2# Description: Full-featured graphical FTP/FTPS/SFTP client 2# Description: Full-featured graphical FTP/FTPS/SFTP client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/filezilla.local 5include filezilla.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/filezilla 9noblacklist ${HOME}/.config/filezilla
10noblacklist ${HOME}/.filezilla 10noblacklist ${HOME}/.filezilla
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile
index f9924fee5..ee158703d 100644
--- a/etc/firefox-beta.profile
+++ b/etc/firefox-beta.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-beta 1# Firejail profile for firefox-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-beta.local 4include firefox-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc
index f5fd4aa5b..7a0c3e99f 100644
--- a/etc/firefox-common-addons.inc
+++ b/etc/firefox-common-addons.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/firefox-common-addons.local 3include firefox-common-addons.local
4 4
5noblacklist ${HOME}/.config/kgetrc 5noblacklist ${HOME}/.config/kgetrc
6noblacklist ${HOME}/.config/okularpartrc 6noblacklist ${HOME}/.config/okularpartrc
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 8ed26e22f..253f1b3bd 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -1,26 +1,26 @@
1# Firejail profile for firefox-common 1# Firejail profile for firefox-common
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-common.local 4include firefox-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# uncomment the following line to allow access to common programs/addons/plugins 9# uncomment the following line to allow access to common programs/addons/plugins
10#include /etc/firejail/firefox-common-addons.inc 10#include firefox-common-addons.inc
11 11
12noblacklist ${HOME}/.pki 12noblacklist ${HOME}/.pki
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.pki 19mkdir ${HOME}/.pki
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.pki 21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
26caps.drop all 26caps.drop all
@@ -35,6 +35,7 @@ nogroups
35nonewprivs 35nonewprivs
36noroot 36noroot
37notv 37notv
38nou2f
38protocol unix,inet,inet6,netlink 39protocol unix,inet,inet6,netlink
39seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 40seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
40shell none 41shell none
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile
index 7458d9e10..56a0485cb 100644
--- a/etc/firefox-developer-edition.profile
+++ b/etc/firefox-developer-edition.profile
@@ -2,10 +2,10 @@
2# Description: Developer Edition of the popular Firefox web browser 2# Description: Developer Edition of the popular Firefox web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/firefox-developer-edition.local 5include firefox-developer-edition.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/firefox.profile 11include firefox.profile
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile
index 9821c7150..0ba04d9c1 100644
--- a/etc/firefox-esr.profile
+++ b/etc/firefox-esr.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-esr 1# Firejail profile for firefox-esr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-esr.local 4include firefox-esr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile
index 302f6eb24..6f3838e33 100644
--- a/etc/firefox-nightly.profile
+++ b/etc/firefox-nightly.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-nightly 1# Firejail profile for firefox-nightly
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-nightly.local 4include firefox-nightly.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile
index 806d50e31..e47ca32f9 100644
--- a/etc/firefox-wayland.profile
+++ b/etc/firefox-wayland.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-wayland 1# Firejail profile for firefox-wayland
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-wayland.local 4include firefox-wayland.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox.profile b/etc/firefox.profile
index c968e964e..830bbc6a7 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -2,9 +2,9 @@
2# Description: Safe and easy web browser from Mozilla 2# Description: Safe and easy web browser from Mozilla
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/firefox.local 5include firefox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
@@ -20,4 +20,4 @@ whitelist ${HOME}/.mozilla
20#private-etc firefox 20#private-etc firefox
21 21
22# Redirect 22# Redirect
23include /etc/firejail/firefox-common.profile 23include firefox-common.profile
diff --git a/etc/firejail.config b/etc/firejail.config
index 91a03f095..d7106e76c 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -22,7 +22,8 @@
22# dbus yes 22# dbus yes
23 23
24# Disable /mnt, /media, /run/mount and /run/media access. By default access 24# Disable /mnt, /media, /run/mount and /run/media access. By default access
25# to these directories is enabled. 25# to these directories is enabled. Unlike --disable-mnt profile option this
26# cannot be overridden by --noblacklist.
26# disable-mnt no 27# disable-mnt no
27 28
28# Enable or disable file transfer support, default enabled. 29# Enable or disable file transfer support, default enabled.
diff --git a/etc/flameshot.profile b/etc/flameshot.profile
index e4987280a..32e416b34 100644
--- a/etc/flameshot.profile
+++ b/etc/flameshot.profile
@@ -2,18 +2,18 @@
2# Description: Powerful yet simple-to-use screenshot software 2# Description: Powerful yet simple-to-use screenshot software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/flameshot.local 5include flameshot.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index 63f9d19a9..b841bce75 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -1,9 +1,9 @@
1# Firejail profile for flashpeak-slimjet 1# Firejail profile for flashpeak-slimjet
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/flashpeak-slimjet.local 4include flashpeak-slimjet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/slimjet 8noblacklist ${HOME}/.cache/slimjet
9noblacklist ${HOME}/.config/slimjet 9noblacklist ${HOME}/.config/slimjet
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/slimjet
14whitelist ${HOME}/.config/slimjet 14whitelist ${HOME}/.config/slimjet
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index bc95a2b51..4628b85ee 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -2,9 +2,9 @@
2# Description: Non-linear video editor 2# Description: Non-linear video editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/flowblade.local 5include flowblade.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/flowblade 9noblacklist ${HOME}/.config/flowblade
10noblacklist ${HOME}/.flowblade 10noblacklist ${HOME}/.flowblade
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile
index 5fafef95a..c296c0491 100644
--- a/etc/fluxbox.profile
+++ b/etc/fluxbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fluxbox.local 5include fluxbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.fluxbox 10noblacklist ${HOME}/.fluxbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
index 2ae80964d..2a833de06 100644
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@@ -2,9 +2,9 @@
2# Description: Font editor 2# Description: Font editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fontforge.local 5include fontforge.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.FontForge 9noblacklist ${HOME}/.FontForge
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/fossamail.profile b/etc/fossamail.profile
index 4316c0988..e821f6f65 100644
--- a/etc/fossamail.profile
+++ b/etc/fossamail.profile
@@ -1,9 +1,9 @@
1# Firejail profile for fossamail 1# Firejail profile for fossamail
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/fossamail.local 4include fossamail.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/fossamail 8noblacklist ${HOME}/.cache/fossamail
9noblacklist ${HOME}/.fossamail 9noblacklist ${HOME}/.fossamail
@@ -15,8 +15,8 @@ mkdir ${HOME}/.gnupg
15whitelist ${HOME}/.cache/fossamail 15whitelist ${HOME}/.cache/fossamail
16whitelist ${HOME}/.fossamail 16whitelist ${HOME}/.fossamail
17whitelist ${HOME}/.gnupg 17whitelist ${HOME}/.gnupg
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20# allow browsers 20# allow browsers
21# Redirect 21# Redirect
22include /etc/firejail/firefox.profile 22include firefox.profile
diff --git a/etc/franz.profile b/etc/franz.profile
index fbe1c0f65..5ce8954c4 100644
--- a/etc/franz.profile
+++ b/etc/franz.profile
@@ -1,18 +1,18 @@
1# Firejail profile for franz 1# Firejail profile for franz
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/franz.local 4include franz.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/Franz 8noblacklist ${HOME}/.cache/Franz
9noblacklist ${HOME}/.config/Franz 9noblacklist ${HOME}/.config/Franz
10noblacklist ${HOME}/.pki 10noblacklist ${HOME}/.pki
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/Franz 17mkdir ${HOME}/.cache/Franz
18mkdir ${HOME}/.config/Franz 18mkdir ${HOME}/.config/Franz
@@ -21,7 +21,7 @@ whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/Franz 21whitelist ${HOME}/.cache/Franz
22whitelist ${HOME}/.config/Franz 22whitelist ${HOME}/.config/Franz
23whitelist ${HOME}/.pki 23whitelist ${HOME}/.pki
24include /etc/firejail/whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33protocol unix,inet,inet6,netlink 34protocol unix,inet,inet6,netlink
34seccomp 35seccomp
35shell none 36shell none
diff --git a/etc/freecad.profile b/etc/freecad.profile
index 934f1d0fb..11fe3245c 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -2,19 +2,19 @@
2# Description: Extensible Open Source CAx program 2# Description: Extensible Open Source CAx program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/freecad.local 5include freecad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/FreeCAD 9noblacklist ${HOME}/.config/FreeCAD
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile
index f8bbff593..d98b05e65 100644
--- a/etc/freecadcmd.profile
+++ b/etc/freecadcmd.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/freecad.profile 6include freecad.profile
diff --git a/etc/freshclam.profile b/etc/freshclam.profile
index 4e224dd3e..2dd55d8cc 100644
--- a/etc/freshclam.profile
+++ b/etc/freshclam.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clamav.local 5include clamav.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10caps.keep setgid,setuid 10caps.keep setgid,setuid
@@ -16,6 +16,7 @@ nogroups
16nonewprivs 16nonewprivs
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20protocol unix,inet,inet6 21protocol unix,inet,inet6
21seccomp 22seccomp
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 279e5d403..3697252e7 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -2,22 +2,22 @@
2# Description: Cool game where you pop out the bubbles 2# Description: Cool game where you pop out the bubbles
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/frozen-bubble.local 5include frozen-bubble.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.frozen-bubble 9noblacklist ${HOME}/.frozen-bubble
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.frozen-bubble 17mkdir ${HOME}/.frozen-bubble
18whitelist ${HOME}/.frozen-bubble 18whitelist ${HOME}/.frozen-bubble
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23net none 23net none
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30protocol unix,netlink 31protocol unix,netlink
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 90ba59954..b60437c6e 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -2,9 +2,9 @@
2# Description: GTK+-based Jabber client 2# Description: GTK+-based Jabber client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gajim.local 5include gajim.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gajim 9noblacklist ${HOME}/.cache/gajim
10noblacklist ${HOME}/.config/gajim 10noblacklist ${HOME}/.config/gajim
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16noblacklist /usr/lib64/python3* 16noblacklist /usr/lib64/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.cache/gajim 24mkdir ${HOME}/.cache/gajim
25mkdir ${HOME}/.config/gajim 25mkdir ${HOME}/.config/gajim
@@ -29,7 +29,7 @@ whitelist ${HOME}/.cache/gajim
29whitelist ${HOME}/.config/gajim 29whitelist ${HOME}/.config/gajim
30whitelist ${HOME}/.local/share/gajim 30whitelist ${HOME}/.local/share/gajim
31whitelist ${HOME}/Downloads 31whitelist ${HOME}/Downloads
32include /etc/firejail/whitelist-common.inc 32include whitelist-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
@@ -38,6 +38,7 @@ nogroups
38nonewprivs 38nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
43 44
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 699fb7d78..323c880a8 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -2,22 +2,22 @@
2# Description: Scientific calculator 2# Description: Scientific calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/galculator.local 5include galculator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/galculator 9noblacklist ${HOME}/.config/galculator
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/galculator 17mkdir ${HOME}/.config/galculator
18whitelist ${HOME}/.config/galculator 18whitelist ${HOME}/.config/galculator
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
index 195dc9302..5aa73b38f 100644
--- a/etc/gcloud.profile
+++ b/etc/gcloud.profile
@@ -1,17 +1,17 @@
1# Firejail profile for gcloud 1# Firejail profile for gcloud
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gcloud.local 4include gcloud.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.boto 8noblacklist ${HOME}/.boto
9noblacklist ${HOME}/.config/gcloud 9noblacklist ${HOME}/.config/gcloud
10noblacklist /var/run/docker.sock 10noblacklist /var/run/docker.sock
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16apparmor 16apparmor
17caps.drop all 17caps.drop all
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/geany.profile b/etc/geany.profile
index d69bca1ad..a236ea2c5 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -2,15 +2,15 @@
2# Description: Fast and lightweight IDE 2# Description: Fast and lightweight IDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geany.local 5include geany.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/geany 9noblacklist ${HOME}/.config/geany
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/geary.profile b/etc/geary.profile
index 735206da2..a21eed9f1 100644
--- a/etc/geary.profile
+++ b/etc/geary.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight email client designed for the GNOME desktop 2# Description: Lightweight email client designed for the GNOME desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geary.local 5include geary.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Users have Geary set to open a browser by clicking a link in an email 9# Users have Geary set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
@@ -20,7 +20,7 @@ whitelist ${HOME}/.gnupg
20whitelist ${HOME}/.config/geary 20whitelist ${HOME}/.config/geary
21whitelist ${HOME}/.local/share/geary 21whitelist ${HOME}/.local/share/geary
22 22
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25ignore nodbus 25ignore nodbus
26ignore private-tmp 26ignore private-tmp
@@ -29,4 +29,4 @@ read-only ${HOME}/.config/mimeapps.list
29 29
30# allow browsers 30# allow browsers
31# Redirect 31# Redirect
32include /etc/firejail/firefox.profile 32include firefox.profile
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 1a4d9634a..d537f1294 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -2,21 +2,21 @@
2# Description: Official text editor of the GNOME desktop environment 2# Description: Official text editor of the GNOME desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gedit.local 5include gedit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10noblacklist ${HOME}/.config/gedit 10noblacklist ${HOME}/.config/gedit
11noblacklist ${HOME}/.gitconfig 11noblacklist ${HOME}/.gitconfig
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14# include /etc/firejail/disable-devel.inc 14# include disable-devel.inc
15# include /etc/firejail/disable-interpreters.inc 15# include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/geeqie.profile b/etc/geeqie.profile
index 3fbe245d6..a7d82b5fb 100644
--- a/etc/geeqie.profile
+++ b/etc/geeqie.profile
@@ -2,19 +2,19 @@
2# Description: Image viewer using GTK+ 2# Description: Image viewer using GTK+
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geeqie.local 5include geeqie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/geeqie 9noblacklist ${HOME}/.cache/geeqie
10noblacklist ${HOME}/.config/geeqie 10noblacklist ${HOME}/.config/geeqie
11noblacklist ${HOME}/.local/share/geeqie 11noblacklist ${HOME}/.local/share/geeqie
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/ghb.profile b/etc/ghb.profile
index de6244a32..1cb09ddde 100644
--- a/etc/ghb.profile
+++ b/etc/ghb.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/handbrake.profile 6include handbrake.profile
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile
index a4e04af20..d42307710 100644
--- a/etc/gimp-2.10.profile
+++ b/etc/gimp-2.10.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gimp.profile 6include gimp.profile
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile
index a4e04af20..d42307710 100644
--- a/etc/gimp-2.8.profile
+++ b/etc/gimp-2.8.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gimp.profile 6include gimp.profile
diff --git a/etc/gimp.profile b/etc/gimp.profile
index fa27d2cea..9b14b1fe8 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -2,21 +2,21 @@
2# Description: GNU Image Manipulation Program 2# Description: GNU Image Manipulation Program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gimp.local 5include gimp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.gimp* 10noblacklist ${HOME}/.gimp*
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12noblacklist ${PICTURES} 12noblacklist ${PICTURES}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21apparmor 21apparmor
22caps.drop all 22caps.drop all
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31protocol unix 32protocol unix
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/git.profile b/etc/git.profile
index 9c8d22fd3..7d4392c80 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/git.local 6include git.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -17,9 +17,9 @@ noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.vim 17noblacklist ${HOME}/.vim
18noblacklist ${HOME}/.viminfo 18noblacklist ${HOME}/.viminfo
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 87d8c0a1f..f6d78cc54 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -2,21 +2,21 @@
2# Description: Git repository viewer 2# Description: Git repository viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gitg.local 5include gitg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.gitconfig 9noblacklist ${HOME}/.gitconfig
10noblacklist ${HOME}/.local/share/gitg 10noblacklist ${HOME}/.local/share/gitg
11noblacklist ${HOME}/.ssh 11noblacklist ${HOME}/.ssh
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22no3d 22no3d
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/gitter.profile b/etc/gitter.profile
index b5bedb66d..d8439fa79 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -1,23 +1,23 @@
1# Firejail profile for gitter 1# Firejail profile for gitter
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gitter.local 4include gitter.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9noblacklist ${HOME}/.config/Gitter 9noblacklist ${HOME}/.config/Gitter
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/autostart 18whitelist ${HOME}/.config/autostart
19whitelist ${HOME}/.config/Gitter 19whitelist ${HOME}/.config/Gitter
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23machine-id 23machine-id
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/gjs.profile b/etc/gjs.profile
index a603ad695..9c7aa5700 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -2,9 +2,9 @@
2# Description: Mozilla-based javascript bindings for the GNOME platform 2# Description: Mozilla-based javascript bindings for the GNOME platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gjs.local 5include gjs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.cache/org.gnome.Books
13noblacklist ${HOME}/.config/libreoffice 13noblacklist ${HOME}/.config/libreoffice
14noblacklist ${HOME}/.local/share/gnome-photos 14noblacklist ${HOME}/.local/share/gnome-photos
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
index e414abf8c..c007fb0cc 100644
--- a/etc/globaltime.profile
+++ b/etc/globaltime.profile
@@ -1,18 +1,18 @@
1# Firejail profile for globaltime 1# Firejail profile for globaltime
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/globaltime.local 4include globaltime.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/globaltime 8noblacklist ${HOME}/.config/globaltime
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile
index 62b67b942..ce83fbb66 100644
--- a/etc/gnome-2048.profile
+++ b/etc/gnome-2048.profile
@@ -2,23 +2,23 @@
2# Description: Sliding tile puzzle game 2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-2048.local 5include gnome-2048.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-2048 9noblacklist ${HOME}/.local/share/gnome-2048
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19mkdir ${HOME}/.local/share/gnome-2048 19mkdir ${HOME}/.local/share/gnome-2048
20whitelist ${HOME}/.local/share/gnome-2048 20whitelist ${HOME}/.local/share/gnome-2048
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -26,6 +26,7 @@ nodvd
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
index 6fc2671d8..c748cf7e3 100644
--- a/etc/gnome-books.profile
+++ b/etc/gnome-books.profile
@@ -1,23 +1,23 @@
1# Firejail profile for gnome-books 1# Firejail profile for gnome-books
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gnome-books.local 4include gnome-books.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
9 9
10noblacklist ${HOME}/.cache/org.gnome.Books 10noblacklist ${HOME}/.cache/org.gnome.Books
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index 3b7e3d53a..dffe16263 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -2,14 +2,14 @@
2# Description: IDE for GNOME 2# Description: IDE for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-builder.local 5include gnome-builder.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15ipc-namespace 15ipc-namespace
@@ -19,6 +19,7 @@ nogroups
19nonewprivs 19nonewprivs
20noroot 20noroot
21notv 21notv
22nou2f
22novideo 23novideo
23protocol unix,inet,inet6 24protocol unix,inet,inet6
24seccomp 25seccomp
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 315564ee5..7974211c7 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/gnome-calculator.local 6include gnome-calculator.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20# apparmor - makes settings immutable 20# apparmor - makes settings immutable
21caps.drop all 21caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index 74194cb33..fbd8c22c0 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -2,20 +2,20 @@
2# Description: Simple chess game 2# Description: Simple chess game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-chess.local 5include gnome-chess.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-chess 9noblacklist ${HOME}/.local/share/gnome-chess
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21no3d 21no3d
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index a914c302f..54356a1b7 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -2,19 +2,19 @@
2# Description: Simple GNOME app with stopwatch, timer, and world clock support 2# Description: Simple GNOME app with stopwatch, timer, and world clock support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-clocks.local 5include gnome-clocks.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile
index 91593c89b..2a13b3b27 100644
--- a/etc/gnome-contacts.profile
+++ b/etc/gnome-contacts.profile
@@ -2,21 +2,21 @@
2# Description: Contacts manager for GNOME 2# Description: Contacts manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-contacts.local 5include gnome-contacts.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
index 44886d562..36b69ce90 100644
--- a/etc/gnome-documents.profile
+++ b/etc/gnome-documents.profile
@@ -2,21 +2,21 @@
2# Description: Document manager for GNOME 2# Description: Document manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-documents.local 5include gnome-documents.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.config/libreoffice 11noblacklist ${HOME}/.config/libreoffice
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile
index e11d6eb5d..c616b7381 100644
--- a/etc/gnome-font-viewer.profile
+++ b/etc/gnome-font-viewer.profile
@@ -2,19 +2,19 @@
2# Description: Font viewer for GNOME 2# Description: Font viewer for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-font-viewer.local 5include gnome-font-viewer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index edb895794..f89684219 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -2,19 +2,19 @@
2# Description: Viewer for the systemd journal 2# Description: Viewer for the systemd journal
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-logs.local 5include gnome-logs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16whitelist /var/log/journal 16whitelist /var/log/journal
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
index f8ff61d84..d27d90d29 100644
--- a/etc/gnome-maps.profile
+++ b/etc/gnome-maps.profile
@@ -2,22 +2,22 @@
2# Description: Map application for GNOME 2# Description: Map application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-maps.local 5include gnome-maps.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.cache/champlain 11noblacklist ${HOME}/.cache/champlain
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 9ba4969e5..3dd623ea9 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -2,25 +2,26 @@
2# Description: GTK/Gnome interface around MPlayer 2# Description: GTK/Gnome interface around MPlayer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-mplayer.local 5include gnome-mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-mplayer 9noblacklist ${HOME}/.config/gnome-mplayer
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21nogroups 21nogroups
22nonewprivs 22nonewprivs
23noroot 23noroot
24nou2f
24protocol unix,inet,inet6 25protocol unix,inet,inet6
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile
index 84a70c4c5..ffb04add1 100644
--- a/etc/gnome-mpv.profile
+++ b/etc/gnome-mpv.profile
@@ -2,28 +2,29 @@
2# Description: Simple GTK+ frontend for mpv 2# Description: Simple GTK+ frontend for mpv
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-mpv.local 5include gnome-mpv.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-mpv 9noblacklist ${HOME}/.config/gnome-mpv
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23nodbus 23nodbus
24nogroups 24nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27nou2f
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index 819c40c98..54e055358 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -2,9 +2,9 @@
2# Description: GNOME music player 2# Description: GNOME music player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-music.local 5include gnome-music.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-music 9noblacklist ${HOME}/.local/share/gnome-music
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index 5a3ac53d8..2e3356607 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -2,21 +2,21 @@
2# Description: Access, organize and share your photos with GNOME 2# Description: Access, organize and share your photos with GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-photos.local 5include gnome-photos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.local/share/gnome-photos 11noblacklist ${HOME}/.local/share/gnome-photos
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29protocol unix 30protocol unix
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile
new file mode 100644
index 000000000..cef741eb3
--- /dev/null
+++ b/etc/gnome-pie.profile
@@ -0,0 +1,43 @@
1# Firejail profile for gnome-pie
2# Description: Alternative AppMenu
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-pie.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/gnome-pie
10
11#include disable-common.inc
12include disable-devel.inc
13#include disable-interpreters.inc
14include disable-passwdmgr.inc
15#include disable-programs.inc
16
17caps.drop all
18ipc-namespace
19machine-id
20net none
21no3d
22nodvd
23nogroups
24nonewprivs
25noroot
26nosound
27notv
28nou2f
29novideo
30protocol unix
31seccomp
32shell none
33
34disable-mnt
35private-cache
36private-dev
37private-etc fonts
38private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
39private-tmp
40
41memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index ed6d341eb..761c604ff 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -2,23 +2,23 @@
2# Description: Recipe application for GNOME 2# Description: Recipe application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-recipes.local 5include gnome-recipes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.local/share/gnome-recipes 10noblacklist ${HOME}/.local/share/gnome-recipes
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/gnome-recipes 18mkdir ${HOME}/.cache/gnome-recipes
19whitelist ${HOME}/.cache/gnome-recipes 19whitelist ${HOME}/.cache/gnome-recipes
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile
index cbc79320e..f660df690 100644
--- a/etc/gnome-ring.profile
+++ b/etc/gnome-ring.profile
@@ -1,19 +1,19 @@
1# Firejail profile for gnome-ring 1# Firejail profile for gnome-ring
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gnome-ring.local 4include gnome-ring.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/gnome-ring 8noblacklist ${HOME}/.local/share/gnome-ring
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile
index e670ba22f..4b54d9627 100644
--- a/etc/gnome-twitch.profile
+++ b/etc/gnome-twitch.profile
@@ -2,24 +2,24 @@
2# Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash 2# Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-twitch.local 5include gnome-twitch.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gnome-twitch 9noblacklist ${HOME}/.cache/gnome-twitch
10noblacklist ${HOME}/.local/share/gnome-twitch 10noblacklist ${HOME}/.local/share/gnome-twitch
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/gnome-twitch 18mkdir ${HOME}/.cache/gnome-twitch
19mkdir ${HOME}/.local/share/gnome-twitch 19mkdir ${HOME}/.local/share/gnome-twitch
20whitelist ${HOME}/.cache/gnome-twitch 20whitelist ${HOME}/.cache/gnome-twitch
21whitelist ${HOME}/.local/share/gnome-twitch 21whitelist ${HOME}/.local/share/gnome-twitch
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25nodvd 25nodvd
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
index 4d28278b1..6b5f5480d 100644
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@@ -2,22 +2,22 @@
2# Description: Access current conditions and forecasts 2# Description: Access current conditions and forecasts
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-weather.local 5include gnome-weather.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.cache/libgweather 11noblacklist ${HOME}/.cache/libgweather
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/goobox.profile b/etc/goobox.profile
index ba949f1c9..3cc159eb2 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -2,18 +2,18 @@
2# Description: CD player and ripper with GNOME 3 integration 2# Description: CD player and ripper with GNOME 3 integration
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/goobox.local 5include goobox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -22,6 +22,7 @@ nogroups
22nonewprivs 22nonewprivs
23noroot 23noroot
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix,inet,inet6 27protocol unix,inet,inet6
27seccomp 28seccomp
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index ab16558ea..73101f509 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome-beta 1# Firejail profile for google-chrome-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome-beta.local 4include google-chrome-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-beta 8noblacklist ${HOME}/.cache/google-chrome-beta
9noblacklist ${HOME}/.config/google-chrome-beta 9noblacklist ${HOME}/.config/google-chrome-beta
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-beta
14whitelist ${HOME}/.config/google-chrome-beta 14whitelist ${HOME}/.config/google-chrome-beta
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile
index 6ade19021..55868e0b7 100644
--- a/etc/google-chrome-stable.profile
+++ b/etc/google-chrome-stable.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/google-chrome.profile 6include google-chrome.profile
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index b7d0eccf3..50e9923aa 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome-unstable 1# Firejail profile for google-chrome-unstable
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome-unstable.local 4include google-chrome-unstable.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-unstable 8noblacklist ${HOME}/.cache/google-chrome-unstable
9noblacklist ${HOME}/.config/google-chrome-unstable 9noblacklist ${HOME}/.config/google-chrome-unstable
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-unstable
14whitelist ${HOME}/.config/google-chrome-unstable 14whitelist ${HOME}/.config/google-chrome-unstable
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 6e44190ae..c69e98271 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome 1# Firejail profile for google-chrome
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome.local 4include google-chrome.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome 8noblacklist ${HOME}/.cache/google-chrome
9noblacklist ${HOME}/.config/google-chrome 9noblacklist ${HOME}/.config/google-chrome
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome
14whitelist ${HOME}/.config/google-chrome 14whitelist ${HOME}/.config/google-chrome
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index bafa716d1..6e5f99745 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-earth 1# Firejail profile for google-earth
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-earth.local 4include google-earth.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Google 8noblacklist ${HOME}/.config/Google
9noblacklist ${HOME}/.googleearth/Cache/ 9noblacklist ${HOME}/.googleearth/Cache/
@@ -11,11 +11,11 @@ noblacklist ${HOME}/.googleearth/Temp/
11noblacklist ${HOME}/.googleearth/myplaces.backup.kml 11noblacklist ${HOME}/.googleearth/myplaces.backup.kml
12noblacklist ${HOME}/.googleearth/myplaces.kml 12noblacklist ${HOME}/.googleearth/myplaces.kml
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.config/Google 20mkdir ${HOME}/.config/Google
21mkdir ${HOME}/.googleearth/Cache/ 21mkdir ${HOME}/.googleearth/Cache/
@@ -27,7 +27,7 @@ whitelist ${HOME}/.googleearth/Cache/
27whitelist ${HOME}/.googleearth/Temp/ 27whitelist ${HOME}/.googleearth/Temp/
28whitelist ${HOME}/.googleearth/myplaces.backup.kml 28whitelist ${HOME}/.googleearth/myplaces.backup.kml
29whitelist ${HOME}/.googleearth/myplaces.kml 29whitelist ${HOME}/.googleearth/myplaces.kml
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
33ipc-namespace 33ipc-namespace
@@ -37,6 +37,7 @@ nogroups
37nonewprivs 37nonewprivs
38noroot 38noroot
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index 7a19cc676..4932c9e42 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -1,22 +1,22 @@
1# Firejail profile for google-play-music-desktop-player 1# Firejail profile for google-play-music-desktop-player
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-play-music-desktop-player.local 4include google-play-music-desktop-player.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Google Play Music Desktop Player 8noblacklist ${HOME}/.config/Google Play Music Desktop Player
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16# whitelist ${HOME}/.config/pulse 16# whitelist ${HOME}/.config/pulse
17# whitelist ${HOME}/.pulse 17# whitelist ${HOME}/.pulse
18whitelist ${HOME}/.config/Google Play Music Desktop Player 18whitelist ${HOME}/.config/Google Play Music Desktop Player
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/gpa.profile b/etc/gpa.profile
index c890beb2e..ce7c8496d 100644
--- a/etc/gpa.profile
+++ b/etc/gpa.profile
@@ -2,17 +2,17 @@
2# Description: GNU Privacy Assistant (GPA) 2# Description: GNU Privacy Assistant (GPA)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpa.local 5include gpa.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix,inet,inet6 27protocol unix,inet,inet6
27seccomp 28seccomp
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 0cc17b366..7181837d5 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -2,19 +2,19 @@
2# Description: GNU privacy guard - cryptographic agent 2# Description: GNU privacy guard - cryptographic agent
