diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/disable-programs.inc | 4 | ||||
| -rw-r--r-- | etc/profile-a-l/awesome.profile | 4 | ||||
| -rw-r--r-- | etc/profile-a-l/blackbox.profile | 4 | ||||
| -rw-r--r-- | etc/profile-a-l/fluxbox.profile | 4 | ||||
| -rw-r--r-- | etc/profile-a-l/i3.profile | 4 | ||||
| -rw-r--r-- | etc/profile-m-z/openbox.profile | 4 | ||||
| -rw-r--r-- | etc/profile-m-z/ytmdesktop.profile | 2 | ||||
| -rw-r--r-- | etc/templates/profile.template | 2 |
8 files changed, 16 insertions, 12 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 698ee7eca..5e253f232 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
| @@ -116,6 +116,7 @@ blacklist ${HOME}/.cache/fossamail | |||
| 116 | blacklist ${HOME}/.cache/fractal | 116 | blacklist ${HOME}/.cache/fractal |
| 117 | blacklist ${HOME}/.cache/freecol | 117 | blacklist ${HOME}/.cache/freecol |
| 118 | blacklist ${HOME}/.cache/gajim | 118 | blacklist ${HOME}/.cache/gajim |
| 119 | blacklist ${HOME}/.cache/gdfuse | ||
| 119 | blacklist ${HOME}/.cache/geary | 120 | blacklist ${HOME}/.cache/geary |
| 120 | blacklist ${HOME}/.cache/geeqie | 121 | blacklist ${HOME}/.cache/geeqie |
| 121 | blacklist ${HOME}/.cache/gegl-0.4 | 122 | blacklist ${HOME}/.cache/gegl-0.4 |
| @@ -436,6 +437,7 @@ blacklist ${HOME}/.config/gajim | |||
| 436 | blacklist ${HOME}/.config/galculator | 437 | blacklist ${HOME}/.config/galculator |
| 437 | blacklist ${HOME}/.config/gallery-dl | 438 | blacklist ${HOME}/.config/gallery-dl |
| 438 | blacklist ${HOME}/.config/gconf | 439 | blacklist ${HOME}/.config/gconf |
| 440 | blacklist ${HOME}/.config/gdfuse | ||
| 439 | blacklist ${HOME}/.config/geany | 441 | blacklist ${HOME}/.config/geany |
| 440 | blacklist ${HOME}/.config/geary | 442 | blacklist ${HOME}/.config/geary |
| 441 | blacklist ${HOME}/.config/gedit | 443 | blacklist ${HOME}/.config/gedit |
| @@ -708,6 +710,7 @@ blacklist ${HOME}/.frozen-bubble | |||
| 708 | blacklist ${HOME}/.funnyboat | 710 | blacklist ${HOME}/.funnyboat |
| 709 | blacklist ${HOME}/.g8 | 711 | blacklist ${HOME}/.g8 |
| 710 | blacklist ${HOME}/.gallery-dl.conf | 712 | blacklist ${HOME}/.gallery-dl.conf |
| 713 | blacklist ${HOME}/.gdfuse | ||
| 711 | blacklist ${HOME}/.geekbench5 | 714 | blacklist ${HOME}/.geekbench5 |
| 712 | blacklist ${HOME}/.gimp* | 715 | blacklist ${HOME}/.gimp* |
| 713 | blacklist ${HOME}/.gist | 716 | blacklist ${HOME}/.gist |
| @@ -898,6 +901,7 @@ blacklist ${HOME}/.local/share/feral-interactive | |||
| 898 | blacklist ${HOME}/.local/share/five-or-more | 901 | blacklist ${HOME}/.local/share/five-or-more |
| 899 | blacklist ${HOME}/.local/share/freecol | 902 | blacklist ${HOME}/.local/share/freecol |
| 900 | blacklist ${HOME}/.local/share/gajim | 903 | blacklist ${HOME}/.local/share/gajim |
| 904 | blacklist ${HOME}/.local/share/gdfuse | ||
| 901 | blacklist ${HOME}/.local/share/geary | 905 | blacklist ${HOME}/.local/share/geary |
| 902 | blacklist ${HOME}/.local/share/geeqie | 906 | blacklist ${HOME}/.local/share/geeqie |
| 903 | blacklist ${HOME}/.local/share/ghostwriter | 907 | blacklist ${HOME}/.local/share/ghostwriter |
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index ee9280fe8..d8c073c8d 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
| @@ -14,7 +14,7 @@ caps.drop all | |||
| 14 | netfilter | 14 | netfilter |
| 15 | noroot | 15 | noroot |
| 16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
| 17 | seccomp | 17 | seccomp !chroot |
| 18 | 18 | ||
| 19 | read-only ${HOME}/.config/awesome/autorun.sh | 19 | read-only ${HOME}/.config/awesome/autorun.sh |
| 20 | restrict-namespaces | 20 | #restrict-namespaces |
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 753254ffc..f89026899 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
| @@ -14,6 +14,6 @@ caps.drop all | |||
| 14 | netfilter | 14 | netfilter |
| 15 | noroot | 15 | noroot |
| 16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
| 17 | seccomp | 17 | seccomp !chroot |
| 18 | 18 | ||
| 19 | restrict-namespaces | 19 | #restrict-namespaces |
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 2ae87be48..af55ffc89 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
| @@ -14,6 +14,6 @@ caps.drop all | |||
| 14 | netfilter | 14 | netfilter |
| 15 | noroot | 15 | noroot |
| 16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
| 17 | seccomp | 17 | seccomp !chroot |
| 18 | 18 | ||
| 19 | restrict-namespaces | 19 | #restrict-namespaces |
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index a0c3f2d97..2268072ef 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
| @@ -14,6 +14,6 @@ caps.drop all | |||
| 14 | netfilter | 14 | netfilter |
| 15 | noroot | 15 | noroot |
| 16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
| 17 | seccomp | 17 | seccomp !chroot |
| 18 | 18 | ||
| 19 | restrict-namespaces | 19 | #restrict-namespaces |
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index 6a256593c..2da867dec 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile | |||
| @@ -14,8 +14,8 @@ caps.drop all | |||
| 14 | netfilter | 14 | netfilter |
| 15 | noroot | 15 | noroot |
| 16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
| 17 | seccomp | 17 | seccomp !chroot |
| 18 | 18 | ||
| 19 | read-only ${HOME}/.config/openbox/autostart | 19 | read-only ${HOME}/.config/openbox/autostart |
| 20 | read-only ${HOME}/.config/openbox/environment | 20 | read-only ${HOME}/.config/openbox/environment |
| 21 | restrict-namespaces | 21 | #restrict-namespaces |
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index 59b6e2543..aa466871c 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | # Firejail profile for ytmdesktop | 1 | # Firejail profile for ytmdesktop |
| 2 | # Description: Unofficial electron based desktop warpper for YouTube Music | 2 | # Description: Unofficial electron based desktop wrapper for YouTube Music |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include youtube.local | 5 | include youtube.local |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 59083f660..fd328f36c 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
| @@ -214,7 +214,7 @@ include globals.local | |||
| 214 | # - In order to make dconf work (when used by the app) you need to allow | 214 | # - In order to make dconf work (when used by the app) you need to allow |
| 215 | # 'ca.desrt.dconf' even when not allowed by flatpak. | 215 | # 'ca.desrt.dconf' even when not allowed by flatpak. |
| 216 | # Notes and policies about addresses can be found at | 216 | # Notes and policies about addresses can be found at |
| 217 | # <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus> | 217 | # <https://github.com/netblue30/firejail/wiki/Restrict-DBus> |
| 218 | #dbus-user filter | 218 | #dbus-user filter |
| 219 | #dbus-user.own com.github.netblue30.firejail | 219 | #dbus-user.own com.github.netblue30.firejail |
| 220 | #dbus-user.talk ca.desrt.dconf | 220 | #dbus-user.talk ca.desrt.dconf |