1 files changed, 15 insertions, 19 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 8266770d7..cec5366d9 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -1,41 +1,37 @@
-# Persistent global definitions go here
+# Firejail profile for chromium
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/chromium.local
+# Persistent global definitions
+include /etc/firejail/globals.local
-# Chromium browser profile
-noblacklist ~/.config/chromium
 noblacklist ~/.cache/chromium
-noblacklist ~/.pki
+noblacklist ~/.config/chromium
-# specific to Arch
 noblacklist ~/.config/chromium-flags.conf
+noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 # chromium is distributed with a perl script on Arch
 # include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
-whitelist ${DOWNLOADS}
-mkdir ~/.config/chromium
-whitelist ~/.config/chromium
 mkdir ~/.cache/chromium
-whitelist ~/.cache/chromium
+mkdir ~/.config/chromium
 mkdir ~/.pki
-whitelist ~/.pki
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/chromium
+whitelist ~/.config/chromium
 whitelist ~/.config/chromium-flags.conf
+whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
 caps.keep sys_chroot,sys_admin
-#ipc-namespace
 netfilter
 nogroups
 shell none
 private-dev
-#private-tmp - problems with multiple browser sessions
+# private-tmp - problems with multiple browser sessions
-#disable-mnt
 noexec ${HOME}
 noexec /tmp

diff --git a/etc/chromium.profile b/etc/chromium.profile index 8266770d7..cec5366d9 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile
@@ -1,41 +1,37 @@
1	# Persistent global definitions go here	1	# Firejail profile for chromium
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/chromium.local	4	include /etc/firejail/chromium.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	# Chromium browser profile
9	noblacklist ~/.config/chromium
10	noblacklist ~/.cache/chromium	8	noblacklist ~/.cache/chromium
11	noblacklist ~/.pki	9	noblacklist ~/.config/chromium
12	# specific to Arch
13	noblacklist ~/.config/chromium-flags.conf	10	noblacklist ~/.config/chromium-flags.conf
		11	noblacklist ~/.pki
		12
14	include /etc/firejail/disable-common.inc	13	include /etc/firejail/disable-common.inc
15	include /etc/firejail/disable-programs.inc
16	# chromium is distributed with a perl script on Arch	14	# chromium is distributed with a perl script on Arch
17	# include /etc/firejail/disable-devel.inc	15	# include /etc/firejail/disable-devel.inc
		16	include /etc/firejail/disable-programs.inc
18		17
19	whitelist ${DOWNLOADS}
20	mkdir ~/.config/chromium
21	whitelist ~/.config/chromium
22	mkdir ~/.cache/chromium	18	mkdir ~/.cache/chromium
23	whitelist ~/.cache/chromium	19	mkdir ~/.config/chromium
24	mkdir ~/.pki	20	mkdir ~/.pki
25	whitelist ~/.pki	21	whitelist ${DOWNLOADS}
		22	whitelist ~/.cache/chromium
		23	whitelist ~/.config/chromium
26	whitelist ~/.config/chromium-flags.conf	24	whitelist ~/.config/chromium-flags.conf
27		25	whitelist ~/.pki
28	include /etc/firejail/whitelist-common.inc	26	include /etc/firejail/whitelist-common.inc
29		27
30	caps.keep sys_chroot,sys_admin	28	caps.keep sys_chroot,sys_admin
31	#ipc-namespace
32	netfilter	29	netfilter
33	nogroups	30	nogroups
34	shell none	31	shell none
35		32
36	private-dev	33	private-dev
37	#private-tmp - problems with multiple browser sessions	34	# private-tmp - problems with multiple browser sessions
38	#disable-mnt
39		35
40	noexec ${HOME}	36	noexec ${HOME}
41	noexec /tmp	37	noexec /tmp