aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/0ad.profile3
-rw-r--r--etc/2048-qt.profile25
-rw-r--r--etc/Thunar.profile12
-rw-r--r--etc/Xephyr.profile1
-rw-r--r--etc/Xvfb.profile1
-rw-r--r--etc/akregator.profile26
-rw-r--r--etc/ark.profile1
-rw-r--r--etc/atool.profile2
-rw-r--r--etc/audacity.profile2
-rw-r--r--etc/bitlbee.profile10
-rw-r--r--etc/bleachbit.profile2
-rw-r--r--etc/blender.profile18
-rw-r--r--etc/bless.profile2
-rw-r--r--etc/brasero.profile1
-rw-r--r--etc/caja.profile1
-rw-r--r--etc/catfish.profile1
-rw-r--r--etc/cherrytree.profile12
-rw-r--r--etc/clipit.profile24
-rw-r--r--etc/darktable.profile19
-rw-r--r--etc/dia.profile19
-rw-r--r--etc/display.profile2
-rw-r--r--etc/dolphin.profile1
-rw-r--r--etc/dropbox.profile25
-rw-r--r--etc/enchant.profile1
-rw-r--r--etc/engrampa.profile1
-rw-r--r--etc/eog.profile2
-rw-r--r--etc/evince.profile2
-rw-r--r--etc/exiftool.profile2
-rw-r--r--etc/feh.profile2
-rw-r--r--etc/file-roller.profile2
-rw-r--r--etc/file.profile2
-rw-r--r--etc/flowblade.profile10
-rw-r--r--etc/fontforge.profile19
-rw-r--r--etc/franz.profile26
-rw-r--r--etc/galculator.profile1
-rw-r--r--etc/geany.profile12
-rw-r--r--etc/gedit.profile2
-rw-r--r--etc/gimp.profile2
-rw-r--r--etc/globaltime.profile19
-rw-r--r--etc/gnome-books.profile1
-rw-r--r--etc/gnome-calculator.profile1
-rw-r--r--etc/gnome-documents.profile1
-rw-r--r--etc/gnome-music.profile1
-rw-r--r--etc/gnome-photos.profile1
-rw-r--r--etc/goobox.profile1
-rw-r--r--etc/google-play-music-desktop-player.profile20
-rw-r--r--etc/gpicview.profile1
-rw-r--r--etc/gucharmap.profile33
-rw-r--r--etc/handbrake.profile19
-rw-r--r--etc/highlight.profile2
-rw-r--r--etc/hugin.profile20
-rw-r--r--etc/img2txt.profile2
-rw-r--r--etc/inkscape.profile10
-rw-r--r--etc/jd-gui.profile2
-rw-r--r--etc/kate.profile1
-rw-r--r--etc/kcalc.profile25
-rw-r--r--etc/keepassx.profile1
-rw-r--r--etc/keepassx2.profile1
-rw-r--r--etc/keepassxc.profile2
-rw-r--r--etc/kino.profile27
-rw-r--r--etc/knotes.profile1
-rw-r--r--etc/ktorrent.profile22
-rw-r--r--etc/kwrite.profile1
-rw-r--r--etc/leafpad.profile26
-rw-r--r--etc/liferea.profile20
-rw-r--r--etc/luminance-hdr.profile10
-rw-r--r--etc/lximage-qt.profile27
-rw-r--r--etc/lxmusic.profile26
-rw-r--r--etc/mate-calc.profile28
-rw-r--r--etc/mate-color-select.profile35
-rw-r--r--etc/mate-dictionary.profile25
-rw-r--r--etc/mediainfo.profile4
-rw-r--r--etc/meld.profile2
-rw-r--r--etc/mousepad.profile1
-rw-r--r--etc/mupdf.profile2
-rw-r--r--etc/nautilus.profile2
-rw-r--r--etc/nemo.profile16
-rw-r--r--etc/odt2txt.profile2
-rw-r--r--etc/okular.profile1
-rw-r--r--etc/openshot.profile12
-rw-r--r--etc/orage.profile24
-rw-r--r--etc/pcmanfm.profile13
-rw-r--r--etc/pdfsam.profile2
-rw-r--r--etc/pdftotext.profile2
-rw-r--r--etc/peek.profile1
-rw-r--r--etc/psi-plus.profile16
-rw-r--r--etc/qemu-launcher.profile2
-rw-r--r--etc/qemu-system-x86_64.profile2
-rw-r--r--etc/qlipper.profile28
-rw-r--r--etc/ranger.profile4
-rw-r--r--etc/ristretto.profile23
-rw-r--r--etc/skype.profile5
-rw-r--r--etc/skypeforlinux.profile8
-rw-r--r--etc/synfigstudio.profile15
-rw-r--r--etc/tracker.profile1
-rw-r--r--etc/transmission-show.profile2
-rw-r--r--etc/viewnior.profile1
-rw-r--r--etc/vym.profile23
-rw-r--r--etc/xfburn.profile1
-rw-r--r--etc/xfce4-dict.profile21
-rw-r--r--etc/xfce4-notes.profile25
-rw-r--r--etc/xonotic.profile1
-rw-r--r--etc/xpdf.profile14
-rw-r--r--etc/xpra.profile1
-rw-r--r--etc/zathura.profile2
105 files changed, 519 insertions, 468 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index a564d0a09..9f33af806 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -38,3 +38,6 @@ tracelog
38private-dev 38private-dev
39private-tmp 39private-tmp
40disable-mnt 40disable-mnt
41
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
index 0dc54e675..c53cfef9d 100644
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@@ -7,24 +7,25 @@ include /etc/firejail/2048-qt.local
7 7
8noblacklist ~/.config/xiaoyong 8noblacklist ~/.config/xiaoyong
9noblacklist ~/.config/2048-qt 9noblacklist ~/.config/2048-qt
10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
13 15
14caps.drop all 16caps.drop all
15netfilter 17#ipc-namespace
18nogroups
16nonewprivs 19nonewprivs
17noroot 20noroot
18protocol unix,inet,inet6 21novideo
22protocol unix
19seccomp 23seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24nogroups
25shell none 24shell none
26# private-bin program 25
27# private-etc none 26private-dev
28# private-dev 27private-tmp
29# private-tmp 28disable-mnt
30nosound 29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/Thunar.profile b/etc/Thunar.profile
index ed8a37add..e62ce4e2d 100644
--- a/etc/Thunar.profile
+++ b/etc/Thunar.profile
@@ -16,20 +16,12 @@ include /etc/firejail/disable-devel.inc
16include /etc/firejail/disable-passwdmgr.inc 16include /etc/firejail/disable-passwdmgr.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19no3d
20nogroups
21nonewprivs 20nonewprivs
22noroot 21noroot
23nosound 22nosound
23novideo
24protocol unix 24protocol unix
25seccomp 25seccomp
26shell none 26shell none
27tracelog 27tracelog
28
29#
30# depending on your usage, you can enable some of the commands below:
31#
32# private-bin program
33# private-etc none
34# private-dev
35# private-tmp
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index 4b14b8ad2..22c0202ee 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -21,7 +21,6 @@ private
21 21
22caps.drop all 22caps.drop all
23# Xephyr needs to be allowed access to the abstract Unix socket namespace. 23# Xephyr needs to be allowed access to the abstract Unix socket namespace.
24#net none
25nogroups 24nogroups
26nonewprivs 25nonewprivs
27# In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. 26# In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix.
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 46f06871c..8eba82db1 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -22,7 +22,6 @@ private
22 22
23caps.drop all 23caps.drop all
24# Xvfb needs to be allowed access to the abstract Unix socket namespace. 24# Xvfb needs to be allowed access to the abstract Unix socket namespace.
25#net none
26nogroups 25nogroups
27nonewprivs 26nonewprivs
28# In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. 27# In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix.
diff --git a/etc/akregator.profile b/etc/akregator.profile
index 10279890e..ed79f0e94 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -5,28 +5,30 @@ include /etc/firejail/globals.local
5# Persistent customizations should go in a .local file. 5# Persistent customizations should go in a .local file.
