diff options
Diffstat (limited to 'etc')
70 files changed, 202 insertions, 199 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index e6540fb5d..3797ae5cd 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | 7 | ||
8 | # Call these options | 8 | # Call these options |
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | noroot | 11 | noroot |
15 | nonewprivs | 12 | nonewprivs |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | # Whitelists | 17 | # Whitelists |
18 | noblacklist ~/.cache/0ad | 18 | noblacklist ~/.cache/0ad |
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 75dbebcf0..e719f070f 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -15,6 +15,6 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | seccomp | ||
19 | nonewprivs | 18 | nonewprivs |
20 | noroot | 19 | noroot |
20 | seccomp | ||
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 6a06ce76b..65247e7d3 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | nonewprivs | 11 | nonewprivs |
15 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.mozilla | 18 | mkdir ~/.mozilla |
@@ -41,13 +41,12 @@ whitelist ~/.config/lastpass | |||
41 | 41 | ||
42 | 42 | ||
43 | #silverlight | 43 | #silverlight |
44 | whitelist ~/.wine-pipelight | 44 | whitelist ~/.wine-pipelight |
45 | whitelist ~/.wine-pipelight64 | 45 | whitelist ~/.wine-pipelight64 |
46 | whitelist ~/.config/pipelight-widevine | 46 | whitelist ~/.config/pipelight-widevine |
47 | whitelist ~/.config/pipelight-silverlight5.1 | 47 | whitelist ~/.config/pipelight-silverlight5.1 |
48 | 48 | ||
49 | include /etc/firejail/whitelist-common.inc | 49 | include /etc/firejail/whitelist-common.inc |
50 | 50 | ||
51 | # experimental features | 51 | # experimental features |
52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
53 | |||
diff --git a/etc/atril.profile b/etc/atril.profile index b55f99cdd..8ee7da173 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -7,10 +7,10 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | netfilter |
11 | protocol unix,inet,inet6 | ||
12 | nonewprivs | 11 | nonewprivs |
13 | noroot | 12 | noroot |
14 | tracelog | ||
15 | netfilter | ||
16 | nosound | 13 | nosound |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | tracelog | ||
diff --git a/etc/audacious.profile b/etc/audacious.profile index 0a1598dee..e5275213c 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | nonewprivs | 8 | nonewprivs |
11 | noroot | 9 | noroot |
10 | protocol unix,inet,inet6 | ||
11 | seccomp | ||
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index b7ccd132e..e63802c8a 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -4,9 +4,9 @@ noblacklist /usr/sbin | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | 6 | ||
7 | protocol unix,inet,inet6 | 7 | netfilter |
8 | nonewprivs | ||
8 | private | 9 | private |
9 | private-dev | 10 | private-dev |
11 | protocol unix,inet,inet6 | ||
10 | seccomp | 12 | seccomp |
11 | netfilter | ||
12 | nonewprivs | ||
diff --git a/etc/brave.profile b/etc/brave.profile index 24a0a31c9..4c42e9faa 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -6,10 +6,11 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6,netlink | ||
11 | netfilter | 9 | netfilter |
10 | nonewprivs | ||
12 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
13 | 14 | ||
14 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
15 | 16 | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index b3a34fc9a..bc6fe1d86 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -15,11 +15,12 @@ mkdir ~/.local/share | |||
15 | whitelist ${HOME}/.local/share/ | 15 | whitelist ${HOME}/.local/share/ |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | seccomp | ||
19 | protocol unix,inet,inet6,netlink | ||
20 | netfilter | 18 | netfilter |
21 | tracelog | ||
22 | nonewprivs | 19 | nonewprivs |
23 | noroot | 20 | noroot |
24 | include /etc/firejail/whitelist-common.inc | ||
25 | nosound | 21 | nosound |
22 | seccomp | ||
23 | protocol unix,inet,inet6,netlink | ||
24 | tracelog | ||
25 | |||
26 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/clementine.profile b/etc/clementine.profile index fb9dca2a9..5ce085358 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | nonewprivs | 8 | nonewprivs |
11 | noroot | 9 | noroot |
10 | protocol unix,inet,inet6 | ||
