aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile.in1
-rw-r--r--README2
-rw-r--r--RELNOTES2
-rw-r--r--etc/chromium.profile13
-rw-r--r--etc/disable-common.inc21
-rw-r--r--etc/firefox.profile23
-rw-r--r--etc/google-chrome-beta.profile11
-rw-r--r--etc/google-chrome-unstable.profile11
-rw-r--r--etc/google-chrome.profile13
-rw-r--r--etc/opera-beta.profile14
-rw-r--r--etc/opera.profile14
-rw-r--r--etc/seamonkey-bin.profile39
-rw-r--r--etc/seamonkey.profile26
-rw-r--r--etc/vivaldi.profile19
-rw-r--r--etc/vlc.profile1
-rw-r--r--etc/whitelist-common.inc1
-rw-r--r--platform/debian/conffiles1
17 files changed, 157 insertions, 55 deletions
diff --git a/Makefile.in b/Makefile.in
index 561dea897..e60fde529 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -145,6 +145,7 @@ realinstall:
145 install -c -m 0644 .etc/hedgewars.profile $(DESTDIR)/$(sysconfdir)/firejail/. 145 install -c -m 0644 .etc/hedgewars.profile $(DESTDIR)/$(sysconfdir)/firejail/.
146 install -c -m 0644 .etc/vivaldi.profile $(DESTDIR)/$(sysconfdir)/firejail/. 146 install -c -m 0644 .etc/vivaldi.profile $(DESTDIR)/$(sysconfdir)/firejail/.
147 install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/. 147 install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.
148 install -c -m 0644 .etc/atril.profile $(DESTDIR)/$(sysconfdir)/firejail/.
148 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 149 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
149 rm -fr .etc 150 rm -fr .etc
150 # man pages 151 # man pages
diff --git a/README b/README
index 53ab416e7..466f526cd 100644
--- a/README
+++ b/README
@@ -19,7 +19,7 @@ Firejail Authors:
19 19
20netblue30 (netblue30@yahoo.com) 20netblue30 (netblue30@yahoo.com)
21Fred-Barclay (https://github.com/Fred-Barclay) 21Fred-Barclay (https://github.com/Fred-Barclay)
22 - added Vivaldi profiles 22 - added Vivaldi, Atril profiles
23yumkam (https://github.com/yumkam) 23yumkam (https://github.com/yumkam)
24 - add compile-time option to restrict --net= to root only 24 - add compile-time option to restrict --net= to root only
25 - man page fixes 25 - man page fixes
diff --git a/RELNOTES b/RELNOTES
index 475f58c16..7cec3d893 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -7,7 +7,7 @@ firejail (0.9.39) baseline; urgency=low
7 * --version also prints compile options 7 * --version also prints compile options
8 * added compile-time option to restrict --net= to root only 8 * added compile-time option to restrict --net= to root only
9 * build rpm packages using "make rpms" 9 * build rpm packages using "make rpms"
10 * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi 10 * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
11 * bugfixes 11 * bugfixes
12 -- netblue30 <netblue30@yahoo.com> Wed, 3 Mar 2016 08:00:00 -0500 12 -- netblue30 <netblue30@yahoo.com> Wed, 3 Mar 2016 08:00:00 -0500
13 13
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 78cee3920..b58931b8d 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -1,5 +1,7 @@
1# Chromium browser profile 1# Chromium browser profile
2noblacklist ${HOME}/.config/chromium 2noblacklist ~/.config/chromium
3noblacklist ~/.cache/chromium
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
@@ -10,6 +12,7 @@ include /etc/firejail/disable-terminals.inc
10# 12#
11 13
12netfilter 14netfilter
15
13whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
14mkdir ~/.config 17mkdir ~/.config
15mkdir ~/.config/chromium 18mkdir ~/.config/chromium
@@ -19,4 +22,12 @@ mkdir ~/.cache/chromium
19whitelist ~/.cache/chromium 22whitelist ~/.cache/chromium
20mkdir ~/.pki 23mkdir ~/.pki
21whitelist ~/.pki 24whitelist ~/.pki
25
26# lastpass, keepassx
27whitelist ~/.keepassx
28whitelist ~/.config/keepassx
29whitelist ~/keepassx.kdbx
