1 files changed, 49 insertions, 1 deletions
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 25d426ad2..0348076da 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,2 +1,50 @@
 # Firejail profile for GNU Icecat
-include /etc/firejail/firefox.profile
+noblacklist ~/.mozilla
+noblacklist ~/.cache/mozilla
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+whitelist ${DOWNLOADS}
+mkdir ~/.mozilla
+whitelist ~/.mozilla
+mkdir ~/.cache/mozilla/icecat
+whitelist ~/.cache/mozilla/icecat
+whitelist ~/dwhelper
+whitelist ~/.zotero
+whitelist ~/.vimperatorrc
+whitelist ~/.vimperator
+whitelist ~/.pentadactylrc
+whitelist ~/.pentadactyl
+whitelist ~/.keysnail.js
+whitelist ~/.config/gnome-mplayer
+whitelist ~/.cache/gnome-mplayer/plugin
+whitelist ~/.pki
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+#silverlight
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.config/pipelight-silverlight5.1
+include /etc/firejail/whitelist-common.inc
+# experimental features
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse

diff --git a/etc/icecat.profile b/etc/icecat.profile index 25d426ad2..0348076da 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile
@@ -1,2 +1,50 @@
1	# Firejail profile for GNU Icecat	1	# Firejail profile for GNU Icecat
2	include /etc/firejail/firefox.profile	2	noblacklist ~/.mozilla
		3	noblacklist ~/.cache/mozilla
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-devel.inc
		7
		8	caps.drop all
		9	netfilter
		10	nonewprivs
		11	noroot
		12	protocol unix,inet,inet6,netlink
		13	seccomp
		14	tracelog
		15
		16	whitelist ${DOWNLOADS}
		17	mkdir ~/.mozilla
		18	whitelist ~/.mozilla
		19	mkdir ~/.cache/mozilla/icecat
		20	whitelist ~/.cache/mozilla/icecat
		21	whitelist ~/dwhelper
		22	whitelist ~/.zotero
		23	whitelist ~/.vimperatorrc
		24	whitelist ~/.vimperator
		25	whitelist ~/.pentadactylrc
		26	whitelist ~/.pentadactyl
		27	whitelist ~/.keysnail.js
		28	whitelist ~/.config/gnome-mplayer
		29	whitelist ~/.cache/gnome-mplayer/plugin
		30	whitelist ~/.pki
		31
		32	# lastpass, keepassx
		33	whitelist ~/.keepassx
		34	whitelist ~/.config/keepassx
		35	whitelist ~/keepassx.kdbx
		36	whitelist ~/.lastpass
		37	whitelist ~/.config/lastpass
		38
		39
		40	#silverlight
		41	whitelist ~/.wine-pipelight
		42	whitelist ~/.wine-pipelight64
		43	whitelist ~/.config/pipelight-widevine
		44	whitelist ~/.config/pipelight-silverlight5.1
		45
		46	include /etc/firejail/whitelist-common.inc
		47
		48	# experimental features
		49	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
		50