diff options
Diffstat (limited to 'etc')
45 files changed, 153 insertions, 0 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index d4f06f732..a6a763ae0 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -3,6 +3,7 @@ | |||
3 | include /etc/firejail/0ad.local | 3 | include /etc/firejail/0ad.local |
4 | 4 | ||
5 | # Firejail profile for 0ad. | 5 | # Firejail profile for 0ad. |
6 | noblacklist ~/.cache/0ad | ||
6 | noblacklist ~/.config/0ad | 7 | noblacklist ~/.config/0ad |
7 | noblacklist ~/.local/share/0ad | 8 | noblacklist ~/.local/share/0ad |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
@@ -17,6 +18,9 @@ whitelist ~/.config/0ad | |||
17 | mkdir ~/.local/share/0ad | 18 | mkdir ~/.local/share/0ad |
18 | whitelist ~/.local/share/0ad | 19 | whitelist ~/.local/share/0ad |
19 | 20 | ||
21 | mkdir ~/.cache/0ad | ||
22 | whitelist ~/.cache/0ad | ||
23 | |||
20 | caps.drop all | 24 | caps.drop all |
21 | netfilter | 25 | netfilter |
22 | nogroups | 26 | nogroups |
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 3b60750d5..b9a30d6bf 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/abrowser.local | |||
4 | 4 | ||
5 | # Firejail profile for Abrowser | 5 | # Firejail profile for Abrowser |
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +22,8 @@ tracelog | |||
21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
22 | mkdir ~/.mozilla | 23 | mkdir ~/.mozilla |
23 | whitelist ~/.mozilla | 24 | whitelist ~/.mozilla |
25 | mkdir ~/.cache/mozilla/abrowser | ||
26 | whitelist ~/.cache/mozilla/abrowser | ||
24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
@@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
34 | 38 | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index ce823e0db..995c0001b 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/chromium.local | |||
4 | 4 | ||
5 | # Chromium browser profile | 5 | # Chromium browser profile |
6 | noblacklist ~/.config/chromium | 6 | noblacklist ~/.config/chromium |
7 | noblacklist ~/.cache/chromium | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -17,6 +18,8 @@ netfilter | |||
17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config/chromium | 19 | mkdir ~/.config/chromium |
19 | whitelist ~/.config/chromium | 20 | whitelist ~/.config/chromium |
21 | mkdir ~/.cache/chromium | ||
22 | whitelist ~/.cache/chromium | ||
20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
22 | 25 | ||
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index d9896e4a7..a79303f77 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/cyberfox.local | |||
4 | 4 | ||
5 | # Firejail profile for Cyberfox (based on Mozilla Firefox) | 5 | # Firejail profile for Cyberfox (based on Mozilla Firefox) |
6 | noblacklist ~/.8pecxstudios | 6 | noblacklist ~/.8pecxstudios |
7 | noblacklist ~/.cache/8pecxstudios | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +22,8 @@ tracelog | |||
21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
22 | mkdir ~/.8pecxstudios | 23 | mkdir ~/.8pecxstudios |
23 | whitelist ~/.8pecxstudios | 24 | whitelist ~/.8pecxstudios |
25 | mkdir ~/.cache/8pecxstudios | ||
26 | whitelist ~/.cache/8pecxstudios | ||
24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
@@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
34 | 38 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 946a170ac..c31b92d1f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -261,3 +261,43 @@ blacklist ${HOME}/.xpdfrc | |||
261 | blacklist ${HOME}/.zoom | 261 | blacklist ${HOME}/.zoom |
262 | blacklist ${HOME}/wallet.dat | 262 | blacklist ${HOME}/wallet.dat |
263 | blacklist /tmp/ssh-* | 263 | blacklist /tmp/ssh-* |
264 | |||
265 | # ~/.cache directory | ||
266 | blacklist ${HOME}/.cache/0ad | ||
267 | blacklist ${HOME}/.cache/8pecxstudios | ||
268 | blacklist ${HOME}/.cache/Franz | ||
269 | blacklist ${HOME}/.cache/INRIA | ||
270 | blacklist ${HOME}/.cache/QuiteRss | ||
271 | blacklist ${HOME}/.cache/champlain | ||
272 | blacklist ${HOME}/.cache/chromium | ||
273 | blacklist ${HOME}/.cache/qupzilla | ||
274 | blacklist ${HOME}/.cache/chromium-dev | ||
275 | blacklist ${HOME}/.cache/darktable | ||
276 | blacklist ${HOME}/.cache/epiphany | ||
277 | blacklist ${HOME}/.cache/evolution | ||
278 | blacklist ${HOME}/.cache/gajim | ||
279 | blacklist ${HOME}/.cache/geeqie | ||
280 | blacklist ${HOME}/.cache/google-chrome | ||
281 | blacklist ${HOME}/.cache/google-chrome-beta | ||
282 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
283 | blacklist ${HOME}/.cache/icedove | ||
284 | blacklist ${HOME}/.cache/inox | ||
285 | blacklist ${HOME}/.cache/libgweather | ||
286 | blacklist ${HOME}/.cache/midori | ||
287 | blacklist ${HOME}/.cache/mozilla | ||
288 | blacklist ${HOME}/.cache/mutt | ||
289 | blacklist ${HOME}/.cache/netsurf | ||
290 | blacklist ${HOME}/.cache/opera | ||
291 | blacklist ${HOME}/.cache/opera-beta | ||
292 | blacklist ${HOME}/.cache/org.gnome.Books | ||
293 | blacklist ${HOME}/.cache/qutebrowser | ||
294 | blacklist ${HOME}/.cache/simple-scan | ||
295 | blacklist ${HOME}/.cache/slimjet | ||
296 | blacklist ${HOME}/.cache/spotify | ||
297 | blacklist ${HOME}/.cache/telepathy | ||
298 | blacklist ${HOME}/.cache/thunderbird | ||
299 | blacklist ${HOME}/.cache/torbrowser | ||
300 | blacklist ${HOME}/.cache/transmission | ||
301 | blacklist ${HOME}/.cache/vivaldi | ||
302 | blacklist ${HOME}/.cache/wesnoth | ||
303 | blacklist ${HOME}/.cache/xreader | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 0b281c448..a80c50f56 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/epiphany.local | |||
5 | # Epiphany browser profile | 5 | # Epiphany browser profile |
6 | noblacklist ${HOME}/.config/epiphany | 6 | noblacklist ${HOME}/.config/epiphany |
7 | noblacklist ${HOME}/.local/share/epiphany | 7 | noblacklist ${HOME}/.local/share/epiphany |
8 | noblacklist ${HOME}/.cache/epiphany | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
@@ -15,6 +16,8 @@ mkdir ${HOME}/.local/share/epiphany | |||
15 | whitelist ${HOME}/.local/share/epiphany | 16 | whitelist ${HOME}/.local/share/epiphany |
16 | mkdir ${HOME}/.config/epiphany | 17 | mkdir ${HOME}/.config/epiphany |
17 | whitelist ${HOME}/.config/epiphany | 18 | whitelist ${HOME}/.config/epiphany |
19 | mkdir ${HOME}/.cache/epiphany | ||
20 | whitelist ${HOME}/.cache/epiphany | ||
18 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
19 | 22 | ||
20 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/evolution.profile b/etc/evolution.profile index 637ac334a..cb6615716 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/evolution.local | |||
5 | # evolution profile | 5 | # evolution profile |
6 | noblacklist ~/.config/evolution | 6 | noblacklist ~/.config/evolution |
7 | noblacklist ~/.local/share/evolution | 7 | noblacklist ~/.local/share/evolution |
8 | noblacklist ~/.cache/evolution | ||
8 | noblacklist ~/.pki | 9 | noblacklist ~/.pki |
9 | noblacklist ~/.pki/nssdb | 10 | noblacklist ~/.pki/nssdb |
10 | noblacklist ~/.gnupg | 11 | noblacklist ~/.gnupg |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 20acde62a..3b55d4700 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/firefox.local | |||
4 | 4 | ||
5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | ||
7 | noblacklist ~/.config/qpdfview | 8 | noblacklist ~/.config/qpdfview |
8 | noblacklist ~/.local/share/qpdfview | 9 | noblacklist ~/.local/share/qpdfview |
9 | noblacklist ~/.kde/share/apps/okular | 10 | noblacklist ~/.kde/share/apps/okular |
@@ -24,6 +25,8 @@ tracelog | |||
24 | whitelist ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
25 | mkdir ~/.mozilla | 26 | mkdir ~/.mozilla |
26 | whitelist ~/.mozilla | 27 | whitelist ~/.mozilla |
28 | mkdir ~/.cache/mozilla/firefox | ||
29 | whitelist ~/.cache/mozilla/firefox | ||
27 | whitelist ~/dwhelper | 30 | whitelist ~/dwhelper |
28 | whitelist ~/.zotero | 31 | whitelist ~/.zotero |
29 | whitelist ~/.vimperatorrc | 32 | whitelist ~/.vimperatorrc |
@@ -32,6 +35,7 @@ whitelist ~/.pentadactylrc | |||
32 | whitelist ~/.pentadactyl | 35 | whitelist ~/.pentadactyl |
33 | whitelist ~/.keysnail.js | 36 | whitelist ~/.keysnail.js |
34 | whitelist ~/.config/gnome-mplayer | 37 | whitelist ~/.config/gnome-mplayer |
38 | whitelist ~/.cache/gnome-mplayer/plugin | ||
35 | mkdir ~/.pki | 39 | mkdir ~/.pki |
36 | whitelist ~/.pki | 40 | whitelist ~/.pki |
37 | whitelist ~/.lastpass | 41 | whitelist ~/.lastpass |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index a35aa7a33..4dc5b5cfc 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/flashpeak-slimjet.local | |||
10 | # firejail flashpeak-slimjet --no-sandbox | 10 | # firejail flashpeak-slimjet --no-sandbox |
11 | # | 11 | # |
12 | noblacklist ~/.config/slimjet | 12 | noblacklist ~/.config/slimjet |
13 | noblacklist ~/.cache/slimjet | ||
13 | noblacklist ~/.pki | 14 | noblacklist ~/.pki |
14 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
@@ -28,6 +29,8 @@ seccomp | |||
28 | whitelist ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
29 | mkdir ~/.config/slimjet | 30 | mkdir ~/.config/slimjet |
30 | whitelist ~/.config/slimjet | 31 | whitelist ~/.config/slimjet |
32 | mkdir ~/.cache/slimjet | ||
33 | whitelist ~/.cache/slimjet | ||
31 | mkdir ~/.pki | 34 | mkdir ~/.pki |
32 | whitelist ~/.pki | 35 | whitelist ~/.pki |
33 | 36 | ||
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index a33514c88..3caaad71c 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
@@ -12,5 +12,8 @@ noblacklist ~/.fossamail | |||
12 | mkdir ~/.fossamail | 12 | mkdir ~/.fossamail |
13 | whitelist ~/.fossamail | 13 | whitelist ~/.fossamail |
14 | 14 | ||
15 | noblacklist ~/.cache/fossamail | ||
16 | mkdir ~/.cache/fossamail | ||
17 | whitelist ~/.cache/fossamail | ||
15 | 18 | ||
16 | include /etc/firejail/firefox.profile | 19 | include /etc/firejail/firefox.profile |
diff --git a/etc/franz.profile b/etc/franz.profile index 1692f4516..05ff72a47 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/franz.local | |||
4 | 4 | ||
5 | # Franz profile | 5 | # Franz profile |
6 | noblacklist ~/.config/Franz | 6 | noblacklist ~/.config/Franz |
7 | noblacklist ~/.cache/Franz | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -20,6 +21,8 @@ seccomp | |||
20 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
21 | mkdir ~/.config/Franz | 22 | mkdir ~/.config/Franz |
22 | whitelist ~/.config/Franz | 23 | whitelist ~/.config/Franz |
24 | mkdir ~/.cache/Franz | ||
25 | whitelist ~/.cache/Franz | ||
23 | mkdir ~/.pki | 26 | mkdir ~/.pki |
24 | whitelist ~/.pki | 27 | whitelist ~/.pki |
25 | 28 | ||
diff --git a/etc/gajim.profile b/etc/gajim.profile index f64d9241a..89bac21d4 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -5,7 +5,9 @@ include /etc/firejail/gajim.local | |||
5 | # Firejail profile for Gajim | 5 | # Firejail profile for Gajim |
6 | noblacklist ${HOME}/.local/share/gajim | 6 | noblacklist ${HOME}/.local/share/gajim |
7 | noblacklist ${HOME}/.config/gajim | 7 | noblacklist ${HOME}/.config/gajim |
8 | noblacklist ${HOME}/.cache/gajim | ||
8 | 9 | ||
10 | mkdir ${HOME}/.cache/gajim | ||
9 | mkdir ${HOME}/.local/share/gajim | 11 | mkdir ${HOME}/.local/share/gajim |
10 | mkdir ${HOME}/.config/gajim | 12 | mkdir ${HOME}/.config/gajim |
11 | mkdir ${HOME}/Downloads | 13 | mkdir ${HOME}/Downloads |
@@ -15,6 +17,7 @@ mkdir ${HOME}/.local/lib/python2.7/site-packages/ | |||
15 | whitelist ${HOME}/.local/lib/python2.7/site-packages/ | 17 | whitelist ${HOME}/.local/lib/python2.7/site-packages/ |
16 | read-only ${HOME}/.local/lib/python2.7/site-packages/ | 18 | read-only ${HOME}/.local/lib/python2.7/site-packages/ |
17 | 19 | ||
20 | whitelist ${HOME}/.cache/gajim | ||
18 | whitelist ${HOME}/.local/share/gajim | 21 | whitelist ${HOME}/.local/share/gajim |
19 | whitelist ${HOME}/.config/gajim | 22 | whitelist ${HOME}/.config/gajim |
20 | whitelist ${HOME}/Downloads | 23 | whitelist ${HOME}/Downloads |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 9f79e15b8..cabddc88a 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/geeqie.local | |||
5 | # Firejail profile for Geeqie | 5 | # Firejail profile for Geeqie |
6 | noblacklist ~/.config/geeqie | 6 | noblacklist ~/.config/geeqie |
7 | noblacklist ~/.local/share/geeqie | 7 | noblacklist ~/.local/share/geeqie |
8 | noblacklist ~/.cache/geeqie | ||
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 03dd7893c..b61341e7d 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -8,6 +8,8 @@ include /etc/firejail/gjs.local | |||
8 | 8 | ||
9 | noblacklist ~/.config/libreoffice | 9 | noblacklist ~/.config/libreoffice |
10 | noblacklist ~/.local/share/gnome-photos | 10 | noblacklist ~/.local/share/gnome-photos |
11 | noblacklist ~/.cache/org.gnome.Books | ||
12 | noblacklist ~/.cache/libgweather | ||
11 | 13 | ||
12 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index bf2a9f36f..d7bd5c633 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/gnome-books.local | |||
5 | # gnome-books profile | 5 | # gnome-books profile |
6 | 6 | ||
7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
