aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/Mathematica.profile13
-rw-r--r--etc/audacious.profile1
-rw-r--r--etc/bitlbee.profile1
-rw-r--r--etc/chromium.profile2
-rw-r--r--etc/clementine.profile2
-rw-r--r--etc/conkeror.profile7
-rw-r--r--etc/deadbeef.profile1
-rw-r--r--etc/deluge.profile1
-rw-r--r--etc/disable-common.inc6
-rw-r--r--etc/disable-secret.inc2
-rw-r--r--etc/disable-terminals.inc6
-rw-r--r--etc/dnscrypt-proxy.profile4
-rw-r--r--etc/dropbox.profile1
-rw-r--r--etc/empathy.profile1
-rw-r--r--etc/epiphany.profile16
-rw-r--r--etc/evince.profile1
-rw-r--r--etc/fbreader.profile1
-rw-r--r--etc/filezilla.profile1
-rw-r--r--etc/firefox.profile2
-rw-r--r--etc/generic.profile1
-rw-r--r--etc/gnome-mplayer.profile1
-rw-r--r--etc/google-chrome-beta.profile2
-rw-r--r--etc/google-chrome-unstable.profile2
-rw-r--r--etc/google-chrome.profile2
-rw-r--r--etc/hexchat.profile1
-rw-r--r--etc/kmail.profile1
-rw-r--r--etc/lxterminal.profile19
-rw-r--r--etc/mathematica.profile2
-rw-r--r--etc/midori.profile1
-rw-r--r--etc/mupen64plus.profile13
-rw-r--r--etc/opera-beta.profile2
-rw-r--r--etc/opera.profile2
-rw-r--r--etc/parole.profile1
-rw-r--r--etc/pidgin.profile1
-rw-r--r--etc/qbittorrent.profile1
-rw-r--r--etc/quassel.profile1
-rw-r--r--etc/rhythmbox.profile1
-rw-r--r--etc/rtorrent.profile1
-rw-r--r--etc/seamonkey-bin.profile2
-rw-r--r--etc/seamonkey.profile2
-rw-r--r--etc/server.profile1
-rw-r--r--etc/skype.profile1
-rw-r--r--etc/steam.profile1
-rw-r--r--etc/telegram.profile15
-rw-r--r--etc/totem.profile1
-rw-r--r--etc/transmission-gtk.profile1
-rw-r--r--etc/transmission-qt.profile1
-rw-r--r--etc/uget-gtk.profile14
-rw-r--r--etc/unbound.profile4
-rw-r--r--etc/vlc.profile1
-rw-r--r--etc/weechat.profile1
-rw-r--r--etc/whitelist-common.inc2
-rw-r--r--etc/wine.profile1
-rw-r--r--etc/xchat.profile1
54 files changed, 167 insertions, 6 deletions
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
new file mode 100644
index 000000000..d1f4b1de1
--- /dev/null
+++ b/etc/Mathematica.profile
@@ -0,0 +1,13 @@
1# Mathematica profile
2whitelist ~/.Mathematica
3whitelist ~/.Wolfram Research
4whitelist ~/Documents/Wolfram Mathematica
5include /etc/firejail/whitelist-common.inc
6include /etc/firejail/disable-mgmt.inc
7include /etc/firejail/disable-secret.inc
8include /etc/firejail/disable-common.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-terminals.inc
11caps.drop all
12seccomp
13noroot
diff --git a/etc/audacious.profile b/etc/audacious.profile
index fa9cbbc52..f9a48f33c 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index 4cd24fd0a..5eeddb815 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -3,6 +3,7 @@ noblacklist /sbin
3noblacklist /usr/sbin 3noblacklist /usr/sbin
4include /etc/firejail/disable-mgmt.inc 4include /etc/firejail/disable-mgmt.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-terminals.inc
6protocol unix,inet,inet6 7protocol unix,inet,inet6
7private 8private
8private-dev 9private-dev
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 76dc6b234..af2c740a8 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/chromium
3include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-terminals.inc
6 7
7# chromium is distributed with a perl script on Arch 8# chromium is distributed with a perl script on Arch
8# include /etc/firejail/disable-devel.inc 9# include /etc/firejail/disable-devel.inc
@@ -12,4 +13,5 @@ netfilter
12whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
13whitelist ~/.config/chromium 14whitelist ~/.config/chromium
14whitelist ~/.cache/chromium 15whitelist ~/.cache/chromium
16whitelist ~/.pki
15include /etc/firejail/whitelist-common.inc 17include /etc/firejail/whitelist-common.inc
diff --git a/etc/clementine.profile b/etc/clementine.profile
index e84d8f19a..c9c0ca724 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -2,7 +2,9 @@
2include /etc/firejail/disable-mgmt.inc 2include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-terminals.inc
5include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 8blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 9blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 10blacklist ${HOME}/.keepassx
