1 files changed, 17 insertions, 11 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 1ea94a2c7..6bb581f4f 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -2,22 +2,24 @@
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
+noblacklist ~/.config/qpdfview
+noblacklist ~/.local/share/qpdfview
+noblacklist ~/.kde/share/apps/okular
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
+nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 whitelist ${DOWNLOADS}
 mkdir ~/.mozilla
 whitelist ~/.mozilla
-mkdir ~/.cache
-mkdir ~/.cache/mozilla
 mkdir ~/.cache/mozilla/firefox
 whitelist ~/.cache/mozilla/firefox
 whitelist ~/dwhelper
@@ -30,6 +32,9 @@ whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.pki
+whitelist ~/.config/qpdfview
+whitelist ~/.local/share/qpdfview
+whitelist ~/.kde/share/apps/okular
 # lastpass, keepassx
 whitelist ~/.keepassx
@@ -40,14 +45,15 @@ whitelist ~/.config/lastpass
 #silverlight
-whitelist ~/.wine-pipelight 
+whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64 
+whitelist ~/.wine-pipelight64
-whitelist ~/.config/pipelight-widevine 
+whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 include /etc/firejail/whitelist-common.inc
 # experimental features
-#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
+#private-bin firefox,which,sh,dbus-launch,dbus-send,env
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
+private-dev
+private-tmp

diff --git a/etc/firefox.profile b/etc/firefox.profile index 1ea94a2c7..6bb581f4f 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -2,22 +2,24 @@
2		2
3	noblacklist ~/.mozilla	3	noblacklist ~/.mozilla
4	noblacklist ~/.cache/mozilla	4	noblacklist ~/.cache/mozilla
		5	noblacklist ~/.config/qpdfview
		6	noblacklist ~/.local/share/qpdfview
		7	noblacklist ~/.kde/share/apps/okular
5	include /etc/firejail/disable-common.inc	8	include /etc/firejail/disable-common.inc
6	include /etc/firejail/disable-programs.inc	9	include /etc/firejail/disable-programs.inc
7	include /etc/firejail/disable-devel.inc	10	include /etc/firejail/disable-devel.inc
8		11
9	caps.drop all	12	caps.drop all
10	seccomp
11	protocol unix,inet,inet6,netlink
12	netfilter	13	netfilter
13	tracelog	14	nonewprivs
14	noroot	15	noroot
		16	protocol unix,inet,inet6,netlink
		17	seccomp
		18	tracelog
15		19
16	whitelist ${DOWNLOADS}	20	whitelist ${DOWNLOADS}
17	mkdir ~/.mozilla	21	mkdir ~/.mozilla
18	whitelist ~/.mozilla	22	whitelist ~/.mozilla
19	mkdir ~/.cache
20	mkdir ~/.cache/mozilla
21	mkdir ~/.cache/mozilla/firefox	23	mkdir ~/.cache/mozilla/firefox
22	whitelist ~/.cache/mozilla/firefox	24	whitelist ~/.cache/mozilla/firefox
23	whitelist ~/dwhelper	25	whitelist ~/dwhelper
@@ -30,6 +32,9 @@ whitelist ~/.keysnail.js
30	whitelist ~/.config/gnome-mplayer	32	whitelist ~/.config/gnome-mplayer
31	whitelist ~/.cache/gnome-mplayer/plugin	33	whitelist ~/.cache/gnome-mplayer/plugin
32	whitelist ~/.pki	34	whitelist ~/.pki
		35	whitelist ~/.config/qpdfview
		36	whitelist ~/.local/share/qpdfview
		37	whitelist ~/.kde/share/apps/okular
33		38
34	# lastpass, keepassx	39	# lastpass, keepassx
35	whitelist ~/.keepassx	40	whitelist ~/.keepassx
@@ -40,14 +45,15 @@ whitelist ~/.config/lastpass
40		45
41		46
42	#silverlight	47	#silverlight
43	whitelist ~/.wine-pipelight	48	whitelist ~/.wine-pipelight
44	whitelist ~/.wine-pipelight64	49	whitelist ~/.wine-pipelight64
45	whitelist ~/.config/pipelight-widevine	50	whitelist ~/.config/pipelight-widevine
46	whitelist ~/.config/pipelight-silverlight5.1	51	whitelist ~/.config/pipelight-silverlight5.1
47		52
48	include /etc/firejail/whitelist-common.inc	53	include /etc/firejail/whitelist-common.inc
49		54
50	# experimental features	55	# experimental features
51	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse	56	#private-bin firefox,which,sh,dbus-launch,dbus-send,env
52		57	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
53		58	private-dev
		59	private-tmp