11 | seccomp | ||
diff --git a/etc/cmus.profile b/etc/cmus.profile index 16b9c112d..2e2a6940c 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -7,11 +7,11 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6 | ||
12 | netfilter | 10 | netfilter |
13 | nonewprivs | 11 | nonewprivs |
14 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
15 | 15 | ||
16 | private-bin cmus | 16 | private-bin cmus |
17 | private-etc group | 17 | private-etc group |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 0a7966e4b..e82eeec4c 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -4,11 +4,11 @@ include /etc/firejail/disable-common.inc | |||
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | 5 | ||
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | ||
8 | protocol unix,inet,inet6 | ||
9 | netfilter | 7 | netfilter |
10 | nonewprivs | 8 | nonewprivs |
11 | noroot | 9 | noroot |
10 | protocol unix,inet,inet6 | ||
11 | seccomp | ||
12 | 12 | ||
13 | whitelist ~/.conkeror.mozdev.org | 13 | whitelist ~/.conkeror.mozdev.org |
14 | whitelist ~/Downloads | 14 | whitelist ~/Downloads |
diff --git a/etc/corebird.profile b/etc/corebird.profile index f3f73a44f..077ae30d0 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/disable-devel.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | 9 | netfilter |
12 | noroot | 10 | noroot |
11 | protocol unix,inet,inet6 | ||
12 | seccomp | ||
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index c5fb25e9a..0035b6be6 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | nonewprivs | 11 | nonewprivs |
15 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.8pecxstudios | 18 | mkdir ~/.8pecxstudios |
@@ -41,13 +41,12 @@ whitelist ~/.config/lastpass | |||
41 | 41 | ||
42 | 42 | ||
43 | #silverlight | 43 | #silverlight |
44 | whitelist ~/.wine-pipelight | 44 | whitelist ~/.wine-pipelight |
45 | whitelist ~/.wine-pipelight64 | 45 | whitelist ~/.wine-pipelight64 |
46 | whitelist ~/.config/pipelight-widevine | 46 | whitelist ~/.config/pipelight-widevine |
47 | whitelist ~/.config/pipelight-silverlight5.1 | 47 | whitelist ~/.config/pipelight-silverlight5.1 |
48 | 48 | ||
49 | include /etc/firejail/whitelist-common.inc | 49 | include /etc/firejail/whitelist-common.inc |
50 | 50 | ||
51 | # experimental features | 51 | # experimental features |
52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
53 | |||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 9225ca16e..04abd0a92 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6 | ||
12 | nonewprivs | 10 | nonewprivs |
13 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
diff --git a/etc/default.profile b/etc/default.profile index d836a9f5d..a2de72695 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -8,9 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | #blacklist ${HOME}/.wine | 8 | #blacklist ${HOME}/.wine |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | netfilter | 11 | netfilter |
14 | nonewprivs | 12 | nonewprivs |
15 | noroot | 13 | noroot |
16 | 14 | protocol unix,inet,inet6 | |
15 | seccomp | ||
diff --git a/etc/deluge.profile b/etc/deluge.profile index f7a2b98e4..277ecc15e 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -6,9 +6,9 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | 9 | netfilter |
12 | nonewprivs | 10 | nonewprivs |
13 | noroot | 11 | noroot |
14 | nosound | 12 | nosound |
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
diff --git a/etc/dillo.profile b/etc/dillo.profile index 392000ade..2ddd363cb 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6 | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | nonewprivs | 11 | nonewprivs |
15 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.dillo | 18 | mkdir ~/.dillo |
@@ -21,6 +21,3 @@ mkdir ~/.fltk | |||
21 | whitelist ~/.fltk | 21 | whitelist ~/.fltk |
22 | 22 | ||
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | |||
25 | |||
26 | |||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 633f9c548..1f86a0ebe 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -65,6 +65,7 @@ blacklist ${HOME}/.config/xchat | |||
65 | blacklist ${HOME}/.Skype | 65 | blacklist ${HOME}/.Skype |
66 | blacklist ${HOME}/.config/tox | 66 | blacklist ${HOME}/.config/tox |
