diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/libreoffice.profile | 12 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 3 | ||||
-rw-r--r-- | etc/vlc.profile | 2 | ||||
-rw-r--r-- | etc/webstorm.profile | 9 |
4 files changed, 16 insertions, 10 deletions
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 4b3eb1ac7..18fcc59c6 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -23,20 +23,22 @@ include /etc/firejail/disable-programs.inc | |||
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include /etc/firejail/whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | # Ubuntu 18.04 uses its own apparmor profile |
27 | # uncomment the next line if you are not on Ubuntu | ||
28 | #apparmor | ||
27 | caps.drop all | 29 | caps.drop all |
28 | machine-id | 30 | machine-id |
29 | netfilter | 31 | netfilter |
30 | nodbus | 32 | nodbus |
31 | nodvd | 33 | nodvd |
32 | nogroups | 34 | nogroups |
33 | nonewprivs | 35 | #nonewprivs - fix for Ubuntu 18.04/Debian 10 |
34 | noroot | 36 | noroot |
35 | notv | 37 | notv |
36 | protocol unix,inet,inet6 | 38 | #protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10 |
37 | seccomp | 39 | #seccomp - fix for Ubuntu 18.04/Debian 10 |
38 | shell none | 40 | shell none |
39 | tracelog | 41 | #tracelog - problems reported by Ubuntu 18.04 apparmor profile in /var/log/syslog |
40 | 42 | ||
41 | private-dev | 43 | private-dev |
42 | private-tmp | 44 | private-tmp |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 38ccb886f..57e1ce5f0 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -8,7 +8,8 @@ include /etc/firejail/globals.local | |||
8 | 8 | ||
9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-interpreters.inc | 11 | # rhythmbox is using Python |
12 | #include /etc/firejail/disable-interpreters.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
14 | 15 | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 6b0bee7bd..9ccbb7310 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -17,7 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | 20 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access |
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | # nodbus - problems with KDE | 23 | # nodbus - problems with KDE |
diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 6da71224f..93bcb50bb 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile | |||
@@ -6,12 +6,17 @@ include /etc/firejail/webstorm.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.WebStorm* | 8 | noblacklist ${HOME}/.WebStorm* |
9 | noblacklist ${HOME}/.android | ||
9 | noblacklist ${HOME}/.gitconfig | 10 | noblacklist ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.gradle | ||
10 | noblacklist ${HOME}/.java | 12 | noblacklist ${HOME}/.java |
11 | noblacklist ${HOME}/.local/share/JetBrains | 13 | noblacklist ${HOME}/.local/share/JetBrains |
12 | noblacklist ${HOME}/.ssh | 14 | noblacklist ${HOME}/.ssh |
13 | noblacklist ${HOME}/.tooling | 15 | noblacklist ${HOME}/.tooling |
14 | 16 | ||
17 | noblacklist ${PATH}/node | ||
18 | noblacklist ${HOME}/.nvm | ||
19 | |||
15 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 21 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
@@ -31,6 +36,4 @@ seccomp | |||
31 | shell none | 36 | shell none |
32 | 37 | ||
33 | private-dev | 38 | private-dev |
34 | # private-tmp | 39 | private-tmp |
35 | |||
36 | noexec /tmp | ||