8 | noblacklist ~/.cache/org.gnome.Books | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 3b6bdd130..f1fa1d15f 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/gnome-weather.local | |||
5 | # gnome-weather profile | 5 | # gnome-weather profile |
6 | 6 | ||
7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 7 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
8 | noblacklist ~/.cache/libgweather | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 65bc42648..3bd16de4a 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/google-chrome-beta.local | |||
4 | 4 | ||
5 | # Google Chrome beta browser profile | 5 | # Google Chrome beta browser profile |
6 | noblacklist ~/.config/google-chrome-beta | 6 | noblacklist ~/.config/google-chrome-beta |
7 | noblacklist ~/.cache/google-chrome-beta | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -17,6 +18,8 @@ netfilter | |||
17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config/google-chrome-beta | 19 | mkdir ~/.config/google-chrome-beta |
19 | whitelist ~/.config/google-chrome-beta | 20 | whitelist ~/.config/google-chrome-beta |
21 | mkdir ~/.cache/google-chrome-beta | ||
22 | whitelist ~/.cache/google-chrome-beta | ||
20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
22 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 6f6fa1bf2..d2def4f96 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/google-chrome-unstable.local | |||
4 | 4 | ||
5 | # Google Chrome unstable browser profile | 5 | # Google Chrome unstable browser profile |
6 | noblacklist ~/.config/google-chrome-unstable | 6 | noblacklist ~/.config/google-chrome-unstable |
7 | noblacklist ~/.cache/google-chrome-unstable | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -17,6 +18,8 @@ netfilter | |||
17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config/google-chrome-unstable | 19 | mkdir ~/.config/google-chrome-unstable |
19 | whitelist ~/.config/google-chrome-unstable | 20 | whitelist ~/.config/google-chrome-unstable |
21 | mkdir ~/.cache/google-chrome-unstable | ||
22 | whitelist ~/.cache/google-chrome-unstable | ||
20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
22 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 131538dd9..38feb12a5 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/google-chrome.local | |||
4 | 4 | ||
5 | # Google Chrome browser profile | 5 | # Google Chrome browser profile |
6 | noblacklist ~/.config/google-chrome | 6 | noblacklist ~/.config/google-chrome |
7 | noblacklist ~/.cache/google-chrome | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -17,6 +18,8 @@ netfilter | |||
17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config/google-chrome | 19 | mkdir ~/.config/google-chrome |
19 | whitelist ~/.config/google-chrome | 20 | whitelist ~/.config/google-chrome |
21 | mkdir ~/.cache/google-chrome | ||
22 | whitelist ~/.cache/google-chrome | ||
20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
22 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/icecat.profile b/etc/icecat.profile index 4bd3f3047..64401efe8 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/icecat.local | |||
4 | 4 | ||
5 | # Firejail profile for GNU Icecat | 5 | # Firejail profile for GNU Icecat |
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +22,8 @@ tracelog | |||
21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
22 | mkdir ~/.mozilla | 23 | mkdir ~/.mozilla |
23 | whitelist ~/.mozilla | 24 | whitelist ~/.mozilla |
25 | mkdir ~/.cache/mozilla/icecat | ||
26 | whitelist ~/.cache/mozilla/icecat | ||
24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
@@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
34 | 38 | ||
diff --git a/etc/icedove.profile b/etc/icedove.profile index aae0e3bf5..b5265e992 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
@@ -14,6 +14,10 @@ noblacklist ~/.icedove | |||
14 | mkdir ~/.icedove | 14 | mkdir ~/.icedove |
15 | whitelist ~/.icedove | 15 | whitelist ~/.icedove |
16 | 16 | ||
17 | noblacklist ~/.cache/icedove | ||
18 | mkdir ~/.cache/icedove | ||
19 | whitelist ~/.cache/icedove | ||
20 | |||
17 | # allow browsers | 21 | # allow browsers |
18 | ignore private-tmp | 22 | ignore private-tmp |
19 | include /etc/firejail/firefox.profile | 23 | include /etc/firejail/firefox.profile |
diff --git a/etc/inox.profile b/etc/inox.profile index 6043ded8a..0b2e4ee5e 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/inox.local | |||
4 | 4 | ||
5 | # Inox browser profile | 5 | # Inox browser profile |
6 | noblacklist ~/.config/inox | 6 | noblacklist ~/.config/inox |
7 | noblacklist ~/.cache/inox | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -13,6 +14,8 @@ netfilter | |||
13 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
14 | mkdir ~/.config/inox | 15 | mkdir ~/.config/inox |
15 | whitelist ~/.config/inox | 16 | whitelist ~/.config/inox |
17 | mkdir ~/.cache/inox | ||
18 | whitelist ~/.cache/inox | ||
16 | mkdir ~/.pki | 19 | mkdir ~/.pki |
17 | whitelist ~/.pki | 20 | whitelist ~/.pki |
18 | 21 | ||
diff --git a/etc/iridium.profile b/etc/iridium.profile index dcbd0b84b..2d79a3935 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/iridium.local | |||
4 | 4 | ||
5 | # Iridium browser profile | 5 | # Iridium browser profile |
6 | noblacklist ~/.config/iridium | 6 | noblacklist ~/.config/iridium |
7 | noblacklist ~/.cache/iridium | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | 10 | ||
@@ -16,6 +17,8 @@ netfilter | |||
16 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
17 | mkdir ~/.config/iridium | 18 | mkdir ~/.config/iridium |
18 | whitelist ~/.config/iridium | 19 | whitelist ~/.config/iridium |
20 | mkdir ~/.cache/iridium | ||
21 | whitelist ~/.cache/iridium | ||
19 | mkdir ~/.pki | 22 | mkdir ~/.pki |
20 | whitelist ~/.pki | 23 | whitelist ~/.pki |
21 | 24 | ||
diff --git a/etc/mutt.profile b/etc/mutt.profile index f9d537779..2f0809f02 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -14,6 +14,7 @@ noblacklist ~/mail | |||
14 | noblacklist ~/Mail | 14 | noblacklist ~/Mail |
15 | noblacklist ~/sent | 15 | noblacklist ~/sent |
16 | noblacklist ~/postponed | 16 | noblacklist ~/postponed |
17 | noblacklist ~/.cache/mutt | ||
17 | noblacklist ~/.w3m | 18 | noblacklist ~/.w3m |
18 | noblacklist ~/.elinks | 19 | noblacklist ~/.elinks |
19 | noblacklist ~/.vim | 20 | noblacklist ~/.vim |
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index a3c360c1e..c217346de 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/netsurf.local | |||
4 | 4 | ||
5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | 5 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) |
6 | noblacklist ~/.config/netsurf | 6 | noblacklist ~/.config/netsurf |
7 | noblacklist ~/.cache/netsurf | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -19,5 +20,7 @@ tracelog | |||
19 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
20 | mkdir ~/.config/netsurf | 21 | mkdir ~/.config/netsurf |
21 | whitelist ~/.config/netsurf | 22 | whitelist ~/.config/netsurf |
23 | mkdir ~/.cache/netsurf | ||
24 | whitelist ~/.cache/netsurf | ||
22 | 25 | ||
23 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 5a0d54744..2782ce8e6 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -14,6 +14,8 @@ netfilter | |||
14 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
15 | mkdir ~/.config/opera-beta | 15 | mkdir ~/.config/opera-beta |
16 | whitelist ~/.config/opera-beta | 16 | whitelist ~/.config/opera-beta |
17 | mkdir ~/.cache/opera | ||
18 | whitelist ~/.cache/opera | ||
17 | mkdir ~/.pki | 19 | mkdir ~/.pki |
18 | whitelist ~/.pki | 20 | whitelist ~/.pki |
19 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/opera.profile b/etc/opera.profile index 4af502060..f903108b3 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/opera.local | |||
5 | # Opera browser profile | 5 | # Opera browser profile |
6 | noblacklist ~/.config/opera | 6 | noblacklist ~/.config/opera |
7 | noblacklist ~/.opera | 7 | noblacklist ~/.opera |
8 | noblacklist ~/.cache/opera | ||
8 | noblacklist ~/.pki | 9 | noblacklist ~/.pki |
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
@@ -16,6 +17,8 @@ whitelist ${DOWNLOADS} | |||
16 | mkdir ~/.config/opera | 17 | mkdir ~/.config/opera |
17 | whitelist ~/.config/opera | 18 | whitelist ~/.config/opera |
18 | mkdir ~/.opera | 19 | mkdir ~/.opera |
20 | mkdir ~/.cache/opera | ||
21 | whitelist ~/.cache/opera | ||
19 | whitelist ~/.opera | 22 | whitelist ~/.opera |
20 | mkdir ~/.pki | 23 | mkdir ~/.pki |
21 | whitelist ~/.pki | 24 | whitelist ~/.pki |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 472d58cee..8cac00e03 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/palemoon.local | |||
4 | 4 | ||
5 | # Firejail profile for Pale Moon | 5 | # Firejail profile for Pale Moon |
