diff options
| -rw-r--r-- | Makefile.in | 1 | ||||
| -rw-r--r-- | etc/audacious.profile | 1 | ||||
| -rw-r--r-- | etc/chromium.profile | 1 | ||||
| -rw-r--r-- | etc/clementine.profile | 1 | ||||
| -rw-r--r-- | etc/deadbeef.profile | 1 | ||||
| -rw-r--r-- | etc/deluge.profile | 1 | ||||
| -rw-r--r-- | etc/disable-devel.inc | 29 | ||||
| -rw-r--r-- | etc/empathy.profile | 1 | ||||
| -rw-r--r-- | etc/evince.profile | 1 | ||||
| -rw-r--r-- | etc/fbreader.profile | 1 | ||||
| -rw-r--r-- | etc/filezilla.profile | 1 | ||||
| -rw-r--r-- | etc/firefox.profile | 1 | ||||
| -rw-r--r-- | etc/gnome-mplayer.profile | 1 | ||||
| -rw-r--r-- | etc/midori.profile | 1 | ||||
| -rw-r--r-- | etc/opera.profile | 1 | ||||
| -rw-r--r-- | etc/pidgin.profile | 1 | ||||
| -rw-r--r-- | etc/qbittorrent.profile | 1 | ||||
| -rw-r--r-- | etc/quassel.profile | 1 | ||||
| -rw-r--r-- | etc/rhythmbox.profile | 1 | ||||
| -rw-r--r-- | etc/skype.profile | 1 | ||||
| -rw-r--r-- | etc/spotify.profile | 1 | ||||
| -rw-r--r-- | etc/steam.profile | 1 | ||||
| -rw-r--r-- | etc/thunderbird.profile | 1 | ||||
| -rw-r--r-- | etc/totem.profile | 1 | ||||
| -rw-r--r-- | etc/transmission-gtk.profile | 1 | ||||
| -rw-r--r-- | etc/transmission-qt.profile | 1 | ||||
| -rw-r--r-- | etc/vlc.profile | 1 | ||||
| -rw-r--r-- | etc/wine.profile | 1 | ||||
| -rw-r--r-- | etc/xchat.profile | 1 | ||||
| -rw-r--r-- | platform/debian/conffiles | 1 |
30 files changed, 58 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in index b02f0fbb4..27ecce4fb 100644 --- a/Makefile.in +++ b/Makefile.in | |||
| @@ -110,6 +110,7 @@ realinstall: | |||
| 110 | install -c -m 0644 etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 110 | install -c -m 0644 etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 111 | install -c -m 0644 etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 111 | install -c -m 0644 etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 112 | install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 112 | install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
| 113 | install -c -m 0644 etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/. | ||
| 113 | bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 114 | bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
| 114 | # man pages | 115 | # man pages |
| 115 | rm -f firejail.1.gz | 116 | rm -f firejail.1.gz |
diff --git a/etc/audacious.profile b/etc/audacious.profile index be19e3924..fa9cbbc52 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 117ecab92..bba2f0e10 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
| @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/chromium | |||
| 3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-devel.inc | ||
| 6 | netfilter | 7 | netfilter |
| 7 | whitelist ~/Downloads | 8 | whitelist ~/Downloads |
| 8 | whitelist ~/.config/chromium | 9 | whitelist ~/.config/chromium |
diff --git a/etc/clementine.profile b/etc/clementine.profile index ee39bee37..e84d8f19a 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index c623845e0..0d6e70a4a 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/deluge.profile b/etc/deluge.profile index ca63bc16d..6ca5d33a4 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc new file mode 100644 index 000000000..c95d051ce --- /dev/null +++ b/etc/disable-devel.inc | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | # development tools | ||
| 2 | |||
| 3 | # GCC | ||
| 4 | blacklist /usr/include | ||
| 5 | blacklist /usr/bin/gcc* | ||
| 6 | blacklist /usr/bin/cpp* | ||
| 7 | blacklist /usr/bin/c9* | ||
| 8 | blacklist /usr/bin/c8* | ||
| 9 | blacklist /usr/bin/c++* | ||
| 10 | blacklist /usr/bin/ld | ||
| 11 | |||
| 12 | # Valgrind | ||
| 13 | blacklist /usr/bin/valgrind* | ||
| 14 | blacklist /usr/lib/valgrind | ||
| 15 | |||
| 16 | # Perl | ||
| 17 | blacklist /usr/bin/perl | ||
| 18 | blacklist /usr/bin/cpan* | ||
| 19 | blacklist /usr/share/perl* | ||
| 20 | blacklist /usr/lib/perl* | ||
| 21 | |||
| 22 | # PHP | ||
| 23 | blacklist /usr/bin/php* | ||
| 24 | blacklist /usr/share/php* | ||
| 25 | blacklist /usr/lib/php* | ||
| 26 | |||
| 27 | # Ruby | ||
| 28 | blacklist /usr/bin/ruby | ||
| 29 | blacklist /usr/lib/ruby | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index c15eb1c0f..984bbc58e 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
diff --git a/etc/evince.profile b/etc/evince.profile index c0a2481c9..34d8162b3 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 92bbe4065..f94fc28df 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
| @@ -3,6 +3,7 @@ noblacklist ${HOME}/.FBReader | |||
| 3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-devel.inc | ||
| 6 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.pki/nssdb |
| 7 | blacklist ${HOME}/.lastpass | 8 | blacklist ${HOME}/.lastpass |
| 8 | blacklist ${HOME}/.keepassx | 9 | blacklist ${HOME}/.keepassx |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 9311b67ef..ba8649067 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
| @@ -4,6 +4,7 @@ noblacklist ${HOME}/.config/filezilla | |||
| 4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
| 5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
| 6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-devel.inc | ||
| 7 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
| 8 | caps.drop all | 9 | caps.drop all |
| 9 | seccomp | 10 | seccomp |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 65b293669..50d5c940b 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
