diff options
-rw-r--r-- | etc/apktool.profile | 1 | ||||
-rw-r--r-- | etc/arm.profile | 2 | ||||
-rw-r--r-- | etc/baobab.profile | 1 | ||||
-rw-r--r-- | etc/bless.profile | 1 | ||||
-rw-r--r-- | etc/chromium.profile | 4 | ||||
-rw-r--r-- | etc/dex2jar.profile | 1 | ||||
-rw-r--r-- | etc/flashpeak-slimjet.profile | 3 | ||||
-rw-r--r-- | etc/gitg.profile | 1 | ||||
-rw-r--r-- | etc/google-chrome-beta.profile | 3 | ||||
-rw-r--r-- | etc/google-chrome-unstable.profile | 3 | ||||
-rw-r--r-- | etc/google-chrome.profile | 3 | ||||
-rw-r--r-- | etc/hashcat.profile | 3 | ||||
-rw-r--r-- | etc/jd-gui.profile | 1 | ||||
-rw-r--r-- | etc/meld.profile | 1 | ||||
-rw-r--r-- | etc/multimc5.profile | 2 | ||||
-rw-r--r-- | etc/obs.profile | 1 | ||||
-rw-r--r-- | etc/pdfsam.profile | 1 | ||||
-rw-r--r-- | etc/peek.profile | 1 | ||||
-rw-r--r-- | etc/pithos.profile | 1 | ||||
-rw-r--r-- | etc/sdat2img.profile | 1 | ||||
-rw-r--r-- | etc/strings.profile | 2 |
21 files changed, 26 insertions, 11 deletions
diff --git a/etc/apktool.profile b/etc/apktool.profile index b4ff45c7c..bdd711964 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin apktool,bash,java,dirname,basename,expr | ||
28 | private-dev | 29 | private-dev |
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
diff --git a/etc/arm.profile b/etc/arm.profile index 5845958fa..53d290b49 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -33,7 +33,7 @@ shell none | |||
33 | tracelog | 33 | tracelog |
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | # private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig | 36 | # private-bin arm,tor,sh,bash,python2,python2.7,ps,lsof,ldconfig |
37 | private-dev | 37 | private-dev |
38 | private-etc tor,passwd | 38 | private-etc tor,passwd |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/baobab.profile b/etc/baobab.profile index 014f8869c..ef733632d 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin baobab | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/bless.profile b/etc/bless.profile index 8285e4473..e4d2f0730 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | # private-bin bless,sh,bash,mono | ||
29 | private-dev | 30 | private-dev |
30 | private-etc fonts,mono | 31 | private-etc fonts,mono |
31 | private-tmp | 32 | private-tmp |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 37b2e51a6..9be99e68a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -11,8 +11,7 @@ noblacklist ~/.config/chromium-flags.conf | |||
11 | noblacklist ~/.pki | 11 | noblacklist ~/.pki |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | # chromium is distributed with a perl script on Arch | 14 | include /etc/firejail/disable-devel.inc |
15 | # include /etc/firejail/disable-devel.inc | ||
16 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
17 | 16 | ||
18 | mkdir ~/.cache/chromium | 17 | mkdir ~/.cache/chromium |
@@ -32,6 +31,7 @@ nogroups | |||
32 | notv | 31 | notv |
33 | shell none | 32 | shell none |
34 | 33 | ||
34 | # private-bin chromium,chromium-browser,chromedriver | ||
35 | private-dev | 35 | private-dev |
36 | # private-tmp - problems with multiple browser sessions | 36 | # private-tmp - problems with multiple browser sessions |
37 | 37 | ||
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index 858baba6d..5261bb865 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep | ||
29 | private-dev | 30 | private-dev |
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 8a8337802..18db4c597 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -15,8 +15,7 @@ noblacklist ~/.config/slimjet | |||
15 | noblacklist ~/.pki | 15 | noblacklist ~/.pki |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
18 | # chromium is distributed with a perl script on Arch | 18 | include /etc/firejail/disable-devel.inc |
19 | # include /etc/firejail/disable-devel.inc | ||
20 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
21 | 20 | ||
22 | mkdir ~/.cache/slimjet | 21 | mkdir ~/.cache/slimjet |
diff --git a/etc/gitg.profile b/etc/gitg.profile index 869c4a6f5..1a731d507 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -27,6 +27,7 @@ protocol unix,inet,inet6 | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-bin gitg,git,ssh | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index a3fdb214a..ac457b92f 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -10,8 +10,7 @@ noblacklist ~/.config/google-chrome-beta | |||
10 | noblacklist ~/.pki | 10 | noblacklist ~/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | # chromium is distributed with a perl script on Arch | 13 | include /etc/firejail/disable-devel.inc |
14 | # include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
16 | 15 | ||
17 | mkdir ~/.cache/google-chrome-beta | 16 | mkdir ~/.cache/google-chrome-beta |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 8de3c5262..3d7a9a715 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -10,8 +10,7 @@ noblacklist ~/.config/google-chrome-unstable | |||
10 | noblacklist ~/.pki | 10 | noblacklist ~/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | # chromium is distributed with a perl script on Arch | 13 | include /etc/firejail/disable-devel.inc |
14 | # include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
16 | 15 | ||
17 | mkdir ~/.cache/google-chrome-unstable | 16 | mkdir ~/.cache/google-chrome-unstable |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 1a86c546e..a50e0e89d 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -10,8 +10,7 @@ noblacklist ~/.config/google-chrome | |||
10 | noblacklist ~/.pki | 10 | noblacklist ~/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | # chromium is distributed with a perl script on Arch | 13 | include /etc/firejail/disable-devel.inc |
14 | # include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
16 | 15 | ||
17 | mkdir ~/.cache/google-chrome | 16 | mkdir ~/.cache/google-chrome |
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index ae631054b..5f08d7cb8 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -7,8 +7,10 @@ include /etc/firejail/hashcat.local | |||
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hashcat | 9 | noblacklist ${HOME}/.hashcat |
10 | noblacklist /usr/include | ||
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
14 | 16 | ||
@@ -26,6 +28,7 @@ seccomp | |||
26 | shell none | 28 | shell none |
27 | 29 | ||
28 | disable-mnt | 30 | disable-mnt |
31 | private-bin hashcat | ||
29 | private-dev | 32 | private-dev |
30 | private-tmp | 33 | private-tmp |
31 | 34 | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index c9af51596..5cb1e1828 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -27,6 +27,7 @@ protocol unix | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-bin jd-gui,sh,bash | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/meld.profile b/etc/meld.profile index 488b2e365..f1910d0f4 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | # private-bin meld,python2,python2.7 | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index fcb351b4d..91a269ffb 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -33,6 +33,8 @@ protocol unix,inet,inet6 | |||
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | # private-bin works, but causes weirdness | ||
37 | # private-bin multimc5,bash,mkdir,which,zenity,kdialog,ldd,chmod,valgrind,apt-file,pkgfile,dnf,yum,zypper,pfl,java,grep,sort,awk,readlink,dirname | ||
36 | private-dev | 38 | private-dev |
37 | private-tmp | 39 | private-tmp |
38 | 40 | ||
diff --git a/etc/obs.profile b/etc/obs.profile index 101d5c28a..187862752 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -23,6 +23,7 @@ seccomp | |||
23 | shell none | 23 | shell none |
24 | tracelog | 24 | tracelog |
25 | 25 | ||
26 | private-bin obs | ||
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | 29 | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index b156513dc..fd52fb9ee 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/peek.profile b/etc/peek.profile index a7ad9865c..13c0c72e0 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | # private-bin breaks gif mode, mp4 and webm mode work fine however | ||
29 | # private-bin peek,convert,ffmpeg | 30 | # private-bin peek,convert,ffmpeg |
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
diff --git a/etc/pithos.profile b/etc/pithos.profile index e7c316a39..b81e0b634 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -26,6 +26,7 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | disable-mnt | 28 | disable-mnt |
29 | # private-bin pithos,python,python3,python3.6 | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 30c2509eb..ce4c4d416 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -26,6 +26,7 @@ protocol unix | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | # private-bin sdat2img,env,python,python3,python3.6 | ||
29 | private-dev | 30 | private-dev |
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
diff --git a/etc/strings.profile b/etc/strings.profile index f203b963c..83561cae5 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -18,7 +18,9 @@ novideo | |||
18 | shell none | 18 | shell none |
19 | tracelog | 19 | tracelog |
20 | 20 | ||
21 | private-bin strings | ||
21 | private-dev | 22 | private-dev |
23 | private-lib | ||
22 | 24 | ||
23 | memory-deny-write-execute | 25 | memory-deny-write-execute |
24 | 26 | ||