17 files changed, 66 insertions, 7 deletions
diff --git a/RELNOTES b/RELNOTES
index 87497e538..483b4cfa6 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,11 +1,12 @@
-ffirejail (0.9.31) baseline; urgency=low
+firejail (0.9.31) baseline; urgency=low
-  * disable X11 autostart folders in default profiles
+  * lots of security profile changes
-  * disable subversion and git config files in home directory
  * added FBReader default profile
+  * added --interface option
+  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  current development
-irejail (0.9.30) baseline; urgency=low
+firejail (0.9.30) baseline; urgency=low
  * added a disable-history.inc profile as a result of Firefox PDF.js exploit;
    disable-history.inc included in all default profiles
  * Firefox PDF.js exploit (CVE-2015-4495) fixes
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 923b70184..5f870c8ab 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/clementine.profile b/etc/clementine.profile
index 47c40506a..b972c18ff 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 68027bd7c..d25db072c 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 24a082099..b54e31cfa 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc
index 8ac1b3792..1042582a0 100644
--- a/etc/disable-secret.inc
+++ b/etc/disable-secret.inc
@@ -4,6 +4,5 @@ tmpfs ${HOME}/.gnome2_private
 blacklist ${HOME}/.gnome2/keyrings
 blacklist ${HOME}/kde4/share/apps/kwallet
 blacklist ${HOME}/kde/share/apps/kwallet
-blacklist ${HOME}/.pki/nssdb
 blacklist ${HOME}/.gnupg
 blacklist ${HOME}/.local/share/recently-used.xbel
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 008660f77..76723eb38 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps
 seccomp
 noroot
diff --git a/etc/evince.profile b/etc/evince.profile
index 023fd2444..a79c4cf54 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index 97baa2a3e..bf707d8ca 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -4,6 +4,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/generic.profile b/etc/generic.profile
index f1c6af30d..c5dfb7929 100644
--- a/etc/generic.profile
+++ b/etc/generic.profile
@@ -5,7 +5,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 4be1c1093..201af5007 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index dd7be997c..b4c2c91c7 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index f2870d543..e2cd0ef71 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/totem.profile b/etc/totem.profile
index 6b26a4e0e..a6e26dbdb 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index dc1d9d524..525ee1785 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 netfilter
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 64c2ba8ad..9857ac712 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -3,7 +3,11 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
-caps.drop all
+cblacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
+aps.drop all
 seccomp
 netfilter
 noroot
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 365ea838a..ef687abb7 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
 include /etc/firejail/disable-secret.inc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-history.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist {HOME}/.lastpass
+blacklist {HOME}/.keepassx
+blacklist {HOME}/.password-store
 caps.drop all
 seccomp
 noroot

diff --git a/RELNOTES b/RELNOTES index 87497e538..483b4cfa6 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,11 +1,12 @@
1	ffirejail (0.9.31) baseline; urgency=low	1	firejail (0.9.31) baseline; urgency=low
2	* disable X11 autostart folders in default profiles	2	* lots of security profile changes
3	* disable subversion and git config files in home directory
4	* added FBReader default profile	3	* added FBReader default profile
		4	* added --interface option
		5	* bugfixes
5	-- netblue30 <netblue30@yahoo.com> current development	6	-- netblue30 <netblue30@yahoo.com> current development
6		7
7		8
8	irejail (0.9.30) baseline; urgency=low	9	firejail (0.9.30) baseline; urgency=low
9	* added a disable-history.inc profile as a result of Firefox PDF.js exploit;	10	* added a disable-history.inc profile as a result of Firefox PDF.js exploit;
10	disable-history.inc included in all default profiles	11	disable-history.inc included in all default profiles
11	* Firefox PDF.js exploit (CVE-2015-4495) fixes	12	* Firefox PDF.js exploit (CVE-2015-4495) fixes


diff --git a/etc/audacious.profile b/etc/audacious.profile index 923b70184..5f870c8ab 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/clementine.profile b/etc/clementine.profile index 47c40506a..b972c18ff 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 68027bd7c..d25db072c 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/deluge.profile b/etc/deluge.profile index 24a082099..b54e31cfa 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	netfilter	12	netfilter


diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc index 8ac1b3792..1042582a0 100644 --- a/etc/disable-secret.inc +++ b/etc/disable-secret.inc
@@ -4,6 +4,5 @@ tmpfs ${HOME}/.gnome2_private
4	blacklist ${HOME}/.gnome2/keyrings	4	blacklist ${HOME}/.gnome2/keyrings
5	blacklist ${HOME}/kde4/share/apps/kwallet	5	blacklist ${HOME}/kde4/share/apps/kwallet
6	blacklist ${HOME}/kde/share/apps/kwallet	6	blacklist ${HOME}/kde/share/apps/kwallet
7	blacklist ${HOME}/.pki/nssdb
8	blacklist ${HOME}/.gnupg	7	blacklist ${HOME}/.gnupg
9	blacklist ${HOME}/.local/share/recently-used.xbel	8	blacklist ${HOME}/.local/share/recently-used.xbel


diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 008660f77..76723eb38 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps	10	caps
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/evince.profile b/etc/evince.profile index 023fd2444..a79c4cf54 100644 --- a/etc/evince.profile +++ b/etc/evince.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 97baa2a3e..bf707d8ca 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile
@@ -4,6 +4,10 @@ include /etc/firejail/disable-mgmt.inc
4	include /etc/firejail/disable-secret.inc	4	include /etc/firejail/disable-secret.inc
5	include /etc/firejail/disable-common.inc	5	include /etc/firejail/disable-common.inc
6	include /etc/firejail/disable-history.inc	6	include /etc/firejail/disable-history.inc
		7	blacklist ${HOME}/.pki/nssdb
		8	blacklist {HOME}/.lastpass
		9	blacklist {HOME}/.keepassx
		10	blacklist {HOME}/.password-store
7	caps.drop all	11	caps.drop all
8	seccomp	12	seccomp
9	netfilter	13	netfilter


diff --git a/etc/generic.profile b/etc/generic.profile index f1c6af30d..c5dfb7929 100644 --- a/etc/generic.profile +++ b/etc/generic.profile
@@ -5,7 +5,10 @@ include /etc/firejail/disable-mgmt.inc
5	include /etc/firejail/disable-secret.inc	5	include /etc/firejail/disable-secret.inc
6	include /etc/firejail/disable-common.inc	6	include /etc/firejail/disable-common.inc
7	include /etc/firejail/disable-history.inc	7	include /etc/firejail/disable-history.inc
8		8	blacklist ${HOME}/.pki/nssdb
		9	blacklist {HOME}/.lastpass
		10	blacklist {HOME}/.keepassx
		11	blacklist {HOME}/.password-store
9	caps.drop all	12	caps.drop all
10	seccomp	13	seccomp
11	netfilter	14	netfilter


diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 4be1c1093..201af5007 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index dd7be997c..b4c2c91c7 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	netfilter	12	netfilter


diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index f2870d543..e2cd0ef71 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/totem.profile b/etc/totem.profile index 6b26a4e0e..a6e26dbdb 100644 --- a/etc/totem.profile +++ b/etc/totem.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot


diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index dc1d9d524..525ee1785 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	netfilter	12	netfilter


diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 64c2ba8ad..9857ac712 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile
@@ -3,7 +3,11 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
6	caps.drop all	6	cblacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
		10	aps.drop all
7	seccomp	11	seccomp
8	netfilter	12	netfilter
9	noroot	13	noroot


diff --git a/etc/vlc.profile b/etc/vlc.profile index 365ea838a..ef687abb7 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile
@@ -3,6 +3,10 @@ include /etc/firejail/disable-mgmt.inc
3	include /etc/firejail/disable-secret.inc	3	include /etc/firejail/disable-secret.inc
4	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-history.inc	5	include /etc/firejail/disable-history.inc
		6	blacklist ${HOME}/.pki/nssdb
		7	blacklist {HOME}/.lastpass
		8	blacklist {HOME}/.keepassx
		9	blacklist {HOME}/.password-store
6	caps.drop all	10	caps.drop all
7	seccomp	11	seccomp
8	noroot	12	noroot