diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/chromium.profile | 1 | ||||
-rw-r--r-- | etc/clementine.profile | 3 | ||||
-rw-r--r-- | etc/disable-common.inc | 3 | ||||
-rw-r--r-- | etc/gnome-calculator.profile | 1 | ||||
-rw-r--r-- | etc/google-chrome.profile | 1 |
5 files changed, 7 insertions, 2 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile index 071c8a18a..ff51f6976 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -24,6 +24,7 @@ whitelist ~/.config/chromium-flags.conf | |||
24 | 24 | ||
25 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
26 | 26 | ||
27 | caps.keep sys_chroot,sys_admin | ||
27 | ipc-namespace | 28 | ipc-namespace |
28 | netfilter | 29 | netfilter |
29 | nogroups | 30 | nogroups |
diff --git a/etc/clementine.profile b/etc/clementine.profile index f92413a36..d9ce4c9c8 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -12,4 +12,5 @@ caps.drop all | |||
12 | nonewprivs | 12 | nonewprivs |
13 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6 | 14 | protocol unix,inet,inet6 |
15 | seccomp | 15 | # Clementine makes ioprio_set system calls, which are blacklisted by default. |
16 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 7a5e8bf5b..c78640cd7 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -6,6 +6,7 @@ include /etc/firejail/disable-common.local | |||
6 | blacklist-nolog ${HOME}/.history | 6 | blacklist-nolog ${HOME}/.history |
7 | blacklist-nolog ${HOME}/.*_history | 7 | blacklist-nolog ${HOME}/.*_history |
8 | blacklist-nolog ${HOME}/.bash_history | 8 | blacklist-nolog ${HOME}/.bash_history |
9 | blacklist-nolog ${HOME}/.local/share/fish/fish_history | ||
9 | blacklist-nolog ${HOME}/.adobe | 10 | blacklist-nolog ${HOME}/.adobe |
10 | blacklist-nolog ${HOME}/.macromedia | 11 | blacklist-nolog ${HOME}/.macromedia |
11 | 12 | ||
@@ -142,6 +143,8 @@ read-only ${HOME}/.zsh_files | |||
142 | read-only ${HOME}/.tcshrc | 143 | read-only ${HOME}/.tcshrc |
143 | read-only ${HOME}/.cshrc | 144 | read-only ${HOME}/.cshrc |
144 | read-only ${HOME}/.csh_files | 145 | read-only ${HOME}/.csh_files |
146 | read-only ${HOME}/.config/fish | ||
147 | read-only ${HOME}/.local/share/fish | ||
145 | read-only ${HOME}/.profile | 148 | read-only ${HOME}/.profile |
146 | read-only ${HOME}/.forward | 149 | read-only ${HOME}/.forward |
147 | read-only ${HOME}/.login | 150 | read-only ${HOME}/.login |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index eb9027ca4..67610abea 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -16,7 +16,6 @@ include /etc/firejail/whitelist-common.inc | |||
16 | 16 | ||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
20 | netfilter | 19 | netfilter |
21 | #net none | 20 | #net none |
22 | no3d | 21 | no3d |
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 38feb12a5..9cfafdb82 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | # include /etc/firejail/disable-devel.inc | 13 | # include /etc/firejail/disable-devel.inc |
14 | # | 14 | # |
15 | 15 | ||
16 | caps.keep sys_chroot,sys_admin | ||
16 | netfilter | 17 | netfilter |
17 | 18 | ||
18 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |