diff options
Diffstat (limited to 'etc')
118 files changed, 148 insertions, 193 deletions
diff --git a/etc/7z.profile b/etc/7z.profile index ededacbbe..0330e4dbf 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/7z.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | ignore noroot | 11 | ignore noroot |
13 | net none | 12 | net none |
14 | no3d | 13 | no3d |
14 | nodbus | ||
15 | nodvd | 15 | nodvd |
16 | nosound | 16 | nosound |
17 | notv | 17 | notv |
diff --git a/etc/apktool.profile b/etc/apktool.profile index bbf91c264..d5063d79b 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -6,8 +6,6 @@ include /etc/firejail/apktool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | net none | 14 | net none |
17 | no3d | 15 | no3d |
16 | nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 1f2228544..cf72561da 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/ardour4 | 8 | noblacklist ${HOME}/.config/ardour4 |
11 | noblacklist ${HOME}/.config/ardour5 | 9 | noblacklist ${HOME}/.config/ardour5 |
12 | noblacklist ${HOME}/.lv2 | 10 | noblacklist ${HOME}/.lv2 |
@@ -20,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | caps.drop all | 18 | caps.drop all |
21 | ipc-namespace | 19 | ipc-namespace |
22 | net none | 20 | net none |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/ark.profile b/etc/ark.profile index beeb652cf..8e156df0f 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/ark.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/arkrc | 8 | noblacklist ${HOME}/.config/arkrc |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -20,6 +18,7 @@ apparmor | |||
20 | caps.drop all | 18 | caps.drop all |
21 | # net none | 19 | # net none |
22 | netfilter | 20 | netfilter |
21 | # nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/asunder.profile b/etc/asunder.profile index 0fbc3a158..7d643877f 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
20 | apparmor | 20 | apparmor |
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodbus | ||
23 | # nogroups | 24 | # nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
diff --git a/etc/atom.profile b/etc/atom.profile index 2a20279e9..c513c7531 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.atom | 8 | noblacklist ${HOME}/.atom |
11 | noblacklist ${HOME}/.config/Atom | 9 | noblacklist ${HOME}/.config/Atom |
12 | 10 | ||
diff --git a/etc/atril.profile b/etc/atril.profile index 8b30e96ac..e08b70ac6 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -18,7 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 19 | include /etc/firejail/whitelist-var-common.inc |
20 | 20 | ||
21 | apparmor | 21 | # apparmor |
22 | caps.drop all | 22 | caps.drop all |
23 | machine-id | 23 | machine-id |
24 | no3d | 24 | no3d |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 93ba5a45d..71003f156 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | apparmor | 18 | apparmor |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodbus | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 8c85dd6be..907dbeb55 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/audacity.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.audacity-data | 8 | noblacklist ${HOME}/.audacity-data |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -18,8 +16,9 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | 16 | ||
19 | apparmor | 17 | apparmor |
20 | caps.drop all | 18 | caps.drop all |
21 | #net none | 19 | net none |
22 | no3d | 20 | no3d |
21 | # nodbus - problems on Fedora 27 | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/baobab.profile b/etc/baobab.profile index e47e31bb1..5c1675611 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/baobab.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | net none | 14 | net none |
17 | no3d | 15 | no3d |
16 | nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index dce7892a4..9785b9eae 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/bleachbit.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | net none | 14 | net none |
17 | no3d | 15 | no3d |
16 | nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/bless.profile b/etc/bless.profile index 37d1e856f..10b471582 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/bless.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/bless | 8 | noblacklist ${HOME}/.config/bless |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
19 | no3d | 17 | no3d |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 66ba0168b..6eb1d753f 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/bluefish.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
19 | no3d | 17 | no3d |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/calligra.profile b/etc/calligra.profile index f09716bc3..f7df8ce85 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/calligra.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | ipc-namespace | 14 | ipc-namespace |
17 | # net none | 15 | # net none |
16 | # nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/catfish.profile b/etc/catfish.profile index 8765ba950..6a608c673 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -8,8 +8,6 @@ include /etc/firejail/globals.local | |||
8 | # We can't blacklist much since catfish | 8 | # We can't blacklist much since catfish |
9 | # is for finding files/content | 9 | # is for finding files/content |
10 | 10 | ||
11 | blacklist /run/user/*/bus | ||
12 | |||
13 | noblacklist ${HOME}/.config/catfish | 11 | noblacklist ${HOME}/.config/catfish |
14 | 12 | ||
15 | include /etc/firejail/disable-common.inc | 13 | include /etc/firejail/disable-common.inc |
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index a11947334..7f07c5b26 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
20 | apparmor | 20 | apparmor |
21 | caps.keep sys_chroot,sys_admin | 21 | caps.keep sys_chroot,sys_admin |
22 | netfilter | 22 | netfilter |
23 | nodbus | ||
23 | nodvd | 24 | nodvd |
24 | nogroups | 25 | nogroups |
25 | notv | 26 | notv |
@@ -31,3 +32,6 @@ private-dev | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
35 | |||
36 | # the file dialog needs to work without d-bus | ||
37 | env NO_CHROME_KDE_FILE_DIALOG=1 | ||
diff --git a/etc/cin.profile b/etc/cin.profile index d114e50b1..e86a4d9b4 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.bcast5 | 8 | noblacklist ${HOME}/.bcast5 |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | ipc-namespace | 16 | ipc-namespace |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/clamav.profile b/etc/clamav.profile index c3a0132d0..41bd3b679 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
@@ -6,12 +6,11 @@ include /etc/firejail/clamav.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | caps.drop all | 9 | caps.drop all |
12 | ipc-namespace | 10 | ipc-namespace |
13 | net none | 11 | net none |
14 | no3d | 12 | no3d |
13 | nodbus | ||
15 | nodvd | 14 | nodvd |
16 | nogroups | 15 | nogroups |
