aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/QMediathekView.profile2
-rw-r--r--etc/aria2c.profile3
-rw-r--r--etc/artha.profile7
-rw-r--r--etc/authenticator.profile2
-rw-r--r--etc/autokey-common.profile2
-rw-r--r--etc/baobab.profile2
-rw-r--r--etc/bitwarden.profile2
-rw-r--r--etc/clawsker.profile2
-rw-r--r--etc/clipit.profile7
-rw-r--r--etc/d-feet.profile2
-rw-r--r--etc/devhelp.profile2
-rw-r--r--etc/devilspie.profile5
-rw-r--r--etc/devilspie2.profile5
-rw-r--r--etc/disable-programs.inc2
-rw-r--r--etc/enpass.profile2
-rw-r--r--etc/eo-common.profile2
-rw-r--r--etc/exfalso.profile10
-rw-r--r--etc/firefox-common-addons.inc2
-rw-r--r--etc/font-manager.profile2
-rw-r--r--etc/geekbench.profile2
-rw-r--r--etc/godot.profile4
-rw-r--r--etc/keepassxc-cli.profile12
-rw-r--r--etc/keepassxc-proxy.profile11
-rw-r--r--etc/keepassxc.profile4
-rw-r--r--etc/meld.profile6
-rw-r--r--etc/mpDris2.profile10
-rw-r--r--etc/mpsyt.profile14
-rw-r--r--etc/mpv.profile5
-rw-r--r--etc/newsbeuter.profile21
-rw-r--r--etc/ocenaudio.profile2
-rw-r--r--etc/pavucontrol.profile3
-rw-r--r--etc/pdftotext.profile2
-rw-r--r--etc/qtox.profile2
-rw-r--r--etc/redshift.profile3
-rw-r--r--etc/seahorse.profile24
-rw-r--r--etc/smplayer.profile5
-rw-r--r--etc/soundconverter.profile7
-rw-r--r--etc/subdownloader.profile2
-rw-r--r--etc/tcpdump.profile44
-rw-r--r--etc/totem.profile3
-rw-r--r--etc/tshark.profile44
-rw-r--r--etc/viewnior.profile3
-rw-r--r--etc/youtube-dl.profile2
43 files changed, 244 insertions, 54 deletions
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index b750a135e..ae863b73d 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -52,4 +52,4 @@ private-dev
52# private-lib 52# private-lib
53private-tmp 53private-tmp
54 54
55# memory-deny-write-execute - breaks on Arch 55#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
index 583250983..b952ac8a6 100644
--- a/etc/aria2c.profile
+++ b/etc/aria2c.profile
@@ -35,7 +35,8 @@ shell none
35 35
36# disable-mnt 36# disable-mnt
37private-bin aria2c,gzip 37private-bin aria2c,gzip
38private-cache 38# Uncomment the next line (or put 'private-cache' in your aria2c.local) if you don't use Lutris/winetricks (see issue #2772)
39#private-cache
39private-dev 40private-dev
40private-etc alternatives,ca-certificates,resolv.conf,ssl 41private-etc alternatives,ca-certificates,resolv.conf,ssl
41private-lib libreadline.so.* 42private-lib libreadline.so.*
diff --git a/etc/artha.profile b/etc/artha.profile
index 2660c4e10..f886921cb 100644
--- a/etc/artha.profile
+++ b/etc/artha.profile
@@ -16,6 +16,13 @@ include disable-interpreters.inc
16include disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.config/artha.conf
20mkdir ${HOME}/.config/enchant
21whitelist ${HOME}/.config/artha.conf
22whitelist ${HOME}/.config/enchant
23include whitelist-common.inc
24include whitelist-var-common.inc
25
19apparmor 26apparmor
20caps.drop all 27caps.drop all
21ipc-namespace 28ipc-namespace
diff --git a/etc/authenticator.profile b/etc/authenticator.profile
index 39546112e..4887299ec 100644
--- a/etc/authenticator.profile
+++ b/etc/authenticator.profile
@@ -43,4 +43,4 @@ private-dev
43private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl 43private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl
44private-tmp 44private-tmp
45 45
46# memory-deny-write-execute - breaks on Arch 46#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/autokey-common.profile b/etc/autokey-common.profile
index 47396fe43..bd50a2dfb 100644
--- a/etc/autokey-common.profile
+++ b/etc/autokey-common.profile
@@ -38,4 +38,4 @@ private-cache
38private-dev 38private-dev
39private-tmp 39private-tmp
40 40
41# memory-deny-write-execute - Breaks on Arch 41#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/baobab.profile b/etc/baobab.profile
index 893865edd..d2980f75c 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -33,4 +33,4 @@ private-bin baobab
33private-dev 33private-dev
34private-tmp 34private-tmp
35 35
36#memory-deny-write-execute - breaks on Arch 36#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile
index 550830157..a5538bacc 100644
--- a/etc/bitwarden.profile
+++ b/etc/bitwarden.profile
@@ -51,4 +51,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.co
51private-opt Bitwarden 51private-opt Bitwarden
52private-tmp 52private-tmp
53 53
54#memory-deny-write-execute - breaks on Arch 54#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/clawsker.profile b/etc/clawsker.profile
index 95f15398a..f8c05a55b 100644
--- a/etc/clawsker.profile
+++ b/etc/clawsker.profile
@@ -47,4 +47,4 @@ private-etc alternatives,fonts
47private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* 47private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl*
48private-tmp 48private-tmp
49 49
50# memory-deny-write-execute - breaks on Arch 50#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/clipit.profile b/etc/clipit.profile
index 6e4d3fbaf..44cda0665 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -17,6 +17,13 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20mkdir ${HOME}/.config/clipit
21mkdir ${HOME}/.local/share/clipit
22whitelist ${HOME}/.config/clipit
23whitelist ${HOME}/.local/share/clipit
24include whitelist-common.inc
25include whitelist-var-common.inc
26
20apparmor 27apparmor
21caps.drop all 28caps.drop all
22ipc-namespace 29ipc-namespace
diff --git a/etc/d-feet.profile b/etc/d-feet.profile
index 30749ab40..e06769601 100644
--- a/etc/d-feet.profile
+++ b/etc/d-feet.profile
@@ -49,4 +49,4 @@ private-dev
49private-etc alternatives,dbus-1,fonts,machine-id 49private-etc alternatives,dbus-1,fonts,machine-id
50private-tmp 50private-tmp
51 51
52# memory-deny-write-execute - Breaks on Arch 52#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/devhelp.profile b/etc/devhelp.profile
index 4e618b7ea..60bebb0c9 100644
--- a/etc/devhelp.profile
+++ b/etc/devhelp.profile
@@ -41,6 +41,6 @@ private-dev
41private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl 41private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl
42private-tmp 42private-tmp
43 43
44# memory-deny-write-execute - Breaks on Arch 44#memory-deny-write-execute - breaks on Arch (see issue 1803)
45 45
46read-only ${HOME} 46read-only ${HOME}
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index 2d100c4b0..ca617983d 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -16,6 +16,11 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.devilspie
20whitelist ${HOME}/.devilspie
21include whitelist-common.inc
22include whitelist-var-common.inc
23
19apparmor 24apparmor
20caps.drop all 25caps.drop all
21ipc-namespace 26ipc-namespace
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index 9d67ee76e..74b0dc939 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -19,6 +19,11 @@ include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22mkdir ${HOME}/.config/devilspie2
23whitelist ${HOME}/.config/devilspie2
24include whitelist-common.inc
25include whitelist-var-common.inc
26
22apparmor 27apparmor
23caps.drop all 28caps.drop all
24ipc-namespace 29ipc-namespace
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 356c8209c..fb7e02d0b 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -239,6 +239,7 @@ blacklist ${HOME}/.config/nano
239blacklist ${HOME}/.config/nautilus 239blacklist ${HOME}/.config/nautilus
240blacklist ${HOME}/.config/nemo 240blacklist ${HOME}/.config/nemo
241blacklist ${HOME}/.config/netsurf 241blacklist ${HOME}/.config/netsurf
242blacklist ${HOME}/.config/newsbeuter
242blacklist ${HOME}/.config/nheko 243blacklist ${HOME}/.config/nheko
243blacklist ${HOME}/.config/NitroShare 244blacklist ${HOME}/.config/NitroShare
244blacklist ${HOME}/.config/nomacs 245blacklist ${HOME}/.config/nomacs
@@ -574,6 +575,7 @@ blacklist ${HOME}/.multimc5
574blacklist ${HOME}/.nanorc 575blacklist ${HOME}/.nanorc
575blacklist ${HOME}/.netactview 576blacklist ${HOME}/.netactview
576blacklist ${HOME}/.neverball 577blacklist ${HOME}/.neverball
578blacklist ${HOME}/.newsbeuter
577blacklist ${HOME}/.newsboat 579blacklist ${HOME}/.newsboat
578blacklist ${HOME}/.nv 580blacklist ${HOME}/.nv
579blacklist ${HOME}/.nylas-mail 581blacklist ${HOME}/.nylas-mail
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 99d3eac85..68113e294 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -59,4 +59,4 @@ private-dev
59private-opt Enpass 59private-opt Enpass
60private-tmp 60private-tmp
61 61
62#memory-deny-write-execute - breaks on Arch 62#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/eo-common.profile b/etc/eo-common.profile
index ad18e10c4..2a65de5e1 100644
--- a/etc/eo-common.profile
+++ b/etc/eo-common.profile
@@ -44,4 +44,4 @@ private-etc alternatives,dconf,fonts,gtk-3.0
44private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* 44private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*
45private-tmp 45private-tmp
46 46
47#memory-deny-write-execute - breaks on Arch 47#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/exfalso.profile b/etc/exfalso.profile
index 978629452..b5eda059f 100644
--- a/etc/exfalso.profile
+++ b/etc/exfalso.profile
@@ -13,6 +13,9 @@ noblacklist ${MUSIC}
13include allow-python2.inc 13include allow-python2.inc
14include allow-python3.inc 14include allow-python3.inc
15 15
16whitelist ${DOWNLOADS}
17whitelist ${MUSIC}
18
16include disable-common.inc 19include disable-common.inc
17include disable-devel.inc 20include disable-devel.inc
18include disable-exec.inc 21include disable-exec.inc
@@ -21,6 +24,11 @@ include disable-passwdmgr.inc
21include disable-programs.inc 24include disable-programs.inc
22include disable-xdg.inc 25include disable-xdg.inc
23 26
27mkdir ${HOME}/.quodlibet
28whitelist ${HOME}/.quodlibet
29include whitelist-common.inc
30include whitelist-var-common.inc
31
24caps.drop all 32caps.drop all
25machine-id 33machine-id
26netfilter 34netfilter
@@ -45,4 +53,4 @@ private-etc alternatives,fonts,group,passwd
45private-lib libatk-1.0.so.*,libgdk-3.so.*,libgdk_pixbuf-2.0.so.*,libgirepository-1.0.so.*,libgstreamer-1.0.so.*,libgtk-3.so.*,libgtksourceview-3.0.so.*,libpango-1.0.so.*,libpython*,libreadline.so.*,libsoup-2.4.so.*,libssl.so.1.*,python2*,python3* 53private-lib libatk-1.0.so.*,libgdk-3.so.*,libgdk_pixbuf-2.0.so.*,libgirepository-1.0.so.*,libgstreamer-1.0.so.*,libgtk-3.so.*,libgtksourceview-3.0.so.*,libpango-1.0.so.*,libpython*,libreadline.so.*,libsoup-2.4.so.*,libssl.so.1.*,python2*,python3*
46private-tmp 54private-tmp
47 55
48# memory-deny-write-execute - Breaks on Arch 56#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc
index 7d9e512b2..0b95c555b 100644
--- a/etc/firefox-common-addons.inc
+++ b/etc/firefox-common-addons.inc
@@ -43,8 +43,10 @@ whitelist ${HOME}/.lastpass
43whitelist ${HOME}/.local/share/kget 43whitelist ${HOME}/.local/share/kget
44whitelist ${HOME}/.local/share/okular 44whitelist ${HOME}/.local/share/okular
45whitelist ${HOME}/.local/share/qpdfview 45whitelist ${HOME}/.local/share/qpdfview
46whitelist ${HOME}/.local/share/tridactyl
46whitelist ${HOME}/.pentadactyl 47whitelist ${HOME}/.pentadactyl
47whitelist ${HOME}/.pentadactylrc 48whitelist ${HOME}/.pentadactylrc
49whitelist ${HOME}/.tridactylrc
48whitelist ${HOME}/.vimperator 50whitelist ${HOME}/.vimperator
49whitelist ${HOME}/.vimperatorrc 51whitelist ${HOME}/.vimperatorrc
50whitelist ${HOME}/.wine-pipelight 52whitelist ${HOME}/.wine-pipelight
diff --git a/etc/font-manager.profile b/etc/font-manager.profile
index a1280124a..1699e5cfc 100644
--- a/etc/font-manager.profile
+++ b/etc/font-manager.profile
@@ -50,4 +50,4 @@ private-bin font-manager,python*,yelp
50private-dev 50private-dev
51private-tmp 51private-tmp
52 52
53#memory-deny-write-execute - Breaks on Arch 53#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/geekbench.profile b/etc/geekbench.profile
index a4c33b46f..8d7dbd48e 100644
--- a/etc/geekbench.profile
+++ b/etc/geekbench.profile
@@ -46,6 +46,6 @@ private-lib libstdc++.so.*
46private-opt none 46private-opt none
47private-tmp 47private-tmp
48 48
49# memory-deny-write-execute - Breaks on Arch 49#memory-deny-write-execute - breaks on Arch (see issue #1803)
50 50
51read-only ${HOME} 51read-only ${HOME}
diff --git a/etc/godot.profile b/etc/godot.profile
index f2b365455..2baf09b1d 100644
--- a/etc/godot.profile
+++ b/etc/godot.profile
@@ -35,8 +35,8 @@ seccomp
35shell none 35shell none
36tracelog 36tracelog
37 37
38disable-mnt 38
39private-bin godot 39# private-bin godot
40private-cache 40private-cache
41private-dev 41private-dev
42private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl 42private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl
diff --git a/etc/keepassxc-cli.profile b/etc/keepassxc-cli.profile
new file mode 100644
index 000000000..6f657e7de
--- /dev/null
+++ b/etc/keepassxc-cli.profile
@@ -0,0 +1,12 @@
1# Firejail profile for keepassxc-cli
2# Description: command line interface for KeePassXC
3# This file is overwritten after every install/update
4# Persistent local customizations
5include keepassxc-cli.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10
11# Redirect
12include keepassxc.profile
diff --git a/etc/keepassxc-proxy.profile b/etc/keepassxc-proxy.profile
new file mode 100644
index 000000000..79666aee2
--- /dev/null
+++ b/etc/keepassxc-proxy.profile
@@ -0,0 +1,11 @@
1# Firejail profile for keepassxc-cli
2# This file is overwritten after every install/update
3# Persistent local customizations
4include keepassxc-proxy.local
5# Persistent global definitions
6# added by included profile
7#include globals.local
8
9
10# Redirect
11include keepassxc.profile
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index c1adfd516..6ef02ad47 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -37,11 +37,11 @@ nosound
37notv 37notv
38nou2f 38nou2f
39novideo 39novideo
40protocol netlink,unix 40protocol unix,netlink
41seccomp 41seccomp
42shell none 42shell none
43 43
44private-bin keepassxc,keepassxc-proxy 44private-bin keepassxc,keepassxc-cli,keepassxc-proxy
45private-dev 45private-dev
46private-etc alternatives,fonts,ld.so.cache,machine-id 46private-etc alternatives,fonts,ld.so.cache,machine-id
47private-tmp 47private-tmp
diff --git a/etc/meld.profile b/etc/meld.profile