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 7c1384523..09f491c61 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.conkeror.mozdev.org
3include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-terminals.inc
6caps.drop all 7caps.drop all
7seccomp 8seccomp
8protocol unix,inet,inet6 9protocol unix,inet,inet6
@@ -21,8 +22,4 @@ whitelist ~/.pentadactyl
21whitelist ~/.conkerorrc 22whitelist ~/.conkerorrc
22 23
23# common 24# common
24whitelist ~/.fonts 25include /etc/firejail/whitelist-common.inc
25whitelist ~/.fonts.d
26whitelist ~/.fontconfig
27whitelist ~/.fonts.conf
28whitelist ~/.fonts.conf.d
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 0d6e70a4a..35760bf13 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 4f76f3666..30e9f91ad 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index e7974f02d..d97740860 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -108,13 +108,19 @@ read-only ${HOME}/.csh_files
108# Initialization files that allow arbitrary command execution 108# Initialization files that allow arbitrary command execution
109read-only ${HOME}/.mailcap 109read-only ${HOME}/.mailcap
110read-only ${HOME}/.exrc 110read-only ${HOME}/.exrc
111read-only ${HOME}/_exrc
111read-only ${HOME}/.vimrc 112read-only ${HOME}/.vimrc
113read-only ${HOME}/_vimrc
114read-only ${HOME}/.gvimrc
115read-only ${HOME}/_gvimrc
112read-only ${HOME}/.vim 116read-only ${HOME}/.vim
113read-only ${HOME}/.emacs 117read-only ${HOME}/.emacs
114read-only ${HOME}/.tmux.conf 118read-only ${HOME}/.tmux.conf
115read-only ${HOME}/.iscreenrc 119read-only ${HOME}/.iscreenrc
116read-only ${HOME}/.muttrc 120read-only ${HOME}/.muttrc
121read-only ${HOME}/.mutt/muttrc
117read-only ${HOME}/.xmonad 122read-only ${HOME}/.xmonad
123read-only ${HOME}/.xscreensaver
118 124
119# The user ~/bin directory can override commands such as ls 125# The user ~/bin directory can override commands such as ls
120read-only ${HOME}/bin 126read-only ${HOME}/bin
diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc
index 8336b6b52..7d29cda31 100644
--- a/etc/disable-secret.inc
+++ b/etc/disable-secret.inc
@@ -1,9 +1,9 @@
1# HOME directory 1# HOME directory
2blacklist ${HOME}/.ssh 2blacklist ${HOME}/.ssh
3tmpfs ${HOME}/.gnome2_private
4blacklist ${HOME}/.gnome2/keyrings 3blacklist ${HOME}/.gnome2/keyrings
5blacklist ${HOME}/kde4/share/apps/kwallet 4blacklist ${HOME}/kde4/share/apps/kwallet
6blacklist ${HOME}/kde/share/apps/kwallet 5blacklist ${HOME}/kde/share/apps/kwallet
6blacklist ${HOME}/.local/share/kwalletd
7blacklist ${HOME}/.netrc 7blacklist ${HOME}/.netrc
8blacklist ${HOME}/.gnupg 8blacklist ${HOME}/.gnupg
9blacklist ${HOME}/*.kdbx 9blacklist ${HOME}/*.kdbx
diff --git a/etc/disable-terminals.inc b/etc/disable-terminals.inc
new file mode 100644
index 000000000..9631e7f62
--- /dev/null
+++ b/etc/disable-terminals.inc
@@ -0,0 +1,6 @@
1# disable terminals running as server
2blacklist ${PATH}/lxterminal
3blacklist ${PATH}/gnome-terminal
4blacklist ${PATH}/gnome-terminal.wrapper
5blacklist ${PATH}/xfce4-terminal
6blacklist ${PATH}/xfce4-terminal.wrapper
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index e0c5c93a3..0bc7ac78e 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -2,6 +2,10 @@
2noblacklist /sbin 2noblacklist /sbin
3noblacklist /usr/sbin 3noblacklist /usr/sbin
4include /etc/firejail/disable-mgmt.inc 4include /etc/firejail/disable-mgmt.inc
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-secret.inc
8include /etc/firejail/disable-terminals.inc
5private 9private
6private-dev 10private-dev
7seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open 11seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 248e3ac9e..9d2c612de 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -2,6 +2,7 @@
2include /etc/firejail/disable-mgmt.inc 2include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-terminals.inc
5blacklist ${HOME}/.pki/nssdb 6blacklist ${HOME}/.pki/nssdb
6blacklist ${HOME}/.lastpass 7blacklist ${HOME}/.lastpass
7blacklist ${HOME}/.keepassx 8blacklist ${HOME}/.keepassx