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpg-agent.local 5include gpg-agent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 259a95807..e920b9072 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -2,19 +2,19 @@
2# Description: GNU Privacy Guard -- minimalist public key operations 2# Description: GNU Privacy Guard -- minimalist public key operations
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpg.local 5include gpg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 04aecc782..d3e1123f3 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight image viewer 2# Description: Lightweight image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpicview.local 5include gpicview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gpicview 9noblacklist ${HOME}/.config/gpicview
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index ea60e7287..76a10f697 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -2,20 +2,20 @@
2# Description: Satellite tracking program 2# Description: Satellite tracking program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpredict.local 5include gpredict.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Gpredict 9noblacklist ${HOME}/.config/Gpredict
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${HOME}/.config/Gpredict 17whitelist ${HOME}/.config/Gpredict
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/gradio.profile b/etc/gradio.profile
index bba92a0bc..e7f415090 100644
--- a/etc/gradio.profile
+++ b/etc/gradio.profile
@@ -1,25 +1,25 @@
1# Firejail profile for gradio 1# Firejail profile for gradio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gradio.local 4include gradio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/gradio 8noblacklist ${HOME}/.cache/gradio
9noblacklist ${HOME}/.local/share/gradio 9noblacklist ${HOME}/.local/share/gradio
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/gradio 17mkdir ${HOME}/.cache/gradio
18mkdir ${HOME}/.local/share/gradio 18mkdir ${HOME}/.local/share/gradio
19whitelist ${HOME}/.cache/gradio 19whitelist ${HOME}/.cache/gradio
20whitelist ${HOME}/.local/share/gradio 20whitelist ${HOME}/.local/share/gradio
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/gtar.profile b/etc/gtar.profile
index d4bf18f95..12acb8356 100644
--- a/etc/gtar.profile
+++ b/etc/gtar.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/tar.profile 6include tar.profile
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index 6c4de8bf0..77de59802 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -2,19 +2,19 @@
2# Description: Image viewer and browser 2# Description: Image viewer and browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gthumb.local 5include gthumb.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gthumb 9noblacklist ${HOME}/.config/gthumb
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile
index 775c79521..22457c547 100644
--- a/etc/guayadeque.profile
+++ b/etc/guayadeque.profile
@@ -1,19 +1,19 @@
1# Firejail profile for guayadeque 1# Firejail profile for guayadeque
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/guayadeque.local 4include guayadeque.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.guayadeque 8noblacklist ${HOME}/.guayadeque
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6,netlink 26protocol unix,inet,inet6,netlink
26seccomp 27seccomp
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 88e441b14..13db746f8 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -2,17 +2,17 @@
2# Description: Unicode character picker and font browser 2# Description: Unicode character picker and font browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gucharmap.local 5include gucharmap.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/gunzip.profile b/etc/gunzip.profile
index 8ea523df7..fe35f8fe7 100644
--- a/etc/gunzip.profile
+++ b/etc/gunzip.profile
@@ -1,9 +1,9 @@
1# Firejail profile for gunzip 1# Firejail profile for gunzip
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gunzip.local 4include gunzip.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/gzip.profile 9include gzip.profile
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index cf9b27e0f..8723b0135 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -2,9 +2,9 @@
2# Description: Image viewer 2# Description: Image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gwenview.local 5include gwenview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.config/gwenviewrc 10noblacklist ${HOME}/.config/gwenviewrc
@@ -17,13 +17,13 @@ noblacklist ${HOME}/.kde4/share/config/gwenviewrc
17noblacklist ${HOME}/.local/share/gwenview 17noblacklist ${HOME}/.local/share/gwenview
18noblacklist ${HOME}/.local/share/org.kde.gwenview 18noblacklist ${HOME}/.local/share/org.kde.gwenview
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28apparmor 28apparmor
29caps.drop all 29caps.drop all
@@ -34,6 +34,7 @@ nogroups
34nonewprivs 34nonewprivs
35noroot 35noroot
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix 39protocol unix
39seccomp 40seccomp
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 9157d398a..16ca6b94d 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/gzip.local 6include gzip.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -17,10 +17,11 @@ nodbus
17nodvd 17nodvd
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21shell none 22shell none
22tracelog 23tracelog
23 24
24private-dev 25private-dev
25 26
26include /etc/firejail/default.profile 27include default.profile
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile
index de6244a32..1cb09ddde 100644
--- a/etc/handbrake-gtk.profile
+++ b/etc/handbrake-gtk.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/handbrake.profile 6include handbrake.profile
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index 32da097ce..a98f80bc7 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -2,22 +2,22 @@
2# Description: Versatile DVD ripper and video transcoder (GTK+ GUI) 2# Description: Versatile DVD ripper and video transcoder (GTK+ GUI)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/handbrake.local 5include handbrake.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ghb 9noblacklist ${HOME}/.config/ghb
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -26,6 +26,7 @@ nodbus
26nogroups 26nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index 8bc861dde..bf4836c45 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -3,20 +3,20 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/hashcat.local 6include hashcat.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.hashcat 10noblacklist ${HOME}/.hashcat
11noblacklist /usr/include 11noblacklist /usr/include
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 542771639..4dfb40890 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -2,21 +2,21 @@
2# Description: Funny turn-based artillery game, featuring fighting hedgehogs 2# Description: Funny turn-based artillery game, featuring fighting hedgehogs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hedgewars.local 5include hedgewars.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.hedgewars 9noblacklist ${HOME}/.hedgewars
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.hedgewars 17mkdir ${HOME}/.hedgewars
18whitelist ${HOME}/.hedgewars 18whitelist ${HOME}/.hedgewars
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28seccomp 29seccomp
29tracelog 30tracelog
30 31
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index a2c163e6a..783f91e82 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -2,9 +2,9 @@
2# Description: IRC client for X based on X-Chat 2 2# Description: IRC client for X based on X-Chat 2
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hexchat.local 5include hexchat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/hexchat 9noblacklist ${HOME}/.config/hexchat
10noblacklist /usr/share/perl* 10noblacklist /usr/share/perl*
@@ -15,16 +15,16 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.config/hexchat 24mkdir ${HOME}/.config/hexchat
25whitelist ${HOME}/.config/hexchat 25whitelist ${HOME}/.config/hexchat
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30machine-id 30machine-id
@@ -36,6 +36,7 @@ nonewprivs
36noroot 36noroot
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix,inet,inet6 41protocol unix,inet,inet6
41seccomp 42seccomp
diff --git a/etc/highlight.profile b/etc/highlight.profile
index d313f2769..ae2cce0b4 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -2,17 +2,17 @@
2# Description: Universal source code to formatted text converter 2# Description: Universal source code to formatted text converter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/highlight.local 5include highlight.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/hugin.profile b/etc/hugin.profile
index 35505c698..1e235f381 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -2,20 +2,20 @@
2# Description: Panorama photo stitcher 2# Description: Panorama photo stitcher
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hugin.local 5include hugin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.hugin 9noblacklist ${HOME}/.hugin
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21net none 21net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/i3.profile b/etc/i3.profile
index efbc1f6e7..c1ca0e413 100644
--- a/etc/i3.profile
+++ b/etc/i3.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/i3.local 5include i3.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.config/i3 10noblacklist ${HOME}/.config/i3
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 42e762c21..660343a29 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,9 +1,9 @@
1# Firejail profile for icecat 1# Firejail profile for icecat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/icecat.local 4include icecat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
@@ -17,4 +17,4 @@ whitelist ${HOME}/.mozilla
17#private-etc icecat 17#private-etc icecat
18 18
19# Redirect 19# Redirect
20include /etc/firejail/firefox-common.profile 20include firefox-common.profile
diff --git a/etc/icedove.profile b/etc/icedove.profile
index 80cff3878..a66309bf1 100644
--- a/etc/icedove.profile
+++ b/etc/icedove.profile
@@ -1,9 +1,9 @@
1# Firejail profile for icedove 1# Firejail profile for icedove
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/icedove.local 4include icedove.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Users have icedove set to open a browser by clicking a link in an email 8# Users have icedove set to open a browser by clicking a link in an email
9# We are not allowed to blacklist browser-specific directories 9# We are not allowed to blacklist browser-specific directories
@@ -18,10 +18,10 @@ mkdir ${HOME}/.icedove
18whitelist ${HOME}/.cache/icedove 18whitelist ${HOME}/.cache/icedove
19whitelist ${HOME}/.gnupg 19whitelist ${HOME}/.gnupg
20whitelist ${HOME}/.icedove 20whitelist ${HOME}/.icedove
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23ignore private-tmp 23ignore private-tmp
24 24
25# allow browsers 25# allow browsers
26# Redirect 26# Redirect
27include /etc/firejail/firefox.profile 27include firefox.profile
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile
index 51f15aa1b..24a2f4cc3 100644
--- a/etc/iceweasel.profile
+++ b/etc/iceweasel.profile
@@ -1,12 +1,12 @@
1# Firejail profile for iceweasel 1# Firejail profile for iceweasel
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/iceweasel.local 4include iceweasel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# private-etc must first be enabled in firefox-common.profile 8# private-etc must first be enabled in firefox-common.profile
9#private-etc iceweasel 9#private-etc iceweasel
10 10
11# Redirect 11# Redirect
12include /etc/firejail/firefox.profile 12include firefox.profile
diff --git a/etc/idea.profile b/etc/idea.profile
index 623d71734..d56dceb71 100644
--- a/etc/idea.profile
+++ b/etc/idea.profile
@@ -1,10 +1,10 @@
1# Firejail profile for idea 1# Firejail profile for idea
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/idea.local 4include idea.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/idea.sh.profile 10include idea.sh.profile
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile
index 06328ccbf..bbacef764 100644
--- a/etc/idea.sh.profile
+++ b/etc/idea.sh.profile
@@ -1,9 +1,9 @@
1# Firejail profile for idea.sh 1# Firejail profile for idea.sh
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/idea.sh.local 4include idea.sh.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.IdeaIC* 8noblacklist ${HOME}/.IdeaIC*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -16,9 +16,9 @@ noblacklist ${HOME}/.local/share/JetBrains
16noblacklist ${HOME}/.ssh 16noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
index f7a69fa94..b960b08e5 100644
--- a/etc/ideaIC.profile
+++ b/etc/ideaIC.profile
@@ -1,10 +1,10 @@
1# Firejail profile for ideaIC 1# Firejail profile for ideaIC
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ideaIC.local 4include ideaIC.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/idea.sh.profile 10include idea.sh.profile
diff --git a/etc/imagej.profile b/etc/imagej.profile
index 4de064390..9ff0f9203 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -2,9 +2,9 @@
2# Description: Image processing program with a focus on microscopy images 2# Description: Image processing program with a focus on microscopy images
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/imagej.local 5include imagej.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.imagej 9noblacklist ${HOME}/.imagej
10 10
@@ -14,11 +14,11 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index c9ee18f80..6f860a3d4 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -1,19 +1,19 @@
1# Firejail profile for img2txt 1# Firejail profile for img2txt
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/img2txt.local 4include img2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 56fdfd081..a13f5c378 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -2,9 +2,9 @@
2# Description: Vector-based drawing program 2# Description: Vector-based drawing program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/inkscape.local 5include inkscape.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/inkscape 9noblacklist ${HOME}/.cache/inkscape
10noblacklist ${HOME}/.config/inkscape 10noblacklist ${HOME}/.config/inkscape
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.inkscape
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13noblacklist ${PICTURES} 13noblacklist ${PICTURES}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/inox.profile b/etc/inox.profile
index 652761c54..1b3db73b4 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for inox 1# Firejail profile for inox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/inox.local 4include inox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/inox 8noblacklist ${HOME}/.cache/inox
9noblacklist ${HOME}/.config/inox 9noblacklist ${HOME}/.config/inox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/inox
14whitelist ${HOME}/.config/inox 14whitelist ${HOME}/.config/inox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile
index 1baa07cb7..0a6418d5c 100644
--- a/etc/iridium-browser.profile
+++ b/etc/iridium-browser.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/iridium.profile 6include iridium.profile
diff --git a/etc/iridium.profile b/etc/iridium.profile
index 2869c3070..ebb39b0a3 100644
--- a/etc/iridium.profile
+++ b/etc/iridium.profile
@@ -1,9 +1,9 @@
1# Firejail profile for iridium 1# Firejail profile for iridium
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/iridium.local 4include iridium.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/iridium 8noblacklist ${HOME}/.cache/iridium
9noblacklist ${HOME}/.config/iridium 9noblacklist ${HOME}/.config/iridium
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/iridium
14whitelist ${HOME}/.config/iridium 14whitelist ${HOME}/.config/iridium
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/itch.profile b/etc/itch.profile
index 2ad669952..c0b4fe6ce 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -1,24 +1,24 @@
1# Firejail profile for itch 1# Firejail profile for itch
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/itch.local 4include itch.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# itch.io has native firejail/sandboxing support bundled in 8# itch.io has native firejail/sandboxing support bundled in
9# See https://itch.io/docs/itch/using/sandbox/linux.html 9# See https://itch.io/docs/itch/using/sandbox/linux.html
10 10
11noblacklist ${HOME}/.config/itch 11noblacklist ${HOME}/.config/itch
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.config/itch 19mkdir ${HOME}/.config/itch
20whitelist ${HOME}/.config/itch 20whitelist ${HOME}/.config/itch
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 3a280dab7..443e6b550 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -1,9 +1,9 @@
1# Firejail profile for jd-gui 1# Firejail profile for jd-gui
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jd-gui.local 4include jd-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/jd-gui.cfg 8noblacklist ${HOME}/.config/jd-gui.cfg
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
@@ -14,14 +14,14 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27net none 27net none
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile
index dbcc85e8d..037d92338 100644
--- a/etc/jdownloader.profile
+++ b/etc/jdownloader.profile
@@ -1,10 +1,10 @@
1# Firejail profile for jdownloader 1# Firejail profile for jdownloader
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jdownloader.local 4include jdownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/JDownloader.profile 10include JDownloader.profile
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index b3b09f4b1..5a575bb71 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -1,9 +1,9 @@
1# Firejail profile for jitsi 1# Firejail profile for jitsi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jitsi.local 4include jitsi.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.jitsi 8noblacklist ${HOME}/.jitsi
9 9
@@ -13,11 +13,11 @@ noblacklist /usr/lib/java
13noblacklist /etc/java 13noblacklist /etc/java
14noblacklist /usr/share/java 14noblacklist /usr/share/java
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23nodvd 23nodvd
diff --git a/etc/k3b.profile b/etc/k3b.profile
index 6b4c15560..8c599d0ca 100644
--- a/etc/k3b.profile
+++ b/etc/k3b.profile
@@ -2,23 +2,23 @@
2# Description: Sophisticated CD/DVD burning application 2# Description: Sophisticated CD/DVD burning application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/k3b.local 5include k3b.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/k3brc 9noblacklist ${HOME}/.config/k3brc
10noblacklist ${HOME}/.kde/share/config/k3brc 10noblacklist ${HOME}/.kde/share/config/k3brc
11noblacklist ${HOME}/.kde4/share/config/k3brc 11noblacklist ${HOME}/.kde4/share/config/k3brc
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24no3d 24no3d
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile
index 204c20501..85870da36 100644
--- a/etc/kaffeine.profile
+++ b/etc/kaffeine.profile
@@ -2,9 +2,9 @@
2# Description: Versatile media player for KDE 2# Description: Versatile media player for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kaffeine.local 5include kaffeine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kaffeinerc 9noblacklist ${HOME}/.config/kaffeinerc
10noblacklist ${HOME}/.kde/share/apps/kaffeine 10noblacklist ${HOME}/.kde/share/apps/kaffeine
@@ -15,20 +15,21 @@ noblacklist ${HOME}/.local/share/kaffeine
15noblacklist ${MUSIC} 15noblacklist ${MUSIC}
16noblacklist ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
29nogroups 29nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/karbon.profile b/etc/karbon.profile
index 3525a3e06..e9e3c2a69 100644
--- a/etc/karbon.profile
+++ b/etc/karbon.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/krita.profile 6include krita.profile
diff --git a/etc/kate.profile b/etc/kate.profile
index 8a53a56a8..cce36eacc 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -2,9 +2,9 @@
2# Description: Powerful text editor 2# Description: Powerful text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kate.local 5include kate.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/katemetainfos 9noblacklist ${HOME}/.config/katemetainfos
10noblacklist ${HOME}/.config/katepartrc 10noblacklist ${HOME}/.config/katepartrc
@@ -14,13 +14,13 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc
14noblacklist ${HOME}/.config/katevirc 14noblacklist ${HOME}/.config/katevirc
15noblacklist ${HOME}/.local/share/kate 15noblacklist ${HOME}/.local/share/kate
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18# include /etc/firejail/disable-devel.inc 18# include disable-devel.inc
19# include /etc/firejail/disable-interpreters.inc 19# include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25# apparmor 25# apparmor
26caps.drop all 26caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 20ad8f23a..8baefaa98 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -2,16 +2,16 @@
2# Description: Simple and scientific calculator 2# Description: Simple and scientific calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kcalc.local 5include kcalc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkfile ${HOME}/.config/kcalcrc 16mkfile ${HOME}/.config/kcalcrc
17mkfile ${HOME}/.kde/share/config/kcalcrc 17mkfile ${HOME}/.kde/share/config/kcalcrc
@@ -19,8 +19,8 @@ mkfile ${HOME}/.kde4/share/config/kcalcrc
19whitelist ${HOME}/.config/kcalcrc 19whitelist ${HOME}/.config/kcalcrc
20whitelist ${HOME}/.kde/share/config/kcalcrc 20whitelist ${HOME}/.kde/share/config/kcalcrc
21whitelist ${HOME}/.kde4/share/config/kcalcrc 21whitelist ${HOME}/.kde4/share/config/kcalcrc
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
26caps.drop all 26caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile
index 76de15ccf..cd7c4cae3 100644
--- a/etc/kdeinit4.profile
+++ b/etc/kdeinit4.profile
@@ -1,19 +1,19 @@
1# Firejail profile for kdeinit4 1# Firejail profile for kdeinit4
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/kdeinit4.local 4include kdeinit4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# use outside KDE Plasma 4 8# use outside KDE Plasma 4
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -22,6 +22,7 @@ nogroups
22nonewprivs 22nonewprivs
23# nosound - disabled for knotify 23# nosound - disabled for knotify
24noroot 24noroot
25nou2f
25novideo 26novideo
26notv 27notv
27protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 4aca10995..2ef44bc7f 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -2,19 +2,19 @@
2# Description: Non-linear video editor 2# Description: Non-linear video editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kdenlive.local 5include kdenlive.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/kdenlive 9noblacklist ${HOME}/.cache/kdenlive
10noblacklist ${HOME}/.config/kdenliverc 10noblacklist ${HOME}/.config/kdenliverc
11noblacklist ${HOME}/.local/share/kdenlive 11noblacklist ${HOME}/.local/share/kdenlive
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28protocol unix,netlink 29protocol unix,netlink
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/keepass.profile b/etc/keepass.profile
index e27248357..788561a14 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -2,9 +2,9 @@
2# Description: An easy-to-use password manager 2# Description: An easy-to-use password manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepass.local 5include keepass.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -15,12 +15,12 @@ noblacklist ${HOME}/.local/share/KeePass
15noblacklist ${HOME}/.local/share/keepass 15noblacklist ${HOME}/.local/share/keepass
16noblacklist ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
diff --git a/etc/keepass2.profile b/etc/keepass2.profile
index d29fc6abc..9e33e08db 100644
--- a/etc/keepass2.profile
+++ b/etc/keepass2.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/keepass.profile 6include keepass.profile
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 94aaa5597..fc9386618 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -2,9 +2,9 @@
2# Description: Cross Platform Password Manager 2# Description: Cross Platform Password Manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepassx.local 5include keepassx.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.config/keepassx
12noblacklist ${HOME}/.keepassx 12noblacklist ${HOME}/.keepassx
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25machine-id 25machine-id
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix 37protocol unix
37seccomp 38seccomp
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index 4e74c2cea..fdd27e9f9 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -3,4 +3,4 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5# Redirects 5# Redirects
6include /etc/firejail/keepassx.profile 6include keepassx.profile
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index a00d17878..053344cc2 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -2,9 +2,9 @@
2# Description: Cross Platform Password Manager 2# Description: Cross Platform Password Manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepassxc.local 5include keepassxc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -14,14 +14,14 @@ noblacklist ${HOME}/.keepassxc
14noblacklist ${HOME}/.mozilla 14noblacklist ${HOME}/.mozilla
15noblacklist ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27machine-id 27machine-id
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix 39protocol unix
39seccomp 40seccomp
diff --git a/etc/kget.profile b/etc/kget.profile
index a32b51626..2ef84a0ee 100644
--- a/etc/kget.profile
+++ b/etc/kget.profile
@@ -2,9 +2,9 @@
2# Description: Download manager 2# Description: Download manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kget.local 5include kget.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kgetrc 9noblacklist ${HOME}/.config/kgetrc
10noblacklist ${HOME}/.kde/share/apps/kget 10noblacklist ${HOME}/.kde/share/apps/kget
@@ -13,13 +13,13 @@ noblacklist ${HOME}/.kde4/share/apps/kget
13noblacklist ${HOME}/.kde4/share/config/kgetrc 13noblacklist ${HOME}/.kde4/share/config/kgetrc
14noblacklist ${HOME}/.local/share/kget 14noblacklist ${HOME}/.local/share/kget
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/kino.profile b/etc/kino.profile
index cda86ddc6..ead42f9ca 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -2,18 +2,18 @@
2# Description: Non-linear editor for Digital Video data 2# Description: Non-linear editor for Digital Video data
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kino.local 5include kino.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kino-history 9noblacklist ${HOME}/.kino-history
10noblacklist ${HOME}/.kinorc 10noblacklist ${HOME}/.kinorc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix 26protocol unix
26seccomp 27seccomp
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 308a981f7..1f8403ef1 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -2,9 +2,9 @@
2# Description: Full featured graphical email client 2# Description: Full featured graphical email client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kmail.local 5include kmail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# kmail has problems launching akonadi in debian and ubuntu. 9# kmail has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when kmail is started 10# one solution is to have akonadi already running when kmail is started
@@ -29,13 +29,13 @@ noblacklist ${HOME}/.local/share/local-mail
29noblacklist ${HOME}/.local/share/notes 29noblacklist ${HOME}/.local/share/notes
30noblacklist /tmp/akonadi-* 30noblacklist /tmp/akonadi-*
31 31
32include /etc/firejail/disable-common.inc 32include disable-common.inc
33include /etc/firejail/disable-devel.inc 33include disable-devel.inc
34include /etc/firejail/disable-interpreters.inc 34include disable-interpreters.inc
35include /etc/firejail/disable-passwdmgr.inc 35include disable-passwdmgr.inc
36include /etc/firejail/disable-programs.inc 36include disable-programs.inc
37 37
38include /etc/firejail/whitelist-var-common.inc 38include whitelist-var-common.inc
39 39
40# apparmor 40# apparmor
41caps.drop all 41caps.drop all
@@ -46,6 +46,7 @@ nonewprivs
46noroot 46noroot
47nosound 47nosound
48notv 48notv
49nou2f
49novideo 50novideo
50protocol unix,inet,inet6,netlink 51protocol unix,inet,inet6,netlink
51# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls 52# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
diff --git a/etc/knotes.profile b/etc/knotes.profile
index 147d2d831..e7ea04873 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -2,9 +2,9 @@
2# Description: Sticky notes application 2# Description: Sticky notes application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/knotes.local 5include knotes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# knotes has problems launching akonadi in debian and ubuntu. 9# knotes has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when knotes is started 10# one solution is to have akonadi already running when knotes is started
@@ -14,4 +14,4 @@ noblacklist ${HOME}/.local/share/knotes
14 14
15 15
16# Redirect 16# Redirect
17include /etc/firejail/kmail.profile 17include kmail.profile
diff --git a/etc/kodi.profile b/etc/kodi.profile
index 9dd7770ad..3a161db4c 100644
--- a/etc/kodi.profile
+++ b/etc/kodi.profile
@@ -2,9 +2,9 @@
2# Description: Open Source Home Theatre 2# Description: Open Source Home Theatre
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kodi.local 5include kodi.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kodi 9noblacklist ${HOME}/.kodi
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29apparmor 29apparmor
30caps.drop all 30caps.drop all
@@ -32,6 +32,7 @@ netfilter
32nogroups 32nogroups
33nonewprivs 33nonewprivs
34noroot 34noroot
35nou2f
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/konversation.profile b/etc/konversation.profile
index b66f40600..c679bd61b 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -2,21 +2,21 @@
2# Description: User friendly Internet Relay Chat (IRC) client for KDE 2# Description: User friendly Internet Relay Chat (IRC) client for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/konversation.local 5include konversation.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/konversationrc 9noblacklist ${HOME}/.config/konversationrc
10noblacklist ${HOME}/.kde/share/config/konversationrc 10noblacklist ${HOME}/.kde/share/config/konversationrc
11noblacklist ${HOME}/.kde4/share/config/konversationrc 11noblacklist ${HOME}/.kde4/share/config/konversationrc
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/kopete.profile b/etc/kopete.profile
index d7829113d..fef415f6e 100644
--- a/etc/kopete.profile
+++ b/etc/kopete.profile
@@ -2,23 +2,23 @@
2# Description: Instant messaging and chat application 2# Description: Instant messaging and chat application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kopete.local 5include kopete.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kde/share/apps/kopete 9noblacklist ${HOME}/.kde/share/apps/kopete
10noblacklist ${HOME}/.kde/share/config/kopeterc 10noblacklist ${HOME}/.kde/share/config/kopeterc
11noblacklist ${HOME}/.kde4/share/apps/kopete 11noblacklist ${HOME}/.kde4/share/apps/kopete
12noblacklist ${HOME}/.kde4/share/config/kopeterc 12noblacklist ${HOME}/.kde4/share/config/kopeterc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist /var/lib/winpopup 20whitelist /var/lib/winpopup
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
32writable-var 33writable-var
diff --git a/etc/krita.profile b/etc/krita.profile
index 5a1f3d031..bd02522f6 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -2,9 +2,9 @@
2# Description: Pixel-based image manipulation program 2# Description: Pixel-based image manipulation program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/krita.local 5include krita.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kritarc 9noblacklist ${HOME}/.config/kritarc
10noblacklist ${HOME}/.local/share/krita 10noblacklist ${HOME}/.local/share/krita
@@ -17,12 +17,12 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27apparmor 27apparmor
28caps.drop all 28caps.drop all
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36nosound 36nosound
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix 40protocol unix
40seccomp 41seccomp
diff --git a/etc/krunner.profile b/etc/krunner.profile
index 0b1b9e5de..c64113c15 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -2,9 +2,9 @@
2# Description: Framework for providing different actions given a string query 2# Description: Framework for providing different actions given a string query
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/krunner.local 5include krunner.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# - programs started in krunner run with this generic profile. 9# - programs started in krunner run with this generic profile.
10# - when a file is opened in krunner, the file viewer runs in its own sandbox 10# - when a file is opened in krunner, the file viewer runs in its own sandbox
@@ -19,13 +19,13 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc
19# noblacklist ${HOME}/.local/share/baloo 19# noblacklist ${HOME}/.local/share/baloo
20# noblacklist ${HOME}/.mozilla 20# noblacklist ${HOME}/.mozilla
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23# include /etc/firejail/disable-devel.inc 23# include disable-devel.inc
24# include /etc/firejail/disable-interpreters.inc 24# include disable-interpreters.inc
25# include /etc/firejail/disable-passwdmgr.inc 25# include disable-passwdmgr.inc
26# include /etc/firejail/disable-programs.inc 26# include disable-programs.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31netfilter 31netfilter
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 14ee3322c..4dc635df7 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client based on the KDE platform 2# Description: BitTorrent client based on the KDE platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ktorrent.local 5include ktorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ktorrentrc 9noblacklist ${HOME}/.config/ktorrentrc
10noblacklist ${HOME}/.kde/share/apps/ktorrent 10noblacklist ${HOME}/.kde/share/apps/ktorrent
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.kde4/share/apps/ktorrent
13noblacklist ${HOME}/.kde4/share/config/ktorrentrc 13noblacklist ${HOME}/.kde4/share/config/ktorrentrc
14noblacklist ${HOME}/.local/share/ktorrent 14noblacklist ${HOME}/.local/share/ktorrent
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22mkdir ${HOME}/.kde/share/apps/ktorrent 22mkdir ${HOME}/.kde/share/apps/ktorrent
23mkdir ${HOME}/.kde4/share/apps/ktorrent 23mkdir ${HOME}/.kde4/share/apps/ktorrent
@@ -32,8 +32,8 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc
32whitelist ${HOME}/.kde4/share/apps/ktorrent 32whitelist ${HOME}/.kde4/share/apps/ktorrent
33whitelist ${HOME}/.kde4/share/config/ktorrentrc 33whitelist ${HOME}/.kde4/share/config/ktorrentrc
34whitelist ${HOME}/.local/share/ktorrent 34whitelist ${HOME}/.local/share/ktorrent
35include /etc/firejail/whitelist-common.inc 35include whitelist-common.inc
36include /etc/firejail/whitelist-var-common.inc 36include whitelist-var-common.inc
37 37
38caps.drop all 38caps.drop all
39machine-id 39machine-id
@@ -45,6 +45,7 @@ nonewprivs
45noroot 45noroot
46nosound 46nosound
47notv 47notv
48nou2f
48novideo 49novideo
49protocol unix,inet,inet6,netlink 50protocol unix,inet,inet6,netlink
50seccomp 51seccomp
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index ca7c5042d..4cb489577 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -1,22 +1,22 @@
1# Firejail profile for kwin_x11 1# Firejail profile for kwin_x11
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/kwin_x11.local 4include kwin_x11.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/kwin 8noblacklist ${HOME}/.cache/kwin
9noblacklist ${HOME}/.config/kwinrc 9noblacklist ${HOME}/.config/kwinrc
10noblacklist ${HOME}/.config/kwinrulesrc 10noblacklist ${HOME}/.config/kwinrulesrc
11noblacklist ${HOME}/.local/share/kwin 11noblacklist ${HOME}/.local/share/kwin
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index f080b3ffc..9922cb0b5 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -2,9 +2,9 @@
2# Description: Simple text editor 2# Description: Simple text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kwrite.local 5include kwrite.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/katepartrc 9noblacklist ${HOME}/.config/katepartrc
10noblacklist ${HOME}/.config/katerc 10noblacklist ${HOME}/.config/katerc
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.config/kwriterc
15noblacklist ${HOME}/.local/share/kwrite 15noblacklist ${HOME}/.local/share/kwrite
16noblacklist ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27apparmor 27apparmor
28caps.drop all 28caps.drop all
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36# nosound - KWrite is using ALSA! 36# nosound - KWrite is using ALSA!