6include /etc/firejail/akregator.local 6include /etc/firejail/akregator.local
7 7
8################################
9# Generic GUI application profile
10################################
11noblacklist ${HOME}/.config/akregatorrc 8noblacklist ${HOME}/.config/akregatorrc
12noblacklist ${HOME}/.local/share/akregator 9noblacklist ${HOME}/.local/share/akregator
10
13include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
15include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
16 15
17caps.drop all 16caps.drop all
17#ipc-namespace
18netfilter 18netfilter
19no3d
20nogroups
19nonewprivs 21nonewprivs
20noroot 22noroot
23#nosound
24novideo
21protocol unix,inet,inet6 25protocol unix,inet,inet6
22seccomp 26seccomp
27shell none
28
29private-dev
30private-tmp
31disable-mnt
23 32
24# 33noexec ${HOME}
25# depending on your usage, you can enable some of the commands below: 34noexec /tmp
26#
27# nogroups
28# shell none
29# private-bin program
30# private-etc none
31# private-dev
32# private-tmp
diff --git a/etc/ark.profile b/etc/ark.profile
index 007748ed1..7aaa0bc5a 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -14,7 +14,6 @@ include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15 15
16caps.drop all 16caps.drop all
17netfilter
18nogroups 17nogroups
19nonewprivs 18nonewprivs
20noroot 19noroot
diff --git a/etc/atool.profile b/etc/atool.profile
index a66b4b1c5..b21c5855f 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -19,8 +19,6 @@ nosound
19novideo 19novideo
20protocol unix 20protocol unix
21seccomp 21seccomp
22netfilter
23net none
24no3d 22no3d
25shell none 23shell none
26tracelog 24tracelog
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 5b38d84e8..8cea3b18d 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -15,8 +15,6 @@ include /etc/firejail/disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17#ipc-namespace 17#ipc-namespace
18net none
19netfilter
20no3d 18no3d
21nogroups 19nogroups
22nonewprivs 20nonewprivs
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index 055be09a1..2ecc0c425 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -9,13 +9,23 @@ include /etc/firejail/bitlbee.local
9noblacklist /sbin 9noblacklist /sbin
10noblacklist /usr/sbin 10noblacklist /usr/sbin
11include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
13 15
14netfilter 16netfilter
17no3d
15nonewprivs 18nonewprivs
16private 19private
17private-dev 20private-dev
18protocol unix,inet,inet6 21protocol unix,inet,inet6
19seccomp 22seccomp
20nosound 23nosound
24novideo
21read-write /var/lib/bitlbee 25read-write /var/lib/bitlbee
26
27private-dev
28private-tmp
29disable-mnt
30
31noexec /tmp
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 345dd119a..9d8ec1733 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -13,8 +13,6 @@ include /etc/firejail/disable-passwdmgr.inc
13 13
14caps.drop all 14caps.drop all
15#ipc-namespace 15#ipc-namespace
16net none
17netfilter
18no3d 16no3d
19nogroups 17nogroups
20nonewprivs 18nonewprivs
diff --git a/etc/blender.profile b/etc/blender.profile
index 6ee874ad0..b9757913d 100644
--- a/etc/blender.profile
+++ b/etc/blender.profile
@@ -7,25 +7,21 @@ include /etc/firejail/blender.local
7 7
8noblacklist ~/.config/blender 8noblacklist ~/.config/blender
9include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
12 13
13caps.drop all 14caps.drop all
14netfilter 15netfilter
16nogroups
15nonewprivs 17nonewprivs
16noroot 18noroot
17protocol unix,inet,inet6,netlink 19protocol unix,inet,inet6,netlink
18seccomp 20seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 21shell none
25# private-bin program
26# private-etc none
27# private-dev
28# private-tmp
29 22
30# blender uses the sound system 23private-dev
31# nosound 24private-tmp
25
26noexec ${HOME}
27noexec /tmp
diff --git a/etc/bless.profile b/etc/bless.profile
index c9ccfc02e..41712850e 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -21,8 +21,6 @@ include /etc/firejail/disable-devel.inc
21#Options 21#Options
22caps.drop all 22caps.drop all
23#ipc-namespace 23#ipc-namespace
24net none
25netfilter
26no3d 24no3d
27nogroups 25nogroups
28nonewprivs 26nonewprivs
diff --git a/etc/brasero.profile b/etc/brasero.profile
index d013e0b8e..1d6856b73 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -15,7 +15,6 @@ include /etc/firejail/disable-passwdmgr.inc
15 15
16caps.drop all 16caps.drop all
17#ipc-namespace 17#ipc-namespace
18net none
19nogroups 18nogroups
20nonewprivs 19nonewprivs
21noroot 20noroot
diff --git a/etc/caja.profile b/etc/caja.profile
index 3a098379b..e6f38dfa9 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -26,7 +26,6 @@ nonewprivs
26noroot 26noroot
27protocol unix 27protocol unix
28seccomp 28seccomp
29netfilter
30shell none 29shell none
31tracelog 30tracelog
32 31
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 0deaca1b5..5612d4486 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -13,7 +13,6 @@ noblacklist ~/.config/catfish
13include /etc/firejail/disable-devel.inc 13include /etc/firejail/disable-devel.inc
14 14
15caps.drop all 15caps.drop all
16net none
17no3d 16no3d
18nogroups 17nogroups
19nonewprivs 18nonewprivs
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 0ac71ca3c..b1acd78f2 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -9,18 +9,28 @@ include /etc/firejail/cherrytree.local
9noblacklist /usr/bin/python2* 9noblacklist /usr/bin/python2*
10noblacklist /usr/lib/python3* 10noblacklist /usr/lib/python3*
11noblacklist ${HOME}/.config/cherrytree 11noblacklist ${HOME}/.config/cherrytree
12
12include /etc/firejail/disable-common.inc 13include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
14include /etc/firejail/disable-devel.inc 15include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 16include /etc/firejail/disable-passwdmgr.inc
16 17
17caps.drop all 18caps.drop all
19#ipc-namespace
18netfilter 20netfilter
21no3d
19nogroups 22nogroups
20nonewprivs 23nonewprivs
21noroot 24noroot
22nosound 25nosound
23novideo 26novideo
24seccomp
25protocol unix,inet,inet6,netlink 27protocol unix,inet,inet6,netlink
28seccomp
29shell none
26tracelog 30tracelog
31
32private-dev
33private-tmp
34
35noexec ${HOME}
36noexec /tmp
diff --git a/etc/clipit.profile b/etc/clipit.profile
index b671b253b..7b1c584ac 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -8,26 +8,24 @@ include /etc/firejail/clipit.local
8noblacklist ${HOME}/.local/share/clipit 8noblacklist ${HOME}/.local/share/clipit
9noblacklist ${HOME}/.config/clipit 9noblacklist ${HOME}/.config/clipit
10include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
13 14
14caps.drop all 15caps.drop all
15netfilter 16no3d
17nogroups
16nonewprivs 18nonewprivs
17noroot 19noroot
20nosound
18novideo 21novideo
19protocol unix,inet,inet6 22protocol unix
20seccomp 23seccomp
24shell none
21 25
26private-dev
27private-tmp
28disable-mnt
22 29
23 30noexec ${HOME}
24# 31noexec /tmp
25# depending on your usage, you can enable some of the commands below:
26#
27nogroups
28shell none
29# private-bin program
30# private-etc none
31# private-dev
32# private-tmp
33nosound
diff --git a/etc/darktable.profile b/etc/darktable.profile
index 29630a746..eca2ae6c5 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -8,23 +8,24 @@ include /etc/firejail/darktable.local
8noblacklist ~/.cache/darktable 8noblacklist ~/.cache/darktable
9noblacklist ~/.config/darktable 9noblacklist ~/.config/darktable
10include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
13 14
14caps.drop all 15caps.drop all
16#ipc-namespace
15netfilter 17netfilter
18nogroups
16nonewprivs 19nonewprivs
17noroot 20noroot
21nosound
22novideo
18protocol unix,inet,inet6 23protocol unix,inet,inet6
19seccomp 24seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24# nogroups
25shell none 25shell none
26# private-bin program 26
27# private-etc none 27private-dev
28# private-dev
29private-tmp 28private-tmp
30nosound 29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/dia.profile b/etc/dia.profile
index 4e009afd7..67cd2ca63 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -7,23 +7,24 @@ include /etc/firejail/dia.local
7 7
8noblacklist ~/.dia 8noblacklist ~/.dia
9include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
12 13
13caps.drop all 14caps.drop all
14netfilter 15no3d
16nogroups
15nonewprivs 17nonewprivs
16noroot 18noroot
19nosound
17novideo 20novideo
18protocol unix,inet,inet6 21protocol unix
19seccomp 22seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24nogroups
25shell none 23shell none
26# private-bin program 24
27# private-etc none
28private-dev 25private-dev
