diff options
-rw-r--r-- | etc/0ad.profile | 4 | ||||
-rw-r--r-- | etc/atom-beta.profile | 7 | ||||
-rw-r--r-- | etc/atom.profile | 6 | ||||
-rw-r--r-- | etc/atril.profile | 1 | ||||
-rw-r--r-- | etc/audacity.profile | 2 | ||||
-rw-r--r-- | etc/aweather.profile | 3 | ||||
-rw-r--r-- | etc/dosbox.profile | 21 | ||||
-rw-r--r-- | etc/eom.profile | 1 | ||||
-rw-r--r-- | etc/gitter.profile | 4 | ||||
-rw-r--r-- | etc/gthumb.profile | 1 | ||||
-rw-r--r-- | etc/libreoffice.profile | 3 | ||||
-rw-r--r-- | etc/palemoon.profile | 1 | ||||
-rw-r--r-- | etc/pidgin.profile | 1 | ||||
-rw-r--r-- | etc/qtox.profile | 1 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 1 | ||||
-rw-r--r-- | etc/stellarium.profile | 2 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 2 | ||||
-rw-r--r-- | etc/vlc.profile | 2 | ||||
-rw-r--r-- | etc/warzone2100.profile | 1 | ||||
-rw-r--r-- | etc/xplayer.profile | 1 | ||||
-rw-r--r-- | etc/xreader.profile | 1 | ||||
-rw-r--r-- | etc/xviewer.profile | 3 |
22 files changed, 54 insertions, 15 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 217cdeee0..1e7c06879 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -19,8 +19,8 @@ whitelist ~/.local/share/0ad | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nonewprivs | ||
23 | nogroups | 22 | nogroups |
23 | nonewprivs | ||
24 | noroot | 24 | noroot |
25 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
26 | seccomp | 26 | seccomp |
@@ -28,4 +28,4 @@ shell none | |||
28 | tracelog | 28 | tracelog |
29 | 29 | ||
30 | private-dev | 30 | private-dev |
31 | 31 | private-tmp | |
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 3c753e86c..9a8d93875 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firjail profile for Atom Beta. | 1 | # Firejail profile for Atom Beta. |
2 | noblacklist ~/.atom | 2 | noblacklist ~/.atom |
3 | noblacklist ~/.config/Atom | 3 | noblacklist ~/.config/Atom |
4 | 4 | ||
@@ -11,9 +11,10 @@ netfilter | |||
11 | nonewprivs | 11 | nonewprivs |
12 | nogroups | 12 | nogroups |
13 | noroot | 13 | noroot |
14 | nosound | ||
15 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | 16 | seccomp |
15 | shell none | 17 | shell none |
16 | 18 | ||
17 | private-dev | 19 | private-dev |
18 | nosound | 20 | private-tmp |
19 | |||
diff --git a/etc/atom.profile b/etc/atom.profile index 8304cd379..3cb86847e 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firjail profile for Atom. | 1 | # Firejail profile for Atom. |
2 | noblacklist ~/.atom | 2 | noblacklist ~/.atom |
3 | noblacklist ~/.config/Atom | 3 | noblacklist ~/.config/Atom |
4 | 4 | ||
@@ -11,8 +11,10 @@ netfilter | |||
11 | nonewprivs | 11 | nonewprivs |
12 | nogroups | 12 | nogroups |
13 | noroot | 13 | noroot |
14 | nosound | ||
15 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | 16 | seccomp |
15 | shell none | 17 | shell none |
16 | 18 | ||
17 | private-dev | 19 | private-dev |
18 | nosound | 20 | private-tmp |
diff --git a/etc/atril.profile b/etc/atril.profile index bfe731bec..d9e10b072 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -18,3 +18,4 @@ tracelog | |||
18 | 18 | ||
19 | private-bin atril, atril-previewer, atril-thumbnailer | 19 | private-bin atril, atril-previewer, atril-thumbnailer |
20 | private-dev | 20 | private-dev |
21 | private-tmp | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index 162201cb8..be3fac9be 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | ||
10 | nonewprivs | 11 | nonewprivs |
11 | nogroups | 12 | nogroups |
12 | noroot | 13 | noroot |
@@ -17,3 +18,4 @@ tracelog | |||
17 | 18 | ||
18 | private-bin audacity | 19 | private-bin audacity |
19 | private-dev | 20 | private-dev |
21 | private-tmp | ||
diff --git a/etc/aweather.profile b/etc/aweather.profile index da93e8ba3..4e5c36f50 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -15,10 +15,11 @@ nonewprivs | |||
15 | nogroups | 15 | nogroups |
16 | noroot | 16 | noroot |
17 | nosound | 17 | nosound |
18 | protocol unix,inet,inet6,netlink | 18 | protocol unix,inet,inet6 |
19 | seccomp | 19 | seccomp |
20 | shell none | 20 | shell none |
21 | tracelog | 21 | tracelog |
22 | 22 | ||
23 | private-bin aweather | 23 | private-bin aweather |
24 | private-dev | 24 | private-dev |
25 | private-tmp | ||
diff --git a/etc/dosbox.profile b/etc/dosbox.profile new file mode 100644 index 000000000..45fbb712a --- /dev/null +++ b/etc/dosbox.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # Firejail profile for dosbox | ||
2 | noblacklist ~/.dosbox | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-bin dosbox | ||
20 | private-dev | ||
21 | private-tmp | ||
diff --git a/etc/eom.profile b/etc/eom.profile index 81d993e96..dfcea82c1 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -18,3 +18,4 @@ tracelog | |||
18 | 18 | ||
19 | private-bin eom | 19 | private-bin eom |
20 | private-dev | 20 | private-dev |
21 | private-tmp | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index 2882c59a6..f43f5f199 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -7,12 +7,14 @@ include /etc/firejail/disable-devel.inc | |||
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | netfilter | 9 | netfilter |
10 | nonewprivs | ||
11 | nogroups | 10 | nogroups |
11 | nonewprivs | ||
12 | noroot | 12 | noroot |
13 | nosound | ||