17 | nonewprivs | 16 | nonewprivs |
diff --git a/etc/cpio.profile b/etc/cpio.profile index caee6570e..445e1cec7 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/cpio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | noblacklist /sbin | 11 | noblacklist /sbin |
@@ -19,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | caps.drop all | 18 | caps.drop all |
20 | net none | 19 | net none |
21 | no3d | 20 | no3d |
21 | nodbus | ||
22 | nodvd | 22 | nodvd |
23 | nonewprivs | 23 | nonewprivs |
24 | nosound | 24 | nosound |
diff --git a/etc/default.profile b/etc/default.profile index 82eded802..1af7ceba4 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -17,6 +17,7 @@ caps.drop all | |||
17 | # ipc-namespace | 17 | # ipc-namespace |
18 | netfilter | 18 | netfilter |
19 | # no3d | 19 | # no3d |
20 | # nodbus | ||
20 | # nodvd | 21 | # nodvd |
21 | # nogroups | 22 | # nogroups |
22 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index f89e17239..ed73b8b8c 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -6,8 +6,6 @@ include /etc/firejail/dex2jar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 14 | caps.drop all |
17 | net none | 15 | net none |
18 | no3d | 16 | no3d |
17 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
diff --git a/etc/dia.profile b/etc/dia.profile index b1a723da0..fb3506955 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/dia.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.dia | 8 | noblacklist ${HOME}/.dia |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
19 | no3d | 17 | no3d |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 516876c6b..4df344cbc 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
20 | apparmor | 20 | apparmor |
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | # nodbus | ||
23 | nodvd | 24 | nodvd |
24 | nogroups | 25 | nogroups |
25 | nonewprivs | 26 | nonewprivs |
diff --git a/etc/display.profile b/etc/display.profile index 41512a0cb..69183f4ca 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -16,6 +14,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
16 | 14 | ||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
17 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile index 9f7e1382b..1e28b854a 100644 --- a/etc/ebook-viewer.profile +++ b/etc/ebook-viewer.profile | |||
@@ -1,9 +1,8 @@ | |||
1 | # Firejail profile alias for calibre | 1 | # Firejail profile alias for calibre |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | blacklist /run/user/*/bus | ||
5 | |||
6 | net none | 4 | net none |
5 | nodbus | ||
7 | 6 | ||
8 | # Redirect | 7 | # Redirect |
9 | include /etc/firejail/calibre.profile | 8 | include /etc/firejail/calibre.profile |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index ae61f1d93..cf32d579e 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/engrampa.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -14,9 +12,11 @@ include /etc/firejail/disable-programs.inc | |||
14 | 12 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 13 | include /etc/firejail/whitelist-var-common.inc |
16 | 14 | ||
15 | apparmor | ||
17 | caps.drop all | 16 | caps.drop all |
18 | # net none - makes settings immutable | 17 | net none |
19 | no3d | 18 | no3d |
19 | nodbus | ||
20 | nodvd | 20 | nodvd |
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/eog.profile b/etc/eog.profile index 475abc4a5..66434ae05 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/eog.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.Steam | 8 | noblacklist ${HOME}/.Steam |
11 | noblacklist ${HOME}/.config/eog | 9 | noblacklist ${HOME}/.config/eog |
12 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
@@ -19,10 +17,11 @@ include /etc/firejail/disable-programs.inc | |||
19 | 17 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
21 | 19 | ||
22 | apparmor | 20 | # apparmor - makes settings immutable |
23 | caps.drop all | 21 | caps.drop all |
24 | # net none - makes settings immutable | 22 | # net none - makes settings immutable |
25 | no3d | 23 | no3d |
24 | # nodbus - makes settings immutable | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
diff --git a/etc/eom.profile b/etc/eom.profile index c7c92db0e..48965bcb9 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/eom.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.Steam | 8 | noblacklist ${HOME}/.Steam |
11 | noblacklist ${HOME}/.config/mate/eom | 9 | noblacklist ${HOME}/.config/mate/eom |
12 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
@@ -19,10 +17,11 @@ include /etc/firejail/disable-programs.inc | |||
19 | 17 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
21 | 19 | ||
22 | apparmor | 20 | # apparmor - makes settings immutable |
23 | caps.drop all | 21 | caps.drop all |
24 | # net none - makes settings immutable | 22 | # net none - makes settings immutable |
25 | no3d | 23 | no3d |
24 | # nodbus - makes settings immutable | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
diff --git a/etc/etr.profile b/etc/etr.profile index ad2e5be5d..5c01636cc 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/etr.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.etr | 8 | noblacklist ${HOME}/.etr |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
20 | 18 | ||
21 | caps.drop all | 19 | caps.drop all |
22 | net none | 20 | net none |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/evince.profile b/etc/evince.profile index 72c1ffc97..08c82086b 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/evince.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/evince | 8 | noblacklist ${HOME}/.config/evince |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +19,7 @@ machine-id | |||
21 | # net none breaks AppArmor on Ubuntu systems | 19 | # net none breaks AppArmor on Ubuntu systems |
22 | netfilter | 20 | netfilter |
23 | no3d | 21 | no3d |
22 | # nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 18d1e3c81..8ab6012f5 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | noblacklist /usr/bin/perl | 11 | noblacklist /usr/bin/perl |
@@ -21,6 +20,7 @@ include /etc/firejail/disable-programs.inc | |||
21 | caps.drop all | 20 | caps.drop all |
22 | net none | 21 | net none |
23 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 24 | nodvd |
25 | nogroups | 25 | nogroups |
26 | nonewprivs | 26 | nonewprivs |
diff --git a/etc/feh.profile b/etc/feh.profile index 1320434f1..ba7a76c49 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/feh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | net none | 14 | net none |
17 | no3d | 15 | no3d |
16 | nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index acea1e834..538179107 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -6,8 +6,6 @@ include /etc/firejail/ffmpeg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | caps.drop all | 16 | caps.drop all |
19 | net none | 17 | net none |
20 | no3d | 18 | no3d |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nosound | 21 | nosound |
23 | notv | 22 | notv |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index bc4e70da4..eb76d1dbb 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/file-roller.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -14,9 +12,11 @@ include /etc/firejail/disable-programs.inc | |||
14 | 12 | ||
15 | include /etc/firejail/whitelist-var-common.inc | 13 | include /etc/firejail/whitelist-var-common.inc |
16 | 14 | ||
15 | apparmor | ||
17 | caps.drop all | 16 | caps.drop all |
18 | # net none - makes settings immutable | 17 | net none |
19 | no3d | 18 | no3d |
19 | nodbus | ||
20 | nodvd | 20 | nodvd |
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/file.profile b/etc/file.profile index 041bf5ae5..2bdbaaaa8 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -6,7 +6,6 @@ include /etc/firejail/file.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
@@ -17,6 +16,7 @@ caps.drop all | |||
17 | hostname file | 16 | hostname file |
18 | net none | 17 | net none |
19 | no3d | 18 | no3d |
19 | nodbus | ||
20 | nodvd | 20 | nodvd |
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/freecad.profile b/etc/freecad.profile index bac502a5f..c51d88f7a 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/freecad.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/FreeCAD | 8 | noblacklist ${HOME}/.config/FreeCAD |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | ipc-namespace | 16 | ipc-namespace |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index ca38ed1b8..8acd32bdd 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/frozen-bubble.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.frozen-bubble | 8 | noblacklist ${HOME}/.frozen-bubble |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
21 | 19 | ||
22 | caps.drop all | 20 | caps.drop all |
23 | net none | 21 | net none |
22 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/galculator.profile b/etc/galculator.profile index b28c7943f..8229f8250 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/galculator.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/galculator | 8 | noblacklist ${HOME}/.config/galculator |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -22,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
22 | apparmor | 20 | apparmor |
23 | caps.drop all | 21 | caps.drop all |
24 | net none | 22 | net none |
23 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 97eb692de..e78b8a708 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/gedit.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.config/enchant | 8 | noblacklist ${HOME}/.config/enchant |
11 | noblacklist ${HOME}/.config/gedit | 9 | noblacklist ${HOME}/.config/gedit |
12 | noblacklist ${HOME}/.gitconfig | 10 | noblacklist ${HOME}/.gitconfig |
@@ -18,10 +16,12 @@ include /etc/firejail/disable-programs.inc | |||
18 | 16 | ||
19 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
20 | 18 | ||
19 | # apparmor - makes settings immutable | ||
21 | caps.drop all | 20 | caps.drop all |
22 | # net none - makes settings immutable | ||
23 | machine-id | 21 | machine-id |
22 | # net none - makes settings immutable | ||
24 | no3d | 23 | no3d |
24 | # nodbus - makes settings immutable | ||
25 | nodvd | 25 | nodvd |
26 | nogroups | 26 | nogroups |
27 | nonewprivs | 27 | nonewprivs |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 3cc012a88..630f02229 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/gimp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.gimp* | 8 | noblacklist ${HOME}/.gimp* |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -15,9 +13,10 @@ include /etc/firejail/disable-programs.inc | |||
15 | 13 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 14 | include /etc/firejail/whitelist-var-common.inc |
17 | 15 | ||
18 | apparmor | 16 | # apparmor - makes settings immutable |
19 | caps.drop all | 17 | caps.drop all |
20 | net none | 18 | # net none - makes settings immutable |
19 | # nodbus - makes settings immutable | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index d13208a1e..9d737efb1 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -14,10 +14,11 @@ include /etc/firejail/disable-programs.inc | |||
14 | include /etc/firejail/whitelist-common.inc | 14 | include /etc/firejail/whitelist-common.inc |
15 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
16 | 16 | ||
17 | apparmor | 17 | # apparmor - makes settings immutable |
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | # net none - makes settings immutable |
20 | no3d | 20 | no3d |
21 | # nodbus - makes settings immutable | ||
21 | nodvd | 22 | nodvd |
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 8d47d9c31..c6453e972 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/gpicview.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/gpicview | 8 | noblacklist ${HOME}/.config/gpicview |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | 16 | ||
19 | caps.drop all | 17 | caps.drop all |
20 | net none | 18 | net none |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index d79b72152..d17be41cc 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/gwenview.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/gwenviewrc | 8 | noblacklist ${HOME}/.config/gwenviewrc |
11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc | 9 | noblacklist ${HOME}/.config/org.kde.gwenviewrc |
12 | noblacklist ${HOME}/.gimp* | 10 | noblacklist ${HOME}/.gimp* |
@@ -24,8 +22,10 @@ include /etc/firejail/disable-programs.inc | |||
24 | 22 | ||
25 | include /etc/firejail/whitelist-var-common.inc | 23 | include /etc/firejail/whitelist-var-common.inc |
26 | 24 | ||
25 | apparmor | ||
27 | caps.drop all | 26 | caps.drop all |
28 | # net none | 27 | # net none |
28 | # nodbus | ||
29 | nodvd | 29 | nodvd |
30 | nogroups | 30 | nogroups |
31 | nonewprivs | 31 | nonewprivs |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 5187bb9f0..779067770 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/gzip.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | ignore noroot | 11 | ignore noroot |
13 | net none | 12 | net none |
14 | no3d | 13 | no3d |
14 | nodbus | ||
15 | nodvd | 15 | nodvd |
16 | nosound | 16 | nosound |
17 | notv | 17 | notv |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index b99842d60..ff9dd248f 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
17 | apparmor | 17 | apparmor |
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | nodbus | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index ad1aae523..c8ab268c8 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -6,8 +6,6 @@ include /etc/firejail/hashcat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | noblacklist ${HOME}/.hashcat | 9 | noblacklist ${HOME}/.hashcat |
12 | noblacklist /usr/include | 10 | noblacklist /usr/include |
