diff options
-rw-r--r-- | etc/Viber.profile | 3 | ||||
-rw-r--r-- | etc/amule.profile | 1 | ||||
-rw-r--r-- | etc/ardour5.profile | 3 | ||||
-rw-r--r-- | etc/cin.profile | 2 | ||||
-rw-r--r-- | etc/disable-programs.inc | 5 | ||||
-rw-r--r-- | etc/dooble.profile | 6 | ||||
-rw-r--r-- | etc/fetchmail.profile | 2 | ||||
-rw-r--r-- | etc/google-earth.profile | 17 | ||||
-rw-r--r-- | etc/kdenlive.profile | 3 | ||||
-rw-r--r-- | etc/krita.profile | 2 | ||||
-rw-r--r-- | etc/mpd.profile | 1 | ||||
-rw-r--r-- | etc/natron.profile | 6 | ||||
-rw-r--r-- | etc/teamspeak3.profile | 2 | ||||
-rw-r--r-- | etc/tor-browser-en.profile | 35 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 11 | ||||
-rw-r--r-- | etc/x-terminal-emulator.profile | 1 | ||||
-rw-r--r-- | etc/zart.profile | 1 |
17 files changed, 45 insertions, 56 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile index 468199dd8..03e5f1086 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
@@ -25,11 +25,12 @@ nogroups | |||
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | notv | 27 | notv |
28 | protocol unix,inet,inet6 | ||
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
30 | 31 | ||
31 | disable-mnt | 32 | disable-mnt |
32 | private-bin sh,dig,awk | 33 | private-bin sh,bash,dash,dig,awk,Viber |
33 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf | 34 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf |
34 | private-tmp | 35 | private-tmp |
35 | 36 | ||
diff --git a/etc/amule.profile b/etc/amule.profile index c59377850..98ec52015 100644 --- a/etc/amule.profile +++ b/etc/amule.profile | |||
@@ -28,6 +28,7 @@ noroot | |||
28 | nosound | 28 | nosound |
29 | notv | 29 | notv |
30 | novideo | 30 | novideo |
31 | protocol unix,inet,inet6 | ||
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
33 | 34 | ||
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 738b5990a..69b3dde46 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -24,10 +24,11 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | 26 | notv |
27 | protocol unix | ||
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
29 | 30 | ||
30 | #private-bin sh,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm | 31 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm |
31 | private-dev | 32 | private-dev |
32 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts | 33 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts |
33 | private-tmp | 34 | private-tmp |
diff --git a/etc/cin.profile b/etc/cin.profile index 93a94c910..eeeda476f 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
@@ -24,7 +24,7 @@ protocol unix | |||
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | 26 | ||
27 | private-bin cin | 27 | #private-bin cin |
28 | private-dev | 28 | private-dev |
29 | 29 | ||
30 | noexec ${HOME} | 30 | noexec ${HOME} |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e22fb6fa3..88b7e7d32 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -208,7 +208,10 @@ blacklist ${HOME}/.frozen-bubble | |||
208 | blacklist ${HOME}/.gimp* | 208 | blacklist ${HOME}/.gimp* |
209 | blacklist ${HOME}/.git-credential-cache | 209 | blacklist ${HOME}/.git-credential-cache |
210 | blacklist ${HOME}/.gitconfig | 210 | blacklist ${HOME}/.gitconfig |
211 | blacklist ${HOME}/.googleearth | 211 | blacklist ${HOME}/.googleearth/Cache/ |
212 | blacklist ${HOME}/.googleearth/Temp/ | ||
213 | blacklist ${HOME}/.googleearth/myplaces.backup.kml | ||
214 | blacklist ${HOME}/.googleearth/myplaces.kml | ||
212 | blacklist ${HOME}/.gradle | 215 | blacklist ${HOME}/.gradle |
213 | blacklist ${HOME}/.guayadeque | 216 | blacklist ${HOME}/.guayadeque |
214 | blacklist ${HOME}/.hedgewars | 217 | blacklist ${HOME}/.hedgewars |
diff --git a/etc/dooble.profile b/etc/dooble.profile index aabfcd8bb..2a57b0ef3 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile for dooble-qt4 | 1 | # Firejail profile for dooble |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/dooble-qt4.local | 4 | include /etc/firejail/dooble-qt4.local |