67 | blacklist ${HOME}/.TelegramDesktop | 67 | blacklist ${HOME}/.TelegramDesktop |
68 | blacklist ${HOME}/.config/Gitter | ||
68 | 69 | ||
69 | # Games | 70 | # Games |
70 | blacklist ${HOME}/.hedgewars | 71 | blacklist ${HOME}/.hedgewars |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index 4459c40dd..6b199c34b 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -5,10 +5,11 @@ include /etc/firejail/disable-common.inc | |||
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | |||
8 | caps | 9 | caps |
9 | seccomp | ||
10 | protocol unix,inet,inet6,netlink | ||
11 | netfilter | 10 | netfilter |
11 | nonewprivs | ||
12 | private | 12 | private |
13 | private-dev | 13 | private-dev |
14 | nonewprivs | 14 | protocol unix,inet,inet6,netlink |
15 | seccomp | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 568ab230a..2427c6af8 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -4,7 +4,7 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-passwdmgr.inc | 4 | include /etc/firejail/disable-passwdmgr.inc |
5 | 5 | ||
6 | caps | 6 | caps |
7 | seccomp | ||
8 | protocol unix,inet,inet6 | ||
9 | nonewprivs | 7 | nonewprivs |
10 | noroot | 8 | noroot |
9 | protocol unix,inet,inet6 | ||
10 | seccomp | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index c08398e84..371100814 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -4,7 +4,7 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | 5 | ||
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | ||
8 | protocol unix,inet,inet6 | ||
9 | netfilter | 7 | netfilter |
10 | nonewprivs | 8 | nonewprivs |
9 | protocol unix,inet,inet6 | ||
10 | seccomp | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 7783a05fd..57191429a 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -19,8 +19,9 @@ mkdir ${HOME}/.cache | |||
19 | mkdir ${HOME}/.cache/epiphany | 19 | mkdir ${HOME}/.cache/epiphany |
20 | whitelist ${HOME}/.cache/epiphany | 20 | whitelist ${HOME}/.cache/epiphany |
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | |||
22 | caps.drop all | 23 | caps.drop all |
23 | seccomp | ||
24 | protocol unix,inet,inet6 | ||
25 | netfilter | 24 | netfilter |
26 | nonewprivs | 25 | nonewprivs |
26 | protocol unix,inet,inet6 | ||
27 | seccomp | ||
diff --git a/etc/evince.profile b/etc/evince.profile index 3c883d43c..8c84a1daa 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | nonewprivs | 8 | nonewprivs |
11 | noroot | 9 | noroot |
12 | nosound | 10 | nosound |
11 | protocol unix,inet,inet6 | ||
12 | seccomp | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 7764a48c9..c4d84691c 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -7,9 +7,9 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6 | ||
12 | netfilter | 10 | netfilter |
13 | nonewprivs | 11 | nonewprivs |
14 | noroot | 12 | noroot |
15 | nosound | 13 | nosound |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 1ab08b568..3cb4890e2 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -7,9 +7,9 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | netfilter |
11 | protocol unix,inet,inet6 | ||
12 | nonewprivs | 11 | nonewprivs |
13 | noroot | 12 | noroot |
14 | netfilter | ||
15 | nosound | 13 | nosound |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
diff --git a/etc/firefox.profile b/etc/firefox.profile index 6796ef7c4..2cc4d3cd8 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | nonewprivs | 11 | nonewprivs |
15 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.mozilla | 18 | mkdir ~/.mozilla |
@@ -41,14 +41,12 @@ whitelist ~/.config/lastpass | |||
41 | 41 | ||
42 | 42 | ||
43 | #silverlight | 43 | #silverlight |
44 | whitelist ~/.wine-pipelight | 44 | whitelist ~/.wine-pipelight |
45 | whitelist ~/.wine-pipelight64 | 45 | whitelist ~/.wine-pipelight64 |
46 | whitelist ~/.config/pipelight-widevine | 46 | whitelist ~/.config/pipelight-widevine |
47 | whitelist ~/.config/pipelight-silverlight5.1 | 47 | whitelist ~/.config/pipelight-silverlight5.1 |
48 | 48 | ||
49 | include /etc/firejail/whitelist-common.inc | 49 | include /etc/firejail/whitelist-common.inc |
50 | 50 | ||
51 | # experimental features | 51 | # experimental features |
52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 52 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
53 | |||
54 | |||
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 77a95aa17..f248c385a 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -15,11 +15,11 @@ include /etc/firejail/disable-programs.inc | |||
15 | # | 15 | # |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | seccomp | ||
19 | protocol unix,inet,inet6,netlink | ||
20 | netfilter | 18 | netfilter |
21 | nonewprivs | 19 | nonewprivs |
22 | noroot | 20 | noroot |
21 | protocol unix,inet,inet6,netlink | ||
22 | seccomp | ||
23 | 23 | ||
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | mkdir ~/.config | 25 | mkdir ~/.config |
diff --git a/etc/gitter.profile b/etc/gitter.profile new file mode 100644 index 000000000..0c2bd1353 --- /dev/null +++ b/etc/gitter.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # Firejail profile for Gitter | ||
2 | noblacklist ~/.config/Gitter | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | noroot | ||
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 010b19613..f15778534 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | nonewprivs | 8 | nonewprivs |
11 | noroot | 9 | noroot |
10 | protocol unix,inet,inet6 | ||
11 | seccomp | ||
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index fe2f79901..b4cf8d9ac 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -7,11 +7,11 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | nonewprivs | 10 | nonewprivs |
13 | noroot | 11 | noroot |
14 | netfilter | 12 | netfilter |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | 15 | ||
16 | #whitelist ~/.pulse | 16 | #whitelist ~/.pulse |
17 | #whitelist ~/.config/pulse | 17 | #whitelist ~/.config/pulse |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 87523d825..65cc084e6 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -5,16 +5,16 @@ include /etc/firejail/disable-common.inc | |||
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | |||
8 | caps.drop all | 9 | caps.drop all |
9 | seccomp | ||
10 | protocol unix | ||
11 | nonewprivs | 10 | nonewprivs |
12 | noroot | 11 | noroot |
13 | nogroups | 12 | nogroups |
14 | private-dev | 13 | private-dev |
14 | protocol unix | ||
15 | seccomp | ||
15 | 16 | ||
16 | #Experimental: | 17 | #Experimental: |
17 | #shell none | 18 | #shell none |
18 | #private-bin gwenview | 19 | #private-bin gwenview |
19 | #private-etc X11 | 20 | #private-etc X11 |
20 | |||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 3eb350660..a584d25c5 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -7,11 +7,11 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6 | ||
12 | nonewprivs | 10 | nonewprivs |
13 | noroot | 11 | noroot |
14 | netfilter | 12 | netfilter |
13 | protocol unix,inet,inet6 | ||
14 | seccomp | ||
15 | 15 | ||
16 | mkdir ~/.config | 16 | mkdir ~/.config |
17 | mkdir ~/.config/hexchat | 17 | mkdir ~/.config/hexchat |
diff --git a/etc/kmail.profile b/etc/kmail.profile index a47945bc6..44a53e258 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -7,9 +7,9 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | nonewprivs | 11 | nonewprivs |
14 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | 15 | tracelog |
diff --git a/etc/konversation.profile b/etc/konversation.profile index d10decb8f..190061618 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/disable-devel.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | 9 | netfilter |
12 | noroot | 10 | noroot |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index b6acf2587..d1d0b8a0d 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/disable-programs.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | netfilter | 8 | netfilter |
9 | protocol unix,inet,inet6 | ||
10 | seccomp | ||
11 | #noroot - somehow this breaks on Debian Jessie! | 11 | #noroot - somehow this breaks on Debian Jessie! |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 1536194b2..6b236a9a7 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -8,11 +8,11 @@ include /etc/firejail/disable-devel.inc | |||
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | ||
12 | protocol inet,inet6 | ||
13 | netfilter | 11 | netfilter |
14 | nonewprivs | 12 | nonewprivs |
15 | noroot | 13 | noroot |
14 | protocol inet,inet6 | ||
15 | seccomp | ||
16 | 16 | ||
17 | private-bin mcabber | 17 | private-bin mcabber |
18 | private-etc null | 18 | private-etc null |
diff --git a/etc/midori.profile b/etc/midori.profile index 568687058..c4055fa83 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/disable-programs.inc | |||
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | netfilter | 8 | netfilter |
11 | nonewprivs | 9 | nonewprivs |
12 | noroot | 10 | noroot |
11 | protocol unix,inet,inet6 | ||
12 | seccomp | ||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index c9a99bede..d4b442df8 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -16,8 +16,8 @@ mkdir ${HOME}/.config | |||
16 | mkdir ${HOME}/.config/mupen64plus | 16 | mkdir ${HOME}/.config/mupen64plus |
17 | whitelist ${HOME}/.config/mupen64plus/ | 17 | whitelist ${HOME}/.config/mupen64plus/ |
18 | 18 | ||
19 | caps.drop all | ||
20 | net none | ||
19 | nonewprivs | 21 | nonewprivs |
20 | noroot | 22 | noroot |
21 | caps.drop all | ||
22 | seccomp | 23 | seccomp |
23 | net none | ||
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index e01cace7f..3de6be238 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | nonewprivs | 11 | nonewprivs |
15 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config | 18 | mkdir ~/.config |
@@ -30,6 +30,3 @@ whitelist ~/.lastpass | |||
30 | whitelist ~/.config/lastpass | 30 | whitelist ~/.config/lastpass |
31 | 31 | ||
32 | include /etc/firejail/whitelist-common.inc | 32 | include /etc/firejail/whitelist-common.inc |
33 | |||
34 | |||
35 | |||
diff --git a/etc/okular.profile b/etc/okular.profile index 5179da787..b1efc4753 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -6,17 +6,17 @@ include /etc/firejail/disable-common.inc | |||
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | |||
9 | caps.drop all | 10 | caps.drop all |
10 | seccomp | ||
11 | protocol unix | ||
12 | nonewprivs | 11 | nonewprivs |
13 | noroot | ||
14 | nogroups | 12 | nogroups |
13 | noroot | ||
15 | private-dev | 14 | private-dev |
15 | protocol unix | ||
16 | seccomp | ||
16 | 17 | ||
17 | #Experimental: | 18 | #Experimental: |
18 | #net none | 19 | #net none |
19 | #shell none | 20 | #shell none |
20 | #private-bin okular,kbuildsycoca4,kbuildsycoca5 | 21 | #private-bin okular,kbuildsycoca4,kbuildsycoca5 |
21 | #private-etc X11 | 22 | #private-etc X11 |
22 | |||
diff --git a/etc/openbox.profile b/etc/openbox.profile index 6e2e5d6fd..f812768a1 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile | |||
@@ -5,8 +5,7 @@ | |||
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | netfilter | 8 | netfilter |
11 | noroot | 9 | noroot |
12 | 10 | protocol unix,inet,inet6 | |
11 | seccomp | ||
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 4db9b7adc..a74954ddb 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -12,12 +12,12 @@ include /etc/firejail/whitelist-common.inc | |||
12 | 12 | ||
13 | # Options | 13 | # Options |
14 | caps.drop all | 14 | caps.drop all |
15 | seccomp | ||
16 | protocol unix,inet,inet6,netlink | ||
17 | netfilter | 15 | netfilter |
18 | tracelog | ||
19 | nonewprivs | 16 | nonewprivs |
20 | noroot | 17 | noroot |
18 | protocol unix,inet,inet6,netlink | ||
19 | seccomp | ||
20 | tracelog | ||
21 | 21 | ||
22 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | mkdir ~/.moonchild productions | 23 | mkdir ~/.moonchild productions |
@@ -41,9 +41,9 @@ whitelist ~/.cache/moonchild productions/pale moon | |||
41 | #whitelist ~/.pki | 41 | #whitelist ~/.pki |
42 | 42 | ||
43 | # For silverlight | 43 | # For silverlight |
44 | #whitelist ~/.wine-pipelight | 44 | #whitelist ~/.wine-pipelight |
45 | #whitelist ~/.wine-pipelight64 | 45 | #whitelist ~/.wine-pipelight64 |
46 | #whitelist ~/.config/pipelight-widevine | 46 | #whitelist ~/.config/pipelight-widevine |
47 | #whitelist ~/.config/pipelight-silverlight5.1 | 47 | #whitelist ~/.config/pipelight-silverlight5.1 |
48 | 48 | ||
49 | 49 | ||
diff --git a/etc/parole.profile b/etc/parole.profile index c0be0453b..1440a9ef7 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -8,9 +8,9 @@ private-etc passwd,group,fonts | |||
8 | private-bin parole,dbus-launch | 8 | private-bin parole,dbus-launch |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | netfilter | 11 | netfilter |
14 | nonewprivs | 12 | nonewprivs |
15 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | shell none | 16 | shell none |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 767da5f55..091456d76 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | nonewprivs | 9 | nonewprivs |
12 | noroot | 10 | noroot |
11 | protocol unix,inet,inet6 | ||
12 | seccomp | ||
diff --git a/etc/polari.profile b/etc/polari.profile index 7910f4e9b..366883c83 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -22,9 +22,8 @@ whitelist ${HOME}/.purple | |||
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | seccomp | 25 | netfilter |
26 | protocol unix,inet,inet6 | ||
27 | nonewprivs | 26 | nonewprivs |
28 | noroot | 27 | noroot |
29 | netfilter | 28 | protocol unix,inet,inet6 |
30 | 29 | seccomp | |
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 8194da74f..9380237be 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -21,7 +21,7 @@ whitelist ~/.cache/psi+ | |||
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | seccomp | ||
25 | protocol unix,inet,inet6 | ||
26 | netfilter | 24 | netfilter |
27 | noroot | 25 | noroot |
26 | protocol unix,inet,inet6 | ||
27 | seccomp | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 858fdda4d..cbf898502 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | netfilter | 8 | netfilter |
11 | nonewprivs | 9 | nonewprivs |
12 | noroot | 10 | noroot |
13 | nosound | 11 | nosound |
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index ca34e932a..3a19efa3a 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -10,7 +10,7 @@ whitelist ${DOWNLOADS} | |||
10 | include /etc/firejail/whitelist-common.inc | 10 | include /etc/firejail/whitelist-common.inc |
11 | 11 | ||
12 | caps.drop all | 12 | caps.drop all |
13 | seccomp | ||
14 | protocol unix,inet,inet6 | ||
15 | nonewprivs | 13 | nonewprivs |
16 | noroot | 14 | noroot |
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
diff --git a/etc/quassel.profile b/etc/quassel.profile index e68315c1c..f92dfeb9f 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -4,8 +4,8 @@ include /etc/firejail/disable-programs.inc | |||
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | 5 | ||
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | ||
8 | protocol unix,inet,inet6 | ||
9 | nonewprivs | 7 | nonewprivs |
10 | noroot | 8 | noroot |
11 | netfilter | 9 | netfilter |
10 | protocol unix,inet,inet6 | ||
11 | seccomp | ||
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 5ad7ead1a..3e5dde36e 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -16,15 +16,16 @@ mkdir ~/.cache/QuiteRss | |||
16 | whitelist ${HOME}/.cache/QuiteRss | 16 | whitelist ${HOME}/.cache/QuiteRss |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | seccomp | ||
20 | protocol unix,inet,inet6 | ||
21 | netfilter | 19 | netfilter |
22 | tracelog | ||
23 | nonewprivs | 20 | nonewprivs |
24 | noroot | ||
25 | nogroups | 21 | nogroups |
26 | shell none | 22 | noroot |
27 | private-dev | ||
28 | private-bin quiterss | 23 | private-bin quiterss |
24 | private-dev | ||
29 | #private-etc X11,ssl | 25 | #private-etc X11,ssl |
26 | protocol unix,inet,inet6 | ||
27 | seccomp | ||
28 | shell none | ||
29 | tracelog | ||
30 | |||
30 | include /etc/firejail/whitelist-common.inc | 31 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 09d10b0bb..b590f0ef1 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -7,12 +7,12 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | 10 | netfilter |
13 | tracelog | ||
14 | nonewprivs | 11 | nonewprivs |
15 | noroot | 12 | noroot |
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | 16 | ||
17 | whitelist ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | mkdir ~/.config/qutebrowser | 18 | mkdir ~/.config/qutebrowser |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index ee0832863..0782a653d 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | netfilter |
9 | protocol unix,inet,inet6 | ||
10 | nonewprivs | 9 | nonewprivs |
11 | noroot | 10 | noroot |
12 | netfilter | 11 | protocol unix,inet,inet6 |
12 | seccomp | ||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 9ae2206c1..0be5e15d1 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -5,9 +5,9 @@ include /etc/firejail/disable-devel.inc | |||
5 | include /etc/firejail/disable-passwdmgr.inc | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | ||
9 | protocol unix,inet,inet6 | ||
10 | netfilter | 8 | netfilter |
