1 files changed, 44 insertions, 0 deletions
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
new file mode 100644
index 000000000..0c4271edc
--- /dev/null
+++ b/etc/firefox-common.profile
@@ -0,0 +1,44 @@
+# Firejail profile for firefox-common
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/firefox-common.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+# uncomment the following line to allow access to common programs/addons/plugins
+#include /etc/firejail/firefox-common-addons.inc
+noblacklist ${HOME}/.pki
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+# machine-id breaks pulse audio; it should work fine in setups where sound is not required
+#machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-dev
+# private-etc below works fine on most distributions. There are some problems on CentOS.
+#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
+private-tmp
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile new file mode 100644 index 000000000..0c4271edc --- /dev/null +++ b/etc/firefox-common.profile
@@ -0,0 +1,44 @@
	1	# Firejail profile for firefox-common
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/firefox-common.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	# uncomment the following line to allow access to common programs/addons/plugins
	9	#include /etc/firejail/firefox-common-addons.inc
	10
	11	noblacklist ${HOME}/.pki
	12
	13	include /etc/firejail/disable-common.inc
	14	include /etc/firejail/disable-devel.inc
	15	include /etc/firejail/disable-programs.inc
	16
	17	mkdir ${HOME}/.pki
	18	whitelist ${DOWNLOADS}
	19	whitelist ${HOME}/.pki
	20	include /etc/firejail/whitelist-common.inc
	21	include /etc/firejail/whitelist-var-common.inc
	22
	23	caps.drop all
	24	# machine-id breaks pulse audio; it should work fine in setups where sound is not required
	25	#machine-id
	26	netfilter
	27	nodvd
	28	nogroups
	29	nonewprivs
	30	noroot
	31	notv
	32	protocol unix,inet,inet6,netlink
	33	seccomp
	34	shell none
	35	tracelog
	36
	37	disable-mnt
	38	private-dev
	39	# private-etc below works fine on most distributions. There are some problems on CentOS.
	40	#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
	41	private-tmp
	42
	43	noexec ${HOME}
	44	noexec /tmp