diff options
Diffstat (limited to 'etc')
162 files changed, 984 insertions, 984 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 9ca9834a8..057dcf49e 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/0ad.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/0ad | 8 | noblacklist ${HOME}/.cache/0ad |
9 | noblacklist ~/.config/0ad | 9 | noblacklist ${HOME}/.config/0ad |
10 | noblacklist ~/.local/share/0ad | 10 | noblacklist ${HOME}/.local/share/0ad |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.cache/0ad | 17 | mkdir ${HOME}/.cache/0ad |
18 | mkdir ~/.config/0ad | 18 | mkdir ${HOME}/.config/0ad |
19 | mkdir ~/.local/share/0ad | 19 | mkdir ${HOME}/.local/share/0ad |
20 | whitelist ~/.cache/0ad | 20 | whitelist ${HOME}/.cache/0ad |
21 | whitelist ~/.config/0ad | 21 | whitelist ${HOME}/.config/0ad |
22 | whitelist ~/.local/share/0ad | 22 | whitelist ${HOME}/.local/share/0ad |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 964a9e5fa..fa29925c4 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/2048-qt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/2048-qt | 8 | noblacklist ${HOME}/.config/2048-qt |
9 | noblacklist ~/.config/xiaoyong | 9 | noblacklist ${HOME}/.config/xiaoyong |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 924f74389..1ceaaf8dc 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.Mathematica | 16 | mkdir ${HOME}/.Mathematica |
17 | mkdir ~/.Wolfram Research | 17 | mkdir ${HOME}/.Wolfram Research |
18 | whitelist ~/.Mathematica | 18 | whitelist ${HOME}/.Mathematica |
19 | whitelist ~/.Wolfram Research | 19 | whitelist ${HOME}/.Wolfram Research |
20 | whitelist ~/Documents/Wolfram Mathematica | 20 | whitelist ${HOME}/Documents/Wolfram Mathematica |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index f4a5c9f54..29cfebe13 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
@@ -6,8 +6,8 @@ include /etc/firejail/Thunar.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/Trash | 8 | noblacklist ${HOME}/.local/share/Trash |
9 | noblacklist ~/.config/Thunar | 9 | noblacklist ${HOME}/.config/Thunar |
10 | noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 10 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 3251ef8aa..5c964bad1 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -5,34 +5,34 @@ include /etc/firejail/abrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ~/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/mozilla/abrowser | 16 | mkdir ${HOME}/.cache/mozilla/abrowser |
17 | mkdir ~/.mozilla | 17 | mkdir ${HOME}/.mozilla |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/gnome-mplayer/plugin | 19 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
20 | whitelist ~/.cache/mozilla/abrowser | 20 | whitelist ${HOME}/.cache/mozilla/abrowser |
21 | whitelist ~/.config/gnome-mplayer | 21 | whitelist ${HOME}/.config/gnome-mplayer |
22 | whitelist ~/.config/pipelight-silverlight5.1 | 22 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
23 | whitelist ~/.config/pipelight-widevine | 23 | whitelist ${HOME}/.config/pipelight-widevine |
24 | whitelist ~/.keysnail.js | 24 | whitelist ${HOME}/.keysnail.js |
25 | whitelist ~/.lastpass | 25 | whitelist ${HOME}/.lastpass |
26 | whitelist ~/.mozilla | 26 | whitelist ${HOME}/.mozilla |
27 | whitelist ~/.pentadactyl | 27 | whitelist ${HOME}/.pentadactyl |
28 | whitelist ~/.pentadactylrc | 28 | whitelist ${HOME}/.pentadactylrc |
29 | whitelist ~/.pki | 29 | whitelist ${HOME}/.pki |
30 | whitelist ~/.vimperator | 30 | whitelist ${HOME}/.vimperator |
31 | whitelist ~/.vimperatorrc | 31 | whitelist ${HOME}/.vimperatorrc |
32 | whitelist ~/.wine-pipelight | 32 | whitelist ${HOME}/.wine-pipelight |
33 | whitelist ~/.wine-pipelight64 | 33 | whitelist ${HOME}/.wine-pipelight64 |
34 | whitelist ~/.zotero | 34 | whitelist ${HOME}/.zotero |
35 | whitelist ~/dwhelper | 35 | whitelist ${HOME}/dwhelper |
36 | include /etc/firejail/whitelist-common.inc | 36 | include /etc/firejail/whitelist-common.inc |
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
diff --git a/etc/ark.profile b/etc/ark.profile index 404206992..76b1d9394 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/arkrc | 10 | noblacklist ${HOME}/.config/arkrc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/atom.profile b/etc/atom.profile index dc8db46dc..de09275cc 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.atom | 10 | noblacklist ${HOME}/.atom |
11 | noblacklist ~/.config/Atom | 11 | noblacklist ${HOME}/.config/Atom |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/atril.profile b/etc/atril.profile index 50592ec3a..81d9e50d0 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -5,10 +5,10 @@ include /etc/firejail/atril.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/atril | 8 | noblacklist ${HOME}/.config/atril |
9 | 9 | ||
10 | #noblacklist ~/.local/share | 10 | #noblacklist ${HOME}/.local/share |
11 | # it seems to use only ~/.local/share/webkitgtk | 11 | # it seems to use only ${HOME}/.local/share/webkitgtk |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 7e2b91773..9a11022e3 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/audacious.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Audaciousrc | 8 | noblacklist ${HOME}/.config/Audaciousrc |
9 | noblacklist ~/.config/audacious | 9 | noblacklist ${HOME}/.config/audacious |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 52e32badb..e173fa65a 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.audacity-data | 10 | noblacklist ${HOME}/.audacity-data |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/aweather.profile b/etc/aweather.profile index 62cebdbe5..2a4a9b591 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -5,15 +5,15 @@ include /etc/firejail/aweather.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/aweather | 8 | noblacklist ${HOME}/.config/aweather |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.config/aweather | 15 | mkdir ${HOME}/.config/aweather |
16 | whitelist ~/.config/aweather | 16 | whitelist ${HOME}/.config/aweather |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
19 | 19 | ||
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index a4fe05cf7..f6dbb480b 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -41,7 +41,7 @@ private-tmp | |||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
42 | noexec /tmp | 42 | noexec /tmp |
43 | 43 | ||
44 | # Make home directory read-only and allow writing only to ~/.local/share | 44 | # Make home directory read-only and allow writing only to ${HOME}/.local/share |
45 | # Note: Baloo will not be able to update the "first run" key in its configuration files. | 45 | # Note: Baloo will not be able to update the "first run" key in its configuration files. |
46 | # read-only ${HOME} | 46 | # read-only ${HOME} |
47 | # read-write ${HOME}/.local/share | 47 | # read-write ${HOME}/.local/share |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 73d31c205..455a0e2a0 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -5,12 +5,12 @@ include /etc/firejail/bibletime.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist ~/.Xauthority | 8 | blacklist ${HOME}/.Xauthority |
9 | blacklist ~/.bashrc | 9 | blacklist ${HOME}/.bashrc |
10 | 10 | ||
11 | noblacklist ~/.bibletime | 11 | noblacklist ${HOME}/.bibletime |
12 | noblacklist ~/.config/qt5ct | 12 | noblacklist ${HOME}/.config/qt5ct |
13 | noblacklist ~/.sword | 13 | noblacklist ${HOME}/.sword |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/blender.profile b/etc/blender.profile index f7ecbce55..29df27759 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/blender.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/blender | 8 | noblacklist ${HOME}/.config/blender |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/brasero.profile b/etc/brasero.profile index eff4cba43..f90d4688a 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/brasero.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/brasero | 8 | noblacklist ${HOME}/.config/brasero |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/brave.profile b/etc/brave.profile index 4a908c884..476d1575a 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -5,25 +5,25 @@ include /etc/firejail/brave.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/brave | 8 | noblacklist ${HOME}/.config/brave |
9 | # brave uses gpg for built-in password manager | 9 | # brave uses gpg for built-in password manager |
10 | noblacklist ~/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | noblacklist ~/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.config/brave | 17 | mkdir ${HOME}/.config/brave |
18 | mkdir ~/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.config/KeePass | 20 | whitelist ${HOME}/.config/KeePass |
21 | whitelist ~/.config/brave | 21 | whitelist ${HOME}/.config/brave |
22 | whitelist ~/.config/keepass | 22 | whitelist ${HOME}/.config/keepass |
23 | whitelist ~/.config/lastpass | 23 | whitelist ${HOME}/.config/lastpass |
24 | whitelist ~/.keepass | 24 | whitelist ${HOME}/.keepass |
25 | whitelist ~/.lastpass | 25 | whitelist ${HOME}/.lastpass |
26 | whitelist ~/.pki | 26 | whitelist ${HOME}/.pki |
27 | include /etc/firejail/whitelist-common.inc | 27 | include /etc/firejail/whitelist-common.inc |
28 | 28 | ||
29 | # caps.drop all | 29 | # caps.drop all |
diff --git a/etc/caja.profile b/etc/caja.profile index 83b6befa3..c3d5fa7c4 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
@@ -8,9 +8,9 @@ include /etc/firejail/globals.local | |||
8 | # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 8 | # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
9 | # is already a caja process running on MATE desktops firejail will have no effect. | 9 | # is already a caja process running on MATE desktops firejail will have no effect. |
10 | 10 | ||
11 | # noblacklist ~/.config/caja - disable-programs.inc is disabled, see below | 11 | # noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below |
12 | # noblacklist ~/.local/share/Trash | 12 | # noblacklist ${HOME}/.local/share/Trash |
13 | # noblacklist ~/.local/share/caja-python | 13 | # noblacklist ${HOME}/.local/share/caja-python |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/calibre.profile b/etc/calibre.profile index 844231032..e4ed87753 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/calibre.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/calibre | 8 | noblacklist ${HOME}/.cache/calibre |
9 | noblacklist ~/.config/calibre | 9 | noblacklist ${HOME}/.config/calibre |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | # include /etc/firejail/disable-devel.inc | 12 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/catfish.profile b/etc/catfish.profile index 139951680..6d5ec1c52 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -10,7 +10,7 @@ include /etc/firejail/globals.local | |||
10 | 10 | ||
11 | blacklist /run/user/*/bus | 11 | blacklist /run/user/*/bus |
12 | 12 | ||
13 | noblacklist ~/.config/catfish | 13 | noblacklist ${HOME}/.config/catfish |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | # include /etc/firejail/disable-devel.inc | 16 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 0c7058a11..281d8bf76 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -5,23 +5,23 @@ include /etc/firejail/chromium.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/chromium | 8 | noblacklist ${HOME}/.cache/chromium |
9 | noblacklist ~/.config/chromium | 9 | noblacklist ${HOME}/.config/chromium |
10 | noblacklist ~/.config/chromium-flags.conf | 10 | noblacklist ${HOME}/.config/chromium-flags.conf |
11 | noblacklist ~/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.cache/chromium | 17 | mkdir ${HOME}/.cache/chromium |
18 | mkdir ~/.config/chromium | 18 | mkdir ${HOME}/.config/chromium |
19 | mkdir ~/.pki | 19 | mkdir ${HOME}/.pki |
20 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | whitelist ~/.cache/chromium | 21 | whitelist ${HOME}/.cache/chromium |
22 | whitelist ~/.config/chromium | 22 | whitelist ${HOME}/.config/chromium |
23 | whitelist ~/.config/chromium-flags.conf | 23 | whitelist ${HOME}/.config/chromium-flags.conf |
24 | whitelist ~/.pki | 24 | whitelist ${HOME}/.pki |
25 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
26 | include /etc/firejail/whitelist-var-common.inc | 26 | include /etc/firejail/whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index 4ab49163b..319515bde 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/claws-mail.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.claws-mail | 8 | noblacklist ${HOME}/.claws-mail |
9 | noblacklist ~/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | noblacklist ~/.signature | 10 | noblacklist ${HOME}/.signature |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 619086437..f4a3301b6 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/clementine.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Clementine | 8 | noblacklist ${HOME}/.config/Clementine |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/cliqz.profile b/etc/cliqz.profile index d61d46dca..086dfa233 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile | |||
@@ -5,60 +5,60 @@ include /etc/firejail/cliqz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/cliqz | 8 | noblacklist ${HOME}/.cache/cliqz |
9 | noblacklist ~/.config/cliqz | 9 | noblacklist ${HOME}/.config/cliqz |
10 | noblacklist ~/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
11 | noblacklist ~/.config/okularrc | 11 | noblacklist ${HOME}/.config/okularrc |
12 | noblacklist ~/.config/qpdfview | 12 | noblacklist ${HOME}/.config/qpdfview |
13 | noblacklist ~/.kde/share/apps/okular | 13 | noblacklist ${HOME}/.kde/share/apps/okular |
14 | noblacklist ~/.kde/share/config/okularpartrc | 14 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
15 | noblacklist ~/.kde/share/config/okularrc | 15 | noblacklist ${HOME}/.kde/share/config/okularrc |
16 | noblacklist ~/.kde4/share/apps/okular | 16 | noblacklist ${HOME}/.kde4/share/apps/okular |
17 | noblacklist ~/.kde4/share/config/okularpartrc | 17 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
18 | noblacklist ~/.kde4/share/config/okularrc | 18 | noblacklist ${HOME}/.kde4/share/config/okularrc |
19 | # noblacklist ~/.local/share/gnome-shell/extensions | 19 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions |
20 | noblacklist ~/.local/share/okular | 20 | noblacklist ${HOME}/.local/share/okular |
21 | noblacklist ~/.local/share/qpdfview | 21 | noblacklist ${HOME}/.local/share/qpdfview |
22 | 22 | ||
23 | noblacklist ~/.pki | 23 | noblacklist ${HOME}/.pki |
24 | 24 | ||
25 | include /etc/firejail/disable-common.inc | 25 | include /etc/firejail/disable-common.inc |
26 | include /etc/firejail/disable-devel.inc | 26 | include /etc/firejail/disable-devel.inc |
27 | include /etc/firejail/disable-programs.inc | 27 | include /etc/firejail/disable-programs.inc |
28 | 28 | ||
29 | mkdir ~/.cache/mozilla/firefox | 29 | mkdir ${HOME}/.cache/mozilla/firefox |
30 | mkdir ~/.mozilla | 30 | mkdir ${HOME}/.mozilla |
31 | mkdir ~/.pki | 31 | mkdir ${HOME}/.pki |
32 | whitelist ${DOWNLOADS} | 32 | whitelist ${DOWNLOADS} |
33 | whitelist ~/.cache/gnome-mplayer/plugin | 33 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
34 | whitelist ~/.cache/mozilla/firefox | 34 | whitelist ${HOME}/.cache/mozilla/firefox |
35 | whitelist ~/.config/gnome-mplayer | 35 | whitelist ${HOME}/.config/gnome-mplayer |
36 | whitelist ~/.config/okularpartrc | 36 | whitelist ${HOME}/.config/okularpartrc |
37 | whitelist ~/.config/okularrc | 37 | whitelist ${HOME}/.config/okularrc |
