aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-m-z
diff options
context:
space:
mode:
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r--etc/profile-m-z/mcomix.profile74
-rw-r--r--etc/profile-m-z/minecraft-launcher.profile1
-rw-r--r--etc/profile-m-z/qcomicbook.profile68
-rw-r--r--etc/profile-m-z/rtin.profile8
-rw-r--r--etc/profile-m-z/rtv-addons.profile5
-rw-r--r--etc/profile-m-z/rtv.profile7
-rw-r--r--etc/profile-m-z/tin.profile69
-rw-r--r--etc/profile-m-z/w3m.profile24
-rw-r--r--etc/profile-m-z/weechat.profile1
9 files changed, 252 insertions, 5 deletions
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
new file mode 100644
index 000000000..fcd1e24e5
--- /dev/null
+++ b/etc/profile-m-z/mcomix.profile
@@ -0,0 +1,74 @@
1# Firejail profile for mcomix
2# Description: A comic book and manga viewer in python
3# This file is overwritten after every install/update
4# Persistent local customizations
5include mcomix.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/mcomix
10noblacklist ${HOME}/.local/share/mcomix
11noblacklist ${DOCUMENTS}
12
13# Allow /bin/sh (blacklisted by disable-shell.inc)
14include allow-bin-sh.inc
15
16# Allow python (blacklisted by disable-interpreters.inc)
17# mcomix <= 1.2 uses python2
18include allow-python2.inc
19include allow-python3.inc
20
21include disable-common.inc
22include disable-devel.inc
23include disable-exec.inc
24include disable-interpreters.inc
25include disable-passwdmgr.inc
26include disable-programs.inc
27include disable-shell.inc
28include disable-write-mnt.inc
29include disable-xdg.inc
30
31mkdir ${HOME}/.config/mcomix
32mkdir ${HOME}/.local/share/mcomix
33whitelist /usr/share/mcomix
34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc
36include whitelist-runuser-common.inc
37
38apparmor
39caps.drop all
40machine-id
41net none
42nodvd
43nogroups
44noinput
45nonewprivs
46noroot
47nosound
48notv
49nou2f
50novideo
51protocol unix
52seccomp
53seccomp.block-secondary
54shell none
55tracelog
56
57# mcomix <= 1.2 uses python2
58private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip
59private-cache
60private-dev
61# mcomix <= 1.2 uses gtk-2.0
62private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg
63private-tmp
64
65dbus-user none
66dbus-system none
67
68read-only ${HOME}
69read-write ${HOME}/.config/mcomix
70read-write ${HOME}/.local/share/mcomix
71#to allow ${HOME}/.local/share/recently-used.xbel
72read-write ${HOME}/.local/share
73# used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails
74read-write ${HOME}/.thumbnails
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile
index 2536d0b38..1028e374a 100644
--- a/etc/profile-m-z/minecraft-launcher.profile
+++ b/etc/profile-m-z/minecraft-launcher.profile
@@ -31,7 +31,6 @@ include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 31include whitelist-usr-share-common.inc
32include whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34apparmor
35caps.drop all 34caps.drop all
36netfilter 35netfilter
37nodvd 36nodvd
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile
new file mode 100644
index 000000000..0e52d7fc4
--- /dev/null
+++ b/etc/profile-m-z/qcomicbook.profile
@@ -0,0 +1,68 @@
1# Firejail profile for qcomicbook
2# Description: A comic book and manga viewer in QT
3# This file is overwritten after every install/update
4# Persistent local customizations
5include qcomicbook.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.cache/PawelStolowski
10noblacklist ${HOME}/.config/PawelStolowski
11noblacklist ${HOME}/.local/share/PawelStolowski
12noblacklist ${DOCUMENTS}
13
14# Allow /bin/sh (blacklisted by disable-shell.inc)
15include allow-bin-sh.inc
16
17include disable-common.inc
18include disable-devel.inc
19include disable-exec.inc
20include disable-interpreters.inc
21include disable-passwdmgr.inc
22include disable-programs.inc
23include disable-shell.inc
24include disable-write-mnt.inc
25include disable-xdg.inc
