diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/firefox-common.profile | 3 | ||||
-rw-r--r-- | etc/picard.profile | 2 | ||||
-rw-r--r-- | etc/qmmp.profile | 34 | ||||
-rw-r--r-- | etc/sayonara.profile | 33 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 2 |
6 files changed, 74 insertions, 2 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index ea334c289..c7605d660 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -16,6 +16,7 @@ blacklist ${HOME}/.LuminanceHDR | |||
16 | blacklist ${HOME}/.Mathematica | 16 | blacklist ${HOME}/.Mathematica |
17 | blacklist ${HOME}/.Natron | 17 | blacklist ${HOME}/.Natron |
18 | blacklist ${HOME}/.PyCharm* | 18 | blacklist ${HOME}/.PyCharm* |
19 | blacklist ${HOME}/.Sayonara | ||
19 | blacklist ${HOME}/.Skype | 20 | blacklist ${HOME}/.Skype |
20 | blacklist ${HOME}/.Steam | 21 | blacklist ${HOME}/.Steam |
21 | blacklist ${HOME}/.Steampath | 22 | blacklist ${HOME}/.Steampath |
@@ -465,6 +466,7 @@ blacklist ${HOME}/.passwd-s3fs | |||
465 | blacklist ${HOME}/.pingus | 466 | blacklist ${HOME}/.pingus |
466 | blacklist ${HOME}/.purple | 467 | blacklist ${HOME}/.purple |
467 | blacklist ${HOME}/.qemu-launcher | 468 | blacklist ${HOME}/.qemu-launcher |
469 | blacklist ${HOME}/.qmmp | ||
468 | blacklist ${HOME}/.redeclipse | 470 | blacklist ${HOME}/.redeclipse |
469 | blacklist ${HOME}/.remmina | 471 | blacklist ${HOME}/.remmina |
470 | blacklist ${HOME}/.repo_.gitconfig.json | 472 | blacklist ${HOME}/.repo_.gitconfig.json |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 9ebcdba6c..b0de1f1a3 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -35,7 +35,8 @@ notv | |||
35 | protocol unix,inet,inet6,netlink | 35 | protocol unix,inet,inet6,netlink |
36 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 36 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
37 | shell none | 37 | shell none |
38 | tracelog | 38 | #disable tracelog, it breaks or causes major issues with many firefox based browsers, see github issue #1930 |
39 | #tracelog | ||
39 | 40 | ||
40 | disable-mnt | 41 | disable-mnt |
41 | private-dev | 42 | private-dev |
diff --git a/etc/picard.profile b/etc/picard.profile index 9e0d4ab55..484b0e6b2 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
@@ -9,7 +9,9 @@ noblacklist ${HOME}/.cache/MusicBrainz | |||
9 | noblacklist ${HOME}/.config/MusicBrainz | 9 | noblacklist ${HOME}/.config/MusicBrainz |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | noblacklist ${PATH}/python2* | ||
12 | noblacklist ${PATH}/python3* | 13 | noblacklist ${PATH}/python3* |
14 | noblacklist /usr/lib/python2* | ||
13 | noblacklist /usr/lib/python3* | 15 | noblacklist /usr/lib/python3* |
14 | 16 | ||
15 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
diff --git a/etc/qmmp.profile b/etc/qmmp.profile new file mode 100644 index 000000000..d785ddbbe --- /dev/null +++ b/etc/qmmp.profile | |||
@@ -0,0 +1,34 @@ | |||
1 | # Firejail profile for qmmp | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/qmmp.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.qmmp | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | netfilter | ||
17 | # no3d | ||
18 | nodbus | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | notv | ||
23 | novideo | ||
24 | protocol unix,inet,inet6 | ||
25 | seccomp | ||
26 | shell none | ||
27 | tracelog | ||
28 | |||
29 | private-bin qmmp | ||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||
diff --git a/etc/sayonara.profile b/etc/sayonara.profile new file mode 100644 index 000000000..756bd99eb --- /dev/null +++ b/etc/sayonara.profile | |||
@@ -0,0 +1,33 @@ | |||
1 | # Firejail profile for sayonara player | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/sayonara.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.Sayonara | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | netfilter | ||
17 | no3d | ||
18 | nogroups | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | notv | ||
22 | novideo | ||
23 | protocol unix,inet,inet6 | ||
24 | seccomp | ||
25 | shell none | ||
26 | tracelog | ||
27 | |||
28 | private-bin sayonara | ||
29 | private-dev | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index a63798731..a33707ee4 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -41,7 +41,7 @@ shell none | |||
41 | tracelog | 41 | tracelog |
42 | 42 | ||
43 | disable-mnt | 43 | disable-mnt |
44 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher | 44 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tclsh,test,tor-browser-en,torbrowser-launcher |
45 | private-dev | 45 | private-dev |
46 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 46 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
47 | private-tmp | 47 | private-tmp |