1 files changed, 17 insertions, 12 deletions
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 1ea94a2c7..4f971f330 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -1,23 +1,24 @@
 # Firejail profile for Mozilla Firefox (Iceweasel in Debian)
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
+noblacklist ~/.config/qpdfview
+noblacklist ~/.local/share/qpdfview
+noblacklist ~/.kde/share/apps/okular
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
+nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
 whitelist ${DOWNLOADS}
 mkdir ~/.mozilla
 whitelist ~/.mozilla
-mkdir ~/.cache
-mkdir ~/.cache/mozilla
 mkdir ~/.cache/mozilla/firefox
 whitelist ~/.cache/mozilla/firefox
 whitelist ~/dwhelper
@@ -30,6 +31,9 @@ whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
 whitelist ~/.pki
+whitelist ~/.config/qpdfview
+whitelist ~/.local/share/qpdfview
+whitelist ~/.kde/share/apps/okular
 # lastpass, keepassx
 whitelist ~/.keepassx
@@ -40,14 +44,15 @@ whitelist ~/.config/lastpass
 #silverlight
-whitelist ~/.wine-pipelight 
+whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64 
+whitelist ~/.wine-pipelight64
-whitelist ~/.config/pipelight-widevine 
+whitelist ~/.config/pipelight-widevine
 whitelist ~/.config/pipelight-silverlight5.1
 include /etc/firejail/whitelist-common.inc
 # experimental features
-#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
+#private-bin firefox,which,sh,dbus-launch,dbus-send,env
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
+private-dev
+private-tmp

diff --git a/etc/firefox.profile b/etc/firefox.profile index 1ea94a2c7..4f971f330 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -1,23 +1,24 @@
1	# Firejail profile for Mozilla Firefox (Iceweasel in Debian)	1	# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
2
3	noblacklist ~/.mozilla	2	noblacklist ~/.mozilla
4	noblacklist ~/.cache/mozilla	3	noblacklist ~/.cache/mozilla
		4	noblacklist ~/.config/qpdfview
		5	noblacklist ~/.local/share/qpdfview
		6	noblacklist ~/.kde/share/apps/okular
5	include /etc/firejail/disable-common.inc	7	include /etc/firejail/disable-common.inc
6	include /etc/firejail/disable-programs.inc	8	include /etc/firejail/disable-programs.inc
7	include /etc/firejail/disable-devel.inc	9	include /etc/firejail/disable-devel.inc
8		10
9	caps.drop all	11	caps.drop all
10	seccomp
11	protocol unix,inet,inet6,netlink
12	netfilter	12	netfilter
13	tracelog	13	nonewprivs
14	noroot	14	noroot
		15	protocol unix,inet,inet6,netlink
		16	seccomp
		17	tracelog
15		18
16	whitelist ${DOWNLOADS}	19	whitelist ${DOWNLOADS}
17	mkdir ~/.mozilla	20	mkdir ~/.mozilla
18	whitelist ~/.mozilla	21	whitelist ~/.mozilla
19	mkdir ~/.cache
20	mkdir ~/.cache/mozilla
21	mkdir ~/.cache/mozilla/firefox	22	mkdir ~/.cache/mozilla/firefox
22	whitelist ~/.cache/mozilla/firefox	23	whitelist ~/.cache/mozilla/firefox
23	whitelist ~/dwhelper	24	whitelist ~/dwhelper
@@ -30,6 +31,9 @@ whitelist ~/.keysnail.js
30	whitelist ~/.config/gnome-mplayer	31	whitelist ~/.config/gnome-mplayer
31	whitelist ~/.cache/gnome-mplayer/plugin	32	whitelist ~/.cache/gnome-mplayer/plugin
32	whitelist ~/.pki	33	whitelist ~/.pki
		34	whitelist ~/.config/qpdfview
		35	whitelist ~/.local/share/qpdfview
		36	whitelist ~/.kde/share/apps/okular
33		37
34	# lastpass, keepassx	38	# lastpass, keepassx
35	whitelist ~/.keepassx	39	whitelist ~/.keepassx
@@ -40,14 +44,15 @@ whitelist ~/.config/lastpass
40		44
41		45
42	#silverlight	46	#silverlight
43	whitelist ~/.wine-pipelight	47	whitelist ~/.wine-pipelight
44	whitelist ~/.wine-pipelight64	48	whitelist ~/.wine-pipelight64
45	whitelist ~/.config/pipelight-widevine	49	whitelist ~/.config/pipelight-widevine
46	whitelist ~/.config/pipelight-silverlight5.1	50	whitelist ~/.config/pipelight-silverlight5.1
47		51
48	include /etc/firejail/whitelist-common.inc	52	include /etc/firejail/whitelist-common.inc
49		53
50	# experimental features	54	# experimental features
51	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse	55	#private-bin firefox,which,sh,dbus-launch,dbus-send,env
52		56	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
53		57	private-dev
		58	private-tmp