4 files changed, 22 insertions, 45 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index 811d657f2..f10b82962 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -1,8 +1,10 @@
-include /usr/local/etc/firejail/server.profile
+# cpio profile
-include /usr/local/etc/firejail/disable-common.inc
+# testing: find . -print -depth | cpio -ov > tree.cpio
-include /usr/local/etc/firejail/disable-programs.inc
+include /etc/firejail/default.profile
-include /usr/local/etc/firejail/disable-passwdmgr.inc
+tracelog
-caps.drop all
 net none
 shell none
-seccomp
+private-bin cpio
+private-dev
diff --git a/etc/gzip.profile b/etc/gzip.profile
index f231c3780..3c9e8a9bf 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -1,19 +1,6 @@
-################################
+# gzip profile
-# Gzip profile 
+include /etc/firejail/default.profile
-################################
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-passwdmgr.inc
-blacklist ${HOME}/.wine
-blacklist ${HOME}/.ssh
 tracelog
-caps.drop all
-seccomp 
 net none
-noroot
+shell none
-nosound
+private-dev
-nogroups
-nonewprivs
diff --git a/etc/strings.profile b/etc/strings.profile
index ea6d4b415..8be9a5719 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -1,12 +1,6 @@
-noblacklist ~/.config
+# strings profile
+include /etc/firejail/default.profile
-include /usr/local/etc/firejail/disable-common.inc
-include /usr/local/etc/firejail/disable-programs.inc
-include /usr/local/etc/firejail/disable-devel.inc
-include /usr/local/etc/firejail/disable-passwdmgr.inc
-caps.drop all
-noroot
-nonewprivs
-seccomp
 tracelog
+net none
+shell none
+private-dev
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index f29f7360c..ade46dddd 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -1,13 +1,7 @@
-# Firejail profile for XZ decompressor
+# XZ decompressor profile
-# xzdec.profile
+include /etc/firejail/default.profile
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-caps.drop all
-seccomp
 tracelog
-noroot
+net none
 shell none
+private-dev

diff --git a/etc/cpio.profile b/etc/cpio.profile index 811d657f2..f10b82962 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -1,8 +1,10 @@
1	include /usr/local/etc/firejail/server.profile	1	# cpio profile
2	include /usr/local/etc/firejail/disable-common.inc	2	# testing: find . -print -depth \| cpio -ov > tree.cpio
3	include /usr/local/etc/firejail/disable-programs.inc	3	include /etc/firejail/default.profile
4	include /usr/local/etc/firejail/disable-passwdmgr.inc	4	tracelog
5	caps.drop all
6	net none	5	net none
7	shell none	6	shell none
8	seccomp	7	private-bin cpio
		8	private-dev
		9
		10


diff --git a/etc/gzip.profile b/etc/gzip.profile index f231c3780..3c9e8a9bf 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile
@@ -1,19 +1,6 @@
1	################################	1	# gzip profile
2	# Gzip profile	2	include /etc/firejail/default.profile
3	################################
4	include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-programs.inc
6	include /etc/firejail/disable-passwdmgr.inc
7
8	blacklist ${HOME}/.wine
9	blacklist ${HOME}/.ssh
10
11	tracelog	3	tracelog
12	caps.drop all
13	seccomp
14	net none	4	net none
15	noroot	5	shell none
16	nosound	6	private-dev
17	nogroups
18	nonewprivs
19


diff --git a/etc/strings.profile b/etc/strings.profile index ea6d4b415..8be9a5719 100644 --- a/etc/strings.profile +++ b/etc/strings.profile
@@ -1,12 +1,6 @@
1	noblacklist ~/.config	1	# strings profile
2		2	include /etc/firejail/default.profile
3	include /usr/local/etc/firejail/disable-common.inc
4	include /usr/local/etc/firejail/disable-programs.inc
5	include /usr/local/etc/firejail/disable-devel.inc
6	include /usr/local/etc/firejail/disable-passwdmgr.inc
7
8	caps.drop all
9	noroot
10	nonewprivs
11	seccomp
12	tracelog	3	tracelog
		4	net none
		5	shell none
		6	private-dev


diff --git a/etc/xzdec.profile b/etc/xzdec.profile index f29f7360c..ade46dddd 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile
@@ -1,13 +1,7 @@
1	# Firejail profile for XZ decompressor	1	# XZ decompressor profile
2	# xzdec.profile	2	include /etc/firejail/default.profile
3
4	include /etc/firejail/disable-mgmt.inc
5	include /etc/firejail/disable-secret.inc
6	include /etc/firejail/disable-common.inc
7	include /etc/firejail/disable-devel.inc
8
9	caps.drop all
10	seccomp
11	tracelog	3	tracelog
12	noroot	4	net none
13	shell none	5	shell none
		6	private-dev
		7