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 984bbc58e..7c96dc6fa 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.wine 7blacklist ${HOME}/.wine
7caps.drop all 8caps.drop all
8seccomp 9seccomp
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
new file mode 100644
index 000000000..e86a35258
--- /dev/null
+++ b/etc/epiphany.profile
@@ -0,0 +1,16 @@
1# Epiphany browser profile
2include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
7whitelist ${DOWNLOADS}
8whitelist ${HOME}/.local/share/epiphany
9whitelist ${HOME}/.config/epiphany
10whitelist ${HOME}/.cache/epiphany
11include /etc/firejail/whitelist-common.inc
12caps.drop all
13seccomp
14protocol unix,inet,inet6
15netfilter
16
diff --git a/etc/evince.profile b/etc/evince.profile
index 34d8162b3..070dc7be7 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index f94fc28df..a79f36398 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7blacklist ${HOME}/.pki/nssdb 8blacklist ${HOME}/.pki/nssdb
8blacklist ${HOME}/.lastpass 9blacklist ${HOME}/.lastpass
9blacklist ${HOME}/.keepassx 10blacklist ${HOME}/.keepassx
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index ba8649067..1462d134e 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -5,6 +5,7 @@ include /etc/firejail/disable-mgmt.inc
5include /etc/firejail/disable-secret.inc 5include /etc/firejail/disable-secret.inc
6include /etc/firejail/disable-common.inc 6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-devel.inc 7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-terminals.inc
8blacklist ${HOME}/.wine 9blacklist ${HOME}/.wine
9caps.drop all 10caps.drop all
10seccomp 11seccomp
diff --git a/etc/firefox.profile b/etc/firefox.profile
index a21093313..0946ebfbe 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7caps.drop all 8caps.drop all
8seccomp 9seccomp
9protocol unix,inet,inet6,netlink 10protocol unix,inet,inet6,netlink
@@ -23,6 +24,7 @@ whitelist ~/.pentadactyl
23whitelist ~/.keysnail.js 24whitelist ~/.keysnail.js
24whitelist ~/.config/gnome-mplayer 25whitelist ~/.config/gnome-mplayer
25whitelist ~/.cache/gnome-mplayer/plugin 26whitelist ~/.cache/gnome-mplayer/plugin
27whitelist ~/.pki
26include /etc/firejail/whitelist-common.inc 28include /etc/firejail/whitelist-common.inc
27 29
28# experimental features 30# experimental features
diff --git a/etc/generic.profile b/etc/generic.profile
index cc40ad27e..5618a555e 100644
--- a/etc/generic.profile
+++ b/etc/generic.profile
@@ -4,6 +4,7 @@
4include /etc/firejail/disable-mgmt.inc 4include /etc/firejail/disable-mgmt.inc
5include /etc/firejail/disable-secret.inc 5include /etc/firejail/disable-secret.inc
6include /etc/firejail/disable-common.inc 6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-terminals.inc
7blacklist ${HOME}/.pki/nssdb 8blacklist ${HOME}/.pki/nssdb
8blacklist ${HOME}/.lastpass 9blacklist ${HOME}/.lastpass
9blacklist ${HOME}/.keepassx 10blacklist ${HOME}/.keepassx
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 0a495b0b0..8062c859a 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index 6122876bf..f6b96575e 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/google-chrome-beta
3include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-terminals.inc
6 7
7# chromium is distributed with a perl script on Arch 8# chromium is distributed with a perl script on Arch
8# include /etc/firejail/disable-devel.inc 9# include /etc/firejail/disable-devel.inc
@@ -12,5 +13,6 @@ netfilter
12whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
13whitelist ~/.config/google-chrome-beta 14whitelist ~/.config/google-chrome-beta
14whitelist ~/.cache/google-chrome-beta 15whitelist ~/.cache/google-chrome-beta
16whitelist ~/.pki
15include /etc/firejail/whitelist-common.inc 17include /etc/firejail/whitelist-common.inc
16 18
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index 7b8b12d04..3054a63db 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/google-chrome-unstable
3include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-terminals.inc
6 7
7# chromium is distributed with a perl script on Arch 8# chromium is distributed with a perl script on Arch