38 | whitelist ~/.config/pipelight-silverlight5.1 | 38 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
39 | whitelist ~/.config/pipelight-widevine | 39 | whitelist ${HOME}/.config/pipelight-widevine |
40 | whitelist ~/.config/qpdfview | 40 | whitelist ${HOME}/.config/qpdfview |
41 | whitelist ~/.kde/share/apps/okular | 41 | whitelist ${HOME}/.kde/share/apps/okular |
42 | whitelist ~/.kde/share/config/okularpartrc | 42 | whitelist ${HOME}/.kde/share/config/okularpartrc |
43 | whitelist ~/.kde/share/config/okularrc | 43 | whitelist ${HOME}/.kde/share/config/okularrc |
44 | whitelist ~/.kde4/share/apps/okular | 44 | whitelist ${HOME}/.kde4/share/apps/okular |
45 | whitelist ~/.kde4/share/config/okularpartrc | 45 | whitelist ${HOME}/.kde4/share/config/okularpartrc |
46 | whitelist ~/.kde4/share/config/okularrc | 46 | whitelist ${HOME}/.kde4/share/config/okularrc |
47 | whitelist ~/.keysnail.js | 47 | whitelist ${HOME}/.keysnail.js |
48 | whitelist ~/.lastpass | 48 | whitelist ${HOME}/.lastpass |
49 | whitelist ~/.local/share/gnome-shell/extensions | 49 | whitelist ${HOME}/.local/share/gnome-shell/extensions |
50 | whitelist ~/.local/share/okular | 50 | whitelist ${HOME}/.local/share/okular |
51 | whitelist ~/.local/share/qpdfview | 51 | whitelist ${HOME}/.local/share/qpdfview |
52 | whitelist ~/.mozilla | 52 | whitelist ${HOME}/.mozilla |
53 | whitelist ~/.pentadactyl | 53 | whitelist ${HOME}/.pentadactyl |
54 | whitelist ~/.pentadactylrc | 54 | whitelist ${HOME}/.pentadactylrc |
55 | whitelist ~/.pki | 55 | whitelist ${HOME}/.pki |
56 | whitelist ~/.vimperator | 56 | whitelist ${HOME}/.vimperator |
57 | whitelist ~/.vimperatorrc | 57 | whitelist ${HOME}/.vimperatorrc |
58 | whitelist ~/.wine-pipelight | 58 | whitelist ${HOME}/.wine-pipelight |
59 | whitelist ~/.wine-pipelight64 | 59 | whitelist ${HOME}/.wine-pipelight64 |
60 | whitelist ~/.zotero | 60 | whitelist ${HOME}/.zotero |
61 | whitelist ~/dwhelper | 61 | whitelist ${HOME}/dwhelper |
62 | include /etc/firejail/whitelist-common.inc | 62 | include /etc/firejail/whitelist-common.inc |
63 | include /etc/firejail/whitelist-var-common.inc | 63 | include /etc/firejail/whitelist-var-common.inc |
64 | 64 | ||
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index f6a9eefb6..38c4fdd68 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -10,17 +10,17 @@ noblacklist ${HOME}/.conkeror.mozdev.org | |||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | 12 | ||
13 | whitelist ~/.conkeror.mozdev.org | 13 | whitelist ${HOME}/.conkeror.mozdev.org |
14 | whitelist ~/.conkerorrc | 14 | whitelist ${HOME}/.conkerorrc |
15 | whitelist ~/.gtkrc-2.0 | 15 | whitelist ${HOME}/.gtkrc-2.0 |
16 | whitelist ~/.lastpass | 16 | whitelist ${HOME}/.lastpass |
17 | whitelist ~/.pentadactyl | 17 | whitelist ${HOME}/.pentadactyl |
18 | whitelist ~/.pentadactylrc | 18 | whitelist ${HOME}/.pentadactylrc |
19 | whitelist ~/.vimperator | 19 | whitelist ${HOME}/.vimperator |
20 | whitelist ~/.vimperatorrc | 20 | whitelist ${HOME}/.vimperatorrc |
21 | whitelist ~/.zotero | 21 | whitelist ${HOME}/.zotero |
22 | whitelist ~/Downloads | 22 | whitelist ${HOME}/Downloads |
23 | whitelist ~/dwhelper | 23 | whitelist ${HOME}/dwhelper |
24 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/corebird.profile b/etc/corebird.profile index 99a3335ef..3c9740cb7 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/corebird.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/corebird | 8 | noblacklist ${HOME}/.config/corebird |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/cower.profile b/etc/cower.profile index 5e5c367c4..565c417ed 100644 --- a/etc/cower.profile +++ b/etc/cower.profile | |||
@@ -2,8 +2,8 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | # This profile could be significantly strengthened by adding the following to cower.local | 4 | # This profile could be significantly strengthened by adding the following to cower.local |
5 | # whitelist ~/<Your Build Folder> | 5 | # whitelist ${HOME}/<Your Build Folder> |
6 | # whitelist ~/.config/cower/ | 6 | # whitelist ${HOME}/.config/cower/ |
7 | 7 | ||
8 | quiet | 8 | quiet |
9 | 9 | ||
@@ -12,8 +12,8 @@ include /etc/firejail/cower.local | |||
12 | # Persistent global definitions | 12 | # Persistent global definitions |
13 | include /etc/firejail/globals.local | 13 | include /etc/firejail/globals.local |
14 | 14 | ||
15 | noblacklist ~/.config/cower/config | 15 | noblacklist ${HOME}/.config/cower/config |
16 | read-only ~/.config/cower/config | 16 | read-only ${HOME}/.config/cower/config |
17 | 17 | ||
18 | noblacklist /var/lib/pacman | 18 | noblacklist /var/lib/pacman |
19 | 19 | ||
diff --git a/etc/curl.profile b/etc/curl.profile index 972bbe9cc..521cd20cc 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local | |||
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ~/.curlrc | 11 | noblacklist ${HOME}/.curlrc |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 63f6ea845..a670f6aa3 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -5,49 +5,49 @@ include /etc/firejail/cyberfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.8pecxstudios | 8 | noblacklist ${HOME}/.8pecxstudios |
9 | noblacklist ~/.cache/8pecxstudios | 9 | noblacklist ${HOME}/.cache/8pecxstudios |
10 | noblacklist ~/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
11 | noblacklist ~/.config/okularrc | 11 | noblacklist ${HOME}/.config/okularrc |
12 | noblacklist ~/.config/qpdfview | 12 | noblacklist ${HOME}/.config/qpdfview |
13 | noblacklist ~/.kde/share/apps/okular | 13 | noblacklist ${HOME}/.kde/share/apps/okular |
14 | noblacklist ~/.kde4/share/apps/okular | 14 | noblacklist ${HOME}/.kde4/share/apps/okular |
15 | noblacklist ~/.local/share/okular | 15 | noblacklist ${HOME}/.local/share/okular |
16 | noblacklist ~/.local/share/qpdfview | 16 | noblacklist ${HOME}/.local/share/qpdfview |
17 | noblacklist ~/.pki | 17 | noblacklist ${HOME}/.pki |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | 22 | ||
23 | mkdir ~/.8pecxstudios | 23 | mkdir ${HOME}/.8pecxstudios |
24 | mkdir ~/.cache/8pecxstudios | 24 | mkdir ${HOME}/.cache/8pecxstudios |
25 | mkdir ~/.pki | 25 | mkdir ${HOME}/.pki |
26 | whitelist ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | whitelist ~/.8pecxstudios | 27 | whitelist ${HOME}/.8pecxstudios |
28 | whitelist ~/.cache/8pecxstudios | 28 | whitelist ${HOME}/.cache/8pecxstudios |
29 | whitelist ~/.cache/gnome-mplayer/plugin | 29 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
30 | whitelist ~/.config/gnome-mplayer | 30 | whitelist ${HOME}/.config/gnome-mplayer |
31 | whitelist ~/.config/okularpartrc | 31 | whitelist ${HOME}/.config/okularpartrc |
32 | whitelist ~/.config/okularrc | 32 | whitelist ${HOME}/.config/okularrc |
33 | whitelist ~/.config/pipelight-silverlight5.1 | 33 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
34 | whitelist ~/.config/pipelight-widevine | 34 | whitelist ${HOME}/.config/pipelight-widevine |
35 | whitelist ~/.config/qpdfview | 35 | whitelist ${HOME}/.config/qpdfview |
36 | whitelist ~/.kde/share/apps/okular | 36 | whitelist ${HOME}/.kde/share/apps/okular |
37 | whitelist ~/.kde4/share/apps/okular | 37 | whitelist ${HOME}/.kde4/share/apps/okular |
38 | whitelist ~/.keysnail.js | 38 | whitelist ${HOME}/.keysnail.js |
39 | whitelist ~/.lastpass | 39 | whitelist ${HOME}/.lastpass |
40 | whitelist ~/.local/share/okular | 40 | whitelist ${HOME}/.local/share/okular |
41 | whitelist ~/.local/share/qpdfview | 41 | whitelist ${HOME}/.local/share/qpdfview |
42 | whitelist ~/.pentadactyl | 42 | whitelist ${HOME}/.pentadactyl |
43 | whitelist ~/.pentadactylrc | 43 | whitelist ${HOME}/.pentadactylrc |
44 | whitelist ~/.pki | 44 | whitelist ${HOME}/.pki |
45 | whitelist ~/.vimperator | 45 | whitelist ${HOME}/.vimperator |
46 | whitelist ~/.vimperatorrc | 46 | whitelist ${HOME}/.vimperatorrc |
47 | whitelist ~/.wine-pipelight | 47 | whitelist ${HOME}/.wine-pipelight |
48 | whitelist ~/.wine-pipelight64 | 48 | whitelist ${HOME}/.wine-pipelight64 |
49 | whitelist ~/.zotero | 49 | whitelist ${HOME}/.zotero |
50 | whitelist ~/dwhelper | 50 | whitelist ${HOME}/dwhelper |
51 | include /etc/firejail/whitelist-common.inc | 51 | include /etc/firejail/whitelist-common.inc |
52 | 52 | ||
53 | caps.drop all | 53 | caps.drop all |
diff --git a/etc/darktable.profile b/etc/darktable.profile index c2dc0b42c..176ffaca1 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/darktable.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/darktable | 8 | noblacklist ${HOME}/.cache/darktable |
9 | noblacklist ~/.config/darktable | 9 | noblacklist ${HOME}/.config/darktable |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/dia.profile b/etc/dia.profile index bf3c384ab..b1a723da0 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.dia | 10 | noblacklist ${HOME}/.dia |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/dillo.profile b/etc/dillo.profile index 840a568d8..6afb999e7 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
@@ -5,18 +5,18 @@ include /etc/firejail/dillo.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.dillo | 8 | noblacklist ${HOME}/.dillo |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.dillo | 15 | mkdir ${HOME}/.dillo |
16 | mkdir ~/.fltk | 16 | mkdir ${HOME}/.fltk |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ~/.dillo | 18 | whitelist ${HOME}/.dillo |
19 | whitelist ~/.fltk | 19 | whitelist ${HOME}/.fltk |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index fe72ee654..c1604826e 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/globals.local | |||
8 | # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 | 8 | # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | # noblacklist ~/.config/dolphinrc - diable-programs.inc is disabled, see below | 11 | # noblacklist ${HOME}/.config/dolphinrc - diable-programs.inc is disabled, see below |
12 | # noblacklist ~/.local/share/dolphin | 12 | # noblacklist ${HOME}/.local/share/dolphin |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index a64578e5c..736c7da2f 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/dosbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.dosbox | 8 | noblacklist ${HOME}/.dosbox |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/dragon.profile b/etc/dragon.profile index c37f81ac9..76544010f 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/dragon.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/dragonplayerrc | 8 | noblacklist ${HOME}/.config/dragonplayerrc |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index ec268c09b..138b3912a 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -5,23 +5,23 @@ include /etc/firejail/dropbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | noblacklist ~/.dropbox | 9 | noblacklist ${HOME}/.dropbox |
10 | noblacklist ~/.dropbox-dist | 10 | noblacklist ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.dropbox | 17 | mkdir ${HOME}/.dropbox |
18 | mkdir ~/.dropbox-dist | 18 | mkdir ${HOME}/.dropbox-dist |
19 | mkdir ~/Dropbox | 19 | mkdir ${HOME}/Dropbox |
20 | mkfile ~/.config/autostart/dropbox.desktop | 20 | mkfile ${HOME}/.config/autostart/dropbox.desktop |
21 | whitelist ~/.config/autostart/dropbox.desktop | 21 | whitelist ${HOME}/.config/autostart/dropbox.desktop |
22 | whitelist ~/.dropbox | 22 | whitelist ${HOME}/.dropbox |
23 | whitelist ~/.dropbox-dist | 23 | whitelist ${HOME}/.dropbox-dist |
24 | whitelist ~/Dropbox | 24 | whitelist ${HOME}/Dropbox |
25 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/elinks.profile b/etc/elinks.profile index 10fd19f71..aca30c933 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
9 | 9 | ||
10 | noblacklist ~/.elinks | 10 | noblacklist ${HOME}/.elinks |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/emacs.profile b/etc/emacs.profile index 8351d6c42..8700bc8e6 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/emacs.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.emacs | 8 | noblacklist ${HOME}/.emacs |
9 | noblacklist ~/.emacs.d | 9 | noblacklist ${HOME}/.emacs.d |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/enchant.profile b/etc/enchant.profile index b7034b937..8178bb2c8 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/enchant.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/enchant | 8 | noblacklist ${HOME}/.config/enchant |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/eog.profile b/etc/eog.profile index c07268e14..cf6b1c1c6 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | 8 | # blacklist /run/user/*/bus - makes settings immutable |
9 | 9 | ||
10 | noblacklist ~/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ~/.config/eog | 11 | noblacklist ${HOME}/.config/eog |
12 | noblacklist ~/.local/share/Trash | 12 | noblacklist ${HOME}/.local/share/Trash |
13 | noblacklist ~/.steam | 13 | noblacklist ${HOME}/.steam |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/eom.profile b/etc/eom.profile index 5e0008ab3..4edd8fafe 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | 8 | # blacklist /run/user/*/bus - makes settings immutable |
9 | 9 | ||
10 | noblacklist ~/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ~/.config/mate/eom | 11 | noblacklist ${HOME}/.config/mate/eom |
12 | noblacklist ~/.local/share/Trash | 12 | noblacklist ${HOME}/.local/share/Trash |
13 | noblacklist ~/.steam | 13 | noblacklist ${HOME}/.steam |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/etr.profile b/etc/etr.profile index 579aa570a..ad2e5be5d 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.etr | 10 | noblacklist ${HOME}/.etr |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.etr | 16 | mkdir ${HOME}/.etr |
17 | whitelist ~/.etr | 17 | whitelist ${HOME}/.etr |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
diff --git a/etc/evince.profile b/etc/evince.profile index b68d272df..7118d3c08 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/evince | 10 | noblacklist ${HOME}/.config/evince |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/evolution.profile b/etc/evolution.profile index e74c68f63..90a0c4ec4 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist /var/mail | 8 | noblacklist /var/mail |
9 | noblacklist /var/spool/mail | 9 | noblacklist /var/spool/mail |
10 | # noblacklist ~/.bogofilter | 10 | # noblacklist ${HOME}/.bogofilter |
11 | noblacklist ~/.cache/evolution | 11 | noblacklist ${HOME}/.cache/evolution |
12 | noblacklist ~/.config/evolution | 12 | noblacklist ${HOME}/.config/evolution |
13 | noblacklist ~/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | noblacklist ~/.local/share/evolution | 14 | noblacklist ${HOME}/.local/share/evolution |
15 | noblacklist ~/.pki | 15 | noblacklist ${HOME}/.pki |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 2423b149c..b76c16385 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -5,67 +5,67 @@ include /etc/firejail/firefox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ~/.config/okularpartrc | 9 | noblacklist ${HOME}/.config/okularpartrc |
10 | noblacklist ~/.config/okularrc | 10 | noblacklist ${HOME}/.config/okularrc |
11 | noblacklist ~/.config/qpdfview | 11 | noblacklist ${HOME}/.config/qpdfview |
12 | noblacklist ~/.kde/share/apps/kget | 12 | noblacklist ${HOME}/.kde/share/apps/kget |
13 | noblacklist ~/.kde/share/apps/okular | 13 | noblacklist ${HOME}/.kde/share/apps/okular |
14 | noblacklist ~/.kde/share/config/kgetrc | 14 | noblacklist ${HOME}/.kde/share/config/kgetrc |
15 | noblacklist ~/.kde/share/config/okularpartrc | 15 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
