diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/android-studio.profile | 37 | ||||
-rw-r--r-- | etc/arduino.profile | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 8 | ||||
-rw-r--r-- | etc/exiftool.profile | 1 | ||||
-rw-r--r-- | etc/idea.sh.profile | 37 | ||||
-rw-r--r-- | etc/jd-gui.profile | 1 | ||||
-rw-r--r-- | etc/libreoffice.profile | 1 | ||||
-rw-r--r-- | etc/multimc5.profile | 1 | ||||
-rw-r--r-- | etc/pdfsam.profile | 1 | ||||
-rw-r--r-- | etc/silentarmy.profile | 33 | ||||
-rw-r--r-- | etc/steam.profile | 5 |
11 files changed, 125 insertions, 1 deletions
diff --git a/etc/android-studio.profile b/etc/android-studio.profile new file mode 100644 index 000000000..68a3cdc85 --- /dev/null +++ b/etc/android-studio.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/android-studio.local | ||
7 | |||
8 | # Firejail profile for Android Studio | ||
9 | |||
10 | noblacklist ${HOME}/.AndroidStudio* | ||
11 | noblacklist ${HOME}/.android | ||
12 | noblacklist ${HOME}/.gitconfig | ||
13 | noblacklist ${HOME}/.gradle | ||
14 | noblacklist ${HOME}/.java | ||
15 | noblacklist ${HOME}/.local/share/JetBrains | ||
16 | noblacklist ${HOME}/.ssh | ||
17 | noblacklist ${HOME}/.tooling | ||
18 | |||
19 | include /etc/firejail/disable-common.inc | ||
20 | include /etc/firejail/disable-passwdmgr.inc | ||
21 | include /etc/firejail/disable-programs.inc | ||
22 | |||
23 | caps.drop all | ||
24 | netfilter | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | #nosound | ||
29 | novideo | ||
30 | protocol unix,inet,inet6 | ||
31 | seccomp | ||
32 | shell none | ||
33 | |||
34 | private-dev | ||
35 | #private-tmp | ||
36 | |||
37 | noexec /tmp | ||
diff --git a/etc/arduino.profile b/etc/arduino.profile index 60c071c01..ff605501d 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/arduino.local | |||
8 | # Firejail profile for arduino | 8 | # Firejail profile for arduino |
9 | noblacklist ${HOME}/.arduino15 | 9 | noblacklist ${HOME}/.arduino15 |
10 | noblacklist ${HOME}/Arduino | 10 | noblacklist ${HOME}/Arduino |
11 | noblacklist ${HOME}/.java | ||
11 | 12 | ||
12 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 655a44a04..3c98b8ac3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -4,8 +4,10 @@ include /etc/firejail/disable-programs.local | |||
4 | 4 | ||
5 | blacklist ${HOME}/.*coin | 5 | blacklist ${HOME}/.*coin |
6 | blacklist ${HOME}/.8pecxstudios | 6 | blacklist ${HOME}/.8pecxstudios |
7 | blacklist ${HOME}/.AndroidStudio* | ||
7 | blacklist ${HOME}/.Atom | 8 | blacklist ${HOME}/.Atom |
8 | blacklist ${HOME}/.FBReader | 9 | blacklist ${HOME}/.FBReader |
10 | blacklist ${HOME}/.IdeaIC* | ||
9 | blacklist ${HOME}/.LuminanceHDR | 11 | blacklist ${HOME}/.LuminanceHDR |
10 | blacklist ${HOME}/.Mathematica | 12 | blacklist ${HOME}/.Mathematica |
11 | blacklist ${HOME}/.Natron | 13 | blacklist ${HOME}/.Natron |
@@ -16,6 +18,7 @@ blacklist ${HOME}/.Steampid | |||
16 | blacklist ${HOME}/.TelegramDesktop | 18 | blacklist ${HOME}/.TelegramDesktop |
17 | blacklist ${HOME}/.VirtualBox | 19 | blacklist ${HOME}/.VirtualBox |
18 | blacklist ${HOME}/.Wolfram Research | 20 | blacklist ${HOME}/.Wolfram Research |
21 | blacklist ${HOME}/.android | ||
19 | blacklist ${HOME}/.arduino15 | 22 | blacklist ${HOME}/.arduino15 |
20 | blacklist ${HOME}/.atom | 23 | blacklist ${HOME}/.atom |
21 | blacklist ${HOME}/.attic | 24 | blacklist ${HOME}/.attic |
@@ -192,11 +195,13 @@ blacklist ${HOME}/.googleearth/Cache/ | |||
192 | blacklist ${HOME}/.googleearth/Temp/ | 195 | blacklist ${HOME}/.googleearth/Temp/ |
193 | blacklist ${HOME}/.googleearth/myplaces.backup.kml | 196 | blacklist ${HOME}/.googleearth/myplaces.backup.kml |