8# include /etc/firejail/disable-devel.inc 9# include /etc/firejail/disable-devel.inc
@@ -12,5 +13,6 @@ netfilter
12whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
13whitelist ~/.config/google-chrome-unstable 14whitelist ~/.config/google-chrome-unstable
14whitelist ~/.cache/google-chrome-unstable 15whitelist ~/.cache/google-chrome-unstable
16whitelist ~/.pki
15include /etc/firejail/whitelist-common.inc 17include /etc/firejail/whitelist-common.inc
16 18
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 351490d7f..3d5a6ebbd 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/google-chrome
3include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-terminals.inc
6 7
7# chromium is distributed with a perl script on Arch 8# chromium is distributed with a perl script on Arch
8# include /etc/firejail/disable-devel.inc 9# include /etc/firejail/disable-devel.inc
@@ -12,4 +13,5 @@ netfilter
12whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
13whitelist ~/.config/google-chrome 14whitelist ~/.config/google-chrome
14whitelist ~/.cache/google-chrome 15whitelist ~/.cache/google-chrome
16whitelist ~/.pki
15include /etc/firejail/whitelist-common.inc 17include /etc/firejail/whitelist-common.inc
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 61c9ac5bb..35b98fde6 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7caps.drop all 8caps.drop all
8seccomp 9seccomp
9protocol unix,inet,inet6 10protocol unix,inet,inet6
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 05713755e..ca29675a0 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7blacklist ${HOME}/.pki/nssdb 8blacklist ${HOME}/.pki/nssdb
8blacklist ${HOME}/.lastpass 9blacklist ${HOME}/.lastpass
9blacklist ${HOME}/.keepassx 10blacklist ${HOME}/.keepassx
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
new file mode 100644
index 000000000..a614a8dbf
--- /dev/null
+++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
1# lxterminal (LXDE) profile
2
3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc
6blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx
9blacklist ${HOME}/.password-store
10caps.drop all
11seccomp
12protocol unix,inet,inet6
13netfilter
14
15#noroot - somehow this breaks on Debian Jessie!
16
17# lxterminal is a single-instence program
18# blacklist any existing lxterminal socket in order to force a second process instance
19blacklist /tmp/.lxterminal-socket*
diff --git a/etc/mathematica.profile b/etc/mathematica.profile
new file mode 100644
index 000000000..9410054ae
--- /dev/null
+++ b/etc/mathematica.profile
@@ -0,0 +1,2 @@
1# Mathematica profile
2include /etc/firejail/Mathematica.profile
diff --git a/etc/midori.profile b/etc/midori.profile
index 77a6fb984..e46a6baa2 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7caps.drop all 8caps.drop all
8seccomp 9seccomp
9protocol unix,inet,inet6 10protocol unix,inet,inet6
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
new file mode 100644
index 000000000..830531c04
--- /dev/null
+++ b/etc/mupen64plus.profile
@@ -0,0 +1,13 @@
1# mupen64plus profile
2# manually whitelist ROM files
3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
8whitelist ${HOME}/.local/share/mupen64plus/
9whitelist ${HOME}/.config/mupen64plus/
10noroot
11caps.drop all
12seccomp
13net none
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index c1672abce..783e8b0ef 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -4,10 +4,12 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7netfilter 8netfilter
8whitelist ~/.config/opera-beta 9whitelist ~/.config/opera-beta
9whitelist ${DOWNLOADS} 10whitelist ${DOWNLOADS}
10whitelist ~/.cache/opera-beta 11whitelist ~/.cache/opera-beta
12whitelist ~/.pki
11include /etc/firejail/whitelist-common.inc 13include /etc/firejail/whitelist-common.inc
12 14
13 15
diff --git a/etc/opera.profile b/etc/opera.profile
index a76806ed0..dd710a8fe 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -4,10 +4,12 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7netfilter 8netfilter
8whitelist ~/.config/opera 9whitelist ~/.config/opera
9whitelist ${DOWNLOADS} 10whitelist ${DOWNLOADS}
