diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/default.profile | 2 | ||||
-rw-r--r-- | etc/dia.profile | 26 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/fontforge.profile | 26 | ||||
-rw-r--r-- | etc/geany.profile | 26 | ||||
-rw-r--r-- | etc/hugin.profile | 27 |
6 files changed, 110 insertions, 1 deletions
diff --git a/etc/default.profile b/etc/default.profile index 66b04896f..484c1cd8e 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -25,4 +25,4 @@ seccomp | |||
25 | # private-etc none | 25 | # private-etc none |
26 | # private-dev | 26 | # private-dev |
27 | # private-tmp | 27 | # private-tmp |
28 | 28 | # nosound | |
diff --git a/etc/dia.profile b/etc/dia.profile new file mode 100644 index 000000000..3c01e9a0b --- /dev/null +++ b/etc/dia.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/dia.local | ||
4 | |||
5 | noblacklist ~/.dia | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | |||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 18b644987..285a7f7e3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution | |||
74 | blacklist ${HOME}/.config/filezilla | 74 | blacklist ${HOME}/.config/filezilla |
75 | blacklist ${HOME}/.config/flowblade | 75 | blacklist ${HOME}/.config/flowblade |
76 | blacklist ${HOME}/.config/gajim | 76 | blacklist ${HOME}/.config/gajim |
77 | blacklist ${HOME}/.config/geany | ||
77 | blacklist ${HOME}/.config/geeqie | 78 | blacklist ${HOME}/.config/geeqie |
78 | blacklist ${HOME}/.config/gedit | 79 | blacklist ${HOME}/.config/gedit |
79 | blacklist ${HOME}/.config/globaltime | 80 | blacklist ${HOME}/.config/globaltime |
@@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer | |||
148 | blacklist ${HOME}/.config/zathura | 149 | blacklist ${HOME}/.config/zathura |
149 | blacklist ${HOME}/.config/zoomus.conf | 150 | blacklist ${HOME}/.config/zoomus.conf |
150 | blacklist ${HOME}/.conkeror.mozdev.org | 151 | blacklist ${HOME}/.conkeror.mozdev.org |
152 | blacklist ${HOME}/.dia | ||
151 | blacklist ${HOME}/.dillo | 153 | blacklist ${HOME}/.dillo |
152 | blacklist ${HOME}/.dosbox | 154 | blacklist ${HOME}/.dosbox |
153 | blacklist ${HOME}/.dropbox-dist | 155 | blacklist ${HOME}/.dropbox-dist |
@@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d | |||
158 | blacklist ${HOME}/.filezilla | 160 | blacklist ${HOME}/.filezilla |
159 | blacklist ${HOME}/.flowblade | 161 | blacklist ${HOME}/.flowblade |
160 | blacklist ${HOME}/.fltk | 162 | blacklist ${HOME}/.fltk |
163 | blacklist ${HOME}/.FontForge | ||
161 | blacklist ${HOME}/.gimp* | 164 | blacklist ${HOME}/.gimp* |
162 | blacklist ${HOME}/.git-credential-cache | 165 | blacklist ${HOME}/.git-credential-cache |
163 | blacklist ${HOME}/.gitconfig | 166 | blacklist ${HOME}/.gitconfig |
@@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml | |||
167 | blacklist ${HOME}/.googleearth/myplaces.kml | 170 | blacklist ${HOME}/.googleearth/myplaces.kml |
168 | blacklist ${HOME}/.guayadeque | 171 | blacklist ${HOME}/.guayadeque |
169 | blacklist ${HOME}/.hedgewars | 172 | blacklist ${HOME}/.hedgewars |
173 | blacklist ${HOME}/.hugin | ||
170 | blacklist ${HOME}/.icedove | 174 | blacklist ${HOME}/.icedove |
171 | blacklist ${HOME}/.inkscape | 175 | blacklist ${HOME}/.inkscape |
172 | blacklist ${HOME}/.jitsi | 176 | blacklist ${HOME}/.jitsi |
diff --git a/etc/fontforge.profile b/etc/fontforge.profile new file mode 100644 index 000000000..014d15650 --- /dev/null +++ b/etc/fontforge.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/fontforge.local | ||
4 | |||
5 | noblacklist ${HOME}/.FontForge | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | |||
diff --git a/etc/geany.profile b/etc/geany.profile new file mode 100644 index 000000000..8ccc44dc1 --- /dev/null +++ b/etc/geany.profile | |||
@@ -0,0 +1,26 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/geany.local | ||
4 | |||
5 | noblacklist ${HOME}/.config/geany | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | |||
diff --git a/etc/hugin.profile b/etc/hugin.profile new file mode 100644 index 000000000..d2ad16c0e --- /dev/null +++ b/etc/hugin.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/hugin.local | ||
4 | |||
5 | noblacklist ${HOME}/.hugin | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on you usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | private-dev | ||
25 | private-tmp | ||
26 | nosound | ||
27 | |||