diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | etc/brave.profile | 24 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
3 files changed, 24 insertions, 6 deletions
@@ -363,6 +363,8 @@ SYN-cook (https://github.com/SYN-cook) | |||
363 | - blacklist nautilus and nemo in ~/.local/share/ | 363 | - blacklist nautilus and nemo in ~/.local/share/ |
364 | startx2017 (https://github.com/startx2017) | 364 | startx2017 (https://github.com/startx2017) |
365 | - syscall list update | 365 | - syscall list update |
366 | - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module, | ||
367 | settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old | ||
366 | - enable/disable join support in /etc/firejail/firejail.config | 368 | - enable/disable join support in /etc/firejail/firejail.config |
367 | - firecfg fix: create ~/.local/share/applications directory if it doesn't exist | 369 | - firecfg fix: create ~/.local/share/applications directory if it doesn't exist |
368 | - firejail.config cleanup | 370 | - firejail.config cleanup |
diff --git a/etc/brave.profile b/etc/brave.profile index d7678d5d5..a65a3adc8 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -4,18 +4,32 @@ include /etc/firejail/brave.local | |||
4 | 4 | ||
5 | # Profile for Brave browser | 5 | # Profile for Brave browser |
6 | noblacklist ~/.config/brave | 6 | noblacklist ~/.config/brave |
7 | noblacklist ~/.pki | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
10 | 11 | ||
11 | caps.drop all | 12 | #caps.drop all |
12 | netfilter | 13 | netfilter |
13 | nonewprivs | 14 | #nonewprivs |
14 | noroot | 15 | #noroot |
15 | protocol unix,inet,inet6,netlink | 16 | #protocol unix,inet,inet6,netlink |
16 | seccomp | 17 | #seccomp |
17 | 18 | ||
18 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
19 | 20 | ||
20 | mkdir ~/.config/brave | 21 | mkdir ~/.config/brave |
21 | whitelist ~/.config/brave | 22 | whitelist ~/.config/brave |
23 | mkdir ~/.pki | ||
24 | whitelist ~/.pki | ||
25 | |||
26 | # lastpass, keepass | ||
27 | # for keepass we additionally need to whitelist our .kdbx password database | ||
28 | whitelist ~/.keepass | ||
29 | whitelist ~/.config/keepass | ||
30 | whitelist ~/.config/KeePass | ||
31 | whitelist ~/.lastpass | ||
32 | whitelist ~/.config/lastpass | ||
33 | |||
34 | include /etc/firejail/whitelist-common.inc | ||
35 | |||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index f603daecb..3deeda960 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1430,7 +1430,9 @@ add_key, request_key, keyctl, uselib, acct, modify_ldt, pivot_root, io_setup, | |||
1430 | io_destroy, io_getevents, io_submit, io_cancel, | 1430 | io_destroy, io_getevents, io_submit, io_cancel, |
1431 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, | 1431 | remap_file_pages, mbind, get_mempolicy, set_mempolicy, |
1432 | migrate_pages, move_pages, vmsplice, chroot, | 1432 | migrate_pages, move_pages, vmsplice, chroot, |
1433 | tuxcall, reboot, mfsservctl and get_kernel_syms. | 1433 | tuxcall, reboot, mfsservctl, get_kernel_syms, |
1434 | bpf, clock_settime, personality, process_vm_writev, query_module, | ||
1435 | settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old | ||
1434 | .br | 1436 | .br |
1435 | 1437 | ||
1436 | .br | 1438 | .br |