13 | protocol unix,inet,inet6,netlink | 14 | protocol unix,inet,inet6,netlink |
14 | seccomp | 15 | seccomp |
15 | shell none | 16 | shell none |
16 | 17 | ||
17 | private-bin gitter | 18 | private-bin gitter |
18 | private-dev | 19 | private-dev |
20 | private-tmp | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index e043c7229..3ffd10add 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -19,4 +19,3 @@ tracelog | |||
19 | private-bin gthumb | 19 | private-bin gthumb |
20 | whitelist /tmp/.X11-unix | 20 | whitelist /tmp/.X11-unix |
21 | private-dev | 21 | private-dev |
22 | private-tmp | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 77a00ebef..75a52e9ff 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | netfilter | 9 | netfilter |
10 | nogroups | ||
10 | nonewprivs | 11 | nonewprivs |
11 | noroot | 12 | noroot |
12 | protocol unix,inet,inet6,netlink | 13 | protocol unix,inet,inet6,netlink |
@@ -15,5 +16,3 @@ tracelog | |||
15 | 16 | ||
16 | private-dev | 17 | private-dev |
17 | whitelist /tmp/.X11-unix/ | 18 | whitelist /tmp/.X11-unix/ |
18 | nosound | ||
19 | |||
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index acedaebb7..71deec6bc 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -23,6 +23,7 @@ shell none | |||
23 | tracelog | 23 | tracelog |
24 | 24 | ||
25 | private-bin palemoon | 25 | private-bin palemoon |
26 | private-tmp | ||
26 | 27 | ||
27 | # These are uncommented in the Firefox profile. If you run into trouble you may | 28 | # These are uncommented in the Firefox profile. If you run into trouble you may |
28 | # want to uncomment (some of) them. | 29 | # want to uncomment (some of) them. |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 3df2cafa6..47be2b6ea 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -18,3 +18,4 @@ tracelog | |||
18 | 18 | ||
19 | private-bin pidgin | 19 | private-bin pidgin |
20 | private-dev | 20 | private-dev |
21 | private-tmp | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 0cac18573..927487037 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -20,3 +20,4 @@ shell none | |||
20 | tracelog | 20 | tracelog |
21 | 21 | ||
22 | private-bin qtox | 22 | private-bin qtox |
23 | private-tmp | ||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 9f087ea1d..0e8527ae7 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -16,3 +16,4 @@ tracelog | |||
16 | 16 | ||
17 | private-bin rhythmbox | 17 | private-bin rhythmbox |
18 | private-dev | 18 | private-dev |
19 | private-tmp | ||
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index adefa75ff..d57c9e5f7 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -25,4 +25,4 @@ tracelog | |||
25 | 25 | ||
26 | private-bin stellarium | 26 | private-bin stellarium |
27 | private-dev | 27 | private-dev |
28 | 28 | private-tmp | |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index fa5c3b22b..0cfa4fcfc 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -14,9 +14,9 @@ noroot | |||
14 | nosound | 14 | nosound |
15 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
16 | seccomp | 16 | seccomp |
17 | shell none | ||
17 | tracelog | 18 | tracelog |
18 | 19 | ||
19 | shell none | ||
20 | private-bin transmission-gtk | 20 | private-bin transmission-gtk |
21 | whitelist /tmp/.X11-unix | 21 | whitelist /tmp/.X11-unix |
22 | private-dev | 22 | private-dev |
diff --git a/etc/vlc.profile b/etc/vlc.profile index c82247dd2..cdd098dd5 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -17,3 +17,5 @@ shell none | |||
17 | tracelog | 17 | tracelog |
18 | 18 | ||
19 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 19 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
20 | private-dev | ||
21 | private-tmp | ||
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index ff37e2800..7c7efade8 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -23,3 +23,4 @@ tracelog | |||
23 | 23 | ||
24 | private-bin warzone2100 | 24 | private-bin warzone2100 |
25 | private-dev | 25 | private-dev |
26 | private-tmp | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index a46b2fa06..54d5ed89b 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -19,3 +19,4 @@ tracelog | |||
19 | 19 | ||
20 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 20 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
21 | private-dev | 21 | private-dev |
22 | private-tmp | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index ac7d34022..d2a000bd0 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -20,3 +20,4 @@ tracelog | |||
20 | 20 | ||
21 | private-bin xreader, xreader-previewer, xreader-thumbnailer | 21 | private-bin xreader, xreader-previewer, xreader-thumbnailer |
22 | private-dev | 22 | private-dev |
23 | private-tmp | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7a4ae4858..cbb59d16e 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -6,8 +6,8 @@ include /etc/firejail/disable-devel.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | nonewprivs | ||
10 | nogroups | 9 | nogroups |
10 | nonewprivs | ||
11 | noroot | 11 | noroot |
12 | nosound | 12 | nosound |
13 | protocol unix | 13 | protocol unix |
@@ -17,3 +17,4 @@ tracelog | |||
17 | 17 | ||
18 | private-dev | 18 | private-dev |
19 | private-bin xviewer | 19 | private-bin xviewer |
20 | private-tmp | ||