29private-tmp 26private-tmp
27disable-mnt
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/display.profile b/etc/display.profile
index 7cde8bd54..c9744b001 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -14,8 +14,6 @@ include /etc/firejail/disable-passwdmgr.inc
14caps.drop all 14caps.drop all
15seccomp 15seccomp
16protocol unix 16protocol unix
17netfilter
18net none
19nonewprivs 17nonewprivs
20noroot 18noroot
21nogroups 19nogroups
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index 0085fb004..5ba8dd497 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -22,7 +22,6 @@ include /etc/firejail/disable-devel.inc
22include /etc/firejail/disable-passwdmgr.inc 22include /etc/firejail/disable-passwdmgr.inc
23 23
24caps.drop all 24caps.drop all
25netfilter
26nogroups 25nogroups
27nonewprivs 26nonewprivs
28noroot 27noroot
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index f1d7fad82..2319b337b 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -9,16 +9,10 @@ include /etc/firejail/dropbox.local
9noblacklist ~/.config/autostart 9noblacklist ~/.config/autostart
10noblacklist ~/.dropbox-dist 10noblacklist ~/.dropbox-dist
11include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
14 15
15caps
16nonewprivs
17noroot
18novideo
19protocol unix,inet,inet6
20seccomp
21
22mkdir ~/Dropbox 16mkdir ~/Dropbox
23whitelist ~/Dropbox 17whitelist ~/Dropbox
24mkdir ~/.dropbox 18mkdir ~/.dropbox
@@ -28,3 +22,20 @@ whitelist ~/.dropbox-dist
28 22
29mkfile ~/.config/autostart/dropbox.desktop 23mkfile ~/.config/autostart/dropbox.desktop
30whitelist ~/.config/autostart/dropbox.desktop 24whitelist ~/.config/autostart/dropbox.desktop
25
26caps.drop all
27netfilter
28no3d
29nogroups
30nonewprivs
31noroot
32nosound
33novideo
34protocol unix,inet,inet6
35seccomp
36shell none
37
38private-dev
39private-tmp
40
41noexec /tmp
diff --git a/etc/enchant.profile b/etc/enchant.profile
index 9e2dee045..97fb82da3 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -20,7 +20,6 @@ noroot
20nosound 20nosound
21protocol unix 21protocol unix
22seccomp 22seccomp
23netfilter
24shell none 23shell none
25tracelog 24tracelog
26 25
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index 081a5f6b0..a786a702c 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -19,7 +19,6 @@ nosound
19novideo 19novideo
20protocol unix 20protocol unix
21seccomp 21seccomp
22netfilter
23shell none 22shell none
24tracelog 23tracelog
25 24
diff --git a/etc/eog.profile b/etc/eog.profile
index 3abaaacef..7c21b241e 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -18,8 +18,6 @@ include /etc/firejail/disable-passwdmgr.inc
18 18
19caps.drop all 19caps.drop all
20#ipc-namespace 20#ipc-namespace
21net none
22netfilter
23no3d 21no3d
24nogroups 22nogroups
25nonewprivs 23nonewprivs
diff --git a/etc/evince.profile b/etc/evince.profile
index 6719244da..2173c7422 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -15,8 +15,6 @@ include /etc/firejail/disable-passwdmgr.inc
15 15
16caps.drop all 16caps.drop all
17#ipc-namespace 17#ipc-namespace
18netfilter
19#net none - creates some problems on some distributions
20no3d 18no3d
21nogroups 19nogroups
22nonewprivs 20nonewprivs
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index aba484718..9b0759dfe 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -23,8 +23,6 @@ noroot
23nosound 23nosound
24protocol unix 24protocol unix
25seccomp 25seccomp
26netfilter
27net none
28no3d 26no3d
29shell none 27shell none
30tracelog 28tracelog
diff --git a/etc/feh.profile b/etc/feh.profile
index f71999155..e41a4ad94 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -12,8 +12,6 @@ include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13 13
14caps.drop all 14caps.drop all
15netfilter
16net none
17nogroups 15nogroups
18nonewprivs 16nonewprivs
19noroot 17noroot
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 72d00b4ce..920a60159 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -13,8 +13,6 @@ include /etc/firejail/disable-passwdmgr.inc
13 13
14caps.drop all 14caps.drop all
15#ipc-namespace 15#ipc-namespace
16net none
17netfilter
18no3d 16no3d
19nogroups 17nogroups
20nonewprivs 18nonewprivs
diff --git a/etc/file.profile b/etc/file.profile
index 915bf1088..ffdaf9f47 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -13,8 +13,6 @@ include /etc/firejail/disable-passwdmgr.inc
13 13
14caps.drop all 14caps.drop all
15hostname file 15hostname file
16netfilter
17net none
18no3d 16no3d
19nogroups 17nogroups
20nonewprivs 18nonewprivs
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index 7f29a8719..f8d45424f 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -8,13 +8,23 @@ include /etc/firejail/flowblade.local
8# FlowBlade profile 8# FlowBlade profile
9noblacklist ${HOME}/.flowblade 9noblacklist ${HOME}/.flowblade
10noblacklist ${HOME}/.config/flowblade 10noblacklist ${HOME}/.config/flowblade
11
11include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
14 16
15caps.drop all 17caps.drop all
16netfilter 18netfilter
19nogroups
17nonewprivs 20nonewprivs
18noroot 21noroot
19protocol unix,inet,inet6,netlink 22protocol unix,inet,inet6,netlink
20seccomp 23seccomp
24shell none
25
26private-dev
27private-tmp
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
index 967a617e2..2b3d0f258 100644
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@@ -6,23 +6,24 @@ include /etc/firejail/globals.local
6include /etc/firejail/fontforge.local 6include /etc/firejail/fontforge.local
7 7
8noblacklist ${HOME}/.FontForge 8noblacklist ${HOME}/.FontForge
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-programs.inc
11include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16nogroups
15nonewprivs 17nonewprivs
16noroot 18noroot
17protocol unix,inet,inet6 19nosound
20novideo
21protocol unix
18seccomp 22seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 23shell none
25# private-bin program 24
26# private-etc none
27private-dev 25private-dev
28private-tmp 26private-tmp
27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/franz.profile b/etc/franz.profile
index c68b47d80..859c6ed9b 100644
--- a/etc/franz.profile
+++ b/etc/franz.profile
@@ -13,14 +13,6 @@ include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
14include /etc/firejail/disable-devel.inc 14include /etc/firejail/disable-devel.inc
15 15
16caps.drop all
17netfilter
18nonewprivs
19noroot
20protocol unix,inet,inet6,netlink
21seccomp
22#tracelog
23
24whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
25mkdir ~/.config/Franz 17mkdir ~/.config/Franz
26whitelist ~/.config/Franz 18whitelist ~/.config/Franz
@@ -30,3 +22,21 @@ mkdir ~/.pki
30whitelist ~/.pki 22whitelist ~/.pki
31 23
32include /etc/firejail/whitelist-common.inc 24include /etc/firejail/whitelist-common.inc
25
26caps.drop all
27#ipc-namespace
28netfilter
29nogroups
30nonewprivs
31noroot
32protocol unix,inet,inet6,netlink
33seccomp
34shell none
35tracelog
36
37private-dev
38private-tmp
39disable-mnt
40
41noexec ${HOME}
42noexec /tmp
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 897946e7a..c346a382d 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -17,7 +17,6 @@ mkdir ~/.config/galculator
17whitelist ~/.config/galculator 17whitelist ~/.config/galculator
18 18
19caps.drop all 19caps.drop all
20net none
21nogroups 20nogroups
22nonewprivs 21nonewprivs
23noroot 22noroot
diff --git a/etc/geany.profile b/etc/geany.profile
index 7e0c6d2ad..083e9423f 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -12,17 +12,15 @@ include /etc/firejail/disable-passwdmgr.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
15no3d
16nogroups
15nonewprivs 17nonewprivs
16noroot 18noroot
19nosound
20novideo
17protocol unix,inet,inet6 21protocol unix,inet,inet6
18seccomp 22seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 23shell none
25# private-bin program 24
26# private-etc none
27private-dev 25private-dev
28private-tmp 26private-tmp
diff --git a/etc/gedit.profile b/etc/gedit.profile
index d871a9bed..c1bdacf44 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -18,8 +18,6 @@ include /etc/firejail/disable-passwdmgr.inc
18 18
19caps.drop all 19caps.drop all
20#ipc-namespace 20#ipc-namespace
21netfilter
22net none
23no3d 21no3d
24nogroups 22nogroups
25nonewprivs 23nonewprivs
diff --git a/etc/gimp.profile b/etc/gimp.profile
index da521aa6c..7d2738adf 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -12,8 +12,6 @@ include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13 13
14caps.drop all 14caps.drop all
15netfilter
16net none
17nogroups 15nogroups
18nonewprivs 16nonewprivs
19noroot 17noroot
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
index 5662dba69..b9b2c008d 100644
--- a/etc/globaltime.profile
+++ b/etc/globaltime.profile
@@ -7,22 +7,25 @@ include /etc/firejail/globaltime.local
7 7
8noblacklist ${HOME}/.config/globaltime 8noblacklist ${HOME}/.config/globaltime
9include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
12 13
13caps.drop all 14caps.drop all
14netfilter 15netfilter
16no3d
17nogroups
15nonewprivs 18nonewprivs
16noroot 19noroot
20nosound
21novideo
17protocol unix,inet,inet6 22protocol unix,inet,inet6
18seccomp 23seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 24shell none
25# private-bin program 25
26# private-etc none
27private-dev 26private-dev
28# private-tmp 27private-tmp
28disable-mnt
29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
index af6da6cd4..6258b1f77 100644
--- a/etc/gnome-books.profile
+++ b/etc/gnome-books.profile
@@ -24,7 +24,6 @@ nosound
24novideo 24novideo
25protocol unix 25protocol unix
26seccomp 26seccomp
27netfilter
28shell none 27shell none
29tracelog 28tracelog
30 29
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index e64f62b70..90749be8c 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -30,6 +30,7 @@ protocol unix,inet,inet6
30seccomp 30seccomp
31shell none 31shell none
32 32
33private
33private-bin gnome-calculator 34private-bin gnome-calculator
34private-dev 35private-dev
35#private-etc fonts 36#private-etc fonts
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
index 5d2a90b64..ec5914e37 100644
--- a/etc/gnome-documents.profile
+++ b/etc/gnome-documents.profile
@@ -25,7 +25,6 @@ nosound
25novideo 25novideo
26protocol unix 26protocol unix
27seccomp 27seccomp
28netfilter
29shell none 28shell none
30tracelog 29tracelog
31 30
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index abdb6bfb5..d571aff88 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -21,7 +21,6 @@ noroot
21novideo 21novideo
22protocol unix 22protocol unix
23seccomp 23seccomp
24netfilter
25shell none 24shell none
26tracelog 25tracelog
27 26
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index 93823d0f4..158311711 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -23,7 +23,6 @@ noroot
23nosound 23nosound
24protocol unix 24protocol unix
25seccomp 25seccomp
26netfilter
27shell none 26shell none
28tracelog 27tracelog
29 28
diff --git a/etc/goobox.profile b/etc/goobox.profile
index 0ba059365..c670d5ec7 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -17,7 +17,6 @@ nonewprivs
17noroot 17noroot
18protocol unix 18protocol unix
19seccomp 19seccomp
20netfilter
21shell none 20shell none
22tracelog 21tracelog
23 22
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index ed6b11002..c373cc34c 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -13,13 +13,25 @@ include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-devel.inc 13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15 15
16#whitelist ~/.pulse
17#whitelist ~/.config/pulse
18whitelist ~/.config/Google Play Music Desktop Player
19
16caps.drop all 20caps.drop all
21#ipc-namespace
22netfilter
23no3d
24nogroups
17nonewprivs 25nonewprivs
18noroot 26noroot
19netfilter 27novideo
20protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
21seccomp 29seccomp
30shell none
22 31
23#whitelist ~/.pulse 32private-dev
24#whitelist ~/.config/pulse 33private-tmp
25whitelist ~/.config/Google Play Music Desktop Player 34disable-mnt
35
36noexec ${HOME}
37noexec /tmp
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index f457f0590..d1dee8914 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -14,7 +14,6 @@ include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15 15
16caps.drop all 16caps.drop all
17net none
18nogroups 17nogroups
19nonewprivs 18nonewprivs
20noroot 19noroot
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 929888e88..bc5d7dddf 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -5,25 +5,26 @@ include /etc/firejail/globals.local
5# Persistent customizations should go in a .local file. 5# Persistent customizations should go in a .local file.
6include /etc/firejail/gucharmap.local 6include /etc/firejail/gucharmap.local
7 7
8private 8include /etc/firejail/disable-common.inc
9#include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-devel.inc
10#include /etc/firejail/disable-programs.inc 10include /etc/firejail/disable-passwdmgr.inc
11#include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-programs.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14no3d
15nogroups
15nonewprivs 16nonewprivs
16noroot 17noroot
17protocol unix,inet,inet6 18nosound
19novideo
20protocol unix
18seccomp 21seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 22shell none
25# private-bin program 23
26# private-etc none 24private
27# private-dev 25private-dev
28# private-tmp 26private-tmp
29nosound 27disable-mnt
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index 0f3f32250..ccff63708 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -7,24 +7,23 @@ include /etc/firejail/handbrake.local
7 7
8noblacklist ~/.config/ghb 8noblacklist ~/.config/ghb
9include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
12 13
13caps.drop all 14caps.drop all
14netfilter 15netfilter
16nogroups
15nonewprivs 17nonewprivs
16noroot 18noroot
17# netlink required! 19nosound
20novideo
18protocol unix,inet,inet6,netlink 21protocol unix,inet,inet6,netlink
19seccomp 22seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24nogroups
25shell none 23shell none
26# private-bin program 24
27# private-etc none 25private-dev
28#private-dev
29private-tmp 26private-tmp
30nosound 27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/highlight.profile b/etc/highlight.profile
index 58e7f89f5..327c77696 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -18,8 +18,6 @@ noroot
18nosound 18nosound
19protocol unix 19protocol unix
20seccomp 20seccomp
21netfilter
22net none
23no3d 21no3d
24shell none 22shell none
25tracelog 23tracelog
diff --git a/etc/hugin.profile b/etc/hugin.profile
index 97a9cb1fd..5d2891321 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -6,24 +6,24 @@ include /etc/firejail/globals.local
6include /etc/firejail/hugin.local 6include /etc/firejail/hugin.local
7 7
8noblacklist ${HOME}/.hugin 8noblacklist ${HOME}/.hugin
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-programs.inc
11include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16nogroups
15nonewprivs 17nonewprivs
16noroot 18noroot
17protocol unix,inet,inet6 19nosound
20novideo
21protocol unix
18seccomp 22seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 23shell none
25# private-bin program 24
26# private-etc none
27private-dev 25private-dev
28private-tmp 26private-tmp
29nosound 27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index 00d172f55..1ac5e1fb0 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -18,8 +18,6 @@ noroot
18nosound 18nosound
19protocol unix 19protocol unix
20seccomp 20seccomp
21netfilter
22net none
23shell none 21shell none
24tracelog 22tracelog
25 23
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 0a9d409b9..450e819b9 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -8,20 +8,22 @@ include /etc/firejail/inkscape.local
8# inkscape 8# inkscape
9noblacklist ${HOME}/.inkscape 9noblacklist ${HOME}/.inkscape
10include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
13 14
14caps.drop all 15caps.drop all
15netfilter
16nogroups 16nogroups
17nonewprivs 17nonewprivs
18noroot 18noroot
19nosound 19nosound
20novideo
20protocol unix 21protocol unix
21seccomp 22seccomp
22 23shell none
23noexec ${HOME}
24noexec /tmp
25 24
26private-dev 25private-dev
27private-tmp 26private-tmp
27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 32b43cdf1..56cf43104 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -21,8 +21,6 @@ include /etc/firejail/disable-devel.inc
21#Options 21#Options
22caps.drop all 22caps.drop all
23#ipc-namespace 23#ipc-namespace
24net none
25netfilter
26no3d 24no3d
27nogroups 25nogroups
28nonewprivs 26nonewprivs
diff --git a/etc/kate.profile b/etc/kate.profile
index 832f3614f..c4178a776 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -25,7 +25,6 @@ noroot
25nosound 25nosound
26protocol unix 26protocol unix
27seccomp 27seccomp
28netfilter
29shell none 28shell none
30tracelog 29tracelog
31 30
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 0ea5dbcb3..24d7daa89 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -5,27 +5,26 @@ include /etc/firejail/globals.local
5# Persistent customizations should go in a .local file. 5# Persistent customizations should go in a .local file.
6include /etc/firejail/kcalc.local 6include /etc/firejail/kcalc.local
7 7
8################################
9# Generic GUI application profile
10################################
11include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 9include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc
14 12
15caps.drop all 13caps.drop all
16netfilter 14no3d
15nogroups
17nonewprivs 16nonewprivs
18noroot 17noroot
19protocol unix,inet,inet6 18nosound
19novideo
20protocol unix
20seccomp 21seccomp
22shell none
21 23
22#
23# depending on your usage, you can enable some of the commands below:
24#
25private 24private
26nogroups
27shell none
28# private-bin program
29# private-etc none
30private-dev 25private-dev
31private-tmp 26private-tmp
27disable-mnt
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 34e260f8f..64fe62fb6 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -18,7 +18,6 @@ include /etc/firejail/disable-passwdmgr.inc
18 18
19caps.drop all 19caps.drop all
20machine-id 20machine-id
21net none
22no3d 21no3d
23nogroups 22nogroups
24nonewprivs 23nonewprivs
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index 0536866fb..fee04b6fb 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -17,7 +17,6 @@ include /etc/firejail/disable-devel.inc
17include /etc/firejail/disable-passwdmgr.inc 17include /etc/firejail/disable-passwdmgr.inc
18 18
19caps.drop all 19caps.drop all
20net none
21no3d 20no3d
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index 4a5503944..4e4c305f0 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -16,10 +16,8 @@ include /etc/firejail/disable-programs.inc
16include /etc/firejail/disable-devel.inc 16include /etc/firejail/disable-devel.inc
17include /etc/firejail/disable-passwdmgr.inc 17include /etc/firejail/disable-passwdmgr.inc
18 18
19# To use KeePassHTTP, comment out `net none`
20caps.drop all 19caps.drop all
21#ipc-namespace 20#ipc-namespace
22net none
23no3d 21no3d
24nogroups 22nogroups
25nonewprivs 23nonewprivs
diff --git a/etc/kino.profile b/etc/kino.profile
index b37569340..73b1e060b 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -5,28 +5,25 @@ include /etc/firejail/globals.local
5# Persistent customizations should go in a .local file. 5# Persistent customizations should go in a .local file.
6include /etc/firejail/kino.local 6include /etc/firejail/kino.local
7 7
8################################
9# Generic GUI application profile
10################################
11noblacklist ~/.kinorc 8noblacklist ~/.kinorc
12noblacklist ~/.kino-history 9noblacklist ~/.kino-history
10
13include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
16 15
17caps.drop all 16caps.drop all
18netfilter 17nogroups
19nonewprivs 18nonewprivs
20noroot 19noroot
21protocol unix,inet,inet6 20novideo
21protocol unix
22seccomp 22seccomp
23shell none
24
25private-dev
26private-tmp
23 27
24# 28noexec ${HOME}
25# depending on your usage, you can enable some of the commands below: 29noexec /tmp
26#
27# nogroups
28# shell none
29# private-bin program
30# private-etc none
31# private-dev
32# private-tmp
diff --git a/etc/knotes.profile b/etc/knotes.profile
index e7da44215..6a1233db0 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -20,7 +20,6 @@ noroot
20nosound 20nosound
21protocol unix 21protocol unix
22seccomp 22seccomp
23netfilter
24shell none 23shell none
25tracelog 24tracelog
26 25
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 59c2827cd..c19f1c5ef 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -5,16 +5,15 @@ include /etc/firejail/globals.local
5# Persistent customizations should go in a .local file. 5# Persistent customizations should go in a .local file.
6include /etc/firejail/ktorrent.local 6include /etc/firejail/ktorrent.local
7 7
8################################
9# Generic GUI application profile
10################################
11noblacklist ~/.config/ktorrentrc 8noblacklist ~/.config/ktorrentrc
12noblacklist ~/.local/share/ktorrent 9noblacklist ~/.local/share/ktorrent
13noblacklist ~/.kde/share/config/ktorrentrc 10noblacklist ~/.kde/share/config/ktorrentrc
14noblacklist ~/.kde4/share/config/ktorrentrc 11noblacklist ~/.kde4/share/config/ktorrentrc
15noblacklist ~/.kde/share/apps/ktorrent 12noblacklist ~/.kde/share/apps/ktorrent
16noblacklist ~/.kde4/share/apps/ktorrent 13noblacklist ~/.kde4/share/apps/ktorrent
14
17include /etc/firejail/disable-common.inc 15include /etc/firejail/disable-common.inc
16include /etc/firejail/disable-devel.inc
18include /etc/firejail/disable-programs.inc 17include /etc/firejail/disable-programs.inc
19include /etc/firejail/disable-passwdmgr.inc 18include /etc/firejail/disable-passwdmgr.inc
20 19
@@ -36,17 +35,18 @@ include /etc/firejail/whitelist-common.inc
36 35
37caps.drop all 36caps.drop all
38netfilter 37netfilter
38no3d
39nogroups
39nonewprivs 40nonewprivs
40noroot 41noroot
42nosound
43novideo
41protocol unix,inet,inet6 44protocol unix,inet,inet6
42seccomp 45seccomp
43
44#
45# depending on your usage, you can enable some of the commands below:
46#
47nogroups
48shell none 46shell none
49# private-bin program 47
50# private-etc none
51private-dev 48private-dev
52# private-tmp 49private-tmp
50
51noexec ${HOME}
52noexec /tmp
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index 1c4d09f67..342427090 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -25,7 +25,6 @@ noroot
25#nosound - KWrite is using ALSA! 25#nosound - KWrite is using ALSA!
