diff options
Diffstat (limited to 'etc')
48 files changed, 67 insertions, 97 deletions
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 1ee50b4d4..52fd62ada 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/whitelist-common.inc | |||
9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | 13 | ||
13 | caps.drop all | 14 | caps.drop all |
14 | seccomp | 15 | seccomp |
diff --git a/etc/atril.profile b/etc/atril.profile index d0df28ac2..f142f50bc 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -2,16 +2,14 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | blacklist ${HOME}/.wine | ||
5 | 8 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
13 | netfilter | 12 | netfilter |
14 | noroot | 13 | noroot |
15 | |||
16 | tracelog | 14 | tracelog |
17 | 15 | ||
diff --git a/etc/audacious.profile b/etc/audacious.profile index 690463a46..0c79d02ac 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -2,11 +2,10 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | blacklist ${HOME}/.pki/nssdb | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | blacklist ${HOME}/.lastpass | 6 | |
7 | blacklist ${HOME}/.keepassx | ||
8 | blacklist ${HOME}/.password-store | ||
9 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 753e42480..fb84c260a 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -3,6 +3,7 @@ noblacklist /sbin | |||
3 | noblacklist /usr/sbin | 3 | noblacklist /usr/sbin |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | |||
6 | protocol unix,inet,inet6 | 7 | protocol unix,inet,inet6 |
7 | private | 8 | private |
8 | private-dev | 9 | private-dev |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 349cc7acf..3cc384b37 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -2,6 +2,9 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | blacklist ${HOME}/.wine | ||
5 | 8 | ||
6 | whitelist ${HOME}/cherrytree | 9 | whitelist ${HOME}/cherrytree |
7 | mkdir ~/.config | 10 | mkdir ~/.config |
@@ -10,6 +13,7 @@ whitelist ${HOME}/.config/cherrytree/ | |||
10 | mkdir ~/.local | 13 | mkdir ~/.local |
11 | mkdir ~/.local/share | 14 | mkdir ~/.local/share |
12 | whitelist ${HOME}/.local/share/ | 15 | whitelist ${HOME}/.local/share/ |
16 | |||
13 | caps.drop all | 17 | caps.drop all |
14 | seccomp | 18 | seccomp |
15 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
diff --git a/etc/chromium.profile b/etc/chromium.profile index 58f62daa2..7cf2853ca 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Chromium browser profile | 1 | # Chromium browser profile |
2 | noblacklist ~/.config/chromium | 2 | noblacklist ~/.config/chromium |
3 | noblacklist ~/.cache/chromium | 3 | noblacklist ~/.cache/chromium |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | 6 | ||
diff --git a/etc/clementine.profile b/etc/clementine.profile index cc0614551..a02e05f9c 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -2,11 +2,10 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | blacklist ${HOME}/.pki/nssdb | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | blacklist ${HOME}/.lastpass | 6 | |
7 | blacklist ${HOME}/.keepassx | ||
8 | blacklist ${HOME}/.password-store | ||
9 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 67e529d0a..007eef663 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -2,11 +2,13 @@ | |||
2 | noblacklist ${HOME}/.conkeror.mozdev.org | 2 | noblacklist ${HOME}/.conkeror.mozdev.org |
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | |||
5 | caps.drop all | 6 | caps.drop all |
6 | seccomp | 7 | seccomp |
7 | protocol unix,inet,inet6 | 8 | protocol unix,inet,inet6 |
8 | netfilter | 9 | netfilter |
9 | noroot | 10 | noroot |
11 | |||
10 | whitelist ~/.conkeror.mozdev.org | 12 | whitelist ~/.conkeror.mozdev.org |
11 | whitelist ~/Downloads | 13 | whitelist ~/Downloads |
12 | whitelist ~/dwhelper | 14 | whitelist ~/dwhelper |
@@ -18,6 +20,4 @@ whitelist ~/.vimperator | |||
18 | whitelist ~/.pentadactylrc | 20 | whitelist ~/.pentadactylrc |
19 | whitelist ~/.pentadactyl | 21 | whitelist ~/.pentadactyl |
20 | whitelist ~/.conkerorrc | 22 | whitelist ~/.conkerorrc |
21 | |||
22 | # common | ||
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 89661d83c..dbf4531c4 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -2,11 +2,10 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | blacklist ${HOME}/.pki/nssdb | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | blacklist ${HOME}/.lastpass | 6 | |
7 | blacklist ${HOME}/.keepassx | ||
8 | blacklist ${HOME}/.password-store | ||
9 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/deluge.profile b/etc/deluge.profile index eef2a42ee..9b2c65656 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -2,11 +2,10 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | blacklist ${HOME}/.pki/nssdb | 5 | include /etc/firejail/disable-passwdmgr.inc |
6 | blacklist ${HOME}/.lastpass | 6 | |
7 | blacklist ${HOME}/.keepassx | ||
8 | blacklist ${HOME}/.password-store | ||
9 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
10 | caps.drop all | 9 | caps.drop all |
11 | seccomp | 10 | seccomp |
12 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc new file mode 100644 index 000000000..c1e68d1ec --- /dev/null +++ b/etc/disable-passwdmgr.inc | |||
@@ -0,0 +1,6 @@ | |||
1 | blacklist ${HOME}/.pki/nssdb | ||
2 | blacklist ${HOME}/.lastpass | ||
3 | blacklist ${HOME}/.keepassx | ||
4 | blacklist ${HOME}/.password-store | ||
5 | blacklist ${HOME}/keepassx.kdbx | ||
6 | |||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index dc6b783ee..bd7e19dc2 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -4,6 +4,8 @@ noblacklist /usr/sbin | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
7 | private | 9 | private |
8 | private-dev | 10 | private-dev |
9 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 11 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 3b48f0d49..ea0dc1fcb 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -1,11 +1,10 @@ | |||
1 | # dropbox profile | 1 | # dropbox profile |
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | blacklist ${HOME}/.pki/nssdb | 4 | include /etc/firejail/disable-passwdmgr.inc |
5 | blacklist ${HOME}/.lastpass | 5 | |
6 | blacklist ${HOME}/.keepassx | ||
7 | blacklist ${HOME}/.password-store | ||
8 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
7 | |||
9 | caps | 8 | caps |
10 | seccomp | 9 | seccomp |
11 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 1c46f8b3e..37277e3d1 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -2,7 +2,9 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | |||
5 | blacklist ${HOME}/.wine | 6 | blacklist ${HOME}/.wine |
7 | |||
6 | caps.drop all | 8 | caps.drop all |
7 | seccomp | 9 | seccomp |
8 | protocol unix,inet,inet6 | 10 | protocol unix,inet,inet6 |
diff --git a/etc/evince.profile b/etc/evince.profile index 13b342f06..693593713 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -2,12 +2,10 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
11 | caps.drop all | 9 | caps.drop all |
12 | seccomp | 10 | seccomp |
13 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 4b45208d7..c45acc901 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -3,12 +3,10 @@ noblacklist ${HOME}/.FBReader | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 7 | ||
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist ${HOME}/.lastpass | ||
9 | blacklist ${HOME}/.keepassx | ||
10 | blacklist ${HOME}/.password-store | ||
11 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
9 | |||
12 | caps.drop all | 10 | caps.drop all |
13 | seccomp | 11 | seccomp |
14 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 09e56b1ce..dc677542f 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/disable-programs.inc | |||
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | 7 | ||
8 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
9 | |||
9 | caps.drop all | 10 | caps.drop all |
10 | seccomp | 11 | seccomp |
11 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 2d2716256..1ea94a2c7 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -2,7 +2,6 @@ | |||
2 | 2 | ||
3 | noblacklist ~/.mozilla | 3 | noblacklist ~/.mozilla |
4 | noblacklist ~/.cache/mozilla | 4 | noblacklist ~/.cache/mozilla |
5 | noblacklist ~/keepassx.kdbx | ||
6 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 3f6af42b1..94c672acf 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -7,7 +7,6 @@ | |||
7 | # | 7 | # |
8 | noblacklist ~/.config/slimjet | 8 | noblacklist ~/.config/slimjet |
9 | noblacklist ~/.cache/slimjet | 9 | noblacklist ~/.cache/slimjet |
10 | noblacklist ~/keepassx.kdbx | ||
11 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
13 | 12 | ||
diff --git a/etc/generic.profile b/etc/generic.profile index 2bf7a0703..f2c7d4114 100644 --- a/etc/generic.profile +++ b/etc/generic.profile | |||
@@ -3,11 +3,10 @@ | |||
3 | ################################ | 3 | ################################ |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | #blacklist ${HOME}/.wine | ||
6 | 9 | ||
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist ${HOME}/.lastpass | ||
9 | blacklist ${HOME}/.keepassx | ||
10 | blacklist ${HOME}/.password-store | ||
11 | caps.drop all | 10 | caps.drop all |
12 | seccomp | 11 | seccomp |
13 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 1138a73bd..a96b19ec3 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -2,12 +2,10 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
11 | caps.drop all | 9 | caps.drop all |
12 | seccomp | 10 | seccomp |
13 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 8ca049778..11f9f9e33 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Google Chrome beta browser profile | 1 | # Google Chrome beta browser profile |
2 | noblacklist ~/.config/google-chrome-beta | 2 | noblacklist ~/.config/google-chrome-beta |
3 | noblacklist ~/.cache/google-chrome-beta | 3 | noblacklist ~/.cache/google-chrome-beta |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | 6 | ||
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 3e238d8f8..f253e5a90 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Google Chrome unstable browser profile | 1 | # Google Chrome unstable browser profile |
