6 files changed, 54 insertions, 0 deletions
diff --git a/etc/corebird.profile b/etc/corebird.profile
new file mode 100644
index 000000000..f3f73a44f
--- /dev/null
+++ b/etc/corebird.profile
@@ -0,0 +1,12 @@
+# Firejail corebird profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+noroot
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 479f32cb1..a61f1b210 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -93,6 +93,7 @@ read-only ${HOME}/bin
 # top secret
 blacklist ${HOME}/.ssh
+blacklist ${HOME}/.cert
 blacklist ${HOME}/.gnome2/keyrings
 blacklist ${HOME}/kde4/share/apps/kwallet
 blacklist ${HOME}/kde/share/apps/kwallet
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 307ccaf6c..3474a6592 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -112,3 +112,4 @@ blacklist ${HOME}/.local/share/wesnoth
 blacklist ${HOME}/.local/share/0ad
 blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/totem
+blacklist ${HOME}/.local/share/psi+
diff --git a/etc/konversation.profile b/etc/konversation.profile
new file mode 100644
index 000000000..d10decb8f
--- /dev/null
+++ b/etc/konversation.profile
@@ -0,0 +1,12 @@
+# Firejail konversation profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+noroot
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
new file mode 100644
index 000000000..8194da74f
--- /dev/null
+++ b/etc/psi-plus.profile
@@ -0,0 +1,27 @@
+# Firejail profile for Psi+
+noblacklist ${HOME}/.config/psi+
+noblacklist ${HOME}/.local/share/psi+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+whitelist ${DOWNLOADS}
+mkdir ~/.config
+mkdir ~/.config/psi+
+whitelist ~/.config/psi+
+mkdir ~/.local
+mkdir ~/.local/share
+mkdir ~/.local/share/psi+
+whitelist ~/.local/share/psi+
+mkdir ~/.cache
+mkdir ~/.cache/psi+
+whitelist ~/.cache/psi+
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+noroot
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 9d5ef3d96..b3a1a1d30 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -1,5 +1,6 @@
 # common whitelist for all profiles
+whitelist ~/.XCompose
 whitelist ~/.config/mimeapps.list
 whitelist ~/.icons
 whitelist ~/.config/user-dirs.dirs

diff --git a/etc/corebird.profile b/etc/corebird.profile new file mode 100644 index 000000000..f3f73a44f --- /dev/null +++ b/etc/corebird.profile
@@ -0,0 +1,12 @@
		1	# Firejail corebird profile
		2
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	caps.drop all
		9	seccomp
		10	protocol unix,inet,inet6
		11	netfilter
		12	noroot


diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 479f32cb1..a61f1b210 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -93,6 +93,7 @@ read-only ${HOME}/bin
93		93
94	# top secret	94	# top secret
95	blacklist ${HOME}/.ssh	95	blacklist ${HOME}/.ssh
		96	blacklist ${HOME}/.cert
96	blacklist ${HOME}/.gnome2/keyrings	97	blacklist ${HOME}/.gnome2/keyrings
97	blacklist ${HOME}/kde4/share/apps/kwallet	98	blacklist ${HOME}/kde4/share/apps/kwallet
98	blacklist ${HOME}/kde/share/apps/kwallet	99	blacklist ${HOME}/kde/share/apps/kwallet


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 307ccaf6c..3474a6592 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -112,3 +112,4 @@ blacklist ${HOME}/.local/share/wesnoth
112	blacklist ${HOME}/.local/share/0ad	112	blacklist ${HOME}/.local/share/0ad
113	blacklist ${HOME}/.local/share/xplayer	113	blacklist ${HOME}/.local/share/xplayer
114	blacklist ${HOME}/.local/share/totem	114	blacklist ${HOME}/.local/share/totem
		115	blacklist ${HOME}/.local/share/psi+


diff --git a/etc/konversation.profile b/etc/konversation.profile new file mode 100644 index 000000000..d10decb8f --- /dev/null +++ b/etc/konversation.profile
@@ -0,0 +1,12 @@
		1	# Firejail konversation profile
		2
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	caps.drop all
		9	seccomp
		10	protocol unix,inet,inet6
		11	netfilter
		12	noroot


diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile new file mode 100644 index 000000000..8194da74f --- /dev/null +++ b/etc/psi-plus.profile
@@ -0,0 +1,27 @@
		1	# Firejail profile for Psi+
		2
		3	noblacklist ${HOME}/.config/psi+
		4	noblacklist ${HOME}/.local/share/psi+
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8
		9	whitelist ${DOWNLOADS}
		10	mkdir ~/.config
		11	mkdir ~/.config/psi+
		12	whitelist ~/.config/psi+
		13	mkdir ~/.local
		14	mkdir ~/.local/share
		15	mkdir ~/.local/share/psi+
		16	whitelist ~/.local/share/psi+
		17	mkdir ~/.cache
		18	mkdir ~/.cache/psi+
		19	whitelist ~/.cache/psi+
		20
		21	include /etc/firejail/whitelist-common.inc
		22
		23	caps.drop all
		24	seccomp
		25	protocol unix,inet,inet6
		26	netfilter
		27	noroot


diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 9d5ef3d96..b3a1a1d30 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc
@@ -1,5 +1,6 @@
1	# common whitelist for all profiles	1	# common whitelist for all profiles
2		2
		3	whitelist ~/.XCompose
3	whitelist ~/.config/mimeapps.list	4	whitelist ~/.config/mimeapps.list
4	whitelist ~/.icons	5	whitelist ~/.icons
5	whitelist ~/.config/user-dirs.dirs	6	whitelist ~/.config/user-dirs.dirs