10whitelist ~/.cache/opera 11whitelist ~/.cache/opera
12whitelist ~/.pki
11include /etc/firejail/whitelist-common.inc 13include /etc/firejail/whitelist-common.inc
12 14
13 15
diff --git a/etc/parole.profile b/etc/parole.profile
index 24181c8d6..fd49bcf07 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6private-etc passwd,group,fonts 7private-etc passwd,group,fonts
7private-bin parole,dbus-launch 8private-bin parole,dbus-launch
8blacklist ${HOME}/.pki/nssdb 9blacklist ${HOME}/.pki/nssdb
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 3dd57b623..54bedccc8 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7blacklist ${HOME}/.wine 8blacklist ${HOME}/.wine
8caps.drop all 9caps.drop all
9seccomp 10seccomp
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index dd50c779e..c68eb716b 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/quassel.profile b/etc/quassel.profile
index cb97d0752..e8db77973 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.wine 7blacklist ${HOME}/.wine
7caps.drop all 8caps.drop all
8seccomp 9seccomp
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 9fc1fcb80..3326a34ed 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index c2c0356d9..7ba5677e9 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6caps.drop all 7caps.drop all
7seccomp 8seccomp
8protocol unix,inet,inet6 9protocol unix,inet,inet6
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile
index 55b64bdae..d585c719b 100644
--- a/etc/seamonkey-bin.profile
+++ b/etc/seamonkey-bin.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7caps.drop all 8caps.drop all
8seccomp 9seccomp
9protocol unix,inet,inet6,netlink 10protocol unix,inet,inet6,netlink
@@ -23,6 +24,7 @@ whitelist ~/.pentadactyl
23whitelist ~/.keysnail.js 24whitelist ~/.keysnail.js
24whitelist ~/.config/gnome-mplayer 25whitelist ~/.config/gnome-mplayer
25whitelist ~/.cache/gnome-mplayer/plugin 26whitelist ~/.cache/gnome-mplayer/plugin
27whitelist ~/.pki
26include /etc/firejail/whitelist-common.inc 28include /etc/firejail/whitelist-common.inc
27 29
28# experimental features 30# experimental features
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index 55b64bdae..d585c719b 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7caps.drop all 8caps.drop all
8seccomp 9seccomp
9protocol unix,inet,inet6,netlink 10protocol unix,inet,inet6,netlink
@@ -23,6 +24,7 @@ whitelist ~/.pentadactyl
23whitelist ~/.keysnail.js 24whitelist ~/.keysnail.js
24whitelist ~/.config/gnome-mplayer 25whitelist ~/.config/gnome-mplayer
25whitelist ~/.cache/gnome-mplayer/plugin 26whitelist ~/.cache/gnome-mplayer/plugin
27whitelist ~/.pki
26include /etc/firejail/whitelist-common.inc 28include /etc/firejail/whitelist-common.inc
27 29
28# experimental features 30# experimental features
diff --git a/etc/server.profile b/etc/server.profile
index 5b706df9a..5471aed91 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -5,5 +5,6 @@ noblacklist /usr/sbin
5include /etc/firejail/disable-mgmt.inc 5include /etc/firejail/disable-mgmt.inc
6private 6private
7private-dev 7private-dev
8private-tmp
8seccomp 9seccomp
9 10
diff --git a/etc/skype.profile b/etc/skype.profile
index 4d2d042cc..a33cc339d 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7caps.drop all 8caps.drop all
8netfilter 9netfilter
9noroot 10noroot
diff --git a/etc/steam.profile b/etc/steam.profile
index 5b9244567..dc17c7a0f 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -5,6 +5,7 @@ include /etc/firejail/disable-mgmt.inc
5include /etc/firejail/disable-secret.inc 5include /etc/firejail/disable-secret.inc
6include /etc/firejail/disable-common.inc 6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-devel.inc 7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-terminals.inc
8caps.drop all 9caps.drop all
9netfilter 10netfilter
10noroot 11noroot
diff --git a/etc/telegram.profile b/etc/telegram.profile
new file mode 100644
index 000000000..261da6397
--- /dev/null
+++ b/etc/telegram.profile
@@ -0,0 +1,15 @@
1# Telegram profile
2noblacklist ${HOME}/.TelegramDesktop
3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
8
9caps.drop all
10seccomp
11protocol unix,inet,inet6
