diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 8 | ||||
-rw-r--r-- | etc/globaltime.profile | 26 | ||||
-rw-r--r-- | etc/orage.profile | 27 | ||||
-rw-r--r-- | etc/ristretto.profile | 26 | ||||
-rw-r--r-- | etc/xfce4-dict.profile | 26 | ||||
-rw-r--r-- | etc/xfce4-notes.profile | 28 |
6 files changed, 141 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fbe614b0d..9b84f5e8a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -76,6 +76,7 @@ blacklist ${HOME}/.config/flowblade | |||
76 | blacklist ${HOME}/.config/gajim | 76 | blacklist ${HOME}/.config/gajim |
77 | blacklist ${HOME}/.config/geeqie | 77 | blacklist ${HOME}/.config/geeqie |
78 | blacklist ${HOME}/.config/gedit | 78 | blacklist ${HOME}/.config/gedit |
79 | blacklist ${HOME}/.config/globaltime | ||
79 | blacklist ${HOME}/.config/google-chrome | 80 | blacklist ${HOME}/.config/google-chrome |
80 | blacklist ${HOME}/.config/google-chrome-beta | 81 | blacklist ${HOME}/.config/google-chrome-beta |
81 | blacklist ${HOME}/.config/google-chrome-unstable | 82 | blacklist ${HOME}/.config/google-chrome-unstable |
@@ -104,10 +105,12 @@ blacklist ${HOME}/.config/okularpartrc | |||
104 | blacklist ${HOME}/.config/okularrc | 105 | blacklist ${HOME}/.config/okularrc |
105 | blacklist ${HOME}/.config/opera | 106 | blacklist ${HOME}/.config/opera |
106 | blacklist ${HOME}/.config/opera-beta | 107 | blacklist ${HOME}/.config/opera-beta |
108 | blacklist ${HOME}/.config/orage | ||
107 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 109 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
108 | blacklist ${HOME}/.config/pix | 110 | blacklist ${HOME}/.config/pix |
109 | blacklist ${HOME}/.config/pluma | 111 | blacklist ${HOME}/.config/pluma |
110 | blacklist ${HOME}/.config/psi+ | 112 | blacklist ${HOME}/.config/psi+ |
113 | blacklist ${HOME}/.config/ristretto | ||
111 | blacklist ${HOME}/.config/qpdfview | 114 | blacklist ${HOME}/.config/qpdfview |
112 | blacklist ${HOME}/.config/qt5ct | 115 | blacklist ${HOME}/.config/qt5ct |
113 | blacklist ${HOME}/.config/qutebrowser | 116 | blacklist ${HOME}/.config/qutebrowser |
@@ -135,6 +138,9 @@ blacklist ${HOME}/.config/xchat | |||
135 | blacklist ${HOME}/.config/xed | 138 | blacklist ${HOME}/.config/xed |
136 | blacklist ${HOME}/.config/xfburn | 139 | blacklist ${HOME}/.config/xfburn |
137 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 140 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
141 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | ||
142 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | ||
143 | blacklist ${HOME}/.config/xfce4-dict | ||
138 | blacklist ${HOME}/.config/xplayer | 144 | blacklist ${HOME}/.config/xplayer |
139 | blacklist ${HOME}/.config/xreader | 145 | blacklist ${HOME}/.config/xreader |
140 | blacklist ${HOME}/.config/xviewer | 146 | blacklist ${HOME}/.config/xviewer |
@@ -242,6 +248,7 @@ blacklist ${HOME}/.local/share/mupen64plus | |||
242 | blacklist ${HOME}/.local/share/nautilus | 248 | blacklist ${HOME}/.local/share/nautilus |
243 | blacklist ${HOME}/.local/share/nemo | 249 | blacklist ${HOME}/.local/share/nemo |
244 | blacklist ${HOME}/.local/share/okular | 250 | blacklist ${HOME}/.local/share/okular |
251 | blacklist ${HOME}/.local/share/orage | ||
245 | blacklist ${HOME}/.local/share/org.kde.gwenview | 252 | blacklist ${HOME}/.local/share/org.kde.gwenview |
246 | blacklist ${HOME}/.local/share/pix | 253 | blacklist ${HOME}/.local/share/pix |
247 | blacklist ${HOME}/.local/share/psi+ | 254 | blacklist ${HOME}/.local/share/psi+ |
@@ -256,6 +263,7 @@ blacklist ${HOME}/.local/share/vpltd | |||
256 | blacklist ${HOME}/.local/share/vulkan | 263 | blacklist ${HOME}/.local/share/vulkan |
257 | blacklist ${HOME}/.local/share/wesnoth | 264 | blacklist ${HOME}/.local/share/wesnoth |
258 | blacklist ${HOME}/.local/share/xplayer | 265 | blacklist ${HOME}/.local/share/xplayer |
266 | blacklist ${HOME}/.local/share/notes | ||
259 | blacklist ${HOME}/.local/share/xreader | 267 | blacklist ${HOME}/.local/share/xreader |
260 | blacklist ${HOME}/.local/share/zathura | 268 | blacklist ${HOME}/.local/share/zathura |
261 | blacklist ${HOME}/.lv2 | 269 | blacklist ${HOME}/.lv2 |
diff --git a/etc/globaltime.profile b/etc/globaltime.profile new file mode 100644 index 000000000..271c331a9 --- /dev/null +++ b/etc/globaltime.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/globaltime.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/globaltime | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
diff --git a/etc/orage.profile b/etc/orage.profile new file mode 100644 index 000000000..b0bd8b9c3 --- /dev/null +++ b/etc/orage.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/orage.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/orage | ||
6 | noblacklist ${HOME}/.local/share/orage | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | |||
18 | # | ||
19 | # depending on you usage, you can enable some of the commands below: | ||
20 | # | ||
21 | nogroups | ||
22 | shell none | ||
23 | # private-bin program | ||
24 | # private-etc none | ||
25 | private-dev | ||
26 | # private-tmp | ||
27 | |||
diff --git a/etc/ristretto.profile b/etc/ristretto.profile new file mode 100644 index 000000000..9499febe1 --- /dev/null +++ b/etc/ristretto.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/risretto.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/ristretto | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile new file mode 100644 index 000000000..41544e6b9 --- /dev/null +++ b/etc/xfce4-dict.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/xfce4-dict.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/xfce4-dict | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile new file mode 100644 index 000000000..f2cb9a5f1 --- /dev/null +++ b/etc/xfce4-notes.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/xfce4-notes.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc | ||
6 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | ||
7 | noblacklist ${HOME}/.local/share/notes | ||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | netfilter | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | protocol unix,inet,inet6 | ||
17 | seccomp | ||
18 | |||
19 | # | ||
20 | # depending on you usage, you can enable some of the commands below: | ||
21 | # | ||
22 | nogroups | ||
23 | shell none | ||
24 | # private-bin program | ||
25 | # private-etc none | ||
26 | private-dev | ||
27 | # private-tmp | ||
28 | |||