30whitelist ~/.lastpass
31whitelist ~/.config/lastpass
32
22include /etc/firejail/whitelist-common.inc 33include /etc/firejail/whitelist-common.inc
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index d97740860..88ce42976 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -1,3 +1,6 @@
1# various programs
2blacklist ${HOME}/.config/vlc
3
1# History files in $HOME 4# History files in $HOME
2blacklist-nolog ${HOME}/.history 5blacklist-nolog ${HOME}/.history
3blacklist-nolog ${HOME}/.*_history 6blacklist-nolog ${HOME}/.*_history
@@ -5,17 +8,20 @@ blacklist-nolog ${HOME}/.*_history
5# HTTP / FTP / Mail 8# HTTP / FTP / Mail
6blacklist-nolog ${HOME}/.adobe 9blacklist-nolog ${HOME}/.adobe
7blacklist-nolog ${HOME}/.macromedia 10blacklist-nolog ${HOME}/.macromedia
8blacklist ${HOME}/.mozilla
9blacklist ${HOME}/.icedove 11blacklist ${HOME}/.icedove
10blacklist ${HOME}/.thunderbird 12blacklist ${HOME}/.thunderbird
11blacklist ${HOME}/.sylpheed-2.0 13blacklist ${HOME}/.sylpheed-2.0
12blacklist ${HOME}/.config/midori 14blacklist ${HOME}/.config/midori
13blacklist ${HOME}/.config/opera 15
14blacklist ${HOME}/.config/opera-beta 16blacklist ${HOME}/.mozilla
15blacklist ${HOME}/.config/chromium 17blacklist ${HOME}/.config/chromium
16blacklist ${HOME}/.config/google-chrome 18blacklist ${HOME}/.config/google-chrome
17blacklist ${HOME}/.config/google-chrome-beta 19blacklist ${HOME}/.config/google-chrome-beta
18blacklist ${HOME}/.config/google-chrome-unstable 20blacklist ${HOME}/.config/google-chrome-unstable
21blacklist ${HOME}/.config/opera
22blacklist ${HOME}/.config/opera-beta
23blacklist ~/.config/vivaldi
24
19blacklist ${HOME}/.filezilla 25blacklist ${HOME}/.filezilla
20blacklist ${HOME}/.config/filezilla 26blacklist ${HOME}/.config/filezilla
21blacklist ${HOME}/.local/share/systemd 27blacklist ${HOME}/.local/share/systemd
@@ -125,3 +131,12 @@ read-only ${HOME}/.xscreensaver
125# The user ~/bin directory can override commands such as ls 131# The user ~/bin directory can override commands such as ls
126read-only ${HOME}/bin 132read-only ${HOME}/bin
127 133
134# cache
135blacklist ~/.cache/mozilla
136blacklist ~/.cache/chromium
137blacklist ~/.cache/google-chrome
138blacklist ~/.cache/google-chrome-beta
139blacklist ~/.cache/google-chrome-unstable
140blacklist ~/.cache/opera
141blacklist ~/.cache/opera-beta
142blacklist ~/.cache/vivaldi
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 0b082f216..b06dfa6da 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -1,16 +1,21 @@
1# Firejail profile for Mozilla Firefox (Iceweasel in Debian) 1# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
2noblacklist ${HOME}/.mozilla 2
3noblacklist ~/.mozilla
4noblacklist ~/.cache/mozilla
5noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 6include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 7include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc 10include /etc/firejail/disable-terminals.inc
11
8caps.drop all 12caps.drop all
9seccomp 13seccomp
10protocol unix,inet,inet6,netlink 14protocol unix,inet,inet6,netlink
11netfilter 15netfilter
12tracelog 16tracelog
13noroot 17noroot
18
14whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
15mkdir ~/.mozilla 20mkdir ~/.mozilla
16whitelist ~/.mozilla 21whitelist ~/.mozilla
@@ -20,7 +25,6 @@ mkdir ~/.cache/mozilla/firefox
20whitelist ~/.cache/mozilla/firefox 25whitelist ~/.cache/mozilla/firefox
21whitelist ~/dwhelper 26whitelist ~/dwhelper
22whitelist ~/.zotero 27whitelist ~/.zotero
23whitelist ~/.lastpass
24whitelist ~/.vimperatorrc 28whitelist ~/.vimperatorrc
25whitelist ~/.vimperator 29whitelist ~/.vimperator
26whitelist ~/.pentadactylrc 30whitelist ~/.pentadactylrc
@@ -29,6 +33,21 @@ whitelist ~/.keysnail.js