194 | blacklist ${HOME}/.googleearth/myplaces.kml | 197 | blacklist ${HOME}/.googleearth/myplaces.kml |
198 | blacklist ${HOME}/.gradle | ||
195 | blacklist ${HOME}/.guayadeque | 199 | blacklist ${HOME}/.guayadeque |
196 | blacklist ${HOME}/.hedgewars | 200 | blacklist ${HOME}/.hedgewars |
197 | blacklist ${HOME}/.hugin | 201 | blacklist ${HOME}/.hugin |
198 | blacklist ${HOME}/.icedove | 202 | blacklist ${HOME}/.icedove |
199 | blacklist ${HOME}/.inkscape | 203 | blacklist ${HOME}/.inkscape |
204 | blacklist ${HOME}/.java | ||
200 | blacklist ${HOME}/.jitsi | 205 | blacklist ${HOME}/.jitsi |
201 | blacklist ${HOME}/.kde4/share/apps/gwenview | 206 | blacklist ${HOME}/.kde4/share/apps/gwenview |
202 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 207 | blacklist ${HOME}/.kde4/share/apps/kcookiejar |
@@ -249,6 +254,7 @@ blacklist ${HOME}/.local/share/0ad | |||
249 | blacklist ${HOME}/.local/share/3909/PapersPlease | 254 | blacklist ${HOME}/.local/share/3909/PapersPlease |
250 | blacklist ${HOME}/.local/share/akregator | 255 | blacklist ${HOME}/.local/share/akregator |
251 | blacklist ${HOME}/.local/share/Empathy | 256 | blacklist ${HOME}/.local/share/Empathy |
257 | blacklist ${HOME}/.local/share/JetBrains | ||
252 | blacklist ${HOME}/.local/share/Mumble | 258 | blacklist ${HOME}/.local/share/Mumble |
253 | blacklist ${HOME}/.local/share/QuiteRss | 259 | blacklist ${HOME}/.local/share/QuiteRss |
254 | blacklist ${HOME}/.local/share/Ricochet | 260 | blacklist ${HOME}/.local/share/Ricochet |
@@ -338,6 +344,7 @@ blacklist ${HOME}/.sylpheed-2.0 | |||
338 | blacklist ${HOME}/.synfig | 344 | blacklist ${HOME}/.synfig |
339 | blacklist ${HOME}/.tconn | 345 | blacklist ${HOME}/.tconn |
340 | blacklist ${HOME}/.thunderbird | 346 | blacklist ${HOME}/.thunderbird |
347 | blacklist ${HOME}/.tooling | ||
341 | blacklist ${HOME}/.ts3client | 348 | blacklist ${HOME}/.ts3client |
342 | blacklist ${HOME}/.viking | 349 | blacklist ${HOME}/.viking |
343 | blacklist ${HOME}/.viking-maps | 350 | blacklist ${HOME}/.viking-maps |
@@ -387,6 +394,7 @@ blacklist ${HOME}/.cache/netsurf | |||
387 | blacklist ${HOME}/.cache/opera | 394 | blacklist ${HOME}/.cache/opera |
388 | blacklist ${HOME}/.cache/opera-beta | 395 | blacklist ${HOME}/.cache/opera-beta |
389 | blacklist ${HOME}/.cache/org.gnome.Books | 396 | blacklist ${HOME}/.cache/org.gnome.Books |
397 | blacklist ${HOME}/.cache/peek | ||
390 | blacklist ${HOME}/.cache/qBittorrent | 398 | blacklist ${HOME}/.cache/qBittorrent |
391 | blacklist ${HOME}/.cache/qutebrowser | 399 | blacklist ${HOME}/.cache/qutebrowser |
392 | blacklist ${HOME}/.cache/simple-scan | 400 | blacklist ${HOME}/.cache/simple-scan |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 729dabeb7..aba484718 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -1,3 +1,4 @@ | |||
1 | quiet | ||
1 | # Persistent global definitions go here | 2 | # Persistent global definitions go here |
2 | include /etc/firejail/globals.local | 3 | include /etc/firejail/globals.local |
3 | 4 | ||
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile new file mode 100644 index 000000000..771131262 --- /dev/null +++ b/etc/idea.sh.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/idea.sh.local | ||
7 | |||
8 | # Firejail profile for IntelliJ IDEA Community Edition | ||
9 | |||
10 | noblacklist ${HOME}/.android | ||
11 | noblacklist ${HOME}/.gitconfig | ||
12 | noblacklist ${HOME}/.gradle | ||
13 | noblacklist ${HOME}/.IdeaIC* | ||
14 | noblacklist ${HOME}/.java | ||
15 | noblacklist ${HOME}/.local/share/JetBrains | ||
16 | noblacklist ${HOME}/.ssh | ||
17 | noblacklist ${HOME}/.tooling | ||
18 | |||
19 | include /etc/firejail/disable-common.inc | ||
20 | include /etc/firejail/disable-passwdmgr.inc | ||