16 | noblacklist ~/.kde/share/config/okularrc | 16 | noblacklist ${HOME}/.kde/share/config/okularrc |
17 | noblacklist ~/.kde4/share/apps/kget | 17 | noblacklist ${HOME}/.kde4/share/apps/kget |
18 | noblacklist ~/.kde4/share/apps/okular | 18 | noblacklist ${HOME}/.kde4/share/apps/okular |
19 | noblacklist ~/.kde4/share/config/kgetrc | 19 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
20 | noblacklist ~/.kde4/share/config/okularpartrc | 20 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
21 | noblacklist ~/.kde4/share/config/okularrc | 21 | noblacklist ${HOME}/.kde4/share/config/okularrc |
22 | # noblacklist ~/.local/share/gnome-shell/extensions | 22 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions |
23 | noblacklist ~/.local/share/okular | 23 | noblacklist ${HOME}/.local/share/okular |
24 | noblacklist ~/.local/share/qpdfview | 24 | noblacklist ${HOME}/.local/share/qpdfview |
25 | noblacklist ~/.mozilla | 25 | noblacklist ${HOME}/.mozilla |
26 | noblacklist ~/.pki | 26 | noblacklist ${HOME}/.pki |
27 | 27 | ||
28 | include /etc/firejail/disable-common.inc | 28 | include /etc/firejail/disable-common.inc |
29 | include /etc/firejail/disable-devel.inc | 29 | include /etc/firejail/disable-devel.inc |
30 | include /etc/firejail/disable-programs.inc | 30 | include /etc/firejail/disable-programs.inc |
31 | 31 | ||
32 | mkdir ~/.cache/mozilla/firefox | 32 | mkdir ${HOME}/.cache/mozilla/firefox |
33 | mkdir ~/.mozilla | 33 | mkdir ${HOME}/.mozilla |
34 | mkdir ~/.pki | 34 | mkdir ${HOME}/.pki |
35 | whitelist ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | whitelist ~/.cache/gnome-mplayer/plugin | 36 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
37 | whitelist ~/.cache/mozilla/firefox | 37 | whitelist ${HOME}/.cache/mozilla/firefox |
38 | whitelist ~/.config/gnome-mplayer | 38 | whitelist ${HOME}/.config/gnome-mplayer |
39 | whitelist ~/.config/okularpartrc | 39 | whitelist ${HOME}/.config/okularpartrc |
40 | whitelist ~/.config/okularrc | 40 | whitelist ${HOME}/.config/okularrc |
41 | whitelist ~/.config/pipelight-silverlight5.1 | 41 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
42 | whitelist ~/.config/pipelight-widevine | 42 | whitelist ${HOME}/.config/pipelight-widevine |
43 | whitelist ~/.config/qpdfview | 43 | whitelist ${HOME}/.config/qpdfview |
44 | whitelist ~/.kde/share/apps/kget | 44 | whitelist ${HOME}/.kde/share/apps/kget |
45 | whitelist ~/.kde/share/apps/okular | 45 | whitelist ${HOME}/.kde/share/apps/okular |
46 | whitelist ~/.kde/share/config/kgetrc | 46 | whitelist ${HOME}/.kde/share/config/kgetrc |
47 | whitelist ~/.kde/share/config/okularpartrc | 47 | whitelist ${HOME}/.kde/share/config/okularpartrc |
48 | whitelist ~/.kde/share/config/okularrc | 48 | whitelist ${HOME}/.kde/share/config/okularrc |
49 | whitelist ~/.kde4/share/apps/kget | 49 | whitelist ${HOME}/.kde4/share/apps/kget |
50 | whitelist ~/.kde4/share/apps/okular | 50 | whitelist ${HOME}/.kde4/share/apps/okular |
51 | whitelist ~/.kde4/share/config/kgetrc | 51 | whitelist ${HOME}/.kde4/share/config/kgetrc |
52 | whitelist ~/.kde4/share/config/okularpartrc | 52 | whitelist ${HOME}/.kde4/share/config/okularpartrc |
53 | whitelist ~/.kde4/share/config/okularrc | 53 | whitelist ${HOME}/.kde4/share/config/okularrc |
54 | whitelist ~/.keysnail.js | 54 | whitelist ${HOME}/.keysnail.js |
55 | whitelist ~/.lastpass | 55 | whitelist ${HOME}/.lastpass |
56 | whitelist ~/.local/share/gnome-shell/extensions | 56 | whitelist ${HOME}/.local/share/gnome-shell/extensions |
57 | whitelist ~/.local/share/okular | 57 | whitelist ${HOME}/.local/share/okular |
58 | whitelist ~/.local/share/qpdfview | 58 | whitelist ${HOME}/.local/share/qpdfview |
59 | whitelist ~/.mozilla | 59 | whitelist ${HOME}/.mozilla |
60 | whitelist ~/.pentadactyl | 60 | whitelist ${HOME}/.pentadactyl |
61 | whitelist ~/.pentadactylrc | 61 | whitelist ${HOME}/.pentadactylrc |
62 | whitelist ~/.pki | 62 | whitelist ${HOME}/.pki |
63 | whitelist ~/.vimperator | 63 | whitelist ${HOME}/.vimperator |
64 | whitelist ~/.vimperatorrc | 64 | whitelist ${HOME}/.vimperatorrc |
65 | whitelist ~/.wine-pipelight | 65 | whitelist ${HOME}/.wine-pipelight |
66 | whitelist ~/.wine-pipelight64 | 66 | whitelist ${HOME}/.wine-pipelight64 |
67 | whitelist ~/.zotero | 67 | whitelist ${HOME}/.zotero |
68 | whitelist ~/dwhelper | 68 | whitelist ${HOME}/dwhelper |
69 | include /etc/firejail/whitelist-common.inc | 69 | include /etc/firejail/whitelist-common.inc |
70 | include /etc/firejail/whitelist-var-common.inc | 70 | include /etc/firejail/whitelist-var-common.inc |
71 | 71 | ||
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 18db4c597..feb4087f4 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -10,21 +10,21 @@ include /etc/firejail/globals.local | |||
10 | # to run it is as follows: | 10 | # to run it is as follows: |
11 | # firejail flashpeak-slimjet --no-sandbox | 11 | # firejail flashpeak-slimjet --no-sandbox |
12 | 12 | ||
13 | noblacklist ~/.cache/slimjet | 13 | noblacklist ${HOME}/.cache/slimjet |
14 | noblacklist ~/.config/slimjet | 14 | noblacklist ${HOME}/.config/slimjet |
15 | noblacklist ~/.pki | 15 | noblacklist ${HOME}/.pki |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
18 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
19 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | 20 | ||
21 | mkdir ~/.cache/slimjet | 21 | mkdir ${HOME}/.cache/slimjet |
22 | mkdir ~/.config/slimjet | 22 | mkdir ${HOME}/.config/slimjet |
23 | mkdir ~/.pki | 23 | mkdir ${HOME}/.pki |
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | whitelist ~/.cache/slimjet | 25 | whitelist ${HOME}/.cache/slimjet |
26 | whitelist ~/.config/slimjet | 26 | whitelist ${HOME}/.config/slimjet |
27 | whitelist ~/.pki | 27 | whitelist ${HOME}/.pki |
28 | include /etc/firejail/whitelist-common.inc | 28 | include /etc/firejail/whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index cef522c53..4316c0988 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
@@ -5,16 +5,16 @@ include /etc/firejail/fossamail.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/fossamail | 8 | noblacklist ${HOME}/.cache/fossamail |
9 | noblacklist ~/.fossamail | 9 | noblacklist ${HOME}/.fossamail |
10 | noblacklist ~/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | mkdir ~/.cache/fossamail | 12 | mkdir ${HOME}/.cache/fossamail |
13 | mkdir ~/.fossamail | 13 | mkdir ${HOME}/.fossamail |
14 | mkdir ~/.gnupg | 14 | mkdir ${HOME}/.gnupg |
15 | whitelist ~/.cache/fossamail | 15 | whitelist ${HOME}/.cache/fossamail |
16 | whitelist ~/.fossamail | 16 | whitelist ${HOME}/.fossamail |
17 | whitelist ~/.gnupg | 17 | whitelist ${HOME}/.gnupg |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | # allow browsers | 20 | # allow browsers |
diff --git a/etc/franz.profile b/etc/franz.profile index bceeaf3b4..42b14fa2f 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/franz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/Franz | 8 | noblacklist ${HOME}/.cache/Franz |
9 | noblacklist ~/.config/Franz | 9 | noblacklist ${HOME}/.config/Franz |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/Franz | 16 | mkdir ${HOME}/.cache/Franz |
17 | mkdir ~/.config/Franz | 17 | mkdir ${HOME}/.config/Franz |
18 | mkdir ~/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.cache/Franz | 20 | whitelist ${HOME}/.cache/Franz |
21 | whitelist ~/.config/Franz | 21 | whitelist ${HOME}/.config/Franz |
22 | whitelist ~/.pki | 22 | whitelist ${HOME}/.pki |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 0480faf6f..0660137e0 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.frozen-bubble | 10 | noblacklist ${HOME}/.frozen-bubble |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.frozen-bubble | 16 | mkdir ${HOME}/.frozen-bubble |
17 | whitelist ~/.frozen-bubble | 17 | whitelist ${HOME}/.frozen-bubble |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
diff --git a/etc/galculator.profile b/etc/galculator.profile index fdb9e3f1d..0923d7e55 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -7,15 +7,15 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/galculator | 10 | noblacklist ${HOME}/.config/galculator |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.config/galculator | 17 | mkdir ${HOME}/.config/galculator |
18 | whitelist ~/.config/galculator | 18 | whitelist ${HOME}/.config/galculator |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/geary.profile b/etc/geary.profile index 3ab4a21d8..36c00efa0 100644 --- a/etc/geary.profile +++ b/etc/geary.profile | |||
@@ -8,18 +8,18 @@ include /etc/firejail/globals.local | |||
8 | # Users have Geary set to open a browser by clicking a link in an email | 8 | # Users have Geary set to open a browser by clicking a link in an email |
9 | # We are not allowed to blacklist browser-specific directories | 9 | # We are not allowed to blacklist browser-specific directories |
10 | 10 | ||
11 | noblacklist ~/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | noblacklist ~/.local/share/geary | 12 | noblacklist ${HOME}/.local/share/geary |
13 | 13 | ||
14 | mkdir ~/.gnupg | 14 | mkdir ${HOME}/.gnupg |
15 | mkdir ~/.local/share/geary | 15 | mkdir ${HOME}/.local/share/geary |
16 | whitelist ~/.gnupg | 16 | whitelist ${HOME}/.gnupg |
17 | whitelist ~/.local/share/geary | 17 | whitelist ${HOME}/.local/share/geary |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | ignore private-tmp | 20 | ignore private-tmp |
21 | 21 | ||
22 | read-only ~/.config/mimeapps.list | 22 | read-only ${HOME}/.config/mimeapps.list |
23 | 23 | ||
24 | # allow browsers | 24 | # allow browsers |
25 | # Redirect | 25 | # Redirect |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index a50fd4370..27ee343af 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/geeqie.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/geeqie | 8 | noblacklist ${HOME}/.cache/geeqie |
9 | noblacklist ~/.config/geeqie | 9 | noblacklist ${HOME}/.config/geeqie |
10 | noblacklist ~/.local/share/geeqie | 10 | noblacklist ${HOME}/.local/share/geeqie |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gimp.profile b/etc/gimp.profile index b398813f6..2a0698cc3 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -30,7 +30,7 @@ shell none | |||
30 | private-dev | 30 | private-dev |
31 | private-tmp | 31 | private-tmp |
32 | 32 | ||
33 | # gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory | 33 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory |
34 | # if you are not using external plugins, you can enable noexec statement below | 34 | # if you are not using external plugins, you can enable noexec statement below |
35 | # noexec ${HOME} | 35 | # noexec ${HOME} |
36 | noexec /tmp | 36 | noexec /tmp |
diff --git a/etc/git.profile b/etc/git.profile index 14fb55118..7dac03b1b 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -8,13 +8,13 @@ include /etc/firejail/globals.local | |||
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ~/.emacs | 11 | noblacklist ${HOME}/.emacs |
12 | noblacklist ~/.emacs.d | 12 | noblacklist ${HOME}/.emacs.d |
13 | noblacklist ~/.gitconfig | 13 | noblacklist ${HOME}/.gitconfig |
14 | noblacklist ~/.gnupg | 14 | noblacklist ${HOME}/.gnupg |
15 | noblacklist ~/.ssh | 15 | noblacklist ${HOME}/.ssh |
16 | noblacklist ~/.vim | 16 | noblacklist ${HOME}/.vim |
17 | noblacklist ~/.viminfo | 17 | noblacklist ${HOME}/.viminfo |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/gitter.profile b/etc/gitter.profile index 3e84455f1..a3bbabd10 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/gitter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | noblacklist ~/.config/Gitter | 9 | noblacklist ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | whitelist ~/.config/autostart | 17 | whitelist ${HOME}/.config/autostart |
18 | whitelist ~/.config/Gitter | 18 | whitelist ${HOME}/.config/Gitter |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/gjs.profile b/etc/gjs.profile index a856d35b5..32faeb8df 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ~/.cache/libgweather | 10 | noblacklist ${HOME}/.cache/libgweather |
11 | noblacklist ~/.cache/org.gnome.Books | 11 | noblacklist ${HOME}/.cache/org.gnome.Books |
12 | noblacklist ~/.config/libreoffice | 12 | noblacklist ${HOME}/.config/libreoffice |
13 | noblacklist ~/.local/share/gnome-photos | 13 | noblacklist ${HOME}/.local/share/gnome-photos |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 6998a3a42..bd21cd39f 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ~/.cache/org.gnome.Books | 10 | noblacklist ${HOME}/.cache/org.gnome.Books |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 4caf971dd..f1f04d889 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/gnome-chess.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.local/share/gnome-chess | 8 | noblacklist ${HOME}/.local/share/gnome-chess |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 3254f3fbc..40bb63538 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ~/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 166994374..c9626950e 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/gnome-mplayer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/gnome-mplayer | 8 | noblacklist ${HOME}/.config/gnome-mplayer |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 17288d500..f052563be 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/gnome-music.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.local/share/gnome-music | 8 | noblacklist ${HOME}/.local/share/gnome-music |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index f9be4c4de..f3b00a868 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ~/.local/share/gnome-photos | 10 | noblacklist ${HOME}/.local/share/gnome-photos |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index e5804687c..0423b06dd 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ~/.cache/libgweather | 10 | noblacklist ${HOME}/.cache/libgweather |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index ac457b92f..9c7306b85 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-beta.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/google-chrome-beta | 8 | noblacklist ${HOME}/.cache/google-chrome-beta |
9 | noblacklist ~/.config/google-chrome-beta | 9 | noblacklist ${HOME}/.config/google-chrome-beta |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/google-chrome-beta | 16 | mkdir ${HOME}/.cache/google-chrome-beta |
17 | mkdir ~/.config/google-chrome-beta | 17 | mkdir ${HOME}/.config/google-chrome-beta |
18 | mkdir ~/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.cache/google-chrome-beta | 20 | whitelist ${HOME}/.cache/google-chrome-beta |
21 | whitelist ~/.config/google-chrome-beta | 21 | whitelist ${HOME}/.config/google-chrome-beta |
22 | whitelist ~/.pki | 22 | whitelist ${HOME}/.pki |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.keep sys_chroot,sys_admin | 25 | caps.keep sys_chroot,sys_admin |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 3d7a9a715..bb05b3e99 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-unstable.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/google-chrome-unstable | 8 | noblacklist ${HOME}/.cache/google-chrome-unstable |
9 | noblacklist ~/.config/google-chrome-unstable | 9 | noblacklist ${HOME}/.config/google-chrome-unstable |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/google-chrome-unstable | 16 | mkdir ${HOME}/.cache/google-chrome-unstable |
17 | mkdir ~/.config/google-chrome-unstable | 17 | mkdir ${HOME}/.config/google-chrome-unstable |
18 | mkdir ~/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.cache/google-chrome-unstable | 20 | whitelist ${HOME}/.cache/google-chrome-unstable |
21 | whitelist ~/.config/google-chrome-unstable | 21 | whitelist ${HOME}/.config/google-chrome-unstable |
22 | whitelist ~/.pki | 22 | whitelist ${HOME}/.pki |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.keep sys_chroot,sys_admin | 25 | caps.keep sys_chroot,sys_admin |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6e5175989..2e9524e16 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/google-chrome | 8 | noblacklist ${HOME}/.cache/google-chrome |
9 | noblacklist ~/.config/google-chrome | 9 | noblacklist ${HOME}/.config/google-chrome |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/google-chrome | 16 | mkdir ${HOME}/.cache/google-chrome |
17 | mkdir ~/.config/google-chrome | 17 | mkdir ${HOME}/.config/google-chrome |
18 | mkdir ~/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.cache/google-chrome | 20 | whitelist ${HOME}/.cache/google-chrome |
21 | whitelist ~/.config/google-chrome | 21 | whitelist ${HOME}/.config/google-chrome |
22 | whitelist ~/.pki | 22 | whitelist ${HOME}/.pki |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include /etc/firejail/whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 11ca13090..58473d5c8 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -5,16 +5,16 @@ include /etc/firejail/google-play-music-desktop-player.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Google Play Music Desktop Player | 8 | noblacklist ${HOME}/.config/Google Play Music Desktop Player |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | # whitelist ~/.config/pulse | 15 | # whitelist ${HOME}/.config/pulse |
16 | # whitelist ~/.pulse | 16 | # whitelist ${HOME}/.pulse |
17 | whitelist ~/.config/Google Play Music Desktop Player | 17 | whitelist ${HOME}/.config/Google Play Music Desktop Player |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/gpa.profile b/etc/gpa.profile index 8d721e2c0..725c744ed 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/gpa.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.gnupg | 8 | noblacklist ${HOME}/.gnupg |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 8fd2ce232..c59c624fc 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
9 | 9 | ||
10 | noblacklist ~/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 8c39f85e3..cd2b30e9e 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
9 | 9 | ||
10 | noblacklist ~/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 5ed447ac4..8d47d9c31 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/gpicview | 10 | noblacklist ${HOME}/.config/gpicview |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index f204366c5..029c37290 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -5,14 +5,14 @@ include /etc/firejail/gpredict.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Gpredict | 8 | noblacklist ${HOME}/.config/Gpredict |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | whitelist ~/.config/Gpredict | 15 | whitelist ${HOME}/.config/Gpredict |
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 287e214e1..5d066c141 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -6,8 +6,8 @@ include /etc/firejail/gthumb.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/gthumb | 8 | noblacklist ${HOME}/.config/gthumb |
9 | noblacklist ~/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | noblacklist ~/.steam | 10 | noblacklist ${HOME}/.steam |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 891c9865e..efaf94f4c 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -7,15 +7,15 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/gwenviewrc | 10 | noblacklist ${HOME}/.config/gwenviewrc |
11 | noblacklist ~/.config/org.kde.gwenviewrc | 11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc |
12 | noblacklist ~/.gimp* | 12 | noblacklist ${HOME}/.gimp* |
13 | noblacklist ~/.kde/share/apps/gwenview | 13 | noblacklist ${HOME}/.kde/share/apps/gwenview |
14 | noblacklist ~/.kde/share/config/gwenviewrc | 14 | noblacklist ${HOME}/.kde/share/config/gwenviewrc |
15 | noblacklist ~/.kde4/share/apps/gwenview | 15 | noblacklist ${HOME}/.kde4/share/apps/gwenview |
16 | noblacklist ~/.kde4/share/config/gwenviewrc | 16 | noblacklist ${HOME}/.kde4/share/config/gwenviewrc |
17 | noblacklist ~/.local/share/gwenview | 17 | noblacklist ${HOME}/.local/share/gwenview |
18 | noblacklist ~/.local/share/org.kde.gwenview | 18 | noblacklist ${HOME}/.local/share/org.kde.gwenview |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 5235e91f2..f8554d50c 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/handbrake.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/ghb | 8 | noblacklist ${HOME}/.config/ghb |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index e2775ffce..6f9117fae 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -12,8 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.hedgewars | 15 | mkdir ${HOME}/.hedgewars |
16 | whitelist ~/.hedgewars | 16 | whitelist ${HOME}/.hedgewars |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 5945665cc..634ced575 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -13,8 +13,8 @@ include /etc/firejail/disable-common.inc | |||
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.config/hexchat | 16 | mkdir ${HOME}/.config/hexchat |
17 | whitelist ~/.config/hexchat | 17 | whitelist ${HOME}/.config/hexchat |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
diff --git a/etc/icecat.profile b/etc/icecat.profile index ab7e62180..74c51926a 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -5,34 +5,34 @@ include /etc/firejail/icecat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ~/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/mozilla/icecat | 16 | mkdir ${HOME}/.cache/mozilla/icecat |
17 | mkdir ~/.mozilla | 17 | mkdir ${HOME}/.mozilla |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/gnome-mplayer/plugin | 19 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
20 | whitelist ~/.cache/mozilla/icecat | 20 | whitelist ${HOME}/.cache/mozilla/icecat |
21 | whitelist ~/.config/gnome-mplayer | 21 | whitelist ${HOME}/.config/gnome-mplayer |
22 | whitelist ~/.config/pipelight-silverlight5.1 | 22 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
23 | whitelist ~/.config/pipelight-widevine | 23 | whitelist ${HOME}/.config/pipelight-widevine |
24 | whitelist ~/.keysnail.js | 24 | whitelist ${HOME}/.keysnail.js |
25 | whitelist ~/.lastpass | 25 | whitelist ${HOME}/.lastpass |
26 | whitelist ~/.mozilla | 26 | whitelist ${HOME}/.mozilla |
27 | whitelist ~/.pentadactyl | 27 | whitelist ${HOME}/.pentadactyl |
28 | whitelist ~/.pentadactylrc | 28 | whitelist ${HOME}/.pentadactylrc |
29 | whitelist ~/.pki | 29 | whitelist ${HOME}/.pki |
30 | whitelist ~/.vimperator | 30 | whitelist ${HOME}/.vimperator |
31 | whitelist ~/.vimperatorrc | 31 | whitelist ${HOME}/.vimperatorrc |
32 | whitelist ~/.wine-pipelight | 32 | whitelist ${HOME}/.wine-pipelight |
33 | whitelist ~/.wine-pipelight64 | 33 | whitelist ${HOME}/.wine-pipelight64 |
34 | whitelist ~/.zotero | 34 | whitelist ${HOME}/.zotero |
35 | whitelist ~/dwhelper | 35 | whitelist ${HOME}/dwhelper |
36 | include /etc/firejail/whitelist-common.inc | 36 | include /etc/firejail/whitelist-common.inc |
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
diff --git a/etc/icedove.profile b/etc/icedove.profile index 46861d9f2..80cff3878 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
@@ -8,16 +8,16 @@ include /etc/firejail/globals.local | |||
8 | # Users have icedove set to open a browser by clicking a link in an email | 8 | # Users have icedove set to open a browser by clicking a link in an email |
9 | # We are not allowed to blacklist browser-specific directories | 9 | # We are not allowed to blacklist browser-specific directories |
10 | 10 | ||
11 | noblacklist ~/.cache/icedove | 11 | noblacklist ${HOME}/.cache/icedove |
12 | noblacklist ~/.gnupg | 12 | noblacklist ${HOME}/.gnupg |
13 | noblacklist ~/.icedove | 13 | noblacklist ${HOME}/.icedove |
14 | 14 | ||
15 | mkdir ~/.cache/icedove | 15 | mkdir ${HOME}/.cache/icedove |
16 | mkdir ~/.gnupg | 16 | mkdir ${HOME}/.gnupg |
17 | mkdir ~/.icedove | 17 | mkdir ${HOME}/.icedove |
18 | whitelist ~/.cache/icedove | 18 | whitelist ${HOME}/.cache/icedove |
19 | whitelist ~/.gnupg | 19 | whitelist ${HOME}/.gnupg |
20 | whitelist ~/.icedove | 20 | whitelist ${HOME}/.icedove |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | 22 | ||
23 | ignore private-tmp | 23 | ignore private-tmp |
diff --git a/etc/inox.profile b/etc/inox.profile index 221acd309..fbc654434 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
@@ -5,20 +5,20 @@ include /etc/firejail/inox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/inox | 8 | noblacklist ${HOME}/.cache/inox |
9 | noblacklist ~/.config/inox | 9 | noblacklist ${HOME}/.config/inox |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.cache/inox | 15 | mkdir ${HOME}/.cache/inox |
16 | mkdir ~/.config/inox | 16 | mkdir ${HOME}/.config/inox |
17 | mkdir ~/.pki | 17 | mkdir ${HOME}/.pki |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/inox | 19 | whitelist ${HOME}/.cache/inox |
20 | whitelist ~/.config/inox | 20 | whitelist ${HOME}/.config/inox |
21 | whitelist ~/.pki | 21 | whitelist ${HOME}/.pki |
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | 23 | include /etc/firejail/whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/iridium.profile b/etc/iridium.profile index 5b1268f4e..76026722f 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/iridium.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/iridium | 8 | noblacklist ${HOME}/.cache/iridium |
9 | noblacklist ~/.config/iridium | 9 | noblacklist ${HOME}/.config/iridium |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | # chromium/iridium is distributed with a perl script on Arch | 12 | # chromium/iridium is distributed with a perl script on Arch |
13 | # include /etc/firejail/disable-devel.inc | 13 | # include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/iridium | 16 | mkdir ${HOME}/.cache/iridium |
17 | mkdir ~/.config/iridium | 17 | mkdir ${HOME}/.config/iridium |
18 | mkdir ~/.pki | 18 | mkdir ${HOME}/.pki |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.cache/iridium | 20 | whitelist ${HOME}/.cache/iridium |
21 | whitelist ~/.config/iridium | 21 | whitelist ${HOME}/.config/iridium |
22 | whitelist ~/.pki | 22 | whitelist ${HOME}/.pki |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | include /etc/firejail/whitelist-var-common.inc | 24 | include /etc/firejail/whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 78a57ff46..bfccdf281 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/jitsi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.jitsi | 8 | noblacklist ${HOME}/.jitsi |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/k3b.profile b/etc/k3b.profile index 58623d823..a9555bccc 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/k3b.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/k3brc | 8 | noblacklist ${HOME}/.config/k3brc |
9 | noblacklist ~/.kde/share/config/k3brc | 9 | noblacklist ${HOME}/.kde/share/config/k3brc |
10 | noblacklist ~/.kde4/share/config/k3brc | 10 | noblacklist ${HOME}/.kde4/share/config/k3brc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/kate.profile b/etc/kate.profile index 85a98d67f..711833d5c 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/katepartrc | 10 | noblacklist ${HOME}/.config/katepartrc |
11 | noblacklist ~/.config/katerc | 11 | noblacklist ${HOME}/.config/katerc |
12 | noblacklist ~/.config/kateschemarc | 12 | noblacklist ${HOME}/.config/kateschemarc |
13 | noblacklist ~/.config/katesyntaxhighlightingrc | 13 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
14 | noblacklist ~/.config/katevirc | 14 | noblacklist ${HOME}/.config/katevirc |
15 | noblacklist ~/.local/share/kate | 15 | noblacklist ${HOME}/.local/share/kate |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
18 | # include /etc/firejail/disable-devel.inc | 18 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/kget.profile b/etc/kget.profile index f6d7352c1..25c66e044 100644 --- a/etc/kget.profile +++ b/etc/kget.profile | |||
@@ -5,10 +5,10 @@ include /etc/firejail/kget.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.kde/share/apps/kget | 8 | noblacklist ${HOME}/.kde/share/apps/kget |
9 | noblacklist ~/.kde/share/config/kgetrc | 9 | noblacklist ${HOME}/.kde/share/config/kgetrc |
10 | noblacklist ~/.kde4/share/apps/kget | 10 | noblacklist ${HOME}/.kde4/share/apps/kget |
11 | noblacklist ~/.kde4/share/config/kgetrc | 11 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/kino.profile b/etc/kino.profile index 240dab8ef..be51786f5 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/kino.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.kino-history | 8 | noblacklist ${HOME}/.kino-history |
9 | noblacklist ~/.kinorc | 9 | noblacklist ${HOME}/.kinorc |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/knotes.profile b/etc/knotes.profile index 039f1b057..94ada7855 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/knotes.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/knotesrc | 8 | noblacklist ${HOME}/.config/knotesrc |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | # include /etc/firejail/disable-devel.inc | 11 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/kopete.profile b/etc/kopete.profile index 3e943c162..6d7c22373 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile | |||
@@ -5,10 +5,10 @@ include /etc/firejail/kopete.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.kde/share/apps/kopete | 8 | noblacklist ${HOME}/.kde/share/apps/kopete |
9 | noblacklist ~/.kde/share/config/kopeterc | 9 | noblacklist ${HOME}/.kde/share/config/kopeterc |
10 | noblacklist ~/.kde4/share/apps/kopete | 10 | noblacklist ${HOME}/.kde4/share/apps/kopete |
11 | noblacklist ~/.kde4/share/config/kopeterc | 11 | noblacklist ${HOME}/.kde4/share/config/kopeterc |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/krunner.profile b/etc/krunner.profile index c3a4c73aa..606b67677 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
@@ -8,9 +8,9 @@ include /etc/firejail/globals.local | |||
8 | # start a program in krunner: program will run with this generic profile | 8 | # start a program in krunner: program will run with this generic profile |
9 | # open a file in krunner: file viewer will run with its own profile (if firejailed automatically) | 9 | # open a file in krunner: file viewer will run with its own profile (if firejailed automatically) |
10 | 10 | ||
11 | noblacklist ~/.config/krunnerrc | 11 | noblacklist ${HOME}/.config/krunnerrc |
12 | noblacklist ~/.kde/share/config/krunnerrc | 12 | noblacklist ${HOME}/.kde/share/config/krunnerrc |
13 | noblacklist ~/.kde4/share/config/krunnerrc | 13 | noblacklist ${HOME}/.kde4/share/config/krunnerrc |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | # include /etc/firejail/disable-devel.inc | 16 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 99e185ce3..5ea09f925 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -5,31 +5,31 @@ include /etc/firejail/ktorrent.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/ktorrentrc | 8 | noblacklist ${HOME}/.config/ktorrentrc |
9 | noblacklist ~/.kde/share/apps/ktorrent | 9 | noblacklist ${HOME}/.kde/share/apps/ktorrent |
10 | noblacklist ~/.kde/share/config/ktorrentrc | 10 | noblacklist ${HOME}/.kde/share/config/ktorrentrc |