@@ -6,7 +6,7 @@ include /etc/firejail/dooble-qt4.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ~/.dooble | 9 | noblacklist ${HOME}/.dooble |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
@@ -15,7 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | mkdir ${HOME}/.dooble | 16 | mkdir ${HOME}/.dooble |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ~/.dooble | 18 | whitelist ${HOME}/.dooble |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index 9ee59f453..3fd7f3d75 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile | |||
@@ -25,5 +25,5 @@ protocol unix,inet,inet6 | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | # private-bin fetchmail,procmail,bash,chmod | 28 | #private-bin fetchmail,procmail,bash,chmod |
29 | private-dev | 29 | private-dev |
diff --git a/etc/google-earth.profile b/etc/google-earth.profile index 32da9a5a8..b60f5b3a5 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile | |||
@@ -6,7 +6,10 @@ include /etc/firejail/google-earth.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.googleearth | 9 | noblacklist ${HOME}/.googleearth/Cache/ |
10 | noblacklist ${HOME}/.googleearth/Temp/ | ||
11 | noblacklist ${HOME}/.googleearth/myplaces.backup.kml | ||
12 | noblacklist ${HOME}/.googleearth/myplaces.kml | ||
10 | 13 | ||
11 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
@@ -14,9 +17,15 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
15 | 18 | ||
16 | mkdir ${HOME}/.config/Google | 19 | mkdir ${HOME}/.config/Google |
17 | mkdir ${HOME}/.googleearth | 20 | mkdir ${HOME}/.googleearth/Cache/ |
21 | mkdir ${HOME}/.googleearth/Temp/ | ||
22 | mkfile ${HOME}/.googleearth/myplaces.backup.kml | ||
23 | mkfile ${HOME}/.googleearth/myplaces.kml | ||
18 | whitelist ${HOME}/.config/Google | 24 | whitelist ${HOME}/.config/Google |
19 | whitelist ${HOME}/.googleearth | 25 | whitelist ${HOME}/.googleearth/Cache/ |
26 | whitelist ${HOME}/.googleearth/Temp/ | ||
27 | whitelist ${HOME}/.googleearth/myplaces.backup.kml | ||
28 | whitelist ${HOME}/.googleearth/myplaces.kml | ||
20 | include /etc/firejail/whitelist-common.inc | 29 | include /etc/firejail/whitelist-common.inc |
21 | 30 | ||
22 | caps.drop all | 31 | caps.drop all |
@@ -32,7 +41,7 @@ protocol unix,inet,inet6 | |||
32 | seccomp | 41 | seccomp |
33 | shell none | 42 | shell none |
34 | 43 | ||
35 | private-bin google-earth,sh,grep,sed,ls,dirname | 44 | private-bin google-earth,sh,bash,dash,grep,sed,ls,dirname |
36 | private-dev | 45 | private-dev |
37 | 46 | ||
38 | noexec ${HOME} | 47 | noexec ${HOME} |
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 56bb729e1..a1a5f957c 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -25,3 +25,6 @@ shell none | |||
25 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | 25 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper |
26 | private-dev | 26 | private-dev |
27 | #private-etc fonts,alternatives,X11,pulse,passwd | 27 | #private-etc fonts,alternatives,X11,pulse,passwd |
28 | |||
29 | noexec ${HOME} | ||
30 | noexec /tmp | ||
diff --git a/etc/krita.profile b/etc/krita.profile index 2dfd084ef..e91f5b242 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -28,5 +28,5 @@ shell none | |||
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
30 | 30 | ||
31 | noexec /home | 31 | noexec ${HOME} |
32 | noexec /tmp | 32 | noexec /tmp |
diff --git a/etc/mpd.profile b/etc/mpd.profile index 601861083..7bfa47d77 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -17,7 +17,6 @@ caps.drop all | |||
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | 19 | nodvd |
20 | nogroups | ||
21 | nonewprivs | 20 | nonewprivs |
22 | noroot | 21 | noroot |
23 | notv | 22 | notv |
diff --git a/etc/natron.profile b/etc/natron.profile index 49eaf2f0d..d77539d83 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
@@ -7,9 +7,9 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | 8 | ||
9 | noblacklist ${HOME}/.Natron | 9 | noblacklist ${HOME}/.Natron |
10 | noblacklist ${HOME}/.cache/INRIA/Natron/ | 10 | noblacklist ${HOME}/.cache/INRIA/Natron |
11 | noblacklist ${HOME}/.config/INRIA/ | 11 | noblacklist ${HOME}/.config/INRIA |
12 | noblacklist /opt/natron/ | 12 | noblacklist /opt/natron |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index f8afff551..86f96ba50 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/teamspeak3.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${DOWNLOADS} | ||
9 | noblacklist ${HOME}/.ts3client | 8 | noblacklist ${HOME}/.ts3client |
10 | 9 | ||
11 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -33,7 +32,6 @@ seccomp | |||
33 | shell none | 32 | shell none |
34 | 33 | ||
35 | disable-mnt | 34 | disable-mnt |
36 | private | ||
37 | private-dev | 35 | private-dev |
38 | private-tmp | 36 | private-tmp |
39 | 37 | ||
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index 75a079a2e..bf3a80139 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile | |||
@@ -1,35 +1,6 @@ | |||
1 | # Firejail profile for tor-browser-en | 1 | # Firejail profile alias for torbrowser-launcher |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | ||
4 | include /etc/firejail/tor-browser-en.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 3 | ||
8 | 4 | ||
9 | noblacklist ${HOME}/.tor-browser-en | 5 | # Redirect |
10 | 6 | include /etc/firejail/torbrowser-launcher.profile | |
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | |||
16 | whitelist ${HOME}/.tor-browser-en | ||
17 | include /etc/firejail/whitelist-common.inc | ||
18 | |||
19 | caps.drop all | ||
20 | netfilter | ||
21 | nodvd | ||
22 | nogroups | ||
23 | nonewprivs | ||
24 | noroot | ||
25 | notv | ||
26 | novideo | ||
27 | protocol unix,inet,inet6 | ||
28 | seccomp | ||
29 | shell none | ||
30 | |||
31 | disable-mnt | ||
32 | private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr | ||
33 | private-tmp | ||
34 | |||
35 | noexec /tmp | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 763c2d051..3b6b65bec 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -5,17 +5,20 @@ include /etc/firejail/torbrowser-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | 8 | noblacklist ~/.tor-browser-en | |
9 | noblacklist ~/.config/torbrowser | 9 | noblacklist ~/.config/torbrowser |
10 | whitelist ~/.config/torbrowser | ||
11 | noblacklist ~/.local/share/torbrowser | 10 | noblacklist ~/.local/share/torbrowser |
12 | whitelist ~/.local/share/torbrowser | ||
13 | 11 | ||
14 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
18 | 16 | ||
17 | whitelist ~/.tor-browser-en | ||
18 | whitelist ~/.config/torbrowser | ||
19 | whitelist ~/.local/share/torbrowser | ||
20 | include /etc/firejail/whitelist-common.inc | ||
21 | |||
19 | caps.drop all | 22 | caps.drop all |
20 | netfilter | 23 | netfilter |
21 | nodvd | 24 | nodvd |
@@ -29,7 +32,7 @@ seccomp | |||
29 | shell none | 32 | shell none |
30 | tracelog | 33 | tracelog |
31 | 34 | ||
32 | private-bin torbrowser-launcher,python2.7,python,bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf | 35 | private-bin bash,cp,dash,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python,python2.7,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher |
33 | private-dev | 36 | private-dev |
34 | private-etc fonts | 37 | private-etc fonts |
35 | private-tmp | 38 | private-tmp |
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index aca0d7144..1395b81c9 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
@@ -12,6 +12,7 @@ net none | |||
12 | netfilter | 12 | netfilter |
13 | nogroups | 13 | nogroups |
14 | noroot | 14 | noroot |
15 | protocol unix | ||
15 | seccomp | 16 | seccomp |
16 | 17 | ||
17 | private-dev | 18 | private-dev |
diff --git a/etc/zart.profile b/etc/zart.profile index b5897f4a9..6e136d0c9 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
@@ -19,7 +19,6 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | 21 | notv |
22 | novideo | ||
23 | protocol unix | 22 | protocol unix |
24 | seccomp | 23 | seccomp |
25 | shell none | 24 | shell none |