26
27mkdir ${HOME}/.cache/PawelStolowski
28mkdir ${HOME}/.config/PawelStolowski
29mkdir ${HOME}/.local/share/PawelStolowski
30whitelist /usr/share/qcomicbook
31include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc
33include whitelist-var-common.inc
34
35apparmor
36caps.drop all
37machine-id
38net none
39nodvd
40nogroups
41noinput
42nonewprivs
43noroot
44nosound
45notv
46nou2f
47novideo
48protocol unix
49seccomp
50seccomp.block-secondary
51shell none
52tracelog
53
54private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip
55private-cache
56private-dev
57private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,Trolltech.conf,X11,xdg
58private-tmp
59
60dbus-user none
61dbus-system none
62
63read-only ${HOME}
64read-write ${HOME}/.cache/PawelStolowski
65read-write ${HOME}/.config/PawelStolowski
66read-write ${HOME}/.local/share/PawelStolowski
67#to allow ${HOME}/.local/share/recently-used.xbel
68read-write ${HOME}/.local/share
diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile
new file mode 100644
index 000000000..cd84ce05e
--- /dev/null
+++ b/etc/profile-m-z/rtin.profile
@@ -0,0 +1,8 @@
1# Firejail profile for rtin
2# Description: ncurses-based Usenet newsreader
3# symlink to tin, same as `tin -r`
4# This file is overwritten after every install/update
5# Persistent local customizations
6include rtin.local
7
8include tin.profile
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile
index c9da0b628..cc6db5043 100644
--- a/etc/profile-m-z/rtv-addons.profile
+++ b/etc/profile-m-z/rtv-addons.profile
@@ -21,3 +21,8 @@ whitelist ${HOME}/.config/mpv
21whitelist ${HOME}/.mailcap 21whitelist ${HOME}/.mailcap
22whitelist ${HOME}/.netrc 22whitelist ${HOME}/.netrc
23whitelist ${HOME}/.w3m 23whitelist ${HOME}/.w3m
24
25#private-bin w3m,mpv,youtube-dl
26
27# tells rtv, which browser to use
28#env RTV_BROWSER=w3m
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index f0b8d31e9..2f1fe0155 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -12,6 +12,9 @@ blacklist ${RUNUSER}/wayland-*
12noblacklist ${HOME}/.config/rtv 12noblacklist ${HOME}/.config/rtv
13noblacklist ${HOME}/.local/share/rtv 13noblacklist ${HOME}/.local/share/rtv
14 14
15# Allow /bin/sh (blacklisted by disable-shell.inc)
16include allow-bin-sh.inc
17
15# Allow python (blacklisted by disable-interpreters.inc) 18# Allow python (blacklisted by disable-interpreters.inc)
16include allow-python2.inc 19include allow-python2.inc
17include allow-python3.inc 20include allow-python3.inc
@@ -54,10 +57,10 @@ shell none
54tracelog 57tracelog
55 58
56disable-mnt 59disable-mnt
57private-bin python*,rtv,sh,xdg-settings 60private-bin less,python*,rtv,sh,xdg-settings
58private-cache 61private-cache
59private-dev 62private-dev
60private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg 63private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
61 64
62dbus-user none 65dbus-user none
63dbus-system none 66dbus-system none
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
new file mode 100644
index 000000000..e0ed3090a
--- /dev/null
+++ b/etc/profile-m-z/tin.profile
@@ -0,0 +1,69 @@
1# Firejail profile for tin
2# Description: ncurses-based Usenet newsreader
3# This file is overwritten after every install/update
4# Persistent local customizations
5include tin.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.newsrc
10noblacklist ${HOME}/.tin
11
12blacklist /tmp/.X11-unix
13blacklist ${RUNUSER}
14blacklist /usr/libexec
15
16include disable-common.inc
17include disable-devel.inc
18include disable-exec.inc
19include disable-interpreters.inc
20include disable-passwdmgr.inc
21include disable-programs.inc
22include disable-shell.inc
23include disable-xdg.inc
24
25mkdir ${HOME}/.tin
26mkfile ${HOME}/.newsrc
27# Note: files/directories directly in ${HOME} can't be whitelisted, as
28# tin saves .newsrc by renaming a temporary file, which is not possible for
29# bind-mounted files.