11 | noblacklist ~/.kde4/share/apps/ktorrent | 11 | noblacklist ${HOME}/.kde4/share/apps/ktorrent |
12 | noblacklist ~/.kde4/share/config/ktorrentrc | 12 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc |
13 | noblacklist ~/.local/share/ktorrent | 13 | noblacklist ${HOME}/.local/share/ktorrent |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | 19 | ||
20 | mkdir ~/.kde/share/apps/ktorrent | 20 | mkdir ${HOME}/.kde/share/apps/ktorrent |
21 | mkdir ~/.kde4/share/apps/ktorrent | 21 | mkdir ${HOME}/.kde4/share/apps/ktorrent |
22 | mkdir ~/.local/share/ktorrent | 22 | mkdir ${HOME}/.local/share/ktorrent |
23 | mkfile ~/.config/ktorrentrc | 23 | mkfile ${HOME}/.config/ktorrentrc |
24 | mkfile ~/.kde/share/config/ktorrentrc | 24 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
25 | mkfile ~/.kde4/share/config/ktorrentrc | 25 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
26 | whitelist ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | whitelist ~/.config/ktorrentrc | 27 | whitelist ${HOME}/.config/ktorrentrc |
28 | whitelist ~/.kde/share/apps/ktorrent | 28 | whitelist ${HOME}/.kde/share/apps/ktorrent |
29 | whitelist ~/.kde/share/config/ktorrentrc | 29 | whitelist ${HOME}/.kde/share/config/ktorrentrc |
30 | whitelist ~/.kde4/share/apps/ktorrent | 30 | whitelist ${HOME}/.kde4/share/apps/ktorrent |
31 | whitelist ~/.kde4/share/config/ktorrentrc | 31 | whitelist ${HOME}/.kde4/share/config/ktorrentrc |
32 | whitelist ~/.local/share/ktorrent | 32 | whitelist ${HOME}/.local/share/ktorrent |
33 | include /etc/firejail/whitelist-common.inc | 33 | include /etc/firejail/whitelist-common.inc |
34 | include /etc/firejail/whitelist-var-common.inc | 34 | include /etc/firejail/whitelist-var-common.inc |
35 | 35 | ||
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 0004da72d..8a578f3f3 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/kwin_x11.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/kwinrc | 8 | noblacklist ${HOME}/.config/kwinrc |
9 | noblacklist ~/.config/kwinrulesrc | 9 | noblacklist ${HOME}/.config/kwinrulesrc |
10 | noblacklist ~/.local/share/kwin | 10 | noblacklist ${HOME}/.local/share/kwin |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 5d6eba094..807ecf62b 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -7,13 +7,13 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/katepartrc | 10 | noblacklist ${HOME}/.config/katepartrc |
11 | noblacklist ~/.config/katerc | 11 | noblacklist ${HOME}/.config/katerc |
12 | noblacklist ~/.config/kateschemarc | 12 | noblacklist ${HOME}/.config/kateschemarc |
13 | noblacklist ~/.config/katesyntaxhighlightingrc | 13 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
14 | noblacklist ~/.config/katevirc | 14 | noblacklist ${HOME}/.config/katevirc |
15 | noblacklist ~/.config/kwriterc | 15 | noblacklist ${HOME}/.config/kwriterc |
16 | noblacklist ~/.local/share/kwrite | 16 | noblacklist ${HOME}/.local/share/kwrite |
17 | 17 | ||
18 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
19 | # include /etc/firejail/disable-devel.inc | 19 | # include /etc/firejail/disable-devel.inc |
diff --git a/etc/less.profile b/etc/less.profile index 3546649af..3b1c5d6bf 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -20,7 +20,7 @@ shell none | |||
20 | tracelog | 20 | tracelog |
21 | writable-var-log | 21 | writable-var-log |
22 | 22 | ||
23 | # The user can have a custom coloring scritps configured in ~/.lessfilter. | 23 | # The user can have a custom coloring scritps configured in ${HOME}/.lessfilter. |
24 | # Enable private-bin and private-lib if you are not using any filter. | 24 | # Enable private-bin and private-lib if you are not using any filter. |
25 | # private-bin less | 25 | # private-bin less |
26 | # private-lib | 26 | # private-lib |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 214b49c65..3548a75ad 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
9 | noblacklist /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | noblacklist ~/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/liferea.profile b/etc/liferea.profile index afd5fed6b..552a45bbb 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
@@ -5,21 +5,21 @@ include /etc/firejail/liferea.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/liferea | 8 | noblacklist ${HOME}/.cache/liferea |
9 | noblacklist ~/.config/liferea | 9 | noblacklist ${HOME}/.config/liferea |
10 | noblacklist ~/.local/share/liferea | 10 | noblacklist ${HOME}/.local/share/liferea |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.cache/liferea | 17 | mkdir ${HOME}/.cache/liferea |
18 | mkdir ~/.config/liferea | 18 | mkdir ${HOME}/.config/liferea |
19 | mkdir ~/.local/share/liferea | 19 | mkdir ${HOME}/.local/share/liferea |
20 | whitelist ~/.cache/liferea | 20 | whitelist ${HOME}/.cache/liferea |
21 | whitelist ~/.config/liferea | 21 | whitelist ${HOME}/.config/liferea |
22 | whitelist ~/.local/share/liferea | 22 | whitelist ${HOME}/.local/share/liferea |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 1a3b26c10..d4bb1b0e8 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/lximage-qt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/lximage-qt | 8 | noblacklist ${HOME}/.config/lximage-qt |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 0161ffb63..71d7a056f 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/lxmusic.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/xmms2 | 8 | noblacklist ${HOME}/.cache/xmms2 |
9 | noblacklist ~/.config/xmms2 | 9 | noblacklist ${HOME}/.config/xmms2 |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 96846592d..6d2e6b0ce 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
@@ -5,8 +5,8 @@ | |||
5 | # for potential issues and their solutions when Firejailing makepkg | 5 | # for potential issues and their solutions when Firejailing makepkg |
6 | 6 | ||
7 | # This profile could be significantly strengthened by adding the following to makepkg.local | 7 | # This profile could be significantly strengthened by adding the following to makepkg.local |
8 | # whitelist ~/<Your Build Folder> | 8 | # whitelist ${HOME}/<Your Build Folder> |
9 | # whitelist ~/.gnupg | 9 | # whitelist ${HOME}/.gnupg |
10 | 10 | ||
11 | quiet | 11 | quiet |
12 | # Persistent local customizations | 12 | # Persistent local customizations |
@@ -16,15 +16,15 @@ include /etc/firejail/globals.local | |||
16 | 16 | ||
17 | 17 | ||
18 | # Enable severely restricted access to ${HOME}/.gnupg | 18 | # Enable severely restricted access to ${HOME}/.gnupg |
19 | noblacklist ~/.gnupg | 19 | noblacklist ${HOME}/.gnupg |
20 | read-only ~/.gnupg/gpg.conf | 20 | read-only ${HOME}/.gnupg/gpg.conf |
21 | read-only ~/.gnupg/trustdb.gpg | 21 | read-only ${HOME}/.gnupg/trustdb.gpg |
22 | read-only ~/.gnupg/pubring.kbx | 22 | read-only ${HOME}/.gnupg/pubring.kbx |
23 | blacklist ~/.gnupg/random_seed | 23 | blacklist ${HOME}/.gnupg/random_seed |
24 | blacklist ~/.gnupg/pubring.kbx~ | 24 | blacklist ${HOME}/.gnupg/pubring.kbx~ |
25 | blacklist ~/.gnupg/private-keys-v1.d | 25 | blacklist ${HOME}/.gnupg/private-keys-v1.d |
26 | blacklist ~/.gnupg/crls.d | 26 | blacklist ${HOME}/.gnupg/crls.d |
27 | blacklist ~/.gnupg/openpgp-revocs.d | 27 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
28 | 28 | ||
29 | 29 | ||
30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | 30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} |
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index dc9946794..9eae27765 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
@@ -5,16 +5,16 @@ include /etc/firejail/mediathekview.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/mpv | 8 | noblacklist ${HOME}/.config/mpv |
9 | noblacklist ~/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
10 | noblacklist ~/.config/totem | 10 | noblacklist ${HOME}/.config/totem |
11 | noblacklist ~/.config/vlc | 11 | noblacklist ${HOME}/.config/vlc |
12 | noblacklist ~/.config/xplayer | 12 | noblacklist ${HOME}/.config/xplayer |
13 | noblacklist ~/.java | 13 | noblacklist ${HOME}/.java |
14 | noblacklist ~/.local/share/totem | 14 | noblacklist ${HOME}/.local/share/totem |
15 | noblacklist ~/.local/share/xplayer | 15 | noblacklist ${HOME}/.local/share/xplayer |
16 | noblacklist ~/.mediathek3 | 16 | noblacklist ${HOME}/.mediathek3 |
17 | noblacklist ~/.mplayer | 17 | noblacklist ${HOME}/.mplayer |
18 | 18 | ||
19 | include /etc/firejail/disable-common.inc | 19 | include /etc/firejail/disable-common.inc |
20 | include /etc/firejail/disable-devel.inc | 20 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/midori.profile b/etc/midori.profile index e8373b042..7cb5326fb 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -5,32 +5,32 @@ include /etc/firejail/midori.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/midori | 8 | noblacklist ${HOME}/.config/midori |
9 | noblacklist ~/.local/share/midori | 9 | noblacklist ${HOME}/.local/share/midori |
10 | # noblacklist ~/.local/share/webkit | 10 | # noblacklist ${HOME}/.local/share/webkit |
11 | # noblacklist ~/.local/share/webkitgtk | 11 | # noblacklist ${HOME}/.local/share/webkitgtk |
12 | noblacklist ~/.pki | 12 | noblacklist ${HOME}/.pki |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | mkdir ~/.cache/midori | 18 | mkdir ${HOME}/.cache/midori |
19 | mkdir ~/.config/midori | 19 | mkdir ${HOME}/.config/midori |
20 | mkdir ~/.local/share/midori | 20 | mkdir ${HOME}/.local/share/midori |
21 | mkdir ~/.local/share/webkit | 21 | mkdir ${HOME}/.local/share/webkit |
22 | mkdir ~/.local/share/webkitgtk | 22 | mkdir ${HOME}/.local/share/webkitgtk |
23 | mkdir ~/.pki | 23 | mkdir ${HOME}/.pki |
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | whitelist ~/.cache/gnome-mplayer/plugin | 25 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
26 | whitelist ~/.cache/midori | 26 | whitelist ${HOME}/.cache/midori |
27 | whitelist ~/.config/gnome-mplayer | 27 | whitelist ${HOME}/.config/gnome-mplayer |
28 | whitelist ~/.config/midori | 28 | whitelist ${HOME}/.config/midori |
29 | whitelist ~/.lastpass | 29 | whitelist ${HOME}/.lastpass |
30 | whitelist ~/.local/share/midori | 30 | whitelist ${HOME}/.local/share/midori |
31 | whitelist ~/.local/share/webkit | 31 | whitelist ${HOME}/.local/share/webkit |
32 | whitelist ~/.local/share/webkitgtk | 32 | whitelist ${HOME}/.local/share/webkitgtk |
33 | whitelist ~/.pki | 33 | whitelist ${HOME}/.pki |
34 | include /etc/firejail/whitelist-common.inc | 34 | include /etc/firejail/whitelist-common.inc |
35 | 35 | ||
36 | caps.drop all | 36 | caps.drop all |
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index e44750f99..0f0051c0a 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/mousepad.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Mousepad | 8 | noblacklist ${HOME}/.config/Mousepad |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/musescore.profile b/etc/musescore.profile index b3d04c08f..75f86c842 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
@@ -5,10 +5,10 @@ include /etc/firejail/musescore.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/MusE | 8 | noblacklist ${HOME}/.config/MusE |
9 | noblacklist ~/.config/MuseScore | 9 | noblacklist ${HOME}/.config/MuseScore |
10 | noblacklist ~/.local/share/data/MusE | 10 | noblacklist ${HOME}/.local/share/data/MusE |
11 | noblacklist ~/.local/share/data/MuseScore | 11 | noblacklist ${HOME}/.local/share/data/MuseScore |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/mutt.profile b/etc/mutt.profile index bdd629773..bca72f386 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -9,28 +9,28 @@ blacklist /tmp/.X11-unix | |||
9 | 9 | ||
10 | noblacklist /var/mail | 10 | noblacklist /var/mail |
11 | noblacklist /var/spool/mail | 11 | noblacklist /var/spool/mail |
12 | noblacklist ~/.Mail | 12 | noblacklist ${HOME}/.Mail |
13 | noblacklist ~/.bogofilter | 13 | noblacklist ${HOME}/.bogofilter |
14 | noblacklist ~/.cache/mutt | 14 | noblacklist ${HOME}/.cache/mutt |
15 | noblacklist ~/.elinks | 15 | noblacklist ${HOME}/.elinks |
16 | noblacklist ~/.emacs | 16 | noblacklist ${HOME}/.emacs |
17 | noblacklist ~/.emacs.d | 17 | noblacklist ${HOME}/.emacs.d |
18 | noblacklist ~/.gnupg | 18 | noblacklist ${HOME}/.gnupg |
19 | noblacklist ~/.mail | 19 | noblacklist ${HOME}/.mail |
20 | noblacklist ~/.mailcap | 20 | noblacklist ${HOME}/.mailcap |
21 | noblacklist ~/.msmtprc | 21 | noblacklist ${HOME}/.msmtprc |
22 | noblacklist ~/.mutt | 22 | noblacklist ${HOME}/.mutt |
23 | noblacklist ~/.mutt/muttrc | 23 | noblacklist ${HOME}/.mutt/muttrc |
24 | noblacklist ~/.muttrc | 24 | noblacklist ${HOME}/.muttrc |
25 | noblacklist ~/.signature | 25 | noblacklist ${HOME}/.signature |
26 | noblacklist ~/.vim | 26 | noblacklist ${HOME}/.vim |
27 | noblacklist ~/.viminfo | 27 | noblacklist ${HOME}/.viminfo |
28 | noblacklist ~/.vimrc | 28 | noblacklist ${HOME}/.vimrc |
29 | noblacklist ~/.w3m | 29 | noblacklist ${HOME}/.w3m |
30 | noblacklist ~/Mail | 30 | noblacklist ${HOME}/Mail |
31 | noblacklist ~/mail | 31 | noblacklist ${HOME}/mail |
32 | noblacklist ~/postponed | 32 | noblacklist ${HOME}/postponed |
33 | noblacklist ~/sent | 33 | noblacklist ${HOME}/sent |
34 | 34 | ||
35 | include /etc/firejail/disable-common.inc | 35 | include /etc/firejail/disable-common.inc |
36 | include /etc/firejail/disable-devel.inc | 36 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 45d23cae6..5ba0850fc 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -8,10 +8,10 @@ include /etc/firejail/globals.local | |||
8 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there | 8 | # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there |
9 | # is already a nautilus process running on gnome desktops firejail will have no effect. | 9 | # is already a nautilus process running on gnome desktops firejail will have no effect. |
10 | 10 | ||
11 | noblacklist ~/.config/nautilus | 11 | noblacklist ${HOME}/.config/nautilus |
12 | noblacklist ~/.local/share/Trash | 12 | noblacklist ${HOME}/.local/share/Trash |
13 | noblacklist ~/.local/share/nautilus | 13 | noblacklist ${HOME}/.local/share/nautilus |
14 | noblacklist ~/.local/share/nautilus-python | 14 | noblacklist ${HOME}/.local/share/nautilus-python |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 64aa068b1..02b35757a 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -5,18 +5,18 @@ include /etc/firejail/netsurf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/netsurf | 8 | noblacklist ${HOME}/.cache/netsurf |
9 | noblacklist ~/.config/netsurf | 9 | noblacklist ${HOME}/.config/netsurf |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.cache/netsurf | 15 | mkdir ${HOME}/.cache/netsurf |
16 | mkdir ~/.config/netsurf | 16 | mkdir ${HOME}/.config/netsurf |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ~/.cache/netsurf | 18 | whitelist ${HOME}/.cache/netsurf |
19 | whitelist ~/.config/netsurf | 19 | whitelist ${HOME}/.config/netsurf |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/nylas.profile b/etc/nylas.profile index d96c6b0d4..c2e1e1fdb 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/nylas.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Nylas Mail | 8 | noblacklist ${HOME}/.config/Nylas Mail |
9 | noblacklist ~/.nylas-mail | 9 | noblacklist ${HOME}/.nylas-mail |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | whitelist ~/.config/Nylas Mail | 17 | whitelist ${HOME}/.config/Nylas Mail |