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix 40protocol unix
40seccomp 41seccomp
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile
new file mode 100644
index 000000000..ec9a8f546
--- /dev/null
+++ b/etc/lbunzip2.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include gzip.profile
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile
new file mode 100644
index 000000000..ec9a8f546
--- /dev/null
+++ b/etc/lbzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include gzip.profile
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile
new file mode 100644
index 000000000..ec9a8f546
--- /dev/null
+++ b/etc/lbzip2.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include gzip.profile
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
index d3335893f..47ea5606a 100644
--- a/etc/leafpad.profile
+++ b/etc/leafpad.profile
@@ -2,19 +2,19 @@
2# Description: GTK+ based simple text editor 2# Description: GTK+ based simple text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/leafpad.local 5include leafpad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/leafpad 9noblacklist ${HOME}/.config/leafpad
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/less.profile b/etc/less.profile
index a08d2c547..466539c6b 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/less.local 6include less.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -17,6 +17,7 @@ nodbus
17nodvd 17nodvd
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21shell none 22shell none
22tracelog 23tracelog
@@ -33,4 +34,4 @@ memory-deny-write-execute
33noexec ${HOME} 34noexec ${HOME}
34noexec /tmp 35noexec /tmp
35 36
36include /etc/firejail/default.profile 37include default.profile
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 905dd22b9..1a3f6cbd1 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -2,9 +2,9 @@
2# Description: Office productivity suite 2# Description: Office productivity suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/libreoffice.local 5include libreoffice.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist /usr/local/sbin 10noblacklist /usr/local/sbin
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27# Ubuntu 18.04 uses its own apparmor profile 27# Ubuntu 18.04 uses its own apparmor profile
28# uncomment the next line if you are not on Ubuntu 28# uncomment the next line if you are not on Ubuntu
@@ -36,6 +36,7 @@ nogroups
36#nonewprivs - fix for Ubuntu 18.04/Debian 10 36#nonewprivs - fix for Ubuntu 18.04/Debian 10
37noroot 37noroot
38notv 38notv
39nou2f
39#protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10 40#protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10
40#seccomp - fix for Ubuntu 18.04/Debian 10 41#seccomp - fix for Ubuntu 18.04/Debian 10
41shell none 42shell none
diff --git a/etc/liferea.profile b/etc/liferea.profile
index 04c649121..c498541d4 100644
--- a/etc/liferea.profile
+++ b/etc/liferea.profile
@@ -2,9 +2,9 @@
2# Description: Feed/news/podcast client with plugin support 2# Description: Feed/news/podcast client with plugin support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/liferea.local 5include liferea.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/liferea 9noblacklist ${HOME}/.cache/liferea
10noblacklist ${HOME}/.config/liferea 10noblacklist ${HOME}/.config/liferea
@@ -16,11 +16,11 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25mkdir ${HOME}/.cache/liferea 25mkdir ${HOME}/.cache/liferea
26mkdir ${HOME}/.config/liferea 26mkdir ${HOME}/.config/liferea
@@ -28,8 +28,8 @@ mkdir ${HOME}/.local/share/liferea
28whitelist ${HOME}/.cache/liferea 28whitelist ${HOME}/.cache/liferea
29whitelist ${HOME}/.config/liferea 29whitelist ${HOME}/.config/liferea
30whitelist ${HOME}/.local/share/liferea 30whitelist ${HOME}/.local/share/liferea
31include /etc/firejail/whitelist-common.inc 31include whitelist-common.inc
32include /etc/firejail/whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
@@ -40,6 +40,7 @@ nonewprivs
40noroot 40noroot
41# nosound 41# nosound
42notv 42notv
43nou2f
43novideo 44novideo
44protocol unix,inet,inet6 45protocol unix,inet,inet6
45seccomp 46seccomp
diff --git a/etc/linphone.profile b/etc/linphone.profile
index b469b9711..feb4037fb 100644
--- a/etc/linphone.profile
+++ b/etc/linphone.profile
@@ -2,25 +2,25 @@
2# Description: SIP softphone - graphical client 2# Description: SIP softphone - graphical client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/linphone.local 5include linphone.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.linphone-history.db 9noblacklist ${HOME}/.linphone-history.db
10noblacklist ${HOME}/.linphonerc 10noblacklist ${HOME}/.linphonerc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkfile ${HOME}/.linphone-history.db 18mkfile ${HOME}/.linphone-history.db
19mkfile ${HOME}/.linphonerc 19mkfile ${HOME}/.linphonerc
20whitelist ${HOME}/.linphone-history.db 20whitelist ${HOME}/.linphone-history.db
21whitelist ${HOME}/.linphonerc 21whitelist ${HOME}/.linphonerc
22whitelist ${HOME}/Downloads 22whitelist ${HOME}/Downloads
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/lmms.profile b/etc/lmms.profile
index d3ef1b40e..6c81b9172 100644
--- a/etc/lmms.profile
+++ b/etc/lmms.profile
@@ -2,20 +2,20 @@
2# Description: Linux Multimedia Studio 2# Description: Linux Multimedia Studio
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lmms.local 5include lmms.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.lmmsrc.xml 9noblacklist ${HOME}/.lmmsrc.xml
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/lobase.profile b/etc/lobase.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lobase.profile
+++ b/etc/lobase.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/localc.profile b/etc/localc.profile
index c702a4ece..ea0f84631 100644
--- a/etc/localc.profile
+++ b/etc/localc.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lodraw.profile b/etc/lodraw.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lodraw.profile
+++ b/etc/lodraw.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loffice.profile b/etc/loffice.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loffice.profile
+++ b/etc/loffice.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lofromtemplate.profile
+++ b/etc/lofromtemplate.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loimpress.profile b/etc/loimpress.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loimpress.profile
+++ b/etc/loimpress.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index efd40e899..6e53fc62b 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -2,9 +2,9 @@
2# Description: Music player for GNOME 2# Description: Music player for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lollypop.local 5include lollypop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/lollypop 9noblacklist ${HOME}/.local/share/lollypop
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
diff --git a/etc/lomath.profile b/etc/lomath.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lomath.profile
+++ b/etc/lomath.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loweb.profile b/etc/loweb.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loweb.profile
+++ b/etc/loweb.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lowriter.profile b/etc/lowriter.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lowriter.profile
+++ b/etc/lowriter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index a4ccefb6d..38f2ab10c 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -2,19 +2,19 @@
2# Description: Graphical user interface providing a workflow for HDR imaging 2# Description: Graphical user interface providing a workflow for HDR imaging
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/luminance-hdr.local 5include luminance-hdr.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Luminance 9noblacklist ${HOME}/.config/Luminance
10noblacklist ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 4b3c457f6..c275a69c8 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -2,17 +2,17 @@
2# Description: Image viewer for LXQt 2# Description: Image viewer for LXQt
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lximage-qt.local 5include lximage-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/lximage-qt 9noblacklist ${HOME}/.config/lximage-qt
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index 7c3334075..e0c03db50 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -2,22 +2,22 @@
2# Description: LXDE music player 2# Description: LXDE music player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lxmusic.local 5include lxmusic.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/xmms2 9noblacklist ${HOME}/.cache/xmms2
10noblacklist ${HOME}/.config/xmms2 10noblacklist ${HOME}/.config/xmms2
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/lynx.profile b/etc/lynx.profile
index f5ec44fda..e8d44823b 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -2,18 +2,18 @@
2# Description: Classic non-graphical (text-mode) web browser 2# Description: Classic non-graphical (text-mode) web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lynx.local 5include lynx.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/lzcat.profile b/etc/lzcat.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzcmp.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzdiff.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzegrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzfgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzip.profile b/etc/lzip.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzip.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzless.profile b/etc/lzless.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzless.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzma.profile b/etc/lzma.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzma.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile
index 7c26620dd..9ba22601b 100644
--- a/etc/lzmadec.profile
+++ b/etc/lzmadec.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/xzdec.profile 7include xzdec.profile
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzmainfo.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzmore.profile b/etc/lzmore.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzmore.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index 4107d91ad..170085117 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -1,9 +1,9 @@
1# Firejail profile for macrofusion 1# Firejail profile for macrofusion
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/macrofusion.local 4include macrofusion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mfusion 8noblacklist ${HOME}/.config/mfusion
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
@@ -14,12 +14,12 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24caps.drop all 24caps.drop all
25ipc-namespace 25ipc-namespace
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/makepkg.profile b/etc/makepkg.profile
index ac337b9a1..317a3dd78 100644
--- a/etc/makepkg.profile
+++ b/etc/makepkg.profile
@@ -10,9 +10,9 @@
10 10
11quiet 11quiet
12# Persistent local customizations 12# Persistent local customizations
13include /etc/firejail/makepkg.local 13include makepkg.local
14# Persistent global definitions 14# Persistent global definitions
15include /etc/firejail/globals.local 15include globals.local
16 16
17 17
18# Enable severely restricted access to ${HOME}/.gnupg 18# Enable severely restricted access to ${HOME}/.gnupg
@@ -30,9 +30,9 @@ blacklist ${HOME}/.gnupg/openpgp-revocs.d
30# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} 30# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only}
31noblacklist /var/lib/pacman 31noblacklist /var/lib/pacman
32 32
33include /etc/firejail/disable-common.inc 33include disable-common.inc
34include /etc/firejail/disable-passwdmgr.inc 34include disable-passwdmgr.inc
35include /etc/firejail/disable-programs.inc 35include disable-programs.inc
36 36
37caps.drop all 37caps.drop all
38ipc-namespace 38ipc-namespace
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile
new file mode 100644
index 000000000..e35ddd2a7
--- /dev/null
+++ b/etc/masterpdfeditor.profile
@@ -0,0 +1,50 @@
1# Firejail profile for masterpdfeditor
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include masterpdfeditor.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/Code Industry
10noblacklist ${HOME}/.masterpdfeditor
11
12include disable-common.inc
13include disable-devel.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17
18include whitelist-var-common.inc
19
20caps.drop all
21ipc-namespace
22machine-id
23net none
24no3d
25nodbus
26nodvd
27nogroups
28nonewprivs
29noroot
30nosound
31notv
32nou2f
33novideo
34protocol unix
35seccomp
36shell none
37tracelog
38
39# disable-mnt
40# private
41private-bin masterpdfeditor*
42private-cache
43private-dev
44private-etc fonts
45# private-lib
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile
new file mode 100644
index 000000000..5612fdaa4
--- /dev/null
+++ b/etc/masterpdfeditor4.profile
@@ -0,0 +1,12 @@
1# Firejail profile for masterpdfeditor4
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include masterpdfeditor4.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10
11# Redirect
12include masterpdfeditor.profile
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile
new file mode 100644
index 000000000..8669ceb11
--- /dev/null
+++ b/etc/masterpdfeditor5.profile
@@ -0,0 +1,12 @@
1# Firejail profile for masterpdfeditor5
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include masterpdfeditor5.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10
11# Redirect
12include masterpdfeditor.profile
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile
index 874fcf8cb..e3220076d 100644
--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@@ -2,17 +2,17 @@
2# Description: MATE desktop calculator 2# Description: MATE desktop calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mate-calc.local 5include mate-calc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mate-calc 9noblacklist ${HOME}/.config/mate-calc
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${HOME}/.cache/mate-calc 17whitelist ${HOME}/.cache/mate-calc
18whitelist ${HOME}/.config/caja 18whitelist ${HOME}/.config/caja
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile
index 43bb3ebb4..442acf8ff 100644
--- a/etc/mate-calculator.profile
+++ b/etc/mate-calculator.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/mate-calc.profile 6include mate-calc.profile
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile
index c3a3ee446..1ba744d5a 100644
--- a/etc/mate-color-select.profile
+++ b/etc/mate-color-select.profile
@@ -1,16 +1,16 @@
1# Firejail profile for mate-color-select 1# Firejail profile for mate-color-select
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/mate-color-select.local 4include mate-color-select.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15whitelist ${HOME}/.config/gtk-3.0 15whitelist ${HOME}/.config/gtk-3.0
16whitelist ${HOME}/.fonts 16whitelist ${HOME}/.fonts
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index b0bd99519..ba179dfdd 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -1,17 +1,17 @@
1# Firejail profile for mate-dictionary 1# Firejail profile for mate-dictionary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/mate-dictionary.local 4include mate-dictionary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mate/mate-dictionary 8noblacklist ${HOME}/.config/mate/mate-dictionary
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16whitelist ${HOME}/.config/mate/mate-dictionary 16whitelist ${HOME}/.config/mate/mate-dictionary
17whitelist ${HOME}/.config/gtk-3.0 17whitelist ${HOME}/.config/gtk-3.0
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/mathematica.profile b/etc/mathematica.profile
index 984ea9e97..5f29181cd 100644
--- a/etc/mathematica.profile
+++ b/etc/mathematica.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/Mathematica.profile 6include Mathematica.profile
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index 0ed8952e5..ea4cb0250 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -2,18 +2,18 @@
2# Description: Small Jabber (XMPP) console client 2# Description: Small Jabber (XMPP) console client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mcabber.local 5include mcabber.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.mcabber 9noblacklist ${HOME}/.mcabber
10noblacklist ${HOME}/.mcabberrc 10noblacklist ${HOME}/.mcabberrc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol inet,inet6 27protocol inet,inet6
27seccomp 28seccomp
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index 7556098a7..115444e0f 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -2,17 +2,17 @@
2# Description: Command-line utility for reading information from audio/video files 2# Description: Command-line utility for reading information from audio/video files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mediainfo.local 5include mediainfo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile
index e53ced860..06e140990 100644
--- a/etc/mediathekview.profile
+++ b/etc/mediathekview.profile
@@ -2,9 +2,9 @@
2# Description: View streams from German public television stations 2# Description: View streams from German public television stations
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mediathekview.local 5include mediathekview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.config/smplayer 10noblacklist ${HOME}/.config/smplayer
@@ -23,13 +23,13 @@ noblacklist /usr/lib/java
23noblacklist /etc/java 23noblacklist /etc/java
24noblacklist /usr/share/java 24noblacklist /usr/share/java
25 25
26include /etc/firejail/disable-common.inc 26include disable-common.inc
27include /etc/firejail/disable-devel.inc 27include disable-devel.inc
28include /etc/firejail/disable-interpreters.inc 28include disable-interpreters.inc
29include /etc/firejail/disable-passwdmgr.inc 29include disable-passwdmgr.inc
30include /etc/firejail/disable-programs.inc 30include disable-programs.inc
31 31
32include /etc/firejail/whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
@@ -38,6 +38,7 @@ nogroups
38nonewprivs 38nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f
41novideo 42novideo
42protocol unix,inet,inet6 43protocol unix,inet,inet6
43seccomp 44seccomp
diff --git a/etc/meld.profile b/etc/meld.profile
index 1a7935800..2b87094fb 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -2,18 +2,18 @@
2# Description: Graphical tool to diff and merge files 2# Description: Graphical tool to diff and merge files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/meld.local 5include meld.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/meld 9noblacklist ${HOME}/.local/share/meld
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/mencoder.profile b/etc/mencoder.profile
new file mode 100644
index 000000000..136412d11
--- /dev/null
+++ b/etc/mencoder.profile
@@ -0,0 +1,28 @@
1# Firejail profile for mencoder
2# Description: Free command line video decoding, encoding and filtering tool
3# This file is overwritten after every install/update
4# Persistent local customizations
5include mencoder.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10include disable-common.inc
11include disable-devel.inc
12include disable-interpreters.inc
13include disable-passwdmgr.inc
14include disable-programs.inc
15
16net none
17no3d
18nodbus
19nosound
20notv
21nou2f
22protocol unix
23seccomp
24shell none
25
26private-bin mencoder
27
28include mplayer.profile
diff --git a/etc/midori.profile b/etc/midori.profile
index 7c56910a7..6a69f2282 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight web browser 2# Description: Lightweight web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/midori.local 5include midori.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/midori 9noblacklist ${HOME}/.config/midori
10noblacklist ${HOME}/.local/share/midori 10noblacklist ${HOME}/.local/share/midori
@@ -12,10 +12,10 @@ noblacklist ${HOME}/.local/share/midori
12# noblacklist ${HOME}/.local/share/webkitgtk 12# noblacklist ${HOME}/.local/share/webkitgtk
13noblacklist ${HOME}/.pki 13noblacklist ${HOME}/.pki
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/midori 20mkdir ${HOME}/.cache/midori
21mkdir ${HOME}/.config/midori 21mkdir ${HOME}/.config/midori
@@ -33,7 +33,7 @@ whitelist ${HOME}/.local/share/midori
33whitelist ${HOME}/.local/share/webkit 33whitelist ${HOME}/.local/share/webkit
34whitelist ${HOME}/.local/share/webkitgtk 34whitelist ${HOME}/.local/share/webkitgtk
35whitelist ${HOME}/.pki 35whitelist ${HOME}/.pki
36include /etc/firejail/whitelist-common.inc 36include whitelist-common.inc
37 37
38caps.drop all 38caps.drop all
39netfilter 39netfilter
diff --git a/etc/min.profile b/etc/min.profile
index 91c6fce3c..3029c2952 100644
--- a/etc/min.profile
+++ b/etc/min.profile
@@ -2,24 +2,24 @@
2# Description: A faster, smarter web browser. 2# Description: A faster, smarter web browser.
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/min.local 5include min.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Min 9noblacklist ${HOME}/.config/Min
10 10
11noblacklist ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.pki 18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.pki 20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25# ipc-namespace 25# ipc-namespace
@@ -33,6 +33,7 @@ nogroups
33nonewprivs 33nonewprivs
34noroot 34noroot
35notv 35notv
36nou2f
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
38shell none 39shell none
diff --git a/etc/minetest.profile b/etc/minetest.profile
index 3e06b6d30..17b39f7c6 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -2,22 +2,22 @@
2# Description: Multiplayer infinite-world block sandbox 2# Description: Multiplayer infinite-world block sandbox
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/minetest.local 5include minetest.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.minetest 9noblacklist ${HOME}/.minetest
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.minetest 17mkdir ${HOME}/.minetest
18whitelist ${HOME}/.minetest 18whitelist ${HOME}/.minetest
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index 421637509..4500f74a5 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -2,19 +2,19 @@
2# Description: Simple Xfce oriented text editor 2# Description: Simple Xfce oriented text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mousepad.local 5include mousepad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Mousepad 9noblacklist ${HOME}/.config/Mousepad
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27protocol unix 28protocol unix
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 709f2ef89..4f0977c40 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -2,21 +2,21 @@
2# Description: Music Player Daemon 2# Description: Music Player Daemon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mpd.local 5include mpd.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpd 9noblacklist ${HOME}/.config/mpd
10noblacklist ${HOME}/.mpd 10noblacklist ${HOME}/.mpd
11noblacklist ${HOME}/.mpdconf 11noblacklist ${HOME}/.mpdconf
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nodvd
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/mplayer.profile b/etc/mplayer.profile
index 29ef21b9d..8c0b50eca 100644
--- a/etc/mplayer.profile
+++ b/etc/mplayer.profile
@@ -2,28 +2,29 @@
2# Description: Movie player for Unix-like systems 2# Description: Movie player for Unix-like systems
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mplayer.local 5include mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.mplayer 9noblacklist ${HOME}/.mplayer
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
24# nogroups 24# nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27nou2f
27protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/mpv.profile b/etc/mpv.profile
index 5747cd3fa..3d73a8eae 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -2,9 +2,9 @@
2# Description: Video player based on MPlayer/mplayer2 2# Description: Video player based on MPlayer/mplayer2
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mpv.local 5include mpv.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29apparmor 29apparmor
30caps.drop all 30caps.drop all
@@ -34,6 +34,7 @@ nodbus
34nogroups 34nogroups
35nonewprivs 35nonewprivs
36noroot 36noroot
37nou2f
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
39shell none 40shell none
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile
index 4fb8c6fc1..e103baf19 100644
--- a/etc/ms-excel.profile
+++ b/etc/ms-excel.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Excel 1# Firejail profile for Microsoft Office Online - Excel
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-excel.local 4include ms-excel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-excel-online 8noblacklist ${HOME}/.cache/ms-excel-online
9private-bin ms-excel 9private-bin ms-excel
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-office.profile b/etc/ms-office.profile
index cedc5eff4..6c8cb213f 100644
--- a/etc/ms-office.profile
+++ b/etc/ms-office.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Microsoft Office Online 1# Firejail profile for Microsoft Office Online
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-office.local 4include ms-office.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-office-online 8noblacklist ${HOME}/.cache/ms-office-online
9noblacklist ${HOME}/.jak 9noblacklist ${HOME}/.jak
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile
index 520544ab4..1259d55c8 100644
--- a/etc/ms-onenote.profile
+++ b/etc/ms-onenote.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Onenote 1# Firejail profile for Microsoft Office Online - Onenote
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-onenote.local 4include ms-onenote.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-onenote-online 8noblacklist ${HOME}/.cache/ms-onenote-online
9private-bin ms-onenote 9private-bin ms-onenote
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile
index e438bbdfc..a9fadc2c1 100644
--- a/etc/ms-outlook.profile
+++ b/etc/ms-outlook.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Outlook 1# Firejail profile for Microsoft Office Online - Outlook
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-outlook.local 4include ms-outlook.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-outlook-online 8noblacklist ${HOME}/.cache/ms-outlook-online
9private-bin ms-outlook 9private-bin ms-outlook
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile
index 82be095d0..4c096de4e 100644
--- a/etc/ms-powerpoint.profile
+++ b/etc/ms-powerpoint.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Powerpoint 1# Firejail profile for Microsoft Office Online - Powerpoint
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-powerpoint.local 4include ms-powerpoint.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-powerpoint-online 8noblacklist ${HOME}/.cache/ms-powerpoint-online
9private-bin ms-powerpoint 9private-bin ms-powerpoint
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile
index fa3c4a314..02084d923 100644
--- a/etc/ms-skype.profile
+++ b/etc/ms-skype.profile
@@ -1,13 +1,13 @@
1# Firejail profile for Microsoft Office Online - Skype 1# Firejail profile for Microsoft Office Online - Skype
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-skype.local 4include ms-skype.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-skype-online 8noblacklist ${HOME}/.cache/ms-skype-online
9ignore novideo 9ignore novideo
10private-bin ms-skype 10private-bin ms-skype
11 11
12# Redirect 12# Redirect
13include /etc/firejail/ms-office.profile 13include ms-office.profile
diff --git a/etc/ms-word.profile b/etc/ms-word.profile
index fdcab27a7..f21e987d4 100644
--- a/etc/ms-word.profile
+++ b/etc/ms-word.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Word 1# Firejail profile for Microsoft Office Online - Word
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-word.local 4include ms-word.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-word-online 8noblacklist ${HOME}/.cache/ms-word-online
9private-bin ms-word 9private-bin ms-word
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index 2b63c2032..75e6e2804 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -1,9 +1,9 @@
1# Firejail profile for multimc5 1# Firejail profile for multimc5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/multimc5.local 4include multimc5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
9noblacklist ${HOME}/.local/share/multimc 9noblacklist ${HOME}/.local/share/multimc
@@ -16,17 +16,17 @@ noblacklist /usr/lib/java
16noblacklist /etc/java 16noblacklist /etc/java
17noblacklist /usr/share/java 17noblacklist /usr/share/java
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25mkdir ${HOME}/.local/share/multimc 25mkdir ${HOME}/.local/share/multimc
26whitelist ${HOME}/.local/share/multimc 26whitelist ${HOME}/.local/share/multimc
27whitelist ${HOME}/.local/share/multimc5 27whitelist ${HOME}/.local/share/multimc5
28whitelist ${HOME}/.multimc5 28whitelist ${HOME}/.multimc5
29include /etc/firejail/whitelist-common.inc 29include whitelist-common.inc
30 30
31caps.drop all 31caps.drop all
32netfilter 32netfilter
@@ -35,6 +35,7 @@ nogroups
35nonewprivs 35nonewprivs
36noroot 36noroot
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix,inet,inet6 40protocol unix,inet,inet6
40# seccomp 41# seccomp
diff --git a/etc/mumble.profile b/etc/mumble.profile
index c5af9aa42..276e77c68 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -2,25 +2,25 @@
2# Description: Low latency encrypted VoIP client 2# Description: Low latency encrypted VoIP client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mumble.local 5include mumble.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Mumble 9noblacklist ${HOME}/.config/Mumble
10noblacklist ${HOME}/.local/share/data/Mumble 10noblacklist ${HOME}/.local/share/data/Mumble
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/Mumble 18mkdir ${HOME}/.config/Mumble
19mkdir ${HOME}/.local/share/data/Mumble 19mkdir ${HOME}/.local/share/data/Mumble
20whitelist ${HOME}/.config/Mumble 20whitelist ${HOME}/.config/Mumble
21whitelist ${HOME}/.local/share/data/Mumble 21whitelist ${HOME}/.local/share/data/Mumble
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index b49597e00..011e85c0e 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -2,20 +2,20 @@
2# Description: Lightweight PDF viewer 2# Description: Lightweight PDF viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mupdf.local 5include mupdf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21machine-id 21machine-id
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index a235c44c8..3798609d2 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -2,25 +2,25 @@
2# Description: Nintendo64 Emulator 2# Description: Nintendo64 Emulator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mupen64plus.local 5include mupen64plus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mupen64plus 9noblacklist ${HOME}/.config/mupen64plus
10noblacklist ${HOME}/.local/share/mupen64plus 10noblacklist ${HOME}/.local/share/mupen64plus
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18# you'll need to manually whitelist ROM files 18# you'll need to manually whitelist ROM files
19mkdir ${HOME}/.config/mupen64plus 19mkdir ${HOME}/.config/mupen64plus
20mkdir ${HOME}/.local/share/mupen64plus 20mkdir ${HOME}/.local/share/mupen64plus
21whitelist ${HOME}/.config/mupen64plus/ 21whitelist ${HOME}/.config/mupen64plus/
22whitelist ${HOME}/.local/share/mupen64plus/ 22whitelist ${HOME}/.local/share/mupen64plus/
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/musescore.profile b/etc/musescore.profile
index 3eb929bd1..5f009c681 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -2,9 +2,9 @@
2# Description: Free music composition and notation software 2# Description: Free music composition and notation software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/musescore.local 5include musescore.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/MusE 9noblacklist ${HOME}/.config/MusE
10noblacklist ${HOME}/.config/MuseScore 10noblacklist ${HOME}/.config/MuseScore
@@ -13,14 +13,14 @@ noblacklist ${HOME}/.local/share/data/MuseScore
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14noblacklist ${MUSIC} 14noblacklist ${MUSIC}
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile
index ba010d6a3..d5fde525e 100644
--- a/etc/musixmatch.profile
+++ b/etc/musixmatch.profile
@@ -1,17 +1,17 @@
1# Firejail profile for Musixmatch 1# Firejail profile for Musixmatch
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/musixmatch.local 4include musixmatch.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${MUSIC} 8noblacklist ${MUSIC}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
@@ -24,6 +24,7 @@ noroot
24nogroups 24nogroups
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6,netlink 29protocol unix,inet,inet6,netlink
29seccomp 30seccomp
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 6cb09ec78..b092f2333 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -2,9 +2,9 @@
2# Description: Text-based mailreader supporting MIME, GPG, PGP and threading 2# Description: Text-based mailreader supporting MIME, GPG, PGP and threading
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mutt.local 5include mutt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -32,11 +32,11 @@ noblacklist ${HOME}/mail
32noblacklist ${HOME}/postponed 32noblacklist ${HOME}/postponed
33noblacklist ${HOME}/sent 33noblacklist ${HOME}/sent
34 34
35include /etc/firejail/disable-common.inc 35include disable-common.inc
36include /etc/firejail/disable-devel.inc 36include disable-devel.inc
37include /etc/firejail/disable-interpreters.inc 37include disable-interpreters.inc
38include /etc/firejail/disable-passwdmgr.inc 38include disable-passwdmgr.inc
39include /etc/firejail/disable-programs.inc 39include disable-programs.inc
40 40
41caps.drop all 41caps.drop all
42netfilter 42netfilter
@@ -47,6 +47,7 @@ nonewprivs
47noroot 47noroot
48nosound 48nosound
49notv 49notv
50nou2f
50novideo 51novideo
51protocol unix,inet,inet6 52protocol unix,inet,inet6
52seccomp 53seccomp
diff --git a/etc/natron.profile b/etc/natron.profile
index 76e909f83..790fe437d 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -1,9 +1,9 @@
1# Firejail profile for natron 1# Firejail profile for natron
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/natron.local 4include natron.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Allow access to python 8# Allow access to python
9noblacklist ${PATH}/python2* 9noblacklist ${PATH}/python2*
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.cache/INRIA/Natron
16noblacklist ${HOME}/.config/INRIA 16noblacklist ${HOME}/.config/INRIA
17noblacklist /opt/natron 17noblacklist /opt/natron
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 1809a6b3c..13fe9a9e1 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -2,9 +2,9 @@
2# Description: File manager and graphical shell for GNOME 2# Description: File manager and graphical shell for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nautilus.local 5include nautilus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there 9# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10# is already a nautilus process running on gnome desktops firejail will have no effect. 10# is already a nautilus process running on gnome desktops firejail will have no effect.
