aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/net/nolocal.net2
-rw-r--r--etc/net/nolocal6.net2
-rw-r--r--etc/profile-a-l/cinelerra-gg10
-rw-r--r--etc/profile-a-l/deluge.profile2
-rw-r--r--etc/profile-a-l/freetube.profile6
-rw-r--r--etc/profile-a-l/godot3.profile11
-rw-r--r--etc/profile-m-z/nicotine.profile7
-rw-r--r--etc/profile-m-z/youtube-viewers-common.profile12
8 files changed, 47 insertions, 5 deletions
diff --git a/etc/net/nolocal.net b/etc/net/nolocal.net
index 0eb9f9784..a37b18599 100644
--- a/etc/net/nolocal.net
+++ b/etc/net/nolocal.net
@@ -20,8 +20,8 @@
20 20
21# allow ping etc. 21# allow ping etc.
22-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT 22-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
23-A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
24-A INPUT -p icmp --icmp-type echo-request -j ACCEPT 23-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
24-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
25 25
26# accept dns requests going out to a server on the local network 26# accept dns requests going out to a server on the local network
27-A OUTPUT -p udp --dport 53 -j ACCEPT 27-A OUTPUT -p udp --dport 53 -j ACCEPT
diff --git a/etc/net/nolocal6.net b/etc/net/nolocal6.net
index 5a6678d03..5a66f0bbc 100644
--- a/etc/net/nolocal6.net
+++ b/etc/net/nolocal6.net
@@ -20,8 +20,8 @@
20 20
21# allow ping etc. 21# allow ping etc.
22-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT 22-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type destination-unreachable -j ACCEPT
23-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type time-exceeded -j ACCEPT
24-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT 23-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-request -j ACCEPT
24-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type echo-reply -j ACCEPT
25# required for ipv6 25# required for ipv6
26-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT 26-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type router-solicitation -j ACCEPT
27-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT 27-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type neighbour-solicitation -j ACCEPT
diff --git a/etc/profile-a-l/cinelerra-gg b/etc/profile-a-l/cinelerra-gg
new file mode 100644
index 000000000..ccb9fe04b
--- /dev/null
+++ b/etc/profile-a-l/cinelerra-gg
@@ -0,0 +1,10 @@
1# Firejail profile alias for cin
2# This file is overwritten after every install/update
3# Persistent local customizations
4include cinelerra-gg.local
5# Persistent global definitions
6# added by included profile
7#include globals.local
8
9# Redirect
10include cin.profile
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile
index fddd613e2..d8a27da62 100644
--- a/etc/profile-a-l/deluge.profile
+++ b/etc/profile-a-l/deluge.profile
@@ -36,7 +36,7 @@ nosound
36notv 36notv
37nou2f 37nou2f
38novideo 38novideo
39protocol unix,inet,inet6 39protocol unix,inet,inet6,netlink
40seccomp 40seccomp
41 41
42# deluge is using python on Debian 42# deluge is using python on Debian
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile
index cb00ce11b..bcde18b36 100644
--- a/etc/profile-a-l/freetube.profile
+++ b/etc/profile-a-l/freetube.profile
@@ -6,6 +6,8 @@ include freetube.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9ignore dbus-user none
10
9noblacklist ${HOME}/.config/FreeTube 11noblacklist ${HOME}/.config/FreeTube
10 12
11include allow-bin-sh.inc 13include allow-bin-sh.inc
@@ -18,5 +20,9 @@ whitelist ${HOME}/.config/FreeTube
18private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh 20private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh
19private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg 21private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg
20 22
23dbus-user filter
24dbus-user.own org.mpris.MediaPlayer2.chromium.*
25dbus-user.own org.mpris.MediaPlayer2.freetube
26
21# Redirect 27# Redirect
22include electron.profile 28include electron.profile
diff --git a/etc/profile-a-l/godot3.profile b/etc/profile-a-l/godot3.profile
new file mode 100644
index 000000000..90d1b15b7
--- /dev/null
+++ b/etc/profile-a-l/godot3.profile
@@ -0,0 +1,11 @@
1# Firejail profile for godot
2# Description: multi-platform 2D and 3D game engine with a feature-rich editor
3# This file is overwritten after every install/update
4# Persistent local customizations
5include godot3.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10# Redirect
11include godot.profile
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile
index bb2a41457..22c8b1782 100644
--- a/etc/profile-m-z/nicotine.profile
+++ b/etc/profile-m-z/nicotine.profile
@@ -8,8 +8,12 @@ include globals.local
8 8
9noblacklist ${HOME}/.nicotine 9noblacklist ${HOME}/.nicotine
10 10
11# Allow /bin/sh (blacklisted by disable-shell.inc)
12include allow-bin-sh.inc
13
11# Allow python (blacklisted by disable-interpreters.inc) 14# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 15include allow-python2.inc
16include allow-python3.inc
13 17
14include disable-common.inc 18include disable-common.inc
15include disable-devel.inc 19include disable-devel.inc
@@ -37,6 +41,7 @@ nodvd
37nogroups 41nogroups
38noinput 42noinput
39nonewprivs 43nonewprivs
44noprinters
40noroot 45noroot
41nosound 46nosound
42notv 47notv
@@ -47,7 +52,7 @@ seccomp
47tracelog 52tracelog
48 53
49disable-mnt 54disable-mnt
50private-bin nicotine,python2* 55#private-bin nicotine,python2*
51private-cache 56private-cache
52private-dev 57private-dev
53private-tmp 58private-tmp
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index 8582e2462..28c219377 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -19,6 +19,13 @@ include allow-perl.inc
19include allow-python2.inc 19include allow-python2.inc
20include allow-python3.inc 20include allow-python3.inc
21 21
22# The lines below are needed to find the default Firefox profile name, to allow
23# opening links in an existing instance of Firefox (note that it still fails if
24# there isn't a Firefox instance running with the default profile; see #5352)
25noblacklist ${HOME}/.mozilla
26whitelist ${HOME}/.mozilla/firefox/profiles.ini
27read-only ${HOME}/.mozilla/firefox/profiles.ini
28
22include disable-common.inc 29include disable-common.inc
23include disable-devel.inc 30include disable-devel.inc
24include disable-exec.inc 31include disable-exec.inc
@@ -55,5 +62,8 @@ private-dev
55private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg 62private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg
56private-tmp 63private-tmp
57 64
58dbus-user none 65dbus-user filter
66# allow D-Bus communication with firefox for opening links
67dbus-user.talk org.mozilla.*
68
59dbus-system none 69dbus-system none
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-23 23:05:55 +0000