18 | whitelist ~/.nylas-mail | 18 | whitelist ${HOME}/.nylas-mail |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/okular.profile b/etc/okular.profile index 4171a28f8..2c2d395c8 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -7,15 +7,15 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
11 | noblacklist ~/.config/okularrc | 11 | noblacklist ${HOME}/.config/okularrc |
12 | noblacklist ~/.kde/share/apps/okular | 12 | noblacklist ${HOME}/.kde/share/apps/okular |
13 | noblacklist ~/.kde/share/config/okularpartrc | 13 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
14 | noblacklist ~/.kde/share/config/okularrc | 14 | noblacklist ${HOME}/.kde/share/config/okularrc |
15 | noblacklist ~/.kde4/share/apps/okular | 15 | noblacklist ${HOME}/.kde4/share/apps/okular |
16 | noblacklist ~/.kde4/share/config/okularpartrc | 16 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
17 | noblacklist ~/.kde4/share/config/okularrc | 17 | noblacklist ${HOME}/.kde4/share/config/okularrc |
18 | noblacklist ~/.local/share/okular | 18 | noblacklist ${HOME}/.local/share/okular |
19 | 19 | ||
20 | include /etc/firejail/disable-common.inc | 20 | include /etc/firejail/disable-common.inc |
21 | include /etc/firejail/disable-devel.inc | 21 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 20a9b2227..331bfa939 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.openinvaders | 10 | noblacklist ${HOME}/.openinvaders |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.openinvaders | 16 | mkdir ${HOME}/.openinvaders |
17 | whitelist ~/.openinvaders | 17 | whitelist ${HOME}/.openinvaders |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index c295a2082..6079ac7d5 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -5,20 +5,20 @@ include /etc/firejail/opera-beta.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/opera-beta | 8 | noblacklist ${HOME}/.config/opera-beta |
9 | noblacklist ~/.pki | 9 | noblacklist ${HOME}/.pki |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.cache/opera | 15 | mkdir ${HOME}/.cache/opera |
16 | mkdir ~/.config/opera-beta | 16 | mkdir ${HOME}/.config/opera-beta |
17 | mkdir ~/.pki | 17 | mkdir ${HOME}/.pki |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/opera | 19 | whitelist ${HOME}/.cache/opera |
20 | whitelist ~/.config/opera-beta | 20 | whitelist ${HOME}/.config/opera-beta |
21 | whitelist ~/.pki | 21 | whitelist ${HOME}/.pki |
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | 23 | ||
24 | netfilter | 24 | netfilter |
diff --git a/etc/opera.profile b/etc/opera.profile index 553ea6790..2b9b903ac 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -5,24 +5,24 @@ include /etc/firejail/opera.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/opera | 8 | noblacklist ${HOME}/.cache/opera |
9 | noblacklist ~/.config/opera | 9 | noblacklist ${HOME}/.config/opera |
10 | noblacklist ~/.opera | 10 | noblacklist ${HOME}/.opera |
11 | noblacklist ~/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | mkdir ~/.cache/opera | 17 | mkdir ${HOME}/.cache/opera |
18 | mkdir ~/.config/opera | 18 | mkdir ${HOME}/.config/opera |
19 | mkdir ~/.opera | 19 | mkdir ${HOME}/.opera |
20 | mkdir ~/.pki | 20 | mkdir ${HOME}/.pki |
21 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | whitelist ~/.cache/opera | 22 | whitelist ${HOME}/.cache/opera |
23 | whitelist ~/.config/opera | 23 | whitelist ${HOME}/.config/opera |
24 | whitelist ~/.opera | 24 | whitelist ${HOME}/.opera |
25 | whitelist ~/.pki | 25 | whitelist ${HOME}/.pki |
26 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
27 | 27 | ||
28 | netfilter | 28 | netfilter |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 054e876c5..8bdcb7334 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/palemoon.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/moonchild productions/pale moon | 8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon |
9 | noblacklist ~/.moonchild productions/pale moon | 9 | noblacklist ${HOME}/.moonchild productions/pale moon |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
@@ -14,29 +14,29 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | # These are uncommented in the Firefox profile. If you run into trouble you may | 15 | # These are uncommented in the Firefox profile. If you run into trouble you may |
16 | # want to uncomment (some of) them. | 16 | # want to uncomment (some of) them. |
17 | #whitelist ~/dwhelper | 17 | #whitelist ${HOME}/dwhelper |
18 | #whitelist ~/.zotero | 18 | #whitelist ${HOME}/.zotero |
19 | #whitelist ~/.vimperatorrc | 19 | #whitelist ${HOME}/.vimperatorrc |
20 | #whitelist ~/.vimperator | 20 | #whitelist ${HOME}/.vimperator |
21 | #whitelist ~/.pentadactylrc | 21 | #whitelist ${HOME}/.pentadactylrc |
22 | #whitelist ~/.pentadactyl | 22 | #whitelist ${HOME}/.pentadactyl |
23 | #whitelist ~/.keysnail.js | 23 | #whitelist ${HOME}/.keysnail.js |
24 | #whitelist ~/.config/gnome-mplayer | 24 | #whitelist ${HOME}/.config/gnome-mplayer |
25 | #whitelist ~/.cache/gnome-mplayer/plugin | 25 | #whitelist ${HOME}/.cache/gnome-mplayer/plugin |
26 | #whitelist ~/.pki | 26 | #whitelist ${HOME}/.pki |
27 | #whitelist ~/.lastpass | 27 | #whitelist ${HOME}/.lastpass |
28 | 28 | ||
29 | # For silverlight | 29 | # For silverlight |
30 | #whitelist ~/.wine-pipelight | 30 | #whitelist ${HOME}/.wine-pipelight |
31 | #whitelist ~/.wine-pipelight64 | 31 | #whitelist ${HOME}/.wine-pipelight64 |
32 | #whitelist ~/.config/pipelight-widevine | 32 | #whitelist ${HOME}/.config/pipelight-widevine |
33 | #whitelist ~/.config/pipelight-silverlight5.1 | 33 | #whitelist ${HOME}/.config/pipelight-silverlight5.1 |
34 | 34 | ||
35 | mkdir ~/.cache/moonchild productions/pale moon | 35 | mkdir ${HOME}/.cache/moonchild productions/pale moon |
36 | mkdir ~/.moonchild productions | 36 | mkdir ${HOME}/.moonchild productions |
37 | whitelist ${DOWNLOADS} | 37 | whitelist ${DOWNLOADS} |
38 | whitelist ~/.cache/moonchild productions/pale moon | 38 | whitelist ${HOME}/.cache/moonchild productions/pale moon |
39 | whitelist ~/.moonchild productions | 39 | whitelist ${HOME}/.moonchild productions |
40 | include /etc/firejail/whitelist-common.inc | 40 | include /etc/firejail/whitelist-common.inc |
41 | 41 | ||
42 | caps.drop all | 42 | caps.drop all |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 03e7e450f..08c607020 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/globals.local | |||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | # noblacklist ~/.config/libfm - disable-programs.inc is disabled, see below | 11 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below |
12 | # noblacklist ~/.config/pcmanfm | 12 | # noblacklist ${HOME}/.config/pcmanfm |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/pingus.profile b/etc/pingus.profile index c491a2669..65aeedd86 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.pingus | 10 | noblacklist ${HOME}/.pingus |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.pingus | 16 | mkdir ${HOME}/.pingus |
17 | whitelist ~/.pingus | 17 | whitelist ${HOME}/.pingus |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/pix.profile b/etc/pix.profile index 5440e4634..9eca6f87e 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/pix | 8 | noblacklist ${HOME}/.config/pix |
9 | noblacklist ${HOME}/.local/share/pix | 9 | noblacklist ${HOME}/.local/share/pix |
10 | noblacklist ~/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ~/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 72c52d967..8d2ace96a 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -13,13 +13,13 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/psi+ | 16 | mkdir ${HOME}/.cache/psi+ |
17 | mkdir ~/.config/psi+ | 17 | mkdir ${HOME}/.config/psi+ |
18 | mkdir ~/.local/share/psi+ | 18 | mkdir ${HOME}/.local/share/psi+ |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.cache/psi+ | 20 | whitelist ${HOME}/.cache/psi+ |
21 | whitelist ~/.config/psi+ | 21 | whitelist ${HOME}/.config/psi+ |
22 | whitelist ~/.local/share/psi+ | 22 | whitelist ${HOME}/.local/share/psi+ |
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 32eb7de5b..9c4e6e356 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -5,25 +5,25 @@ include /etc/firejail/qbittorrent.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/qBittorrent | 8 | noblacklist ${HOME}/.cache/qBittorrent |
9 | noblacklist ~/.config/qBittorrent | 9 | noblacklist ${HOME}/.config/qBittorrent |
10 | noblacklist ~/.config/qBittorrentrc | 10 | noblacklist ${HOME}/.config/qBittorrentrc |
11 | noblacklist ~/.config/qt5ct | 11 | noblacklist ${HOME}/.config/qt5ct |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | mkdir ~/.cache/qBittorrent | 18 | mkdir ${HOME}/.cache/qBittorrent |
19 | mkdir ~/.config/qBittorrent | 19 | mkdir ${HOME}/.config/qBittorrent |
20 | mkdir ~/.local/share/data/qBittorrent | 20 | mkdir ${HOME}/.local/share/data/qBittorrent |
21 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | whitelist ~/.cache/qBittorrent | 22 | whitelist ${HOME}/.cache/qBittorrent |
23 | whitelist ~/.config/qBittorrent | 23 | whitelist ${HOME}/.config/qBittorrent |
24 | whitelist ~/.config/qBittorrentrc | 24 | whitelist ${HOME}/.config/qBittorrentrc |
25 | whitelist ~/.config/qt5ct | 25 | whitelist ${HOME}/.config/qt5ct |
26 | whitelist ~/.local/share/data/qBittorrent | 26 | whitelist ${HOME}/.local/share/data/qBittorrent |
27 | include /etc/firejail/whitelist-common.inc | 27 | include /etc/firejail/whitelist-common.inc |
28 | include /etc/firejail/whitelist-var-common.inc | 28 | include /etc/firejail/whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 2738e04bb..20b14c0ca 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/qemu-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.qemu-launcher | 8 | noblacklist ${HOME}/.qemu-launcher |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/qtox.profile b/etc/qtox.profile index 226d516ad..917e2cde8 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/qtox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/qt5ct | 8 | noblacklist ${HOME}/.config/qt5ct |
9 | noblacklist ~/.config/tox | 9 | noblacklist ${HOME}/.config/tox |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index f820b590e..0d02cacae 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -15,10 +15,10 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | mkdir ~/.cache/QuiteRss | 18 | mkdir ${HOME}/.cache/QuiteRss |
19 | mkdir ~/.config/QuiteRss | 19 | mkdir ${HOME}/.config/QuiteRss |
20 | mkdir ~/.local/share/data | 20 | mkdir ${HOME}/.local/share/data |
21 | mkdir ~/.local/share/data/QuiteRss | 21 | mkdir ${HOME}/.local/share/data/QuiteRss |
22 | whitelist ${HOME}/.cache/QuiteRss | 22 | whitelist ${HOME}/.cache/QuiteRss |
23 | whitelist ${HOME}/.config/QuiteRss/ | 23 | whitelist ${HOME}/.config/QuiteRss/ |
24 | whitelist ${HOME}/.config/QuiteRssrc | 24 | whitelist ${HOME}/.config/QuiteRssrc |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 7b7086bde..74c7355b6 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | whitelist ~/.cache/qupzilla | 17 | whitelist ${HOME}/.cache/qupzilla |
18 | whitelist ~/.config/qupzilla | 18 | whitelist ${HOME}/.config/qupzilla |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 31721617f..b6834aaad 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -5,20 +5,20 @@ include /etc/firejail/qutebrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/qutebrowser | 8 | noblacklist ${HOME}/.cache/qutebrowser |
9 | noblacklist ~/.config/qutebrowser | 9 | noblacklist ${HOME}/.config/qutebrowser |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.cache/qutebrowser | 15 | mkdir ${HOME}/.cache/qutebrowser |
16 | mkdir ~/.config/qutebrowser | 16 | mkdir ${HOME}/.config/qutebrowser |
17 | mkdir ~/.local/share/qutebrowser | 17 | mkdir ${HOME}/.local/share/qutebrowser |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/qutebrowser | 19 | whitelist ${HOME}/.cache/qutebrowser |
20 | whitelist ~/.config/qutebrowser | 20 | whitelist ${HOME}/.config/qutebrowser |
21 | whitelist ~/.local/share/qutebrowser | 21 | whitelist ${HOME}/.local/share/qutebrowser |
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/rambox.profile b/etc/rambox.profile index 2696df86b..f17f1d202 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
@@ -5,18 +5,18 @@ include /etc/firejail/rambox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Rambox | 8 | noblacklist ${HOME}/.config/Rambox |
9 | noblacklist ~/.pki | 9 | noblacklist ${HOME}/.pki |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.config/Rambox | 15 | mkdir ${HOME}/.config/Rambox |
16 | mkdir ~/.pki | 16 | mkdir ${HOME}/.pki |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ~/.config/Rambox | 18 | whitelist ${HOME}/.config/Rambox |
19 | whitelist ~/.pki | 19 | whitelist ${HOME}/.pki |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/ranger.profile b/etc/ranger.profile index 0dac16424..211a1b2d5 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -11,7 +11,7 @@ blacklist /run/user/*/bus | |||
11 | noblacklist /usr/bin/perl | 11 | noblacklist /usr/bin/perl |
12 | noblacklist /usr/lib/perl* | 12 | noblacklist /usr/lib/perl* |
13 | noblacklist /usr/share/perl* | 13 | noblacklist /usr/share/perl* |
14 | noblacklist ~/.config/ranger | 14 | noblacklist ${HOME}/.config/ranger |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 3de5de34a..114bb30f4 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
@@ -6,8 +6,8 @@ include /etc/firejail/ristretto.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ristretto | 8 | noblacklist ${HOME}/.config/ristretto |
9 | noblacklist ~/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | noblacklist ~/.steam | 10 | noblacklist ${HOME}/.steam |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/scribus.profile b/etc/scribus.profile index e49d484ed..001b91387 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -8,20 +8,20 @@ include /etc/firejail/globals.local | |||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | # Support for PDF readers comes with Scribus 1.5 and higher | 10 | # Support for PDF readers comes with Scribus 1.5 and higher |
11 | noblacklist ~/.config/okularpartrc | 11 | noblacklist ${HOME}/.config/okularpartrc |
12 | noblacklist ~/.config/okularrc | 12 | noblacklist ${HOME}/.config/okularrc |
13 | noblacklist ~/.config/scribus | 13 | noblacklist ${HOME}/.config/scribus |
14 | noblacklist ~/.config/scribusrc | 14 | noblacklist ${HOME}/.config/scribusrc |
15 | noblacklist ~/.gimp* | 15 | noblacklist ${HOME}/.gimp* |
16 | noblacklist ~/.kde/share/apps/okular | 16 | noblacklist ${HOME}/.kde/share/apps/okular |
17 | noblacklist ~/.kde/share/config/okularpartrc | 17 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
18 | noblacklist ~/.kde/share/config/okularrc | 18 | noblacklist ${HOME}/.kde/share/config/okularrc |
19 | noblacklist ~/.kde4/share/apps/okular | 19 | noblacklist ${HOME}/.kde4/share/apps/okular |
20 | noblacklist ~/.kde4/share/config/okularpartrc | 20 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
21 | noblacklist ~/.kde4/share/config/okularrc | 21 | noblacklist ${HOME}/.kde4/share/config/okularrc |
22 | noblacklist ~/.local/share/okular | 22 | noblacklist ${HOME}/.local/share/okular |
23 | noblacklist ~/.local/share/scribus | 23 | noblacklist ${HOME}/.local/share/scribus |
24 | noblacklist ~/.scribus | 24 | noblacklist ${HOME}/.scribus |
25 | 25 | ||
26 | include /etc/firejail/disable-common.inc | 26 | include /etc/firejail/disable-common.inc |