12noroot
13
14whitelist ~/Downloads/Telegram Desktop
15whitelist ~/.TelegramDesktop
diff --git a/etc/totem.profile b/etc/totem.profile
index 52b9450c3..65c62695e 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index a66ab0d63..290de9445 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index ad23c62dc..6ff49e476 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
new file mode 100644
index 000000000..0430f12b4
--- /dev/null
+++ b/etc/uget-gtk.profile
@@ -0,0 +1,14 @@
1# uGet profile
2include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
7caps.drop all
8seccomp
9protocol unix,inet,inet6
10netfilter
11noroot
12whitelist ${DOWNLOADS}
13whitelist ~/.config/uGet
14include /etc/firejail/whitelist-common.inc
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 4dd00178b..c4f009159 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -2,6 +2,10 @@
2noblacklist /sbin 2noblacklist /sbin
3noblacklist /usr/sbin 3noblacklist /usr/sbin
4include /etc/firejail/disable-mgmt.inc 4include /etc/firejail/disable-mgmt.inc
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-secret.inc
8include /etc/firejail/disable-terminals.inc
5private 9private
6private-dev 10private-dev
7seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open 11seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 37ff29308..028de0ad1 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc
3include /etc/firejail/disable-secret.inc 3include /etc/firejail/disable-secret.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-devel.inc 5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-terminals.inc
6blacklist ${HOME}/.pki/nssdb 7blacklist ${HOME}/.pki/nssdb
7blacklist ${HOME}/.lastpass 8blacklist ${HOME}/.lastpass
8blacklist ${HOME}/.keepassx 9blacklist ${HOME}/.keepassx
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 79e3ae774..218df3b33 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.weechat
3include /etc/firejail/disable-mgmt.inc 3include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-common.inc 4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-secret.inc 5include /etc/firejail/disable-secret.inc
6include /etc/firejail/disable-terminals.inc
6caps.drop all 7caps.drop all
7seccomp 8seccomp
8protocol unix,inet,inet6 9protocol unix,inet,inet6
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 97105e0b4..5a96c7fc4 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -4,6 +4,7 @@ whitelist ~/.config/mimeapps.list
4whitelist ~/.icons 4whitelist ~/.icons
5whitelist ~/.config/user-dirs.dirs 5whitelist ~/.config/user-dirs.dirs
6read-only ~/.config/user-dirs.dirs 6read-only ~/.config/user-dirs.dirs
7whitelist ~/.asoundrc
7 8
8# fonts 9# fonts
9whitelist ~/.fonts 10whitelist ~/.fonts
@@ -12,6 +13,7 @@ whitelist ~/.fontconfig
12whitelist ~/.fonts.conf 13whitelist ~/.fonts.conf
13whitelist ~/.fonts.conf.d 14whitelist ~/.fonts.conf.d
14whitelist ~/.config/fontconfig 15whitelist ~/.config/fontconfig
16whitelist ~/.cache/fontconfig
15 17
16# gtk 18# gtk
17whitelist ~/.gtkrc 19whitelist ~/.gtkrc
diff --git a/etc/wine.profile b/etc/wine.profile
index 8a7f66773..ae1f5d1b6 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -6,6 +6,7 @@ include /etc/firejail/disable-mgmt.inc
6include /etc/firejail/disable-secret.inc 6include /etc/firejail/disable-secret.inc
7include /etc/firejail/disable-common.inc 7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-devel.inc 8include /etc/firejail/disable-devel.inc
9include /etc/firejail/disable-terminals.inc
9caps.drop all 10caps.drop all
10netfilter 11netfilter
11noroot 12noroot
diff --git a/etc/xchat.profile b/etc/xchat.profile
index 37e1371e6..be68e0add 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc
4include /etc/firejail/disable-secret.inc 4include /etc/firejail/disable-secret.inc
5include /etc/firejail/disable-common.inc 5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-devel.inc 6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-terminals.inc
7blacklist ${HOME}/.wine 8blacklist ${HOME}/.wine
8caps.drop all 9caps.drop all
9seccomp 10seccomp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 05:27:07 +0000