12 files changed, 27 insertions, 0 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 9be99e68a..0c7058a11 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -23,6 +23,7 @@ whitelist ~/.config/chromium
 whitelist ~/.config/chromium-flags.conf
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.keep sys_chroot,sys_admin
 netfilter
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 1bd45ebd1..f65b020a9 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -59,6 +59,7 @@ whitelist ~/.wine-pipelight64
 whitelist ~/.zotero
 whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 37f147f0f..dbc22a889 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc
 mkdir ~/.config/galculator
 whitelist ~/.config/galculator
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 net none
diff --git a/etc/gimp.profile b/etc/gimp.profile
index aa77d6105..292c2aac9 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -11,6 +11,8 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 net none
 nodvd
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 1d24f5d7d..3266d8230 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 nodvd
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
index e7557651b..c9addba21 100644
--- a/etc/leafpad.profile
+++ b/etc/leafpad.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index 36365fc2f..60205ffda 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 nodvd
diff --git a/etc/mpv.profile b/etc/mpv.profile
index 0592751ef..eb8a88a4b 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 nogroups
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 0bb721c64..6a8d6c679 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -19,6 +19,7 @@ whitelist  ${DOWNLOADS}
 whitelist ~/.cache/transmission
 whitelist ~/.config/transmission
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 08964bbab..4db8e19ce 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -19,6 +19,7 @@ whitelist  ${DOWNLOADS}
 whitelist ~/.cache/transmission
 whitelist ~/.config/transmission
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
diff --git a/etc/vlc.profile b/etc/vlc.profile
index bccde7a3d..c3a4d58d0 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 netfilter
 # nogroups
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc
new file mode 100644
index 000000000..67c2a14c2
--- /dev/null
+++ b/etc/whitelist-var-common.inc
@@ -0,0 +1,10 @@
+# Local customizations come here
+include /etc/firejail/whitelist-var-common.local
+# common /var whitelist for all profiles
+whitelist /var/lib/dbus/machine-id
+whitelist /var/lib/menu-xdg
+whitelist /var/cache/fontconfig
+whitelist /var/tmp
+whitelist /var/run

diff --git a/etc/chromium.profile b/etc/chromium.profile index 9be99e68a..0c7058a11 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile
@@ -23,6 +23,7 @@ whitelist ~/.config/chromium
23	whitelist ~/.config/chromium-flags.conf	23	whitelist ~/.config/chromium-flags.conf
24	whitelist ~/.pki	24	whitelist ~/.pki
25	include /etc/firejail/whitelist-common.inc	25	include /etc/firejail/whitelist-common.inc
		26	include /etc/firejail/whitelist-var-common.inc
26		27
27	caps.keep sys_chroot,sys_admin	28	caps.keep sys_chroot,sys_admin
28	netfilter	29	netfilter


diff --git a/etc/firefox.profile b/etc/firefox.profile index 1bd45ebd1..f65b020a9 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -59,6 +59,7 @@ whitelist ~/.wine-pipelight64
59	whitelist ~/.zotero	59	whitelist ~/.zotero
60	whitelist ~/dwhelper	60	whitelist ~/dwhelper
61	include /etc/firejail/whitelist-common.inc	61	include /etc/firejail/whitelist-common.inc
		62	include /etc/firejail/whitelist-var-common.inc
62		63
63	caps.drop all	64	caps.drop all
64	netfilter	65	netfilter


diff --git a/etc/galculator.profile b/etc/galculator.profile index 37f147f0f..dbc22a889 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc
15	mkdir ~/.config/galculator	15	mkdir ~/.config/galculator
16	whitelist ~/.config/galculator	16	whitelist ~/.config/galculator
17	include /etc/firejail/whitelist-common.inc	17	include /etc/firejail/whitelist-common.inc
		18	include /etc/firejail/whitelist-var-common.inc
18		19
19	caps.drop all	20	caps.drop all
20	net none	21	net none


diff --git a/etc/gimp.profile b/etc/gimp.profile index aa77d6105..292c2aac9 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile
@@ -11,6 +11,8 @@ include /etc/firejail/disable-common.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12	include /etc/firejail/disable-programs.inc	12	include /etc/firejail/disable-programs.inc
13		13
		14	include /etc/firejail/whitelist-var-common.inc
		15
14	caps.drop all	16	caps.drop all
15	net none	17	net none
16	nodvd	18	nodvd


diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 1d24f5d7d..3266d8230 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	netfilter	18	netfilter
17	nodvd	19	nodvd


diff --git a/etc/leafpad.profile b/etc/leafpad.profile index e7557651b..c9addba21 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	netfilter	18	netfilter
17	no3d	19	no3d


diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 36365fc2f..60205ffda 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	netfilter	18	netfilter
17	nodvd	19	nodvd


diff --git a/etc/mpv.profile b/etc/mpv.profile index 0592751ef..eb8a88a4b 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc
13	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc
14	include /etc/firejail/disable-programs.inc	14	include /etc/firejail/disable-programs.inc
15		15
		16	include /etc/firejail/whitelist-var-common.inc
		17
16	caps.drop all	18	caps.drop all
17	netfilter	19	netfilter
18	nogroups	20	nogroups


diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0bb721c64..6a8d6c679 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile
@@ -19,6 +19,7 @@ whitelist ${DOWNLOADS}
19	whitelist ~/.cache/transmission	19	whitelist ~/.cache/transmission
20	whitelist ~/.config/transmission	20	whitelist ~/.config/transmission
21	include /etc/firejail/whitelist-common.inc	21	include /etc/firejail/whitelist-common.inc
		22	include /etc/firejail/whitelist-var-common.inc
22		23
23	caps.drop all	24	caps.drop all
24	netfilter	25	netfilter


diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 08964bbab..4db8e19ce 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile
@@ -19,6 +19,7 @@ whitelist ${DOWNLOADS}
19	whitelist ~/.cache/transmission	19	whitelist ~/.cache/transmission
20	whitelist ~/.config/transmission	20	whitelist ~/.config/transmission
21	include /etc/firejail/whitelist-common.inc	21	include /etc/firejail/whitelist-common.inc
		22	include /etc/firejail/whitelist-var-common.inc
22		23
23	caps.drop all	24	caps.drop all
24	netfilter	25	netfilter


diff --git a/etc/vlc.profile b/etc/vlc.profile index bccde7a3d..c3a4d58d0 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	netfilter	18	netfilter
17	# nogroups	19	# nogroups


diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc new file mode 100644 index 000000000..67c2a14c2 --- /dev/null +++ b/etc/whitelist-var-common.inc
@@ -0,0 +1,10 @@
		1	# Local customizations come here
		2	include /etc/firejail/whitelist-var-common.local
		3
		4	# common /var whitelist for all profiles
		5
		6	whitelist /var/lib/dbus/machine-id
		7	whitelist /var/lib/menu-xdg
		8	whitelist /var/cache/fontconfig
		9	whitelist /var/tmp
		10	whitelist /var/run