diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/audacity.profile | 11 | ||||
-rw-r--r-- | etc/aweather.profile | 19 | ||||
-rw-r--r-- | etc/gitter.profile | 7 | ||||
-rw-r--r-- | etc/gpredict.profile | 19 | ||||
-rw-r--r-- | etc/palemoon.profile | 24 | ||||
-rw-r--r-- | etc/rhythmbox.profile | 6 | ||||
-rw-r--r-- | etc/spotify.profile | 5 | ||||
-rw-r--r-- | etc/stellarium.profile | 23 | ||||
-rw-r--r-- | etc/warzone2100.profile | 11 | ||||
-rw-r--r-- | etc/xplayer.profile | 5 | ||||
-rw-r--r-- | etc/xreader.profile | 2 | ||||
-rw-r--r-- | etc/xviewer.profile | 11 |
12 files changed, 90 insertions, 53 deletions
diff --git a/etc/audacity.profile b/etc/audacity.profile index 8971ce1a2..162201cb8 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -7,10 +7,13 @@ include /etc/firejail/disable-passwdmgr.inc | |||
7 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | ||
11 | nonewprivs | 10 | nonewprivs |
12 | noroot | ||
13 | nogroups | 11 | nogroups |
14 | #private-bin audacity | 12 | noroot |
15 | protocol unix,inet,inet6 | 13 | protocol unix |
16 | seccomp | 14 | seccomp |
15 | shell none | ||
16 | tracelog | ||
17 | |||
18 | private-bin audacity | ||
19 | private-dev | ||
diff --git a/etc/aweather.profile b/etc/aweather.profile index dd508e736..d617fb701 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -1,24 +1,25 @@ | |||
1 | # Firejail profile for aweather. | 1 | # Firejail profile for aweather. |
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.config/aweather | 2 | noblacklist ~/.config/aweather |
5 | |||
6 | # Include | ||
7 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
9 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
10 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
11 | 7 | ||
12 | # Call these options | 8 | # Whitelist |
9 | mkdir ~/.config | ||
10 | mkdir ~/.config/aweather | ||
11 | whitelist ~/.config/aweather | ||
12 | |||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nonewprivs | 15 | nonewprivs |
16 | nogroups | ||
16 | noroot | 17 | noroot |
18 | nosound | ||
17 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
18 | seccomp | 20 | seccomp |
21 | shell none | ||
19 | tracelog | 22 | tracelog |
20 | 23 | ||
21 | # Whitelist | 24 | private-bin aweather |
22 | mkdir ~/.config | 25 | private-dev |
23 | mkdir ~/.config/aweather | ||
24 | whitelist ~/.config/aweather | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index 0c2bd1353..2882c59a6 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -1,6 +1,5 @@ | |||
1 | # Firejail profile for Gitter | 1 | # Firejail profile for Gitter |
2 | noblacklist ~/.config/Gitter | 2 | noblacklist ~/.config/Gitter |
3 | |||
4 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 4 | include /etc/firejail/disable-passwdmgr.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
@@ -8,6 +7,12 @@ include /etc/firejail/disable-devel.inc | |||
8 | 7 | ||
9 | caps.drop all | 8 | caps.drop all |
10 | netfilter | 9 | netfilter |
10 | nonewprivs | ||
11 | nogroups | ||
11 | noroot | 12 | noroot |
12 | protocol unix,inet,inet6,netlink | 13 | protocol unix,inet,inet6,netlink |
13 | seccomp | 14 | seccomp |
15 | shell none | ||
16 | |||
17 | private-bin gitter | ||
18 | private-dev | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index ba9fce37b..02bb4d24d 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -1,24 +1,25 @@ | |||
1 | # Firejail profile for gpredict. | 1 | # Firejail profile for gpredict. |
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.config/Gpredict | 2 | noblacklist ~/.config/Gpredict |
5 | |||
6 | # Include | ||
7 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
8 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
9 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
10 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
11 | 7 | ||
12 | # Call these options | 8 | # Whitelist |
9 | mkdir ~/.config | ||
10 | mkdir ~/.config/Gpredict | ||
11 | whitelist ~/.config/Gpredict | ||
12 | |||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nonewprivs | 15 | nonewprivs |
16 | nogroups | ||
16 | noroot | 17 | noroot |
18 | nosound | ||
17 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
18 | seccomp | 20 | seccomp |
21 | shell none | ||
19 | tracelog | 22 | tracelog |
20 | 23 | ||
21 | # Whitelist | 24 | private-bin gpredict |
22 | mkdir ~/.config | 25 | private-dev |
23 | mkdir ~/.config/Gpredict | ||
24 | whitelist ~/.config/Gpredict | ||
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index a74954ddb..302c20d7d 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -1,31 +1,30 @@ | |||
1 | # Firejail profile for Pale Moon | 1 | # Firejail profile for Pale Moon |
2 | |||
3 | # Noblacklists | ||
4 | noblacklist ~/.moonchild productions/pale moon | 2 | noblacklist ~/.moonchild productions/pale moon |
5 | noblacklist ~/.cache/moonchild productions/pale moon | 3 | noblacklist ~/.cache/moonchild productions/pale moon |
6 | |||
7 | # Included profiles | ||
8 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
10 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/whitelist-common.inc | 7 | include /etc/firejail/whitelist-common.inc |
12 | 8 | ||
13 | # Options | 9 | whitelist ${DOWNLOADS} |
10 | mkdir ~/.moonchild productions | ||
11 | whitelist ~/.moonchild productions | ||
12 | mkdir ~/.cache | ||
13 | mkdir ~/.cache/moonchild productions | ||
14 | mkdir ~/.cache/moonchild productions/pale moon | ||
15 | whitelist ~/.cache/moonchild productions/pale moon | ||
16 | |||
14 | caps.drop all | 17 | caps.drop all |
15 | netfilter | 18 | netfilter |
19 | nogroups | ||
16 | nonewprivs | 20 | nonewprivs |
17 | noroot | 21 | noroot |
18 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
19 | seccomp | 23 | seccomp |
24 | shell none | ||
20 | tracelog | 25 | tracelog |
21 | 26 | ||
22 | whitelist ${DOWNLOADS} | 27 | private-bin palemoon |
23 | mkdir ~/.moonchild productions | ||
24 | whitelist ~/.moonchild productions | ||
25 | mkdir ~/.cache | ||
26 | mkdir ~/.cache/moonchild productions | ||
27 | mkdir ~/.cache/moonchild productions/pale moon | ||
28 | whitelist ~/.cache/moonchild productions/pale moon | ||
29 | 28 | ||
30 | # These are uncommented in the Firefox profile. If you run into trouble you may | 29 | # These are uncommented in the Firefox profile. If you run into trouble you may |
31 | # want to uncomment (some of) them. | 30 | # want to uncomment (some of) them. |
@@ -56,3 +55,4 @@ whitelist ~/.config/lastpass | |||
56 | 55 | ||
57 | # experimental features | 56 | # experimental features |
58 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 57 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
58 | #private-dev (disabled for now as it will interfere with webcam use in palemoon) | ||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 0782a653d..9f087ea1d 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -5,8 +5,14 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | nogroups | ||
8 | netfilter | 9 | netfilter |
9 | nonewprivs | 10 | nonewprivs |
10 | noroot | 11 | noroot |
11 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
12 | seccomp | 13 | seccomp |
14 | shell none | ||
15 | tracelog | ||
16 | |||
17 | private-bin rhythmbox | ||
18 | private-dev | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index 9ba25b818..ca575970b 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -24,7 +24,12 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nogroups | ||
27 | nonewprivs | 28 | nonewprivs |
28 | noroot | 29 | noroot |
29 | protocol unix,inet,inet6,netlink | 30 | protocol unix,inet,inet6,netlink |
30 | seccomp | 31 | seccomp |
32 | shell none | ||
33 | |||
34 | private-bin spotify | ||
35 | private-dev | ||
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 148ec949d..d0c1326b3 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -1,28 +1,29 @@ | |||
1 | # Firejail profile for Stellarium. | 1 | # Firejail profile for Stellarium. |
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.stellarium | 2 | noblacklist ~/.stellarium |
5 | noblacklist ~/.config/stellarium | 3 | noblacklist ~/.config/stellarium |
6 | |||
7 | # Include | ||
8 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
12 | 8 | ||
13 | # Call these options | 9 | # Whitelist |
10 | mkdir ~/.stellarium | ||
11 | whitelist ~/.stellarium | ||
12 | mkdir ~/.config | ||
13 | mkdir ~/.config/stellarium | ||
14 | whitelist ~/.config/stellarium | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | netfilter | 17 | netfilter |
18 | nogroups | ||
16 | nonewprivs | 19 | nonewprivs |
17 | noroot | 20 | noroot |
21 | nosound | ||
18 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
19 | seccomp | 23 | seccomp |
24 | shell none | ||
20 | tracelog | 25 | tracelog |
21 | 26 | ||
22 | # Whitelist | 27 | private-bin stellarium |
23 | mkdir ~/.stellarium | 28 | private-dev |
24 | whitelist ~/.stellarium | ||
25 | 29 | ||
26 | mkdir ~/.config | ||
27 | mkdir ~/.config/stellarium | ||
28 | whitelist ~/.config/stellarium | ||
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index ceeaca012..ff37e2800 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -6,15 +6,20 @@ include /etc/firejail/disable-devel.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | include /etc/firejail/disable-programs.inc | 7 | include /etc/firejail/disable-programs.inc |
8 | 8 | ||
9 | # Whitelist | ||
10 | mkdir ~/.warzone2100-3.1 | ||
11 | whitelist ~/.warzone2100-3.1 | ||
12 | |||
9 | # Call these options | 13 | # Call these options |
10 | caps.drop all | 14 | caps.drop all |
11 | netfilter | 15 | netfilter |
16 | nogroups | ||
12 | nonewprivs | 17 | nonewprivs |
13 | noroot | 18 | noroot |
14 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
15 | seccomp | 20 | seccomp |
21 | shell none | ||
16 | tracelog | 22 | tracelog |
17 | 23 | ||
18 | # Whitelist | 24 | private-bin warzone2100 |
19 | mkdir ~/.warzone2100-3.1 | 25 | private-dev |
20 | whitelist ~/.warzone2100-3.1 | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index cd9cbed45..a46b2fa06 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -10,7 +10,12 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | caps.drop all | 10 | caps.drop all |
11 | netfilter | 11 | netfilter |
12 | nonewprivs | 12 | nonewprivs |
13 | nogroups | ||
13 | noroot | 14 | noroot |
14 | protocol unix,inet,inet6 | 15 | protocol unix,inet,inet6 |
15 | seccomp | 16 | seccomp |
17 | shell none | ||
16 | tracelog | 18 | tracelog |
19 | |||
20 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | ||
21 | private-dev | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index fed9d4db5..ac7d34022 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -9,8 +9,8 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | nonewprivs | ||
13 | nogroups | 12 | nogroups |
13 | nonewprivs | ||
14 | noroot | 14 | noroot |
15 | nosound | 15 | nosound |
16 | protocol unix | 16 | protocol unix |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 51949526d..7a4ae4858 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -6,9 +6,14 @@ include /etc/firejail/disable-devel.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | netfilter | ||
10 | noroot | ||
11 | nonewprivs | 9 | nonewprivs |
12 | protocol unix,inet,inet6 | 10 | nogroups |
11 | noroot | ||
12 | nosound | ||
13 | protocol unix | ||
13 | seccomp | 14 | seccomp |
15 | shell none | ||
14 | tracelog | 16 | tracelog |
17 | |||
18 | private-dev | ||
19 | private-bin xviewer | ||