diff options
| -rw-r--r-- | etc/google-chrome-beta.profile | 12 | ||||
| -rw-r--r-- | etc/google-chrome-unstable.profile | 12 | ||||
| -rw-r--r-- | etc/google-chrome.profile | 13 | ||||
| -rw-r--r-- | etc/vivaldi.profile | 11 |
4 files changed, 40 insertions, 8 deletions
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index e527318c2..22a2e8f88 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
| @@ -16,8 +16,6 @@ include /etc/firejail/disable-programs.inc | |||
| 16 | # include /etc/firejail/disable-devel.inc | 16 | # include /etc/firejail/disable-devel.inc |
| 17 | # | 17 | # |
| 18 | 18 | ||
| 19 | netfilter | ||
| 20 | |||
| 21 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.config/google-chrome-beta | 20 | mkdir ~/.config/google-chrome-beta |
| 23 | whitelist ~/.config/google-chrome-beta | 21 | whitelist ~/.config/google-chrome-beta |
| @@ -27,5 +25,15 @@ mkdir ~/.pki | |||
| 27 | whitelist ~/.pki | 25 | whitelist ~/.pki |
| 28 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
| 29 | 27 | ||
| 28 | caps.keep sys_chroot,sys_admin | ||
| 29 | #ipc-namespace | ||
| 30 | netfilter | ||
| 31 | nogroups | ||
| 32 | shell none | ||
| 33 | |||
| 34 | private-dev | ||
| 35 | #private-tmp - problems with multiple browser sessions | ||
| 36 | #disable-mnt | ||
| 37 | |||
| 30 | noexec ${HOME} | 38 | noexec ${HOME} |
| 31 | noexec /tmp | 39 | noexec /tmp |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 860e2488a..0675d7b49 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
| @@ -16,8 +16,6 @@ include /etc/firejail/disable-programs.inc | |||
| 16 | # include /etc/firejail/disable-devel.inc | 16 | # include /etc/firejail/disable-devel.inc |
| 17 | # | 17 | # |
| 18 | 18 | ||
| 19 | netfilter | ||
| 20 | |||
| 21 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 22 | mkdir ~/.config/google-chrome-unstable | 20 | mkdir ~/.config/google-chrome-unstable |
| 23 | whitelist ~/.config/google-chrome-unstable | 21 | whitelist ~/.config/google-chrome-unstable |
| @@ -27,5 +25,15 @@ mkdir ~/.pki | |||
| 27 | whitelist ~/.pki | 25 | whitelist ~/.pki |
| 28 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
| 29 | 27 | ||
| 28 | caps.keep sys_chroot,sys_admin | ||
| 29 | #ipc-namespace | ||
| 30 | netfilter | ||
| 31 | nogroups | ||
| 32 | shell none | ||
| 33 | |||
| 34 | private-dev | ||
| 35 | #private-tmp - problems with multiple browser sessions | ||
| 36 | #disable-mnt | ||
| 37 | |||
| 30 | noexec ${HOME} | 38 | noexec ${HOME} |
| 31 | noexec /tmp | 39 | noexec /tmp |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 7d27355d2..e6fceadec 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
| @@ -16,9 +16,6 @@ include /etc/firejail/disable-programs.inc | |||
| 16 | # include /etc/firejail/disable-devel.inc | 16 | # include /etc/firejail/disable-devel.inc |
| 17 | # | 17 | # |
| 18 | 18 | ||
| 19 | caps.keep sys_chroot,sys_admin | ||
| 20 | netfilter | ||
| 21 | |||
| 22 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
| 23 | mkdir ~/.config/google-chrome | 20 | mkdir ~/.config/google-chrome |
| 24 | whitelist ~/.config/google-chrome | 21 | whitelist ~/.config/google-chrome |
| @@ -28,5 +25,15 @@ mkdir ~/.pki | |||
| 28 | whitelist ~/.pki | 25 | whitelist ~/.pki |
| 29 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
| 30 | 27 | ||
| 28 | caps.keep sys_chroot,sys_admin | ||
| 29 | #ipc-namespace | ||
| 30 | netfilter | ||
| 31 | nogroups | ||
| 32 | shell none | ||
| 33 | |||
| 34 | private-dev | ||
| 35 | #private-tmp - problems with multiple browser sessions | ||
| 36 | #disable-mnt | ||
| 37 | |||
| 31 | noexec ${HOME} | 38 | noexec ${HOME} |
| 32 | noexec /tmp | 39 | noexec /tmp |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 7b9c4c9c6..fab620499 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
| @@ -14,7 +14,6 @@ include /etc/firejail/disable-common.inc | |||
| 14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
| 15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
| 16 | 16 | ||
| 17 | netfilter | ||
| 18 | 17 | ||
| 19 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
| 20 | mkdir ~/.config/vivaldi | 19 | mkdir ~/.config/vivaldi |
| @@ -23,5 +22,15 @@ mkdir ~/.cache/vivaldi | |||
| 23 | whitelist ~/.cache/vivaldi | 22 | whitelist ~/.cache/vivaldi |
| 24 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
| 25 | 24 | ||
| 25 | caps.keep sys_chroot,sys_admin | ||
| 26 | #ipc-namespace | ||
| 27 | netfilter | ||
| 28 | nogroups | ||
| 29 | shell none | ||
| 30 | |||
| 31 | private-dev | ||
| 32 | #private-tmp - problems with multiple browser sessions | ||
| 33 | #disable-mnt | ||
| 34 | |||
| 26 | noexec ${HOME} | 35 | noexec ${HOME} |
| 27 | noexec /tmp | 36 | noexec /tmp |