@@ -20,11 +20,11 @@ noblacklist ${PATH}/python3*
20noblacklist /usr/lib/python2* 20noblacklist /usr/lib/python2*
21noblacklist /usr/lib/python3* 21noblacklist /usr/lib/python3*
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27# include /etc/firejail/disable-programs.inc 27# include disable-programs.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/ncdu.profile b/etc/ncdu.profile
index fa566b9fd..ac0fd19b2 100644
--- a/etc/ncdu.profile
+++ b/etc/ncdu.profile
@@ -2,9 +2,9 @@
2# Description: Ncurses disk usage viewer 2# Description: Ncurses disk usage viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ncdu.local 5include ncdu.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9caps.drop all 9caps.drop all
10ipc-namespace 10ipc-namespace
@@ -17,6 +17,7 @@ nonewprivs
17noroot 17noroot
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21protocol unix 22protocol unix
22seccomp 23seccomp
diff --git a/etc/nemo.profile b/etc/nemo.profile
index 98e4ba1bd..8da094015 100644
--- a/etc/nemo.profile
+++ b/etc/nemo.profile
@@ -2,9 +2,9 @@
2# Description: File manager and graphical shell for Cinnamon 2# Description: File manager and graphical shell for Cinnamon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nemo.local 5include nemo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nemo 9noblacklist ${HOME}/.config/nemo
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -17,10 +17,10 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index cb38d9de0..0ddb7bbbe 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -2,24 +2,24 @@
2# Description: Lightweight and fast web browser 2# Description: Lightweight and fast web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/netsurf.local 5include netsurf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/netsurf 9noblacklist ${HOME}/.cache/netsurf
10noblacklist ${HOME}/.config/netsurf 10noblacklist ${HOME}/.config/netsurf
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/netsurf 17mkdir ${HOME}/.cache/netsurf
18mkdir ${HOME}/.config/netsurf 18mkdir ${HOME}/.config/netsurf
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/netsurf 20whitelist ${HOME}/.cache/netsurf
21whitelist ${HOME}/.config/netsurf 21whitelist ${HOME}/.config/netsurf
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/neverball.profile b/etc/neverball.profile
index 5e6032ae5..34493485a 100644
--- a/etc/neverball.profile
+++ b/etc/neverball.profile
@@ -2,21 +2,21 @@
2# Description: 3D floor-tilting game 2# Description: 3D floor-tilting game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/neverball.local 5include neverball.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.neverball 9noblacklist ${HOME}/.neverball
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.neverball 17mkdir ${HOME}/.neverball
18whitelist ${HOME}/.neverball 18whitelist ${HOME}/.neverball
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
diff --git a/etc/nheko.profile b/etc/nheko.profile
index f216a9fa5..ea99b2f5a 100644
--- a/etc/nheko.profile
+++ b/etc/nheko.profile
@@ -2,18 +2,18 @@
2# Description: Desktop IM client for the Matrix protocol 2# Description: Desktop IM client for the Matrix protocol
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nheko.local 5include nheko.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nheko 9noblacklist ${HOME}/.config/nheko
10noblacklist ${HOME}/.cache/nheko/nheko 10noblacklist ${HOME}/.cache/nheko/nheko
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/nheko 18mkdir ${HOME}/.config/nheko
19mkdir ${HOME}/.cache/nheko/nheko 19mkdir ${HOME}/.cache/nheko/nheko
@@ -22,7 +22,7 @@ whitelist ${HOME}/.config/nheko
22whitelist ${HOME}/.cache/nheko/nheko 22whitelist ${HOME}/.cache/nheko/nheko
23whitelist ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24 24
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-cli.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-nmh.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-send.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-ui.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile
new file mode 100644
index 000000000..67c651429
--- /dev/null
+++ b/etc/nitroshare.profile
@@ -0,0 +1,50 @@
1# Firejail profile for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4# Persistent local customizations
5include nitroshare.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/Nathan Osman
10noblacklist ${HOME}/.config/NitroShare
11
12# Allow python (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/python2*
14noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3*
17
18include disable-common.inc
19include disable-devel.inc
20include disable-interpreters.inc
21include disable-passwdmgr.inc
22include disable-programs.inc
23
24caps.drop all
25netfilter
26no3d
27# nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32nosound
33notv
34nou2f
35novideo
36protocol unix,inet,inet6,netlink
37seccomp
38shell none
39
40disable-mnt
41private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui
42private-cache
43private-dev
44private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl
45# private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/nylas.profile b/etc/nylas.profile
index 28305a203..263e09198 100644
--- a/etc/nylas.profile
+++ b/etc/nylas.profile
@@ -1,23 +1,23 @@
1# Firejail profile for nylas 1# Firejail profile for nylas
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/nylas.local 4include nylas.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Nylas Mail 8noblacklist ${HOME}/.config/Nylas Mail
9noblacklist ${HOME}/.nylas-mail 9noblacklist ${HOME}/.nylas-mail
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/Nylas Mail 18whitelist ${HOME}/.config/Nylas Mail
19whitelist ${HOME}/.nylas-mail 19whitelist ${HOME}/.nylas-mail
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
diff --git a/etc/obs.profile b/etc/obs.profile
index 611ecdd67..87afdc222 100644
--- a/etc/obs.profile
+++ b/etc/obs.profile
@@ -1,9 +1,9 @@
1# Firejail profile for obs 1# Firejail profile for obs
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/obs.local 4include obs.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/obs-studio 8noblacklist ${HOME}/.config/obs-studio
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29nodvd 29nodvd
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index 59470f3bb..3a1369b83 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -2,20 +2,20 @@
2# Description: Simple converter from OpenDocument Text to plain text 2# Description: Simple converter from OpenDocument Text to plain text
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/odt2txt.local 5include odt2txt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21net none 21net none
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/okular.profile b/etc/okular.profile
index 0f15500af..0192a1d3d 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -2,9 +2,9 @@
2# Description: Universal document viewer 2# Description: Universal document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/okular.local 5include okular.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/okular 9noblacklist ${HOME}/.cache/okular
10noblacklist ${HOME}/.config/okularpartrc 10noblacklist ${HOME}/.config/okularpartrc
@@ -18,14 +18,14 @@ noblacklist ${HOME}/.kde4/share/config/okularrc
18noblacklist ${HOME}/.local/share/okular 18noblacklist ${HOME}/.local/share/okular
19noblacklist ${DOCUMENTS} 19noblacklist ${DOCUMENTS}
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26include /etc/firejail/disable-xdg.inc 26include disable-xdg.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30apparmor 30apparmor
31caps.drop all 31caps.drop all
@@ -39,6 +39,7 @@ nonewprivs
39noroot 39noroot
40nosound 40nosound
41notv 41notv
42nou2f
42novideo 43novideo
43protocol unix 44protocol unix
44seccomp 45seccomp
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
index 1c93ef9b9..1955901b0 100644
--- a/etc/onionshare-gui.profile
+++ b/etc/onionshare-gui.profile
@@ -1,9 +1,9 @@
1# Firejail profile for onionshare-gui 1# Firejail profile for onionshare-gui
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/onionshare-gui.local 4include onionshare-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/onionshare 8noblacklist ${HOME}/.config/onionshare
9 9
@@ -11,13 +11,13 @@ noblacklist ${HOME}/.config/onionshare
11noblacklist ${PATH}/python3* 11noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python3* 12noblacklist /usr/lib/python3*
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 1cd9e9537..108398104 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -2,21 +2,21 @@
2# Description: Space Invaders clone 2# Description: Space Invaders clone
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/open-invaders.local 5include open-invaders.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.openinvaders 9noblacklist ${HOME}/.openinvaders
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.openinvaders 17mkdir ${HOME}/.openinvaders
18whitelist ${HOME}/.openinvaders 18whitelist ${HOME}/.openinvaders
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/openbox.profile b/etc/openbox.profile
index 1540b71bd..1fb93c79c 100644
--- a/etc/openbox.profile
+++ b/etc/openbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/openbox.local 5include openbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in OpenBox will run in this profile 9# all applications started in OpenBox will run in this profile
10noblacklist ${HOME}/.config/openbox 10noblacklist ${HOME}/.config/openbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile
index cbd1f8fe8..b86073b41 100644
--- a/etc/openshot-qt.profile
+++ b/etc/openshot-qt.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/openshot.profile 6include openshot.profile
diff --git a/etc/openshot.profile b/etc/openshot.profile
index 242511243..e383ecf06 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -2,9 +2,9 @@
2# Description: Create and edit videos and movies 2# Description: Create and edit videos and movies
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/openshot.local 5include openshot.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.openshot 9noblacklist ${HOME}/.openshot
10noblacklist ${HOME}/.openshot_qt 10noblacklist ${HOME}/.openshot_qt
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index 38a3152d2..8658d30c6 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -1,9 +1,9 @@
1# Firejail profile for opera-beta 1# Firejail profile for opera-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/opera-beta.local 4include opera-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/opera 8noblacklist ${HOME}/.cache/opera
9noblacklist ${HOME}/.config/opera-beta 9noblacklist ${HOME}/.config/opera-beta
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/opera
14whitelist ${HOME}/.config/opera-beta 14whitelist ${HOME}/.config/opera-beta
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/opera.profile b/etc/opera.profile
index 294041c24..b342b3961 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -2,9 +2,9 @@
2# Description: A fast and secure web browser 2# Description: A fast and secure web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/opera.local 5include opera.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/opera 9noblacklist ${HOME}/.cache/opera
10noblacklist ${HOME}/.config/opera 10noblacklist ${HOME}/.config/opera
@@ -18,4 +18,4 @@ whitelist ${HOME}/.config/opera
18whitelist ${HOME}/.opera 18whitelist ${HOME}/.opera
19 19
20# Redirect 20# Redirect
21include /etc/firejail/chromium-common.profile 21include chromium-common.profile
diff --git a/etc/orage.profile b/etc/orage.profile
index 8fc6330d9..29b8ef749 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -2,19 +2,19 @@
2# Description: Calendar for Xfce Desktop Environment 2# Description: Calendar for Xfce Desktop Environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/orage.local 5include orage.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/orage 9noblacklist ${HOME}/.config/orage
10noblacklist ${HOME}/.local/share/orage 10noblacklist ${HOME}/.local/share/orage
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/p7zip.profile b/etc/p7zip.profile
index f8b2d6f1a..644292f2b 100644
--- a/etc/p7zip.profile
+++ b/etc/p7zip.profile
@@ -2,10 +2,10 @@
2# Description: 7zr file archiver with high compression ratio 2# Description: 7zr file archiver with high compression ratio
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/p7zip.local 5include p7zip.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile 7# added by included profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10# Redirect 10# Redirect
11include /etc/firejail/7z.profile 11include 7z.profile
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 1104acff4..11464e6cf 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -1,9 +1,9 @@
1# Firejail profile for palemoon 1# Firejail profile for palemoon
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/palemoon.local 4include palemoon.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/moonchild productions/pale moon 8noblacklist ${HOME}/.cache/moonchild productions/pale moon
9noblacklist ${HOME}/.moonchild productions/pale moon 9noblacklist ${HOME}/.moonchild productions/pale moon
@@ -23,4 +23,4 @@ seccomp
23#private-opt palemoon 23#private-opt palemoon
24 24
25# Redirect 25# Redirect
26include /etc/firejail/firefox-common.profile 26include firefox-common.profile
diff --git a/etc/parole.profile b/etc/parole.profile
index 00e1466b4..9ad59d2e6 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -2,19 +2,19 @@
2# Description: Media player based on GStreamer framework 2# Description: Media player based on GStreamer framework
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/parole.local 5include parole.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10noblacklist ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/patch.profile b/etc/patch.profile
index 8fa6ac966..26542e229 100644
--- a/etc/patch.profile
+++ b/etc/patch.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/patch.local 6include patch.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index c7e449166..0c1e95e63 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -2,19 +2,19 @@
2# Description: Extremely fast and lightweight file manager 2# Description: Extremely fast and lightweight file manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pcmanfm.local 5include pcmanfm.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/Trash 9noblacklist ${HOME}/.local/share/Trash
10# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below 10# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
11# noblacklist ${HOME}/.config/pcmanfm 11# noblacklist ${HOME}/.config/pcmanfm
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17# include /etc/firejail/disable-programs.inc 17# include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20# net none - see issue #1467, computer:/// location broken 20# net none - see issue #1467, computer:/// location broken
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
index f6a615632..f0db20b74 100644
--- a/etc/pdfchain.profile
+++ b/etc/pdfchain.profile
@@ -1,20 +1,20 @@
1# Firejail profile for pdfchain 1# Firejail profile for pdfchain
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pdfchain.local 4include pdfchain.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile
index 34cf5e44f..3b6116c85 100644
--- a/etc/pdfmod.profile
+++ b/etc/pdfmod.profile
@@ -2,22 +2,22 @@
2# Description: Simple tool for modifying PDF documents 2# Description: Simple tool for modifying PDF documents
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pdfmod.local 5include pdfmod.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/pdfmod 9noblacklist ${HOME}/.cache/pdfmod
10noblacklist ${HOME}/.config/pdfmod 10noblacklist ${HOME}/.config/pdfmod
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index a09ab0a8a..4eed98e88 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -2,9 +2,9 @@
2# Description: PDF Split and Merge 2# Description: PDF Split and Merge
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pdfsam.local 5include pdfsam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index d162f45b5..6b2b0fba5 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -1,22 +1,22 @@
1# Firejail profile for pdftotext 1# Firejail profile for pdftotext
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pdftotext.local 4include pdftotext.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/peek.profile b/etc/peek.profile
index edc43d006..06e7b3e62 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -1,20 +1,20 @@
1# Firejail profile for peek 1# Firejail profile for peek
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/peek.local 4include peek.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/peek 8noblacklist ${HOME}/.cache/peek
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10noblacklist ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/picard.profile b/etc/picard.profile
index 8474eeda6..dc13d7d6e 100644
--- a/etc/picard.profile
+++ b/etc/picard.profile
@@ -2,9 +2,9 @@
2# Description: Next-Generation MusicBrainz audio files tagger 2# Description: Next-Generation MusicBrainz audio files tagger
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/picard.local 5include picard.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/MusicBrainz 9noblacklist ${HOME}/.cache/MusicBrainz
10noblacklist ${HOME}/.config/MusicBrainz 10noblacklist ${HOME}/.config/MusicBrainz
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29no3d 29no3d
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index e891f5fd8..91a204557 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -2,17 +2,17 @@
2# Description: Graphical multi-protocol instant messaging client 2# Description: Graphical multi-protocol instant messaging client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pidgin.local 5include pidgin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.purple 9noblacklist ${HOME}/.purple
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24protocol unix,inet,inet6 25protocol unix,inet,inet6
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/ping.profile b/etc/ping.profile
index 2b20bf8c9..bdd29c1a1 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -2,17 +2,17 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ping.local 5include ping.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15include /etc/firejail/whitelist-common.inc 15include whitelist-common.inc
16 16
17caps.keep net_raw 17caps.keep net_raw
18ipc-namespace 18ipc-namespace
@@ -27,6 +27,7 @@ nogroups
27#noroot 27#noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31 32
32# protocol command is built using seccomp; nonewprivs will kill it 33# protocol command is built using seccomp; nonewprivs will kill it
@@ -47,5 +48,3 @@ private-tmp
47#memory-deny-write-execute 48#memory-deny-write-execute
48noexec ${HOME} 49noexec ${HOME}
49noexec /tmp 50noexec /tmp
50
51
diff --git a/etc/pingus.profile b/etc/pingus.profile
index 4ce584d1e..f071e664f 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -2,21 +2,21 @@
2# Description: Free Lemmings(TM) clone 2# Description: Free Lemmings(TM) clone
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pingus.local 5include pingus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.pingus 9noblacklist ${HOME}/.pingus
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.pingus 17mkdir ${HOME}/.pingus
18whitelist ${HOME}/.pingus 18whitelist ${HOME}/.pingus
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 506918b92..3dfe3cc1b 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -2,20 +2,20 @@
2# Description: Simple drawing/painting program 2# Description: Simple drawing/painting program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pinta.local 5include pinta.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Pinta 9noblacklist ${HOME}/.config/Pinta
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/pithos.profile b/etc/pithos.profile
index cbe7ac9c6..b201dcfea 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -2,9 +2,9 @@
2# Description: Pandora Radio client for the GNOME desktop 2# Description: Pandora Radio client for the GNOME desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pithos.local 5include pithos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,15 +12,15 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/pitivi.profile b/etc/pitivi.profile
index 6f6aed117..5bd6fd357 100644
--- a/etc/pitivi.profile
+++ b/etc/pitivi.profile
@@ -2,9 +2,9 @@
2# Description: Non-linear audio/video editor using GStreamer 2# Description: Non-linear audio/video editor using GStreamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pitivi.local 5include pitivi.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.config/pitivi 10noblacklist ${HOME}/.config/pitivi
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/pix.profile b/etc/pix.profile
index dfc6d780e..9864ed718 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -1,20 +1,20 @@
1# Firejail profile for pix 1# Firejail profile for pix
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pix.local 4include pix.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/pix 8noblacklist ${HOME}/.config/pix
9noblacklist ${HOME}/.local/share/pix 9noblacklist ${HOME}/.local/share/pix
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile
index 119baf6b5..707c75cec 100644
--- a/etc/playonlinux.profile
+++ b/etc/playonlinux.profile
@@ -2,9 +2,9 @@
2# Description: Front-end for Wine 2# Description: Front-end for Wine
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/playonlinux.local 5include playonlinux.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.local/share/Steam 10noblacklist ${HOME}/.local/share/Steam
@@ -22,11 +22,11 @@ noblacklist ${PATH}/perl
22noblacklist /usr/lib/perl* 22noblacklist /usr/lib/perl*
23noblacklist /usr/share/perl* 23noblacklist /usr/share/perl*
24 24
25include /etc/firejail/disable-common.inc 25include disable-common.inc
26# playonlinux uses perl 26# playonlinux uses perl
27include /etc/firejail/disable-devel.inc 27include disable-devel.inc
28include /etc/firejail/disable-interpreters.inc 28include disable-interpreters.inc
29include /etc/firejail/disable-programs.inc 29include disable-programs.inc
30 30
31caps.drop all 31caps.drop all
32netfilter 32netfilter
diff --git a/etc/pluma.profile b/etc/pluma.profile
index 832e7a3f4..35b141c1a 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -2,19 +2,19 @@
2# Description: Official text editor of the MATE desktop environment 2# Description: Official text editor of the MATE desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pluma.local 5include pluma.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/pluma 9noblacklist ${HOME}/.config/pluma
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19# apparmor - makes settings immutable 19# apparmor - makes settings immutable
20caps.drop all 20caps.drop all
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/polari.profile b/etc/polari.profile
index cb6b0f73c..5fa717cb3 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -2,15 +2,15 @@
2# Description: Internet Relay Chat (IRC) client 2# Description: Internet Relay Chat (IRC) client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/polari.local 5include polari.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.cache/telepathy 15mkdir ${HOME}/.cache/telepathy
16mkdir ${HOME}/.config/telepathy-account-widgets 16mkdir ${HOME}/.config/telepathy-account-widgets
@@ -24,7 +24,7 @@ whitelist ${HOME}/.local/share/Empathy
24whitelist ${HOME}/.local/share/TpLogger 24whitelist ${HOME}/.local/share/TpLogger
25whitelist ${HOME}/.local/share/telepathy 25whitelist ${HOME}/.local/share/telepathy
26whitelist ${HOME}/.purple 26whitelist ${HOME}/.purple
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36nosound 36nosound
37notv 37notv
38nou2f
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
40shell none 41shell none
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
index 8fcc19e65..fc37e6fd2 100644
--- a/etc/ppsspp.profile
+++ b/etc/ppsspp.profile
@@ -2,23 +2,23 @@
2# Description: A PSP emulator written in C++ 2# Description: A PSP emulator written in C++
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ppsspp.local 5include ppsspp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ppsspp 9noblacklist ${HOME}/.config/ppsspp
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11# with >=llvm-4 mesa drivers need llvm stuff 11# with >=llvm-4 mesa drivers need llvm stuff
12noblacklist /usr/lib/llvm* 12noblacklist /usr/lib/llvm*
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index d2612c95c..7ec789440 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -2,18 +2,18 @@
2# Description: Qt-based XMPP/Jabber client 2# Description: Qt-based XMPP/Jabber client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/psi-plus.local 5include psi-plus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/psi+ 9noblacklist ${HOME}/.config/psi+
10noblacklist ${HOME}/.local/share/psi+ 10noblacklist ${HOME}/.local/share/psi+
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/psi+ 18mkdir ${HOME}/.cache/psi+
19mkdir ${HOME}/.config/psi+ 19mkdir ${HOME}/.config/psi+
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/psi+ 22whitelist ${HOME}/.cache/psi+
23whitelist ${HOME}/.config/psi+ 23whitelist ${HOME}/.config/psi+
24whitelist ${HOME}/.local/share/psi+ 24whitelist ${HOME}/.local/share/psi+
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile
index 02c35b104..eea0d9e9f 100644
--- a/etc/pybitmessage.profile
+++ b/etc/pybitmessage.profile
@@ -1,9 +1,9 @@
1# Firejail profile for pybitmessage 1# Firejail profile for pybitmessage
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pybitmessage.local 4include pybitmessage.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist /sbin 8noblacklist /sbin
9noblacklist /usr/local/sbin 9noblacklist /usr/local/sbin
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6,netlink 38protocol unix,inet,inet6,netlink
38seccomp 39seccomp
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile
index 89bb9dadf..32fdc750f 100644
--- a/etc/pycharm-community.profile
+++ b/etc/pycharm-community.profile
@@ -1,9 +1,9 @@
1# Firejail profile for pycharm-community 1# Firejail profile for pycharm-community
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pycharm-community.local 4include pycharm-community.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/snap 8noblacklist ${HOME}/snap
9noblacklist ${HOME}/.PyCharmCE* 9noblacklist ${HOME}/.PyCharmCE*
@@ -15,10 +15,10 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24machine-id 24machine-id
@@ -26,6 +26,7 @@ nodvd
26nogroups 26nogroups
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30shell none 31shell none
31tracelog 32tracelog
diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile
index b28082dc4..a14d0268b 100644
--- a/etc/pycharm-professional.profile
+++ b/etc/pycharm-professional.profile
@@ -4,4 +4,4 @@
4noblacklist ${HOME}/.PyCharm* 4noblacklist ${HOME}/.PyCharm*
5 5
6# Redirect 6# Redirect
7include /etc/firejail/pycharm-community.profile 7include pycharm-community.profile
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 4ba5d3871..b6b94c703 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI 2# Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qbittorrent.local 5include qbittorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/qBittorrent 9noblacklist ${HOME}/.cache/qBittorrent
10noblacklist ${HOME}/.config/qBittorrent 10noblacklist ${HOME}/.config/qBittorrent
@@ -17,11 +17,11 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26mkdir ${HOME}/.cache/qBittorrent 26mkdir ${HOME}/.cache/qBittorrent
27mkdir ${HOME}/.config/qBittorrent 27mkdir ${HOME}/.config/qBittorrent
@@ -31,8 +31,8 @@ whitelist ${HOME}/.cache/qBittorrent
31whitelist ${HOME}/.config/qBittorrent 31whitelist ${HOME}/.config/qBittorrent
32whitelist ${HOME}/.config/qBittorrentrc 32whitelist ${HOME}/.config/qBittorrentrc
33whitelist ${HOME}/.local/share/data/qBittorrent 33whitelist ${HOME}/.local/share/data/qBittorrent
34include /etc/firejail/whitelist-common.inc 34include whitelist-common.inc
35include /etc/firejail/whitelist-var-common.inc 35include whitelist-var-common.inc
36 36
37apparmor 37apparmor
38caps.drop all 38caps.drop all
@@ -45,6 +45,7 @@ nonewprivs
45noroot 45noroot
46nosound 46nosound
47notv 47notv
48nou2f
48novideo 49novideo
49protocol unix,inet,inet6,netlink 50protocol unix,inet,inet6,netlink
50seccomp 51seccomp
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index 263c71535..ac60384fd 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -1,15 +1,15 @@
1# Firejail profile for qemu-launcher 1# Firejail profile for qemu-launcher
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qemu-launcher.local 4include qemu-launcher.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.qemu-launcher 8noblacklist ${HOME}/.qemu-launcher
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15netfilter 15netfilter
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 3ab25e92e..1399328d3 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -1,14 +1,14 @@
1# Firejail profile for qemu-system-x86_64 1# Firejail profile for qemu-system-x86_64
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qemu-system-x86_64.local 4include qemu-system-x86_64.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-passwdmgr.inc 10include disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
index 1293fa30d..ec0b6c64d 100644
--- a/etc/qlipper.profile
+++ b/etc/qlipper.profile
@@ -2,18 +2,18 @@
2# Description: Lightweight and cross-platform clipboard history applet 2# Description: Lightweight and cross-platform clipboard history applet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qlipper.local 5include qlipper.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Qlipper 9noblacklist ${HOME}/.config/Qlipper
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/qmmp.profile b/etc/qmmp.profile
index 9d127731f..66c27a585 100644
--- a/etc/qmmp.profile
+++ b/etc/qmmp.profile
@@ -2,18 +2,18 @@
2# Description: Feature-rich audio player with support of many formats 2# Description: Feature-rich audio player with support of many formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qmmp.local 5include qmmp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.qmmp 9noblacklist ${HOME}/.qmmp
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 3063010cc..06598c769 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -2,22 +2,22 @@
2# Description: Tabbed document viewer 2# Description: Tabbed document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qpdfview.local 5include qpdfview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/qpdfview 9noblacklist ${HOME}/.config/qpdfview
10noblacklist ${HOME}/.local/share/qpdfview 10noblacklist ${HOME}/.local/share/qpdfview
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23machine-id 23machine-id
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 3c1697085..450e005f7 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -2,23 +2,23 @@
2# Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines 2# Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qtox.local 5include qtox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/tox 9noblacklist ${HOME}/.config/tox
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/tox 17mkdir ${HOME}/.config/tox
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.config/tox 19whitelist ${HOME}/.config/tox
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/quassel.profile b/etc/quassel.profile
index 69c6aa61b..a78d1edcd 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -2,15 +2,15 @@
2# Description: Distributed IRC client 2# Description: Distributed IRC client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/quassel.local 5include quassel.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 368a3d996..ce0816114 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -2,20 +2,20 @@
2# Description: RSS/Atom news feeds reader 2# Description: RSS/Atom news feeds reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/quiterss.local 5include quiterss.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/QuiteRss 9noblacklist ${HOME}/.cache/QuiteRss
10noblacklist ${HOME}/.config/QuiteRss 10noblacklist ${HOME}/.config/QuiteRss
11noblacklist ${HOME}/.config/QuiteRssrc 11noblacklist ${HOME}/.config/QuiteRssrc
12noblacklist ${HOME}/.local/share/QuiteRss 12noblacklist ${HOME}/.local/share/QuiteRss
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/QuiteRss 20mkdir ${HOME}/.cache/QuiteRss
21mkdir ${HOME}/.config/QuiteRss 21mkdir ${HOME}/.config/QuiteRss
@@ -27,7 +27,7 @@ whitelist ${HOME}/.config/QuiteRssrc
27whitelist ${HOME}/.local/share/data/QuiteRss 27whitelist ${HOME}/.local/share/data/QuiteRss
28whitelist ${HOME}/.local/share/QuiteRss 28whitelist ${HOME}/.local/share/QuiteRss
29whitelist ${HOME}/quiterssfeeds.opml 29whitelist ${HOME}/quiterssfeeds.opml
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
@@ -37,6 +37,7 @@ nonewprivs
37noroot 37noroot
38nosound 38nosound
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile
index e73e8a5e1..efee6ce84 100644
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@@ -1,24 +1,24 @@
1# Firejail profile for qupzilla 1# Firejail profile for qupzilla
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qupzilla.local 4include qupzilla.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/qupzilla 8noblacklist ${HOME}/.cache/qupzilla
9noblacklist ${HOME}/.config/qupzilla 9noblacklist ${HOME}/.config/qupzilla
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.cache/qupzilla 18whitelist ${HOME}/.cache/qupzilla
19whitelist ${HOME}/.config/qupzilla 19whitelist ${HOME}/.config/qupzilla
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31# blacklisting of chroot system calls breaks qupzilla 32# blacklisting of chroot system calls breaks qupzilla
32seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 33seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index d4d8e3b97..ac9f9bfd9 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -2,9 +2,9 @@
2# Description: Keyboard-driven, vim-like browser based on PyQt5 2# Description: Keyboard-driven, vim-like browser based on PyQt5
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qutebrowser.local 5include qutebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/qutebrowser 9noblacklist ${HOME}/.cache/qutebrowser
10noblacklist ${HOME}/.config/qutebrowser 10noblacklist ${HOME}/.config/qutebrowser
@@ -19,10 +19,10 @@ noblacklist /usr/lib/python3*
19# with >=llvm-4 mesa drivers need llvm stuff 19# with >=llvm-4 mesa drivers need llvm stuff
20noblacklist /usr/lib/llvm* 20noblacklist /usr/lib/llvm*
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26 26
27mkdir ${HOME}/.cache/qutebrowser 27mkdir ${HOME}/.cache/qutebrowser
28mkdir ${HOME}/.config/qutebrowser 28mkdir ${HOME}/.config/qutebrowser
@@ -31,7 +31,7 @@ whitelist ${DOWNLOADS}
31whitelist ${HOME}/.cache/qutebrowser 31whitelist ${HOME}/.cache/qutebrowser
32whitelist ${HOME}/.config/qutebrowser 32whitelist ${HOME}/.config/qutebrowser
33whitelist ${HOME}/.local/share/qutebrowser 33whitelist ${HOME}/.local/share/qutebrowser
34include /etc/firejail/whitelist-common.inc 34include whitelist-common.inc
35 35
36caps.drop all 36caps.drop all
37netfilter 37netfilter
diff --git a/etc/rambox.profile b/etc/rambox.profile
index afe9b41e7..6c65f869b 100644
--- a/etc/rambox.profile
+++ b/etc/rambox.profile
@@ -1,24 +1,24 @@
1# Firejail profile for rambox 1# Firejail profile for rambox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rambox.local 4include rambox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Rambox 8noblacklist ${HOME}/.config/Rambox
9noblacklist ${HOME}/.pki 9noblacklist ${HOME}/.pki
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.config/Rambox 16mkdir ${HOME}/.config/Rambox
17mkdir ${HOME}/.pki 17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.config/Rambox 19whitelist ${HOME}/.config/Rambox
20whitelist ${HOME}/.pki 20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/ranger.profile b/etc/ranger.profile
index fe4131e88..f582b8dfb 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -2,9 +2,9 @@
2# Description: File manager with an ncurses frontend written in Python 2# Description: File manager with an ncurses frontend written in Python
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ranger.local 5include ranger.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ranger 9noblacklist ${HOME}/.config/ranger
10 10
@@ -20,11 +20,11 @@ noblacklist ${PATH}/perl
20noblacklist /usr/lib/perl* 20noblacklist /usr/lib/perl*
21noblacklist /usr/share/perl* 21noblacklist /usr/share/perl*
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27include /etc/firejail/disable-programs.inc 27include disable-programs.inc
28 28
29caps.drop all 29caps.drop all
30net none 30net none
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36nosound 36nosound
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix 40protocol unix
40seccomp 41seccomp
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile
index 7271ac2f4..278514538 100644
--- a/etc/redeclipse.profile
+++ b/etc/redeclipse.profile
@@ -2,22 +2,22 @@
2# Description: Free, casual arena shooter 2# Description: Free, casual arena shooter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/redeclipse.local 5include redeclipse.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.redeclipse 9noblacklist ${HOME}/.redeclipse
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.redeclipse 17mkdir ${HOME}/.redeclipse
18whitelist ${HOME}/.redeclipse 18whitelist ${HOME}/.redeclipse
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/remmina.profile b/etc/remmina.profile
index 51c0f2d17..888f3819f 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -2,23 +2,23 @@
2# Description: GTK+ Remote Desktop Client 2# Description: GTK+ Remote Desktop Client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/remmina.local 5include remmina.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.remmina 9noblacklist ${HOME}/.remmina
10noblacklist ${HOME}/.config/remmina 10noblacklist ${HOME}/.config/remmina
11noblacklist ${HOME}/.local/share/remmina 11noblacklist ${HOME}/.local/share/remmina
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24nodvd 24nodvd
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 7dc6470f9..f9b7115ac 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -2,21 +2,21 @@
2# Description: Music player and organizer for GNOME 2# Description: Music player and organizer for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/rhythmbox.local 5include rhythmbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13# rhythmbox is using Python 13# rhythmbox is using Python
14#include /etc/firejail/disable-interpreters.inc 14#include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
index 2e2143a54..cbdc28cf6 100644
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@@ -1,22 +1,22 @@
1# Firejail profile for ricochet 1# Firejail profile for ricochet
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ricochet.local 4include ricochet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.local/share/Ricochet 9noblacklist ${HOME}/.local/share/Ricochet
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.local/share/Ricochet 18whitelist ${HOME}/.local/share/Ricochet
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile
index cc8b68ebb..fececd850 100644
--- a/etc/riot-desktop.profile
+++ b/etc/riot-desktop.profile
@@ -2,9 +2,9 @@