29whitelist ~/.config/gnome-mplayer 33whitelist ~/.config/gnome-mplayer
30whitelist ~/.cache/gnome-mplayer/plugin 34whitelist ~/.cache/gnome-mplayer/plugin
31whitelist ~/.pki 35whitelist ~/.pki
36
37# lastpass, keepassx
38whitelist ~/.keepassx
39whitelist ~/.config/keepassx
40whitelist ~/keepassx.kdbx
41whitelist ~/.lastpass
42whitelist ~/.config/lastpass
43
44
45#silverlight
46whitelist ~/.wine-pipelight
47whitelist ~/.wine-pipelight64
48whitelist ~/.config/pipelight-widevine
49whitelist ~/.config/pipelight-silverlight5.1
50
32include /etc/firejail/whitelist-common.inc 51include /etc/firejail/whitelist-common.inc
33 52
34# experimental features 53# experimental features
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index d57728139..3396585eb 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -1,5 +1,7 @@
1# Google Chrome beta browser profile 1# Google Chrome beta browser profile
2noblacklist ${HOME}/.config/google-chrome-beta 2noblacklist ~/.config/google-chrome-beta
3noblacklist ~/.cache/google-chrome-beta
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
@@ -10,6 +12,7 @@ include /etc/firejail/disable-terminals.inc
10# 12#
11 13
12netfilter 14netfilter
15
13whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
14mkdir ~/.config 17mkdir ~/.config
15mkdir ~/.config/google-chrome-beta 18mkdir ~/.config/google-chrome-beta
@@ -21,3 +24,9 @@ mkdir ~/.pki
21whitelist ~/.pki 24whitelist ~/.pki
22include /etc/firejail/whitelist-common.inc 25include /etc/firejail/whitelist-common.inc
23 26
27# lastpass, keepassx
28whitelist ~/.keepassx
29whitelist ~/.config/keepassx
30whitelist ~/keepassx.kdbx
31whitelist ~/.lastpass
32whitelist ~/.config/lastpass
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index 36a1fb456..ed4332862 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -1,5 +1,7 @@
1# Google Chrome unstable browser profile 1# Google Chrome unstable browser profile
2noblacklist ${HOME}/.config/google-chrome-unstable 2noblacklist ~/.config/google-chrome-unstable
3noblacklist ~/.cache/google-chrome-unstable
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
@@ -10,6 +12,7 @@ include /etc/firejail/disable-terminals.inc
10# 12#
11 13
12netfilter 14netfilter
15
13whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
14mkdir ~/.config 17mkdir ~/.config
15mkdir ~/.config/google-chrome-unstable 18mkdir ~/.config/google-chrome-unstable
@@ -21,3 +24,9 @@ mkdir ~/.pki
21whitelist ~/.pki 24whitelist ~/.pki
22include /etc/firejail/whitelist-common.inc 25include /etc/firejail/whitelist-common.inc
23 26
27# lastpass, keepassx
28whitelist ~/.keepassx
29whitelist ~/.config/keepassx
30whitelist ~/keepassx.kdbx
31whitelist ~/.lastpass
32whitelist ~/.config/lastpass
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 3b73738a6..985af38eb 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -1,5 +1,7 @@
1# Google Chrome browser profile 1# Google Chrome browser profile
2noblacklist ${HOME}/.config/google-chrome 2noblacklist ~/.config/google-chrome
3noblacklist ~/.cache/google-chrome
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
@@ -10,6 +12,7 @@ include /etc/firejail/disable-terminals.inc
10# 12#
11 13
12netfilter 14netfilter
15
13whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
14mkdir ~/.config 17mkdir ~/.config
15mkdir ~/.config/google-chrome 18mkdir ~/.config/google-chrome
@@ -20,3 +23,11 @@ whitelist ~/.cache/google-chrome
20mkdir ~/.pki 23mkdir ~/.pki
21whitelist ~/.pki 24whitelist ~/.pki
22include /etc/firejail/whitelist-common.inc 25include /etc/firejail/whitelist-common.inc
26
27# lastpass, keepassx
28whitelist ~/.keepassx
29whitelist ~/.config/keepassx
30whitelist ~/keepassx.kdbx
31whitelist ~/.lastpass
32whitelist ~/.config/lastpass
33
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index a65c7cef1..91eb10787 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -1,15 +1,19 @@
1# Opera-beta browser profile 1# Opera-beta browser profile
2noblacklist ${HOME}/.config/opera-beta 2noblacklist ~/.config/opera-beta
3noblacklist ~/.cache/opera-beta
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 8include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc 9include /etc/firejail/disable-terminals.inc
10
8netfilter 11netfilter
12
13whitelist ${DOWNLOADS}
9mkdir ~/.config 14mkdir ~/.config
10mkdir ~/.config/opera-beta 15mkdir ~/.config/opera-beta
11whitelist ~/.config/opera-beta 16whitelist ~/.config/opera-beta
12whitelist ${DOWNLOADS}
13mkdir ~/.cache 17mkdir ~/.cache
14mkdir ~/.cache/opera-beta 18mkdir ~/.cache/opera-beta
15whitelist ~/.cache/opera-beta 19whitelist ~/.cache/opera-beta
@@ -17,4 +21,10 @@ mkdir ~/.pki
17whitelist ~/.pki 21whitelist ~/.pki
18include /etc/firejail/whitelist-common.inc 22include /etc/firejail/whitelist-common.inc
19 23
24# lastpass, keepassx
25whitelist ~/.keepassx
26whitelist ~/.config/keepassx
27whitelist ~/keepassx.kdbx
28whitelist ~/.lastpass
29whitelist ~/.config/lastpass
20 30
diff --git a/etc/opera.profile b/etc/opera.profile
index 032b3ece7..08bbd5a06 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -1,15 +1,19 @@
1# Opera browser profile 1# Opera browser profile
2noblacklist ${HOME}/.config/opera 2noblacklist ~/.config/opera
3noblacklist ~/.cache/opera
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 8include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc 9include /etc/firejail/disable-terminals.inc
10
8netfilter 11netfilter
12
13whitelist ${DOWNLOADS}
9mkdir ~/.config 14mkdir ~/.config
10mkdir ~/.config/opera 15mkdir ~/.config/opera
11whitelist ~/.config/opera 16whitelist ~/.config/opera
12whitelist ${DOWNLOADS}
13mkdir ~/.cache 17mkdir ~/.cache
14mkdir ~/.cache/opera 18mkdir ~/.cache/opera
15whitelist ~/.cache/opera 19whitelist ~/.cache/opera
@@ -17,4 +21,10 @@ mkdir ~/.pki
17whitelist ~/.pki 21whitelist ~/.pki
18include /etc/firejail/whitelist-common.inc 22include /etc/firejail/whitelist-common.inc
19 23
24# lastpass, keepassx
25whitelist ~/.keepassx
26whitelist ~/.config/keepassx
27whitelist ~/keepassx.kdbx
28whitelist ~/.lastpass
29whitelist ~/.config/lastpass
20 30
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile
index 74b9b591b..fff8c1258 100644
--- a/etc/seamonkey-bin.profile
+++ b/etc/seamonkey-bin.profile
@@ -1,38 +1,3 @@
1# Firejail profile for Seamoneky based off Mozilla Firefox 1# Firejail profile for Seamonkey based off Mozilla Firefox
2noblacklist ${HOME}/.mozilla 2include /etc/firejail/seamonkey.profile
3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
8caps.drop all
9seccomp
10protocol unix,inet,inet6,netlink
11netfilter
12tracelog
13noroot
14whitelist ${DOWNLOADS}
15mkdir ~/.mozilla
16mkdir ~/.mozilla/seamonkey
17whitelist ~/.mozilla/seamonkey
18mkdir ~/.cache
19mkdir ~/.cache/mozilla
20mkdir ~/.cache/mozilla/seamonkey
21whitelist ~/.cache/mozilla/seamonkey
22whitelist ~/dwhelper
23whitelist ~/.zotero
24whitelist ~/.lastpass
25whitelist ~/.vimperatorrc
26whitelist ~/.vimperator
27whitelist ~/.pentadactylrc
28whitelist ~/.pentadactyl
29whitelist ~/.keysnail.js
30whitelist ~/.config/gnome-mplayer
31whitelist ~/.cache/gnome-mplayer/plugin
32mkdir ~/.pki
33whitelist ~/.pki
34include /etc/firejail/whitelist-common.inc
35
36# experimental features
37#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
38 3
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index d585c719b..b896af97a 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -1,18 +1,27 @@
1# Firejail profile for Seamoneky based off Mozilla Firefox 1# Firejail profile for Seamoneky based off Mozilla Firefox
2noblacklist ${HOME}/.mozilla 2noblacklist ~/.mozilla
3noblacklist ~/.cache/mozilla
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 8include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc 9include /etc/firejail/disable-terminals.inc
10
8caps.drop all 11caps.drop all
9seccomp 12seccomp
10protocol unix,inet,inet6,netlink 13protocol unix,inet,inet6,netlink
11netfilter 14netfilter
12tracelog 15tracelog
13noroot 16noroot
17
14whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19mkdir ~/.mozilla
20mkdir ~/.mozilla/seamonkey
15whitelist ~/.mozilla/seamonkey 21whitelist ~/.mozilla/seamonkey
22mkdir ~/.cache
23mkdir ~/.cache/mozilla
24mkdir ~/.cache/mozilla/seamonkey
16whitelist ~/.cache/mozilla/seamonkey 25whitelist ~/.cache/mozilla/seamonkey
17whitelist ~/dwhelper 26whitelist ~/dwhelper
18whitelist ~/.zotero 27whitelist ~/.zotero
@@ -27,6 +36,21 @@ whitelist ~/.cache/gnome-mplayer/plugin
27whitelist ~/.pki 36whitelist ~/.pki
28include /etc/firejail/whitelist-common.inc 37include /etc/firejail/whitelist-common.inc
29 38
39# lastpass, keepassx
40whitelist ~/.keepassx
41whitelist ~/.config/keepassx
42whitelist ~/keepassx.kdbx
43whitelist ~/.lastpass
44whitelist ~/.config/lastpass
45
46#silverlight
47whitelist ~/.wine-pipelight
48whitelist ~/.wine-pipelight64
49whitelist ~/.config/pipelight-widevine
50whitelist ~/.config/pipelight-silverlight5.1
51
52
53
30# experimental features 54# experimental features
31#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse 55#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
32 56
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index b8263629a..408a1898c 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -1,14 +1,29 @@
1# Vivaldi browser profile 1# Vivaldi browser profile
2noblacklist ${HOME}/.config/vivaldi 2noblacklist ~/.config/vivaldi
3noblacklist ~/.cache/vivaldi
4noblacklist ~/keepassx.kdbx
3include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 8include /etc/firejail/disable-devel.inc
9include /etc/firejail/disable-terminals.inc
7 10
8netfilter 11netfilter
9whitelist ~/.config/vivaldi 12tracelog
13
10whitelist ${DOWNLOADS} 14whitelist ${DOWNLOADS}
15mkdir ~/.config
16mkdir ~/.config/vivaldi
17whitelist ~/.config/vivaldi
18mkdir ~/.cache
19mkdir ~/.cache/vivaldi
11whitelist ~/.cache/vivaldi 20whitelist ~/.cache/vivaldi
12include /etc/firejail/whitelist-common.inc 21include /etc/firejail/whitelist-common.inc
13 22
23# lastpass, keepassx
24whitelist ~/.keepassx
25whitelist ~/.config/keepassx
26whitelist ~/keepassx.kdbx
27whitelist ~/.lastpass
28whitelist ~/.config/lastpass
14 29
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 028de0ad1..dd0a70353 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -1,4 +1,5 @@
1# VLC profile 1# VLC profile
2noblacklist ${HOME}/.config/vlc
2include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 54e549e1a..9d5ef3d96 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -5,6 +5,7 @@ whitelist ~/.icons
5whitelist ~/.config/user-dirs.dirs 5whitelist ~/.config/user-dirs.dirs
6read-only ~/.config/user-dirs.dirs 6read-only ~/.config/user-dirs.dirs
7whitelist ~/.asoundrc 7whitelist ~/.asoundrc
8whitelist ~/.config/Trolltech.conf
8 9
9# fonts 10# fonts
10whitelist ~/.fonts 11whitelist ~/.fonts
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 7c5cba882..5240d87a6 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -71,3 +71,4 @@
71/etc/firejail/hedgewars.profile 71/etc/firejail/hedgewars.profile
72/etc/firejail/vivaldi.profile 72/etc/firejail/vivaldi.profile
73/etc/firejail/vivaldi-beta.profile 73/etc/firejail/vivaldi-beta.profile
74/etc/firejail/atril.profile