30#whitelist ${HOME}/.newsrc
31#whitelist ${HOME}/.tin
32#include whitelist-common.inc
33include whitelist-runuser-common.inc
34include whitelist-usr-share-common.inc
35include whitelist-var-common.inc
36
37apparmor
38caps.drop all
39ipc-namespace
40machine-id
41netfilter
42no3d
43nodvd
44nogroups
45noinput
46nonewprivs
47noroot
48nosound
49notv
50nou2f
51novideo
52protocol inet,inet6
53seccomp
54seccomp.block-secondary
55shell none
56tracelog
57
58disable-mnt
59private-bin rtin,tin
60private-cache
61private-dev
62private-etc passwd,resolv.conf,terminfo,tin
63private-lib terminfo
64private-tmp
65
66dbus-user none
67dbus-system none
68
69memory-deny-write-execute
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 131213ed2..69b2c6c59 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -17,18 +17,32 @@ noblacklist ${HOME}/.w3m
17blacklist /tmp/.X11-unix 17blacklist /tmp/.X11-unix
18blacklist ${RUNUSER}/wayland-* 18blacklist ${RUNUSER}/wayland-*
19 19
20# Allow /bin/sh (blacklisted by disable-shell.inc)
21include allow-bin-sh.inc
22
23# Allow perl (blacklisted by disable-interpreters.inc)
20include allow-perl.inc 24include allow-perl.inc
21 25
22include disable-common.inc 26include disable-common.inc
23include disable-devel.inc 27include disable-devel.inc
28include disable-exec.inc
24include disable-interpreters.inc 29include disable-interpreters.inc
25include disable-passwdmgr.inc 30include disable-passwdmgr.inc
26include disable-programs.inc 31include disable-programs.inc
32include disable-shell.inc
27include disable-xdg.inc 33include disable-xdg.inc
28 34
35mkdir ${HOME}/.w3m
36whitelist /usr/share/w3m
37whitelist ${DOWNLOADS}
38whitelist ${HOME}/.w3m
29include whitelist-runuser-common.inc 39include whitelist-runuser-common.inc
40include whitelist-usr-share-common.inc
41include whitelist-var-common.inc
30 42
31caps.drop all 43caps.drop all
44ipc-namespace
45machine-id
32netfilter 46netfilter
33no3d 47no3d
34nodvd 48nodvd
@@ -45,8 +59,14 @@ seccomp
45shell none 59shell none
46tracelog 60tracelog
47 61
48# private-bin w3m 62disable-mnt
63private-bin perl,sh,w3m
49private-cache 64private-cache
50private-dev 65private-dev
51private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl 66private-etc alternatives,ca-certificates,crypto-policies,mailcap,nsswitch.conf,pki,resolv.conf,ssl
52private-tmp 67private-tmp
68
69dbus-user none
70dbus-system none
71
72memory-deny-write-execute
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile
index 3a93d2ec7..76935212f 100644
--- a/etc/profile-m-z/weechat.profile
+++ b/etc/profile-m-z/weechat.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.weechat
11include disable-common.inc 11include disable-common.inc
12include disable-programs.inc 12include disable-programs.inc
13 13
14whitelist /usr/share/weechat
14include whitelist-usr-share-common.inc 15include whitelist-usr-share-common.inc
15include whitelist-var-common.inc 16include whitelist-var-common.inc
16 17
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-15 09:52:56 +0000