| @@ -3,6 +3,7 @@ noblacklist ${HOME}/.mozilla | |||
| 3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-devel.inc | ||
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
| 8 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index a1e633f07..0a495b0b0 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/midori.profile b/etc/midori.profile index 6f31d60ae..77a6fb984 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
| @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/midori | |||
| 3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-devel.inc | ||
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
| 8 | protocol unix,inet,inet6 | 9 | protocol unix,inet,inet6 |
diff --git a/etc/opera.profile b/etc/opera.profile index 9a91ca94b..34a034a17 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
| @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/opera | |||
| 3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-devel.inc | ||
| 6 | netfilter | 7 | netfilter |
| 7 | noroot | 8 | noroot |
| 8 | 9 | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index cdd27b796..3dd57b623 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
| @@ -3,6 +3,7 @@ noblacklist ${HOME}/.purple | |||
| 3 | include /etc/firejail/disable-mgmt.inc | 3 | include /etc/firejail/disable-mgmt.inc |
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-devel.inc | ||
| 6 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
| 7 | caps.drop all | 8 | caps.drop all |
| 8 | seccomp | 9 | seccomp |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 26ade68bf..dd50c779e 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 42a172756..cb97d0752 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 53c23d8c6..9fc1fcb80 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/skype.profile b/etc/skype.profile index 902888355..fb69af19e 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
| @@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
| 4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
| 5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
| 6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-devel.inc | ||
| 7 | caps.drop all | 8 | caps.drop all |
| 8 | netfilter | 9 | netfilter |
| 9 | noroot | 10 | noroot |
diff --git a/etc/spotify.profile b/etc/spotify.profile index af38a2eb3..36d8f2b7a 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | 6 | ||
| 6 | # Whitelist the folders needed by Spotify - This is more restrictive | 7 | # Whitelist the folders needed by Spotify - This is more restrictive |
| 7 | # than a blacklist though, but this is all spotify requires for | 8 | # than a blacklist though, but this is all spotify requires for |
diff --git a/etc/steam.profile b/etc/steam.profile index 8103a2a20..5b9244567 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
| @@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
| 4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
| 5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
| 6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-devel.inc | ||
| 7 | caps.drop all | 8 | caps.drop all |
| 8 | netfilter | 9 | netfilter |
| 9 | noroot | 10 | noroot |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index ff7a714c3..ce9d85502 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) | 1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) |
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-devel.inc | ||
| 4 | 5 | ||
| 5 | # Users have thunderbird set to open a browser by clicking a link in an email | 6 | # Users have thunderbird set to open a browser by clicking a link in an email |
| 6 | # We are not allowed to blacklist browser-specific directories | 7 | # We are not allowed to blacklist browser-specific directories |
diff --git a/etc/totem.profile b/etc/totem.profile index 0d8df7a91..52b9450c3 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 92906c6a1..b0dfdbfad 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 163ccb34d..7aca04fe7 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/vlc.profile b/etc/vlc.profile index f2b2d72d7..37ff29308 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.pki/nssdb | 6 | blacklist ${HOME}/.pki/nssdb |
| 6 | blacklist ${HOME}/.lastpass | 7 | blacklist ${HOME}/.lastpass |
| 7 | blacklist ${HOME}/.keepassx | 8 | blacklist ${HOME}/.keepassx |
diff --git a/etc/wine.profile b/etc/wine.profile index 3728638a8..e3dd081eb 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
| @@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
| 4 | include /etc/firejail/disable-mgmt.inc | 4 | include /etc/firejail/disable-mgmt.inc |
| 5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
| 6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-devel.inc | ||
| 7 | caps.drop all | 8 | caps.drop all |
| 8 | netfilter | 9 | netfilter |
| 9 | noroot | 10 | noroot |
diff --git a/etc/xchat.profile b/etc/xchat.profile index f7f775bf0..a9f56cda4 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-devel.inc | ||
| 5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 9f9b46695..78f42b83e 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
| @@ -36,3 +36,4 @@ | |||
| 36 | /etc/firejail/skype.profile | 36 | /etc/firejail/skype.profile |
| 37 | /etc/firejail/steam.profile | 37 | /etc/firejail/steam.profile |
| 38 | /etc/firejail/wine.profile | 38 | /etc/firejail/wine.profile |
| 39 | /etc/firejail/disable-devel.inc | ||