26protocol unix 26protocol unix
27seccomp 27seccomp
28netfilter
29shell none 28shell none
30tracelog 29tracelog
31 30
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
index 5ae025d6d..7403a13ab 100644
--- a/etc/leafpad.profile
+++ b/etc/leafpad.profile
@@ -6,24 +6,24 @@ include /etc/firejail/globals.local
6include /etc/firejail/leafpad.local 6include /etc/firejail/leafpad.local
7 7
8noblacklist ${HOME}/.config/leafpad 8noblacklist ${HOME}/.config/leafpad
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16no3d
17nogroups
15nonewprivs 18nonewprivs
16noroot 19noroot
17protocol unix,inet,inet6 20nosound
21novideo
22protocol unix
18seccomp 23seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 24shell none
25# private-bin program 25
26# private-etc none 26private-dev
27# private-dev 27
28# private-tmp 28noexec ${HOME}
29nosound 29noexec /tmp
diff --git a/etc/liferea.profile b/etc/liferea.profile
index 92b3b8f88..f11137cdd 100644
--- a/etc/liferea.profile
+++ b/etc/liferea.profile
@@ -20,10 +20,28 @@ noblacklist ~/.cache/liferea
20mkdir ~/.cache/liferea 20mkdir ~/.cache/liferea
21whitelist ~/.cache/liferea 21whitelist ~/.cache/liferea
22 22
23include /etc/firejail/disable-common.inc
24include /etc/firejail/disable-devel.inc
25include /etc/firejail/disable-passwdmgr.inc
26include /etc/firejail/disable-programs.inc
23include /etc/firejail/whitelist-common.inc 27include /etc/firejail/whitelist-common.inc
24include /etc/firejail/default.profile
25 28
29caps.drop all
30#ipc-namespace
31netfilter
32#no3d
26nogroups 33nogroups
34nonewprivs
35noroot
36#nosound
37novideo
38protocol unix,inet,inet6
39seccomp
27shell none 40shell none
41
28private-dev 42private-dev
29private-tmp 43private-tmp
44disable-mnt
45
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index 6ee118f76..0b8742e49 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -7,24 +7,26 @@ include /etc/firejail/luminance-hdr.local
7 7
8# luminance-hdr 8# luminance-hdr
9noblacklist ${HOME}/.config/Luminance 9noblacklist ${HOME}/.config/Luminance
10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
13 15
14caps.drop all 16caps.drop all
15#ipc-namespace 17#ipc-namespace
16netfilter
17nogroups 18nogroups
18nonewprivs 19nonewprivs
19noroot 20noroot
20nosound 21nosound
22novideo
21protocol unix 23protocol unix
22seccomp 24seccomp
23shell none 25shell none
24tracelog 26tracelog
25 27
26noexec ${HOME}
27noexec /tmp
28
29private-tmp 28private-tmp
30private-dev 29private-dev
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 28e674ebf..9e8bac878 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -6,24 +6,25 @@ include /etc/firejail/globals.local
6include /etc/firejail/lximage-qt.local 6include /etc/firejail/lximage-qt.local
7 7
8noblacklist .config/lximage-qt 8noblacklist .config/lximage-qt
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16no3d
17nogroups
15nonewprivs 18nonewprivs
16noroot 19noroot
17protocol unix,inet,inet6 20nosound
21novideo
22protocol unix
18seccomp 23seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 24shell none
25# private-bin program 25
26# private-etc none 26private-dev
27# private-dev 27private-tmp
28# private-tmp 28
29nosound 29noexec ${HOME}
30noexec /tmp
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index fd5136578..49057d0ab 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -7,24 +7,24 @@ include /etc/firejail/lxmusic.local
7 7
8noblacklist ~/.cache/xmms2 8noblacklist ~/.cache/xmms2
9noblacklist ~/.config/xmms2 9noblacklist ~/.config/xmms2
10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
13 15
14caps.drop all 16caps.drop all
15netfilter 17no3d
18nogroups
16nonewprivs 19nonewprivs
17noroot 20noroot
18protocol unix,inet,inet6 21novideo
22protocol unix
19seccomp 23seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24nogroups
25shell none 24shell none
26# private-bin program 25
27# private-etc none 26private-dev
28# private-dev 27private-tmp
29# private-tmp 28
30# nosound 29noexec ${HOME}
30noexec /tmp
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile
index 76593df0b..75b51f96d 100644
--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@@ -6,24 +6,26 @@ include /etc/firejail/globals.local
6include /etc/firejail/mate-calc.local 6include /etc/firejail/mate-calc.local
7 7
8noblacklist ${HOME}/.config/mate-calc 8noblacklist ${HOME}/.config/mate-calc
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16no3d
17nogroups
15nonewprivs 18nonewprivs
16noroot 19noroot
17protocol unix,inet,inet6 20nosound
21novideo
22protocol unix
18seccomp 23seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 24shell none
25# private-bin program 25
26# private-etc none 26private-dev
27# private-dev 27private-tmp
28# private-tmp 28disable-mnt
29nosound 29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile
index 6db3dd624..b9b445ac6 100644
--- a/etc/mate-color-select.profile
+++ b/etc/mate-color-select.profile
@@ -3,27 +3,28 @@ include /etc/firejail/globals.local
3 3
4# This file is overwritten during software install. 4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file. 5# Persistent customizations should go in a .local file.
6include /etc/firejail/default.local 6include /etc/firejail/mate-color-select.local
7 7
8private 8include /etc/firejail/disable-common.inc
9#include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-devel.inc
10#include /etc/firejail/disable-programs.inc 10include /etc/firejail/disable-passwdmgr.inc
11#include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-programs.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14no3d
15nogroups
15nonewprivs 16nonewprivs
16noroot 17noroot
17protocol unix,inet,inet6 18nosound
19novideo
20protocol unix
18seccomp 21seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 22shell none
25# private-bin program 23
26# private-etc none 24private
27# private-dev 25private-dev
28# private-tmp 26private-tmp
29nosound 27disable-mnt
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index fc4c1c425..4fe0795d2 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -6,24 +6,27 @@ include /etc/firejail/globals.local
6include /etc/firejail/mate-dictionary.local 6include /etc/firejail/mate-dictionary.local
7 7
8noblacklist ${HOME}/.config/mate/mate-dictionary 8noblacklist ${HOME}/.config/mate/mate-dictionary
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16netfilter
17no3d
18nogroups
15nonewprivs 19nonewprivs
16noroot 20noroot
21nosound
22novideo
17protocol unix,inet,inet6 23protocol unix,inet,inet6
18seccomp 24seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 25shell none
25# private-bin program 26
26# private-etc none 27private-dev
27# private-dev 28private-tmp
28# private-tmp 29disable-mnt
29nosound 30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index 59cb080d3..c6e95cc5c 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -12,15 +12,13 @@ include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13 13
14caps.drop all 14caps.drop all
15nogroups
16nonewprivs 15nonewprivs
16nogroups
17noroot 17noroot
18nosound 18nosound
19no3d 19no3d
20protocol unix 20protocol unix
21seccomp 21seccomp
22netfilter
23net none
24shell none 22shell none
25tracelog 23tracelog
26 24
diff --git a/etc/meld.profile b/etc/meld.profile
index bc4cd8356..535745e6f 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -15,8 +15,6 @@ include /etc/firejail/disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17#ipc-namespace 17#ipc-namespace
18net none
19netfilter
20no3d 18no3d
21nogroups 19nogroups
22nonewprivs 20nonewprivs
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index c3e85d55f..fc788fea6 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -14,7 +14,6 @@ include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15 15
16caps.drop all 16caps.drop all
17netfilter
18nogroups 17nogroups
19nonewprivs 18nonewprivs
20noroot 19noroot
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index e6652e688..39b801e1a 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -18,8 +18,6 @@ noroot
18nosound 18nosound
19protocol unix 19protocol unix
20seccomp 20seccomp
21netfilter
22net none
23shell none 21shell none
24tracelog 22tracelog
25 23
