diff options
Diffstat (limited to 'etc/waterfox.profile')
-rw-r--r-- | etc/waterfox.profile | 68 |
1 files changed, 3 insertions, 65 deletions
diff --git a/etc/waterfox.profile b/etc/waterfox.profile index b2abb3a5f..521295dfa 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile | |||
@@ -7,83 +7,21 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.cache/waterfox | 9 | noblacklist ${HOME}/.cache/waterfox |
10 | noblacklist ${HOME}/.config/okularpartrc | ||
11 | noblacklist ${HOME}/.config/okularrc | ||
12 | noblacklist ${HOME}/.config/qpdfview | ||
13 | noblacklist ${HOME}/.kde/share/apps/okular | ||
14 | noblacklist ${HOME}/.kde/share/config/okularpartrc | ||
15 | noblacklist ${HOME}/.kde/share/config/okularrc | ||
16 | noblacklist ${HOME}/.kde4/share/apps/okular | ||
17 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | ||
18 | noblacklist ${HOME}/.kde4/share/config/okularrc | ||
19 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions | ||
20 | noblacklist ${HOME}/.local/share/okular | ||
21 | noblacklist ${HOME}/.local/share/qpdfview | ||
22 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
23 | noblacklist ${HOME}/.waterfox | 11 | noblacklist ${HOME}/.waterfox |
24 | noblacklist ${HOME}/.pki | ||
25 | |||
26 | include /etc/firejail/disable-common.inc | ||
27 | include /etc/firejail/disable-devel.inc | ||
28 | include /etc/firejail/disable-programs.inc | ||
29 | 12 | ||
30 | mkdir ${HOME}/.cache/mozilla/firefox | 13 | mkdir ${HOME}/.cache/mozilla/firefox |
31 | mkdir ${HOME}/.mozilla | 14 | mkdir ${HOME}/.mozilla |
32 | mkdir ${HOME}/.cache/waterfox | 15 | mkdir ${HOME}/.cache/waterfox |
33 | mkdir ${HOME}/.waterfox | 16 | mkdir ${HOME}/.waterfox |
34 | mkdir ${HOME}/.pki | ||
35 | whitelist ${DOWNLOADS} | ||
36 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | ||
37 | whitelist ${HOME}/.cache/mozilla/firefox | 17 | whitelist ${HOME}/.cache/mozilla/firefox |
38 | whitelist ${HOME}/.cache/waterfox | 18 | whitelist ${HOME}/.cache/waterfox |
39 | whitelist ${HOME}/.config/gnome-mplayer | ||
40 | whitelist ${HOME}/.config/okularpartrc | ||
41 | whitelist ${HOME}/.config/okularrc | ||
42 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | ||
43 | whitelist ${HOME}/.config/pipelight-widevine | ||
44 | whitelist ${HOME}/.config/qpdfview | ||
45 | whitelist ${HOME}/.kde/share/apps/okular | ||
46 | whitelist ${HOME}/.kde/share/config/okularpartrc | ||
47 | whitelist ${HOME}/.kde/share/config/okularrc | ||
48 | whitelist ${HOME}/.kde4/share/apps/okular | ||
49 | whitelist ${HOME}/.kde4/share/config/okularpartrc | ||
50 | whitelist ${HOME}/.kde4/share/config/okularrc | ||
51 | whitelist ${HOME}/.keysnail.js | ||
52 | whitelist ${HOME}/.lastpass | ||
53 | whitelist ${HOME}/.local/share/gnome-shell/extensions | ||
54 | whitelist ${HOME}/.local/share/okular | ||
55 | whitelist ${HOME}/.local/share/qpdfview | ||
56 | whitelist ${HOME}/.mozilla | 19 | whitelist ${HOME}/.mozilla |
57 | whitelist ${HOME}/.waterfox | 20 | whitelist ${HOME}/.waterfox |
58 | whitelist ${HOME}/.pentadactyl | ||
59 | whitelist ${HOME}/.pentadactylrc | ||
60 | whitelist ${HOME}/.pki | ||
61 | whitelist ${HOME}/.vimperator | ||
62 | whitelist ${HOME}/.vimperatorrc | ||
63 | whitelist ${HOME}/.wine-pipelight | ||
64 | whitelist ${HOME}/.wine-pipelight64 | ||
65 | whitelist ${HOME}/.zotero | ||
66 | whitelist ${HOME}/dwhelper | ||
67 | include /etc/firejail/whitelist-common.inc | ||
68 | include /etc/firejail/whitelist-var-common.inc | ||
69 | |||
70 | caps.drop all | ||
71 | netfilter | ||
72 | nodvd | ||
73 | nogroups | ||
74 | nonewprivs | ||
75 | noroot | ||
76 | notv | ||
77 | protocol unix,inet,inet6,netlink | ||
78 | seccomp | ||
79 | shell none | ||
80 | tracelog | ||
81 | 21 | ||
82 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. | 22 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. |
83 | # private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash | 23 | # private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash |
84 | private-dev | 24 | # private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies |
85 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse | ||
86 | private-tmp | ||
87 | 25 | ||
88 | noexec ${HOME} | 26 | # Redirect |
89 | noexec /tmp | 27 | include /etc/firejail/firefox-common.profile |