diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-common.inc | 28 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/keepassx2.profile | 22 |
3 files changed, 38 insertions, 16 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b86c6f998..07814a704 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -39,19 +39,19 @@ blacklist /usr/share/applications/veracrypt.* | |||
39 | blacklist /usr/share/pixmaps/veracrypt.* | 39 | blacklist /usr/share/pixmaps/veracrypt.* |
40 | blacklist ${HOME}/.VeraCrypt | 40 | blacklist ${HOME}/.VeraCrypt |
41 | 41 | ||
42 | # TrueCrypt | 42 | # TrueCrypt |
43 | blacklist ${PATH}/truecrypt | 43 | blacklist ${PATH}/truecrypt |
44 | blacklist ${PATH}/truecrypt-uninstall.sh | 44 | blacklist ${PATH}/truecrypt-uninstall.sh |
45 | blacklist /usr/share/truecrypt | 45 | blacklist /usr/share/truecrypt |
46 | blacklist /usr/share/applications/truecrypt.* | 46 | blacklist /usr/share/applications/truecrypt.* |
47 | blacklist /usr/share/pixmaps/truecrypt.* | 47 | blacklist /usr/share/pixmaps/truecrypt.* |
48 | blacklist ${HOME}/.TrueCrypt | 48 | blacklist ${HOME}/.TrueCrypt |
49 | 49 | ||
50 | # zuluCrypt | 50 | # zuluCrypt |
51 | blacklist ${HOME}/.zuluCrypt | 51 | blacklist ${HOME}/.zuluCrypt |
52 | blacklist ${HOME}/.zuluCrypt-socket | 52 | blacklist ${HOME}/.zuluCrypt-socket |
53 | blacklist ${PATH}/zuluCrypt-cli | 53 | blacklist ${PATH}/zuluCrypt-cli |
54 | blacklist ${PATH}/zuluMount-cli | 54 | blacklist ${PATH}/zuluMount-cli |
55 | 55 | ||
56 | # var | 56 | # var |
57 | blacklist /var/spool/cron | 57 | blacklist /var/spool/cron |
@@ -154,7 +154,7 @@ blacklist /etc/ssh | |||
154 | blacklist /var/backup | 154 | blacklist /var/backup |
155 | blacklist /home/.ecryptfs | 155 | blacklist /home/.ecryptfs |
156 | 156 | ||
157 | # system directories | 157 | # system directories |
158 | blacklist /sbin | 158 | blacklist /sbin |
159 | blacklist /usr/sbin | 159 | blacklist /usr/sbin |
160 | blacklist /usr/local/sbin | 160 | blacklist /usr/local/sbin |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a9ca487c5..8e9392c7b 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -107,7 +107,7 @@ blacklist ${HOME}/.config/katepartrc | |||
107 | blacklist ${HOME}/.config/katerc | 107 | blacklist ${HOME}/.config/katerc |
108 | blacklist ${HOME}/.config/kateschemarc | 108 | blacklist ${HOME}/.config/kateschemarc |
109 | blacklist ${HOME}/.config/katesyntaxhighlightingrc | 109 | blacklist ${HOME}/.config/katesyntaxhighlightingrc |
110 | blacklist ${HOME}/.config/katevirc | 110 | blacklist ${HOME}/.config/katevir |
111 | blacklist ${HOME}/.config/libreoffice | 111 | blacklist ${HOME}/.config/libreoffice |
112 | blacklist ${HOME}/.config/mate/eom | 112 | blacklist ${HOME}/.config/mate/eom |
113 | blacklist ${HOME}/.config/midori | 113 | blacklist ${HOME}/.config/midori |
@@ -148,7 +148,7 @@ blacklist ${HOME}/.config/xreader | |||
148 | blacklist ${HOME}/.config/xviewer | 148 | blacklist ${HOME}/.config/xviewer |
149 | blacklist ${HOME}/.config/zathura | 149 | blacklist ${HOME}/.config/zathura |
150 | blacklist ${HOME}/.config/zoomus.conf | 150 | blacklist ${HOME}/.config/zoomus.conf |
151 | blacklist ${HOME}/.conkeror.mozdev.org | 151 | blacklist ${HOME}/.conkeror.mozdev.org |
152 | blacklist ${HOME}/.dillo | 152 | blacklist ${HOME}/.dillo |
153 | blacklist ${HOME}/.dosbox | 153 | blacklist ${HOME}/.dosbox |
154 | blacklist ${HOME}/.dropbox-dist | 154 | blacklist ${HOME}/.dropbox-dist |
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile new file mode 100644 index 000000000..d8621773f --- /dev/null +++ b/etc/keepassx2.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # keepassx password manager profile | ||
2 | noblacklist ${HOME}/.config/keepassx | ||
3 | noblacklist ${HOME}/.keepassx | ||
4 | noblacklist ${HOME}/keepassx.kdbx | ||
5 | |||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | nogroups | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | nosound | ||
16 | protocol unix | ||
17 | seccomp | ||
18 | netfilter | ||
19 | shell none | ||
20 | |||
21 | private-tmp | ||
22 | private-dev | ||