21 | include /etc/firejail/disable-programs.inc | ||
22 | |||
23 | caps.drop all | ||
24 | netfilter | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | #nosound | ||
29 | novideo | ||
30 | protocol unix,inet,inet6 | ||
31 | seccomp | ||
32 | shell none | ||
33 | |||
34 | private-dev | ||
35 | #private-tmp | ||
36 | |||
37 | noexec /tmp | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index a96eedee6..32b43cdf1 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/jd-gui.local | |||
10 | # | 10 | # |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/jd-gui.cfg | 12 | noblacklist ${HOME}/.config/jd-gui.cfg |
13 | noblacklist ${HOME}/.java | ||
13 | 14 | ||
14 | #Blacklist Paths | 15 | #Blacklist Paths |
15 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 90d87df2f..fe5861e4a 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/libreoffice.local | |||
7 | 7 | ||
8 | # Firejail profile for LibreOffice | 8 | # Firejail profile for LibreOffice |
9 | noblacklist ~/.config/libreoffice | 9 | noblacklist ~/.config/libreoffice |
10 | noblacklist ${HOME}/.java | ||
10 | noblacklist /usr/local/sbin | 11 | noblacklist /usr/local/sbin |
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index e45ab9cba..6b0696064 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/multimc5.local | |||
10 | # | 10 | # |
11 | 11 | ||
12 | #No Blacklist Paths | 12 | #No Blacklist Paths |
13 | noblacklist ${HOME}/.java | ||
13 | noblacklist ${HOME}/.local/share/multimc5 | 14 | noblacklist ${HOME}/.local/share/multimc5 |
14 | noblacklist ${HOME}/.multimc5 | 15 | noblacklist ${HOME}/.multimc5 |
15 | 16 | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 611ca3775..b46ac9294 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -8,6 +8,7 @@ include /etc/firejail/pdfsam.local | |||
8 | # | 8 | # |
9 | #Profile for pdfsam | 9 | #Profile for pdfsam |
10 | # | 10 | # |
11 | noblacklist ${HOME}/.java | ||
11 | 12 | ||
12 | #Blacklist Paths | 13 | #Blacklist Paths |
13 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile new file mode 100644 index 000000000..bcad82b5d --- /dev/null +++ b/etc/silentarmy.profile | |||
@@ -0,0 +1,33 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/silentarmy.local | ||
7 | |||
8 | # Firejail profile for SILENTARMY | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | #include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | netfilter | ||
17 | nogroups | ||
18 | nonewprivs | ||
19 | noroot | ||
20 | nosound | ||
21 | novideo | ||
22 | protocol unix,inet,inet6 | ||
23 | seccomp | ||
24 | shell none | ||
25 | |||
26 | disable-mnt | ||
27 | private | ||
28 | #private-bin silentarmy,sa-solver,python3 | ||
29 | private-dev | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/etc/steam.profile b/etc/steam.profile index e2dc6216b..9eaa6a83b 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/globals.local | |||
6 | include /etc/firejail/steam.local | 6 | include /etc/firejail/steam.local |
7 | 7 | ||
8 | # Steam profile (applies to games/apps launched from Steam as well) | 8 | # Steam profile (applies to games/apps launched from Steam as well) |
9 | noblacklist ${HOME}/.java | ||
9 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
10 | noblacklist ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
11 | noblacklist ${HOME}/.Steampath | 12 | noblacklist ${HOME}/.Steampath |
@@ -29,7 +30,9 @@ noroot | |||
29 | protocol unix,inet,inet6,netlink | 30 | protocol unix,inet,inet6,netlink |
30 | seccomp | 31 | seccomp |
31 | shell none | 32 | shell none |
32 | tracelog | 33 | |
34 | # tracelog disabled as it breaks integrated browser | ||
35 | #tracelog | ||
33 | 36 | ||
34 | private-dev | 37 | private-dev |
35 | private-tmp | 38 | private-tmp |