27 | include /etc/firejail/disable-devel.inc | 27 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 36dde66b0..cfd03300a 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -5,34 +5,34 @@ include /etc/firejail/seamonkey.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ~/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | noblacklist ~/.pki | 10 | noblacklist ${HOME}/.pki |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/mozilla | 16 | mkdir ${HOME}/.cache/mozilla |
17 | mkdir ~/.mozilla | 17 | mkdir ${HOME}/.mozilla |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/gnome-mplayer/plugin | 19 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
20 | whitelist ~/.cache/mozilla | 20 | whitelist ${HOME}/.cache/mozilla |
21 | whitelist ~/.config/gnome-mplayer | 21 | whitelist ${HOME}/.config/gnome-mplayer |
22 | whitelist ~/.config/pipelight-silverlight5.1 | 22 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
23 | whitelist ~/.config/pipelight-widevine | 23 | whitelist ${HOME}/.config/pipelight-widevine |
24 | whitelist ~/.keysnail.js | 24 | whitelist ${HOME}/.keysnail.js |
25 | whitelist ~/.lastpass | 25 | whitelist ${HOME}/.lastpass |
26 | whitelist ~/.mozilla | 26 | whitelist ${HOME}/.mozilla |
27 | whitelist ~/.pentadactyl | 27 | whitelist ${HOME}/.pentadactyl |
28 | whitelist ~/.pentadactylrc | 28 | whitelist ${HOME}/.pentadactylrc |
29 | whitelist ~/.pki | 29 | whitelist ${HOME}/.pki |
30 | whitelist ~/.vimperator | 30 | whitelist ${HOME}/.vimperator |
31 | whitelist ~/.vimperatorrc | 31 | whitelist ${HOME}/.vimperatorrc |
32 | whitelist ~/.wine-pipelight | 32 | whitelist ${HOME}/.wine-pipelight |
33 | whitelist ~/.wine-pipelight64 | 33 | whitelist ${HOME}/.wine-pipelight64 |
34 | whitelist ~/.zotero | 34 | whitelist ${HOME}/.zotero |
35 | whitelist ~/dwhelper | 35 | whitelist ${HOME}/dwhelper |
36 | include /etc/firejail/whitelist-common.inc | 36 | include /etc/firejail/whitelist-common.inc |
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index 88e3eef20..b9f7a6c33 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile | |||
@@ -5,16 +5,16 @@ include /etc/firejail/signal-desktop.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/Signal | 8 | noblacklist ${HOME}/.config/Signal |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | 14 | ||
15 | mkdir ~/.config/Signal | 15 | mkdir ${HOME}/.config/Signal |
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | whitelist ~/.config/Signal | 17 | whitelist ${HOME}/.config/Signal |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index edd4db861..b7dc3c57c 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/simple-scan.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/simple-scan | 8 | noblacklist ${HOME}/.cache/simple-scan |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 1cbd9756c..89d1f2925 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.simutrans | 10 | noblacklist ${HOME}/.simutrans |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.simutrans | 16 | mkdir ${HOME}/.simutrans |
17 | whitelist ~/.simutrans | 17 | whitelist ${HOME}/.simutrans |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/snap.profile b/etc/snap.profile index 38aef7c23..345525c9a 100644 --- a/etc/snap.profile +++ b/etc/snap.profile | |||
@@ -12,5 +12,5 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
15 | whitelist ~/snap | 15 | whitelist ${HOME}/snap |
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index fa5728d9b..b71c20231 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -10,7 +10,7 @@ blacklist /tmp/.X11-unix | |||
10 | 10 | ||
11 | noblacklist /etc/ssh | 11 | noblacklist /etc/ssh |
12 | noblacklist /tmp/ssh-* | 12 | noblacklist /tmp/ssh-* |
13 | noblacklist ~/.ssh | 13 | noblacklist ${HOME}/.ssh |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 7ac0b8417..df86a276e 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local | |||
8 | 8 | ||
9 | noblacklist /etc/ssh | 9 | noblacklist /etc/ssh |
10 | noblacklist /tmp/ssh-* | 10 | noblacklist /tmp/ssh-* |
11 | noblacklist ~/.ssh | 11 | noblacklist ${HOME}/.ssh |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 360b9f881..889a21a60 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -5,18 +5,18 @@ include /etc/firejail/stellarium.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/stellarium | 8 | noblacklist ${HOME}/.config/stellarium |
9 | noblacklist ~/.stellarium | 9 | noblacklist ${HOME}/.stellarium |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.config/stellarium | 16 | mkdir ${HOME}/.config/stellarium |
17 | mkdir ~/.stellarium | 17 | mkdir ${HOME}/.stellarium |
18 | whitelist ~/.config/stellarium | 18 | whitelist ${HOME}/.config/stellarium |
19 | whitelist ~/.stellarium | 19 | whitelist ${HOME}/.stellarium |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 120f0a043..2b5bb07c3 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.local/share/supertux2 | 10 | noblacklist ${HOME}/.local/share/supertux2 |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.local/share/supertux2 | 16 | mkdir ${HOME}/.local/share/supertux2 |
17 | whitelist ~/.local/share/supertux2 | 17 | whitelist ${HOME}/.local/share/supertux2 |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
diff --git a/etc/surf.profile b/etc/surf.profile index a12212f16..6f7bd16f6 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
@@ -5,13 +5,13 @@ include /etc/firejail/surf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.surf | 8 | noblacklist ${HOME}/.surf |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | mkdir ~/.surf | 14 | mkdir ${HOME}/.surf |
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
17 | 17 | ||
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 52965cf90..8af981d70 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -8,19 +8,19 @@ include /etc/firejail/globals.local | |||
8 | # Users have thunderbird set to open a browser by clicking a link in an email | 8 | # Users have thunderbird set to open a browser by clicking a link in an email |
9 | # We are not allowed to blacklist browser-specific directories | 9 | # We are not allowed to blacklist browser-specific directories |
10 | 10 | ||
11 | noblacklist ~/.cache/thunderbird | 11 | noblacklist ${HOME}/.cache/thunderbird |
12 | noblacklist ~/.gnupg | 12 | noblacklist ${HOME}/.gnupg |
13 | noblacklist ~/.icedove | 13 | noblacklist ${HOME}/.icedove |
14 | noblacklist ~/.thunderbird | 14 | noblacklist ${HOME}/.thunderbird |
15 | 15 | ||
16 | mkdir ~/.cache/thunderbird | 16 | mkdir ${HOME}/.cache/thunderbird |
17 | mkdir ~/.gnupg | 17 | mkdir ${HOME}/.gnupg |
18 | mkdir ~/.icedove | 18 | mkdir ${HOME}/.icedove |
19 | mkdir ~/.thunderbird | 19 | mkdir ${HOME}/.thunderbird |
20 | whitelist ~/.cache/thunderbird | 20 | whitelist ${HOME}/.cache/thunderbird |
21 | whitelist ~/.gnupg | 21 | whitelist ${HOME}/.gnupg |
22 | whitelist ~/.icedove | 22 | whitelist ${HOME}/.icedove |
23 | whitelist ~/.thunderbird | 23 | whitelist ${HOME}/.thunderbird |
24 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include /etc/firejail/whitelist-var-common.inc |
26 | 26 | ||
@@ -28,7 +28,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
28 | ignore private-tmp | 28 | ignore private-tmp |
29 | machine-id | 29 | machine-id |
30 | disable-mnt | 30 | disable-mnt |
31 | read-only ~/.config/mimeapps.list | 31 | read-only ${HOME}/.config/mimeapps.list |
32 | 32 | ||
33 | # allow browsers | 33 | # allow browsers |
34 | # Redirect | 34 | # Redirect |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 85af86068..c2e182cea 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -5,18 +5,18 @@ include /etc/firejail/torbrowser-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.tor-browser-en | 8 | noblacklist ${HOME}/.tor-browser-en |
9 | noblacklist ~/.config/torbrowser | 9 | noblacklist ${HOME}/.config/torbrowser |
10 | noblacklist ~/.local/share/torbrowser | 10 | noblacklist ${HOME}/.local/share/torbrowser |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | whitelist ~/.tor-browser-en | 17 | whitelist ${HOME}/.tor-browser-en |
18 | whitelist ~/.config/torbrowser | 18 | whitelist ${HOME}/.config/torbrowser |
19 | whitelist ~/.local/share/torbrowser | 19 | whitelist ${HOME}/.local/share/torbrowser |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/totem.profile b/etc/totem.profile index ccf292da0..be0617024 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/totem.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/totem | 8 | noblacklist ${HOME}/.config/totem |
9 | noblacklist ~/.local/share/totem | 9 | noblacklist ${HOME}/.local/share/totem |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0dad515d0..dac1c07b1 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/transmission | 16 | mkdir ${HOME}/.cache/transmission |
17 | mkdir ~/.config/transmission | 17 | mkdir ${HOME}/.config/transmission |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/transmission | 19 | whitelist ${HOME}/.cache/transmission |
20 | whitelist ~/.config/transmission | 20 | whitelist ${HOME}/.config/transmission |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 1da9afb5a..2d3ad0c7a 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | mkdir ~/.cache/transmission | 16 | mkdir ${HOME}/.cache/transmission |
17 | mkdir ~/.config/transmission | 17 | mkdir ${HOME}/.config/transmission |
18 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
19 | whitelist ~/.cache/transmission | 19 | whitelist ${HOME}/.cache/transmission |
20 | whitelist ~/.config/transmission | 20 | whitelist ${HOME}/.config/transmission |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | include /etc/firejail/whitelist-var-common.inc | 22 | include /etc/firejail/whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index 30e2a619d..1a426cbf6 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/tuxguitar.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.java | 8 | noblacklist ${HOME}/.java |
9 | noblacklist ~/.tuxguitar* | 9 | noblacklist ${HOME}/.tuxguitar* |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 56ff4f886..8fbc3b7e6 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -11,9 +11,9 @@ include /etc/firejail/disable-common.inc | |||
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | mkdir ~/.config/uGet | 14 | mkdir ${HOME}/.config/uGet |
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | whitelist ~/.config/uGet | 16 | whitelist ${HOME}/.config/uGet |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 5f70843d6..34c148ee9 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -5,14 +5,14 @@ include /etc/firejail/unknown-horizons.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.unknown-horizons | 8 | noblacklist ${HOME}/.unknown-horizons |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | mkdir ~/.unknown-horizons | 14 | mkdir ${HOME}/.unknown-horizons |
15 | whitelist ~/.unknown-horizons | 15 | whitelist ${HOME}/.unknown-horizons |
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index e7c931f30..1070a6c2c 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
@@ -5,22 +5,22 @@ include /etc/firejail/uzbl-browser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/uzbl | 8 | noblacklist ${HOME}/.config/uzbl |
9 | noblacklist ~/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.config/uzbl | 15 | mkdir ${HOME}/.config/uzbl |
16 | mkdir ~/.gnupg | 16 | mkdir ${HOME}/.gnupg |
17 | mkdir ~/.local/share/uzbl | 17 | mkdir ${HOME}/.local/share/uzbl |
18 | mkdir ~/.password-store | 18 | mkdir ${HOME}/.password-store |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist ~/.config/uzbl | 20 | whitelist ${HOME}/.config/uzbl |
21 | whitelist ~/.gnupg | 21 | whitelist ${HOME}/.gnupg |
22 | whitelist ~/.local/share/uzbl | 22 | whitelist ${HOME}/.local/share/uzbl |
23 | whitelist ~/.password-store | 23 | whitelist ${HOME}/.password-store |
24 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 92d59e732..25e5956ba 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/viewnior.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | blacklist ~/.Xauthority | 9 | blacklist ${HOME}/.Xauthority |
10 | blacklist ~/.bashrc | 10 | blacklist ${HOME}/.bashrc |
11 | 11 | ||
12 | noblacklist ~/.Steam | 12 | noblacklist ${HOME}/.Steam |
13 | noblacklist ~/.config/viewnior | 13 | noblacklist ${HOME}/.config/viewnior |
14 | noblacklist ~/.steam | 14 | noblacklist ${HOME}/.steam |
15 | 15 | ||
16 | include /etc/firejail/disable-common.inc | 16 | include /etc/firejail/disable-common.inc |
17 | include /etc/firejail/disable-devel.inc | 17 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/vim.profile b/etc/vim.profile index e1d5da9e3..7fe16e628 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/vim.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.vim | 8 | noblacklist ${HOME}/.vim |
9 | noblacklist ~/.viminfo | 9 | noblacklist ${HOME}/.viminfo |
10 | noblacklist ~/.vimrc | 10 | noblacklist ${HOME}/.vimrc |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index b01e6d144..61177698a 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile | |||
@@ -16,10 +16,10 @@ include /etc/firejail/disable-common.inc | |||
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | 18 | ||
19 | mkdir ~/.config/VirtualBox | 19 | mkdir ${HOME}/.config/VirtualBox |
20 | mkdir ~/VirtualBox VMs | 20 | mkdir ${HOME}/VirtualBox VMs |
21 | whitelist ~/.config/VirtualBox | 21 | whitelist ${HOME}/.config/VirtualBox |
22 | whitelist ~/VirtualBox VMs | 22 | whitelist ${HOME}/VirtualBox VMs |
23 | whitelist ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
25 | include /etc/firejail/whitelist-var-common.inc | 25 | include /etc/firejail/whitelist-var-common.inc |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 3cbc5b45c..039c8ed58 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -5,18 +5,18 @@ include /etc/firejail/vivaldi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/vivaldi | 8 | noblacklist ${HOME}/.cache/vivaldi |
9 | noblacklist ~/.config/vivaldi | 9 | noblacklist ${HOME}/.config/vivaldi |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | mkdir ~/.cache/vivaldi | 15 | mkdir ${HOME}/.cache/vivaldi |
16 | mkdir ~/.config/vivaldi | 16 | mkdir ${HOME}/.config/vivaldi |
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | whitelist ~/.cache/vivaldi | 18 | whitelist ${HOME}/.cache/vivaldi |
19 | whitelist ~/.config/vivaldi | 19 | whitelist ${HOME}/.config/vivaldi |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/vym.profile b/etc/vym.profile index b38d87fde..b73916b0f 100644 --- a/etc/vym.profile +++ b/etc/vym.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/vym.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/InSilmaril | 8 | noblacklist ${HOME}/.config/InSilmaril |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/w3m.profile b/etc/w3m.profile index eddedd37a..2d56aa660 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
9 | 9 | ||
10 | noblacklist ~/.w3m | 10 | noblacklist ${HOME}/.w3m |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 43eacdafc..d8d68da64 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -5,17 +5,17 @@ include /etc/firejail/warzone2100.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.warzone2100-3.* | 8 | noblacklist ${HOME}/.warzone2100-3.* |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | # mkdir ~/.warzone2100-3.1 | 15 | # mkdir ${HOME}/.warzone2100-3.1 |
16 | # mkdir ~/.warzone2100-3.2 | 16 | # mkdir ${HOME}/.warzone2100-3.2 |
17 | whitelist ~/.warzone2100-3.1 | 17 | whitelist ${HOME}/.warzone2100-3.1 |
18 | whitelist ~/.warzone2100-3.2 | 18 | whitelist ${HOME}/.warzone2100-3.2 |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 53543e97e..b2abb3a5f 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile | |||
@@ -5,65 +5,65 @@ include /etc/firejail/waterfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | noblacklist ~/.cache/waterfox | 9 | noblacklist ${HOME}/.cache/waterfox |
10 | noblacklist ~/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
11 | noblacklist ~/.config/okularrc | 11 | noblacklist ${HOME}/.config/okularrc |
12 | noblacklist ~/.config/qpdfview | 12 | noblacklist ${HOME}/.config/qpdfview |
13 | noblacklist ~/.kde/share/apps/okular | 13 | noblacklist ${HOME}/.kde/share/apps/okular |
14 | noblacklist ~/.kde/share/config/okularpartrc | 14 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
15 | noblacklist ~/.kde/share/config/okularrc | 15 | noblacklist ${HOME}/.kde/share/config/okularrc |
16 | noblacklist ~/.kde4/share/apps/okular | 16 | noblacklist ${HOME}/.kde4/share/apps/okular |
17 | noblacklist ~/.kde4/share/config/okularpartrc | 17 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
18 | noblacklist ~/.kde4/share/config/okularrc | 18 | noblacklist ${HOME}/.kde4/share/config/okularrc |
19 | # noblacklist ~/.local/share/gnome-shell/extensions | 19 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions |
20 | noblacklist ~/.local/share/okular | 20 | noblacklist ${HOME}/.local/share/okular |
21 | noblacklist ~/.local/share/qpdfview | 21 | noblacklist ${HOME}/.local/share/qpdfview |
22 | noblacklist ~/.mozilla | 22 | noblacklist ${HOME}/.mozilla |
23 | noblacklist ~/.waterfox | 23 | noblacklist ${HOME}/.waterfox |
24 | noblacklist ~/.pki | 24 | noblacklist ${HOME}/.pki |
25 | 25 | ||
26 | include /etc/firejail/disable-common.inc | 26 | include /etc/firejail/disable-common.inc |
27 | include /etc/firejail/disable-devel.inc | 27 | include /etc/firejail/disable-devel.inc |
28 | include /etc/firejail/disable-programs.inc | 28 | include /etc/firejail/disable-programs.inc |
29 | 29 | ||
30 | mkdir ~/.cache/mozilla/firefox | 30 | mkdir ${HOME}/.cache/mozilla/firefox |
31 | mkdir ~/.mozilla | 31 | mkdir ${HOME}/.mozilla |
32 | mkdir ~/.cache/waterfox | 32 | mkdir ${HOME}/.cache/waterfox |
33 | mkdir ~/.waterfox | 33 | mkdir ${HOME}/.waterfox |
34 | mkdir ~/.pki | 34 | mkdir ${HOME}/.pki |
35 | whitelist ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | whitelist ~/.cache/gnome-mplayer/plugin | 36 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
37 | whitelist ~/.cache/mozilla/firefox | 37 | whitelist ${HOME}/.cache/mozilla/firefox |
38 | whitelist ~/.cache/waterfox | 38 | whitelist ${HOME}/.cache/waterfox |
39 | whitelist ~/.config/gnome-mplayer | 39 | whitelist ${HOME}/.config/gnome-mplayer |
40 | whitelist ~/.config/okularpartrc | 40 | whitelist ${HOME}/.config/okularpartrc |
41 | whitelist ~/.config/okularrc | 41 | whitelist ${HOME}/.config/okularrc |
42 | whitelist ~/.config/pipelight-silverlight5.1 | 42 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
43 | whitelist ~/.config/pipelight-widevine | 43 | whitelist ${HOME}/.config/pipelight-widevine |
44 | whitelist ~/.config/qpdfview | 44 | whitelist ${HOME}/.config/qpdfview |
45 | whitelist ~/.kde/share/apps/okular | 45 | whitelist ${HOME}/.kde/share/apps/okular |
46 | whitelist ~/.kde/share/config/okularpartrc | 46 | whitelist ${HOME}/.kde/share/config/okularpartrc |
47 | whitelist ~/.kde/share/config/okularrc | 47 | whitelist ${HOME}/.kde/share/config/okularrc |
48 | whitelist ~/.kde4/share/apps/okular | 48 | whitelist ${HOME}/.kde4/share/apps/okular |
49 | whitelist ~/.kde4/share/config/okularpartrc | 49 | whitelist ${HOME}/.kde4/share/config/okularpartrc |
50 | whitelist ~/.kde4/share/config/okularrc | 50 | whitelist ${HOME}/.kde4/share/config/okularrc |
51 | whitelist ~/.keysnail.js | 51 | whitelist ${HOME}/.keysnail.js |
52 | whitelist ~/.lastpass | 52 | whitelist ${HOME}/.lastpass |
53 | whitelist ~/.local/share/gnome-shell/extensions | 53 | whitelist ${HOME}/.local/share/gnome-shell/extensions |
54 | whitelist ~/.local/share/okular | 54 | whitelist ${HOME}/.local/share/okular |
55 | whitelist ~/.local/share/qpdfview | 55 | whitelist ${HOME}/.local/share/qpdfview |
56 | whitelist ~/.mozilla | 56 | whitelist ${HOME}/.mozilla |
57 | whitelist ~/.waterfox | 57 | whitelist ${HOME}/.waterfox |
58 | whitelist ~/.pentadactyl | 58 | whitelist ${HOME}/.pentadactyl |
59 | whitelist ~/.pentadactylrc | 59 | whitelist ${HOME}/.pentadactylrc |
60 | whitelist ~/.pki | 60 | whitelist ${HOME}/.pki |
61 | whitelist ~/.vimperator | 61 | whitelist ${HOME}/.vimperator |
62 | whitelist ~/.vimperatorrc | 62 | whitelist ${HOME}/.vimperatorrc |
63 | whitelist ~/.wine-pipelight | 63 | whitelist ${HOME}/.wine-pipelight |
64 | whitelist ~/.wine-pipelight64 | 64 | whitelist ${HOME}/.wine-pipelight64 |
65 | whitelist ~/.zotero | 65 | whitelist ${HOME}/.zotero |
66 | whitelist ~/dwhelper | 66 | whitelist ${HOME}/dwhelper |
67 | include /etc/firejail/whitelist-common.inc | 67 | include /etc/firejail/whitelist-common.inc |
68 | include /etc/firejail/whitelist-var-common.inc | 68 | include /etc/firejail/whitelist-var-common.inc |
69 | 69 | ||
diff --git a/etc/wget.profile b/etc/wget.profile index 510ef18f3..a16d770f2 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local | |||
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ~/.wgetrc | 11 | noblacklist ${HOME}/.wgetrc |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 0a8bc4685..638f1d7fc 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -3,61 +3,61 @@ include /etc/firejail/whitelist-common.local | |||
3 | 3 | ||
4 | # common whitelist for all profiles | 4 | # common whitelist for all profiles |
5 | 5 | ||
6 | whitelist ~/.XCompose | 6 | whitelist ${HOME}/.XCompose |
7 | whitelist ~/.config/mimeapps.list | 7 | whitelist ${HOME}/.config/mimeapps.list |
8 | whitelist ~/.icons | 8 | whitelist ${HOME}/.icons |
9 | whitelist ~/.local/share/icons | 9 | whitelist ${HOME}/.local/share/icons |
10 | whitelist ~/.config/user-dirs.dirs | 10 | whitelist ${HOME}/.config/user-dirs.dirs |
11 | read-only ~/.config/user-dirs.dirs | 11 | read-only ${HOME}/.config/user-dirs.dirs |
12 | whitelist ~/.asoundrc | 12 | whitelist ${HOME}/.asoundrc |
13 | whitelist ~/.config/Trolltech.conf | 13 | whitelist ${HOME}/.config/Trolltech.conf |
14 | whitelist ~/.local/share/mime | 14 | whitelist ${HOME}/.local/share/mime |
15 | whitelist ~/.drirc | 15 | whitelist ${HOME}/.drirc |
16 | whitelist ~/.mime.types | 16 | whitelist ${HOME}/.mime.types |
17 | whitelist ~/.local/share/applications | 17 | whitelist ${HOME}/.local/share/applications |
18 | read-only ~/.local/share/applications | 18 | read-only ${HOME}/.local/share/applications |
19 | whitelist ~/.config/ibus | 19 | whitelist ${HOME}/.config/ibus |
20 | 20 | ||
21 | # fonts | 21 | # fonts |
22 | whitelist ~/.fonts | 22 | whitelist ${HOME}/.fonts |
23 | whitelist ~/.fonts.d | 23 | whitelist ${HOME}/.fonts.d |
24 | whitelist ~/.fontconfig | 24 | whitelist ${HOME}/.fontconfig |
25 | whitelist ~/.fonts.conf | 25 | whitelist ${HOME}/.fonts.conf |
26 | whitelist ~/.fonts.conf.d | 26 | whitelist ${HOME}/.fonts.conf.d |
27 | whitelist ~/.local/share/fonts | 27 | whitelist ${HOME}/.local/share/fonts |
28 | whitelist ~/.config/fontconfig | 28 | whitelist ${HOME}/.config/fontconfig |
29 | whitelist ~/.cache/fontconfig | 29 | whitelist ${HOME}/.cache/fontconfig |
30 | whitelist ~/.pangorc | 30 | whitelist ${HOME}/.pangorc |
31 | 31 | ||
32 | # gtk | 32 | # gtk |
33 | whitelist ~/.gtkrc | 33 | whitelist ${HOME}/.gtkrc |
34 | whitelist ~/.gtkrc-2.0 | 34 | whitelist ${HOME}/.gtkrc-2.0 |
35 | whitelist ~/.gtk-2.0 | 35 | whitelist ${HOME}/.gtk-2.0 |
36 | whitelist ~/.config/gtk-2.0 | 36 | whitelist ${HOME}/.config/gtk-2.0 |
37 | whitelist ~/.config/gtk-3.0 | 37 | whitelist ${HOME}/.config/gtk-3.0 |
38 | whitelist ~/.config/gtkrc | 38 | whitelist ${HOME}/.config/gtkrc |
39 | whitelist ~/.config/gtkrc-2.0 | 39 | whitelist ${HOME}/.config/gtkrc-2.0 |
40 | whitelist ~/.themes | 40 | whitelist ${HOME}/.themes |
41 | whitelist ~/.local/share/themes | 41 | whitelist ${HOME}/.local/share/themes |
42 | whitelist ~/.kde/share/config/gtkrc | 42 | whitelist ${HOME}/.kde/share/config/gtkrc |
43 | whitelist ~/.kde/share/config/gtkrc-2.0 | 43 | whitelist ${HOME}/.kde/share/config/gtkrc-2.0 |
44 | whitelist ~/.kde4/share/config/gtkrc | 44 | whitelist ${HOME}/.kde4/share/config/gtkrc |
45 | whitelist ~/.kde4/share/config/gtkrc-2.0 | 45 | whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 |
46 | whitelist ~/.gnome2 | 46 | whitelist ${HOME}/.gnome2 |
47 | whitelist ~/.gnome2-private | 47 | whitelist ${HOME}/.gnome2-private |
48 | 48 | ||
49 | # dconf | 49 | # dconf |
50 | mkdir ~/.config/dconf | 50 | mkdir ${HOME}/.config/dconf |
51 | whitelist ~/.config/dconf | 51 | whitelist ${HOME}/.config/dconf |
52 | 52 | ||
53 | # qt/kde | 53 | # qt/kde |
54 | whitelist ~/.config/kdeglobals | 54 | whitelist ${HOME}/.config/kdeglobals |
55 | whitelist ~/.config/kioslaverc | 55 | whitelist ${HOME}/.config/kioslaverc |
56 | whitelist ~/.kde/share/config/oxygenrc | 56 | whitelist ${HOME}/.kde/share/config/oxygenrc |
57 | whitelist ~/.kde/share/config/kdeglobals | 57 | whitelist ${HOME}/.kde/share/config/kdeglobals |
58 | whitelist ~/.kde/share/config/kioslaverc | 58 | whitelist ${HOME}/.kde/share/config/kioslaverc |
59 | whitelist ~/.kde/share/icons | 59 | whitelist ${HOME}/.kde/share/icons |
60 | whitelist ~/.kde4/share/config/oxygenrc | 60 | whitelist ${HOME}/.kde4/share/config/oxygenrc |
61 | whitelist ~/.kde4/share/config/kdeglobals | 61 | whitelist ${HOME}/.kde4/share/config/kdeglobals |
62 | whitelist ~/.kde4/share/config/kioslaverc | 62 | whitelist ${HOME}/.kde4/share/config/kioslaverc |
63 | whitelist ~/.kde4/share/icons | 63 | whitelist ${HOME}/.kde4/share/icons |
diff --git a/etc/wire.profile b/etc/wire.profile index af14f686f..fc25cbc1e 100644 --- a/etc/wire.profile +++ b/etc/wire.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/globals.local | |||
8 | # Note: the current beta version of wire is located in /opt/Wire/wire and therefore not in PATH. | 8 | # Note: the current beta version of wire is located in /opt/Wire/wire and therefore not in PATH. |
9 | # To use wire with firejail run "firejail /opt/Wire/wire" | 9 | # To use wire with firejail run "firejail /opt/Wire/wire" |
10 | 10 | ||
11 | noblacklist ~/.config/Wire | 11 | noblacklist ${HOME}/.config/Wire |
12 | noblacklist ~/.config/wire | 12 | noblacklist ${HOME}/.config/wire |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index ec1aca75f..fc90f67e2 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/xfburn.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/xfburn | 8 | noblacklist ${HOME}/.config/xfburn |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 5a07d4b74..91b782473 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -5,11 +5,11 @@ include /etc/firejail/xiphos.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist ~/.Xauthority | 8 | blacklist ${HOME}/.Xauthority |
9 | blacklist ~/.bashrc | 9 | blacklist ${HOME}/.bashrc |
10 | 10 | ||
11 | noblacklist ~/.sword | 11 | noblacklist ${HOME}/.sword |
12 | noblacklist ~/.xiphos | 12 | noblacklist ${HOME}/.xiphos |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index d4a2fa846..8ea361d79 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/xplayer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/xplayer | 8 | noblacklist ${HOME}/.config/xplayer |
9 | noblacklist ~/.local/share/xplayer | 9 | noblacklist ${HOME}/.local/share/xplayer |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 76fae9fed..00bd1ee2f 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/xreader.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/xreader | 8 | noblacklist ${HOME}/.cache/xreader |
9 | noblacklist ~/.config/xreader | 9 | noblacklist ${HOME}/.config/xreader |
10 | # noblacklist ~/.local/share | 10 | # noblacklist ${HOME}/.local/share |
11 | 11 | ||
12 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 5c624c384..7c4ede111 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | 8 | # blacklist /run/user/*/bus - makes settings immutable |
9 | 9 | ||
10 | noblacklist ~/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | noblacklist ~/.config/xviewer | 11 | noblacklist ${HOME}/.config/xviewer |
12 | noblacklist ~/.local/share/Trash | 12 | noblacklist ${HOME}/.local/share/Trash |
13 | noblacklist ~/.steam | 13 | noblacklist ${HOME}/.steam |
14 | 14 | ||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile index bfb7b9d87..605ce3413 100644 --- a/etc/yandex-browser.profile +++ b/etc/yandex-browser.profile | |||
@@ -5,27 +5,27 @@ include /etc/firejail/yandex-browser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.cache/yandex-browser | 8 | noblacklist ${HOME}/.cache/yandex-browser |
9 | noblacklist ~/.cache/yandex-browser-beta | 9 | noblacklist ${HOME}/.cache/yandex-browser-beta |
10 | noblacklist ~/.config/yandex-browser | 10 | noblacklist ${HOME}/.config/yandex-browser |
11 | noblacklist ~/.config/yandex-browser-beta | 11 | noblacklist ${HOME}/.config/yandex-browser-beta |
12 | noblacklist ~/.pki | 12 | noblacklist ${HOME}/.pki |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 15 | include /etc/firejail/disable-devel.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | mkdir ~/.cache/yandex-browser | 18 | mkdir ${HOME}/.cache/yandex-browser |
19 | mkdir ~/.cache/yandex-browser-beta | 19 | mkdir ${HOME}/.cache/yandex-browser-beta |
20 | mkdir ~/.config/yandex-browser | 20 | mkdir ${HOME}/.config/yandex-browser |
21 | mkdir ~/.config/yandex-browser-beta | 21 | mkdir ${HOME}/.config/yandex-browser-beta |
22 | mkdir ~/.pki | 22 | mkdir ${HOME}/.pki |
23 | whitelist ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | whitelist ~/.cache/yandex-browser | 24 | whitelist ${HOME}/.cache/yandex-browser |
25 | whitelist ~/.cache/yandex-browser-beta | 25 | whitelist ${HOME}/.cache/yandex-browser-beta |
26 | whitelist ~/.config/yandex-browser | 26 | whitelist ${HOME}/.config/yandex-browser |
27 | whitelist ~/.config/yandex-browser-beta | 27 | whitelist ${HOME}/.config/yandex-browser-beta |
28 | whitelist ~/.pki | 28 | whitelist ${HOME}/.pki |
29 | include /etc/firejail/whitelist-common.inc | 29 | include /etc/firejail/whitelist-common.inc |
30 | 30 | ||
31 | caps.keep sys_chroot,sys_admin | 31 | caps.keep sys_chroot,sys_admin |
diff --git a/etc/zathura.profile b/etc/zathura.profile index ad64371e8..636d89bef 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist ~/.config/zathura | 10 | noblacklist ${HOME}/.config/zathura |
11 | noblacklist ~/.local/share/zathura | 11 | noblacklist ${HOME}/.local/share/zathura |
12 | 12 | ||
13 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
14 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
@@ -31,5 +31,5 @@ private-bin zathura | |||
31 | private-dev | 31 | private-dev |
32 | private-etc fonts | 32 | private-etc fonts |
33 | private-tmp | 33 | private-tmp |
34 | read-only ~/ | 34 | read-only ${HOME}/ |
35 | read-write ~/.local/share/zathura/ | 35 | read-write ${HOME}/.local/share/zathura/ |
diff --git a/etc/zoom.profile b/etc/zoom.profile index 381df9ab5..061efb44d 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile | |||
@@ -5,15 +5,15 @@ include /etc/firejail/zoom.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ~/.config/zoomus.conf | 8 | noblacklist ${HOME}/.config/zoomus.conf |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | mkdir ~/.zoom | 14 | mkdir ${HOME}/.zoom |
15 | whitelist ~/.cache/zoom | 15 | whitelist ${HOME}/.cache/zoom |
16 | whitelist ~/.zoom | 16 | whitelist ${HOME}/.zoom |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |