diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/atril.profile | 7 | ||||
-rw-r--r-- | etc/disable-programs.inc | 17 | ||||
-rw-r--r-- | etc/xplayer.profile | 15 | ||||
-rw-r--r-- | etc/xreader.profile | 16 | ||||
-rw-r--r-- | etc/xviewer.profile | 13 |
5 files changed, 58 insertions, 10 deletions
diff --git a/etc/atril.profile b/etc/atril.profile index c5b2abc48..d1a7b25f8 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -1,5 +1,6 @@ | |||
1 | # Atril profile | 1 | # Atril profile |
2 | noblacklist ~/.config/atril | 2 | noblacklist ~/.config/atril |
3 | noblacklist ~/.local/share | ||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
@@ -8,10 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | caps.drop all | 9 | caps.drop all |
9 | seccomp | 10 | seccomp |
10 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
11 | net none | ||
12 | noroot | 12 | noroot |
13 | tracelog | 13 | tracelog |
14 | 14 | netfilter | |
15 | mkdir ~/.config | ||
16 | mkdir ~/.config/atril | ||
17 | whitelist ~/.config/atril | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 297d25bf2..1f3768693 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -12,17 +12,22 @@ blacklist ${HOME}/.config/uGet | |||
12 | blacklist ${HOME}/.config/Gpredict | 12 | blacklist ${HOME}/.config/Gpredict |
13 | blacklist ${HOME}/.config/aweather | 13 | blacklist ${HOME}/.config/aweather |
14 | blacklist ${HOME}/.config/stellarium | 14 | blacklist ${HOME}/.config/stellarium |
15 | blacklist ~/.kde/share/apps/okular | 15 | blacklist ${HOME}/.config/atril |
16 | blacklist ~/.kde/share/config/okularrc | 16 | blacklist ${HOME}/.config/xreader |
17 | blacklist ~/.kde/share/config/okularpartrc | 17 | blacklist ${HOME}/.config/xviewer |
18 | blacklist ~/.kde/share/apps/gwenview | 18 | blacklist ${HOME}/.kde/share/apps/okular |
19 | blacklist ~/.kde/share/config/gwenviewrc | 19 | blacklist ${HOME}/.kde/share/config/okularrc |
20 | blacklist ${HOME}/.kde/share/config/okularpartrc | ||
21 | blacklist ${HOME}/.kde/share/apps/gwenview | ||
22 | blacklist ${HOME}/.kde/share/config/gwenviewrc | ||
20 | 23 | ||
21 | # Media players | 24 | # Media players |
22 | blacklist ${HOME}/.config/cmus | 25 | blacklist ${HOME}/.config/cmus |
23 | blacklist ${HOME}/.config/deadbeef | 26 | blacklist ${HOME}/.config/deadbeef |
24 | blacklist ${HOME}/.config/spotify | 27 | blacklist ${HOME}/.config/spotify |
25 | blacklist ${HOME}/.config/vlc | 28 | blacklist ${HOME}/.config/vlc |
29 | blacklist ${HOME}/.config/totem | ||
30 | blacklist ${HOME}/.config/xplayer | ||
26 | 31 | ||
27 | # HTTP / FTP / Mail | 32 | # HTTP / FTP / Mail |
28 | blacklist ${HOME}/.icedove | 33 | blacklist ${HOME}/.icedove |
@@ -95,6 +100,7 @@ blacklist ${HOME}/.cache/transmission | |||
95 | blacklist ${HOME}/.cache/wesnoth | 100 | blacklist ${HOME}/.cache/wesnoth |
96 | blacklist ${HOME}/.cache/0ad | 101 | blacklist ${HOME}/.cache/0ad |
97 | blacklist ${HOME}/.cache/8pecxstudios | 102 | blacklist ${HOME}/.cache/8pecxstudios |
103 | blacklist ${HOME}/.cache/xreader | ||
98 | 104 | ||
99 | # share | 105 | # share |
100 | blacklist ${HOME}/.local/share/epiphany | 106 | blacklist ${HOME}/.local/share/epiphany |
@@ -103,3 +109,4 @@ blacklist ${HOME}/.local/share/spotify | |||
103 | blacklist ${HOME}/.local/share/steam | 109 | blacklist ${HOME}/.local/share/steam |
104 | blacklist ${HOME}/.local/share/wesnoth | 110 | blacklist ${HOME}/.local/share/wesnoth |
105 | blacklist ${HOME}/.local/share/0ad | 111 | blacklist ${HOME}/.local/share/0ad |
112 | blacklist ${HOME}/.local/share/xplayer | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile new file mode 100644 index 000000000..67a46a7da --- /dev/null +++ b/etc/xplayer.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # Xplayer profile | ||
2 | noblacklist ~/.config/xplayer | ||
3 | noblacklist ~/.local/share/xplayer | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | noroot | ||
14 | tracelog | ||
15 | netfilter | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile new file mode 100644 index 000000000..7b72d41a6 --- /dev/null +++ b/etc/xreader.profile | |||
@@ -0,0 +1,16 @@ | |||
1 | # Xreader profile | ||
2 | noblacklist ~/.config/xreader | ||
3 | noblacklist ~/.cache/xreader | ||
4 | noblacklist ~/.local/share | ||
5 | |||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | seccomp | ||
13 | protocol unix,inet,inet6 | ||
14 | noroot | ||
15 | tracelog | ||
16 | netfilter | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile new file mode 100644 index 000000000..33e1e3c68 --- /dev/null +++ b/etc/xviewer.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | noblacklist ~/.config/xviewer | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | noroot | ||
12 | tracelog | ||
13 | netfilter | ||