6 | noblacklist ~/.moonchild productions/pale moon | 6 | noblacklist ~/.moonchild productions/pale moon |
7 | noblacklist ~/.cache/moonchild productions/pale moon | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -12,6 +13,8 @@ include /etc/firejail/whitelist-common.inc | |||
12 | whitelist ${DOWNLOADS} | 13 | whitelist ${DOWNLOADS} |
13 | mkdir ~/.moonchild productions | 14 | mkdir ~/.moonchild productions |
14 | whitelist ~/.moonchild productions | 15 | whitelist ~/.moonchild productions |
16 | mkdir ~/.cache/moonchild productions/pale moon | ||
17 | whitelist ~/.cache/moonchild productions/pale moon | ||
15 | 18 | ||
16 | caps.drop all | 19 | caps.drop all |
17 | netfilter | 20 | netfilter |
@@ -37,6 +40,7 @@ private-tmp | |||
37 | #whitelist ~/.pentadactyl | 40 | #whitelist ~/.pentadactyl |
38 | #whitelist ~/.keysnail.js | 41 | #whitelist ~/.keysnail.js |
39 | #whitelist ~/.config/gnome-mplayer | 42 | #whitelist ~/.config/gnome-mplayer |
43 | #whitelist ~/.cache/gnome-mplayer/plugin | ||
40 | #whitelist ~/.pki | 44 | #whitelist ~/.pki |
41 | #whitelist ~/.lastpass | 45 | #whitelist ~/.lastpass |
42 | 46 | ||
diff --git a/etc/polari.profile b/etc/polari.profile index 52a58322e..834a8b3d6 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -15,6 +15,8 @@ mkdir ${HOME}/.local/share/TpLogger | |||
15 | whitelist ${HOME}/.local/share/TpLogger | 15 | whitelist ${HOME}/.local/share/TpLogger |
16 | mkdir ${HOME}/.config/telepathy-account-widgets | 16 | mkdir ${HOME}/.config/telepathy-account-widgets |
17 | whitelist ${HOME}/.config/telepathy-account-widgets | 17 | whitelist ${HOME}/.config/telepathy-account-widgets |
18 | mkdir ${HOME}/.cache/telepathy | ||
19 | whitelist ${HOME}/.cache/telepathy | ||
18 | mkdir ${HOME}/.purple | 20 | mkdir ${HOME}/.purple |
19 | whitelist ${HOME}/.purple | 21 | whitelist ${HOME}/.purple |
20 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 5106fccb2..45cb22ee4 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -14,6 +14,8 @@ mkdir ~/.config/psi+ | |||
14 | whitelist ~/.config/psi+ | 14 | whitelist ~/.config/psi+ |
15 | mkdir ~/.local/share/psi+ | 15 | mkdir ~/.local/share/psi+ |
16 | whitelist ~/.local/share/psi+ | 16 | whitelist ~/.local/share/psi+ |
17 | mkdir ~/.cache/psi+ | ||
18 | whitelist ~/.cache/psi+ | ||
17 | 19 | ||
18 | caps.drop all | 20 | caps.drop all |
19 | netfilter | 21 | netfilter |
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 158425e18..f4e4f96d3 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/quiterss.local | 3 | include /etc/firejail/quiterss.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.cache/QuiteRss | ||
5 | noblacklist ${HOME}/.config/QuiteRss | 6 | noblacklist ${HOME}/.config/QuiteRss |
6 | noblacklist ${HOME}/.config/QuiteRssrc | 7 | noblacklist ${HOME}/.config/QuiteRssrc |
7 | noblacklist ${HOME}/.local/share/QuiteRss | 8 | noblacklist ${HOME}/.local/share/QuiteRss |
@@ -18,6 +19,8 @@ whitelist ${HOME}/.config/QuiteRssrc | |||
18 | mkdir ~/.local/share/data | 19 | mkdir ~/.local/share/data |
19 | mkdir ~/.local/share/data/QuiteRss | 20 | mkdir ~/.local/share/data/QuiteRss |
20 | whitelist ${HOME}/.local/share/data/QuiteRss | 21 | whitelist ${HOME}/.local/share/data/QuiteRss |
22 | mkdir ~/.cache/QuiteRss | ||
23 | whitelist ${HOME}/.cache/QuiteRss | ||
21 | 24 | ||
22 | caps.drop all | 25 | caps.drop all |
23 | netfilter | 26 | netfilter |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 783bc516d..3f5cb60c0 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/qupzilla.local | |||
4 | 4 | ||
5 | # Firejail profile for Qupzilla web browser | 5 | # Firejail profile for Qupzilla web browser |
6 | noblacklist ${HOME}/.config/qupzilla | 6 | noblacklist ${HOME}/.config/qupzilla |
7 | noblacklist ${HOME}/.cache/qupzilla | ||
7 | include /etc/firejail/disable-mgmt.inc | 8 | include /etc/firejail/disable-mgmt.inc |
8 | include /etc/firejail/disable-secret.inc | 9 | include /etc/firejail/disable-secret.inc |
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,6 +17,7 @@ tracelog | |||
16 | noroot | 17 | noroot |
17 | whitelist ${DOWNLOADS} | 18 | whitelist ${DOWNLOADS} |
18 | whitelist ~/.config/qupzilla | 19 | whitelist ~/.config/qupzilla |
20 | whitelist ~/.cache/qupzilla | ||
19 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
20 | 22 | ||
21 | # experimental features | 23 | # experimental features |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 53be1178c..f43307ef9 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/qutebrowser.local | |||
