diff options
68 files changed, 68 insertions, 1 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index f8a3ce23d..e6540fb5d 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -12,6 +12,7 @@ protocol unix,inet,inet6,netlink | |||
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | noroot | 14 | noroot |
15 | nonewprivs | ||
15 | 16 | ||
16 | # Whitelists | 17 | # Whitelists |
17 | noblacklist ~/.cache/0ad | 18 | noblacklist ~/.cache/0ad |
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 05131df43..75dbebcf0 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -16,4 +16,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | seccomp | 18 | seccomp |
19 | nonewprivs | ||
19 | noroot | 20 | noroot |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 949635258..6a06ce76b 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -11,6 +11,7 @@ seccomp | |||
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
diff --git a/etc/atril.profile b/etc/atril.profile index d1a7b25f8..c20a8c7b3 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | tracelog | 14 | tracelog |
14 | netfilter | 15 | netfilter |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 290faa260..0a1598dee 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
diff --git a/etc/aweather.profile b/etc/aweather.profile index d7f510a7e..dd508e736 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
12 | # Call these options | 12 | # Call these options |
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nonewprivs | ||
15 | noroot | 16 | noroot |
16 | protocol unix,inet,inet6,netlink | 17 | protocol unix,inet,inet6,netlink |
17 | seccomp | 18 | seccomp |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index fb84c260a..b7ccd132e 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -9,3 +9,4 @@ private | |||
9 | private-dev | 9 | private-dev |
10 | seccomp | 10 | seccomp |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 1f69f61c6..b3a34fc9a 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -19,6 +19,7 @@ seccomp | |||
19 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
20 | netfilter | 20 | netfilter |
21 | tracelog | 21 | tracelog |
22 | nonewprivs | ||
22 | noroot | 23 | noroot |
23 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
24 | nosound | 25 | nosound |
diff --git a/etc/clementine.profile b/etc/clementine.profile index c6271e6e3..fb9dca2a9 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 72b43a70f..16b9c112d 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -10,6 +10,7 @@ caps.drop all | |||
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | netfilter | 12 | netfilter |
13 | nonewprivs | ||
13 | noroot | 14 | noroot |
14 | 15 | ||
15 | private-bin cmus | 16 | private-bin cmus |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 007eef663..0a7966e4b 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -7,6 +7,7 @@ caps.drop all | |||
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
9 | netfilter | 9 | netfilter |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
11 | 12 | ||
12 | whitelist ~/.conkeror.mozdev.org | 13 | whitelist ~/.conkeror.mozdev.org |
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index cef9ad464..c5fb25e9a 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -11,6 +11,7 @@ seccomp | |||
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 2810e5323..9225ca16e 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -9,4 +9,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
diff --git a/etc/default.profile b/etc/default.profile index f2c7d4114..d836a9f5d 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -11,5 +11,6 @@ caps.drop all | |||
11 | seccomp | 11 | seccomp |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
diff --git a/etc/deluge.profile b/etc/deluge.profile index 4043f58f5..f7a2b98e4 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -9,5 +9,6 @@ caps.drop all | |||
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | nosound | 14 | nosound |
diff --git a/etc/dillo.profile b/etc/dillo.profile index 49c33fb7a..392000ade 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
@@ -11,6 +11,7 @@ seccomp | |||
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index 474bc5aca..4459c40dd 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -11,3 +11,4 @@ protocol unix,inet,inet6,netlink | |||
11 | netfilter | 11 | netfilter |
12 | private | 12 | private |
13 | private-dev | 13 | private-dev |
14 | nonewprivs | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index a0a944dce..568ab230a 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -6,4 +6,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | caps | 6 | caps |
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
9 | nonewprivs | ||
9 | noroot | 10 | noroot |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 789bdda08..c08398e84 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -7,3 +7,4 @@ caps.drop all | |||
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
9 | netfilter | 9 | netfilter |
10 | nonewprivs | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 95a673bf9..7783a05fd 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -23,4 +23,4 @@ caps.drop all | |||
23 | seccomp | 23 | seccomp |
24 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
25 | netfilter | 25 | netfilter |
26 | 26 | nonewprivs | |
diff --git a/etc/evince.profile b/etc/evince.profile index c390dcaf3..3c883d43c 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
11 | nosound | 12 | nosound |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index cfbae1c74..7764a48c9 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -10,5 +10,6 @@ caps.drop all | |||
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | netfilter | 12 | netfilter |
13 | nonewprivs | ||
13 | noroot | 14 | noroot |
14 | nosound | 15 | nosound |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 8542de284..1ab08b568 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | netfilter | 14 | netfilter |
14 | nosound | 15 | nosound |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 1ea94a2c7..6796ef7c4 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -11,6 +11,7 @@ seccomp | |||
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 94c672acf..77a95aa17 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -18,6 +18,7 @@ caps.drop all | |||
18 | seccomp | 18 | seccomp |
19 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
20 | netfilter | 20 | netfilter |
21 | nonewprivs | ||
21 | noroot | 22 | noroot |
22 | 23 | ||
23 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index ec3698ac8..010b19613 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 7fe43f1f6..fe2f79901 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | netfilter | 14 | netfilter |
14 | 15 | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index f53cb1b4f..ba9fce37b 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
12 | # Call these options | 12 | # Call these options |
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nonewprivs | ||
15 | noroot | 16 | noroot |
16 | protocol unix,inet,inet6,netlink | 17 | protocol unix,inet,inet6,netlink |
17 | seccomp | 18 | seccomp |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index d61c57adc..87523d825 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | 9 | seccomp |
10 | protocol unix | 10 | protocol unix |
11 | nonewprivs | ||
11 | noroot | 12 | noroot |
12 | nogroups | 13 | nogroups |
13 | private-dev | 14 | private-dev |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 5ab7cfe72..c5d863bd5 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
11 | private-dev | 12 | private-dev |
12 | seccomp | 13 | seccomp |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index b77555e55..3eb350660 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | netfilter | 14 | netfilter |
14 | 15 | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index a7079661b..a47945bc6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -10,5 +10,6 @@ caps.drop all | |||
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | netfilter | 12 | netfilter |
13 | nonewprivs | ||
13 | noroot | 14 | noroot |
14 | tracelog | 15 | tracelog |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 1d753d7c3..1536194b2 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -11,6 +11,7 @@ caps.drop all | |||
11 | seccomp | 11 | seccomp |
12 | protocol inet,inet6 | 12 | protocol inet,inet6 |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | private-bin mcabber | 17 | private-bin mcabber |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 7b38b411a..c9a99bede 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -16,6 +16,7 @@ mkdir ${HOME}/.config | |||
16 | mkdir ${HOME}/.config/mupen64plus | 16 | mkdir ${HOME}/.config/mupen64plus |
17 | whitelist ${HOME}/.config/mupen64plus/ | 17 | whitelist ${HOME}/.config/mupen64plus/ |
18 | 18 | ||
19 | nonewprivs | ||
19 | noroot | 20 | noroot |
20 | caps.drop all | 21 | caps.drop all |
21 | seccomp | 22 | seccomp |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 26b621126..e01cace7f 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -11,6 +11,7 @@ seccomp | |||
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
diff --git a/etc/okular.profile b/etc/okular.profile index 7929a8796..5179da787 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix | 11 | protocol unix |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | nogroups | 14 | nogroups |
14 | private-dev | 15 | private-dev |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index fc4ea453b..4db9b7adc 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -16,6 +16,7 @@ seccomp | |||
16 | protocol unix,inet,inet6,netlink | 16 | protocol unix,inet,inet6,netlink |
17 | netfilter | 17 | netfilter |
18 | tracelog | 18 | tracelog |
19 | nonewprivs | ||
19 | noroot | 20 | noroot |
20 | 21 | ||
21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
diff --git a/etc/parole.profile b/etc/parole.profile index 0c9a72143..c0be0453b 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -11,5 +11,6 @@ caps.drop all | |||
11 | seccomp | 11 | seccomp |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | shell none | 16 | shell none |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index fd497f082..767da5f55 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc | |||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | nonewprivs | ||
11 | noroot | 12 | noroot |
diff --git a/etc/polari.profile b/etc/polari.profile index 0bc46f3f7..7910f4e9b 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | seccomp | 25 | seccomp |
26 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
27 | nonewprivs | ||
27 | noroot | 28 | noroot |
28 | netfilter | 29 | netfilter |
29 | 30 | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 8bdc745fb..858fdda4d 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -8,5 +8,6 @@ caps.drop all | |||
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
11 | noroot | 12 | noroot |
12 | nosound | 13 | nosound |
diff --git a/etc/qtox.profile b/etc/qtox.profile index 80acc3873..ca34e932a 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -12,4 +12,5 @@ include /etc/firejail/whitelist-common.inc | |||
12 | caps.drop all | 12 | caps.drop all |
13 | seccomp | 13 | seccomp |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | nonewprivs | ||
15 | noroot | 16 | noroot |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 72004da7f..e68315c1c 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -6,5 +6,6 @@ include /etc/firejail/disable-devel.inc | |||
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
9 | nonewprivs | ||
9 | noroot | 10 | noroot |
10 | netfilter | 11 | netfilter |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 411d37dbd..5ad7ead1a 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -20,6 +20,7 @@ seccomp | |||
20 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
21 | netfilter | 21 | netfilter |
22 | tracelog | 22 | tracelog |
23 | nonewprivs | ||
23 | noroot | 24 | noroot |
24 | nogroups | 25 | nogroups |
25 | shell none | 26 | shell none |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 934a374de..09d10b0bb 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -11,6 +11,7 @@ seccomp | |||
11 | protocol unix,inet,inet6,netlink | 11 | protocol unix,inet,inet6,netlink |
12 | netfilter | 12 | netfilter |
13 | tracelog | 13 | tracelog |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 782cd3832..ee0832863 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
11 | netfilter | 12 | netfilter |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index ae0430830..9ae2206c1 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -8,5 +8,6 @@ caps.drop all | |||
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
11 | noroot | 12 | noroot |
12 | nosound | 13 | nosound |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index a10d5b0ec..886af0f67 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -10,6 +10,7 @@ seccomp | |||
10 | protocol unix,inet,inet6,netlink | 10 | protocol unix,inet,inet6,netlink |
11 | netfilter | 11 | netfilter |
12 | tracelog | 12 | tracelog |
13 | nonewprivs | ||
13 | noroot | 14 | noroot |
14 | 15 | ||
15 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
diff --git a/etc/skype.profile b/etc/skype.profile index 26feac1a4..4c4a34980 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/disable-devel.inc | |||
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | netfilter | 8 | netfilter |
9 | nonewprivs | ||
9 | noroot | 10 | noroot |
10 | seccomp | 11 | seccomp |
11 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
diff --git a/etc/spotify.profile b/etc/spotify.profile index fd4586dd5..1ee379dea 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -26,5 +26,6 @@ caps.drop all | |||
26 | seccomp | 26 | seccomp |
27 | protocol unix,inet,inet6,netlink | 27 | protocol unix,inet,inet6,netlink |
28 | netfilter | 28 | netfilter |
29 | nonewprivs | ||
29 | noroot | 30 | noroot |
30 | 31 | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index 7b282bde6..0c4621f66 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -9,4 +9,5 @@ caps.drop all | |||
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
diff --git a/etc/steam.profile b/etc/steam.profile index 4c96e8258..ae5e93829 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
11 | noroot | 12 | noroot |
12 | seccomp | 13 | seccomp |
13 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 7cb74eeaa..148ec949d 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | # Call these options | 13 | # Call these options |
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nonewprivs | ||
16 | noroot | 17 | noroot |
17 | protocol unix,inet,inet6,netlink | 18 | protocol unix,inet,inet6,netlink |
18 | seccomp | 19 | seccomp |
diff --git a/etc/telegram.profile b/etc/telegram.profile index df6b6a270..62a0fa404 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc | |||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
9 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
11 | netfilter | 12 | netfilter |
12 | 13 | ||
diff --git a/etc/totem.profile b/etc/totem.profile index d23167b03..f2bce5dee 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -10,5 +10,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | 11 | seccomp |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | nonewprivs | ||
13 | noroot | 14 | noroot |
14 | netfilter | 15 | netfilter |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index d61d36a8c..e27873f88 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -11,6 +11,7 @@ caps.drop all | |||
11 | seccomp | 11 | seccomp |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | tracelog | 16 | tracelog |
16 | nosound | 17 | nosound |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 3db7a5452..2caa923d8 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -11,6 +11,7 @@ caps.drop all | |||
11 | seccomp | 11 | seccomp |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | netfilter | 13 | netfilter |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | tracelog | 16 | tracelog |
16 | nosound | 17 | nosound |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index ef5aa7d4a..86e7be6fd 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -9,6 +9,7 @@ caps.drop all | |||
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | 14 | ||
14 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 449d9a168..2049d2bd9 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | netfilter | 8 | netfilter |
9 | nonewprivs | ||
9 | 10 | ||
10 | whitelist ${DOWNLOADS} | 11 | whitelist ${DOWNLOADS} |
11 | mkdir ~/.config | 12 | mkdir ~/.config |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 061ae6f78..d26034748 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -9,5 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | seccomp |
11 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | netfilter | 14 | netfilter |
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 7588da657..ceeaca012 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc | |||
9 | # Call these options | 9 | # Call these options |
10 | caps.drop all | 10 | caps.drop all |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | protocol unix,inet,inet6,netlink | 14 | protocol unix,inet,inet6,netlink |
14 | seccomp | 15 | seccomp |
diff --git a/etc/weechat.profile b/etc/weechat.profile index 280a5f9d8..11b5bd10f 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -7,5 +7,6 @@ caps.drop all | |||
7 | seccomp | 7 | seccomp |
8 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
9 | netfilter | 9 | netfilter |
10 | nonewprivs | ||
10 | noroot | 11 | noroot |
11 | netfilter | 12 | netfilter |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 340ba0db5..61a87d994 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | caps.drop all | 11 | caps.drop all |
12 | seccomp | 12 | seccomp |
13 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | 16 | ||
16 | private-dev | 17 | private-dev |
diff --git a/etc/wine.profile b/etc/wine.profile index ea6db8511..18e5346af 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -9,5 +9,6 @@ include /etc/firejail/disable-devel.inc | |||
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | ||
12 | noroot | 13 | noroot |
13 | seccomp | 14 | seccomp |
diff --git a/etc/xchat.profile b/etc/xchat.profile index fcea4245e..f4b273693 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc | |||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | nonewprivs | ||
11 | noroot | 12 | noroot |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 67a46a7da..fb0e3c910 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | 11 | seccomp |
12 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
13 | nonewprivs | ||
13 | noroot | 14 | noroot |
14 | tracelog | 15 | tracelog |
15 | netfilter | 16 | netfilter |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 7b72d41a6..4b7ed41be 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | caps.drop all | 11 | caps.drop all |
12 | seccomp | 12 | seccomp |
13 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | nonewprivs | ||
14 | noroot | 15 | noroot |
15 | tracelog | 16 | tracelog |
16 | netfilter | 17 | netfilter |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 33e1e3c68..a0c91f0f3 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -9,5 +9,6 @@ caps.drop all | |||
9 | seccomp | 9 | seccomp |
10 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
11 | noroot | 11 | noroot |
12 | nonewprivs | ||
12 | tracelog | 13 | tracelog |
13 | netfilter | 14 | netfilter |