11 | nonewprivs | 9 | nonewprivs |
12 | noroot | 10 | noroot |
13 | nosound | 11 | nosound |
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 886af0f67..9ce4164c1 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6,netlink | ||
11 | netfilter | 9 | netfilter |
12 | tracelog | ||
13 | nonewprivs | 10 | nonewprivs |
14 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6,netlink | ||
13 | seccomp | ||
14 | tracelog | ||
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | mkdir ~/.mozilla | 17 | mkdir ~/.mozilla |
@@ -42,11 +42,10 @@ whitelist ~/.lastpass | |||
42 | whitelist ~/.config/lastpass | 42 | whitelist ~/.config/lastpass |
43 | 43 | ||
44 | #silverlight | 44 | #silverlight |
45 | whitelist ~/.wine-pipelight | 45 | whitelist ~/.wine-pipelight |
46 | whitelist ~/.wine-pipelight64 | 46 | whitelist ~/.wine-pipelight64 |
47 | whitelist ~/.config/pipelight-widevine | 47 | whitelist ~/.config/pipelight-widevine |
48 | whitelist ~/.config/pipelight-silverlight5.1 | 48 | whitelist ~/.config/pipelight-silverlight5.1 |
49 | 49 | ||
50 | # experimental features | 50 | # experimental features |
51 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 51 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
52 | |||
diff --git a/etc/skype.profile b/etc/skype.profile index 4c4a34980..9cbcd5117 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -8,5 +8,5 @@ caps.drop all | |||
8 | netfilter | 8 | netfilter |
9 | nonewprivs | 9 | nonewprivs |
10 | noroot | 10 | noroot |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
12 | seccomp | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index 1ee379dea..9ba25b818 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/disable-programs.inc | |||
7 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | # Whitelist the folders needed by Spotify - This is more restrictive | 10 | # Whitelist the folders needed by Spotify - This is more restrictive |
11 | # than a blacklist though, but this is all spotify requires for | 11 | # than a blacklist though, but this is all spotify requires for |
12 | # streaming audio | 12 | # streaming audio |
13 | mkdir ${HOME}/.config | 13 | mkdir ${HOME}/.config |
14 | mkdir ${HOME}/.config/spotify | 14 | mkdir ${HOME}/.config/spotify |
@@ -23,9 +23,8 @@ whitelist ${HOME}/.cache/spotify | |||
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | seccomp | ||
27 | protocol unix,inet,inet6,netlink | ||
28 | netfilter | 26 | netfilter |
29 | nonewprivs | 27 | nonewprivs |
30 | noroot | 28 | noroot |
31 | 29 | protocol unix,inet,inet6,netlink | |
30 | seccomp | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index 0c4621f66..a6d52c5a5 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -6,8 +6,8 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | 9 | netfilter |
12 | nonewprivs | 10 | nonewprivs |
13 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
diff --git a/etc/steam.profile b/etc/steam.profile index ae5e93829..b15a54be9 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -10,5 +10,5 @@ caps.drop all | |||
10 | netfilter | 10 | netfilter |
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
13 | seccomp | ||
14 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | seccomp | ||
diff --git a/etc/telegram.profile b/etc/telegram.profile index 62a0fa404..819cd8f3a 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -5,11 +5,11 @@ include /etc/firejail/disable-programs.inc | |||
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | netfilter |
9 | protocol unix,inet,inet6 | ||
10 | nonewprivs | 9 | nonewprivs |
11 | noroot | 10 | noroot |
12 | netfilter | 11 | protocol unix,inet,inet6 |
12 | seccomp | ||
13 | 13 | ||
14 | whitelist ~/Downloads/Telegram Desktop | 14 | whitelist ~/Downloads/Telegram Desktop |
15 | mkdir ${HOME}/.TelegramDesktop | 15 | mkdir ${HOME}/.TelegramDesktop |
diff --git a/etc/totem.profile b/etc/totem.profile index f2bce5dee..252b46979 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -8,8 +8,8 @@ include /etc/firejail/disable-devel.inc | |||
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | nonewprivs | 11 | nonewprivs |
14 | noroot | 12 | noroot |
15 | netfilter | 13 | netfilter |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index e27873f88..5aef32d45 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -8,10 +8,10 @@ include /etc/firejail/disable-devel.inc | |||
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | netfilter | 11 | netfilter |
14 | nonewprivs | 12 | nonewprivs |
15 | noroot | 13 | noroot |
16 | tracelog | ||
17 | nosound | 14 | nosound |
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | tracelog | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 2caa923d8..d8ab1c60d 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -8,10 +8,10 @@ include /etc/firejail/disable-devel.inc | |||
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | ||
12 | protocol unix,inet,inet6 | ||
13 | netfilter | 11 | netfilter |
14 | nonewprivs | 12 | nonewprivs |
15 | noroot | 13 | noroot |
16 | tracelog | ||
17 | nosound | 14 | nosound |
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | tracelog | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 86e7be6fd..02c7f56bf 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -6,11 +6,11 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | 9 | netfilter |
12 | nonewprivs | 10 | nonewprivs |
13 | noroot | 11 | noroot |
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | mkdir ~/.config | 16 | mkdir ~/.config |
diff --git a/etc/vlc.profile b/etc/vlc.profile index d26034748..f8eebd376 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc | |||
7 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | seccomp | 10 | netfilter |
11 | protocol unix,inet,inet6 | ||
12 | nonewprivs | 11 | nonewprivs |
13 | noroot | 12 | noroot |
14 | netfilter | 13 | protocol unix,inet,inet6 |
14 | seccomp | ||
diff --git a/etc/weechat.profile b/etc/weechat.profile index 11b5bd10f..6cfe58420 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -4,9 +4,8 @@ include /etc/firejail/disable-common.inc | |||
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | 5 | ||
6 | caps.drop all | 6 | caps.drop all |
7 | seccomp | ||
8 | protocol unix,inet,inet6 | ||
9 | netfilter | 7 | netfilter |
10 | nonewprivs | 8 | nonewprivs |
11 | noroot | 9 | noroot |
12 | netfilter | 10 | protocol unix,inet,inet6 |
11 | seccomp | ||
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 61a87d994..cd0c6406f 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -9,10 +9,10 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | seccomp | ||
13 | protocol unix,inet,inet6 | ||
14 | nonewprivs | 12 | nonewprivs |
15 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | 16 | ||
17 | private-dev | 17 | private-dev |
18 | 18 | ||
diff --git a/etc/xchat.profile b/etc/xchat.profile index f4b273693..061c4f3da 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | nonewprivs | 9 | nonewprivs |
12 | noroot | 10 | noroot |
11 | protocol unix,inet,inet6 | ||
12 | seccomp | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index fb0e3c910..cd9cbed45 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -8,9 +8,9 @@ include /etc/firejail/disable-devel.inc | |||
8 | include /etc/firejail/disable-passwdmgr.inc | 8 | include /etc/firejail/disable-passwdmgr.inc |
9 | 9 | ||
10 | caps.drop all | 10 | caps.drop all |
11 | seccomp | 11 | netfilter |
12 | protocol unix,inet,inet6 | ||
13 | nonewprivs | 12 | nonewprivs |
14 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
15 | tracelog | 16 | tracelog |
16 | netfilter | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index 267330c1f..2cf109f09 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -9,10 +9,10 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | seccomp | 12 | netfilter |
13 | protocol unix,inet,inet6 | ||
14 | nonewprivs | 13 | nonewprivs |
15 | noroot | 14 | noroot |
16 | tracelog | ||
17 | netfilter | ||
18 | nosound | 15 | nosound |
16 | protocol unix,inet,inet6 | ||
17 | seccomp | ||
18 | tracelog | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index a0c91f0f3..51949526d 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -6,9 +6,9 @@ include /etc/firejail/disable-devel.inc | |||
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | caps.drop all | 8 | caps.drop all |
9 | seccomp | 9 | netfilter |
10 | protocol unix,inet,inet6 | ||
11 | noroot | 10 | noroot |
12 | nonewprivs | 11 | nonewprivs |
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
13 | tracelog | 14 | tracelog |
14 | netfilter | ||