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index ef3203eb5..71d2b2192 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -22,12 +22,10 @@ include /etc/firejail/disable-devel.inc
22include /etc/firejail/disable-passwdmgr.inc 22include /etc/firejail/disable-passwdmgr.inc
23 23
24caps.drop all 24caps.drop all
25nogroups
26nonewprivs 25nonewprivs
27noroot 26noroot
28protocol unix 27protocol unix
29seccomp 28seccomp
30netfilter
31shell none 29shell none
32tracelog 30tracelog
33 31
diff --git a/etc/nemo.profile b/etc/nemo.profile
index 1d9124d19..d4bb0d5ff 100644
--- a/etc/nemo.profile
+++ b/etc/nemo.profile
@@ -16,18 +16,14 @@ include /etc/firejail/disable-devel.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
19no3d
19nonewprivs 20nonewprivs
20noroot 21noroot
22nosound
23novideo
21protocol unix,inet,inet6 24protocol unix,inet,inet6
22seccomp 25seccomp
23
24#
25# depending on your usage, you can enable some of the commands below:
26#
27nogroups
28shell none 26shell none
29# private-bin program 27
30# private-etc none 28noexec ${HOME}
31# private-dev 29noexec /tmp
32# private-tmp
33# nosound
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index abec7dde2..58440e50f 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -18,8 +18,6 @@ noroot
18nosound 18nosound
19protocol unix 19protocol unix
20seccomp 20seccomp
21netfilter
22net none
23no3d 21no3d
24shell none 22shell none
25tracelog 23tracelog
diff --git a/etc/okular.profile b/etc/okular.profile
index 982f524fa..351083582 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -21,7 +21,6 @@ include /etc/firejail/disable-devel.inc
21include /etc/firejail/disable-passwdmgr.inc 21include /etc/firejail/disable-passwdmgr.inc
22 22
23caps.drop all 23caps.drop all
24netfilter
25nonewprivs 24nonewprivs
26nogroups 25nogroups
27noroot 26noroot
diff --git a/etc/openshot.profile b/etc/openshot.profile
index bc4ccc46a..25c803512 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -8,13 +8,23 @@ include /etc/firejail/openshot.local
8# OpenShot profile 8# OpenShot profile
9noblacklist ${HOME}/.openshot 9noblacklist ${HOME}/.openshot
10noblacklist ${HOME}/.openshot_qt 10noblacklist ${HOME}/.openshot_qt
11
11include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
14 16
15caps.drop all 17caps.drop all
16netfilter 18netfilter
19nogroups
17nonewprivs 20nonewprivs
18noroot 21noroot
19protocol unix,inet,inet6,netlink 22protocol unix,inet,inet6,netlink
20seccomp 23seccomp
24shell none
25
26private-dev
27private-tmp
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/orage.profile b/etc/orage.profile
index ea577f873..ee96076eb 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -7,24 +7,26 @@ include /etc/firejail/orage.local
7 7
8noblacklist ${HOME}/.config/orage 8noblacklist ${HOME}/.config/orage
9noblacklist ${HOME}/.local/share/orage 9noblacklist ${HOME}/.local/share/orage
10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
13 15
14caps.drop all 16caps.drop all
15netfilter 17no3d
18nogroups
16nonewprivs 19nonewprivs
17noroot 20noroot
18protocol unix,inet,inet6 21nosound
22novideo
23protocol unix
19seccomp 24seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24nogroups
25shell none 25shell none
26# private-bin program 26
27# private-etc none
28private-dev 27private-dev
29# private-tmp 28private-tmp
29disable-mnt
30 30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index 68d002f2d..67ab7f9e6 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -15,21 +15,12 @@ include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18no3d
19nogroups
20nonewprivs 19nonewprivs
21noroot 20noroot
22nosound 21nosound
22novideo
23protocol unix 23protocol unix
24seccomp 24seccomp
25shell none 25shell none
26tracelog 26tracelog
27
28#
29# depending on your usage, you can enable some of the commands below:
30#
31# private-bin program
32# private-etc none
33# private-dev
34# private-tmp
35
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index b46ac9294..4adb01c3f 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -19,8 +19,6 @@ include /etc/firejail/disable-devel.inc
19#Options 19#Options
20caps.drop all 20caps.drop all
21#ipc-namespace 21#ipc-namespace
22net none
23netfilter
24no3d 22no3d
25nogroups 23nogroups
26nonewprivs 24nonewprivs
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index a6b2b2f78..882b10678 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -18,8 +18,6 @@ noroot
18nosound 18nosound
19protocol unix 19protocol unix
20seccomp 20seccomp
21netfilter
22net none
23no3d 21no3d
24shell none 22shell none
25tracelog 23tracelog
diff --git a/etc/peek.profile b/etc/peek.profile
index bac3e0a99..cf60452d3 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -14,7 +14,6 @@ include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none
18no3d 17no3d
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index e3ffad9a1..9500731fe 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -8,7 +8,9 @@ include /etc/firejail/psi-plus.local
8# Firejail profile for Psi+ 8# Firejail profile for Psi+
9noblacklist ${HOME}/.config/psi+ 9noblacklist ${HOME}/.config/psi+
10noblacklist ${HOME}/.local/share/psi+ 10noblacklist ${HOME}/.local/share/psi+
11
11include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
14 16
@@ -20,10 +22,22 @@ whitelist ~/.local/share/psi+
20mkdir ~/.cache/psi+ 22mkdir ~/.cache/psi+
21whitelist ~/.cache/psi+ 23whitelist ~/.cache/psi+
22 24
25include /etc/firejail/whitelist-common.inc
26
23caps.drop all 27caps.drop all
24netfilter 28netfilter
29no3d
30nogroups
31nonewprivs
25noroot 32noroot
33novideo
26protocol unix,inet,inet6 34protocol unix,inet,inet6
27seccomp 35seccomp
36shell none
28 37
29include /etc/firejail/whitelist-common.inc 38private-dev
39private-tmp
40disable-mnt
41
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index bc92e50ea..f6458de86 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -23,3 +23,5 @@ shell none
23tracelog 23tracelog
24 24
25private-tmp 25private-tmp
26
27noexec /tmp
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 907de5e8f..fdfd7ab72 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -21,3 +21,5 @@ shell none
21tracelog 21tracelog
22 22
23private-tmp 23private-tmp
24
25noexec /tmp
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
index a5ef53112..6989acb7a 100644
--- a/etc/qlipper.profile
+++ b/etc/qlipper.profile
@@ -6,26 +6,26 @@ include /etc/firejail/globals.local
6include /etc/firejail/qlipper.local 6include /etc/firejail/qlipper.local
7 7
8noblacklist ${HOME}/.config/Qlipper 8noblacklist ${HOME}/.config/Qlipper
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16no3d
17nogroups
15nonewprivs 18nonewprivs
16noroot 19noroot
17protocol unix,inet,inet6 20nosound
21novideo
22protocol unix
18seccomp 23seccomp
24shell none
19 25
26private-dev
27private-tmp
28disable-mnt
20 29
21 30noexec ${HOME}
22# 31noexec /tmp
23# depending on your usage, you can enable some of the commands below:
24#
25nogroups
26shell none
27# private-bin program
28# private-etc none
29# private-dev
30# private-tmp
31nosound
diff --git a/etc/ranger.profile b/etc/ranger.profile
index 7103f821d..55e43d13b 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -18,14 +18,10 @@ include /etc/firejail/disable-devel.inc
18include /etc/firejail/disable-passwdmgr.inc 18include /etc/firejail/disable-passwdmgr.inc
19 19
20caps.drop all 20caps.drop all
21netfilter
22net none
23nogroups
24nonewprivs 21nonewprivs
25noroot 22noroot
26protocol unix 23protocol unix
27seccomp 24seccomp
28nosound 25nosound
29 26
30private-tmp
31private-dev 27private-dev
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
index ca4b1a64d..5c72f9eb8 100644
--- a/etc/ristretto.profile
+++ b/etc/ristretto.profile
@@ -10,22 +10,23 @@ noblacklist ~/.Steam
10noblacklist ~/.steam 10noblacklist ~/.steam
11 11
12include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
15 16
16caps.drop all 17caps.drop all
17netfilter 18no3d
19nogroups
18nonewprivs 20nonewprivs
19noroot 21noroot
20protocol unix,inet,inet6 22nosound
23novideo
24protocol unix
21seccomp 25seccomp
22
23#
24# depending on your usage, you can enable some of the commands below:
25#
26nogroups
27shell none 26shell none
28# private-bin program 27
29# private-etc none
30private-dev 28private-dev
31# private-tmp 29private-tmp
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/skype.profile b/etc/skype.profile
index 8b97c7152..7c7a4eb17 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -7,17 +7,22 @@ include /etc/firejail/skype.local
7 7
8# Skype profile 8# Skype profile
9noblacklist ${HOME}/.Skype 9noblacklist ${HOME}/.Skype
10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-devel.inc 14include /etc/firejail/disable-devel.inc
13 15
14caps.drop all 16caps.drop all
15netfilter 17netfilter
18nogroups
16nonewprivs 19nonewprivs
17noroot 20noroot
18protocol unix,inet,inet6 21protocol unix,inet,inet6
19seccomp 22seccomp
23shell none
20 24
25private-dev
21private-tmp 26private-tmp
22disable-mnt 27disable-mnt
23 28
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile
index 71bc1b9a6..a2f693945 100644
--- a/etc/skypeforlinux.profile
+++ b/etc/skypeforlinux.profile
@@ -7,16 +7,22 @@ include /etc/firejail/skypeforlinux.local
7 7
8# skypeforlinux profile 8# skypeforlinux profile
9noblacklist ${HOME}/.config/skypeforlinux 9noblacklist ${HOME}/.config/skypeforlinux
10
10include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
13 15
14caps.drop all 16caps.drop all
15netfilter 17netfilter
18nogroups
19nonewprivs
16noroot 20noroot
17seccomp
18protocol unix,inet,inet6,netlink 21protocol unix,inet,inet6,netlink
22seccomp
23shell none
19 24
25private-dev
20private-tmp 26private-tmp
21disable-mnt 27disable-mnt
22 28
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index ffabdef76..c714fc70a 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -8,19 +8,24 @@ include /etc/firejail/synfigstudio.local
8# synfigstudio 8# synfigstudio
9noblacklist ${HOME}/.config/synfig 9noblacklist ${HOME}/.config/synfig
10noblacklist ${HOME}/.synfig 10noblacklist ${HOME}/.synfig
11
11include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
14 16
15caps.drop all 17caps.drop all
16netfilter 18nogroups
17nonewprivs 19nonewprivs
18noroot 20noroot
21nosound
22novideo
19protocol unix 23protocol unix
20seccomp 24seccomp
21 25shell none
22noexec ${HOME}
23noexec /tmp
24 26
25private-dev 27private-dev
26private-tmp 28private-tmp
29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/tracker.profile b/etc/tracker.profile
index f2c91be86..d7b68ea5c 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -22,7 +22,6 @@ nosound
22no3d 22no3d
23protocol unix 23protocol unix
24seccomp 24seccomp
25netfilter
26shell none 25shell none
27tracelog 26tracelog
28 27
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 8d1e1eac2..2447edc35 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -15,8 +15,6 @@ include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
16 16
17caps.drop all 17caps.drop all
18netfilter
19net none
20nonewprivs 18nonewprivs
21noroot 19noroot
22nosound 20nosound
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 20f738d42..3b2b54264 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -19,7 +19,6 @@ blacklist ~/.bashrc
19blacklist ~/.Xauthority 19blacklist ~/.Xauthority
20 20
21caps.drop all 21caps.drop all
22net none
23nogroups 22nogroups
24nonewprivs 23nonewprivs
25noroot 24noroot
diff --git a/etc/vym.profile b/etc/vym.profile
index 4139ea901..13fa08d4f 100644
--- a/etc/vym.profile
+++ b/etc/vym.profile
@@ -6,25 +6,26 @@ include /etc/firejail/globals.local
6include /etc/firejail/vym.local 6include /etc/firejail/vym.local
7 7
8noblacklist ./.config/InSilmaril 8noblacklist ./.config/InSilmaril
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16no3d
17nogroups
15nonewprivs 18nonewprivs
16noroot 19noroot
17# no network connectivity 20nosound
21novideo
18protocol unix 22protocol unix
19seccomp 23seccomp
20
21#
22# depending on your usage, you can enable some of the commands below:
23#
24nogroups
25shell none 24shell none
26# private-bin vym 25
27# private-etc none
28private-dev 26private-dev
29private-tmp 27private-tmp
30nosound 28disable-mnt
29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
index 7a6d620cf..aaef6bb60 100644
--- a/etc/xfburn.profile
+++ b/etc/xfburn.profile
@@ -20,7 +20,6 @@ noroot
20nosound 20nosound
21protocol unix 21protocol unix
22seccomp 22seccomp
23netfilter
24shell none 23shell none
25tracelog 24tracelog
26 25
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile
index 4e466352d..08ae17a55 100644
--- a/etc/xfce4-dict.profile
+++ b/etc/xfce4-dict.profile
@@ -6,24 +6,27 @@ include /etc/firejail/globals.local
6include /etc/firejail/xfce4-dict.local 6include /etc/firejail/xfce4-dict.local
7 7
8noblacklist ${HOME}/.config/xfce4-dict 8noblacklist ${HOME}/.config/xfce4-dict
9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
12 14
13caps.drop all 15caps.drop all
14netfilter 16netfilter
17no3d
18nogroups
15nonewprivs 19nonewprivs
16noroot 20noroot
21nosound
22novideo
17protocol unix,inet,inet6 23protocol unix,inet,inet6
18seccomp 24seccomp
19
20#
21# depending on your usage, you can enable some of the commands below:
22#
23nogroups
24shell none 25shell none
25# private-bin program 26
26# private-etc none
27private-dev 27private-dev
28# private-tmp 28private-tmp
29disable-mnt
29 30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile
index 737bb0a23..544225920 100644
--- a/etc/xfce4-notes.profile
+++ b/etc/xfce4-notes.profile
@@ -8,23 +8,26 @@ include /etc/firejail/xfce4-notes.local
8noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc 8noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc 9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
10noblacklist ${HOME}/.local/share/notes 10noblacklist ${HOME}/.local/share/notes
11
11include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
14 16
15caps.drop all 17caps.drop all
16netfilter 18no3d
19nogroups
17nonewprivs 20nonewprivs
18noroot 21noroot
19protocol unix,inet,inet6 22nosound
23novideo
24protocol unix
20seccomp 25seccomp
21
22#
23# depending on your usage, you can enable some of the commands below:
24#
25nogroups
26shell none 26shell none
27# private-bin program 27
28# private-etc none
29private-dev 28private-dev
30# private-tmp 29private-tmp
30disable-mnt
31
32noexec ${HOME}
33noexec /tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index 611c7b379..957636124 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -30,6 +30,7 @@ netfilter
30nogroups 30nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
35shell none 36shell none
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index 5b3018ce8..1f2344e21 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -9,17 +9,25 @@ include /etc/firejail/xpdf.local
9# xpdf application profile 9# xpdf application profile
10################################ 10################################
11noblacklist ${HOME}/.xpdfrc 11noblacklist ${HOME}/.xpdfrc
12
12include /etc/firejail/disable-common.inc 13include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
15 17
16caps.drop all 18caps.drop all
17net none 19no3d
20nogroups
18nonewprivs 21nonewprivs
19noroot 22noroot
23nosound
24novideo
20protocol unix 25protocol unix
21shell none
22seccomp 26seccomp
27shell none
23 28
24private-dev 29private-dev
25private-tmp 30private-tmp
31
32noexec ${HOME}
33noexec /tmp
diff --git a/etc/xpra.profile b/etc/xpra.profile
index a41ee2613..c8bb3ef52 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -23,7 +23,6 @@ include /etc/firejail/disable-passwdmgr.inc
23 23
24caps.drop all 24caps.drop all
25# xpra needs to be allowed access to the abstract Unix socket namespace. 25# xpra needs to be allowed access to the abstract Unix socket namespace.
26#net none
27nogroups 26nogroups
28nonewprivs 27nonewprivs
29# In noroot mode, xpra cannot create a socket in the real /tmp/.X11-unix. 28# In noroot mode, xpra cannot create a socket in the real /tmp/.X11-unix.
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 18afe3bfa..53e905e9c 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -14,8 +14,6 @@ include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include /etc/firejail/disable-passwdmgr.inc
15 15
16caps.drop all 16caps.drop all
17netfilter
18net none
19nogroups 17nogroups
20nonewprivs 18nonewprivs
21noroot 19noroot
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-02 10:55:52 +0000