13 | 11 | ||
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | 16 | ||
19 | caps.drop all | 17 | caps.drop all |
20 | net none | 18 | net none |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/highlight.profile b/etc/highlight.profile index a7c667ce1..781866f3b 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/highlight.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
10 | 9 | ||
11 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 15 | caps.drop all |
17 | net none | 16 | net none |
18 | no3d | 17 | no3d |
18 | nodbus | ||
19 | nodvd | 19 | nodvd |
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/hugin.profile b/etc/hugin.profile index bff074b74..3847a7daf 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/hugin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.hugin | 8 | noblacklist ${HOME}/.hugin |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 14 | ||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
17 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
diff --git a/etc/imagej.profile b/etc/imagej.profile index 058da2805..7396160af 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/imagej.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.imagej | 8 | noblacklist ${HOME}/.imagej |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | ipc-namespace | 16 | ipc-namespace |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 5a19a75f1..8c157bf2a 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -14,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 12 | ||
15 | caps.drop all | 13 | caps.drop all |
16 | net none | 14 | net none |
15 | nodbus | ||
17 | nodvd | 16 | nodvd |
18 | nogroups | 17 | nogroups |
19 | nonewprivs | 18 | nonewprivs |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index b50d6d7c3..af24bc3e9 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -18,7 +18,8 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | 18 | ||
19 | apparmor | 19 | apparmor |
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | net none |
22 | nodbus | ||
22 | nodvd | 23 | nodvd |
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index bf461b93d..f70eff3e4 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/jd-gui.cfg | 8 | noblacklist ${HOME}/.config/jd-gui.cfg |
11 | noblacklist ${HOME}/.java | 9 | noblacklist ${HOME}/.java |
12 | 10 | ||
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | caps.drop all | 16 | caps.drop all |
19 | net none | 17 | net none |
20 | no3d | 18 | no3d |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/kate.profile b/etc/kate.profile index 6808aa875..b3c1e81d8 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/kate.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/katemetainfos | 8 | noblacklist ${HOME}/.config/katemetainfos |
11 | noblacklist ${HOME}/.config/katepartrc | 9 | noblacklist ${HOME}/.config/katepartrc |
12 | noblacklist ${HOME}/.config/katerc | 10 | noblacklist ${HOME}/.config/katerc |
@@ -22,9 +20,10 @@ include /etc/firejail/disable-programs.inc | |||
22 | 20 | ||
23 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
24 | 22 | ||
25 | apparmor | 23 | # apparmor |
26 | caps.drop all | 24 | caps.drop all |
27 | # net none | 25 | # net none |
26 | # nodbus | ||
28 | netfilter | 27 | netfilter |
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 3f024f3fa..86a3b1462 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -20,9 +20,11 @@ whitelist ${HOME}/.kde4/share/config/kcalcrc | |||
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | 21 | include /etc/firejail/whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | ||
23 | caps.drop all | 24 | caps.drop all |
24 | netfilter | 25 | net none |
25 | no3d | 26 | no3d |
27 | nodbus | ||
26 | nodvd | 28 | nodvd |
27 | nogroups | 29 | nogroups |
28 | nonewprivs | 30 | nonewprivs |
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 5c770856a..819279b10 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/kdenlive.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | noblacklist ${HOME}/.cache/kdenlive | 8 | noblacklist ${HOME}/.cache/kdenlive |
10 | noblacklist ${HOME}/.config/kdenliverc | 9 | noblacklist ${HOME}/.config/kdenliverc |
11 | noblacklist ${HOME}/.local/share/kdenlive | 10 | noblacklist ${HOME}/.local/share/kdenlive |
@@ -18,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | apparmor | 17 | apparmor |
19 | caps.drop all | 18 | caps.drop all |
20 | # net none | 19 | # net none |
20 | # nodbus | ||
21 | nodvd | 21 | nodvd |
22 | nogroups | 22 | nogroups |
23 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 91ead4bfa..14af2682c 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/keepassx.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/*.kdb | 8 | noblacklist ${HOME}/*.kdb |
11 | noblacklist ${HOME}/*.kdbx | 9 | noblacklist ${HOME}/*.kdbx |
12 | noblacklist ${HOME}/.config/keepassx | 10 | noblacklist ${HOME}/.config/keepassx |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 8b760cb02..0e464cbe4 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/keepassxc.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/*.kdb | 8 | noblacklist ${HOME}/*.kdb |
11 | noblacklist ${HOME}/*.kdbx | 9 | noblacklist ${HOME}/*.kdbx |
12 | noblacklist ${HOME}/.config/keepassxc | 10 | noblacklist ${HOME}/.config/keepassxc |
@@ -22,6 +20,7 @@ include /etc/firejail/disable-programs.inc | |||
22 | include /etc/firejail/whitelist-var-common.inc | 20 | include /etc/firejail/whitelist-var-common.inc |
23 | 21 | ||
24 | caps.drop all | 22 | caps.drop all |
23 | machine-id | ||
25 | net none | 24 | net none |
26 | no3d | 25 | no3d |
27 | nodvd | 26 | nodvd |
diff --git a/etc/krita.profile b/etc/krita.profile index 0f4c5210b..24948c584 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/krita.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | noblacklist ${HOME}/.config/kritarc | 8 | noblacklist ${HOME}/.config/kritarc |
10 | noblacklist ${HOME}/.local/share/krita | 9 | noblacklist ${HOME}/.local/share/krita |
11 | 10 | ||
@@ -18,6 +17,7 @@ apparmor | |||
18 | caps.drop all | 17 | caps.drop all |
19 | ipc-namespace | 18 | ipc-namespace |
20 | # net none | 19 | # net none |
20 | # nodbus | ||
21 | nodvd | 21 | nodvd |
22 | nogroups | 22 | nogroups |
23 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 1c4e50b77..ac51259c0 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/kwrite.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/katepartrc | 8 | noblacklist ${HOME}/.config/katepartrc |
11 | noblacklist ${HOME}/.config/katerc | 9 | noblacklist ${HOME}/.config/katerc |
12 | noblacklist ${HOME}/.config/kateschemarc | 10 | noblacklist ${HOME}/.config/kateschemarc |
@@ -26,6 +24,7 @@ apparmor | |||
26 | caps.drop all | 24 | caps.drop all |
27 | # net none | 25 | # net none |
28 | netfilter | 26 | netfilter |
27 | # nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
