diff options
Diffstat (limited to 'etc')
71 files changed, 36 insertions, 95 deletions
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 460bcc59a..0dc54e675 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -19,7 +19,7 @@ protocol unix,inet,inet6 | |||
19 | seccomp | 19 | seccomp |
20 | 20 | ||
21 | # | 21 | # |
22 | # depending on your usage, you can enable some of the commands below: | 22 | # depending on your usage, you can enable some of the commands below: |
23 | # | 23 | # |
24 | nogroups | 24 | nogroups |
25 | shell none | 25 | shell none |
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index eb2dda1eb..ed8a37add 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
@@ -27,7 +27,7 @@ shell none | |||
27 | tracelog | 27 | tracelog |
28 | 28 | ||
29 | # | 29 | # |
30 | # depending on your usage, you can enable some of the commands below: | 30 | # depending on your usage, you can enable some of the commands below: |
31 | # | 31 | # |
32 | # private-bin program | 32 | # private-bin program |
33 | # private-etc none | 33 | # private-etc none |
diff --git a/etc/akregator.profile b/etc/akregator.profile index 4180b7ee8..10279890e 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -22,7 +22,7 @@ protocol unix,inet,inet6 | |||
22 | seccomp | 22 | seccomp |
23 | 23 | ||
24 | # | 24 | # |
25 | # depending on your usage, you can enable some of the commands below: | 25 | # depending on your usage, you can enable some of the commands below: |
26 | # | 26 | # |
27 | # nogroups | 27 | # nogroups |
28 | # shell none | 28 | # shell none |
@@ -30,4 +30,3 @@ seccomp | |||
30 | # private-etc none | 30 | # private-etc none |
31 | # private-dev | 31 | # private-dev |
32 | # private-tmp | 32 | # private-tmp |
33 | |||
diff --git a/etc/ark.profile b/etc/ark.profile index ff354e315..007748ed1 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -27,4 +27,3 @@ protocol unix | |||
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | # private-etc | 29 | # private-etc |
30 | |||
diff --git a/etc/atool.profile b/etc/atool.profile index 79e032290..3f4b60312 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -30,5 +30,3 @@ blacklist /tmp/.X11-unix | |||
30 | private-tmp | 30 | private-tmp |
31 | private-dev | 31 | private-dev |
32 | private-etc none | 32 | private-etc none |
33 | |||
34 | |||
diff --git a/etc/blender.profile b/etc/blender.profile index 4281ca427..6ee874ad0 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6,netlink | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
diff --git a/etc/bless.profile b/etc/bless.profile index 1cf7f418d..8e8aaaec2 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -28,7 +28,7 @@ nogroups | |||
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | nosound | 30 | nosound |
31 | protocol unix | 31 | protocol unix |
32 | seccomp | 32 | seccomp |
33 | shell none | 33 | shell none |
34 | 34 | ||
diff --git a/etc/brave.profile b/etc/brave.profile index bccbc4f5b..9dac688c2 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -39,4 +39,3 @@ whitelist ~/.lastpass | |||
39 | whitelist ~/.config/lastpass | 39 | whitelist ~/.config/lastpass |
40 | 40 | ||
41 | include /etc/firejail/whitelist-common.inc | 41 | include /etc/firejail/whitelist-common.inc |
42 | |||
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index e1c0c4f28..c626e7b74 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
@@ -27,4 +27,3 @@ shell none | |||
27 | 27 | ||
28 | private-dev | 28 | private-dev |
29 | private-tmp | 29 | private-tmp |
30 | |||
diff --git a/etc/clipit.profile b/etc/clipit.profile index 42b082b6c..cd744a022 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -21,7 +21,7 @@ seccomp | |||
21 | 21 | ||
22 | 22 | ||
23 | # | 23 | # |
24 | # depending on your usage, you can enable some of the commands below: | 24 | # depending on your usage, you can enable some of the commands below: |
25 | # | 25 | # |
26 | nogroups | 26 | nogroups |
27 | shell none | 27 | shell none |
diff --git a/etc/cpio.profile b/etc/cpio.profile index 6ab2c1a95..f38e0a6ce 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -7,7 +7,7 @@ include /etc/firejail/cpio.local | |||
7 | 7 | ||
8 | # cpio profile | 8 | # cpio profile |
9 | # /sbin and /usr/sbin are visible inside the sandbox | 9 | # /sbin and /usr/sbin are visible inside the sandbox |
10 | # /boot is not visible and /var is heavily modified | 10 | # /boot is not visible and /var is heavily modified |
11 | quiet | 11 | quiet |
12 | noblacklist /sbin | 12 | noblacklist /sbin |
13 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
@@ -26,4 +26,3 @@ nosound | |||
26 | no3d | 26 | no3d |
27 | 27 | ||
28 | blacklist /tmp/.X11-unix | 28 | blacklist /tmp/.X11-unix |
29 | |||
diff --git a/etc/default.profile b/etc/default.profile index 039f915d5..44a9e548b 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -20,7 +20,7 @@ protocol unix,inet,inet6 | |||
20 | seccomp | 20 | seccomp |
21 | 21 | ||
22 | # | 22 | # |
23 | # depending on your usage, you can enable some of the commands below: | 23 | # depending on your usage, you can enable some of the commands below: |
24 | # | 24 | # |
25 | # nogroups | 25 | # nogroups |
26 | # shell none | 26 | # shell none |
diff --git a/etc/deluge.profile b/etc/deluge.profile index dcbb116f8..71cf9442f 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -24,4 +24,3 @@ shell none | |||
24 | #private-bin deluge,sh,python,uname | 24 | #private-bin deluge,sh,python,uname |
25 | private-dev | 25 | private-dev |
26 | private-tmp | 26 | private-tmp |
27 | |||
diff --git a/etc/dia.profile b/etc/dia.profile index 395d78bec..fc564b96d 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
@@ -26,4 +26,3 @@ shell none | |||
26 | # private-etc none | 26 | # private-etc none |
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | |||
diff --git a/etc/display.profile b/etc/display.profile index 1db28d4c4..7cde8bd54 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -23,8 +23,7 @@ nosound | |||
23 | shell none | 23 | shell none |
24 | x11 xorg | 24 | x11 xorg |
25 | 25 | ||
26 | private-bin display | 26 | private-bin display |
27 | private-tmp | 27 | private-tmp |
28 | private-dev | 28 | private-dev |
29 | private-etc none | 29 | private-etc none |
30 | |||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 25cad238b..81199a22d 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -18,4 +18,3 @@ private-dev | |||
18 | nosound | 18 | nosound |
19 | no3d | 19 | no3d |
20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
21 | |||
diff --git a/etc/dragon.profile b/etc/dragon.profile index 01d492141..661f663c3 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -26,4 +26,3 @@ private-bin dragon | |||
26 | private-dev | 26 | private-dev |
27 | private-tmp | 27 | private-tmp |
28 | # private-etc | 28 | # private-etc |
29 | |||
diff --git a/etc/elinks.profile b/etc/elinks.profile index 15e29808c..76a7e6b94 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -31,4 +31,3 @@ blacklist /tmp/.X11-unix | |||
31 | private-tmp | 31 | private-tmp |
32 | private-dev | 32 | private-dev |
33 | # private-etc none | 33 | # private-etc none |
34 | |||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index afb8e36ac..729dabeb7 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -34,5 +34,3 @@ blacklist /tmp/.X11-unix | |||
34 | private-tmp | 34 | private-tmp |
35 | private-dev | 35 | private-dev |
36 | private-etc none | 36 | private-etc none |
37 | |||
38 | |||
diff --git a/etc/feh.profile b/etc/feh.profile index bd0bd9f98..f71999155 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -25,4 +25,4 @@ shell none | |||
25 | private-bin feh | 25 | private-bin feh |
26 | private-dev | 26 | private-dev |
27 | private-etc feh | 27 | private-etc feh |
28 | private-tmp \ No newline at end of file | 28 | private-tmp |
diff --git a/etc/firejail-default b/etc/firejail-default index 1b0eb7658..d9bda4f8c 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -151,4 +151,3 @@ umount, | |||
151 | pivot_root, | 151 | pivot_root, |
152 | 152 | ||
153 | } | 153 | } |
154 | |||
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index be310bcd5..967a617e2 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
@@ -26,4 +26,3 @@ shell none | |||
26 | # private-etc none | 26 | # private-etc none |
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | |||
diff --git a/etc/geany.profile b/etc/geany.profile index 1fccdd5d5..7e0c6d2ad 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
@@ -26,4 +26,3 @@ shell none | |||
26 | # private-etc none | 26 | # private-etc none |
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | |||
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile index 8af7f82c5..1902fac72 100644 --- a/etc/gimp-2.8.profile +++ b/etc/gimp-2.8.profile | |||
@@ -2,4 +2,3 @@ | |||
2 | include /etc/firejail/globals.local | 2 | include /etc/firejail/globals.local |
3 | 3 | ||
4 | include /etc/firejail/gimp.profile | 4 | include /etc/firejail/gimp.profile |
5 | |||
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index 248de0a17..5662dba69 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
@@ -26,4 +26,3 @@ shell none | |||
26 | # private-etc none | 26 | # private-etc none |
27 | private-dev | 27 | private-dev |
28 | # private-tmp | 28 | # private-tmp |
29 | |||
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 4aebed46f..929888e88 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
diff --git a/etc/highlight.profile b/etc/highlight.profile index e328ac960..58e7f89f5 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -30,6 +30,3 @@ private-bin highlight | |||
30 | # private-etc none | 30 | # private-etc none |
31 | private-tmp | 31 | private-tmp |
32 | private-dev | 32 | private-dev |
33 | |||
34 | |||
35 | |||
diff --git a/etc/hugin.profile b/etc/hugin.profile index 0f85ff85f..97a9cb1fd 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
@@ -27,4 +27,3 @@ shell none | |||
27 | private-dev | 27 | private-dev |
28 | private-tmp | 28 | private-tmp |
29 | nosound | 29 | nosound |
30 | |||
diff --git a/etc/icecat.profile b/etc/icecat.profile index add2605ff..7684cedbe 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -48,4 +48,3 @@ include /etc/firejail/whitelist-common.inc | |||
48 | 48 | ||
49 | # experimental features | 49 | # experimental features |
50 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 50 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
51 | |||
diff --git a/etc/icedove.profile b/etc/icedove.profile index 55970f7fa..a3192c491 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile | |||
@@ -25,4 +25,3 @@ whitelist ~/.cache/icedove | |||
25 | ignore private-tmp | 25 | ignore private-tmp |
26 | include /etc/firejail/firefox.profile | 26 | include /etc/firejail/firefox.profile |
27 | #include /etc/firejail/chromium.profile - chromium runs as suid! | 27 | #include /etc/firejail/chromium.profile - chromium runs as suid! |
28 | |||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 12c94aceb..00d172f55 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -27,5 +27,3 @@ tracelog | |||
27 | private-tmp | 27 | private-tmp |
28 | private-dev | 28 | private-dev |
29 | #private-etc none | 29 | #private-etc none |
30 | |||
31 | |||
diff --git a/etc/k3b.profile b/etc/k3b.profile index 10ade7231..8c2d60107 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
@@ -24,6 +24,6 @@ seccomp | |||
24 | protocol unix | 24 | protocol unix |
25 | tracelog | 25 | tracelog |
26 | 26 | ||
27 | # private-bin | 27 | # private-bin |
28 | # private-tmp | 28 | # private-tmp |
29 | # private-etc | 29 | # private-etc |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index b15df8795..0ea5dbcb3 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -20,7 +20,7 @@ protocol unix,inet,inet6 | |||
20 | seccomp | 20 | seccomp |
21 | 21 | ||
22 | # | 22 | # |
23 | # depending on your usage, you can enable some of the commands below: | 23 | # depending on your usage, you can enable some of the commands below: |
24 | # | 24 | # |
25 | private | 25 | private |
26 | nogroups | 26 | nogroups |
@@ -29,4 +29,3 @@ shell none | |||
29 | # private-etc none | 29 | # private-etc none |
30 | private-dev | 30 | private-dev |
31 | private-tmp | 31 | private-tmp |
32 | |||
diff --git a/etc/keepass.profile b/etc/keepass.profile index bdda4175c..8e789d5a6 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -13,7 +13,7 @@ noblacklist ${HOME}/.local/share/keepass | |||
13 | noblacklist ${HOME}/.local/share/KeePass | 13 | noblacklist ${HOME}/.local/share/KeePass |
14 | noblacklist ${HOME}/*.kdbx | 14 | noblacklist ${HOME}/*.kdbx |
15 | noblacklist ${HOME}/*.kdb | 15 | noblacklist ${HOME}/*.kdb |
16 | 16 | ||
17 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 6b414afa6..9aeed0057 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -10,7 +10,7 @@ noblacklist ${HOME}/.config/keepassx | |||
10 | noblacklist ${HOME}/.keepassx | 10 | noblacklist ${HOME}/.keepassx |
11 | noblacklist ${HOME}/*.kdbx | 11 | noblacklist ${HOME}/*.kdbx |
12 | noblacklist ${HOME}/*.kdb | 12 | noblacklist ${HOME}/*.kdb |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index 1b36190f0..0536866fb 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile | |||
@@ -10,7 +10,7 @@ noblacklist ${HOME}/.config/keepassx | |||
10 | noblacklist ${HOME}/.keepassx | 10 | noblacklist ${HOME}/.keepassx |
11 | noblacklist ${HOME}/*.kdbx | 11 | noblacklist ${HOME}/*.kdbx |
12 | noblacklist ${HOME}/*.kdb | 12 | noblacklist ${HOME}/*.kdb |
13 | 13 | ||
14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/kino.profile b/etc/kino.profile index bfb5fc91b..b37569340 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
@@ -22,7 +22,7 @@ protocol unix,inet,inet6 | |||
22 | seccomp | 22 | seccomp |
23 | 23 | ||
24 | # | 24 | # |
25 | # depending on your usage, you can enable some of the commands below: | 25 | # depending on your usage, you can enable some of the commands below: |
26 | # | 26 | # |
27 | # nogroups | 27 | # nogroups |
28 | # shell none | 28 | # shell none |
@@ -30,4 +30,3 @@ seccomp | |||
30 | # private-etc none | 30 | # private-etc none |
31 | # private-dev | 31 | # private-dev |
32 | # private-tmp | 32 | # private-tmp |
33 | |||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index b8e76541e..ca0f5e111 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -22,7 +22,7 @@ protocol unix,inet,inet6 | |||
22 | seccomp | 22 | seccomp |
23 | 23 | ||
24 | # | 24 | # |
25 | # depending on your usage, you can enable some of the commands below: | 25 | # depending on your usage, you can enable some of the commands below: |
26 | # | 26 | # |
27 | nogroups | 27 | nogroups |
28 | shell none | 28 | shell none |
@@ -30,4 +30,3 @@ shell none | |||
30 | # private-etc none | 30 | # private-etc none |
31 | private-dev | 31 | private-dev |
32 | # private-tmp | 32 | # private-tmp |
33 | |||
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index 3ec46c759..5ae025d6d 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
diff --git a/etc/localc.profile b/etc/localc.profile index 322f44cc0..35ff153cd 100644 --- a/etc/localc.profile +++ b/etc/localc.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/localc.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/lodraw.profile b/etc/lodraw.profile index d0a011a90..af8234b9b 100644 --- a/etc/lodraw.profile +++ b/etc/lodraw.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/lodraw.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/loffice.profile b/etc/loffice.profile index cf1ff4940..ad6b28fb6 100644 --- a/etc/loffice.profile +++ b/etc/loffice.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/loffice.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile index 427e3b11c..4a729bd71 100644 --- a/etc/lofromtemplate.profile +++ b/etc/lofromtemplate.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/lofromtemplate.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/login.users b/etc/login.users index 81f12c6b1..89a71587a 100644 --- a/etc/login.users +++ b/etc/login.users | |||
@@ -17,4 +17,3 @@ | |||
17 | # | 17 | # |
18 | # The extra arguments are inserted into program command line if firejail | 18 | # The extra arguments are inserted into program command line if firejail |
19 | # was started as a login shell. | 19 | # was started as a login shell. |
20 | |||
diff --git a/etc/loimpress.profile b/etc/loimpress.profile index 7dca8e1a6..f8da5da18 100644 --- a/etc/loimpress.profile +++ b/etc/loimpress.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/loimpress.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/lomath.profile b/etc/lomath.profile index 58b2a5b5e..7ebdf9fe9 100644 --- a/etc/lomath.profile +++ b/etc/lomath.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/lomath.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/loweb.profile b/etc/loweb.profile index 2cc331302..b504d0a86 100644 --- a/etc/loweb.profile +++ b/etc/loweb.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/loweb.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/lowriter.profile b/etc/lowriter.profile index 4d631d092..567cf91ec 100644 --- a/etc/lowriter.profile +++ b/etc/lowriter.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/lowriter.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 1869bcb9d..fd5136578 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -19,7 +19,7 @@ protocol unix,inet,inet6 | |||
19 | seccomp | 19 | seccomp |
20 | 20 | ||
21 | # | 21 | # |
22 | # depending on your usage, you can enable some of the commands below: | 22 | # depending on your usage, you can enable some of the commands below: |
23 | # | 23 | # |
24 | nogroups | 24 | nogroups |
25 | shell none | 25 | shell none |
diff --git a/etc/lynx.profile b/etc/lynx.profile index 650309e60..f7e83649a 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -29,4 +29,3 @@ blacklist /tmp/.X11-unix | |||
29 | private-tmp | 29 | private-tmp |
30 | private-dev | 30 | private-dev |
31 | # private-etc none | 31 | # private-etc none |
32 | |||
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 7927b67ce..67a9f244e 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile | |||
@@ -2,4 +2,3 @@ | |||
2 | include /etc/firejail/globals.local | 2 | include /etc/firejail/globals.local |
3 | 3 | ||
4 | #include /etc/firejail/mate-calc.profile | 4 | #include /etc/firejail/mate-calc.profile |
5 | |||
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 8756018f0..6db3dd624 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 4c10e3616..fc4c1c425 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -18,7 +18,7 @@ protocol unix,inet,inet6 | |||
18 | seccomp | 18 | seccomp |
19 | 19 | ||
20 | # | 20 | # |
21 | # depending on your usage, you can enable some of the commands below: | 21 | # depending on your usage, you can enable some of the commands below: |
22 | # | 22 | # |
23 | nogroups | 23 | nogroups |
24 | shell none | 24 | shell none |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 72f9ad314..59cb080d3 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -30,7 +30,3 @@ private-bin mediainfo | |||
30 | private-tmp | 30 | private-tmp |
31 | private-dev | 31 | private-dev |
32 | private-etc none | 32 | private-etc none |
33 | |||
34 | |||
35 | |||
36 | |||
diff --git a/etc/nemo.profile b/etc/nemo.profile index b769a5c74..1d9124d19 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile | |||
@@ -22,7 +22,7 @@ protocol unix,inet,inet6 | |||
22 | seccomp | 22 | seccomp |
23 | 23 | ||
24 | # | 24 | # |
25 | # depending on your usage, you can enable some of the commands below: | 25 | # depending on your usage, you can enable some of the commands below: |
26 | # | 26 | # |
27 | nogroups | 27 | nogroups |
28 | shell none | 28 | shell none |
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index b2cadceb9..bc92e50ea 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
@@ -23,4 +23,3 @@ shell none | |||
23 | tracelog | 23 | tracelog |
24 | 24 | ||
25 | private-tmp | 25 | private-tmp |
26 | |||
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index ca30e377a..907de5e8f 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
@@ -21,4 +21,3 @@ shell none | |||
21 | tracelog | 21 | tracelog |
22 | 22 | ||
23 | private-tmp | 23 | private-tmp |
24 | |||
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index c34e21729..a5ef53112 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
@@ -20,7 +20,7 @@ seccomp | |||
20 | 20 | ||
21 | 21 | ||
22 | # | 22 | # |
23 | # depending on your usage, you can enable some of the commands below: | 23 | # depending on your usage, you can enable some of the commands below: |
24 | # | 24 | # |
25 | nogroups | 25 | nogroups |
26 | shell none | 26 | shell none |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 948ea5989..93416c248 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -22,4 +22,4 @@ seccomp | |||
22 | shell none | 22 | shell none |
23 | private-bin rtorrent | 23 | private-bin rtorrent |
24 | private-dev | 24 | private-dev |
25 | private-tmp \ No newline at end of file | 25 | private-tmp |
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile index 1aecccc8c..f01810671 100644 --- a/etc/seamonkey-bin.profile +++ b/etc/seamonkey-bin.profile | |||
@@ -7,4 +7,3 @@ include /etc/firejail/seamonkey-bin.local | |||
7 | 7 | ||
8 | # Firejail profile for Seamonkey based off Mozilla Firefox | 8 | # Firejail profile for Seamonkey based off Mozilla Firefox |
9 | include /etc/firejail/seamonkey.profile | 9 | include /etc/firejail/seamonkey.profile |
10 | |||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index f290aa51f..87698f575 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -25,4 +25,3 @@ seccomp | |||
25 | # private-dev | 25 | # private-dev |
26 | # private-tmp | 26 | # private-tmp |
27 | # private-etc | 27 | # private-etc |
28 | |||
diff --git a/etc/snap.profile b/etc/snap.profile index 6dc38cc6d..8493fcbd3 100644 --- a/etc/snap.profile +++ b/etc/snap.profile | |||
@@ -15,5 +15,3 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | whitelist ~/snap | 15 | whitelist ~/snap |
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | |||
19 | |||
diff --git a/etc/soffice.profile b/etc/soffice.profile index f5a4e2846..9fca8e4c9 100644 --- a/etc/soffice.profile +++ b/etc/soffice.profile | |||
@@ -9,4 +9,3 @@ include /etc/firejail/soffice.local | |||
9 | # LibreOffice profile | 9 | # LibreOffice profile |
10 | ################################ | 10 | ################################ |
11 | include /etc/firejail/libreoffice.profile | 11 | include /etc/firejail/libreoffice.profile |
12 | |||
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index cc0d671c1..8a5bf1f7b 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -29,4 +29,3 @@ whitelist ~/.cache/thunderbird | |||
29 | ignore private-tmp | 29 | ignore private-tmp |
30 | include /etc/firejail/firefox.profile | 30 | include /etc/firejail/firefox.profile |
31 | #include /etc/firejail/chromium.profile - chromium runs as suid! | 31 | #include /etc/firejail/chromium.profile - chromium runs as suid! |
32 | |||
diff --git a/etc/unbound.profile b/etc/unbound.profile index 015c5930b..7431ee27a 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -18,4 +18,3 @@ private-dev | |||
18 | nosound | 18 | nosound |
19 | no3d | 19 | no3d |
20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
21 | |||
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index c245b7a75..374c73da2 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile | |||
@@ -25,5 +25,3 @@ include /etc/firejail/whitelist-common.inc | |||
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | |||
29 | |||
diff --git a/etc/webserver.net b/etc/webserver.net index d165e6faf..83db76825 100644 --- a/etc/webserver.net +++ b/etc/webserver.net | |||
@@ -27,4 +27,3 @@ | |||
27 | -A INPUT -p udp --sport 53 -j ACCEPT | 27 | -A INPUT -p udp --sport 53 -j ACCEPT |
28 | 28 | ||
29 | COMMIT | 29 | COMMIT |
30 | |||
diff --git a/etc/weechat.profile b/etc/weechat.profile index 92d16fa82..452823681 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -19,4 +19,4 @@ seccomp | |||
19 | 19 | ||
20 | # no private-bin support for various reasons: | 20 | # no private-bin support for various reasons: |
21 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, | 21 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, |
22 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins \ No newline at end of file | 22 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins |
diff --git a/etc/wire.profile b/etc/wire.profile index f93ee9a09..1fdd8b018 100644 --- a/etc/wire.profile +++ b/etc/wire.profile | |||
@@ -27,4 +27,4 @@ private-tmp | |||
27 | private-dev | 27 | private-dev |
28 | 28 | ||
29 | # Note: the current beta version of wire is located in /opt/Wire/wire and therefore not in PATH. | 29 | # Note: the current beta version of wire is located in /opt/Wire/wire and therefore not in PATH. |
30 | # To use wire with firejail run "firejail /opt/Wire/wire" | 30 | # To use wire with firejail run "firejail /opt/Wire/wire" |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 07dcaf093..d3dab23ce 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/globals.local | |||
5 | # Persistent customizations should go in a .local file. | 5 | # Persistent customizations should go in a .local file. |
6 | include /etc/firejail/wireshark.local | 6 | include /etc/firejail/wireshark.local |
7 | 7 | ||
8 | # Firejail profile for | 8 | # Firejail profile for |
9 | noblacklist ${HOME}/.config/wireshark | 9 | noblacklist ${HOME}/.config/wireshark |
10 | 10 | ||
11 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
@@ -13,11 +13,11 @@ include /etc/firejail/disable-programs.inc | |||
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | 15 | ||
16 | # | 16 | # |
17 | # The profile allows users to run wireshark as root | 17 | # The profile allows users to run wireshark as root |
18 | # | 18 | # |
19 | #caps.drop all | 19 | #caps.drop all |
20 | #noroot | 20 | #noroot |
21 | #protocol unix,inet,inet6,netlink | 21 | #protocol unix,inet,inet6,netlink |
22 | 22 | ||
23 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index f98b3e598..737bb0a23 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
@@ -20,7 +20,7 @@ protocol unix,inet,inet6 | |||
20 | seccomp | 20 | seccomp |
21 | 21 | ||
22 | # | 22 | # |
23 | # depending on your usage, you can enable some of the commands below: | 23 | # depending on your usage, you can enable some of the commands below: |
24 | # | 24 | # |
25 | nogroups | 25 | nogroups |
26 | shell none | 26 | shell none |
@@ -28,4 +28,3 @@ shell none | |||
28 | # private-etc none | 28 | # private-etc none |
29 | private-dev | 29 | private-dev |
30 | # private-tmp | 30 | # private-tmp |
31 | |||