2# Description: A glossy Matrix collaboration client for the desktop 2# Description: A glossy Matrix collaboration client for the desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/riot-desktop.local 5include riot-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/riot-web.profile 10include riot-web.profile
diff --git a/etc/riot-web.profile b/etc/riot-web.profile
index 5379223c5..c9f597626 100644
--- a/etc/riot-web.profile
+++ b/etc/riot-web.profile
@@ -2,15 +2,15 @@
2# Description: A glossy Matrix collaboration client for the web 2# Description: A glossy Matrix collaboration client for the web
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/riot-web.local 5include riot-web.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Riot 9noblacklist ${HOME}/.config/Riot
10 10
11mkdir ${HOME}/.config/Riot 11mkdir ${HOME}/.config/Riot
12whitelist ${HOME}/.config/Riot 12whitelist ${HOME}/.config/Riot
13include /etc/firejail/whitelist-common.inc 13include whitelist-common.inc
14 14
15# Redirect 15# Redirect
16include /etc/firejail/electron.profile 16include electron.profile
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
index bb2a7e95b..e6b22b914 100644
--- a/etc/ristretto.profile
+++ b/etc/ristretto.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight picture-viewer for the Xfce desktop environment 2# Description: Lightweight picture-viewer for the Xfce desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ristretto.local 5include ristretto.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ristretto 9noblacklist ${HOME}/.config/ristretto
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile
index da92cd938..c95bc3c3d 100644
--- a/etc/rocketchat.profile
+++ b/etc/rocketchat.profile
@@ -1,14 +1,14 @@
1# Firejail profile for rocketchat 1# Firejail profile for rocketchat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rocketchat.local 4include rocketchat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Rocket.Chat 8noblacklist ${HOME}/.config/Rocket.Chat
9 9
10whitelist ${HOME}/.config/Rocket.Chat 10whitelist ${HOME}/.config/Rocket.Chat
11include /etc/firejail/whitelist-common.inc 11include whitelist-common.inc
12 12
13# Redirect 13# Redirect
14include /etc/firejail/electron.profile 14include electron.profile
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index bdc5b9232..0b4d6e1b1 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -2,16 +2,16 @@
2# Description: Ncurses BitTorrent client based on LibTorrent from rakshasa 2# Description: Ncurses BitTorrent client based on LibTorrent from rakshasa
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/rtorrent.local 5include rtorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17machine-id 17machine-id
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile
index 05ffbfe20..794c38d6e 100644
--- a/etc/runenpass.sh.profile
+++ b/etc/runenpass.sh.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/enpass.profile 6include enpass.profile
diff --git a/etc/rview.profile b/etc/rview.profile
index 90481b019..b3a6bfbdc 100644
--- a/etc/rview.profile
+++ b/etc/rview.profile
@@ -1,10 +1,10 @@
1# Firejail profile for rview 1# Firejail profile for rview
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rview.local 4include rview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/rvim.profile b/etc/rvim.profile
index 1070e9376..5481dfe43 100644
--- a/etc/rvim.profile
+++ b/etc/rvim.profile
@@ -1,10 +1,10 @@
1# Firejail profile for rvim 1# Firejail profile for rvim
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rvim.local 4include rvim.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/sayonara.profile b/etc/sayonara.profile
index 8a369be7e..ce86c80f9 100644
--- a/etc/sayonara.profile
+++ b/etc/sayonara.profile
@@ -1,18 +1,18 @@
1# Firejail profile for sayonara player 1# Firejail profile for sayonara player
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/sayonara.local 4include sayonara.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Sayonara 8noblacklist ${HOME}/.Sayonara
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/scallion.profile b/etc/scallion.profile
index 35cd04f8f..b4d0ef240 100644
--- a/etc/scallion.profile
+++ b/etc/scallion.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/scallion.local 5include scallion.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PATH}/llvm* 9noblacklist ${PATH}/llvm*
10noblacklist /usr/lib/llvm* 10noblacklist /usr/lib/llvm*
@@ -12,13 +12,13 @@ noblacklist ${PATH}/openssl
12noblacklist ${PATH}/openssl-1.0 12noblacklist ${PATH}/openssl-1.0
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/scribus.profile b/etc/scribus.profile
index 375983667..a8e510b8a 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -2,9 +2,9 @@
2# Description: Open Source Desktop Page Layout 2# Description: Open Source Desktop Page Layout
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/scribus.local 5include scribus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Support for PDF readers comes with Scribus 1.5 and higher 9# Support for PDF readers comes with Scribus 1.5 and higher
10noblacklist ${HOME}/.cache/okular 10noblacklist ${HOME}/.cache/okular
@@ -32,14 +32,14 @@ noblacklist ${PATH}/python3*
32noblacklist /usr/lib/python2* 32noblacklist /usr/lib/python2*
33noblacklist /usr/lib/python3* 33noblacklist /usr/lib/python3*
34 34
35include /etc/firejail/disable-common.inc 35include disable-common.inc
36include /etc/firejail/disable-devel.inc 36include disable-devel.inc
37include /etc/firejail/disable-interpreters.inc 37include disable-interpreters.inc
38include /etc/firejail/disable-passwdmgr.inc 38include disable-passwdmgr.inc
39include /etc/firejail/disable-programs.inc 39include disable-programs.inc
40include /etc/firejail/disable-xdg.inc 40include disable-xdg.inc
41 41
42include /etc/firejail/whitelist-var-common.inc 42include whitelist-var-common.inc
43 43
44caps.drop all 44caps.drop all
45net none 45net none
@@ -50,6 +50,7 @@ nonewprivs
50noroot 50noroot
51nosound 51nosound
52notv 52notv
53nou2f
53novideo 54novideo
54protocol unix 55protocol unix
55seccomp 56seccomp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index a2a54f838..01a056767 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sdat2img.local 5include sdat2img.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,14 +12,14 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25net none 25net none
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile
index 1ceed99fd..e420d8124 100644
--- a/etc/seamonkey-bin.profile
+++ b/etc/seamonkey-bin.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/seamonkey.profile 6include seamonkey.profile
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index b702d8b23..9c38414bb 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -2,18 +2,18 @@
2# Description: SeaMonkey internet suite 2# Description: SeaMonkey internet suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/seamonkey.local 5include seamonkey.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
11noblacklist ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/mozilla 18mkdir ${HOME}/.cache/mozilla
19mkdir ${HOME}/.mozilla 19mkdir ${HOME}/.mozilla
@@ -35,7 +35,7 @@ whitelist ${HOME}/.wine-pipelight
35whitelist ${HOME}/.wine-pipelight64 35whitelist ${HOME}/.wine-pipelight64
36whitelist ${HOME}/.zotero 36whitelist ${HOME}/.zotero
37whitelist ${HOME}/dwhelper 37whitelist ${HOME}/dwhelper
38include /etc/firejail/whitelist-common.inc 38include whitelist-common.inc
39 39
40caps.drop all 40caps.drop all
41netfilter 41netfilter
diff --git a/etc/server.profile b/etc/server.profile
index 8d3382dee..3526e88ab 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -1,9 +1,9 @@
1# Firejail profile for server 1# Firejail profile for server
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/server.local 4include server.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# generic server profile 8# generic server profile
9# it allows /sbin and /usr/sbin directories - this is where servers are installed 9# it allows /sbin and /usr/sbin directories - this is where servers are installed
@@ -15,12 +15,12 @@ noblacklist /sbin
15noblacklist /usr/sbin 15noblacklist /usr/sbin
16# noblacklist /var/opt 16# noblacklist /var/opt
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19# include /etc/firejail/disable-devel.inc 19# include disable-devel.inc
20# include /etc/firejail/disable-interpreters.inc 20# include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23#include /etc/firejail/disable-xdg.inc 23#include disable-xdg.inc
24 24
25caps 25caps
26# ipc-namespace 26# ipc-namespace
@@ -33,6 +33,7 @@ nodvd
33# noroot 33# noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37seccomp 38seccomp
38# shell none 39# shell none
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
index 90fc9cb8c..429633a6d 100644
--- a/etc/shellcheck.profile
+++ b/etc/shellcheck.profile
@@ -3,20 +3,20 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/shellcheck.local 6include shellcheck.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index e5a8ce4df..264566dcd 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -1,17 +1,17 @@
1# Firejail profile for shotcut 1# Firejail profile for shotcut
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/shotcut.local 4include shotcut.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Meltytech 8noblacklist ${HOME}/.config/Meltytech
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24protocol unix 25protocol unix
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
index c52f45f31..008cd218e 100644
--- a/etc/signal-desktop.profile
+++ b/etc/signal-desktop.profile
@@ -1,23 +1,23 @@
1# Firejail profile for signal-desktop 1# Firejail profile for signal-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/signal-desktop.local 4include signal-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Signal 8noblacklist ${HOME}/.config/Signal
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15 15
16mkdir ${HOME}/.config/Signal 16mkdir ${HOME}/.config/Signal
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/Signal 18whitelist ${HOME}/.config/Signal
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,inet,inet6,netlink 30protocol unix,inet,inet6,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
index 0fa19e610..5ef96a4ea 100644
--- a/etc/silentarmy.profile
+++ b/etc/silentarmy.profile
@@ -1,19 +1,19 @@
1# Firejail profile for silentarmy 1# Firejail profile for silentarmy
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/silentarmy.local 4include silentarmy.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 30d2203de..85cb00ef1 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -2,19 +2,19 @@
2# Description: Simple Scanning Utility 2# Description: Simple Scanning Utility
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/simple-scan.local 5include simple-scan.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/simple-scan 9noblacklist ${HOME}/.cache/simple-scan
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 3722d9414..a4e4d892c 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -2,21 +2,21 @@
2# Description: Transportation simulator 2# Description: Transportation simulator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/simutrans.local 5include simutrans.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.simutrans 9noblacklist ${HOME}/.simutrans
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.simutrans 17mkdir ${HOME}/.simutrans
18whitelist ${HOME}/.simutrans 18whitelist ${HOME}/.simutrans
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix 30protocol unix
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index f8bca415d..76b050d18 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -2,18 +2,18 @@
2# Description: Image scanner based on the KSane backend 2# Description: Image scanner based on the KSane backend
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/skanlite.local 5include skanlite.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19# net none 19# net none
diff --git a/etc/skype.profile b/etc/skype.profile
index 04f15b454..09b9baa11 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -1,17 +1,17 @@
1# Firejail profile for skype 1# Firejail profile for skype
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/skype.local 4include skype.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Skype 8noblacklist ${HOME}/.Skype
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
@@ -20,6 +20,7 @@ nogroups
20nonewprivs 20nonewprivs
21noroot 21noroot
22notv 22notv
23nou2f
23protocol unix,inet,inet6 24protocol unix,inet,inet6
24seccomp 25seccomp
25shell none 26shell none
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile
index c675f0345..bccef9705 100644
--- a/etc/skypeforlinux.profile
+++ b/etc/skypeforlinux.profile
@@ -1,17 +1,17 @@
1# Firejail profile for skypeforlinux 1# Firejail profile for skypeforlinux
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/skypeforlinux.local 4include skypeforlinux.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/skypeforlinux 8noblacklist ${HOME}/.config/skypeforlinux
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/slack.profile b/etc/slack.profile
index ba77a16b9..995d49687 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -1,25 +1,25 @@
1# Firejail profile for slack 1# Firejail profile for slack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/slack.local 4include slack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Slack 8noblacklist ${HOME}/.config/Slack
9noblacklist ${HOME}/Downloads 9noblacklist ${HOME}/Downloads
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config 17mkdir ${HOME}/.config
18mkdir ${HOME}/.config/Slack 18mkdir ${HOME}/.config/Slack
19whitelist ${HOME}/.config/Slack 19whitelist ${HOME}/.config/Slack
20whitelist ${HOME}/Downloads 20whitelist ${HOME}/Downloads
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25name slack 25name slack
@@ -29,6 +29,7 @@ nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32protocol unix,inet,inet6,netlink 33protocol unix,inet,inet6,netlink
33seccomp 34seccomp
34shell none 35shell none
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 6d8355e6f..57ab2cde6 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -2,23 +2,23 @@
2# Description: Complete front-end for MPlayer and mpv 2# Description: Complete front-end for MPlayer and mpv
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/smplayer.local 5include smplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.mplayer 10noblacklist ${HOME}/.mplayer
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12noblacklist ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23apparmor 23apparmor
24caps.drop all 24caps.drop all
@@ -27,6 +27,7 @@ netfilter
27# nogroups 27# nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30nou2f
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/smtube.profile b/etc/smtube.profile
index 430b4e5cf..24f3db40a 100644
--- a/etc/smtube.profile
+++ b/etc/smtube.profile
@@ -2,9 +2,9 @@
2# Description: YouTube videos browser 2# Description: YouTube videos browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/smtube.local 5include smtube.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.config/smtube 10noblacklist ${HOME}/.config/smtube
@@ -15,19 +15,20 @@ noblacklist ${HOME}/.local/share/vlc
15noblacklist ${MUSIC} 15noblacklist ${MUSIC}
16noblacklist ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
29nodvd 29nodvd
30notv 30notv
31nou2f
31novideo 32novideo
32nogroups 33nogroups
33nonewprivs 34nonewprivs
diff --git a/etc/snap.profile b/etc/snap.profile
index bcfdc8911..1c6d750e4 100644
--- a/etc/snap.profile
+++ b/etc/snap.profile
@@ -2,16 +2,16 @@
2# Description: Location of genes from DNA sequence with hidden markov model 2# Description: Location of genes from DNA sequence with hidden markov model
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/snap.local 5include snap.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Generic Ubuntu snap application profile 9# Generic Ubuntu snap application profile
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15whitelist ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16whitelist ${HOME}/snap 16whitelist ${HOME}/snap
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
diff --git a/etc/snox.profile b/etc/snox.profile
index 22bb0cdb0..3b3fd1ae1 100644
--- a/etc/snox.profile
+++ b/etc/snox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for snox 1# Firejail profile for snox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/snox.local 4include snox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/snox 8noblacklist ${HOME}/.cache/snox
9noblacklist ${HOME}/.config/snox 9noblacklist ${HOME}/.config/snox
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/snox
16whitelist ${HOME}/.config/snox 16whitelist ${HOME}/.config/snox
17 17
18# Redirect 18# Redirect
19include /etc/firejail/chromium-common.profile 19include chromium-common.profile
diff --git a/etc/soffice.profile b/etc/soffice.profile
index c702a4ece..ea0f84631 100644
--- a/etc/soffice.profile
+++ b/etc/soffice.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index 69efe5244..d34ccf901 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -2,9 +2,9 @@
2# Description: GNOME application to convert audio files into other formats 2# Description: GNOME application to convert audio files into other formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/soundconverter.local 5include soundconverter.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
@@ -14,14 +14,14 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27net none 27net none
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix 37protocol unix
37seccomp 38seccomp
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile
index 18d3a0575..350f10632 100644
--- a/etc/spectre-meltdown-checker.profile
+++ b/etc/spectre-meltdown-checker.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/spectre-meltdown-checker.local 5include spectre-meltdown-checker.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# sudo firejail --allow-debuggers spectre-meltdown-checker 9# sudo firejail --allow-debuggers spectre-meltdown-checker
10 10
@@ -18,14 +18,14 @@ noblacklist ${PATH}/perl
18noblacklist /usr/lib/perl* 18noblacklist /usr/lib/perl*
19noblacklist /usr/share/perl* 19noblacklist /usr/share/perl*
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26include /etc/firejail/disable-xdg.inc 26include disable-xdg.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.keep sys_rawio 30caps.keep sys_rawio
31ipc-namespace 31ipc-namespace
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 3adf3183c..f6f31028f 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -1,9 +1,9 @@
1# Firejail profile for spotify 1# Firejail profile for spotify
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/spotify.local 4include spotify.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8blacklist ${HOME}/.bashrc 8blacklist ${HOME}/.bashrc
9blacklist /lost+found 9blacklist /lost+found
@@ -14,11 +14,11 @@ noblacklist ${HOME}/.cache/spotify
14noblacklist ${HOME}/.config/spotify 14noblacklist ${HOME}/.config/spotify
15noblacklist ${HOME}/.local/share/spotify 15noblacklist ${HOME}/.local/share/spotify
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.cache/spotify 23mkdir ${HOME}/.cache/spotify
24mkdir ${HOME}/.config/spotify 24mkdir ${HOME}/.config/spotify
@@ -26,8 +26,8 @@ mkdir ${HOME}/.local/share/spotify
26whitelist ${HOME}/.cache/spotify 26whitelist ${HOME}/.cache/spotify
27whitelist ${HOME}/.config/spotify 27whitelist ${HOME}/.config/spotify
28whitelist ${HOME}/.local/share/spotify 28whitelist ${HOME}/.local/share/spotify
29include /etc/firejail/whitelist-common.inc 29include whitelist-common.inc
30include /etc/firejail/whitelist-var-common.inc 30include whitelist-var-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
@@ -37,6 +37,7 @@ nogroups
37nonewprivs 37nonewprivs
38noroot 38noroot
39notv 39notv
40nou2f
40protocol unix,inet,inet6,netlink 41protocol unix,inet,inet6,netlink
41seccomp 42seccomp
42shell none 43shell none
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 0f030d559..6bdd437cd 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -2,21 +2,21 @@
2# Description: GUI editor for SQLite databases 2# Description: GUI editor for SQLite databases
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sqlitebrowser.local 5include sqlitebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/sqlitebrowser 9noblacklist ${HOME}/.config/sqlitebrowser
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index b71c20231..02b66955f 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ssh-agent.local 5include ssh-agent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -12,9 +12,9 @@ noblacklist /etc/ssh
12noblacklist /tmp/ssh-* 12noblacklist /tmp/ssh-*
13noblacklist ${HOME}/.ssh 13noblacklist ${HOME}/.ssh
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19shell none 19shell none
20caps.drop all 20caps.drop all
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 584294f05..de627dcf0 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/ssh.local 6include ssh.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist /etc/ssh 10noblacklist /etc/ssh
11noblacklist /tmp/ssh-* 11noblacklist /tmp/ssh-*
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -25,6 +25,7 @@ nonewprivs
25# noroot - see issue #1543 25# noroot - see issue #1543
26nosound 26nosound
27notv 27notv
28nou2f
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile
index 9f62b42c5..4486c8869 100644
--- a/etc/standardnotes-desktop.profile
+++ b/etc/standardnotes-desktop.profile
@@ -1,24 +1,24 @@
1# Firejail profile for standardnotes-desktop 1# Firejail profile for standardnotes-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/standardnotes-desktop.local 4include standardnotes-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/Standard Notes Backups 8noblacklist ${HOME}/Standard Notes Backups
9noblacklist ${HOME}/.config/Standard Notes 9noblacklist ${HOME}/.config/Standard Notes
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/Standard Notes Backups 17mkdir ${HOME}/Standard Notes Backups
18mkdir ${HOME}/.config/Standard Notes 18mkdir ${HOME}/.config/Standard Notes
19whitelist ${HOME}/Standard Notes Backups 19whitelist ${HOME}/Standard Notes Backups
20whitelist ${HOME}/.config/Standard Notes 20whitelist ${HOME}/.config/Standard Notes
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23apparmor 23apparmor
24caps.drop all 24caps.drop all
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix,inet,inet6,netlink 35protocol unix,inet,inet6,netlink
35seccomp 36seccomp
36 37
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile
index c17815969..2b01eca88 100644
--- a/etc/start-tor-browser.desktop.profile
+++ b/etc/start-tor-browser.desktop.profile
@@ -63,4 +63,4 @@ mkdir ${HOME}/.tor-browser-zh-cn:
63whitelist ${HOME}/.tor-browser-zh-cn: 63whitelist ${HOME}/.tor-browser-zh-cn:
64 64
65# Redirect 65# Redirect
66include /etc/firejail/torbrowser-launcher.profile 66include torbrowser-launcher.profile
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index 4d9ebcb2e..d3b0b27e3 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -1,19 +1,19 @@
1# Firejail profile for start-tor-browser 1# Firejail profile for start-tor-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/start-tor-browser.local 4include start-tor-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 29seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/steam-native.profile b/etc/steam-native.profile
index b85b1659b..47608ad28 100644
--- a/etc/steam-native.profile
+++ b/etc/steam-native.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4# Redirect 4# Redirect
5include /etc/firejail/steam.profile 5include steam.profile
diff --git a/etc/steam.profile b/etc/steam.profile
index 903384ecf..775b6c875 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -2,9 +2,9 @@
2# Description: Valve's Steam digital software delivery system 2# Description: Valve's Steam digital software delivery system
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/steam.local 5include steam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.killingfloor 10noblacklist ${HOME}/.killingfloor
@@ -37,13 +37,13 @@ noblacklist ${PATH}/python3*
37noblacklist /usr/lib/python2* 37noblacklist /usr/lib/python2*
38noblacklist /usr/lib/python3* 38noblacklist /usr/lib/python3*
39 39
40include /etc/firejail/disable-common.inc 40include disable-common.inc
41include /etc/firejail/disable-devel.inc 41include disable-devel.inc
42include /etc/firejail/disable-interpreters.inc 42include disable-interpreters.inc
43include /etc/firejail/disable-passwdmgr.inc 43include disable-passwdmgr.inc
44include /etc/firejail/disable-programs.inc 44include disable-programs.inc
45 45
46include /etc/firejail/whitelist-var-common.inc 46include whitelist-var-common.inc
47 47
48caps.drop all 48caps.drop all
49#ipc-namespace 49#ipc-namespace
@@ -55,6 +55,7 @@ nogroups
55nonewprivs 55nonewprivs
56noroot 56noroot
57notv 57notv
58nou2f
58# novideo should be commented for VR 59# novideo should be commented for VR
59novideo 60novideo
60protocol unix,inet,inet6,netlink 61protocol unix,inet,inet6,netlink
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index cddbd99d6..7d0000fb3 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -2,25 +2,25 @@
2# Description: Real-time photo-realistic sky generator 2# Description: Real-time photo-realistic sky generator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/stellarium.local 5include stellarium.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/stellarium 9noblacklist ${HOME}/.config/stellarium
10noblacklist ${HOME}/.stellarium 10noblacklist ${HOME}/.stellarium
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/stellarium 18mkdir ${HOME}/.config/stellarium
19mkdir ${HOME}/.stellarium 19mkdir ${HOME}/.stellarium
20whitelist ${HOME}/.config/stellarium 20whitelist ${HOME}/.config/stellarium
21whitelist ${HOME}/.stellarium 21whitelist ${HOME}/.stellarium
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix,inet,inet6,netlink 35protocol unix,inet,inet6,netlink
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/strings.profile b/etc/strings.profile
index ae2fbf18f..f243606ec 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -2,10 +2,10 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/strings.local 5include strings.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included default.profile 7# added by included default.profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -16,6 +16,7 @@ nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20shell none 21shell none
21tracelog 22tracelog
@@ -30,4 +31,4 @@ memory-deny-write-execute
30noexec ${HOME} 31noexec ${HOME}
31noexec /tmp 32noexec /tmp
32 33
33include /etc/firejail/default.profile 34include default.profile
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile
index b4eee28df..d556521e1 100644
--- a/etc/studio.sh.profile
+++ b/etc/studio.sh.profile
@@ -1,4 +1,4 @@
1# Firejail profile alias for Android Studio 1# Firejail profile alias for Android Studio
2 2
3# Redirect 3# Redirect
4include /etc/firejail/android-studio.profile 4include android-studio.profile
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 84083e9aa..fc523ce0a 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -1,22 +1,22 @@
1# Firejail profile for supertux2 1# Firejail profile for supertux2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/supertux2.local 4include supertux2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/supertux2 8noblacklist ${HOME}/.local/share/supertux2
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.local/share/supertux2 16mkdir ${HOME}/.local/share/supertux2
17whitelist ${HOME}/.local/share/supertux2 17whitelist ${HOME}/.local/share/supertux2
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/surf.profile b/etc/surf.profile
index 3d40ea49b..3a1b1f383 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -2,20 +2,20 @@
2# Description: Simple web browser by suckless community 2# Description: Simple web browser by suckless community
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/surf.local 5include surf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.surf 9noblacklist ${HOME}/.surf
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.surf 16mkdir ${HOME}/.surf
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -23,6 +23,7 @@ nodvd
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26protocol unix,inet,inet6,netlink 27protocol unix,inet,inet6,netlink
27seccomp 28seccomp
28shell none 29shell none
diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile
index 5f30c95ba..64de64eb4 100644
--- a/etc/sylpheed.profile
+++ b/etc/sylpheed.profile
@@ -2,17 +2,17 @@
2# Description: Light weight e-mail client with GTK+ 2# Description: Light weight e-mail client with GTK+
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sylpheed.local 5include sylpheed.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.sylpheed-2.0 9noblacklist ${HOME}/.sylpheed-2.0
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix,inet,inet6 27protocol unix,inet,inet6
27seccomp 28seccomp
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 0fc59fd17..9ce1bb183 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -2,18 +2,18 @@
2# Description: Vector-based 2D animation package 2# Description: Vector-based 2D animation package
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/synfigstudio.local 5include synfigstudio.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/synfig 9noblacklist ${HOME}/.config/synfig
10noblacklist ${HOME}/.synfig 10noblacklist ${HOME}/.synfig
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/tar.profile b/etc/tar.profile
index 7409393c6..cbf421914 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/tar.local 6include tar.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -18,6 +18,7 @@ nodbus
18nodvd 18nodvd
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22shell none 23shell none
23tracelog 24tracelog
@@ -28,4 +29,4 @@ private-dev
28private-etc passwd,group,localtime 29private-etc passwd,group,localtime
29private-lib 30private-lib
30 31
31include /etc/firejail/default.profile 32include default.profile
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile
index 55a95157d..25928882b 100644
--- a/etc/teamspeak3.profile
+++ b/etc/teamspeak3.profile
@@ -2,23 +2,23 @@
2# Description: TeamSpeak is software for quality voice communication via the Internet 2# Description: TeamSpeak is software for quality voice communication via the Internet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/teamspeak3.local 5include teamspeak3.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.ts3client 9noblacklist ${HOME}/.ts3client
10noblacklist ${PATH}/openssl 10noblacklist ${PATH}/openssl
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.ts3client 18mkdir ${HOME}/.ts3client
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.ts3client 20whitelist ${HOME}/.ts3client
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -29,6 +29,7 @@ nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6,netlink 34protocol unix,inet,inet6,netlink
34seccomp 35seccomp
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile
index 9e4855247..ef60bdc8c 100644
--- a/etc/telegram-desktop.profile
+++ b/etc/telegram-desktop.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/telegram.profile 7include telegram.profile
diff --git a/etc/telegram.profile b/etc/telegram.profile
index 9ffb9f287..fb2c06a27 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -1,17 +1,17 @@
1# Firejail profile for telegram 1# Firejail profile for telegram
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/telegram.local 4include telegram.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.TelegramDesktop 8noblacklist ${HOME}/.TelegramDesktop
9noblacklist ${HOME}/.local/share/TelegramDesktop 9noblacklist ${HOME}/.local/share/TelegramDesktop
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/terasology.profile b/etc/terasology.profile
index fa45eb880..22038e0b4 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -1,9 +1,9 @@
1# Firejail profile for terasology 1# Firejail profile for terasology
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/terasology.local 4include terasology.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
9noblacklist ${HOME}/.local/share/terasology 9noblacklist ${HOME}/.local/share/terasology
@@ -14,17 +14,17 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.java 23mkdir ${HOME}/.java
24mkdir ${HOME}/.local/share/terasology 24mkdir ${HOME}/.local/share/terasology
25whitelist ${HOME}/.java 25whitelist ${HOME}/.java
26whitelist ${HOME}/.local/share/terasology 26whitelist ${HOME}/.local/share/terasology
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
@@ -36,6 +36,7 @@ nogroups
36nonewprivs 36nonewprivs
37noroot 37noroot
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix,inet,inet6 41protocol unix,inet,inet6
41seccomp 42seccomp
diff --git a/etc/thunar.profile b/etc/thunar.profile
index 37d10ae0d..0c7a048c4 100644
--- a/etc/thunar.profile
+++ b/etc/thunar.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/Thunar.profile 7include Thunar.profile
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile
index 73d2419da..2bd06cb14 100644
--- a/etc/thunderbird-beta.profile
+++ b/etc/thunderbird-beta.profile
@@ -5,4 +5,4 @@
5whitelist /opt/thunderbird-beta 5whitelist /opt/thunderbird-beta
6 6
7# Redirect 7# Redirect
8include /etc/firejail/thunderbird.profile 8include thunderbird.profile
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index 86671d1be..5f1af91be 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -2,9 +2,9 @@
2# Description: Email, RSS and newsgroup client with integrated spam filter 2# Description: Email, RSS and newsgroup client with integrated spam filter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/thunderbird.local 5include thunderbird.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Users have thunderbird set to open a browser by clicking a link in an email 9# Users have thunderbird set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
@@ -38,4 +38,4 @@ writable-run-user
38 38
39# allow browsers 39# allow browsers
40# Redirect 40# Redirect
41include /etc/firejail/firefox.profile 41include firefox.profile
diff --git a/etc/tilp.profile b/etc/tilp.profile
index 7d63df630..ecacd1deb 100644
--- a/etc/tilp.profile
+++ b/etc/tilp.profile
@@ -1,17 +1,17 @@
1# Firejail profile for tilp 1# Firejail profile for tilp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/tilp.local 4include tilp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.tilp 8noblacklist ${HOME}/.tilp
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile
index a668a05d4..612b2d01b 100644
--- a/etc/tor-browser-ar.profile
+++ b/etc/tor-browser-ar.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ar
7whitelist ${HOME}/.tor-browser-ar 7whitelist ${HOME}/.tor-browser-ar
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile
index 195377f0f..db56dda1b 100644
--- a/etc/tor-browser-en-us.profile
+++ b/etc/tor-browser-en-us.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en-us
7whitelist ${HOME}/.tor-browser-en-us 7whitelist ${HOME}/.tor-browser-en-us
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index 75aad1a09..ad4110c0e 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en
7whitelist ${HOME}/.tor-browser-en 7whitelist ${HOME}/.tor-browser-en
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile
index b6e5dedbc..1aa586658 100644
--- a/etc/tor-browser-es-es.profile
+++ b/etc/tor-browser-es-es.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es-es
7whitelist ${HOME}/.tor-browser-es-es 7whitelist ${HOME}/.tor-browser-es-es
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile
index c607c93e3..a386e3387 100644
--- a/etc/tor-browser-es.profile
+++ b/etc/tor-browser-es.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es
7whitelist ${HOME}/.tor-browser-es 7whitelist ${HOME}/.tor-browser-es
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile
index 3ce689c21..7f847a7c2 100644
--- a/etc/tor-browser-fa.profile
+++ b/etc/tor-browser-fa.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fa
7whitelist ${HOME}/.tor-browser-fa 7whitelist ${HOME}/.tor-browser-fa
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile
index 369184aba..bce470ec8 100644
--- a/etc/tor-browser-fr.profile
+++ b/etc/tor-browser-fr.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fr
7whitelist ${HOME}/.tor-browser-fr 7whitelist ${HOME}/.tor-browser-fr
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile
index e5d54617d..3c239ca29 100644
--- a/etc/tor-browser-it.profile
+++ b/etc/tor-browser-it.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-it
7whitelist ${HOME}/.tor-browser-it 7whitelist ${HOME}/.tor-browser-it
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile
index a3cfa1987..c52e0f64e 100644
--- a/etc/tor-browser-ja.profile
+++ b/etc/tor-browser-ja.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ja
7whitelist ${HOME}/.tor-browser-ja 7whitelist ${HOME}/.tor-browser-ja
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile
index 6a7fe905c..8faa5afa1 100644
--- a/etc/tor-browser-ko.profile
+++ b/etc/tor-browser-ko.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ko
7whitelist ${HOME}/.tor-browser-ko 7whitelist ${HOME}/.tor-browser-ko
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile
index e72d64a3e..08ddd4ae7 100644
--- a/etc/tor-browser-pl.profile
+++ b/etc/tor-browser-pl.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pl
7whitelist ${HOME}/.tor-browser-pl 7whitelist ${HOME}/.tor-browser-pl
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile
index d3a5d1b79..9942a3fe8 100644
--- a/etc/tor-browser-pt-br.profile
+++ b/etc/tor-browser-pt-br.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pt-br
7whitelist ${HOME}/.tor-browser-pt-br 7whitelist ${HOME}/.tor-browser-pt-br
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile
index 22b772b28..6294f8ca0 100644
--- a/etc/tor-browser-ru.profile
+++ b/etc/tor-browser-ru.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ru
7whitelist ${HOME}/.tor-browser-ru 7whitelist ${HOME}/.tor-browser-ru
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile
index cd1c5b0b3..734c38698 100644
--- a/etc/tor-browser-vi.profile
+++ b/etc/tor-browser-vi.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-vi
7whitelist ${HOME}/.tor-browser-vi 7whitelist ${HOME}/.tor-browser-vi
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile
index bf1bc75d6..21e813e45 100644
--- a/etc/tor-browser-zh-cn.profile
+++ b/etc/tor-browser-zh-cn.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-zh-cn
7whitelist ${HOME}/.tor-browser-zh-cn 7whitelist ${HOME}/.tor-browser-zh-cn
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor.profile b/etc/tor.profile
index ddaa9806c..04a6c3abb 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -2,9 +2,9 @@
2# Description: Anonymizing overlay network for TCP 2# Description: Anonymizing overlay network for TCP
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tor.local 5include tor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# How to use: 9# How to use:
10# Create a script called anything (e.g. mytor) 10# Create a script called anything (e.g. mytor)
@@ -17,12 +17,12 @@ include /etc/firejail/globals.local
17# You'll also likely want to disable the system service (if it exists) 17# You'll also likely want to disable the system service (if it exists)
18# Run mytor (or whatever you called the script above) whenever you want to start tor 18# Run mytor (or whatever you called the script above) whenever you want to start tor