2 | noblacklist ~/.config/google-chrome-unstable | 2 | noblacklist ~/.config/google-chrome-unstable |
3 | noblacklist ~/.cache/google-chrome-unstable | 3 | noblacklist ~/.cache/google-chrome-unstable |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | 6 | ||
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index afc57f948..5e168aae5 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Google Chrome browser profile | 1 | # Google Chrome browser profile |
2 | noblacklist ~/.config/google-chrome | 2 | noblacklist ~/.config/google-chrome |
3 | noblacklist ~/.cache/google-chrome | 3 | noblacklist ~/.cache/google-chrome |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | 6 | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 13a311070..53d0c2eaf 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -3,6 +3,7 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 7 | ||
7 | caps.drop all | 8 | caps.drop all |
8 | noroot | 9 | noroot |
@@ -12,3 +13,4 @@ tracelog | |||
12 | 13 | ||
13 | mkdir ~/.hedgewars | 14 | mkdir ~/.hedgewars |
14 | whitelist ~/.hedgewars | 15 | whitelist ~/.hedgewars |
16 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index 78e72a7a7..67a7b4eb1 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -3,11 +3,8 @@ noblacklist ${HOME}/.gnupg | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 7 | ||
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist ${HOME}/.lastpass | ||
9 | blacklist ${HOME}/.keepassx | ||
10 | blacklist ${HOME}/.password-store | ||
11 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
12 | 9 | ||
13 | caps.drop all | 10 | caps.drop all |
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index 88a7a8c7a..b6acf2587 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile | |||
@@ -2,11 +2,7 @@ | |||
2 | 2 | ||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | 5 | include /etc/firejail/disable-passwdmgr.inc | |
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | 6 | ||
11 | caps.drop all | 7 | caps.drop all |
12 | seccomp | 8 | seccomp |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 45dc4757f..101074c24 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -3,6 +3,7 @@ | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 7 | ||
7 | mkdir ${HOME}/.local | 8 | mkdir ${HOME}/.local |
8 | mkdir ${HOME}/.local/share | 9 | mkdir ${HOME}/.local/share |
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 7b74d6dd1..3d6edb286 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Opera-beta browser profile | 1 | # Opera-beta browser profile |
2 | noblacklist ~/.config/opera-beta | 2 | noblacklist ~/.config/opera-beta |
3 | noblacklist ~/.cache/opera-beta | 3 | noblacklist ~/.cache/opera-beta |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/opera.profile b/etc/opera.profile index 2d7a9ca06..11e6e2a6e 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Opera browser profile | 1 | # Opera browser profile |
2 | noblacklist ~/.config/opera | 2 | noblacklist ~/.config/opera |
3 | noblacklist ~/.cache/opera | 3 | noblacklist ~/.cache/opera |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/parole.profile b/etc/parole.profile index 9f63e5b16..0c9a72143 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -2,15 +2,11 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | private-etc passwd,group,fonts | 7 | private-etc passwd,group,fonts |
7 | private-bin parole,dbus-launch | 8 | private-bin parole,dbus-launch |
8 | 9 | ||
9 | blacklist ${HOME}/.pki/nssdb | ||
10 | blacklist ${HOME}/.lastpass | ||
11 | blacklist ${HOME}/.keepassx | ||
12 | blacklist ${HOME}/.password-store | ||
13 | |||
14 | caps.drop all | 10 | caps.drop all |
15 | seccomp | 11 | seccomp |
16 | protocol unix,inet,inet6 | 12 | protocol unix,inet,inet6 |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 9ad073b05..121d08a13 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -2,11 +2,8 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
11 | 8 | ||
12 | caps.drop all | 9 | caps.drop all |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 3b7bf2d55..934a374de 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -19,5 +19,4 @@ whitelist ~/.config/qutebrowser | |||
19 | mkdir ~/.cache | 19 | mkdir ~/.cache |
20 | mkdir ~/.cache/qutebrowser | 20 | mkdir ~/.cache/qutebrowser |
21 | whitelist ~/.cache/qutebrowser | 21 | whitelist ~/.cache/qutebrowser |
22 | |||
23 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 50838a15b..a3204c5f9 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -2,11 +2,8 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
11 | 8 | ||
12 | caps.drop all | 9 | caps.drop all |
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 67477dad6..ae0430830 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | caps.drop all | 7 | caps.drop all |
7 | seccomp | 8 | seccomp |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 71a52b3bb..a10d5b0ec 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for Seamoneky based off Mozilla Firefox | 1 | # Firejail profile for Seamoneky based off Mozilla Firefox |
2 | noblacklist ~/.mozilla | 2 | noblacklist ~/.mozilla |
3 | noblacklist ~/.cache/mozilla | 3 | noblacklist ~/.cache/mozilla |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/server.profile b/etc/server.profile index 61d10ba64..1b3cb7207 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -4,6 +4,7 @@ noblacklist /sbin | |||
4 | noblacklist /usr/sbin | 4 | noblacklist /usr/sbin |
5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | 8 | ||
8 | private | 9 | private |
9 | private-dev | 10 | private-dev |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 326d5d93e..dfe298e1d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | # Whitelist the folders needed by Spotify - This is more restrictive | 7 | # Whitelist the folders needed by Spotify - This is more restrictive |
7 | # than a blacklist though, but this is all spotify requires for | 8 | # than a blacklist though, but this is all spotify requires for |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 32536c0a7..7e105724e 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -2,11 +2,9 @@ | |||
2 | noblacklist ~/.ssh | 2 | noblacklist ~/.ssh |
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | 7 | blacklist ${HOME}/.wine |
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | 8 | ||
11 | caps.drop all | 9 | caps.drop all |
12 | seccomp | 10 | seccomp |
diff --git a/etc/steam.profile b/etc/steam.profile index 31ebf543e..4c96e8258 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -4,6 +4,7 @@ noblacklist ${HOME}/.local/share/steam | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | 8 | ||
8 | caps.drop all | 9 | caps.drop all |
9 | netfilter | 10 | netfilter |
diff --git a/etc/totem.profile b/etc/totem.profile index ad55e320a..5eeeb4402 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -2,11 +2,8 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
11 | 8 | ||
12 | caps.drop all | 9 | caps.drop all |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index ac685aee4..9e64c6d59 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -2,11 +2,8 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
11 | 8 | ||
12 | caps.drop all | 9 | caps.drop all |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index b8dffbece..1059ad3ee 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -2,11 +2,8 @@ | |||
2 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
4 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
5 | 6 | ||
6 | blacklist ${HOME}/.pki/nssdb | ||
7 | blacklist ${HOME}/.lastpass | ||
8 | blacklist ${HOME}/.keepassx | ||
9 | blacklist ${HOME}/.password-store | ||
10 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
11 | 8 | ||
12 | caps.drop all | 9 | caps.drop all |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 24ca88b03..4365e4fee 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -4,6 +4,7 @@ noblacklist /usr/sbin | |||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
7 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | 8 | ||
8 | private | 9 | private |
9 | private-dev | 10 | private-dev |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index a4ab60e6c..449d9a168 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Vivaldi browser profile | 1 | # Vivaldi browser profile |
2 | noblacklist ~/.config/vivaldi | 2 | noblacklist ~/.config/vivaldi |
3 | noblacklist ~/.cache/vivaldi | 3 | noblacklist ~/.cache/vivaldi |
4 | noblacklist ~/keepassx.kdbx | ||
5 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
6 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
7 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 7cd913040..0a7469339 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -3,11 +3,8 @@ noblacklist ${HOME}/.config/vlc | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 7 | ||
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist ${HOME}/.lastpass | ||
9 | blacklist ${HOME}/.keepassx | ||
10 | blacklist ${HOME}/.password-store | ||
11 | blacklist ${HOME}/.wine | 8 | blacklist ${HOME}/.wine |
12 | 9 | ||
13 | caps.drop all | 10 | caps.drop all |
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 4075232d2..24b245b6c 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -1,8 +1,8 @@ | |||
1 | # Whitelist-based profile for "Battle for Wesnoth" (game). | 1 | # Whitelist-based profile for "Battle for Wesnoth" (game). |
2 | |||
3 | include /etc/firejail/disable-common.inc | 2 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 3 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 4 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | seccomp | 8 | seccomp |
diff --git a/etc/xchat.profile b/etc/xchat.profile index ae1a6de53..7c11ba76c 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/disable-programs.inc | |||
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | 6 | ||
7 | blacklist ${HOME}/.wine | 7 | blacklist ${HOME}/.wine |
8 | |||
8 | caps.drop all | 9 | caps.drop all |
9 | seccomp | 10 | seccomp |
10 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |