diff options
46 files changed, 1094 insertions, 10 deletions
@@ -57,4 +57,9 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
57 | ````` | 57 | ````` |
58 | ## New Profiles | 58 | ## New Profiles |
59 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque, qemu, keypass2 | 59 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque, qemu, keypass2 |
60 | amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool, file-roller, gedit | ||
61 | gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome-photos, gnome-weather | ||
62 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext | ||
63 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra | ||
64 | |||
60 | 65 | ||
diff --git a/etc/amarok.profile b/etc/amarok.profile new file mode 100644 index 000000000..962865790 --- /dev/null +++ b/etc/amarok.profile | |||
@@ -0,0 +1,19 @@ | |||
1 | # amorak profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | shell none | ||
13 | #seccomp | ||
14 | protocol unix,inet,inet6 | ||
15 | |||
16 | #private-bin amorak | ||
17 | private-dev | ||
18 | private-tmp | ||
19 | #private-etc none | ||
diff --git a/etc/ark.profile b/etc/ark.profile new file mode 100644 index 000000000..61b4c6f60 --- /dev/null +++ b/etc/ark.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # ark profile | ||
2 | noblacklist ~/.config/arkrc | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | nosound | ||
15 | shell none | ||
16 | seccomp | ||
17 | protocol unix | ||
18 | |||
19 | # private-bin | ||
20 | private-dev | ||
21 | private-tmp | ||
22 | # private-etc | ||
23 | |||
diff --git a/etc/atool.profile b/etc/atool.profile new file mode 100644 index 000000000..3fbfb9fc7 --- /dev/null +++ b/etc/atool.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # atool profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | # include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | net none | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | # private-bin atool | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | private-etc none | ||
23 | |||
24 | |||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile new file mode 100644 index 000000000..0a71db9f0 --- /dev/null +++ b/etc/bleachbit.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # bleachbit profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | # include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | nosound | ||
13 | shell none | ||
14 | seccomp | ||
15 | protocol unix | ||
16 | |||
17 | # private-bin | ||
18 | # private-dev | ||
19 | # private-tmp | ||
20 | # private-etc | ||
21 | |||
diff --git a/etc/brasero.profile b/etc/brasero.profile new file mode 100644 index 000000000..66de6fa50 --- /dev/null +++ b/etc/brasero.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # brasero profile | ||
2 | noblacklist ~/.config/brasero | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix | ||
15 | seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin brasero | ||
21 | # private-tmp | ||
22 | # private-dev | ||
23 | # private-etc fonts | ||
diff --git a/etc/dolphin.profile b/etc/dolphin.profile new file mode 100644 index 000000000..1a6abb71d --- /dev/null +++ b/etc/dolphin.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # dolphin profile | ||
2 | noblacklist ~/.config/dolphinrc | ||
3 | noblacklist ~/.local/share/dolphin | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nogroups | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | shell none | ||
16 | seccomp | ||
17 | protocol unix | ||
18 | |||
19 | # private-bin | ||
20 | # private-dev | ||
21 | # private-tmp | ||
22 | # private-etc | ||
23 | |||
diff --git a/etc/dragon.profile b/etc/dragon.profile new file mode 100644 index 000000000..09cb73802 --- /dev/null +++ b/etc/dragon.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # dragon player profile | ||
2 | noblacklist ~/.config/dragonplayerrc | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | shell none | ||
15 | seccomp | ||
16 | protocol unix,inet,inet6 | ||
17 | |||
18 | private-bin dragon | ||
19 | private-dev | ||
20 | private-tmp | ||
21 | # private-etc | ||
22 | |||
diff --git a/etc/elinks.profile b/etc/elinks.profile new file mode 100644 index 000000000..df817ea56 --- /dev/null +++ b/etc/elinks.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # elinks profile | ||
2 | noblacklist ~/.elinks | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin elinks | ||
21 | private-tmp | ||
22 | private-dev | ||
23 | # private-etc none | ||
24 | |||
diff --git a/etc/enchant.profile b/etc/enchant.profile new file mode 100644 index 000000000..cf8288919 --- /dev/null +++ b/etc/enchant.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # enchant profile | ||
2 | noblacklist ~/.config/enchant | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix | ||
15 | seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin enchant | ||
21 | # private-tmp | ||
22 | # private-dev | ||
23 | # private-etc fonts | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile new file mode 100644 index 000000000..384695473 --- /dev/null +++ b/etc/exiftool.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # exiftool profile | ||
2 | noblacklist /usr/bin/perl | ||
3 | noblacklist /usr/share/perl* | ||
4 | noblacklist /usr/lib/perl* | ||
5 | |||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | nogroups | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | nosound | ||
16 | protocol unix | ||
17 | seccomp | ||
18 | netfilter | ||
19 | net none | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | # private-bin exiftool,perl | ||
24 | private-tmp | ||
25 | private-dev | ||
26 | private-etc none | ||
27 | |||
28 | |||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile new file mode 100644 index 000000000..6116389db --- /dev/null +++ b/etc/file-roller.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # file-roller profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | shell none | ||
16 | tracelog | ||
17 | |||
18 | # private-bin file-roller | ||
19 | # private-tmp | ||
20 | private-dev | ||
21 | # private-etc fonts | ||
diff --git a/etc/gedit.profile b/etc/gedit.profile new file mode 100644 index 000000000..a25286bfa --- /dev/null +++ b/etc/gedit.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # gedit profile | ||
2 | |||
3 | # when gedit is started via gnome-shell, firejail is not applied because systemd will start it | ||
4 | |||
5 | noblacklist ~/.config/gedit | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | #include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | nogroups | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | nosound | ||
17 | protocol unix | ||
18 | seccomp | ||
19 | netfilter | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | # private-bin gedit | ||
24 | private-tmp | ||
25 | private-dev | ||
26 | # private-etc fonts | ||
diff --git a/etc/gjs.profile b/etc/gjs.profile new file mode 100644 index 000000000..8d71728a2 --- /dev/null +++ b/etc/gjs.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # gjs (gnome javascript bindings) profile | ||
2 | |||
3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
4 | |||
5 | noblacklist ~/.cache/org.gnome.Books | ||
6 | noblacklist ~/.config/libreoffice | ||
7 | noblacklist ~/.local/share/gnome-photos | ||
8 | noblacklist ~/.cache/libgweather | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | |||
15 | caps.drop all | ||
16 | nogroups | ||
17 | nonewprivs | ||
18 | noroot | ||
19 | protocol unix,inet,inet6 | ||
20 | seccomp | ||
21 | netfilter | ||
22 | shell none | ||
23 | tracelog | ||
24 | |||
25 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather | ||
26 | private-tmp | ||
27 | private-dev | ||
28 | # private-etc fonts | ||
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile new file mode 100644 index 000000000..10b06e173 --- /dev/null +++ b/etc/gnome-books.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # gnome-books profile | ||
2 | |||
3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
4 | |||
5 | noblacklist ~/.cache/org.gnome.Books | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | nogroups | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | nosound | ||
17 | protocol unix | ||
18 | seccomp | ||
19 | netfilter | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | # private-bin gjs gnome-books | ||
24 | private-tmp | ||
25 | private-dev | ||
26 | private-etc fonts | ||
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile new file mode 100644 index 000000000..30adadda1 --- /dev/null +++ b/etc/gnome-clocks.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # gnome-clocks profile | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | nosound | ||
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
15 | netfilter | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | # private-bin gnome-clocks | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | # private-etc fonts | ||
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile new file mode 100644 index 000000000..c5def7aff --- /dev/null +++ b/etc/gnome-documents.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # gnome-documents profile | ||
2 | |||
3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
4 | |||
5 | noblacklist ~/.config/libreoffice | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | nogroups | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | nosound | ||
17 | protocol unix | ||
18 | seccomp | ||
19 | netfilter | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | private-tmp | ||
24 | private-dev | ||
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile new file mode 100644 index 000000000..f1451506e --- /dev/null +++ b/etc/gnome-maps.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # gnome-maps profile | ||
2 | |||
3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | nosound | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | netfilter | ||
18 | shell none | ||
19 | tracelog | ||
20 | |||
21 | # private-bin gjs gnome-maps | ||
22 | private-tmp | ||
23 | private-dev | ||
24 | # private-etc fonts | ||
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile new file mode 100644 index 000000000..4a8adeb22 --- /dev/null +++ b/etc/gnome-music.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # gnome-music profile | ||
2 | noblacklist ~/.local/share/gnome-music | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | protocol unix | ||
14 | seccomp | ||
15 | netfilter | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | # private-bin gnome-music,python3 | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | # private-etc fonts | ||
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile new file mode 100644 index 000000000..8f9d60cb5 --- /dev/null +++ b/etc/gnome-photos.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # gnome-photos profile | ||
2 | |||
3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
4 | |||
5 | noblacklist ~/.local/share/gnome-photos | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | nogroups | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | nosound | ||
17 | protocol unix | ||
18 | seccomp | ||
19 | netfilter | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | # private-bin gjs gnome-photos | ||
24 | private-tmp | ||
25 | private-dev | ||
26 | # private-etc fonts | ||
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile new file mode 100644 index 000000000..9f93b8f15 --- /dev/null +++ b/etc/gnome-weather.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # gnome-weather profile | ||
2 | |||
3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
4 | |||
5 | noblacklist ~/.cache/libgweather | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | nogroups | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | nosound | ||
17 | protocol unix,inet,inet6 | ||
18 | seccomp | ||
19 | netfilter | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | # private-bin gjs gnome-weather | ||
24 | private-tmp | ||
25 | private-dev | ||
26 | # private-etc fonts | ||
diff --git a/etc/goobox.profile b/etc/goobox.profile new file mode 100644 index 000000000..8990943fc --- /dev/null +++ b/etc/goobox.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # goobox profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | protocol unix | ||
12 | seccomp | ||
13 | netfilter | ||
14 | shell none | ||
15 | tracelog | ||
16 | |||
17 | # private-bin goobox | ||
18 | # private-tmp | ||
19 | # private-dev | ||
20 | # private-etc fonts | ||
diff --git a/etc/gpa.profile b/etc/gpa.profile new file mode 100644 index 000000000..7d7277190 --- /dev/null +++ b/etc/gpa.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # gpa profile | ||
2 | noblacklist ~/.gnupg | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin gpa,gpg | ||
21 | private-tmp | ||
22 | private-dev | ||
23 | # private-etc none | ||
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile new file mode 100644 index 000000000..31ed8812e --- /dev/null +++ b/etc/gpg-agent.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # gpg-agent profile | ||
2 | |||
3 | noblacklist ~/.gnupg | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | nosound | ||
15 | protocol unix | ||
16 | seccomp | ||
17 | netfilter | ||
18 | shell none | ||
19 | tracelog | ||
20 | |||
21 | # private-bin gpg-agent,gpg | ||
22 | private-tmp | ||
23 | private-dev | ||
24 | # private-etc none | ||
diff --git a/etc/gpg.profile b/etc/gpg.profile new file mode 100644 index 000000000..31372eb90 --- /dev/null +++ b/etc/gpg.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # gpg profile | ||
2 | noblacklist ~/.gnupg | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix | ||
15 | seccomp | ||
16 | netfilter | ||
17 | net none | ||
18 | shell none | ||
19 | tracelog | ||
20 | |||
21 | # private-bin gpg,gpg-agent | ||
22 | private-tmp | ||
23 | private-dev | ||
24 | # private-etc none | ||
diff --git a/etc/highlight.profile b/etc/highlight.profile new file mode 100644 index 000000000..f95f3924a --- /dev/null +++ b/etc/highlight.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # highlight profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | net none | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-bin highlight | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | |||
23 | |||
24 | |||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile new file mode 100644 index 000000000..d55a31cd0 --- /dev/null +++ b/etc/img2txt.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # img2txt profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | net none | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | #private-bin img2txt | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | #private-etc none | ||
23 | |||
24 | |||
diff --git a/etc/k3b.profile b/etc/k3b.profile new file mode 100644 index 000000000..6e16d233c --- /dev/null +++ b/etc/k3b.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # k3b profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | nosound | ||
13 | shell none | ||
14 | seccomp | ||
15 | protocol unix | ||
16 | |||
17 | # private-bin | ||
18 | private-dev | ||
19 | private-tmp | ||
20 | # private-etc | ||
21 | |||
diff --git a/etc/kate.profile b/etc/kate.profile new file mode 100644 index 000000000..4b07ea6cb --- /dev/null +++ b/etc/kate.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # kate profile | ||
2 | noblacklist ~/.local/share/kate | ||
3 | noblacklist ~/.config/katerc | ||
4 | noblacklist ~/.config/katepartrc | ||
5 | noblacklist ~/.config/kateschemarc | ||
6 | noblacklist ~/.config/katesyntaxhighlightingrc | ||
7 | noblacklist ~/.config/katevirc | ||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | #include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | nogroups | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | nosound | ||
19 | protocol unix | ||
20 | seccomp | ||
21 | netfilter | ||
22 | shell none | ||
23 | tracelog | ||
24 | |||
25 | # private-bin kate | ||
26 | private-tmp | ||
27 | private-dev | ||
28 | # private-etc fonts | ||
diff --git a/etc/lynx.profile b/etc/lynx.profile new file mode 100644 index 000000000..6e150f62e --- /dev/null +++ b/etc/lynx.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # lynx profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
14 | netfilter | ||
15 | shell none | ||
16 | tracelog | ||
17 | |||
18 | # private-bin lynx | ||
19 | private-tmp | ||
20 | private-dev | ||
21 | # private-etc none | ||
22 | |||
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile new file mode 100644 index 000000000..c07a9a9e8 --- /dev/null +++ b/etc/mediainfo.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # mediainfo profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | net none | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-bin mediainfo | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | private-etc none | ||
23 | |||
24 | |||
25 | |||
26 | |||
diff --git a/etc/nautilus.profile b/etc/nautilus.profile new file mode 100644 index 000000000..264ee0b9d --- /dev/null +++ b/etc/nautilus.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # nautilus profile | ||
2 | |||
3 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect. | ||
4 | |||
5 | noblacklist ~/.config/nautilus | ||
6 | |||
7 | include /etc/firejail/disable-common.inc | ||
8 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files | ||
9 | #include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | |||
13 | caps.drop all | ||
14 | nogroups | ||
15 | nonewprivs | ||
16 | noroot | ||
17 | protocol unix | ||
18 | seccomp | ||
19 | netfilter | ||
20 | shell none | ||
21 | tracelog | ||
22 | |||
23 | # private-bin nautilus | ||
24 | # private-tmp | ||
25 | # private-dev | ||
26 | # private-etc fonts | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile new file mode 100644 index 000000000..329275022 --- /dev/null +++ b/etc/odt2txt.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # odt2txt profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | net none | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-bin odt2txt | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | private-etc none | ||
23 | |||
24 | read-only ${HOME} | ||
diff --git a/etc/okular.profile b/etc/okular.profile index b43a5fbea..22e223cea 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -9,17 +9,17 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | nogroups | 12 | netfilter |
13 | nonewprivs | 13 | nonewprivs |
14 | nogroups | ||
14 | noroot | 15 | noroot |
16 | nosound | ||
15 | protocol unix | 17 | protocol unix |
16 | seccomp | 18 | seccomp |
17 | nosound | 19 | shell none |
20 | tracelog | ||
18 | 21 | ||
22 | # private-bin okular,kbuildsycoca4,kbuildsycoca5 | ||
23 | # private-etc X11 | ||
19 | private-dev | 24 | private-dev |
20 | 25 | private-tmp | |
21 | #Experimental: | ||
22 | #net none | ||
23 | #shell none | ||
24 | #private-bin okular,kbuildsycoca4,kbuildsycoca5 | ||
25 | #private-etc X11 | ||
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile new file mode 100644 index 000000000..632c9d15e --- /dev/null +++ b/etc/pdftotext.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # pdftotext profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | netfilter | ||
15 | net none | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-bin pdftotext | ||
20 | private-tmp | ||
21 | private-dev | ||
22 | private-etc none | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile new file mode 100644 index 000000000..03089482b --- /dev/null +++ b/etc/simple-scan.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # simple-scan profile | ||
2 | noblacklist ~/.cache/simple-scan | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix,inet,inet6 | ||
15 | #seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin simple-scan | ||
21 | # private-tmp | ||
22 | # private-dev | ||
23 | # private-etc fonts | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile new file mode 100644 index 000000000..6e8face75 --- /dev/null +++ b/etc/skanlite.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # skanlite profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | nosound | ||
13 | shell none | ||
14 | #seccomp | ||
15 | protocol unix | ||
16 | |||
17 | private-bin skanlite | ||
18 | # private-dev | ||
19 | # private-tmp | ||
20 | # private-etc | ||
21 | |||
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile new file mode 100644 index 000000000..485bd8f3b --- /dev/null +++ b/etc/ssh-agent.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # ssh-agent | ||
2 | quiet | ||
3 | noblacklist ~/.ssh | ||
4 | noblacklist /tmp/ssh-* | ||
5 | |||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
diff --git a/etc/tracker.profile b/etc/tracker.profile new file mode 100644 index 000000000..217631216 --- /dev/null +++ b/etc/tracker.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # tracker profile | ||
2 | |||
3 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | nosound | ||
15 | protocol unix | ||
16 | seccomp | ||
17 | netfilter | ||
18 | shell none | ||
19 | tracelog | ||
20 | |||
21 | # private-bin tracker | ||
22 | # private-tmp | ||
23 | # private-dev | ||
24 | # private-etc fonts | ||
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile new file mode 100644 index 000000000..88ded649c --- /dev/null +++ b/etc/transmission-cli.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # transmission-cli bittorrent profile | ||
2 | noblacklist ${HOME}/.config/transmission | ||
3 | noblacklist ${HOME}/.cache/transmission | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | net none | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | nosound | ||
16 | protocol unix | ||
17 | seccomp | ||
18 | shell none | ||
19 | tracelog | ||
20 | |||
21 | #private-bin transmission-cli | ||
22 | private-tmp | ||
23 | private-dev | ||
24 | private-etc none | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile new file mode 100644 index 000000000..5e5284b34 --- /dev/null +++ b/etc/transmission-show.profile | |||
@@ -0,0 +1,24 @@ | |||
1 | # transmission-show profile | ||
2 | noblacklist ${HOME}/.config/transmission | ||
3 | noblacklist ${HOME}/.cache/transmission | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | net none | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | nosound | ||
16 | protocol unix | ||
17 | seccomp | ||
18 | shell none | ||
19 | tracelog | ||
20 | |||
21 | # private-bin | ||
22 | private-tmp | ||
23 | private-dev | ||
24 | private-etc none | ||
diff --git a/etc/w3m.profile b/etc/w3m.profile new file mode 100644 index 000000000..d765217cf --- /dev/null +++ b/etc/w3m.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # w3m profile | ||
2 | noblacklist ~/.w3m | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin w3m | ||
21 | private-tmp | ||
22 | private-dev | ||
23 | private-etc none | ||
diff --git a/etc/xfburn.profile b/etc/xfburn.profile new file mode 100644 index 000000000..1dd24aa61 --- /dev/null +++ b/etc/xfburn.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # xfburn profile | ||
2 | noblacklist ~/.config/xfburn | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | nogroups | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nosound | ||
14 | protocol unix | ||
15 | seccomp | ||
16 | netfilter | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | # private-bin xfburn | ||
21 | # private-tmp | ||
22 | # private-dev | ||
23 | # private-etc fonts | ||
diff --git a/etc/xpra.profile b/etc/xpra.profile new file mode 100644 index 000000000..8584e4e5b --- /dev/null +++ b/etc/xpra.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # xpra profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | nosound | ||
13 | shell none | ||
14 | seccomp | ||
15 | protocol unix,inet,inet6 | ||
16 | |||
17 | # private-bin | ||
18 | private-dev | ||
19 | private-tmp | ||
20 | # private-etc | ||
21 | |||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 6377c7426..60b4e0508 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -5,13 +5,18 @@ | |||
5 | /etc/firejail/Telegram.profile | 5 | /etc/firejail/Telegram.profile |
6 | /etc/firejail/Wire.profile | 6 | /etc/firejail/Wire.profile |
7 | /etc/firejail/abrowser.profile | 7 | /etc/firejail/abrowser.profile |
8 | /etc/firejail/amarok.profile | ||
9 | /etc/firejail/ark.profile | ||
8 | /etc/firejail/atom-beta.profile | 10 | /etc/firejail/atom-beta.profile |
9 | /etc/firejail/atom.profile | 11 | /etc/firejail/atom.profile |
12 | /etc/firejail/atool.profile | ||
10 | /etc/firejail/atril.profile | 13 | /etc/firejail/atril.profile |
11 | /etc/firejail/audacious.profile | 14 | /etc/firejail/audacious.profile |
12 | /etc/firejail/audacity.profile | 15 | /etc/firejail/audacity.profile |
13 | /etc/firejail/aweather.profile | 16 | /etc/firejail/aweather.profile |
14 | /etc/firejail/bitlbee.profile | 17 | /etc/firejail/bitlbee.profile |
18 | /etc/firejail/bleachbit.profile | ||
19 | /etc/firejail/brasero.profile | ||
15 | /etc/firejail/brave.profile | 20 | /etc/firejail/brave.profile |
16 | /etc/firejail/cherrytree.profile | 21 | /etc/firejail/cherrytree.profile |
17 | /etc/firejail/chromium-browser.profile | 22 | /etc/firejail/chromium-browser.profile |
@@ -34,17 +39,23 @@ | |||
34 | /etc/firejail/display.profile | 39 | /etc/firejail/display.profile |
35 | /etc/firejail/dnscrypt-proxy.profile | 40 | /etc/firejail/dnscrypt-proxy.profile |
36 | /etc/firejail/dnsmasq.profile | 41 | /etc/firejail/dnsmasq.profile |
42 | /etc/firejail/dolphin.profile | ||
37 | /etc/firejail/dosbox.profile | 43 | /etc/firejail/dosbox.profile |
44 | /etc/firejail/dragon.profile | ||
38 | /etc/firejail/dropbox.profile | 45 | /etc/firejail/dropbox.profile |
46 | /etc/firejail/elinks.profile | ||
39 | /etc/firejail/emacs.profile | 47 | /etc/firejail/emacs.profile |
40 | /etc/firejail/empathy.profile | 48 | /etc/firejail/empathy.profile |
49 | /etc/firejail/enchant.profile | ||
41 | /etc/firejail/eog.profile | 50 | /etc/firejail/eog.profile |
42 | /etc/firejail/eom.profile | 51 | /etc/firejail/eom.profile |
43 | /etc/firejail/epiphany.profile | 52 | /etc/firejail/epiphany.profile |
44 | /etc/firejail/evince.profile | 53 | /etc/firejail/evince.profile |
45 | /etc/firejail/evolution.profile | 54 | /etc/firejail/evolution.profile |
55 | /etc/firejail/exiftool.profile | ||
46 | /etc/firejail/fbreader.profile | 56 | /etc/firejail/fbreader.profile |
47 | /etc/firejail/feh.profile | 57 | /etc/firejail/feh.profile |
58 | /etc/firejail/file-roller.profile | ||
48 | /etc/firejail/file.profile | 59 | /etc/firejail/file.profile |
49 | /etc/firejail/filezilla.profile | 60 | /etc/firejail/filezilla.profile |
50 | /etc/firejail/firefox-esr.profile | 61 | /etc/firejail/firefox-esr.profile |
@@ -54,16 +65,29 @@ | |||
54 | /etc/firejail/flowblade.profile | 65 | /etc/firejail/flowblade.profile |
55 | /etc/firejail/franz.profile | 66 | /etc/firejail/franz.profile |
56 | /etc/firejail/gajim.profile | 67 | /etc/firejail/gajim.profile |
68 | /etc/firejail/gedit.profile | ||
57 | /etc/firejail/gimp.profile | 69 | /etc/firejail/gimp.profile |
58 | /etc/firejail/git.profile | 70 | /etc/firejail/git.profile |
59 | /etc/firejail/gitter.profile | 71 | /etc/firejail/gitter.profile |
72 | /etc/firejail/gjs.profile | ||
73 | /etc/firejail/gnome-books.profile | ||
60 | /etc/firejail/gnome-chess.profile | 74 | /etc/firejail/gnome-chess.profile |
75 | /etc/firejail/gnome-clocks.profile | ||
76 | /etc/firejail/gnome-documents.profile | ||
77 | /etc/firejail/gnome-maps.profile | ||
61 | /etc/firejail/gnome-mplayer.profile | 78 | /etc/firejail/gnome-mplayer.profile |
79 | /etc/firejail/gnome-music.profile | ||
80 | /etc/firejail/gnome-photos.profile | ||
81 | /etc/firejail/gnome-weather.profile | ||
82 | /etc/firejail/goobox.profile | ||
62 | /etc/firejail/google-chrome-beta.profile | 83 | /etc/firejail/google-chrome-beta.profile |
63 | /etc/firejail/google-chrome-stable.profile | 84 | /etc/firejail/google-chrome-stable.profile |
64 | /etc/firejail/google-chrome-unstable.profile | 85 | /etc/firejail/google-chrome-unstable.profile |
65 | /etc/firejail/google-chrome.profile | 86 | /etc/firejail/google-chrome.profile |
66 | /etc/firejail/google-play-music-desktop-player.profile | 87 | /etc/firejail/google-play-music-desktop-player.profile |
88 | /etc/firejail/gpa.profile | ||
89 | /etc/firejail/gpg-agent.profile | ||
90 | /etc/firejail/gpg.profile | ||
67 | /etc/firejail/gpredict.profile | 91 | /etc/firejail/gpredict.profile |
68 | /etc/firejail/gtar.profile | 92 | /etc/firejail/gtar.profile |
69 | /etc/firejail/gthumb.profile | 93 | /etc/firejail/gthumb.profile |
@@ -72,12 +96,16 @@ | |||
72 | /etc/firejail/gzip.profile | 96 | /etc/firejail/gzip.profile |
73 | /etc/firejail/hedgewars.profile | 97 | /etc/firejail/hedgewars.profile |
74 | /etc/firejail/hexchat.profile | 98 | /etc/firejail/hexchat.profile |
99 | /etc/firejail/highlight.profile | ||
75 | /etc/firejail/icecat.profile | 100 | /etc/firejail/icecat.profile |
76 | /etc/firejail/icedove.profile | 101 | /etc/firejail/icedove.profile |
77 | /etc/firejail/iceweasel.profile | 102 | /etc/firejail/iceweasel.profile |
103 | /etc/firejail/img2txt.profile | ||
78 | /etc/firejail/inkscape.profile | 104 | /etc/firejail/inkscape.profile |
79 | /etc/firejail/inox.profile | 105 | /etc/firejail/inox.profile |
80 | /etc/firejail/jitsi.profile | 106 | /etc/firejail/jitsi.profile |
107 | /etc/firejail/k3b.profile | ||
108 | /etc/firejail/kate.profile | ||
81 | /etc/firejail/keepass.profile | 109 | /etc/firejail/keepass.profile |
82 | /etc/firejail/keepass2.profile | 110 | /etc/firejail/keepass2.profile |
83 | /etc/firejail/keepassx.profile | 111 | /etc/firejail/keepassx.profile |
@@ -96,16 +124,20 @@ | |||
96 | /etc/firejail/lowriter.profile | 124 | /etc/firejail/lowriter.profile |
97 | /etc/firejail/luminance-hdr.profile | 125 | /etc/firejail/luminance-hdr.profile |
98 | /etc/firejail/lxterminal.profile | 126 | /etc/firejail/lxterminal.profile |
127 | /etc/firejail/lynx.profile | ||
99 | /etc/firejail/mathematica.profile | 128 | /etc/firejail/mathematica.profile |
100 | /etc/firejail/mcabber.profile | 129 | /etc/firejail/mcabber.profile |
130 | /etc/firejail/mediainfo.profile | ||
101 | /etc/firejail/midori.profile | 131 | /etc/firejail/midori.profile |
102 | /etc/firejail/mpv.profile | 132 | /etc/firejail/mpv.profile |
103 | /etc/firejail/mumble.profile | 133 | /etc/firejail/mumble.profile |
104 | /etc/firejail/mupdf.profile | 134 | /etc/firejail/mupdf.profile |
105 | /etc/firejail/mupen64plus.profile | 135 | /etc/firejail/mupen64plus.profile |
106 | /etc/firejail/mutt.profile | 136 | /etc/firejail/mutt.profile |
137 | /etc/firejail/nautilus.profile | ||
107 | /etc/firejail/netsurf.profile | 138 | /etc/firejail/netsurf.profile |
108 | /etc/firejail/nolocal.net | 139 | /etc/firejail/nolocal.net |
140 | /etc/firejail/odt2txt.profile | ||
109 | /etc/firejail/okular.profile | 141 | /etc/firejail/okular.profile |
110 | /etc/firejail/openbox.profile | 142 | /etc/firejail/openbox.profile |
111 | /etc/firejail/openshot.profile | 143 | /etc/firejail/openshot.profile |
@@ -113,6 +145,7 @@ | |||
113 | /etc/firejail/opera.profile | 145 | /etc/firejail/opera.profile |
114 | /etc/firejail/palemoon.profile | 146 | /etc/firejail/palemoon.profile |
115 | /etc/firejail/parole.profile | 147 | /etc/firejail/parole.profile |
148 | /etc/firejail/pdftotext.profile | ||
116 | /etc/firejail/pidgin.profile | 149 | /etc/firejail/pidgin.profile |
117 | /etc/firejail/pix.profile | 150 | /etc/firejail/pix.profile |
118 | /etc/firejail/polari.profile | 151 | /etc/firejail/polari.profile |
@@ -131,12 +164,15 @@ | |||
131 | /etc/firejail/seamonkey-bin.profile | 164 | /etc/firejail/seamonkey-bin.profile |
132 | /etc/firejail/seamonkey.profile | 165 | /etc/firejail/seamonkey.profile |
133 | /etc/firejail/server.profile | 166 | /etc/firejail/server.profile |
167 | /etc/firejail/simple-scan.profile | ||
168 | /etc/firejail/skanlite.profile | ||
134 | /etc/firejail/skype.profile | 169 | /etc/firejail/skype.profile |
135 | /etc/firejail/skypeforlinux.profile | 170 | /etc/firejail/skypeforlinux.profile |
136 | /etc/firejail/slack.profile | 171 | /etc/firejail/slack.profile |
137 | /etc/firejail/snap.profile | 172 | /etc/firejail/snap.profile |
138 | /etc/firejail/soffice.profile | 173 | /etc/firejail/soffice.profile |
139 | /etc/firejail/spotify.profile | 174 | /etc/firejail/spotify.profile |
175 | /etc/firejail/ssh-agent.profile | ||
140 | /etc/firejail/ssh.profile | 176 | /etc/firejail/ssh.profile |
141 | /etc/firejail/start-tor-browser.profile | 177 | /etc/firejail/start-tor-browser.profile |
142 | /etc/firejail/steam.profile | 178 | /etc/firejail/steam.profile |
@@ -147,8 +183,11 @@ | |||
147 | /etc/firejail/telegram.profile | 183 | /etc/firejail/telegram.profile |
148 | /etc/firejail/thunderbird.profile | 184 | /etc/firejail/thunderbird.profile |
149 | /etc/firejail/totem.profile | 185 | /etc/firejail/totem.profile |
186 | /etc/firejail/tracker.profile | ||
187 | /etc/firejail/transmission-cli.profile | ||
150 | /etc/firejail/transmission-gtk.profile | 188 | /etc/firejail/transmission-gtk.profile |
151 | /etc/firejail/transmission-qt.profile | 189 | /etc/firejail/transmission-qt.profile |
190 | /etc/firejail/transmission-show.profile | ||
152 | /etc/firejail/uget-gtk.profile | 191 | /etc/firejail/uget-gtk.profile |
153 | /etc/firejail/unbound.profile | 192 | /etc/firejail/unbound.profile |
154 | /etc/firejail/unrar.profile | 193 | /etc/firejail/unrar.profile |
@@ -159,6 +198,7 @@ | |||
159 | /etc/firejail/vivaldi-beta.profile | 198 | /etc/firejail/vivaldi-beta.profile |
160 | /etc/firejail/vivaldi.profile | 199 | /etc/firejail/vivaldi.profile |
161 | /etc/firejail/vlc.profile | 200 | /etc/firejail/vlc.profile |
201 | /etc/firejail/w3m.profile | ||
162 | /etc/firejail/warzone2100.profile | 202 | /etc/firejail/warzone2100.profile |
163 | /etc/firejail/webserver.net | 203 | /etc/firejail/webserver.net |
164 | /etc/firejail/weechat-curses.profile | 204 | /etc/firejail/weechat-curses.profile |
@@ -168,9 +208,11 @@ | |||
168 | /etc/firejail/wine.profile | 208 | /etc/firejail/wine.profile |
169 | /etc/firejail/wire.profile | 209 | /etc/firejail/wire.profile |
170 | /etc/firejail/xchat.profile | 210 | /etc/firejail/xchat.profile |
211 | /etc/firejail/xfburn.profile | ||
171 | /etc/firejail/xiphos.profile | 212 | /etc/firejail/xiphos.profile |
172 | /etc/firejail/xpdf.profile | 213 | /etc/firejail/xpdf.profile |
173 | /etc/firejail/xplayer.profile | 214 | /etc/firejail/xplayer.profile |
215 | /etc/firejail/xpra.profile | ||
174 | /etc/firejail/xreader.profile | 216 | /etc/firejail/xreader.profile |
175 | /etc/firejail/xviewer.profile | 217 | /etc/firejail/xviewer.profile |
176 | /etc/firejail/xz.profile | 218 | /etc/firejail/xz.profile |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index d10d59657..7d7fad0a6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -14,6 +14,8 @@ qbittorrent | |||
14 | rtorrent | 14 | rtorrent |
15 | transmission-gtk | 15 | transmission-gtk |
16 | transmission-qt | 16 | transmission-qt |
17 | transmission-cli | ||
18 | transmission-show | ||
17 | uget-gtk | 19 | uget-gtk |
18 | 20 | ||
19 | # browsers/email | 21 | # browsers/email |
@@ -51,6 +53,9 @@ thunderbird | |||
51 | vivaldi-beta | 53 | vivaldi-beta |
52 | vivaldi | 54 | vivaldi |
53 | evolution | 55 | evolution |
56 | elinks | ||
57 | lynx | ||
58 | w3m | ||
54 | 59 | ||
55 | # chat/messaging | 60 | # chat/messaging |
56 | bitlbee | 61 | bitlbee |
@@ -94,21 +99,41 @@ wesnot | |||
94 | warzone2100 | 99 | warzone2100 |
95 | 100 | ||
96 | # Media | 101 | # Media |
102 | amarok | ||
97 | audacious | 103 | audacious |
98 | audacity | 104 | audacity |
105 | bleachbit | ||
106 | brasero | ||
99 | clementine | 107 | clementine |
100 | cmus | 108 | cmus |
101 | deadbeef | 109 | deadbeef |
102 | display | 110 | display |
111 | dolphin | ||
112 | dragon | ||
113 | exiftool | ||
103 | feh | 114 | feh |
115 | gjs | ||
116 | gnome-books | ||
117 | gnome-clocks | ||
118 | gnome-documents | ||
119 | gnome-maps | ||
104 | gnome-mplayer | 120 | gnome-mplayer |
121 | gnome-music | ||
122 | goobox | ||
105 | google-play-music-desktop-player | 123 | google-play-music-desktop-player |
124 | img2txt | ||
125 | k3b | ||
126 | mediainfo | ||
106 | mpv | 127 | mpv |
128 | nautilus | ||
107 | parole | 129 | parole |
108 | rhythmbox | 130 | rhythmbox |
131 | simple-scan | ||
132 | skanlite | ||
109 | spotify | 133 | spotify |
110 | totem | 134 | totem |
111 | vlc | 135 | vlc |
136 | xfburn | ||
112 | xplayer | 137 | xplayer |
113 | xviewer | 138 | xviewer |
114 | eom | 139 | eom |
@@ -121,10 +146,13 @@ atril | |||
121 | cherrytree | 146 | cherrytree |
122 | evince | 147 | evince |
123 | fbreader | 148 | fbreader |
149 | gedit | ||
124 | gimp | 150 | gimp |
125 | gthumb | 151 | gthumb |
126 | gwenview | 152 | gwenview |
153 | highlight | ||
127 | inkscape | 154 | inkscape |
155 | kate | ||
128 | libreoffice | 156 | libreoffice |
129 | localc | 157 | localc |
130 | lodraw | 158 | lodraw |
@@ -141,7 +169,9 @@ soffice | |||
141 | synfigstudio | 169 | synfigstudio |
142 | Mathematica | 170 | Mathematica |
143 | mathematica | 171 | mathematica |
172 | odt2txt | ||
144 | okular | 173 | okular |
174 | pdftotext | ||
145 | pix | 175 | pix |
146 | xpdf | 176 | xpdf |
147 | xreader | 177 | xreader |
@@ -151,14 +181,40 @@ flowblade | |||
151 | eog | 181 | eog |
152 | 182 | ||
153 | # other | 183 | # other |
154 | ssh | ||
155 | atom-beta | ||
156 | atom | 184 | atom |
185 | atom-beta | ||
186 | gpa | ||
187 | gpg | ||
188 | # don't run ssh-agent and gpg-agent with firejail by default | ||
189 | # this will break many processes using them in the background | ||
190 | # ssh-agent | ||
191 | # gpg-agent | ||
192 | git | ||
157 | ranger | 193 | ranger |
158 | keepass | 194 | keepass |
159 | keepass2 | 195 | keepass2 |
160 | keepassx | 196 | keepassx |
197 | ssh | ||
198 | tracker | ||
161 | xiphos | 199 | xiphos |
200 | xpra | ||
162 | 201 | ||
163 | # weather/climate | 202 | # weather/climate |
164 | aweather | 203 | aweather |
204 | gnome-weather | ||
205 | |||
206 | # compressing tools | ||
207 | ark | ||
208 | atool | ||
209 | file-roller | ||
210 | |||
211 | # when used by other processes in the background, it will break stuff | ||
212 | #7z | ||
213 | #cpio | ||
214 | #gtar | ||
215 | #gzip | ||
216 | #tar | ||
217 | #unrar | ||
218 | #unzip | ||
219 | #xz | ||
220 | #xzdec | ||