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27caps.keep setuid,setgid,net_bind_service,dac_read_search 27caps.keep setuid,setgid,net_bind_service,dac_read_search
28ipc-namespace 28ipc-namespace
@@ -34,6 +34,7 @@ nogroups
34nonewprivs 34nonewprivs
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 307377acc..a9244683f 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -2,9 +2,9 @@
2# Description: Helps download and run the Tor Browser Bundle 2# Description: Helps download and run the Tor Browser Bundle
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/torbrowser-launcher.local 5include torbrowser-launcher.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/torbrowser 9noblacklist ${HOME}/.config/torbrowser
10noblacklist ${HOME}/.local/share/torbrowser 10noblacklist ${HOME}/.local/share/torbrowser
@@ -15,20 +15,20 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.config/torbrowser 25mkdir ${HOME}/.config/torbrowser
26mkdir ${HOME}/.local/share/torbrowser 26mkdir ${HOME}/.local/share/torbrowser
27whitelist ${DOWNLOADS} 27whitelist ${DOWNLOADS}
28whitelist ${HOME}/.config/torbrowser 28whitelist ${HOME}/.config/torbrowser
29whitelist ${HOME}/.local/share/torbrowser 29whitelist ${HOME}/.local/share/torbrowser
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31include /etc/firejail/whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
33caps.drop all 33caps.drop all
34netfilter 34netfilter
@@ -38,6 +38,7 @@ nogroups
38nonewprivs 38nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f
41novideo 42novideo
42protocol unix,inet,inet6 43protocol unix,inet,inet6
43seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 44seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/totem.profile b/etc/totem.profile
index bfa5883e2..3055ea542 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -2,23 +2,23 @@
2# Description: Simple media player for the GNOME desktop based on GStreamer 2# Description: Simple media player for the GNOME desktop based on GStreamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/totem.local 5include totem.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/totem 9noblacklist ${HOME}/.config/totem
10noblacklist ${HOME}/.local/share/totem 10noblacklist ${HOME}/.local/share/totem
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12noblacklist ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23# apparmor - makes settings immutable 23# apparmor - makes settings immutable
24caps.drop all 24caps.drop all
@@ -27,6 +27,7 @@ netfilter
27nogroups 27nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30nou2f
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/tracker.profile b/etc/tracker.profile
index 142089c34..6d86b2951 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -2,19 +2,19 @@
2# Description: Metadata database, indexer and search tool 2# Description: Metadata database, indexer and search tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tracker.local 5include tracker.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default 9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 1a22a713c..cc2e4467e 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -2,18 +2,18 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-cli.local 5include transmission-cli.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19machine-id 19machine-id
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 758205ccf..867f9f113 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -2,26 +2,26 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-gtk.local 5include transmission-gtk.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index c8eb9e326..81b8f38cf 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -2,26 +2,26 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-qt.local 5include transmission-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 06b79effd..248eb977e 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -1,18 +1,18 @@
1# Firejail profile for transmission-show 1# Firejail profile for transmission-show
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/transmission-show.local 4include transmission-show.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/transmission 8noblacklist ${HOME}/.cache/transmission
9noblacklist ${HOME}/.config/transmission 9noblacklist ${HOME}/.config/transmission
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18machine-id 18machine-id
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/truecraft.profile b/etc/truecraft.profile
index 1eb7b65ba..ae1d85473 100644
--- a/etc/truecraft.profile
+++ b/etc/truecraft.profile
@@ -1,24 +1,24 @@
1# Firejail profile for truecraft 1# Firejail profile for truecraft
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/truecraft.local 4include truecraft.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mono 8noblacklist ${HOME}/.config/mono
9noblacklist ${HOME}/.config/truecraft 9noblacklist ${HOME}/.config/truecraft
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/mono 17mkdir ${HOME}/.config/mono
18mkdir ${HOME}/.config/truecraft 18mkdir ${HOME}/.config/truecraft
19whitelist ${HOME}/.config/mono 19whitelist ${HOME}/.config/mono
20whitelist ${HOME}/.config/truecraft 20whitelist ${HOME}/.config/truecraft
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24nodvd 24nodvd
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile
index d467e1a83..1b657d083 100644
--- a/etc/tuxguitar.profile
+++ b/etc/tuxguitar.profile
@@ -2,9 +2,9 @@
2# Description: Multitrack guitar tablature editor and player (gp3 to gp5) 2# Description: Multitrack guitar tablature editor and player (gp3 to gp5)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tuxguitar.local 5include tuxguitar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.tuxguitar* 10noblacklist ${HOME}/.tuxguitar*
@@ -17,14 +17,14 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
@@ -34,6 +34,7 @@ nogroups
34nonewprivs 34nonewprivs
35noroot 35noroot
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index d4016d061..218b41e15 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -1,18 +1,18 @@
1# Firejail profile for uefitool 1# Firejail profile for uefitool
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uefitool.local 4include uefitool.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 3c3c685e0..09821b411 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -1,21 +1,21 @@
1# Firejail profile for uget-gtk 1# Firejail profile for uget-gtk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uget-gtk.local 4include uget-gtk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/uGet 8noblacklist ${HOME}/.config/uGet
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.config/uGet 15mkdir ${HOME}/.config/uGet
16whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.config/uGet 17whitelist ${HOME}/.config/uGet
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 5bc350e8d..6e4b5ed1c 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -2,21 +2,21 @@
2# Description: Validating, recursive, caching DNS resolver 2# Description: Validating, recursive, caching DNS resolver
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/unbound.local 5include unbound.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist /var/lib/unbound 21whitelist /var/lib/unbound
22whitelist /var/run 22whitelist /var/run
@@ -27,6 +27,7 @@ nodvd
27nonewprivs 27nonewprivs
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open 32seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
32writable-var 33writable-var
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 5b2944a88..f62f018a6 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -2,19 +2,19 @@
2# Description: 2D realtime strategy simulation 2# Description: 2D realtime strategy simulation
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/unknown-horizons.local 5include unknown-horizons.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.unknown-horizons 9noblacklist ${HOME}/.unknown-horizons
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.unknown-horizons 15mkdir ${HOME}/.unknown-horizons
16whitelist ${HOME}/.unknown-horizons 16whitelist ${HOME}/.unknown-horizons
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -22,6 +22,7 @@ nogroups
22nonewprivs 22nonewprivs
23noroot 23noroot
24notv 24notv
25nou2f
25protocol unix,netlink,inet,inet6 26protocol unix,netlink,inet,inet6
26seccomp 27seccomp
27shell none 28shell none
diff --git a/etc/unlzma.profile b/etc/unlzma.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/unlzma.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/unrar.profile b/etc/unrar.profile
index c8c72f1f3..00fe0887b 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/unrar.local 6include unrar.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -18,6 +18,7 @@ nodbus
18nodvd 18nodvd
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22shell none 23shell none
23tracelog 24tracelog
@@ -27,4 +28,4 @@ private-dev
27private-etc passwd,group,localtime 28private-etc passwd,group,localtime
28private-tmp 29private-tmp
29 30
30include /etc/firejail/default.profile 31include default.profile
diff --git a/etc/unxz.profile b/etc/unxz.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/unxz.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/unzip.profile b/etc/unzip.profile
index 0b8b0cc50..8e659c256 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/unzip.local 6include unzip.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -18,6 +18,7 @@ nodbus
18nodvd 18nodvd
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22shell none 23shell none
23tracelog 24tracelog
@@ -29,4 +30,4 @@ private-etc passwd,group,localtime
29# GNOME Shell integration (chrome-gnome-shell) 30# GNOME Shell integration (chrome-gnome-shell)
30noblacklist ${HOME}/.local/share/gnome-shell 31noblacklist ${HOME}/.local/share/gnome-shell
31 32
32include /etc/firejail/default.profile 33include default.profile
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index d1130960d..3bd0ebe70 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/uudeview.local 6include uudeview.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11hostname uudeview 11hostname uudeview
12ignore noroot 12ignore noroot
@@ -15,6 +15,7 @@ nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
18nou2f
18novideo 19novideo
19shell none 20shell none
20tracelog 21tracelog
@@ -24,4 +25,4 @@ private-cache
24private-dev 25private-dev
25private-etc ld.so.preload 26private-etc ld.so.preload
26 27
27include /etc/firejail/default.profile 28include default.profile
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile
index b8a3fa497..7e6b35d13 100644
--- a/etc/uzbl-browser.profile
+++ b/etc/uzbl-browser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for uzbl-browser 1# Firejail profile for uzbl-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uzbl-browser.local 4include uzbl-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/uzbl 8noblacklist ${HOME}/.config/uzbl
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
@@ -15,10 +15,10 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.config/uzbl 23mkdir ${HOME}/.config/uzbl
24mkdir ${HOME}/.gnupg 24mkdir ${HOME}/.gnupg
@@ -29,7 +29,7 @@ whitelist ${HOME}/.config/uzbl
29whitelist ${HOME}/.gnupg 29whitelist ${HOME}/.gnupg
30whitelist ${HOME}/.local/share/uzbl 30whitelist ${HOME}/.local/share/uzbl
31whitelist ${HOME}/.password-store 31whitelist ${HOME}/.password-store
32include /etc/firejail/whitelist-common.inc 32include whitelist-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 08f9fd309..4c22f8e6f 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -2,9 +2,9 @@
2# Description: Simple, fast and elegant image viewer 2# Description: Simple, fast and elegant image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/viewnior.local 5include viewnior.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
@@ -12,11 +12,11 @@ noblacklist ${HOME}/.Steam
12noblacklist ${HOME}/.config/viewnior 12noblacklist ${HOME}/.config/viewnior
13noblacklist ${HOME}/.steam 13noblacklist ${HOME}/.steam
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/viking.profile b/etc/viking.profile
index 624cb962b..baf268691 100644
--- a/etc/viking.profile
+++ b/etc/viking.profile
@@ -2,20 +2,20 @@
2# Description: GPS data editor, analyzer and viewer 2# Description: GPS data editor, analyzer and viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/viking.local 5include viking.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.viking 9noblacklist ${HOME}/.viking
10noblacklist ${HOME}/.viking-maps 10noblacklist ${HOME}/.viking-maps
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/vim.profile b/etc/vim.profile
index 1f98a018a..e4e759b86 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -2,17 +2,17 @@
2# Description: Vi IMproved - enhanced vi editor 2# Description: Vi IMproved - enhanced vi editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vim.local 5include vim.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.vim 9noblacklist ${HOME}/.vim
10noblacklist ${HOME}/.viminfo 10noblacklist ${HOME}/.viminfo
11noblacklist ${HOME}/.vimrc 11noblacklist ${HOME}/.vimrc
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/vimcat.profile b/etc/vimcat.profile
index 5067c2fd1..a8f7758e0 100644
--- a/etc/vimcat.profile
+++ b/etc/vimcat.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimcat 1# Firejail profile for vimcat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimcat.local 4include vimcat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile
index f89a2c112..53a5c6224 100644
--- a/etc/vimdiff.profile
+++ b/etc/vimdiff.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimdiff 1# Firejail profile for vimdiff
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimdiff.local 4include vimdiff.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/vimpager.profile b/etc/vimpager.profile
index 9c59cb82f..ef2c20ef1 100644
--- a/etc/vimpager.profile
+++ b/etc/vimpager.profile
@@ -2,10 +2,10 @@
2# Description: A vim-based script to use as a PAGER 2# Description: A vim-based script to use as a PAGER
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vimpager.local 5include vimpager.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/vim.profile 11include vim.profile
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile
index 83851d37e..7330d6da2 100644
--- a/etc/vimtutor.profile
+++ b/etc/vimtutor.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimtutor 1# Firejail profile for vimtutor
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimtutor.local 4include vimtutor.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index c634348c7..1ef44dd5c 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -2,9 +2,9 @@
2# Description: x86 virtualization solution 2# Description: x86 virtualization solution
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/virtualbox.local 5include virtualbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.VirtualBox 9noblacklist ${HOME}/.VirtualBox
10noblacklist ${HOME}/.config/VirtualBox 10noblacklist ${HOME}/.config/VirtualBox
@@ -13,17 +13,17 @@ noblacklist ${HOME}/VirtualBox VMs
13noblacklist /usr/lib/virtualbox 13noblacklist /usr/lib/virtualbox
14noblacklist /usr/lib64/virtualbox 14noblacklist /usr/lib64/virtualbox
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.config/VirtualBox 20mkdir ${HOME}/.config/VirtualBox
21mkdir ${HOME}/VirtualBox VMs 21mkdir ${HOME}/VirtualBox VMs
22whitelist ${HOME}/.config/VirtualBox 22whitelist ${HOME}/.config/VirtualBox
23whitelist ${HOME}/VirtualBox VMs 23whitelist ${HOME}/VirtualBox VMs
24whitelist ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile
index d1ceb74f4..bee5d6be6 100644
--- a/etc/vivaldi-beta.profile
+++ b/etc/vivaldi-beta.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/vivaldi.profile 6include vivaldi.profile
diff --git a/etc/vivaldi-snapshot.profile b/etc/vivaldi-snapshot.profile
index f8691025f..ea4a4009f 100644
--- a/etc/vivaldi-snapshot.profile
+++ b/etc/vivaldi-snapshot.profile
@@ -1,9 +1,9 @@
1# Firejail profile for vivaldi-snapshot 1# Firejail profile for vivaldi-snapshot
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vivaldi-snapshot.local 4include vivaldi-snapshot.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/vivaldi-snapshot 8noblacklist ${HOME}/.cache/vivaldi-snapshot
9noblacklist ${HOME}/.config/vivaldi-snapshot 9noblacklist ${HOME}/.config/vivaldi-snapshot
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/vivaldi-snapshot
14whitelist ${HOME}/.config/vivaldi-snapshot 14whitelist ${HOME}/.config/vivaldi-snapshot
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile
index d1ceb74f4..bee5d6be6 100644
--- a/etc/vivaldi-stable.profile
+++ b/etc/vivaldi-stable.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/vivaldi.profile 6include vivaldi.profile
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 8b37ca40b..96f1bd99d 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -1,9 +1,9 @@
1# Firejail profile for vivaldi 1# Firejail profile for vivaldi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vivaldi.local 4include vivaldi.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/vivaldi 8noblacklist ${HOME}/.cache/vivaldi
9noblacklist ${HOME}/.config/vivaldi 9noblacklist ${HOME}/.config/vivaldi
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/vivaldi
17ignore nodbus 17ignore nodbus
18 18
19# Redirect 19# Redirect
20include /etc/firejail/chromium-common.profile 20include chromium-common.profile
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 594a5944b..0395a5a59 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -2,9 +2,9 @@
2# Description: Multimedia player and streamer 2# Description: Multimedia player and streamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vlc.local 5include vlc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/vlc 9noblacklist ${HOME}/.cache/vlc
10noblacklist ${HOME}/.config/vlc 10noblacklist ${HOME}/.config/vlc
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.local/share/vlc
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13noblacklist ${VIDEOS} 13noblacklist ${VIDEOS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24#apparmor - on Ubuntu 18.04 it refuses to start without dbus access 24#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
25caps.drop all 25caps.drop all
@@ -28,6 +28,7 @@ netfilter
28nogroups 28nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/vym.profile b/etc/vym.profile
index bb044069d..bb3f6ac56 100644
--- a/etc/vym.profile
+++ b/etc/vym.profile
@@ -2,17 +2,17 @@
2# Description: Mindmapping tool 2# Description: Mindmapping tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vym.local 5include vym.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/InSilmaril 9noblacklist ${HOME}/.config/InSilmaril
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 858b30a5f..c03df49cd 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -2,20 +2,20 @@
2# Description: WWW browsable pager with excellent tables/frames support 2# Description: WWW browsable pager with excellent tables/frames support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/w3m.local 5include w3m.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.w3m 11noblacklist ${HOME}/.w3m
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 632a56074..816f2236c 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -2,24 +2,24 @@
2# Description: 3D real time strategy game 2# Description: 3D real time strategy game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/warzone2100.local 5include warzone2100.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.warzone2100-3.* 9noblacklist ${HOME}/.warzone2100-3.*
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17# mkdir ${HOME}/.warzone2100-3.1 17# mkdir ${HOME}/.warzone2100-3.1
18# mkdir ${HOME}/.warzone2100-3.2 18# mkdir ${HOME}/.warzone2100-3.2
19whitelist ${HOME}/.warzone2100-3.1 19whitelist ${HOME}/.warzone2100-3.1
20whitelist ${HOME}/.warzone2100-3.2 20whitelist ${HOME}/.warzone2100-3.2
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index fdd299bbf..3dc21958d 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for waterfox 1# Firejail profile for waterfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/waterfox.local 4include waterfox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.cache/waterfox 9noblacklist ${HOME}/.cache/waterfox
@@ -25,4 +25,4 @@ whitelist ${HOME}/.waterfox
25#private-etc waterfox 25#private-etc waterfox
26 26
27# Redirect 27# Redirect
28include /etc/firejail/firefox-common.profile 28include firefox-common.profile
diff --git a/etc/webstorm.profile b/etc/webstorm.profile
index 1a77fd833..9a25727a9 100644
--- a/etc/webstorm.profile
+++ b/etc/webstorm.profile
@@ -1,9 +1,9 @@
1# Firejail profile for WebStorm 1# Firejail profile for WebStorm
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/webstorm.local 4include webstorm.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.WebStorm* 8noblacklist ${HOME}/.WebStorm*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -17,11 +17,11 @@ noblacklist ${HOME}/.tooling
17noblacklist ${PATH}/node 17noblacklist ${PATH}/node
18noblacklist ${HOME}/.nvm 18noblacklist ${HOME}/.nvm
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile
index 0da7d45d6..4e9d6826c 100644
--- a/etc/weechat-curses.profile
+++ b/etc/weechat-curses.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/weechat.profile 6include weechat.profile
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 213271367..99b34048f 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -2,14 +2,14 @@
2# Description: Fast, light and extensible chat client 2# Description: Fast, light and extensible chat client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/weechat.local 5include weechat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.weechat 9noblacklist ${HOME}/.weechat
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15netfilter 15netfilter
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index 215d2e72d..a67d3a1b8 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -2,19 +2,19 @@
2# Description: Fantasy turn-based strategy game 2# Description: Fantasy turn-based strategy game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wesnoth.local 5include wesnoth.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/wesnoth 9noblacklist ${HOME}/.cache/wesnoth
10noblacklist ${HOME}/.config/wesnoth 10noblacklist ${HOME}/.config/wesnoth
11noblacklist ${HOME}/.local/share/wesnoth 11noblacklist ${HOME}/.local/share/wesnoth
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/wesnoth 19mkdir ${HOME}/.cache/wesnoth
20mkdir ${HOME}/.config/wesnoth 20mkdir ${HOME}/.config/wesnoth
@@ -22,13 +22,14 @@ mkdir ${HOME}/.local/share/wesnoth
22whitelist ${HOME}/.cache/wesnoth 22whitelist ${HOME}/.cache/wesnoth
23whitelist ${HOME}/.config/wesnoth 23whitelist ${HOME}/.config/wesnoth
24whitelist ${HOME}/.local/share/wesnoth 24whitelist ${HOME}/.local/share/wesnoth
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28nodvd 28nodvd
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
34 35
diff --git a/etc/wget.profile b/etc/wget.profile
index abe2436d7..213840726 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/wget.local 6include wget.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist ${HOME}/.wgetrc 12noblacklist ${HOME}/.wgetrc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index e1fa809b4..38ec5d85d 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -1,5 +1,5 @@
1# Local customizations come here 1# Local customizations come here
2include /etc/firejail/whitelist-common.local 2include whitelist-common.local
3 3
4# common whitelist for all profiles 4# common whitelist for all profiles
5 5
@@ -13,6 +13,7 @@ whitelist ${HOME}/.config/user-dirs.dirs
13read-only ${HOME}/.config/user-dirs.dirs 13read-only ${HOME}/.config/user-dirs.dirs
14whitelist ${HOME}/.drirc 14whitelist ${HOME}/.drirc
15whitelist ${HOME}/.icons 15whitelist ${HOME}/.icons
16?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
16whitelist ${HOME}/.local/share/applications 17whitelist ${HOME}/.local/share/applications
17read-only ${HOME}/.local/share/applications 18read-only ${HOME}/.local/share/applications
18whitelist ${HOME}/.local/share/icons 19whitelist ${HOME}/.local/share/icons
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc
index 024995f20..e2210057b 100644
--- a/etc/whitelist-var-common.inc
+++ b/etc/whitelist-var-common.inc
@@ -1,5 +1,5 @@
1# Local customizations come here 1# Local customizations come here
2include /etc/firejail/whitelist-var-common.local 2include whitelist-var-common.local
3 3
4# common /var whitelist for all profiles 4# common /var whitelist for all profiles
5 5
diff --git a/etc/whois.profile b/etc/whois.profile
index 3ef2e1476..368f8b5bb 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -2,18 +2,18 @@ quiet
2# Firejail profile for whois 2# Firejail profile for whois
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/whois.local 5include whois.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11# include /etc/firejail/disable-interpreters.inc 11# include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14#include /etc/firejail/disable-xdg.inc 14#include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19# ipc-namespace 19# ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol inet,inet6 31protocol inet,inet6
31seccomp 32seccomp
diff --git a/etc/wine.profile b/etc/wine.profile
index 88cdd2ffc..34c695cf1 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -2,9 +2,9 @@
2# Description: A compatibility layer for running Windows programs 2# Description: A compatibility layer for running Windows programs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wine.local 5include wine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.local/share/Steam 10noblacklist ${HOME}/.local/share/Steam
@@ -14,10 +14,10 @@ noblacklist ${HOME}/.wine
14# with >=llvm-4 mesa drivers need llvm stuff 14# with >=llvm-4 mesa drivers need llvm stuff
15noblacklist /usr/lib/llvm* 15noblacklist /usr/lib/llvm*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index 64d2cefd5..f464a2fb9 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -1,23 +1,23 @@
1# Firejail profile for wire-desktop 1# Firejail profile for wire-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/wire-desktop.local 4include wire-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Wire 8noblacklist ${HOME}/.config/Wire
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.config/Wire 16mkdir ${HOME}/.config/Wire
17whitelist ${HOME}/.config/Wire 17whitelist ${HOME}/.config/Wire
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19 19
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,inet,inet6,netlink 30protocol unix,inet,inet6,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile
index 26747379a..14978013d 100644
--- a/etc/wireshark-gtk.profile
+++ b/etc/wireshark-gtk.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/wireshark.profile 7include wireshark.profile
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile
index 26747379a..14978013d 100644
--- a/etc/wireshark-qt.profile
+++ b/etc/wireshark-qt.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/wireshark.profile 7include wireshark.profile
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 330f0140e..4f1142826 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -2,9 +2,9 @@
2# Description: Network traffic analyzer 2# Description: Network traffic analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wireshark.local 5include wireshark.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/wireshark 9noblacklist ${HOME}/.config/wireshark
10noblacklist ${HOME}/.wireshark 10noblacklist ${HOME}/.wireshark
@@ -16,14 +16,14 @@ noblacklist /usr/lib/lua
16noblacklist /usr/include/lua* 16noblacklist /usr/include/lua*
17noblacklist /usr/share/lua 17noblacklist /usr/share/lua
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28apparmor 28apparmor
29# caps.drop all 29# caps.drop all
@@ -36,6 +36,7 @@ no3d
36nodvd 36nodvd
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40# protocol unix,inet,inet6,netlink 41# protocol unix,inet,inet6,netlink
41# seccomp - breaks network traffic capture for unprivileged users 42# seccomp - breaks network traffic capture for unprivileged users
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index ac8f0fe2a..e21b74030 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -1,9 +1,9 @@
1# Firejail profile for x-terminal-emulator 1# Firejail profile for x-terminal-emulator
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/x-terminal-emulator.local 4include x-terminal-emulator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8caps.drop all 8caps.drop all
9ipc-namespace 9ipc-namespace
@@ -12,6 +12,7 @@ netfilter
12nodbus 12nodbus
13nogroups 13nogroups
14noroot 14noroot
15nou2f
15protocol unix 16protocol unix
16seccomp 17seccomp
17 18
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index dd7c66523..1941787b1 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -1,18 +1,18 @@
1# Firejail profile for xcalc 1# Firejail profile for xcalc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xcalc.local 4include xcalc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8include /etc/firejail/disable-common.inc 8include disable-common.inc
9include /etc/firejail/disable-devel.inc 9include disable-devel.inc
10include /etc/firejail/disable-interpreters.inc 10include disable-interpreters.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13include /etc/firejail/disable-xdg.inc 13include disable-xdg.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/xchat.profile b/etc/xchat.profile
index af6da1ac5..a94444aab 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -2,15 +2,15 @@
2# Description: IRC client for X similar to AmIRC 2# Description: IRC client for X similar to AmIRC
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xchat.local 5include xchat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xchat 9noblacklist ${HOME}/.config/xchat
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16nodvd 16nodvd
diff --git a/etc/xed.profile b/etc/xed.profile
index f65b52658..7dffae05a 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -1,9 +1,9 @@
1# Firejail profile for xed 1# Firejail profile for xed
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xed.local 4include xed.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/xed 8noblacklist ${HOME}/.config/xed
9 9
@@ -13,13 +13,13 @@ noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2* 13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24# apparmor - makes settings immutable 24# apparmor - makes settings immutable
25caps.drop all 25caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
index 207e62232..3dc525755 100644
--- a/etc/xfburn.profile
+++ b/etc/xfburn.profile
@@ -2,17 +2,17 @@
2# Description: CD-burner application for Xfce Desktop Environment 2# Description: CD-burner application for Xfce Desktop Environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfburn.local 5include xfburn.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfburn 9noblacklist ${HOME}/.config/xfburn
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile
index e84c78b24..0dc021ef3 100644
--- a/etc/xfce4-dict.profile
+++ b/etc/xfce4-dict.profile
@@ -2,17 +2,17 @@
2# Description: Dictionary plugin for Xfce4 panel 2# Description: Dictionary plugin for Xfce4 panel
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfce4-dict.local 5include xfce4-dict.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfce4-dict 9noblacklist ${HOME}/.config/xfce4-dict
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile
index 99aeebb7f..df1b575b2 100644
--- a/etc/xfce4-notes.profile
+++ b/etc/xfce4-notes.profile
@@ -2,19 +2,19 @@
2# Description: Notes application for the Xfce4 desktop 2# Description: Notes application for the Xfce4 desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfce4-notes.local 5include xfce4-notes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc 9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc 10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
11noblacklist ${HOME}/.local/share/notes 11noblacklist ${HOME}/.local/share/notes
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 703579562..6adfcd819 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -2,24 +2,24 @@
2# Description: Environment for Bible reading, study, and research 2# Description: Environment for Bible reading, study, and research
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xiphos.local 5include xiphos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
11noblacklist ${HOME}/.sword 11noblacklist ${HOME}/.sword
12noblacklist ${HOME}/.xiphos 12noblacklist ${HOME}/.xiphos
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist ${HOME}/.sword 20whitelist ${HOME}/.sword
21whitelist ${HOME}/.xiphos 21whitelist ${HOME}/.xiphos
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/xmms.profile b/etc/xmms.profile
index d016e0c23..7a11e1244 100644
--- a/etc/xmms.profile
+++ b/etc/xmms.profile
@@ -1,19 +1,19 @@
1# Firejail profile for xmms 1# Firejail profile for xmms
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmms.local 4include xmms.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmms 8noblacklist ${HOME}/.xmms
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -21,6 +21,7 @@ no3d
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile
index 7a445f6a5..25b2b8c91 100644
--- a/etc/xmr-stak.profile
+++ b/etc/xmr-stak.profile
@@ -1,22 +1,22 @@
1# Firejail profile for xmr-stak 1# Firejail profile for xmr-stak
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmr-stak.local 4include xmr-stak.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmr-stak 8noblacklist ${HOME}/.xmr-stak
9noblacklist /usr/lib/llvm* 9noblacklist /usr/lib/llvm*
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18mkdir ${HOME}/.xmr-stak 18mkdir ${HOME}/.xmr-stak
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile
index 041a063bb..8a44fb587 100644
--- a/etc/xonotic-glx.profile
+++ b/etc/xonotic-glx.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/xonotic.profile 6include xonotic.profile
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile
index 041a063bb..8a44fb587 100644
--- a/etc/xonotic-sdl.profile
+++ b/etc/xonotic-sdl.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/xonotic.profile 6include xonotic.profile
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index a7e8edc0f..054cf4896 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -2,22 +2,22 @@
2# Description: A free, fast-paced crossplatform first-person shooter 2# Description: A free, fast-paced crossplatform first-person shooter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xonotic.local 5include xonotic.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.xonotic 9noblacklist ${HOME}/.xonotic
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.xonotic 17mkdir ${HOME}/.xonotic
18whitelist ${HOME}/.xonotic 18whitelist ${HOME}/.xonotic
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index c12a3437c..4a82942ad 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -2,21 +2,21 @@
2# Description: Portable Document Format (PDF) reader 2# Description: Portable Document Format (PDF) reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xpdf.local 5include xpdf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.xpdfrc 9noblacklist ${HOME}/.xpdfrc
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile
index a422b9989..78252c134 100644
--- a/etc/xplayer-audio-preview.profile
+++ b/etc/xplayer-audio-preview.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xplayer-audio-preview 1# Firejail profile for xplayer-audio-preview
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer-audio-preview.local 4include xplayer-audio-preview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile
index 1ec5250bf..ac8986c69 100644
--- a/etc/xplayer-video-thumbnailer.profile
+++ b/etc/xplayer-video-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xplayer-video-thumbnailer 1# Firejail profile for xplayer-video-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer-video-thumbnailer.local 4include xplayer-video-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index f51362b6b..b8297295a 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -1,9 +1,9 @@
1# Firejail profile for xplayer 1# Firejail profile for xplayer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer.local 4include xplayer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/xplayer 8noblacklist ${HOME}/.config/xplayer
9noblacklist ${HOME}/.local/share/xplayer 9noblacklist ${HOME}/.local/share/xplayer
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28# apparmor - makes settings immutable 28# apparmor - makes settings immutable
29caps.drop all 29caps.drop all
@@ -32,6 +32,7 @@ netfilter
32nogroups 32nogroups
33nonewprivs 33nonewprivs
34noroot 34noroot
35nou2f
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/xpra.profile b/etc/xpra.profile
index 960c493b9..23f3294bd 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -2,9 +2,9 @@
2# Description: Tool to detach/reattach running X programs 2# Description: Tool to detach/reattach running X programs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xpra.local 5include xpra.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# 9#
10# This profile will sandbox Xpra server itself when used with firejail --x11=xpra. 10# This profile will sandbox Xpra server itself when used with firejail --x11=xpra.
@@ -22,11 +22,11 @@ noblacklist ${PATH}/python3*
22noblacklist /usr/lib/python2* 22noblacklist /usr/lib/python2*
23noblacklist /usr/lib/python3* 23noblacklist /usr/lib/python3*
24 24
25include /etc/firejail/disable-common.inc 25include disable-common.inc
26include /etc/firejail/disable-devel.inc 26include disable-devel.inc
27include /etc/firejail/disable-interpreters.inc 27include disable-interpreters.inc
28include /etc/firejail/disable-passwdmgr.inc 28include disable-passwdmgr.inc
29include /etc/firejail/disable-programs.inc 29include disable-programs.inc
30 30
31whitelist /var/lib/xkb 31whitelist /var/lib/xkb
32# whitelisting home directory, or including whitelist-common.inc 32# whitelisting home directory, or including whitelist-common.inc
@@ -41,6 +41,7 @@ nonewprivs
41#noroot 41#noroot
42nosound 42nosound
43notv 43notv
44nou2f
44novideo 45novideo
45protocol unix 46protocol unix
46seccomp 47seccomp
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile
index 4c42c147c..2d7e7644c 100644
--- a/etc/xreader-previewer.profile
+++ b/etc/xreader-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xreader-previewer 1# Firejail profile for xreader-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xreader-previewer.local 4include xreader-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xreader.profile 10include xreader.profile
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile
index bc0bcbb67..d463787e6 100644
--- a/etc/xreader-thumbnailer.profile
+++ b/etc/xreader-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xreader-thumbnailer 1# Firejail profile for xreader-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xreader-thumbnailer.local 4include xreader-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xreader.profile 10include xreader.profile
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 25e790fe0..a879e8b04 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -2,23 +2,23 @@
2# Description: Document viewer for files like PDF and Postscript. X-Apps Project. 2# Description: Document viewer for files like PDF and Postscript. X-Apps Project.
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xreader.local 5include xreader.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/xreader 9noblacklist ${HOME}/.cache/xreader
10noblacklist ${HOME}/.config/xreader 10noblacklist ${HOME}/.config/xreader
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20# Breaks xreader on Mint 18.3 20# Breaks xreader on Mint 18.3
21# include /etc/firejail/whitelist-var-common.inc 21# include whitelist-var-common.inc
22 22
23# apparmor 23# apparmor
24caps.drop all 24caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 7ecc1ca0b..e6185807e 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -1,22 +1,22 @@
1# Firejail profile for xviewer 1# Firejail profile for xviewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xviewer.local 4include xviewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
9noblacklist ${HOME}/.config/xviewer 9noblacklist ${HOME}/.config/xviewer
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/xxd.profile b/etc/xxd.profile
index baee905b7..f5072da75 100644
--- a/etc/xxd.profile
+++ b/etc/xxd.profile
@@ -2,10 +2,10 @@
2# Description: Tool to make (or reverse) a hex dump 2# Description: Tool to make (or reverse) a hex dump
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xxd.local 5include xxd.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/vim.profile 11include vim.profile
diff --git a/etc/xz.profile b/etc/xz.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xz.profile
+++ b/etc/xz.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzcat.profile b/etc/xzcat.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzcmp.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index 796c1d642..6c12f7d55 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/xzdec.local 6include xzdec.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -17,10 +17,11 @@ nodbus
17nodvd 17nodvd
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21shell none 22shell none
22tracelog 23tracelog
23 24
24private-dev 25private-dev
25 26
26include /etc/firejail/default.profile 27include default.profile
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzdiff.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzegrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzfgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzless.profile b/etc/xzless.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzless.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzmore.profile b/etc/xzmore.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzmore.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index fdb7694a5..680bef677 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for yandex-browser 1# Firejail profile for yandex-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/yandex-browser.local 4include yandex-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/yandex-browser 8noblacklist ${HOME}/.cache/yandex-browser
9noblacklist ${HOME}/.cache/yandex-browser-beta 9noblacklist ${HOME}/.cache/yandex-browser-beta
@@ -20,4 +20,4 @@ whitelist ${HOME}/.config/yandex-browser
20whitelist ${HOME}/.config/yandex-browser-beta 20whitelist ${HOME}/.config/yandex-browser-beta
21 21
22# Redirect 22# Redirect
23include /etc/firejail/chromium-common.profile 23include chromium-common.profile
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 75d4514b6..a9868b5ac 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/youtube-dl.local 6include youtube-dl.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
@@ -36,6 +36,7 @@ nonewprivs
36noroot 36noroot
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix,inet,inet6 41protocol unix,inet,inet6
41seccomp 42seccomp
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile
index 872719ebc..cc572cbfe 100644
--- a/etc/zaproxy.profile
+++ b/etc/zaproxy.profile
@@ -2,9 +2,9 @@
2# Description: Integrated penetration testing tool for finding vulnerabilities in web applications 2# Description: Integrated penetration testing tool for finding vulnerabilities in web applications
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zaproxy.local 5include zaproxy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.ZAP 10noblacklist ${HOME}/.ZAP
@@ -15,17 +15,17 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.ZAP 24mkdir ${HOME}/.ZAP
25whitelist ${HOME}/.java 25whitelist ${HOME}/.java
26whitelist ${HOME}/.ZAP 26whitelist ${HOME}/.ZAP
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31ipc-namespace 31ipc-namespace
@@ -37,6 +37,7 @@ nonewprivs
37noroot 37noroot
38nosound 38nosound
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/zart.profile b/etc/zart.profile
index a4b22ed5d..32df94841 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -2,19 +2,19 @@
2# Description: A GUI for G'MIC real-time manipulations on the output of a webcam 2# Description: A GUI for G'MIC real-time manipulations on the output of a webcam
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zart.local 5include zart.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10noblacklist ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28protocol unix 29protocol unix
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/zathura.profile b/etc/zathura.profile
index c1785e332..2eee47fa0 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -2,20 +2,20 @@
2# Description: Document viewer with a minimalistic interface 2# Description: Document viewer with a minimalistic interface
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zathura.local 5include zathura.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/zathura 9noblacklist ${HOME}/.config/zathura
10noblacklist ${HOME}/.local/share/zathura 10noblacklist ${HOME}/.local/share/zathura
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21machine-id 21machine-id
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30protocol unix 31protocol unix
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/zoom.profile b/etc/zoom.profile
index 419c25f18..4fbf7ca01 100644
--- a/etc/zoom.profile
+++ b/etc/zoom.profile
@@ -1,21 +1,21 @@
1# Firejail profile for zoom 1# Firejail profile for zoom
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/zoom.local 4include zoom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/zoomus.conf 8noblacklist ${HOME}/.config/zoomus.conf
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.zoom 15mkdir ${HOME}/.zoom
16whitelist ${HOME}/.cache/zoom 16whitelist ${HOME}/.cache/zoom
17whitelist ${HOME}/.zoom 17whitelist ${HOME}/.zoom
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ddc4b676d..62dc8ae10 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -15,6 +15,7 @@ JDownloader
15Mathematica 15Mathematica
16Natron 16Natron
17QMediathekView 17QMediathekView
18QOwnNotes
18Telegram 19Telegram
19Viber 20Viber
20VirtualBox 21VirtualBox
@@ -35,6 +36,7 @@ ardour5
35arduino 36arduino
36ark 37ark
37arm 38arm
39artha
38# atom 40# atom
39# atom-beta 41# atom-beta
40asunder 42asunder
@@ -270,6 +272,8 @@ lximage-qt
270lxmusic 272lxmusic
271lynx 273lynx
272macrofusion 274macrofusion
275masterpdfeditor4
276masterpdfeditor5
273mate-calc 277mate-calc
274mate-calculator 278mate-calculator
275mate-color-select 279mate-color-select
@@ -305,6 +309,7 @@ ncdu
305netsurf 309netsurf
306neverball 310neverball
307nheko 311nheko
312nitroshare
308nylas 313nylas
309obs 314obs
310odt2txt 315odt2txt
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index cae767667..19b8480f8 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -32,6 +32,7 @@
32#define RUN_FIREJAIL_DIR "/run/firejail" 32#define RUN_FIREJAIL_DIR "/run/firejail"
33#define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" 33#define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage"
34#define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place 34#define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place
35#define RUN_FIREJAIL_LIB_DIR "/run/firejail/lib"
35#define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" 36#define RUN_FIREJAIL_X11_DIR "/run/firejail/x11"
36#define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" 37#define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network"
37#define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" 38#define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth"
@@ -457,7 +458,8 @@ void fs_mnt(const int enforce);
457 458
458// profile.c 459// profile.c
459// find and read the profile specified by name from dir directory 460// find and read the profile specified by name from dir directory
460int profile_find(const char *name, const char *dir); 461int profile_find(const char *name, const char *dir, int add_ext);
462int profile_find_firejail(const char *name, int add_ext);
461// read a profile file 463// read a profile file
462void profile_read(const char *fname); 464void profile_read(const char *fname);
463// check profile line; if line == 0, this was generated from a command line option 465// check profile line; if line == 0, this was generated from a command line option
@@ -495,7 +497,7 @@ int arp_check(const char *dev, uint32_t destaddr);
495uint32_t arp_assign(const char *dev, Bridge *br); 497uint32_t arp_assign(const char *dev, Bridge *br);
496 498
497// macros.c 499// macros.c
498char *expand_home(const char *path, const char *homedir); 500char *expand_macros(const char *path);
499char *resolve_macro(const char *name); 501char *resolve_macro(const char *name);
500void invalid_filename(const char *fname, int globbing); 502void invalid_filename(const char *fname, int globbing);
501int is_macro(const char *name); 503int is_macro(const char *name);
@@ -790,16 +792,32 @@ void build_appimage_cmdline(char **command_line, char **window_title, int argc,
790 792
791// sbox.c 793// sbox.c
792// programs 794// programs
793#define PATH_FNET (LIBDIR "/firejail/fnet") 795#define PATH_FNET_MAIN (LIBDIR "/firejail/fnet") // when called from main thread
794#define PATH_FNETFILTER (LIBDIR "/firejail/fnetfilter") 796#define PATH_FNET (RUN_FIREJAIL_LIB_DIR "/fnet") // when called from sandbox thread
797
798//#define PATH_FNETFILTER (LIBDIR "/firejail/fnetfilter")
799#define PATH_FNETFILTER (RUN_FIREJAIL_LIB_DIR "/fnetfilter")
800
795#define PATH_FIREMON (PREFIX "/bin/firemon") 801#define PATH_FIREMON (PREFIX "/bin/firemon")
796#define PATH_FIREJAIL (PREFIX "/bin/firejail") 802#define PATH_FIREJAIL (PREFIX "/bin/firejail")
797#define PATH_FSECCOMP (LIBDIR "/firejail/fseccomp") 803
804#define PATH_FSECCOMP_MAIN (LIBDIR "/firejail/fseccomp") // when called from main thread
805#define PATH_FSECCOMP ( RUN_FIREJAIL_LIB_DIR "/fseccomp") // when called from sandbox thread
806
807// FSEC_PRINT is run outside of sandbox by --seccomp.print
808// it is also run from inside the sandbox by --debug; in this case we do an access(filename, X_OK) test first
798#define PATH_FSEC_PRINT (LIBDIR "/firejail/fsec-print") 809#define PATH_FSEC_PRINT (LIBDIR "/firejail/fsec-print")
799#define PATH_FSEC_OPTIMIZE (LIBDIR "/firejail/fsec-optimize") 810
800#define PATH_FCOPY (LIBDIR "/firejail/fcopy") 811//#define PATH_FSEC_OPTIMIZE (LIBDIR "/firejail/fsec-optimize")
812#define PATH_FSEC_OPTIMIZE (RUN_FIREJAIL_LIB_DIR "/fsec-optimize")
813
814//#define PATH_FCOPY (LIBDIR "/firejail/fcopy")
815#define PATH_FCOPY (RUN_FIREJAIL_LIB_DIR "/fcopy")
816
801#define SBOX_STDIN_FILE "/run/firejail/mnt/sbox_stdin" 817#define SBOX_STDIN_FILE "/run/firejail/mnt/sbox_stdin"
802#define PATH_FLDD (LIBDIR "/firejail/fldd") 818
819//#define PATH_FLDD (LIBDIR "/firejail/fldd")
820#define PATH_FLDD (RUN_FIREJAIL_LIB_DIR "/fldd")
803 821
804// bitmapped filters for sbox_run 822// bitmapped filters for sbox_run
805#define SBOX_ROOT (1 << 0) // run the sandbox as root 823#define SBOX_ROOT (1 << 0) // run the sandbox as root
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index b958df81a..3ce2c7571 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -257,8 +257,6 @@ static void globbing(OPERATION op, const char *pattern, const char *noblacklist[
257 257
258// blacklist files or directories by mounting empty files on top of them 258// blacklist files or directories by mounting empty files on top of them
259void fs_blacklist(void) { 259void fs_blacklist(void) {
260 char *homedir = cfg.homedir;
261 assert(homedir);
262 ProfileEntry *entry = cfg.profile; 260 ProfileEntry *entry = cfg.profile;
263 if (!entry) 261 if (!entry)
264 return; 262 return;
@@ -335,7 +333,7 @@ void fs_blacklist(void) {
335 enames = calloc(2, sizeof(char *)); 333 enames = calloc(2, sizeof(char *));
336 if (!enames) 334 if (!enames)
337 errExit("calloc"); 335 errExit("calloc");
338 enames[0] = expand_home(entry->data + 12, homedir); 336 enames[0] = expand_macros(entry->data + 12);
339 assert(enames[1] == 0); 337 assert(enames[1] == 0);
340 } 338 }
341 339
@@ -401,7 +399,7 @@ void fs_blacklist(void) {
401 } 399 }
402 400
403 // replace home macro in blacklist array 401 // replace home macro in blacklist array
404 char *new_name = expand_home(ptr, homedir); 402 char *new_name = expand_macros(ptr);
405 ptr = new_name; 403 ptr = new_name;
406 404
407 // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories 405 // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories
@@ -1197,73 +1195,78 @@ void fs_check_chroot_dir(const char *rootdir) {
1197 } 1195 }
1198 1196
1199 // check /dev 1197 // check /dev
1200 fd = openat(parentfd, "dev", O_PATH|O_CLOEXEC); 1198 char *dir = "dev";
1199 fd = openat(parentfd, dir, O_PATH|O_CLOEXEC);
1201 if (fd == -1) { 1200 if (fd == -1) {
1202 fprintf(stderr, "Error: cannot open /dev in chroot directory\n"); 1201 if (errno == ENOENT)
1203 exit(1); 1202 goto error1;
1203 else
1204 goto error2;
1204 } 1205 }
1205 if (fstat(fd, &s) == -1) 1206 if (fstat(fd, &s) == -1)
1206 errExit("fstat"); 1207 errExit("fstat");
1207 if (!S_ISDIR(s.st_mode) || s.st_uid != 0) { 1208 if (!S_ISDIR(s.st_mode) || s.st_uid != 0)
1208 fprintf(stderr, "Error: chroot /dev should be a directory owned by root\n"); 1209 goto error3;
1209 exit(1);
1210 }
1211 close(fd); 1210 close(fd);
1212 1211
1213 // check /var/tmp 1212 // check /var/tmp
1214 fd = openat(parentfd, "var/tmp", O_PATH|O_CLOEXEC); 1213 dir = "var/tmp";
1214 fd = openat(parentfd, dir, O_PATH|O_CLOEXEC);
1215 if (fd == -1) { 1215 if (fd == -1) {
1216 fprintf(stderr, "Error: cannot open /var/tmp in chroot directory\n"); 1216 if (errno == ENOENT)
1217 exit(1); 1217 goto error1;
1218 else
1219 goto error2;
1218 } 1220 }
1219 if (fstat(fd, &s) == -1) 1221 if (fstat(fd, &s) == -1)
1220 errExit("fstat"); 1222 errExit("fstat");
1221 if (!S_ISDIR(s.st_mode) || s.st_uid != 0) { 1223 if (!S_ISDIR(s.st_mode) || s.st_uid != 0)
1222 fprintf(stderr, "Error: chroot /var/tmp should be a directory owned by root\n"); 1224 goto error3;
1223 exit(1);
1224 }
1225 close(fd); 1225 close(fd);
1226 1226
1227 // check /proc 1227 // check /proc
1228 fd = openat(parentfd, "proc", O_PATH|O_CLOEXEC); 1228 dir = "proc";
1229 fd = openat(parentfd, dir, O_PATH|O_CLOEXEC);
1229 if (fd == -1) { 1230 if (fd == -1) {
1230 fprintf(stderr, "Error: cannot open /proc in chroot directory\n"); 1231 if (errno == ENOENT)
1231 exit(1); 1232 goto error1;
1233 else
1234 goto error2;
1232 } 1235 }
1233 if (fstat(fd, &s) == -1) 1236 if (fstat(fd, &s) == -1)
1234 errExit("fstat"); 1237 errExit("fstat");
1235 if (!S_ISDIR(s.st_mode) || s.st_uid != 0) { 1238 if (!S_ISDIR(s.st_mode) || s.st_uid != 0)
1236 fprintf(stderr, "Error: chroot /proc should be a directory owned by root\n"); 1239 goto error3;
1237 exit(1);
1238 }
1239 close(fd); 1240 close(fd);
1240 1241
1241 // check /tmp 1242 // check /tmp
1242 fd = openat(parentfd, "tmp", O_PATH|O_CLOEXEC); 1243 dir = "tmp";
1244 fd = openat(parentfd, dir, O_PATH|O_CLOEXEC);
1243 if (fd == -1) { 1245 if (fd == -1) {
1244 fprintf(stderr, "Error: cannot open /tmp in chroot directory\n"); 1246 if (errno == ENOENT)
1245 exit(1); 1247 goto error1;
1248 else
1249 goto error2;
1246 } 1250 }
1247 if (fstat(fd, &s) == -1) 1251 if (fstat(fd, &s) == -1)
1248 errExit("fstat"); 1252 errExit("fstat");
1249 if (!S_ISDIR(s.st_mode) || s.st_uid != 0) { 1253 if (!S_ISDIR(s.st_mode) || s.st_uid != 0)
1250 fprintf(stderr, "Error: chroot /tmp should be a directory owned by root\n"); 1254 goto error3;
1251 exit(1);
1252 }
1253 close(fd); 1255 close(fd);
1254 1256
1255 // check /etc 1257 // check /etc
1256 fd = openat(parentfd, "etc", O_PATH|O_CLOEXEC); 1258 dir = "etc";
1259 fd = openat(parentfd, dir, O_PATH|O_CLOEXEC);
1257 if (fd == -1) { 1260 if (fd == -1) {
1258 fprintf(stderr, "Error: cannot open /etc in chroot directory\n"); 1261 if (errno == ENOENT)
1259 exit(1); 1262 goto error1;
1263 else
1264 goto error2;
1260 } 1265 }
1261 if (fstat(fd, &s) == -1) 1266 if (fstat(fd, &s) == -1)
1262 errExit("fstat"); 1267 errExit("fstat");
1263 if (!S_ISDIR(s.st_mode) || s.st_uid != 0) { 1268 if (!S_ISDIR(s.st_mode) || s.st_uid != 0)
1264 fprintf(stderr, "Error: chroot /etc should be a directory owned by root\n"); 1269 goto error3;
1265 exit(1);
1266 }
1267 if (((S_IWGRP|S_IWOTH) & s.st_mode) != 0) { 1270 if (((S_IWGRP|S_IWOTH) & s.st_mode) != 0) {
1268 fprintf(stderr, "Error: only root user should be given write permission on chroot /etc\n"); 1271 fprintf(stderr, "Error: only root user should be given write permission on chroot /etc\n");
1269 exit(1); 1272 exit(1);
@@ -1300,21 +1303,34 @@ void fs_check_chroot_dir(const char *rootdir) {
1300 1303
1301 // check x11 socket directory 1304 // check x11 socket directory
1302 if (getenv("FIREJAIL_X11")) { 1305 if (getenv("FIREJAIL_X11")) {
1303 fd = openat(parentfd, "tmp/.X11-unix", O_PATH|O_CLOEXEC); 1306 dir = "tmp/.X11-unix";
1307 fd = openat(parentfd, dir, O_PATH|O_CLOEXEC);
1304 if (fd == -1) { 1308 if (fd == -1) {
1305 fprintf(stderr, "Error: cannot open /tmp/.X11-unix in chroot directory\n"); 1309 if (errno == ENOENT)
1306 exit(1); 1310 goto error1;
1311 else
1312 goto error2;
1307 } 1313 }
1308 if (fstat(fd, &s) == -1) 1314 if (fstat(fd, &s) == -1)
1309 errExit("fstat"); 1315 errExit("fstat");
1310 if (!S_ISDIR(s.st_mode) || s.st_uid != 0) { 1316 if (!S_ISDIR(s.st_mode) || s.st_uid != 0)
1311 fprintf(stderr, "Error: chroot /tmp/.X11-unix should be a directory owned by root\n"); 1317 goto error3;
1312 exit(1);
1313 }
1314 close(fd); 1318 close(fd);
1315 } 1319 }
1316 1320
1317 close(parentfd); 1321 close(parentfd);
1322 return;
1323
1324error1:
1325 fprintf(stderr, "Error: cannot find /%s in chroot directory\n", dir);
1326 exit(1);
1327error2:
1328 perror("open");
1329 fprintf(stderr, "Error: cannot open /%s in chroot directory\n", dir);
1330 exit(1);
1331error3:
1332 fprintf(stderr, "Error: chroot /%s should be a directory owned by root\n", dir);
1333 exit(1);
1318} 1334}
1319 1335
1320// chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf 1336// chroot into an existing directory; mount exiting /dev and update /etc/resolv.conf
@@ -1379,6 +1395,16 @@ void fs_chroot(const char *rootdir) {
1379 ASSERT_PERMS(rundir, 0, 0, 0755); 1395 ASSERT_PERMS(rundir, 0, 0, 0755);
1380 free(rundir); 1396 free(rundir);
1381 1397
1398 // create /run/firejail/lib directory in chroot and mount it
1399 if (asprintf(&rundir, "%s%s", rootdir, RUN_FIREJAIL_LIB_DIR) == -1)
1400 errExit("asprintf");
1401 if (mkdir(rundir, 0755) == -1 && errno != EEXIST)
1402 errExit("mkdir");
1403 ASSERT_PERMS(rundir, 0, 0, 0755);
1404 if (mount(RUN_FIREJAIL_LIB_DIR, rundir, NULL, MS_BIND|MS_REC, NULL) < 0)
1405 errExit("mount bind");
1406 free(rundir);
1407
1382 // create /run/firejail/mnt directory in chroot and mount the current one 1408 // create /run/firejail/mnt directory in chroot and mount the current one
1383 if (asprintf(&rundir, "%s%s", rootdir, RUN_MNT_DIR) == -1) 1409 if (asprintf(&rundir, "%s%s", rootdir, RUN_MNT_DIR) == -1)
1384 errExit("asprintf"); 1410 errExit("asprintf");
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 42c67452c..10232fa6e 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -355,7 +355,7 @@ void fs_check_private_dir(void) {
355 invalid_filename(cfg.home_private, 0); // no globbing 355 invalid_filename(cfg.home_private, 0); // no globbing
356 356
357 // Expand the home directory 357 // Expand the home directory
358 char *tmp = expand_home(cfg.home_private, cfg.homedir); 358 char *tmp = expand_macros(cfg.home_private);
359 cfg.home_private = realpath(tmp, NULL); 359 cfg.home_private = realpath(tmp, NULL);
360 free(tmp); 360 free(tmp);
361 361
@@ -378,7 +378,7 @@ static char *check_dir_or_file(const char *name) {
378 printf("Private home: checking %s\n", name); 378 printf("Private home: checking %s\n", name);
379 379
380 // expand home directory 380 // expand home directory
381 char *fname = expand_home(name, cfg.homedir); 381 char *fname = expand_macros(name);
382 assert(fname); 382 assert(fname);
383 383
384 // If it doesn't start with '/', it must be relative to homedir 384 // If it doesn't start with '/', it must be relative to homedir
@@ -393,6 +393,8 @@ static char *check_dir_or_file(const char *name) {
393 // we allow only files in user home directory or symbolic links to files or directories owned by the user 393 // we allow only files in user home directory or symbolic links to files or directories owned by the user
394 struct stat s; 394 struct stat s;
395 if (lstat(fname, &s) == 0 && S_ISLNK(s.st_mode)) { 395 if (lstat(fname, &s) == 0 && S_ISLNK(s.st_mode)) {
396 if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0 || fname[strlen(cfg.homedir)] != '/')
397 goto errexit;
396 if (stat(fname, &s) == 0) { 398 if (stat(fname, &s) == 0) {
397 if (s.st_uid != getuid()) { 399 if (s.st_uid != getuid()) {
398 fprintf(stderr, "Error: symbolic link %s to file or directory not owned by the user\n", fname); 400 fprintf(stderr, "Error: symbolic link %s to file or directory not owned by the user\n", fname);
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index 1884f6597..1fbb073f4 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -189,7 +189,7 @@ void fs_resolvconf(void) {
189char *fs_check_hosts_file(const char *fname) { 189char *fs_check_hosts_file(const char *fname) {
190 assert(fname); 190 assert(fname);
191 invalid_filename(fname, 0); // no globbing 191 invalid_filename(fname, 0); // no globbing
192 char *rv = expand_home(fname, cfg.homedir); 192 char *rv = expand_macros(fname);
193 193
194 // no a link 194 // no a link
195 if (is_link(rv)) 195 if (is_link(rv))
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c
index ea5edfabe..2c21e5dc7 100644
--- a/src/firejail/fs_lib2.c
+++ b/src/firejail/fs_lib2.c
@@ -38,6 +38,7 @@ typedef struct liblist_t {
38 38
39static LibList libc_list[] = { 39static LibList libc_list[] = {
40 { "libselinux.so.", 0 }, 40 { "libselinux.so.", 0 },
41 { "libapparmor.so.", 0},
41 { "ld-linux-x86-64.so.", 0 }, 42 { "ld-linux-x86-64.so.", 0 },
42 { "libanl.so.", 0 }, 43 { "libanl.so.", 0 },
43 { "libc.so.", 0 }, 44 { "libc.so.", 0 },
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c
index b66068a95..913f7502d 100644
--- a/src/firejail/fs_mkdir.c
+++ b/src/firejail/fs_mkdir.c
@@ -60,7 +60,7 @@ void fs_mkdir(const char *name) {
60 60
61 // check directory name 61 // check directory name
62 invalid_filename(name, 0); // no globbing 62 invalid_filename(name, 0); // no globbing
63 char *expanded = expand_home(name, cfg.homedir); 63 char *expanded = expand_macros(name);
64 if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && 64 if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
65 strncmp(expanded, "/tmp", 4) != 0) { 65 strncmp(expanded, "/tmp", 4) != 0) {
66 fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n"); 66 fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n");
@@ -100,7 +100,7 @@ void fs_mkfile(const char *name) {
100 100
101 // check file name 101 // check file name
102 invalid_filename(name, 0); // no globbing 102 invalid_filename(name, 0); // no globbing
103 char *expanded = expand_home(name, cfg.homedir); 103 char *expanded = expand_macros(name);
104 if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 && 104 if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
105 strncmp(expanded, "/tmp", 4) != 0) { 105 strncmp(expanded, "/tmp", 4) != 0) {
106 fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n"); 106 fprintf(stderr, "Error: only files in user home or /tmp are supported by mkfile\n");
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 38ab7e2f8..235e09291 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -51,7 +51,7 @@ void fs_trace(void) {
51 FILE *fp = fopen(RUN_LDPRELOAD_FILE, "w"); 51 FILE *fp = fopen(RUN_LDPRELOAD_FILE, "w");
52 if (!fp) 52 if (!fp)
53 errExit("fopen"); 53 errExit("fopen");
54 const char *prefix = LIBDIR "/firejail"; 54 const char *prefix = RUN_FIREJAIL_LIB_DIR;
55 55
56 if (arg_trace) { 56 if (arg_trace) {
57 fprintf(fp, "%s/libtrace.so\n", prefix); 57 fprintf(fp, "%s/libtrace.so\n", prefix);
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index 454715a71..1092268f9 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -34,6 +34,7 @@
34 34
35#define EMPTY_STRING ("") 35#define EMPTY_STRING ("")
36#define MAXBUF 4098 36#define MAXBUF 4098
37static size_t homedir_len; // cache length of homedir string
37 38
38 39
39static int mkpath(const char* path, mode_t mode) { 40static int mkpath(const char* path, mode_t mode) {
@@ -42,7 +43,7 @@ static int mkpath(const char* path, mode_t mode) {
42 43
43 // create directories with uid/gid as root or as current user if inside home directory 44 // create directories with uid/gid as root or as current user if inside home directory
44 int userhome = 0; 45 int userhome = 0;
45 if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) == 0) { 46 if (strncmp(path, cfg.homedir, homedir_len) == 0) {
46 EUID_USER(); 47 EUID_USER();
47 userhome = 1; 48 userhome = 1;
48 } 49 }
@@ -123,12 +124,12 @@ static void whitelist_path(ProfileEntry *entry) {
123 char *wfile = NULL; 124 char *wfile = NULL;
124 125
125 if (entry->home_dir) { 126 if (entry->home_dir) {
126 if (strncmp(path, cfg.homedir, strlen(cfg.homedir)) != 0 || path[strlen(cfg.homedir)] != '/') 127 if (strncmp(path, cfg.homedir, homedir_len) != 0 || path[homedir_len] != '/')
127 // either symlink pointing outside home directory 128 // either symlink pointing outside home directory
128 // or entire home directory, skip the mount 129 // or entire home directory, skip the mount
129 return; 130 return;
130 131
131 fname = path + strlen(cfg.homedir) + 1; // strlen("/home/user/") 132 fname = path + homedir_len + 1; // strlen("/home/user/")
132 133
133 if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_HOME_USER_DIR, fname) == -1) 134 if (asprintf(&wfile, "%s/%s", RUN_WHITELIST_HOME_USER_DIR, fname) == -1)
134 errExit("asprintf"); 135 errExit("asprintf");
@@ -331,6 +332,7 @@ void fs_whitelist(void) {
331 if (!entry) 332 if (!entry)
332 return; 333 return;
333 334
335 homedir_len = strlen(cfg.homedir);
334 char *new_name = NULL; 336 char *new_name = NULL;
335 int home_dir = 0; // /home/user directory flag 337 int home_dir = 0; // /home/user directory flag
336 int tmp_dir = 0; // /tmp directory flag 338 int tmp_dir = 0; // /tmp directory flag
@@ -368,7 +370,7 @@ void fs_whitelist(void) {
368 char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10; 370 char *dataptr = (nowhitelist_flag)? entry->data + 12: entry->data + 10;
369 371
370 // replace ~/ or ${HOME} into /home/username or resolve macro 372 // replace ~/ or ${HOME} into /home/username or resolve macro
371 new_name = expand_home(dataptr, cfg.homedir); 373 new_name = expand_macros(dataptr);
372 assert(new_name); 374 assert(new_name);
373 375
374 // mount empty home directory if resolving the macro was not successful 376 // mount empty home directory if resolving the macro was not successful
@@ -430,7 +432,7 @@ void fs_whitelist(void) {
430 432
431 // if 1 the file was not found; mount an empty directory 433 // if 1 the file was not found; mount an empty directory
432 if (!nowhitelist_flag) { 434 if (!nowhitelist_flag) {
433 if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { 435 if (strncmp(new_name, cfg.homedir, homedir_len) == 0 && new_name[homedir_len] == '/') {
434 if(!arg_private) 436 if(!arg_private)
435 home_dir = 1; 437 home_dir = 1;
436 } 438 }
@@ -483,7 +485,7 @@ void fs_whitelist(void) {
483 } 485 }
484 486
485 // check for supported directories 487 // check for supported directories
486 if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { 488 if (strncmp(new_name, cfg.homedir, homedir_len) == 0 && new_name[homedir_len] == '/') {
487 // whitelisting home directory is disabled if --private option is present 489 // whitelisting home directory is disabled if --private option is present
488 if (arg_private) { 490 if (arg_private) {
489 if (arg_debug || arg_debug_whitelists) 491 if (arg_debug || arg_debug_whitelists)
@@ -504,7 +506,7 @@ void fs_whitelist(void) {
504 506
505 // both path and absolute path are in user home, 507 // both path and absolute path are in user home,
506 // if not check if the symlink destination is owned by the user 508 // if not check if the symlink destination is owned by the user
507 if (strncmp(fname, cfg.homedir, strlen(cfg.homedir)) != 0 || fname[strlen(cfg.homedir)] != '/') { 509 if (strncmp(fname, cfg.homedir, homedir_len) != 0 || fname[homedir_len] != '/') {
508 if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) { 510 if (checkcfg(CFG_FOLLOW_SYMLINK_AS_USER)) {
509 if (stat(fname, &s) == 0 && s.st_uid != getuid()) { 511 if (stat(fname, &s) == 0 && s.st_uid != getuid()) {
510 free(fname); 512 free(fname);
diff --git a/src/firejail/join.c b/src/firejail/join.c
index c2b207c52..c849b200c 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -436,8 +436,18 @@ void join(pid_t pid, int argc, char **argv, int index) {
436 // it will never get here!!! 436 // it will never get here!!!
437 } 437 }
438 438
439 int status = 0;
439 // wait for the child to finish 440 // wait for the child to finish
440 waitpid(child, NULL, 0); 441 waitpid(child, &status, 0);
441 flush_stdin(); 442 flush_stdin();
442 exit(0); 443
444 if (WIFEXITED(status)) {
445 status = WEXITSTATUS(status);
446 } else if (WIFSIGNALED(status)) {
447 status = WTERMSIG(status);
448 } else {
449 status = 0;
450 }
451
452 exit(status);
443} 453}
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 4bf3d3589..59b5db3d8 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -192,9 +192,8 @@ char *resolve_macro(const char *name) {
192// directory (supplied). 192// directory (supplied).
193// The return value is allocated using malloc and must be freed by the caller. 193// The return value is allocated using malloc and must be freed by the caller.
194// The function returns NULL if there are any errors. 194// The function returns NULL if there are any errors.
195char *expand_home(const char *path, const char *homedir) { 195char *expand_macros(const char *path) {
196 assert(path); 196 assert(path);
197 assert(homedir);
198 197
199 int called_as_root = 0; 198 int called_as_root = 0;
200 199
@@ -210,14 +209,14 @@ char *expand_home(const char *path, const char *homedir) {
210 // Replace home macro 209 // Replace home macro
211 char *new_name = NULL; 210 char *new_name = NULL;
212 if (strncmp(path, "${HOME}", 7) == 0) { 211 if (strncmp(path, "${HOME}", 7) == 0) {
213 if (asprintf(&new_name, "%s%s", homedir, path + 7) == -1) 212 if (asprintf(&new_name, "%s%s", cfg.homedir, path + 7) == -1)
214 errExit("asprintf"); 213 errExit("asprintf");
215 if(called_as_root) 214 if(called_as_root)
216 EUID_ROOT(); 215 EUID_ROOT();
217 return new_name; 216 return new_name;
218 } 217 }
219 else if (*path == '~') { 218 else if (*path == '~') {
220 if (asprintf(&new_name, "%s%s", homedir, path + 1) == -1) 219 if (asprintf(&new_name, "%s%s", cfg.homedir, path + 1) == -1)
221 errExit("asprintf"); 220 errExit("asprintf");
222 if(called_as_root) 221 if(called_as_root)
223 EUID_ROOT(); 222 EUID_ROOT();
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 315a7260a..29e3df7c6 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -456,7 +456,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
456#ifdef HAVE_SECCOMP 456#ifdef HAVE_SECCOMP
457 else if (strcmp(argv[i], "--debug-syscalls") == 0) { 457 else if (strcmp(argv[i], "--debug-syscalls") == 0) {
458 if (checkcfg(CFG_SECCOMP)) { 458 if (checkcfg(CFG_SECCOMP)) {
459 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-syscalls"); 459 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls");
460 exit(rv); 460 exit(rv);
461 } 461 }
462 else 462 else
@@ -464,7 +464,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
464 } 464 }
465 else if (strcmp(argv[i], "--debug-errnos") == 0) { 465 else if (strcmp(argv[i], "--debug-errnos") == 0) {
466 if (checkcfg(CFG_SECCOMP)) { 466 if (checkcfg(CFG_SECCOMP)) {
467 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-errnos"); 467 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-errnos");
468 exit(rv); 468 exit(rv);
469 } 469 }
470 else 470 else
@@ -482,7 +482,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
482 exit(0); 482 exit(0);
483 } 483 }
484 else if (strcmp(argv[i], "--debug-protocols") == 0) { 484 else if (strcmp(argv[i], "--debug-protocols") == 0) {
485 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-protocols"); 485 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-protocols");
486 exit(rv); 486 exit(rv);
487 } 487 }
488 else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { 488 else if (strncmp(argv[i], "--protocol.print=", 17) == 0) {
@@ -868,6 +868,7 @@ int main(int argc, char **argv) {
868 868
869 // check if the user is allowed to use firejail 869 // check if the user is allowed to use firejail
870 init_cfg(argc, argv); 870 init_cfg(argc, argv);
871 assert(cfg.homedir);
871 872
872 // get starting timestamp, process --quiet 873 // get starting timestamp, process --quiet
873 start_timestamp = getticks(); 874 start_timestamp = getticks();
@@ -1480,12 +1481,37 @@ int main(int argc, char **argv) {
1480 exit(1); 1481 exit(1);
1481 } 1482 }
1482 1483
1483 char *ppath = expand_home(argv[i] + 10, cfg.homedir); 1484 char *ppath = expand_macros(argv[i] + 10);
1484 if (!ppath) 1485 if (!ppath)
1485 errExit("strdup"); 1486 errExit("strdup");
1486 1487
1487 profile_read(ppath); 1488 if (access(ppath, R_OK)) {
1488 custom_profile = 1; 1489 char *ptr = ppath;
1490 while (*ptr != '/' && *ptr != '.' && *ptr != '\0')
1491 ptr++;
1492 // profile path contains no / or . chars,
1493 // assume its a profile name
1494 if (*ptr != '\0') {
1495 fprintf(stderr, "Error: inaccessible profile file: %s\n", ppath);
1496 exit(1);
1497 }
1498
1499 // profile was not read in previously, try to see if
1500 // we were given a profile name.
1501 if (!profile_find_firejail(ppath, 1)) {
1502 // do not fall through to default profile,
1503 // because the user should be notified that
1504 // given profile arg could not be used.
1505 fprintf(stderr, "Error: no profile with name \"%s\" found.\n", ppath);
1506 exit(1);
1507 }
1508 else
1509 custom_profile = 1;
1510 }
1511 else {
1512 profile_read(ppath);
1513 custom_profile = 1;
1514 }
1489 free(ppath); 1515 free(ppath);
1490 } 1516 }
1491 else if (strcmp(argv[i], "--noprofile") == 0) { 1517 else if (strcmp(argv[i], "--noprofile") == 0) {
@@ -2326,21 +2352,8 @@ int main(int argc, char **argv) {
2326 2352
2327 2353
2328 // load the profile 2354 // load the profile
2329 if (!arg_noprofile) { 2355 if (!arg_noprofile && !custom_profile) {
2330 if (!custom_profile) { 2356 custom_profile = profile_find_firejail(cfg.command_name, 1);
2331 // look for a profile in ~/.config/firejail directory
2332 char *usercfgdir;
2333 if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1)
2334 errExit("asprintf");
2335 int rv = profile_find(cfg.command_name, usercfgdir);
2336 free(usercfgdir);
2337 custom_profile = rv;
2338 }
2339 if (!custom_profile) {
2340 // look for a user profile in /etc/firejail directory
2341 int rv = profile_find(cfg.command_name, SYSCONFDIR);
2342 custom_profile = rv;
2343 }
2344 } 2357 }
2345 2358
2346 // use default.profile as the default 2359 // use default.profile as the default
@@ -2351,16 +2364,7 @@ int main(int argc, char **argv) {
2351 if (arg_debug) 2364 if (arg_debug)
2352 printf("Attempting to find %s.profile...\n", profile_name); 2365 printf("Attempting to find %s.profile...\n", profile_name);
2353 2366
2354 // look for the profile in ~/.config/firejail directory 2367 custom_profile = profile_find_firejail(profile_name, 1);
2355 char *usercfgdir;
2356 if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1)
2357 errExit("asprintf");
2358 custom_profile = profile_find(profile_name, usercfgdir);
2359 free(usercfgdir);
2360
2361 if (!custom_profile)
2362 // look for the profile in /etc/firejail directory
2363 custom_profile = profile_find(profile_name, SYSCONFDIR);
2364 2368
2365 if (!custom_profile) { 2369 if (!custom_profile) {
2366 fprintf(stderr, "Error: no default.profile installed\n"); 2370 fprintf(stderr, "Error: no default.profile installed\n");
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c
index e3c750767..cdb4c6514 100644
--- a/src/firejail/network_main.c
+++ b/src/firejail/network_main.c
@@ -157,7 +157,7 @@ void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child) {
157 char *cstr; 157 char *cstr;
158 if (asprintf(&cstr, "%d", child) == -1) 158 if (asprintf(&cstr, "%d", child) == -1)
159 errExit("asprintf"); 159 errExit("asprintf");
160 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 7, PATH_FNET, "create", "veth", dev, ifname, br->dev, cstr); 160 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 7, PATH_FNET_MAIN, "create", "veth", dev, ifname, br->dev, cstr);
161 free(cstr); 161 free(cstr);
162 162
163 char *msg; 163 char *msg;
@@ -332,42 +332,42 @@ void network_main(pid_t child) {
332 net_configure_veth_pair(&cfg.bridge0, "eth0", child); 332 net_configure_veth_pair(&cfg.bridge0, "eth0", child);
333 } 333 }
334 else 334 else
335 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr); 335 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge0.devsandbox, cfg.bridge0.dev, cstr);
336 } 336 }
337 337
338 if (cfg.bridge1.configured) { 338 if (cfg.bridge1.configured) {
339 if (cfg.bridge1.macvlan == 0) 339 if (cfg.bridge1.macvlan == 0)
340 net_configure_veth_pair(&cfg.bridge1, "eth1", child); 340 net_configure_veth_pair(&cfg.bridge1, "eth1", child);
341 else 341 else
342 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr); 342 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge1.devsandbox, cfg.bridge1.dev, cstr);
343 } 343 }
344 344
345 if (cfg.bridge2.configured) { 345 if (cfg.bridge2.configured) {
346 if (cfg.bridge2.macvlan == 0) 346 if (cfg.bridge2.macvlan == 0)
347 net_configure_veth_pair(&cfg.bridge2, "eth2", child); 347 net_configure_veth_pair(&cfg.bridge2, "eth2", child);
348 else 348 else
349 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr); 349 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge2.devsandbox, cfg.bridge2.dev, cstr);
350 } 350 }
351 351
352 if (cfg.bridge3.configured) { 352 if (cfg.bridge3.configured) {
353 if (cfg.bridge3.macvlan == 0) 353 if (cfg.bridge3.macvlan == 0)
354 net_configure_veth_pair(&cfg.bridge3, "eth3", child); 354 net_configure_veth_pair(&cfg.bridge3, "eth3", child);
355 else 355 else
356 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr); 356 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 6, PATH_FNET_MAIN, "create", "macvlan", cfg.bridge3.devsandbox, cfg.bridge3.dev, cstr);
357 } 357 }
358 358
359 // move interfaces in sandbox 359 // move interfaces in sandbox
360 if (cfg.interface0.configured) { 360 if (cfg.interface0.configured) {
361 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface0.dev, cstr); 361 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface0.dev, cstr);
362 } 362 }
363 if (cfg.interface1.configured) { 363 if (cfg.interface1.configured) {
364 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface1.dev, cstr); 364 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface1.dev, cstr);
365 } 365 }
366 if (cfg.interface2.configured) { 366 if (cfg.interface2.configured) {
367 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface2.dev, cstr); 367 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface2.dev, cstr);
368 } 368 }
369 if (cfg.interface3.configured) { 369 if (cfg.interface3.configured) {
370 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET, "moveif", cfg.interface3.dev, cstr); 370 sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 4, PATH_FNET_MAIN, "moveif", cfg.interface3.dev, cstr);
371 } 371 }
372 372
373 free(cstr); 373 free(cstr);
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index f519ed85f..236f7f427 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -62,6 +62,10 @@ void preproc_build_firejail_dir(void) {
62 create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755); 62 create_empty_dir_as_root(RUN_FIREJAIL_APPIMAGE_DIR, 0755);
63 } 63 }
64 64
65 if (stat(RUN_FIREJAIL_LIB_DIR, &s)) {
66 create_empty_dir_as_root(RUN_FIREJAIL_LIB_DIR, 0755);
67 }
68
65 if (stat(RUN_MNT_DIR, &s)) { 69 if (stat(RUN_MNT_DIR, &s)) {
66 create_empty_dir_as_root(RUN_MNT_DIR, 0755); 70 create_empty_dir_as_root(RUN_MNT_DIR, 0755);
67 } 71 }
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index db58d2e0b..c7c8fd9fa 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -25,26 +25,29 @@ extern char *xephyr_screen;
25#define MAX_READ 8192 // line buffer for profile files 25#define MAX_READ 8192 // line buffer for profile files
26 26
27// find and read the profile specified by name from dir directory 27// find and read the profile specified by name from dir directory
28int profile_find(const char *name, const char *dir) { 28int profile_find(const char *name, const char *dir, int add_ext) {
29 EUID_ASSERT(); 29 EUID_ASSERT();
30 assert(name); 30 assert(name);
31 assert(dir); 31 assert(dir);
32 32
33 int rv = 0; 33 int rv = 0;
34 DIR *dp; 34 DIR *dp;
35 char *pname; 35 char *pname = NULL;
36 if (asprintf(&pname, "%s.profile", name) == -1) 36 if (add_ext)
37 errExit("asprintf"); 37 if (asprintf(&pname, "%s.profile", name) == -1)
38 errExit("asprintf");
39 else
40 name = pname;
38 41
39 dp = opendir (dir); 42 dp = opendir (dir);
40 if (dp != NULL) { 43 if (dp != NULL) {
41 struct dirent *ep; 44 struct dirent *ep;
42 while ((ep = readdir(dp)) != NULL) { 45 while ((ep = readdir(dp)) != NULL) {
43 if (strcmp(ep->d_name, pname) == 0) { 46 if (strcmp(ep->d_name, name) == 0) {
44 if (arg_debug) 47 if (arg_debug)
45 printf("Found %s profile in %s directory\n", name, dir); 48 printf("Found %s profile in %s directory\n", name, dir);
46 char *etcpname; 49 char *etcpname;
47 if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) 50 if (asprintf(&etcpname, "%s/%s", dir, name) == -1)
48 errExit("asprintf"); 51 errExit("asprintf");
49 profile_read(etcpname); 52 profile_read(etcpname);
50 free(etcpname); 53 free(etcpname);
@@ -55,10 +58,26 @@ int profile_find(const char *name, const char *dir) {
55 (void) closedir (dp); 58 (void) closedir (dp);
56 } 59 }
57 60
58 free(pname); 61 if (pname)
62 free(pname);
59 return rv; 63 return rv;
60} 64}
61 65
66// search and read the profile specified by name from firejail directories
67int profile_find_firejail(const char *name, int add_ext) {
68 // look for a profile in ~/.config/firejail directory
69 char *usercfgdir;
70 if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1)
71 errExit("asprintf");
72 int rv = profile_find(name, usercfgdir, add_ext);
73 free(usercfgdir);
74
75 if (!rv)
76 // look for a user profile in /etc/firejail directory
77 rv = profile_find(name, SYSCONFDIR, add_ext);
78
79 return rv;
80}
62 81
63//*************************************************** 82//***************************************************
64// run-time profiles 83// run-time profiles
@@ -113,12 +132,99 @@ void profile_add_ignore(const char *str) {
113} 132}
114 133
115 134
135int profile_check_conditional(char *ptr, int lineno, const char *fname) {
136 struct cond_t {
137 char *name; // conditional name
138 size_t len; // length of name
139 bool value; // true if set
140 } conditionals[] = {
141 {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0},
142 NULL
143 }, *cond = conditionals;
144 char *tmp = ptr, *msg = NULL;
145
146 if (*ptr++ != '?')
147 return 1;
148
149 while (cond->name) {
150 // continue if not this conditional
151 if (strncmp(ptr, cond->name, cond->len) != 0) {
152 cond++;
153 continue;
154 }
155 ptr += cond->len;
156
157 if (*ptr == ' ')
158 ptr++;
159 if (*ptr++ != ':') {
160 msg = "invalid syntax: colon must come after conditional";
161 ptr = tmp;
162 goto error;
163 }
164 if (*ptr == '\0') {
165 msg = "invalid conditional line: no profile line after conditional";
166 ptr = tmp;
167 goto error;
168 }
169 if (*ptr == ' ')
170 ptr++;
171
172 // if set, continue processing statement in caller
173 if (cond->value) {
174 // move ptr to start of profile line
175 ptr = strdup(ptr);
176 if (!ptr)
177 errExit("strdup");
178
179 // check that the profile line does not contain either
180 // quiet or include directives
181 if ((strncmp(ptr, "quiet", 5) == 0) ||
182 (strncmp(ptr, "include", 7) == 0)) {
183 msg = "invalid profile line: quiet and include not allowed in conditionals";
184 ptr = tmp;
185 goto error;
186 }
187 free(tmp);
188
189 // verify syntax, exit in case of error
190 if (profile_check_line(ptr, lineno, fname))
191 profile_add(ptr);
192 }
193 // tell caller to ignore
194 return 0;
195 }
196
197 tmp = ptr;
198 // get the conditional used
199 while (*tmp != ':' && *tmp != '\0')
200 tmp++;
201 *tmp = '\0';
202
203 // this was a '?' prefix, but didn't match any of the conditionals
204 msg = "invalid/unsupported conditional";
205
206error:
207 fprintf(stderr, "Error: %s (\"%s\"", msg, ptr);
208 if (lineno == 0) ;
209 else if (fname != NULL)
210 fprintf(stderr, " on line %d in %s", lineno, fname);
211 else
212 fprintf(stderr, " on line %d in the custom profile", lineno);
213 fprintf(stderr, ")\n");
214 exit(1);
215}
216
217
116// check profile line; if line == 0, this was generated from a command line option 218// check profile line; if line == 0, this was generated from a command line option
117// return 1 if the command is to be added to the linked list of profile commands 219// return 1 if the command is to be added to the linked list of profile commands
118// return 0 if the command was already executed inside the function 220// return 0 if the command was already executed inside the function
119int profile_check_line(char *ptr, int lineno, const char *fname) { 221int profile_check_line(char *ptr, int lineno, const char *fname) {
120 EUID_ASSERT(); 222 EUID_ASSERT();
121 223
224 // check and process conditional profile lines
225 if (profile_check_conditional(ptr, lineno, fname) == 0)
226 return 0;
227
122 // check ignore list 228 // check ignore list
123 if (is_in_ignore_list(ptr)) 229 if (is_in_ignore_list(ptr))
124 return 0; 230 return 0;
@@ -1261,7 +1367,7 @@ void profile_read(const char *fname) {
1261 if (ptr && strlen(ptr) == 6) 1367 if (ptr && strlen(ptr) == 6)
1262 return; 1368 return;
1263 1369
1264 fprintf(stderr, "Error: cannot access profile file\n"); 1370 fprintf(stderr, "Error: cannot access profile file: %s\n", fname);
1265 exit(1); 1371 exit(1);
1266 } 1372 }
1267 1373
@@ -1323,17 +1429,22 @@ void profile_read(const char *fname) {
1323 if (strncmp(ptr, "include ", 8) == 0) { 1429 if (strncmp(ptr, "include ", 8) == 0) {
1324 include_level++; 1430 include_level++;
1325 1431
1326 // extract profile filename and new skip params 1432 // expand macros in front of the include profile file
1327 char *newprofile = ptr + 8; // profile name 1433 char *newprofile = expand_macros(ptr + 8);
1328 1434
1329 // expand ${HOME}/ in front of the new profile file 1435 char *ptr2 = newprofile;
1330 char *newprofile2 = expand_home(newprofile, cfg.homedir); 1436 while (*ptr2 != '/' && *ptr2 != '\0')
1437 ptr2++;
1438 // profile path contains no / chars, do a search
1439 if (*ptr2 == '\0') {
1440 profile_find_firejail(newprofile, 0);
1441 }
1442 else {
1443 profile_read(newprofile);
1444 }
1331 1445
1332 // recursivity
1333 profile_read((newprofile2)? newprofile2:newprofile);
1334 include_level--; 1446 include_level--;
1335 if (newprofile2) 1447 free(newprofile);
1336 free(newprofile2);
1337 free(ptr); 1448 free(ptr);
1338 continue; 1449 continue;
1339 } 1450 }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 8eede6f93..95732b95e 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -530,14 +530,6 @@ static void enforce_filters(void) {
530#ifdef HAVE_SECCOMP 530#ifdef HAVE_SECCOMP
531 enforce_seccomp = 1; 531 enforce_seccomp = 1;
532#endif 532#endif
533 if (cfg.seccomp_list_drop) {
534 free(cfg.seccomp_list_drop);
535 cfg.seccomp_list_drop = NULL;
536 }
537 if (cfg.seccomp_list_keep) {
538 free(cfg.seccomp_list_keep);
539 cfg.seccomp_list_keep = NULL;
540 }
541 533
542 // disable all capabilities 534 // disable all capabilities
543 if (arg_caps_default_filter || arg_caps_list) 535 if (arg_caps_default_filter || arg_caps_list)
@@ -547,8 +539,7 @@ static void enforce_filters(void) {
547 // drop all supplementary groups; /etc/group file inside chroot 539 // drop all supplementary groups; /etc/group file inside chroot
548 // is controlled by a regular usr 540 // is controlled by a regular usr
549 arg_nogroups = 1; 541 arg_nogroups = 1;
550 fmessage("\n** Warning: dropping all Linux capabilities and enforcing **\n"); 542 fmessage("\n** Warning: dropping all Linux capabilities **\n");
551 fmessage("** default seccomp filter **\n\n");
552} 543}
553 544
554int sandbox(void* sandbox_arg) { 545int sandbox(void* sandbox_arg) {
@@ -587,6 +578,9 @@ int sandbox(void* sandbox_arg) {
587 } 578 }
588 // ... and mount a tmpfs on top of /run/firejail/mnt directory 579 // ... and mount a tmpfs on top of /run/firejail/mnt directory
589 preproc_mount_mnt_dir(); 580 preproc_mount_mnt_dir();
581 // bind-mount firejail binaries and helper programs
582 if (mount(LIBDIR "/firejail", RUN_FIREJAIL_LIB_DIR, "none", MS_BIND, NULL) < 0)
583 errExit("mounting " RUN_FIREJAIL_LIB_DIR);
590 584
591 //**************************** 585 //****************************
592 // log sandbox data 586 // log sandbox data
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index f54e6f744..b8f8b4f2f 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -164,7 +164,7 @@ static char *usage_str =
164 " --private-tmp - mount a tmpfs on top of /tmp directory.\n" 164 " --private-tmp - mount a tmpfs on top of /tmp directory.\n"
165 " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n" 165 " --private-opt=file,directory - build a new /opt in a temporary filesystem.\n"
166 " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n" 166 " --private-srv=file,directory - build a new /srv in a temporary filesystem.\n"
167 " --profile=filename - use a custom profile.\n" 167 " --profile=filename|profile_name - use a custom profile.\n"
168 " --profile.print=name|pid - print the name of profile file.\n" 168 " --profile.print=name|pid - print the name of profile file.\n"
169 " --profile-path=directory - use this directory to look for profile files.\n" 169 " --profile-path=directory - use this directory to look for profile files.\n"
170 " --protocol=protocol,protocol,protocol - enable protocol filter.\n" 170 " --protocol=protocol,protocol,protocol - enable protocol filter.\n"
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 0d1418b43..866ef4653 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -471,11 +471,13 @@ void trim_trailing_slash_or_dot(char *path) {
471char *line_remove_spaces(const char *buf) { 471char *line_remove_spaces(const char *buf) {
472 EUID_ASSERT(); 472 EUID_ASSERT();
473 assert(buf); 473 assert(buf);
474 if (strlen(buf) == 0) 474 size_t len = strlen(buf);
475 if (len == 0)
475 return NULL; 476 return NULL;
477 assert(len + 1 != 0 && buf[len] == '\0');
476 478
477 // allocate memory for the new string 479 // allocate memory for the new string
478 char *rv = malloc(strlen(buf) + 1); 480 char *rv = malloc(len + 1);
479 if (rv == NULL) 481 if (rv == NULL)
480 errExit("malloc"); 482 errExit("malloc");
481 483
@@ -539,12 +541,14 @@ char *split_comma(char *str) {
539char *clean_pathname(const char *path) { 541char *clean_pathname(const char *path) {
540 assert(path); 542 assert(path);
541 size_t len = strlen(path); 543 size_t len = strlen(path);
542 char *rv = calloc(len + 1, 1); 544 assert(len + 1 != 0 && path[len] == '\0');
545
546 char *rv = malloc(len + 1);
543 if (!rv) 547 if (!rv)
544 errExit("calloc"); 548 errExit("malloc");
545 549
546 if (len > 0) { 550 if (len > 0) {
547 int i, j, cnt; 551 size_t i, j, cnt;
548 for (i = 0, j = 0, cnt = 0; i < len; i++) { 552 for (i = 0, j = 0, cnt = 0; i < len; i++) {
549 if (path[i] == '/') 553 if (path[i] == '/')
550 cnt++; 554 cnt++;
@@ -556,18 +560,14 @@ char *clean_pathname(const char *path) {
556 j++; 560 j++;
557 } 561 }
558 } 562 }
563 rv[j] = '\0';
559 564
560 // remove a trailing slash 565 // remove a trailing slash
561 if (j > 1 && rv[j - 1] == '/') 566 if (j > 1 && rv[j - 1] == '/')
562 rv[j - 1] = '\0'; 567 rv[j - 1] = '\0';
563
564 size_t new_len = strlen(rv);
565 if (new_len < len) {
566 rv = realloc(rv, new_len + 1);
567 if (!rv)
568 errExit("realloc");
569 }
570 } 568 }
569 else
570 *rv = '\0';
571 571
572 return rv; 572 return rv;
573} 573}
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 17562c503..e26b5f989 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -5,12 +5,14 @@ profile \- Security profile file syntax for Firejail
5.SH USAGE 5.SH USAGE
6.TP 6.TP
7firejail \-\-profile=filename.profile 7firejail \-\-profile=filename.profile
8.RE
9firejail \-\-profile=profile_name
8 10
9.SH DESCRIPTION 11.SH DESCRIPTION
10Several command line options can be passed to the program using 12Several command line options can be passed to the program using
11profile files. Firejail chooses the profile file as follows: 13profile files. Firejail chooses the profile file as follows:
12 14
13\fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. 15\fB1.\fR If a profile file is provided by the user with \-\-profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix.
14Example: 16Example:
15.PP 17.PP
16.RS 18.RS
@@ -21,6 +23,15 @@ Reading profile /home/netblue/icecat.profile
21[...] 23[...]
22.RE 24.RE
23 25
26.PP
27.RS
28$ firejail --profile=icecat icecat-wrapper.sh
29.br
30Reading profile /etc/firejail/icecat.profile
31.br
32[...]
33.RE
34
24\fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or 35\fB2.\fR If a profile file with the same name as the application is present in ~/.config/firejail directory or
25in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: 36in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example:
26.PP 37.PP
@@ -76,6 +87,18 @@ Example: "blacklist ~/My Virtual Machines"
76\fB# this is a comment 87\fB# this is a comment
77 88
78.TP 89.TP
90\fB?CONDITIONAL: profile line
91Conditionally add profile line.
92
93Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir"
94
95This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line.
96
97Currently the only conditional supported is HAS_APPIMAGE.
98
99The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines.
100
101.TP
79\fBinclude other.profile 102\fBinclude other.profile
80Include other.profile file. 103Include other.profile file.
81 104
@@ -90,6 +113,10 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1"
90 113
91Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. 114Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file.
92 115
116The file name may also be just the name without the leading directory components. In this case, first the user config directory (${HOME}/.config/firejail) is searched for the file name and if not found then the system configuration directory is search for the file name. Note: Unlike the \-\-profile option which takes a profile name without the '.profile' suffix, include must be given the full file name.
117
118Example: "include firefox.profile" will load "${HOME}/.config/firejail/firefox.profile" file and if it does not exist "${CFG}/firefox.profile" will be loaded.
119
93System configuration files in ${CFG} are overwritten during software installation. 120System configuration files in ${CFG} are overwritten during software installation.
94Persistent configuration at system level is handled in ".local" files. For every 121Persistent configuration at system level is handled in ".local" files. For every
95profile file in ${CFG} directory, the user can create a corresponding .local file 122profile file in ${CFG} directory, the user can create a corresponding .local file
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 7427b1009..f7d18536d 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -395,7 +395,7 @@ $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox
395 395
396.TP 396.TP
397\fB\-\-disable-mnt 397\fB\-\-disable-mnt
398Disable /mnt, /media, /run/mount and /run/media access. 398Blacklist /mnt, /media, /run/mount and /run/media access.
399.br 399.br
400 400
401.br 401.br
@@ -1531,7 +1531,7 @@ drwxrwxrwt 2 nobody nogroup 4096 Apr 30 10:52 .X11-unix
1531 1531
1532 1532
1533.TP 1533.TP
1534\fB\-\-profile=filename 1534\fB\-\-profile=filename_or_profilename
1535Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path. 1535Load a custom security profile from filename. For filename use an absolute path or a path relative to the current path.
1536For more information, see \fBSECURITY PROFILES\fR section below. 1536For more information, see \fBSECURITY PROFILES\fR section below.
1537.br 1537.br
@@ -1681,12 +1681,12 @@ Enable seccomp filter and blacklist the syscalls in the default list (@default).
1681_sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime, 1681_sysctl, acct, add_key, adjtimex, afs_syscall, bdflush, bpf, break, chroot, clock_adjtime, clock_settime,
1682create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module, 1682create_module, delete_module, fanotify_init, finit_module, ftime, get_kernel_syms, getpmsg, gtty, init_module,
1683io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load, 1683io_cancel, io_destroy, io_getevents, io_setup, io_submit, ioperm, iopl, ioprio_set, kcmp, kexec_file_load,
1684kexec_load, keyctl, lock, lookup_dcookie, mbind, mfsservctl, migrate_pages, modify_ldt, mount, move_pages, mpx, 1684kexec_load, keyctl, lock, lookup_dcookie, mbind, migrate_pages, modify_ldt, mount, move_pages, mpx,
1685name_to_handle_at, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open, 1685name_to_handle_at, nfsservctl, ni_syscall, open_by_handle_at, pciconfig_iobase, pciconfig_read, pciconfig_write, perf_event_open,
1686personality, pivot_root, process_vm_readv, process_vm_writev, process_vm_writev, prof, profil, ptrace, putpmsg, 1686personality, pivot_root, process_vm_readv, process_vm_writev, prof, profil, ptrace, putpmsg,
1687query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr, 1687query_module, reboot, remap_file_pages, request_key, rtas, s390_mmio_read, s390_mmio_write, s390_runtime_instr,
1688security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot, 1688security, set_mempolicy, setdomainname, sethostname, settimeofday, sgetmask, ssetmask, stime, stty, subpage_prot,
1689swapoff, swapon, switch_endian, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup, 1689swapoff, swapon, switch_endian, sys_debug_setcontext, sysfs, syslog, tuxcall, ulimit, umount, umount2, uselib, userfaultfd, ustat, vhangup,
1690vm86, vm86old, vmsplice and vserver. 1690vm86, vm86old, vmsplice and vserver.
1691 1691
1692.br 1692.br
@@ -2701,7 +2701,7 @@ The owner of the sandbox.
2701Several command line options can be passed to the program using 2701Several command line options can be passed to the program using
2702profile files. Firejail chooses the profile file as follows: 2702profile files. Firejail chooses the profile file as follows:
2703 2703
27041. If a profile file is provided by the user with --profile option, the profile file is loaded. 27041. If a profile file is provided by the user with --profile option, the profile file is loaded. If a profile name is given, it is searched for first in the ~/.config/firejail directory and if not found then in /etc/firejail directory. Profile names do not include the .profile suffix.
2705Example: 2705Example:
2706.PP 2706.PP
2707.RS 2707.RS
@@ -2712,6 +2712,15 @@ Reading profile /home/netblue/icecat.profile
2712[...] 2712[...]
2713.RE 2713.RE
2714 2714
2715.PP
2716.RS
2717$ firejail --profile=icecat icecat-wrapper.sh
2718.br
2719Reading profile /etc/firejail/icecat.profile
2720.br
2721[...]
2722.RE
2723
27152. If a profile file with the same name as the application is present in ~/.config/firejail directory or 27242. If a profile file with the same name as the application is present in ~/.config/firejail directory or
2716in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example: 2725in /etc/firejail, the profile is loaded. ~/.config/firejail takes precedence over /etc/firejail. Example:
2717.PP 2726.PP
diff --git a/test/filters/apparmor.exp b/test/filters/apparmor.exp
new file mode 100755
index 000000000..acc42a117
--- /dev/null
+++ b/test/filters/apparmor.exp
@@ -0,0 +1,59 @@
1#!/usr/bin/expect -f
2# This file is part of Firejail project
3# Copyright (C) 2014-2018 Firejail Authors
4# License GPL v2
5
6set timeout 10
7spawn $env(SHELL)
8match_max 100000
9
10send -- "firejail --name=test1 --apparmor\r"
11expect {
12 timeout {puts "TESTING ERROR 0\n";exit}
13 "Child process initialized"
14}
15sleep 1
16
17spawn $env(SHELL)
18send -- "firejail --name=test2 --apparmor\r"
19expect {
20 timeout {puts "TESTING ERROR 1\n";exit}
21 "Child process initialized"
22}
23sleep 1
24
25spawn $env(SHELL)
26send -- "firemon --apparmor\r"
27expect {
28 timeout {puts "TESTING ERROR 2\n";exit}
29 "test1:firejail --name=test1 --apparmor"
30}
31expect {
32 timeout {puts "TESTING ERROR 3\n";exit}
33 "AppArmor: firejail-default enforce"
34}
35expect {
36 timeout {puts "TESTING ERROR 4\n";exit}
37 "test2:firejail --name=test2 --apparmor"
38}
39expect {
40 timeout {puts "TESTING ERROR 5\n";exit}
41 "AppArmor: firejail-default enforce"
42}
43after 100
44
45send -- "firejail --apparmor.print=test1\r"
46expect {
47 timeout {puts "TESTING ERROR 6\n";exit}
48 "AppArmor: firejail-default enforce"
49}
50after 100
51
52send -- "firejail --apparmor.print=test2\r"
53expect {
54 timeout {puts "TESTING ERROR 7\n";exit}
55 "AppArmor: firejail-default enforce"
56}
57after 100
58
59puts "\nall done\n"
diff --git a/test/filters/filters.sh b/test/filters/filters.sh
index 72d699415..917aa93b6 100755
--- a/test/filters/filters.sh
+++ b/test/filters/filters.sh
@@ -12,6 +12,12 @@ if [ -f /etc/debian_version ]; then
12fi 12fi
13export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail" 13export PATH="$PATH:/usr/lib/firejail:/usr/lib64/firejail"
14 14
15if [ -f /sys/kernel/security/apparmor/profiles ]; then
16 echo "TESTING: apparmor (test/filters/apparmor.exp)"
17 ./apparmor.exp
18else
19 echo "TESTING SKIP: no apparmor support in Linux kernel (test/filters/apparmor.exp)"
20fi
15 21
16if [ "$(uname -m)" = "x86_64" ]; then 22if [ "$(uname -m)" = "x86_64" ]; then
17 echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)" 23 echo "TESTING: memory-deny-write-execute (test/filters/memwrexe.exp)"
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-04 22:46:13 +0000