diff --git a/etc/less.profile b/etc/less.profile index 3b1c5d6bf..e2616ba4f 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/less.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | ignore noroot | 11 | ignore noroot |
13 | net none | 12 | net none |
14 | no3d | 13 | no3d |
14 | nodbus | ||
15 | nodvd | 15 | nodvd |
16 | nosound | 16 | nosound |
17 | notv | 17 | notv |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index ceb680951..15961321e 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -21,6 +21,7 @@ apparmor | |||
21 | caps.drop all | 21 | caps.drop all |
22 | machine-id | 22 | machine-id |
23 | netfilter | 23 | netfilter |
24 | nodbus | ||
24 | nodvd | 25 | nodvd |
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
diff --git a/etc/lmms.profile b/etc/lmms.profile index b2bacb246..a9fecf5be 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/lmms.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.lmmsrc.xml | 8 | noblacklist ${HOME}/.lmmsrc.xml |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -18,6 +16,7 @@ caps.drop all | |||
18 | ipc-namespace | 16 | ipc-namespace |
19 | net none | 17 | net none |
20 | no3d | 18 | no3d |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index f8c5c34ca..948c7226d 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/macrofusion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/mfusion | 8 | noblacklist ${HOME}/.config/mfusion |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | ipc-namespace | 16 | ipc-namespace |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index be5dac206..f452b751a 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/mate-calc.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/mate-calc | 8 | noblacklist ${HOME}/.config/mate-calc |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -24,6 +22,7 @@ whitelist ${HOME}/.themes | |||
24 | caps.drop all | 22 | caps.drop all |
25 | net none | 23 | net none |
26 | no3d | 24 | no3d |
25 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index de9297174..c3c84ed39 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/mediainfo.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
10 | 9 | ||
11 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 15 | caps.drop all |
17 | net none | 16 | net none |
18 | no3d | 17 | no3d |
18 | nodbus | ||
19 | nodvd | 19 | nodvd |
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/meld.profile b/etc/meld.profile index 1a451ff57..78d9e0c76 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/meld.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.local/share/meld | 8 | noblacklist ${HOME}/.local/share/meld |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
19 | no3d | 17 | no3d |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/mpv.profile b/etc/mpv.profile index a4dc679f4..dcd8b05e1 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | apparmor | 18 | apparmor |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodbus | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 9e04c3a81..af5859dbc 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/mupdf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | machine-id | 16 | machine-id |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index e05babc91..2e3d7cfb8 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/mupen64plus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/mupen64plus | 8 | noblacklist ${HOME}/.config/mupen64plus |
11 | noblacklist ${HOME}/.local/share/mupen64plus | 9 | noblacklist ${HOME}/.local/share/mupen64plus |
12 | 10 | ||
@@ -24,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 22 | ||
25 | caps.drop all | 23 | caps.drop all |
26 | net none | 24 | net none |
25 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nonewprivs | 27 | nonewprivs |
29 | noroot | 28 | noroot |
diff --git a/etc/natron.profile b/etc/natron.profile index 413ea53f9..cf01c862c 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/natron.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.Natron | 8 | noblacklist ${HOME}/.Natron |
11 | noblacklist ${HOME}/.cache/INRIA/Natron | 9 | noblacklist ${HOME}/.cache/INRIA/Natron |
12 | noblacklist ${HOME}/.config/INRIA | 10 | noblacklist ${HOME}/.config/INRIA |
@@ -19,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 17 | ||
20 | caps.drop all | 18 | caps.drop all |
21 | net none | 19 | net none |
20 | nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index b6d4a63b5..c807a5399 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/odt2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
10 | 9 | ||
11 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 15 | caps.drop all |
17 | net none | 16 | net none |
18 | no3d | 17 | no3d |
18 | nodbus | ||
19 | nodvd | 19 | nodvd |
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/okular.profile b/etc/okular.profile index ffe0d2bfb..f1f0b2c7e 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/okular.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.cache/okular | 8 | noblacklist ${HOME}/.cache/okular |
11 | noblacklist ${HOME}/.config/okularpartrc | 9 | noblacklist ${HOME}/.config/okularpartrc |
12 | noblacklist ${HOME}/.config/okularrc | 10 | noblacklist ${HOME}/.config/okularrc |
@@ -30,6 +28,7 @@ caps.drop all | |||
30 | machine-id | 28 | machine-id |
31 | # net none | 29 | # net none |
32 | netfilter | 30 | netfilter |
31 | # nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 191f8d87b..3c3609dae 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/open-invaders.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.openinvaders | 8 | noblacklist ${HOME}/.openinvaders |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | 18 | ||
21 | caps.drop all | 19 | caps.drop all |
22 | net none | 20 | net none |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/openshot.profile b/etc/openshot.profile index ca9110be6..b9eb29590 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | apparmor | 18 | apparmor |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodbus | ||
21 | nodvd | 22 | nodvd |
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 08c607020..0dcd21549 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/pcmanfm.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.local/share/Trash | 8 | noblacklist ${HOME}/.local/share/Trash |
11 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below | 9 | # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below |
12 | # noblacklist ${HOME}/.config/pcmanfm | 10 | # noblacklist ${HOME}/.config/pcmanfm |
@@ -19,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
19 | caps.drop all | 17 | caps.drop all |
20 | # net none - see issue #1467, computer:/// location broken | 18 | # net none - see issue #1467, computer:/// location broken |
21 | no3d | 19 | no3d |
20 | # nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nonewprivs | 22 | nonewprivs |
24 | noroot | 23 | noroot |
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index d43c0911e..b4ccb6003 100755 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
@@ -5,9 +5,6 @@ include /etc/firejail/pdfchain.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | |||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-programs.inc | 9 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -19,6 +16,7 @@ caps.drop all | |||
19 | ipc-namespace | 16 | ipc-namespace |
20 | net none | 17 | net none |
21 | no3d | 18 | no3d |
19 | nodbus | ||
22 | nogroups | 20 | nogroups |
23 | nonewprivs | 21 | nonewprivs |
24 | noroot | 22 | noroot |
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 8ac09dcdc..9b08dfd84 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/pdfmod.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.cache/pdfmod | 8 | noblacklist ${HOME}/.cache/pdfmod |
11 | noblacklist ${HOME}/.config/pdfmod | 9 | noblacklist ${HOME}/.config/pdfmod |
12 | 10 | ||
@@ -22,6 +20,7 @@ ipc-namespace | |||
22 | machine-id | 20 | machine-id |
23 | net none | 21 | net none |
24 | no3d | 22 | no3d |
23 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index c1515ab73..465f68fd6 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/pdfsam.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -18,6 +16,7 @@ caps.drop all | |||
18 | machine-id | 16 | machine-id |
19 | net none | 17 | net none |
20 | no3d | 18 | no3d |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 736faa5ea..a97063754 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/pdftotext.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 8 | blacklist /tmp/.X11-unix |
10 | 9 | ||
11 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -19,6 +18,7 @@ caps.drop all | |||
19 | machine-id | 18 | machine-id |
20 | net none | 19 | net none |
21 | no3d | 20 | no3d |
21 | nodbus | ||
22 | nodvd | 22 | nodvd |
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/peek.profile b/etc/peek.profile index 01db4fa08..7b7ab9470 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/peek.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.cache/peek | 8 | noblacklist ${HOME}/.cache/peek |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
19 | no3d | 17 | no3d |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/pingus.profile b/etc/pingus.profile index ec7eff632..b287e7ee8 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/pingus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.pingus | 8 | noblacklist ${HOME}/.pingus |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | 18 | ||
21 | caps.drop all | 19 | caps.drop all |
22 | net none | 20 | net none |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 4a8815a73..b51521ef7 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/pinta.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/Pinta | 8 | noblacklist ${HOME}/.config/Pinta |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | ipc-namespace | 16 | ipc-namespace |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/pluma.profile b/etc/pluma.profile index b50e3cbaf..d0acfeb1a 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/pluma.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.config/pluma | 8 | noblacklist ${HOME}/.config/pluma |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,10 +14,12 @@ include /etc/firejail/disable-programs.inc | |||
16 | 14 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
18 | 16 | ||
17 | # apparmor - makes settings immutable | ||
19 | caps.drop all | 18 | caps.drop all |
20 | # net none - makes settings immutable | ||
21 | machine-id | 19 | machine-id |
20 | # net none - makes settings immutable | ||
22 | no3d | 21 | no3d |
22 | # nodbus - makes settings immutable | ||
23 | nodvd | 23 | nodvd |
24 | nogroups | 24 | nogroups |
25 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 8df8177eb..14a9e8adc 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -30,6 +30,7 @@ apparmor | |||
30 | caps.drop all | 30 | caps.drop all |
31 | machine-id | 31 | machine-id |
32 | netfilter | 32 | netfilter |
33 | nodbus | ||
33 | nodvd | 34 | nodvd |
34 | nogroups | 35 | nogroups |
35 | nonewprivs | 36 | nonewprivs |
diff --git a/etc/ranger.profile b/etc/ranger.profile index 211a1b2d5..fd5bbf89c 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/ranger.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | # noblacklist /usr/bin/cpan* | 8 | # noblacklist /usr/bin/cpan* |
11 | noblacklist /usr/bin/perl | 9 | noblacklist /usr/bin/perl |
12 | noblacklist /usr/lib/perl* | 10 | noblacklist /usr/lib/perl* |
@@ -20,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | 18 | ||
21 | caps.drop all | 19 | caps.drop all |
22 | net none | 20 | net none |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index a20bdb883..6322f8217 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -13,10 +13,11 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | 14 | include /etc/firejail/whitelist-var-common.inc |
15 | 15 | ||
16 | apparmor | 16 | # apparmor - makes settings immutable |
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | # no3d | 19 | # no3d |
20 | # nodbus - makes settings immutable | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
diff --git a/etc/scribus.profile b/etc/scribus.profile index 8ce63fbf0..f9f585a20 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/scribus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | # Support for PDF readers comes with Scribus 1.5 and higher | 8 | # Support for PDF readers comes with Scribus 1.5 and higher |
11 | noblacklist ${HOME}/.cache/okular | 9 | noblacklist ${HOME}/.cache/okular |
12 | noblacklist ${HOME}/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
@@ -33,6 +31,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
33 | 31 | ||
34 | caps.drop all | 32 | caps.drop all |
35 | net none | 33 | net none |
34 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -48,3 +47,6 @@ tracelog | |||
48 | # private-bin scribus,gs,gimp* | 47 | # private-bin scribus,gs,gimp* |
49 | private-dev | 48 | private-dev |
50 | private-tmp | 49 | private-tmp |
50 | |||
51 | noexec ${HOME} | ||
52 | noexec /tmp | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index bc94ae2a0..2f3d94f01 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -6,8 +6,6 @@ include /etc/firejail/sdat2img.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 14 | caps.drop all |
17 | net none | 15 | net none |
18 | no3d | 16 | no3d |
17 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index 3f2cc3d33..293a89ba3 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/shotcut.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/Meltytech | 8 | noblacklist ${HOME}/.config/Meltytech |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 14 | ||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
17 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 8b4113d2f..adde3f8ce 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/simutrans.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.simutrans | 8 | noblacklist ${HOME}/.simutrans |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | 18 | ||
21 | caps.drop all | 19 | caps.drop all |
22 | net none | 20 | net none |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 316cf5821..4fa649654 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/skanlite.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | # net none | 14 | # net none |
17 | netfilter | 15 | netfilter |
16 | # nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 64eff5670..60af4cf17 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
18 | apparmor | 18 | apparmor |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | # nodbus | ||
21 | # nogroups | 22 | # nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 933d55b79..22c37645d 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/sqlitebrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/sqlitebrowser | 8 | noblacklist ${HOME}/.config/sqlitebrowser |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 15 | caps.drop all |
18 | net none | 16 | net none |
19 | no3d | 17 | no3d |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/strings.profile b/etc/strings.profile index 09273f35d..8995ad2a6 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/strings.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | ignore noroot | 11 | ignore noroot |
13 | net none | 12 | net none |
14 | no3d | 13 | no3d |
14 | nodbus | ||
15 | nodvd | 15 | nodvd |
16 | nosound | 16 | nosound |
17 | notv | 17 | notv |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index d60d7fa5f..24f42c276 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/supertux2.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.local/share/supertux2 | 8 | noblacklist ${HOME}/.local/share/supertux2 |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -21,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
21 | 19 | ||
22 | caps.drop all | 20 | caps.drop all |
23 | net none | 21 | net none |
22 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 415a42cf5..be9c2aa64 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/synfigstudio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/synfig | 8 | noblacklist ${HOME}/.config/synfig |
11 | noblacklist ${HOME}/.synfig | 9 | noblacklist ${HOME}/.synfig |
12 | 10 | ||
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | 15 | ||
18 | caps.drop all | 16 | caps.drop all |
19 | net none | 17 | net none |
18 | nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/tar.profile b/etc/tar.profile index bd7973abf..5f54bf02d 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -6,13 +6,13 @@ include /etc/firejail/tar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | hostname tar | 11 | hostname tar |
13 | ignore noroot | 12 | ignore noroot |
14 | net none | 13 | net none |
15 | no3d | 14 | no3d |
15 | nodbus | ||
16 | nodvd | 16 | nodvd |
17 | nosound | 17 | nosound |
18 | notv | 18 | notv |
diff --git a/etc/terasology.profile b/etc/terasology.profile index ea25938d3..e671c4dc3 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/terasology.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.java | 8 | noblacklist ${HOME}/.java |
11 | noblacklist ${HOME}/.local/share/terasology | 9 | noblacklist ${HOME}/.local/share/terasology |
12 | 10 | ||
@@ -25,6 +23,7 @@ caps.drop all | |||
25 | ipc-namespace | 23 | ipc-namespace |
26 | net none | 24 | net none |
27 | netfilter | 25 | netfilter |
26 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
diff --git a/etc/totem.profile b/etc/totem.profile index 6dbc5f0c2..ad3845d90 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -15,9 +15,10 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | 18 | # apparmor - makes settings immutable |
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | # nodbus - makes settings immutable | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 3d249748d..ee044aa0d 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -25,6 +25,7 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
27 | netfilter | 27 | netfilter |
28 | nodbus | ||
28 | nodvd | 29 | nodvd |
29 | nonewprivs | 30 | nonewprivs |
30 | noroot | 31 | noroot |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 4f4d9bac1..a8fb80fd8 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -25,6 +25,7 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
27 | netfilter | 27 | netfilter |
28 | nodbus | ||
28 | nodvd | 29 | nodvd |
29 | nonewprivs | 30 | nonewprivs |
30 | noroot | 31 | noroot |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 135371747..575bf77dc 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/transmission-show.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.cache/transmission | 8 | noblacklist ${HOME}/.cache/transmission |
11 | noblacklist ${HOME}/.config/transmission | 9 | noblacklist ${HOME}/.config/transmission |
12 | 10 | ||
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | caps.drop all | 16 | caps.drop all |
19 | machine-id | 17 | machine-id |
20 | net none | 18 | net none |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nonewprivs | 21 | nonewprivs |
23 | noroot | 22 | noroot |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 6cff5249c..a10b44fb1 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/uefitool.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -16,6 +14,7 @@ caps.drop all | |||
16 | ipc-namespace | 14 | ipc-namespace |
17 | net none | 15 | net none |
18 | no3d | 16 | no3d |
17 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
diff --git a/etc/unrar.profile b/etc/unrar.profile index f7e25d5d7..ba2a86f4c 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -6,13 +6,13 @@ include /etc/firejail/unrar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | hostname unrar | 11 | hostname unrar |
13 | ignore noroot | 12 | ignore noroot |
14 | net none | 13 | net none |
15 | no3d | 14 | no3d |
15 | nodbus | ||
16 | nodvd | 16 | nodvd |
17 | nosound | 17 | nosound |
18 | notv | 18 | notv |
diff --git a/etc/unzip.profile b/etc/unzip.profile index fe16c670d..fddc79260 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -6,13 +6,13 @@ include /etc/firejail/unzip.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | hostname unzip | 11 | hostname unzip |
13 | ignore noroot | 12 | ignore noroot |
14 | net none | 13 | net none |
15 | no3d | 14 | no3d |
15 | nodbus | ||
16 | nodvd | 16 | nodvd |
17 | nosound | 17 | nosound |
18 | notv | 18 | notv |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index f7699552d..b64ecaa3e 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -6,11 +6,10 @@ include /etc/firejail/uudeview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
11 | hostname uudeview | 9 | hostname uudeview |
12 | ignore noroot | 10 | ignore noroot |
13 | net none | 11 | net none |
12 | nodbus | ||
14 | nodvd | 13 | nodvd |
15 | nosound | 14 | nosound |
16 | notv | 15 | notv |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 39bf3f7ce..135147266 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -5,7 +5,6 @@ include /etc/firejail/viewnior.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | blacklist ${HOME}/.bashrc | 8 | blacklist ${HOME}/.bashrc |
10 | 9 | ||
11 | noblacklist ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
@@ -20,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | caps.drop all | 19 | caps.drop all |
21 | net none | 20 | net none |
22 | no3d | 21 | no3d |
22 | nodbus | ||
23 | nodvd | 23 | nodvd |
24 | nogroups | 24 | nogroups |
25 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 2817154bd..0b362eb32 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
19 | apparmor | 19 | apparmor |
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | # nodbus | ||
22 | # nogroups | 23 | # nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index 67707ffb8..ac8f0fe2a 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
@@ -5,12 +5,11 @@ include /etc/firejail/x-terminal-emulator.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | caps.drop all | 8 | caps.drop all |
11 | ipc-namespace | 9 | ipc-namespace |
12 | net none | 10 | net none |
13 | netfilter | 11 | netfilter |
12 | nodbus | ||
14 | nogroups | 13 | nogroups |
15 | noroot | 14 | noroot |
16 | protocol unix | 15 | protocol unix |
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index 467f96003..8493fe658 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/xcalc.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -18,6 +16,7 @@ caps.drop all | |||
18 | net none | 16 | net none |
19 | netfilter | 17 | netfilter |
20 | no3d | 18 | no3d |
19 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
diff --git a/etc/xed.profile b/etc/xed.profile index e4ab673e8..5d46560b7 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/xed.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.config/xed | 8 | noblacklist ${HOME}/.config/xed |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -16,10 +14,12 @@ include /etc/firejail/disable-programs.inc | |||
16 | 14 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 15 | include /etc/firejail/whitelist-var-common.inc |
18 | 16 | ||
17 | # apparmor - makes settings immutable | ||
19 | caps.drop all | 18 | caps.drop all |
20 | # net none - makes settings immutable | ||
21 | machine-id | 19 | machine-id |
20 | # net none - makes settings immutable | ||
22 | no3d | 21 | no3d |
22 | # nodbus - makes settings immutable | ||
23 | nodvd | 23 | nodvd |
24 | nogroups | 24 | nogroups |
25 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 7b8042e5c..9eeda4d29 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/xpdf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.xpdfrc | 8 | noblacklist ${HOME}/.xpdfrc |
11 | 9 | ||
12 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
@@ -20,6 +18,7 @@ caps.drop all | |||
20 | machine-id | 18 | machine-id |
21 | net none | 19 | net none |
22 | no3d | 20 | no3d |
21 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 8ea361d79..7e475bd58 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -15,8 +15,10 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | 16 | include /etc/firejail/whitelist-var-common.inc |
17 | 17 | ||
18 | # apparmor - makes settings immutable | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | netfilter |
21 | # nodbus - makes settings immutable | ||
20 | nogroups | 22 | nogroups |
21 | nonewprivs | 23 | nonewprivs |
22 | noroot | 24 | noroot |
diff --git a/etc/xreader.profile b/etc/xreader.profile index 00bd1ee2f..1ddfad26f 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
18 | 18 | ||
19 | # apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | no3d | 21 | no3d |
21 | nodvd | 22 | nodvd |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7c4ede111..26f9f0238 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/xviewer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.Steam | 8 | noblacklist ${HOME}/.Steam |
11 | noblacklist ${HOME}/.config/xviewer | 9 | noblacklist ${HOME}/.config/xviewer |
12 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
@@ -19,9 +17,11 @@ include /etc/firejail/disable-programs.inc | |||
19 | 17 | ||
20 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
21 | 19 | ||
20 | # apparmor - makes settings immutable | ||
22 | caps.drop all | 21 | caps.drop all |
23 | # net none - makes settings immutable | 22 | # net none - makes settings immutable |
24 | no3d | 23 | no3d |
24 | # nodbus - makes settings immutable | ||
25 | nodvd | 25 | nodvd |
26 | nogroups | 26 | nogroups |
27 | nonewprivs | 27 | nonewprivs |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 1136a6535..5913fd07a 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -6,12 +6,12 @@ include /etc/firejail/xzdec.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
11 | 10 | ||
12 | ignore noroot | 11 | ignore noroot |
13 | net none | 12 | net none |
14 | no3d | 13 | no3d |
14 | nodbus | ||
15 | nodvd | 15 | nodvd |
16 | nosound | 16 | nosound |
17 | notv | 17 | notv |
diff --git a/etc/zart.profile b/etc/zart.profile index e9fd9b3bd..60eb09c71 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/zart.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | 8 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 9 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | 10 | include /etc/firejail/disable-passwdmgr.inc |
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 13 | caps.drop all |
16 | ipc-namespace | 14 | ipc-namespace |
17 | net none | 15 | net none |
16 | nodbus | ||
18 | nodvd | 17 | nodvd |
19 | nogroups | 18 | nogroups |
20 | nonewprivs | 19 | nonewprivs |
diff --git a/etc/zathura.profile b/etc/zathura.profile index 288abb8ec..3edece779 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -5,8 +5,6 @@ include /etc/firejail/zathura.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
10 | noblacklist ${HOME}/.config/zathura | 8 | noblacklist ${HOME}/.config/zathura |
11 | noblacklist ${HOME}/.local/share/zathura | 9 | noblacklist ${HOME}/.local/share/zathura |
12 | 10 | ||
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | 15 | ||
18 | caps.drop all | 16 | caps.drop all |
19 | # net none | 17 | # net none |
18 | # nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
@@ -31,5 +30,6 @@ private-bin zathura | |||
31 | private-dev | 30 | private-dev |
32 | private-etc fonts | 31 | private-etc fonts |
33 | private-tmp | 32 | private-tmp |
33 | |||
34 | read-only ${HOME}/ | 34 | read-only ${HOME}/ |
35 | read-write ${HOME}/.local/share/zathura/ | 35 | read-write ${HOME}/.local/share/zathura/ |