index 321b92cd5..4a9f64421 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -6,11 +6,11 @@ include meld.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9# If you want to use meld as git-mergetool (and may some other VCS integrations) you need 9# If you want to use meld as git-mergetool (and maybe some other VCS integrations) you need
10# to bypass firejail, you can do this by removing the symlink or call it by its absolut path 10# to bypass firejail, you can do this by removing the symlink or calling it by its absolute path
11# Removing the symlink: 11# Removing the symlink:
12# sudo rm /usr/local/bin/meld 12# sudo rm /usr/local/bin/meld
13# Calling by its absolut path (example for git-mergetoll): 13# Calling by its absolute path (example for git-mergetool):
14# git config --global mergetool.meld.cmd /usr/bin/meld 14# git config --global mergetool.meld.cmd /usr/bin/meld
15 15
16noblacklist ${HOME}/.config/git 16noblacklist ${HOME}/.config/git
diff --git a/etc/mpDris2.profile b/etc/mpDris2.profile
index db2bb6a93..eb49b52ab 100644
--- a/etc/mpDris2.profile
+++ b/etc/mpDris2.profile
@@ -12,6 +12,8 @@ noblacklist ${HOME}/.config/mpDris2
12include allow-python2.inc 12include allow-python2.inc
13include allow-python3.inc 13include allow-python3.inc
14 14
15noblacklist ${MUSIC}
16
15include disable-common.inc 17include disable-common.inc
16include disable-devel.inc 18include disable-devel.inc
17include disable-exec.inc 19include disable-exec.inc
@@ -20,6 +22,12 @@ include disable-passwdmgr.inc
20include disable-programs.inc 22include disable-programs.inc
21include disable-xdg.inc 23include disable-xdg.inc
22 24
25whitelist ${MUSIC}
26
27mkdir ${HOME}/.config/mpDris2
28whitelist ${HOME}/.config/mpDris2
29include whitelist-var-common.inc
30
23caps.drop all 31caps.drop all
24machine-id 32machine-id
25netfilter 33netfilter
@@ -43,6 +51,6 @@ private-etc alternatives,hosts,nsswitch.conf
43private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* 51private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3*
44private-tmp 52private-tmp
45 53
46# memory-deny-write-execute - Breaks on Arch 54#memory-deny-write-execute - breaks on Arch (see issue #1803)
47 55
48read-only ${HOME} 56read-only ${HOME}
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile
index d87241070..f0309da9a 100644
--- a/etc/mpsyt.profile
+++ b/etc/mpsyt.profile
@@ -6,18 +6,19 @@ include mpsyt.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mps-youtube
9noblacklist ${HOME}/.config/mpv 10noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.mplayer 11noblacklist ${HOME}/.mplayer
11noblacklist ${HOME}/.config/mps-youtube
12noblacklist ${HOME}/.netrc 12noblacklist ${HOME}/.netrc
13noblacklist ${HOME}/mps 13noblacklist ${HOME}/mps
14noblacklist ${MUSIC}
15noblacklist ${VIDEOS}
16 14
17# Allow python (blacklisted by disable-interpreters.inc) 15# Allow python (blacklisted by disable-interpreters.inc)
18include allow-python2.inc 16include allow-python2.inc
19include allow-python3.inc 17include allow-python3.inc
20 18
19noblacklist ${MUSIC}
20noblacklist ${VIDEOS}
21
21include disable-common.inc 22include disable-common.inc
22include disable-devel.inc 23include disable-devel.inc
23include disable-exec.inc 24include disable-exec.inc
@@ -27,14 +28,17 @@ include disable-programs.inc
27include disable-xdg.inc 28include disable-xdg.inc
28 29
29mkdir ${HOME}/.config/mps-youtube 30mkdir ${HOME}/.config/mps-youtube
31mkdir ${HOME}/.config/mpv
32mkdir ${HOME}/.mplayer
33mkdir ${HOME}/mps
34whitelist ${HOME}/.config/mps-youtube
30whitelist ${HOME}/.config/mpv 35whitelist ${HOME}/.config/mpv
31whitelist ${HOME}/.mplayer 36whitelist ${HOME}/.mplayer
32whitelist ${HOME}/.config/mps-youtube
33whitelist ${HOME}/.netrc 37whitelist ${HOME}/.netrc
34whitelist ${HOME}/mps 38whitelist ${HOME}/mps
39whitelist ${DOWNLOADS}
35whitelist ${MUSIC} 40whitelist ${MUSIC}
36whitelist ${VIDEOS} 41whitelist ${VIDEOS}
37whitelist ${DOWNLOADS}
38include whitelist-common.inc 42include whitelist-common.inc
39include whitelist-var-common.inc 43include whitelist-var-common.inc
40 44
diff --git a/etc/mpv.profile b/etc/mpv.profile
index 5aa9e7e74..07a6ba42b 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -9,13 +9,14 @@ include globals.local
9 9
10noblacklist ${HOME}/.config/mpv 10noblacklist ${HOME}/.config/mpv
11noblacklist ${HOME}/.netrc 11noblacklist ${HOME}/.netrc
12noblacklist ${MUSIC}
13noblacklist ${VIDEOS}
14 12
15# Allow python (blacklisted by disable-interpreters.inc) 13# Allow python (blacklisted by disable-interpreters.inc)
16include allow-python2.inc 14include allow-python2.inc
17include allow-python3.inc 15include allow-python3.inc
18 16
17noblacklist ${MUSIC}
18noblacklist ${VIDEOS}
19
19include disable-common.inc 20include disable-common.inc
20include disable-devel.inc 21include disable-devel.inc
21include disable-exec.inc 22include disable-exec.inc
diff --git a/etc/newsbeuter.profile b/etc/newsbeuter.profile
new file mode 100644
index 000000000..059c2156d
--- /dev/null
+++ b/etc/newsbeuter.profile
@@ -0,0 +1,21 @@
1# Firejail profile for Newsboat
2# Description: Text based Atom/RSS feed reader
3# This file is overwritten after every install/update
4# Persistent local customizations
5include newsbeuter.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10noblacklist ${HOME}/.config/newsbeuter
11noblacklist ${HOME}/.newsbeuter
12
13mkdir ${HOME}/.config/newsbeuter
14mkdir ${HOME}/.newsbeuter
15whitelist ${HOME}/.config/newsbeuter
16whitelist ${HOME}/.newsbeuter
17
18private-bin newsbeuter
19
20# Redirect
21include newsboat.profile
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile
index b2249f63b..ea89a259f 100644
--- a/etc/ocenaudio.profile
+++ b/etc/ocenaudio.profile
@@ -45,4 +45,4 @@ private-dev
45private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse 45private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse
46private-tmp 46private-tmp
47 47
48# memory-deny-write-execute - breaks on Arch 48#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile
index 18b9b7fc6..3fd4f3668 100644
--- a/etc/pavucontrol.profile
+++ b/etc/pavucontrol.profile
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19mkdir ${HOME}/.config/pavucontrol.ini
20whitelist ${HOME}/.config/pavucontrol.ini
21include whitelist-common.inc
19include whitelist-var-common.inc 22include whitelist-var-common.inc
20 23
21apparmor 24apparmor
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 85e28372e..87d7a87f1 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19whitelist ${DOCUMENTS}
20whitelist ${DOWNLOADS}
19include whitelist-var-common.inc 21include whitelist-var-common.inc
20 22
21caps.drop all 23caps.drop all
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 4a731b45a..c3e8fb95c 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -45,4 +45,4 @@ private-dev
45private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl 45private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
46private-tmp 46private-tmp
47 47
48memory-deny-write-execute 48#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/redshift.profile b/etc/redshift.profile
index e60877172..0f6d34ed0 100644
--- a/etc/redshift.profile
+++ b/etc/redshift.profile
@@ -18,6 +18,9 @@ include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.config/redshift
22whitelist ${HOME}/.config/redshift
23whitelist ${HOME}/.config/redshift.conf
21include whitelist-var-common.inc 24include whitelist-var-common.inc
22 25
23apparmor 26apparmor
diff --git a/etc/seahorse.profile b/etc/seahorse.profile
index 7baae2603..be63f9382 100644
--- a/etc/seahorse.profile
+++ b/etc/seahorse.profile
@@ -6,24 +6,10 @@ include seahorse.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9# dconf
10noblacklist ${HOME}/.config/dconf 9noblacklist ${HOME}/.config/dconf
11whitelist ${HOME}/.config/dconf
12
13# gpg
14mkdir ${HOME}/.gnupg
15noblacklist ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
16whitelist ${HOME}/.gnupg
17
18# ssh
19whitelist /etc/ld.so.preload
20noblacklist /etc/ssh
21whitelist /etc/ssh
22noblacklist /tmp/ssh-*
23whitelist /tmp/ssh-*
24mkdir ${HOME}/.ssh
25noblacklist ${HOME}/.ssh 11noblacklist ${HOME}/.ssh
26whitelist ${HOME}/.ssh 12noblacklist /tmp/ssh-*
27 13
28include disable-common.inc 14include disable-common.inc
29include disable-devel.inc 15include disable-devel.inc
@@ -33,6 +19,13 @@ include disable-passwdmgr.inc
33include disable-programs.inc 19include disable-programs.inc
34include disable-xdg.inc 20include disable-xdg.inc
35 21
22mkdir ${HOME}/.config/dconf
23mkdir ${HOME}/.gnupg
24mkdir ${HOME}/.ssh
25whitelist ${HOME}/.config/dconf
26whitelist ${HOME}/.gnupg
27whitelist ${HOME}/.ssh
28whitelist /tmp/ssh-*
36include whitelist-common.inc 29include whitelist-common.inc
37include whitelist-var-common.inc 30include whitelist-var-common.inc
38 31
@@ -57,5 +50,6 @@ tracelog
57disable-mnt 50disable-mnt
58private-cache 51private-cache
59private-dev 52private-dev
53private-etc ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,hostname,host.conf,hosts,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11
60 54
61writable-run-user 55writable-run-user
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 9b824604a..f83caee8a 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -8,13 +8,14 @@ include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.mplayer 10noblacklist ${HOME}/.mplayer
11noblacklist ${MUSIC}
12noblacklist ${VIDEOS}
13 11
14# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
15include allow-python2.inc 13include allow-python2.inc
16include allow-python3.inc 14include allow-python3.inc
17 15
16noblacklist ${MUSIC}
17noblacklist ${VIDEOS}
18
18include disable-common.inc 19include disable-common.inc
19include disable-devel.inc 20include disable-devel.inc
20include disable-exec.inc 21include disable-exec.inc
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index d875146de..efd600eb2 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -6,12 +6,12 @@ include soundconverter.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${MUSIC}
10
11# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 10include allow-python2.inc
13include allow-python3.inc 11include allow-python3.inc
14 12
13noblacklist ${MUSIC}
14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc 17include disable-exec.inc
@@ -20,6 +20,9 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist ${DOWNLOADS}
24whitelist ${MUSIC}
25include whitelist-common.inc
23include whitelist-var-common.inc 26include whitelist-var-common.inc
24 27
25apparmor 28apparmor
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile
index b55300c88..d0176a657 100644
--- a/etc/subdownloader.profile
+++ b/etc/subdownloader.profile
@@ -40,4 +40,4 @@ private-dev
40private-etc alternatives,fonts 40private-etc alternatives,fonts
41private-tmp 41private-tmp
42 42
43# memory-deny-write-execute - Breaks on Arch 43#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/tcpdump.profile b/etc/tcpdump.profile
new file mode 100644
index 000000000..7713ac6c0
--- /dev/null
+++ b/etc/tcpdump.profile
@@ -0,0 +1,44 @@
1# Firejail profile for tcpdump
2# This file is overwritten after every install/update
3quiet
4# Persistent local customizations
5include tcpdump.local
6# Persistent global definitions
7include globals.local
8
9noblacklist /sbin
10noblacklist /usr/sbin
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18include whitelist-common.inc
19
20caps.keep net_raw
21ipc-namespace
22#net tun0
23netfilter
24no3d
25nodvd
26#nogroups
27nonewprivs
28#noroot
29nosound
30notv
31nou2f
32novideo
33
34protocol unix,inet,inet6,netlink,packet
35seccomp
36
37disable-mnt
38#private
39#private-bin tcpdump
40private-dev
41#private-etc
42private-tmp
43
44memory-deny-write-execute
diff --git a/etc/totem.profile b/etc/totem.profile
index f541d3cc2..9e6684824 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -6,6 +6,9 @@ include totem.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9# Allow lua (required for youtube video)
10include allow-lua.inc
11
9noblacklist ${HOME}/.config/totem 12noblacklist ${HOME}/.config/totem
10noblacklist ${HOME}/.local/share/totem 13noblacklist ${HOME}/.local/share/totem
11noblacklist ${MUSIC} 14noblacklist ${MUSIC}
diff --git a/etc/tshark.profile b/etc/tshark.profile
new file mode 100644
index 000000000..52ee228a3
--- /dev/null
+++ b/etc/tshark.profile
@@ -0,0 +1,44 @@
1# Firejail profile for tshark
2# This file is overwritten after every install/update
3quiet
4# Persistent local customizations
5include tshark.local
6# Persistent global definitions
7include globals.local
8
9include disable-common.inc
10include disable-devel.inc
11include disable-exec.inc
12include disable-interpreters.inc
13include disable-passwdmgr.inc
14include disable-programs.inc
15include disable-xdg.inc
16include whitelist-common.inc
17
18#caps.keep net_raw
19caps.keep dac_override,net_admin,net_raw
20ipc-namespace
21#net tun0
22netfilter
23no3d
24nodvd
25# nogroups - breaks network traffic capture for unprivileged users
26# nonewprivs - breaks network traffic capture for unprivileged users
27# noroot
28nosound
29notv
30nou2f
31novideo
32
33#protocol unix,inet,inet6,netlink,packet
34#seccomp
35
36disable-mnt
37#private
38private-cache
39#private-bin tshark
40private-dev
41#private-etc
42private-tmp
43
44# memory-deny-write-execute
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 943719e75..e238db8ce 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -43,5 +43,4 @@ private-dev
43private-etc alternatives,fonts,machine-id 43private-etc alternatives,fonts,machine-id
44private-tmp 44private-tmp
45 45
46# memory-deny-write-executes breaks on Arch - see issue #1808 46#memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808)
47#memory-deny-write-execute
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 190c972c0..28b5f2376 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -55,4 +55,4 @@ private-dev
55private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,mime.types,pki,resolv.conf,ssl,youtube-dl.conf 55private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,mime.types,pki,resolv.conf,ssl,youtube-dl.conf
56private-tmp 56private-tmp
57 57
58# memory-deny-write-execute - breaks on Arch 58#memory-deny-write-execute - breaks on Arch (see issue #1803)
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-23 05:16:09 +0000