4 | 4 | ||
5 | # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser | 5 | # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser |
6 | noblacklist ~/.config/qutebrowser | 6 | noblacklist ~/.config/qutebrowser |
7 | noblacklist ~/.cache/qutebrowser | ||
7 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
9 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -19,6 +20,8 @@ tracelog | |||
19 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
20 | mkdir ~/.config/qutebrowser | 21 | mkdir ~/.config/qutebrowser |
21 | whitelist ~/.config/qutebrowser | 22 | whitelist ~/.config/qutebrowser |
23 | mkdir ~/.cache/qutebrowser | ||
24 | whitelist ~/.cache/qutebrowser | ||
22 | mkdir ~/.local/share/qutebrowser | 25 | mkdir ~/.local/share/qutebrowser |
23 | whitelist ~/.local/share/qutebrowser | 26 | whitelist ~/.local/share/qutebrowser |
24 | include /etc/firejail/whitelist-common.inc | 27 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 756700c2f..df1910469 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/seamonkey.local | |||
4 | 4 | ||
5 | # Firejail profile for Seamoneky based off Mozilla Firefox | 5 | # Firejail profile for Seamoneky based off Mozilla Firefox |
6 | noblacklist ~/.mozilla | 6 | noblacklist ~/.mozilla |
7 | noblacklist ~/.cache/mozilla | ||
7 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
8 | noblacklist ~/.lastpass | 9 | noblacklist ~/.lastpass |
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +22,8 @@ tracelog | |||
21 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
22 | mkdir ~/.mozilla/seamonkey | 23 | mkdir ~/.mozilla/seamonkey |
23 | whitelist ~/.mozilla/seamonkey | 24 | whitelist ~/.mozilla/seamonkey |
25 | mkdir ~/.cache/mozilla/seamonkey | ||
26 | whitelist ~/.cache/mozilla/seamonkey | ||
24 | whitelist ~/dwhelper | 27 | whitelist ~/dwhelper |
25 | whitelist ~/.zotero | 28 | whitelist ~/.zotero |
26 | whitelist ~/.vimperatorrc | 29 | whitelist ~/.vimperatorrc |
@@ -29,6 +32,7 @@ whitelist ~/.pentadactylrc | |||
29 | whitelist ~/.pentadactyl | 32 | whitelist ~/.pentadactyl |
30 | whitelist ~/.keysnail.js | 33 | whitelist ~/.keysnail.js |
31 | whitelist ~/.config/gnome-mplayer | 34 | whitelist ~/.config/gnome-mplayer |
35 | whitelist ~/.cache/gnome-mplayer/plugin | ||
32 | whitelist ~/.pki | 36 | whitelist ~/.pki |
33 | whitelist ~/.lastpass | 37 | whitelist ~/.lastpass |
34 | include /etc/firejail/whitelist-common.inc | 38 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 0f6d626a5..ee7e50ba7 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -3,6 +3,8 @@ | |||
3 | include /etc/firejail/simple-scan.local | 3 | include /etc/firejail/simple-scan.local |
4 | 4 | ||
5 | # simple-scan profile | 5 | # simple-scan profile |
6 | noblacklist ~/.cache/simple-scan | ||
7 | |||
6 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 23ef75b71..843038a2b 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/spotify.local | |||
4 | 4 | ||
5 | # Spotify media player profile | 5 | # Spotify media player profile |
6 | noblacklist ${HOME}/.config/spotify | 6 | noblacklist ${HOME}/.config/spotify |
7 | noblacklist ${HOME}/.cache/spotify | ||
7 | noblacklist ${HOME}/.local/share/spotify | 8 | noblacklist ${HOME}/.local/share/spotify |
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
@@ -15,6 +16,8 @@ mkdir ${HOME}/.config/spotify | |||
15 | whitelist ${HOME}/.config/spotify | 16 | whitelist ${HOME}/.config/spotify |
16 | mkdir ${HOME}/.local/share/spotify | 17 | mkdir ${HOME}/.local/share/spotify |
17 | whitelist ${HOME}/.local/share/spotify | 18 | whitelist ${HOME}/.local/share/spotify |
19 | mkdir ${HOME}/.cache/spotify | ||
20 | whitelist ${HOME}/.cache/spotify | ||
18 | 21 | ||
19 | caps.drop all | 22 | caps.drop all |
20 | netfilter | 23 | netfilter |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index df1a4cdbb..64fe92c1e 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -18,6 +18,10 @@ noblacklist ~/.icedove | |||
18 | mkdir ~/.icedove | 18 | mkdir ~/.icedove |
19 | whitelist ~/.icedove | 19 | whitelist ~/.icedove |
20 | 20 | ||
21 | noblacklist ~/.cache/thunderbird | ||
22 | mkdir ~/.cache/thunderbird | ||
23 | whitelist ~/.cache/thunderbird | ||
24 | |||
21 | # allow browsers | 25 | # allow browsers |
22 | ignore private-tmp | 26 | ignore private-tmp |
23 | include /etc/firejail/firefox.profile | 27 | include /etc/firejail/firefox.profile |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 5b6bec4c1..dbcc8d041 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/transmission-cli.local | |||
4 | 4 | ||
5 | # transmission-cli bittorrent profile | 5 | # transmission-cli bittorrent profile |
6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
7 | noblacklist ${HOME}/.cache/transmission | ||
7 | 8 | ||
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 78ce5fba2..dcd3317ef 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/transmission-gtk.local | |||
4 | 4 | ||
5 | # transmission-gtk bittorrent profile | 5 | # transmission-gtk bittorrent profile |
6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
7 | noblacklist ${HOME}/.cache/transmission | ||
7 | 8 | ||
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 2f7fe0714..ed63f7cff 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/transmission-qt.local | |||
4 | 4 | ||
5 | # transmission-qt bittorrent profile | 5 | # transmission-qt bittorrent profile |
6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
7 | noblacklist ${HOME}/.cache/transmission | ||
7 | 8 | ||
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 052843882..0b88789b1 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/transmission-show.local | |||
4 | 4 | ||
5 | # transmission-show profile | 5 | # transmission-show profile |
6 | noblacklist ${HOME}/.config/transmission | 6 | noblacklist ${HOME}/.config/transmission |
7 | noblacklist ${HOME}/.cache/transmission | ||
7 | 8 | ||
8 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index bf6af3926..7ab2e5f70 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include /etc/firejail/vivaldi.local | 3 | include /etc/firejail/vivaldi.local |
4 | noblacklist ~/.cache/vivaldi | ||
4 | 5 | ||
5 | # Vivaldi browser profile | 6 | # Vivaldi browser profile |
6 | noblacklist ~/.config/vivaldi | 7 | noblacklist ~/.config/vivaldi |
@@ -13,4 +14,6 @@ netfilter | |||
13 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
14 | mkdir ~/.config/vivaldi | 15 | mkdir ~/.config/vivaldi |
15 | whitelist ~/.config/vivaldi | 16 | whitelist ~/.config/vivaldi |
17 | mkdir ~/.cache/vivaldi | ||
18 | whitelist ~/.cache/vivaldi | ||
16 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index fbb381a86..212466f5a 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -4,6 +4,7 @@ include /etc/firejail/wesnoth.local | |||
4 | 4 | ||
5 | # Whitelist-based profile for "Battle for Wesnoth" (game). | 5 | # Whitelist-based profile for "Battle for Wesnoth" (game). |
6 | noblacklist ${HOME}/.config/wesnoth | 6 | noblacklist ${HOME}/.config/wesnoth |
7 | noblacklist ${HOME}/.cache/wesnoth | ||
7 | noblacklist ${HOME}/.local/share/wesnoth | 8 | noblacklist ${HOME}/.local/share/wesnoth |
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -22,6 +23,8 @@ private-tmp | |||
22 | 23 | ||
23 | mkdir ${HOME}/.local/share/wesnoth | 24 | mkdir ${HOME}/.local/share/wesnoth |
24 | mkdir ${HOME}/.config/wesnoth | 25 | mkdir ${HOME}/.config/wesnoth |
26 | mkdir ${HOME}/.cache/wesnoth | ||
25 | whitelist ${HOME}/.local/share/wesnoth | 27 | whitelist ${HOME}/.local/share/wesnoth |
26 | whitelist ${HOME}/.config/wesnoth | 28 | whitelist ${HOME}/.config/wesnoth |
29 | whitelist ${HOME}/.cache/wesnoth | ||
27 | include /etc/firejail/whitelist-common.inc | 30 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 516f47041..cf7797100 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -19,6 +19,7 @@ whitelist ~/.fonts.conf | |||
19 | whitelist ~/.fonts.conf.d | 19 | whitelist ~/.fonts.conf.d |
20 | whitelist ~/.local/share/fonts | 20 | whitelist ~/.local/share/fonts |
21 | whitelist ~/.config/fontconfig | 21 | whitelist ~/.config/fontconfig |
22 | whitelist ~/.cache/fontconfig | ||
22 | 23 | ||
23 | # gtk | 24 | # gtk |
24 | whitelist ~/.gtkrc | 25 | whitelist ~/.gtkrc |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 51dbcad51..31ea14ca3 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/xreader.local | |||
5 | # Xreader profile | 5 | # Xreader profile |
6 | noblacklist ~/.config/xreader | 6 | noblacklist ~/.config/xreader |
7 | noblacklist ~/.local/share | 7 | noblacklist ~/.local/share |
8 | noblacklist ~/.cache/xreader | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |