diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/cherrytree.profile | 10 | ||||
-rw-r--r-- | etc/evince.profile | 1 | ||||
-rw-r--r-- | etc/firejail-default | 3 | ||||
-rw-r--r-- | etc/keepass.profile | 2 | ||||
-rw-r--r-- | etc/libreoffice.profile | 5 | ||||
-rw-r--r-- | etc/vlc.profile | 1 |
6 files changed, 8 insertions, 14 deletions
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 7c324a34b..d16e7c067 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # cherrytree note taking application | 1 | # cherrytree note taking application |
2 | noblacklist /usr/bin/python2* | 2 | noblacklist /usr/bin/python2* |
3 | noblacklist /usr/lib/python3* | 3 | noblacklist /usr/lib/python3* |
4 | noblacklist ${HOME}/.config/cherrytree/ | ||
4 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
@@ -15,13 +16,4 @@ seccomp | |||
15 | protocol unix,inet,inet6,netlink | 16 | protocol unix,inet,inet6,netlink |
16 | tracelog | 17 | tracelog |
17 | 18 | ||
18 | include /etc/firejail/whitelist-common.inc | ||
19 | 19 | ||
20 | # no private-bin support for various reasons: | ||
21 | #10:25:34 exec 11249 (root) NEW SANDBOX: /usr/bin/firejail /usr/bin/cherrytree | ||
22 | #10:25:34 exec 11252 (netblue) /bin/bash -c "/usr/bin/cherrytree" | ||
23 | #10:25:34 exec 11252 (netblue) /usr/bin/python /usr/bin/cherrytree | ||
24 | #10:25:34 exec 11253 (netblue) sh -c /sbin/ldconfig -p 2>/dev/null | ||
25 | #10:25:34 exec 11255 (netblue) sh -c if type gcc >/dev/null 2>&1; then CC=gcc; elif type cc >/dev/null 2>&1; then CC=cc;else exit 10; fi;LANG=C LC_ALL=C $CC -Wl,-t -o /tmp/tmpiYr44S 2>&1 -llibc | ||
26 | # it requires acces to browser to show the online help | ||
27 | # it doesn't play nicely with expect | ||
diff --git a/etc/evince.profile b/etc/evince.profile index 374fa4aaa..894c7c70d 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -15,5 +15,4 @@ shell none | |||
15 | tracelog | 15 | tracelog |
16 | 16 | ||
17 | private-bin evince,evince-previewer,evince-thumbnailer | 17 | private-bin evince,evince-previewer,evince-thumbnailer |
18 | whitelist /tmp/.X11-unix | ||
19 | private-dev | 18 | private-dev |
diff --git a/etc/firejail-default b/etc/firejail-default index 0b771f834..1b0eb7658 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -31,6 +31,9 @@ profile firejail-default { | |||
31 | /{,var/}run/user/**/pulse/ rw, | 31 | /{,var/}run/user/**/pulse/ rw, |
32 | /{,var/}run/user/**/pulse/** rw, | 32 | /{,var/}run/user/**/pulse/** rw, |
33 | /{,var/}run/firejail/mnt/fslogger r, | 33 | /{,var/}run/firejail/mnt/fslogger r, |
34 | /{,var/}run/firejail/appimage r, | ||
35 | /{,var/}run/firejail/appimage/** r, | ||
36 | /{,var/}run/firejail/appimage/** ix, | ||
34 | /{run,dev}/shm/ r, | 37 | /{run,dev}/shm/ r, |
35 | /{run,dev}/shm/** rmwk, | 38 | /{run,dev}/shm/** rmwk, |
36 | 39 | ||
diff --git a/etc/keepass.profile b/etc/keepass.profile index b2085f53d..23f9a7b40 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -13,7 +13,7 @@ nogroups | |||
13 | nonewprivs | 13 | nonewprivs |
14 | noroot | 14 | noroot |
15 | nosound | 15 | nosound |
16 | protocol unix | 16 | protocol unix,inet,inet6 |
17 | seccomp | 17 | seccomp |
18 | netfilter | 18 | netfilter |
19 | shell none | 19 | shell none |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 75a52e9ff..d6aceb7a8 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -1,5 +1,6 @@ | |||
1 | # Firejail profile for LibreOffice | 1 | # Firejail profile for LibreOffice |
2 | noblacklist ~/.config/libreoffice | 2 | noblacklist ~/.config/libreoffice |
3 | noblacklist /usr/local/sbin | ||
3 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
@@ -10,9 +11,9 @@ netfilter | |||
10 | nogroups | 11 | nogroups |
11 | nonewprivs | 12 | nonewprivs |
12 | noroot | 13 | noroot |
13 | protocol unix,inet,inet6,netlink | 14 | protocol unix,inet,inet6 |
14 | seccomp | 15 | seccomp |
15 | tracelog | 16 | tracelog |
16 | 17 | ||
17 | private-dev | 18 | private-dev |
18 | whitelist /tmp/.X11-unix/ | 19 | # whitelist /tmp/.X11-unix/ |
diff --git a/etc/vlc.profile b/etc/vlc.profile index cdd098dd5..446e47864 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -14,7 +14,6 @@ noroot | |||
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | seccomp | 15 | seccomp |
16 | shell none | 16 | shell none |
17 | tracelog | ||
18 | 17 | ||
19 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 18 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
20 | private-dev | 19 | private-dev |