diff options
-rw-r--r-- | etc/inc/feh-network.inc | 4 | ||||
-rw-r--r-- | etc/profile-a-l/7z.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/ar.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/archiver-common.profile (renamed from etc/inc/archiver-common.inc) | 0 | ||||
-rw-r--r-- | etc/profile-a-l/atool.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/bsdtar.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common-hardened.profile (renamed from etc/inc/chromium-common-hardened.inc) | 0 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/cpio.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/electron.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/feh-network.profile | 8 | ||||
-rw-r--r-- | etc/profile-a-l/feh.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/gzip.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/tar.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/unrar.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/unzip.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/xzdec.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/zstd.profile | 2 | ||||
-rw-r--r-- | src/man/jailtest.txt | 6 |
19 files changed, 27 insertions, 23 deletions
diff --git a/etc/inc/feh-network.inc b/etc/inc/feh-network.inc deleted file mode 100644 index e94e7205c..000000000 --- a/etc/inc/feh-network.inc +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | ignore net none | ||
2 | netfilter | ||
3 | protocol unix,inet,inet6 | ||
4 | private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl | ||
diff --git a/etc/profile-a-l/7z.profile b/etc/profile-a-l/7z.profile index b2294c070..0d31255ad 100644 --- a/etc/profile-a-l/7z.profile +++ b/etc/profile-a-l/7z.profile | |||
@@ -7,8 +7,8 @@ include 7z.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Included in archiver-common.inc | 10 | # Included in archiver-common.profile |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.inc | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile index f99934e66..5a20a8181 100644 --- a/etc/profile-a-l/ar.profile +++ b/etc/profile-a-l/ar.profile | |||
@@ -8,4 +8,4 @@ include ar.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include archiver-common.inc | 11 | include archiver-common.profile |
diff --git a/etc/inc/archiver-common.inc b/etc/profile-a-l/archiver-common.profile index 74b0b6ef6..74b0b6ef6 100644 --- a/etc/inc/archiver-common.inc +++ b/etc/profile-a-l/archiver-common.profile | |||
diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile index 6e0ecb012..e377de2c8 100644 --- a/etc/profile-a-l/atool.profile +++ b/etc/profile-a-l/atool.profile | |||
@@ -17,4 +17,4 @@ private-etc alternatives,group,login.defs,passwd | |||
17 | private-tmp | 17 | private-tmp |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include archiver-common.inc | 20 | include archiver-common.profile |
diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile index fb4f643c8..d731a6a6e 100644 --- a/etc/profile-a-l/bsdtar.profile +++ b/etc/profile-a-l/bsdtar.profile | |||
@@ -9,4 +9,4 @@ include globals.local | |||
9 | private-etc alternatives,group,localtime,passwd | 9 | private-etc alternatives,group,localtime,passwd |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include archiver-common.inc | 12 | include archiver-common.profile |
diff --git a/etc/inc/chromium-common-hardened.inc b/etc/profile-a-l/chromium-common-hardened.profile index d756eec50..d756eec50 100644 --- a/etc/inc/chromium-common-hardened.inc +++ b/etc/profile-a-l/chromium-common-hardened.profile | |||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index 1afb2c6e1..b81b1cb36 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -32,7 +32,7 @@ include whitelist-var-common.inc | |||
32 | 32 | ||
33 | # Uncomment the next line (or add it to your chromium-common.local) | 33 | # Uncomment the next line (or add it to your chromium-common.local) |
34 | # if your kernel allows unprivileged userns clone. | 34 | # if your kernel allows unprivileged userns clone. |
35 | #include chromium-common-hardened.inc | 35 | #include chromium-common-hardened.profile |
36 | 36 | ||
37 | # Uncomment or put in your chromium-common.local to allow screen sharing under | 37 | # Uncomment or put in your chromium-common.local to allow screen sharing under |
38 | # wayland. | 38 | # wayland. |
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile index 0e0299655..bdc4f21a6 100644 --- a/etc/profile-a-l/cpio.profile +++ b/etc/profile-a-l/cpio.profile | |||
@@ -11,4 +11,4 @@ noblacklist /sbin | |||
11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.inc | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index d3be07c9d..691616393 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -20,7 +20,7 @@ include whitelist-var-common.inc | |||
20 | 20 | ||
21 | # Uncomment the next line (or add it to your chromium-common.local) | 21 | # Uncomment the next line (or add it to your chromium-common.local) |
22 | # if your kernel allows unprivileged userns clone. | 22 | # if your kernel allows unprivileged userns clone. |
23 | #include chromium-common-hardened.inc | 23 | #include chromium-common-hardened.profile |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
26 | caps.keep sys_admin,sys_chroot | 26 | caps.keep sys_admin,sys_chroot |
diff --git a/etc/profile-a-l/feh-network.profile b/etc/profile-a-l/feh-network.profile new file mode 100644 index 000000000..f35facd64 --- /dev/null +++ b/etc/profile-a-l/feh-network.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include feh-network.local | ||
4 | |||
5 | ignore net none | ||
6 | netfilter | ||
7 | protocol unix,inet,inet6 | ||
8 | private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl | ||
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index 8ac7755de..6d6287f7f 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile | |||
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | # This profile disables network access | 18 | # This profile disables network access |
19 | # In order to enable network access, | 19 | # In order to enable network access, |
20 | # uncomment the following or put it in your feh.local: | 20 | # uncomment the following or put it in your feh.local: |
21 | # include feh-network.inc | 21 | # include feh-network.profile |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index 035c6459c..b261c16f4 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile | |||
@@ -12,4 +12,4 @@ include globals.local | |||
12 | noblacklist /var/lib/pacman | 12 | noblacklist /var/lib/pacman |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.inc | 15 | include archiver-common.profile |
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 9d7a23d43..0d3a900e9 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -7,7 +7,7 @@ include tar.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Included in archiver-common.inc | 10 | # Included in archiver-common.profile |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | 12 | ||
13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
@@ -20,4 +20,4 @@ private-etc alternatives,group,localtime,login.defs,passwd | |||
20 | writable-var | 20 | writable-var |
21 | 21 | ||
22 | # Redirect | 22 | # Redirect |
23 | include archiver-common.inc | 23 | include archiver-common.profile |
diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile index 65f1a425a..9d3d9b40e 100644 --- a/etc/profile-m-z/unrar.profile +++ b/etc/profile-m-z/unrar.profile | |||
@@ -12,4 +12,4 @@ private-etc alternatives,group,localtime,passwd | |||
12 | private-tmp | 12 | private-tmp |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.inc | 15 | include archiver-common.profile |
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index c94416b87..0231e3dba 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -13,4 +13,4 @@ noblacklist ${HOME}/.local/share/gnome-shell | |||
13 | private-etc alternatives,group,localtime,passwd | 13 | private-etc alternatives,group,localtime,passwd |
14 | 14 | ||
15 | # Redirect | 15 | # Redirect |
16 | include archiver-common.inc | 16 | include archiver-common.profile |
diff --git a/etc/profile-m-z/xzdec.profile b/etc/profile-m-z/xzdec.profile index c5e8d1631..79f71f2fd 100644 --- a/etc/profile-m-z/xzdec.profile +++ b/etc/profile-m-z/xzdec.profile | |||
@@ -8,4 +8,4 @@ include xzdec.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include archiver-common.inc | 11 | include archiver-common.profile |
diff --git a/etc/profile-m-z/zstd.profile b/etc/profile-m-z/zstd.profile index 07a75f97f..faeb5c5c5 100644 --- a/etc/profile-m-z/zstd.profile +++ b/etc/profile-m-z/zstd.profile | |||
@@ -8,4 +8,4 @@ include zstd.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Redirect | 10 | # Redirect |
11 | include archiver-common.inc | 11 | include archiver-common.profile |
diff --git a/src/man/jailtest.txt b/src/man/jailtest.txt index 1b64097ea..b52fc5eed 100644 --- a/src/man/jailtest.txt +++ b/src/man/jailtest.txt | |||
@@ -14,7 +14,7 @@ These directories are build by firejail at startup using --private* and --whitel | |||
14 | .TP | 14 | .TP |
15 | \fB2. Noexec test | 15 | \fB2. Noexec test |
16 | jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories | 16 | jailtest inserts executable programs in /home/username, /tmp, and /var/tmp directories |
17 | and tries to run them form inside the sandbox, thus testing if the directory is executable or not. | 17 | and tries to run them from inside the sandbox, thus testing if the directory is executable or not. |
18 | .TP | 18 | .TP |
19 | \fB3. Read access test | 19 | \fB3. Read access test |
20 | jailtest creates test files in the directories specified by the user and tries to read | 20 | jailtest creates test files in the directories specified by the user and tries to read |
@@ -29,10 +29,10 @@ The program is started as root using sudo. | |||
29 | .SH OPTIONS | 29 | .SH OPTIONS |
30 | .TP | 30 | .TP |
31 | \fB\-\-debug | 31 | \fB\-\-debug |
32 | Print debug messages | 32 | Print debug messages. |
33 | .TP | 33 | .TP |
34 | \fB\-?\fR, \fB\-\-help\fR | 34 | \fB\-?\fR, \fB\-\-help\fR |
35 | Print options end exit. | 35 | Print options and exit. |
36 | .TP | 36 | .TP |
37 | \fB\-\-version | 37 | \fB\-\-version |
38 | Print program version and exit. | 38 | Print program version and exit. |