1 files changed, 50 insertions, 1 deletions
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 25d426ad2..2f8e2df7f 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,2 +1,51 @@
 # Firejail profile for GNU Icecat
-include /etc/firejail/firefox.profile
+noblacklist ~/.mozilla
+noblacklist ~/.cache/mozilla
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+whitelist ${DOWNLOADS}
+mkdir ~/.mozilla
+whitelist ~/.mozilla
+mkdir ~/.cache/mozilla/icecat
+whitelist ~/.cache/mozilla/icecat
+whitelist ~/dwhelper
+whitelist ~/.zotero
+whitelist ~/.vimperatorrc
+whitelist ~/.vimperator
+whitelist ~/.pentadactylrc
+whitelist ~/.pentadactyl
+whitelist ~/.keysnail.js
+whitelist ~/.config/gnome-mplayer
+whitelist ~/.cache/gnome-mplayer/plugin
+whitelist ~/.pki
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+#silverlight
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.config/pipelight-silverlight5.1
+include /etc/firejail/whitelist-common.inc
+# experimental features
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse

diff --git a/etc/icecat.profile b/etc/icecat.profile index 25d426ad2..2f8e2df7f 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile
@@ -1,2 +1,51 @@
1	# Firejail profile for GNU Icecat	1	# Firejail profile for GNU Icecat
2	include /etc/firejail/firefox.profile	2
		3	noblacklist ~/.mozilla
		4	noblacklist ~/.cache/mozilla
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8
		9	caps.drop all
		10	netfilter
		11	nonewprivs
		12	noroot
		13	protocol unix,inet,inet6,netlink
		14	seccomp
		15	tracelog
		16
		17	whitelist ${DOWNLOADS}
		18	mkdir ~/.mozilla
		19	whitelist ~/.mozilla
		20	mkdir ~/.cache/mozilla/icecat
		21	whitelist ~/.cache/mozilla/icecat
		22	whitelist ~/dwhelper
		23	whitelist ~/.zotero
		24	whitelist ~/.vimperatorrc
		25	whitelist ~/.vimperator
		26	whitelist ~/.pentadactylrc
		27	whitelist ~/.pentadactyl
		28	whitelist ~/.keysnail.js
		29	whitelist ~/.config/gnome-mplayer
		30	whitelist ~/.cache/gnome-mplayer/plugin
		31	whitelist ~/.pki
		32
		33	# lastpass, keepassx
		34	whitelist ~/.keepassx
		35	whitelist ~/.config/keepassx
		36	whitelist ~/keepassx.kdbx
		37	whitelist ~/.lastpass
		38	whitelist ~/.config/lastpass
		39
		40
		41	#silverlight
		42	whitelist ~/.wine-pipelight
		43	whitelist ~/.wine-pipelight64
		44	whitelist ~/.config/pipelight-widevine
		45	whitelist ~/.config/pipelight-silverlight5.1
		46
		47	include /etc/firejail/whitelist-common.inc
		48
		49	# experimental features
		50	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
		51