aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/0ad.profile17
-rw-r--r--etc/2048-qt.profile19
-rw-r--r--etc/7z.profile7
-rw-r--r--etc/7za.profile6
-rw-r--r--etc/7zr.profile6
-rw-r--r--etc/Cryptocat.profile15
-rw-r--r--etc/Cyberfox.profile2
-rw-r--r--etc/Discord.profile6
-rw-r--r--etc/DiscordCanary.profile6
-rw-r--r--etc/FossaMail.profile2
-rw-r--r--etc/Fritzing.profile19
-rw-r--r--etc/Gitter.profile2
-rw-r--r--etc/JDownloader.profile21
-rw-r--r--etc/Mathematica.profile16
-rw-r--r--etc/Natron.profile2
-rw-r--r--etc/QMediathekView.profile16
-rw-r--r--etc/QOwnNotes.profile56
-rw-r--r--etc/Telegram.profile2
-rw-r--r--etc/Thunar.profile14
-rw-r--r--etc/Viber.profile16
-rw-r--r--etc/VirtualBox.profile2
-rw-r--r--etc/XMind.profile17
-rw-r--r--etc/Xephyr.profile7
-rw-r--r--etc/Xvfb.profile7
-rw-r--r--etc/abrowser.profile6
-rw-r--r--etc/acat.profile6
-rw-r--r--etc/adiff.profile6
-rw-r--r--etc/akonadi_control.profile17
-rw-r--r--etc/akregator.profile19
-rw-r--r--etc/als.profile6
-rw-r--r--etc/amarok.profile19
-rw-r--r--etc/amule.profile17
-rw-r--r--etc/android-studio.profile12
-rw-r--r--etc/anydesk.profile17
-rw-r--r--etc/aosp.profile14
-rw-r--r--etc/apack.profile6
-rw-r--r--etc/apktool.profile15
-rw-r--r--etc/arch-audit.profile17
-rw-r--r--etc/archaudit-report.profile18
-rw-r--r--etc/ardour4.profile2
-rw-r--r--etc/ardour5.profile17
-rw-r--r--etc/arduino.profile16
-rw-r--r--etc/arepack.profile6
-rw-r--r--etc/aria2c.profile17
-rw-r--r--etc/ark.profile17
-rw-r--r--etc/arm.profile17
-rw-r--r--etc/artha.profile46
-rw-r--r--etc/asunder.profile19
-rw-r--r--etc/atom-beta.profile4
-rw-r--r--etc/atom.profile11
-rw-r--r--etc/atool.profile15
-rw-r--r--etc/atril-previewer.profile6
-rw-r--r--etc/atril-thumbnailer.profile6
-rw-r--r--etc/atril.profile19
-rw-r--r--etc/audacious.profile19
-rw-r--r--etc/audacity.profile19
-rw-r--r--etc/aunpack.profile6
-rw-r--r--etc/authenticator.profile16
-rw-r--r--etc/aweather.profile19
-rw-r--r--etc/awesome.profile6
-rw-r--r--etc/baloo_file.profile17
-rw-r--r--etc/baloo_filemetadata_temp_extractor.profile6
-rw-r--r--etc/baobab.profile15
-rw-r--r--etc/basilisk.profile6
-rw-r--r--etc/beaker.profile12
-rw-r--r--etc/bibletime.profile17
-rw-r--r--etc/bitcoin-qt.profile19
-rw-r--r--etc/bitlbee.profile17
-rw-r--r--etc/blackbox.profile6
-rw-r--r--etc/bleachbit.profile15
-rw-r--r--etc/blender-2.8.profile2
-rw-r--r--etc/blender.profile15
-rw-r--r--etc/bless.profile17
-rw-r--r--etc/bluefish.profile17
-rw-r--r--etc/bnox.profile6
-rw-r--r--etc/brackets.profile11
-rw-r--r--etc/brasero.profile14
-rw-r--r--etc/brave.profile6
-rw-r--r--etc/bsdcat.profile2
-rw-r--r--etc/bsdcpio.profile2
-rw-r--r--etc/bsdtar.profile15
-rw-r--r--etc/bunzip2.profile6
-rw-r--r--etc/caja.profile14
-rw-r--r--etc/calibre.profile17
-rw-r--r--etc/calligra.profile15
-rw-r--r--etc/calligraauthor.profile2
-rw-r--r--etc/calligraconverter.profile2
-rw-r--r--etc/calligraflow.profile2
-rw-r--r--etc/calligraplan.profile2
-rw-r--r--etc/calligraplanwork.profile2
-rw-r--r--etc/calligrasheets.profile2
-rw-r--r--etc/calligrastage.profile2
-rw-r--r--etc/calligrawords.profile2
-rw-r--r--etc/catfish.profile16
-rw-r--r--etc/checkbashisms.profile19
-rw-r--r--etc/cherrytree.profile17
-rw-r--r--etc/chromium-browser.profile2
-rw-r--r--etc/chromium-common.profile17
-rw-r--r--etc/chromium.profile6
-rw-r--r--etc/cin.profile15
-rw-r--r--etc/cinelerra.profile2
-rw-r--r--etc/clamav.profile5
-rw-r--r--etc/clamdscan.profile2
-rw-r--r--etc/clamdtop.profile2
-rw-r--r--etc/clamscan.profile2
-rw-r--r--etc/clamtk.profile5
-rw-r--r--etc/claws-mail.profile14
-rw-r--r--etc/clementine.profile19
-rw-r--r--etc/clion.profile11
-rw-r--r--etc/clipit.profile17
-rw-r--r--etc/cliqz.profile6
-rw-r--r--etc/cmus.profile16
-rw-r--r--etc/code.profile11
-rw-r--r--etc/conkeror.profile10
-rw-r--r--etc/conky.profile17
-rw-r--r--etc/corebird.profile19
-rw-r--r--etc/cower.profile15
-rw-r--r--etc/cpio.profile11
-rw-r--r--etc/cryptocat.profile2
-rw-r--r--etc/curl.profile11
-rw-r--r--etc/cvlc.profile6
-rw-r--r--etc/cyberfox.profile6
-rw-r--r--etc/darktable.profile17
-rw-r--r--etc/deadbeef.profile17
-rw-r--r--etc/default.profile16
-rw-r--r--etc/deluge.profile19
-rw-r--r--etc/desktop.profile16
-rw-r--r--etc/devilspie.profile14
-rw-r--r--etc/devilspie2.profile14
-rw-r--r--etc/dex2jar.profile19
-rw-r--r--etc/dia.profile17
-rw-r--r--etc/dig.profile21
-rw-r--r--etc/digikam.profile18
-rw-r--r--etc/dillo.profile19
-rw-r--r--etc/dino.profile17
-rw-r--r--etc/disable-common.inc2
-rw-r--r--etc/disable-devel.inc2
-rw-r--r--etc/disable-interpreters.inc2
-rw-r--r--etc/disable-passwdmgr.inc3
-rw-r--r--etc/disable-programs.inc11
-rw-r--r--etc/disable-xdg.inc2
-rw-r--r--etc/discord-canary.profile6
-rw-r--r--etc/discord-common.profile13
-rw-r--r--etc/discord.profile6
-rw-r--r--etc/display.profile19
-rw-r--r--etc/dnox.profile6
-rw-r--r--etc/dnscrypt-proxy.profile17
-rw-r--r--etc/dnsmasq.profile17
-rw-r--r--etc/dolphin.profile14
-rw-r--r--etc/dooble-qt4.profile2
-rw-r--r--etc/dooble.profile17
-rw-r--r--etc/dosbox.profile19
-rw-r--r--etc/dragon.profile19
-rw-r--r--etc/dropbox.profile17
-rw-r--r--etc/easystroke.profile14
-rw-r--r--etc/ebook-viewer.profile2
-rw-r--r--etc/electron.profile10
-rw-r--r--etc/electrum.profile21
-rw-r--r--etc/elinks.profile17
-rw-r--r--etc/emacs.profile10
-rw-r--r--etc/empathy.profile12
-rw-r--r--etc/enchant-2.profile6
-rw-r--r--etc/enchant-lsmod-2.profile6
-rw-r--r--etc/enchant-lsmod.profile6
-rw-r--r--etc/enchant.profile17
-rw-r--r--etc/engrampa.profile17
-rw-r--r--etc/enox.profile6
-rw-r--r--etc/enpass.profile19
-rw-r--r--etc/eog.profile17
-rw-r--r--etc/eom.profile17
-rw-r--r--etc/epiphany.profile14
-rw-r--r--etc/etr.profile15
-rw-r--r--etc/evince-previewer.profile6
-rw-r--r--etc/evince-thumbnailer.profile6
-rw-r--r--etc/evince.profile19
-rw-r--r--etc/evolution.profile15
-rw-r--r--etc/exiftool.profile15
-rw-r--r--etc/falkon.profile19
-rw-r--r--etc/fbreader.profile19
-rw-r--r--etc/feh.profile15
-rw-r--r--etc/fetchmail.profile15
-rw-r--r--etc/ffmpeg.profile17
-rw-r--r--etc/file-roller.profile17
-rw-r--r--etc/file.profile11
-rw-r--r--etc/filezilla.profile15
-rw-r--r--etc/firefox-beta.profile6
-rw-r--r--etc/firefox-common-addons.inc2
-rw-r--r--etc/firefox-common.profile19
-rw-r--r--etc/firefox-developer-edition.profile6
-rw-r--r--etc/firefox-esr.profile6
-rw-r--r--etc/firefox-nightly.profile6
-rw-r--r--etc/firefox-wayland.profile6
-rw-r--r--etc/firefox.profile6
-rw-r--r--etc/firejail.config3
-rw-r--r--etc/flameshot.profile17
-rw-r--r--etc/flashpeak-slimjet.profile6
-rw-r--r--etc/flowblade.profile15
-rw-r--r--etc/fluxbox.profile6
-rw-r--r--etc/fontforge.profile17
-rw-r--r--etc/fossamail.profile8
-rw-r--r--etc/franz.profile15
-rw-r--r--etc/freecad.profile17
-rw-r--r--etc/freecadcmd.profile2
-rw-r--r--etc/freshclam.profile5
-rw-r--r--etc/frozen-bubble.profile19
-rw-r--r--etc/gajim.profile17
-rw-r--r--etc/galculator.profile19
-rw-r--r--etc/gcloud.profile11
-rw-r--r--etc/geany.profile11
-rw-r--r--etc/geary.profile8
-rw-r--r--etc/gedit.profile17
-rw-r--r--etc/geeqie.profile15
-rw-r--r--etc/ghb.profile2
-rw-r--r--etc/gimp-2.10.profile2
-rw-r--r--etc/gimp-2.8.profile2
-rw-r--r--etc/gimp.profile15
-rw-r--r--etc/git.profile11
-rw-r--r--etc/gitg.profile17
-rw-r--r--etc/gitter.profile17
-rw-r--r--etc/gjs.profile15
-rw-r--r--etc/globaltime.profile17
-rw-r--r--etc/gnome-2048.profile19
-rw-r--r--etc/gnome-books.profile19
-rw-r--r--etc/gnome-builder.profile11
-rw-r--r--etc/gnome-calculator.profile21
-rw-r--r--etc/gnome-chess.profile19
-rw-r--r--etc/gnome-clocks.profile19
-rw-r--r--etc/gnome-contacts.profile21
-rw-r--r--etc/gnome-documents.profile17
-rw-r--r--etc/gnome-font-viewer.profile19
-rw-r--r--etc/gnome-logs.profile19
-rw-r--r--etc/gnome-maps.profile19
-rw-r--r--etc/gnome-mplayer.profile17
-rw-r--r--etc/gnome-mpv.profile19
-rw-r--r--etc/gnome-music.profile19
-rw-r--r--etc/gnome-photos.profile17
-rw-r--r--etc/gnome-pie.profile43
-rw-r--r--etc/gnome-recipes.profile19
-rw-r--r--etc/gnome-ring.profile16
-rw-r--r--etc/gnome-twitch.profile17
-rw-r--r--etc/gnome-weather.profile19
-rw-r--r--etc/goobox.profile17
-rw-r--r--etc/google-chrome-beta.profile6
-rw-r--r--etc/google-chrome-stable.profile2
-rw-r--r--etc/google-chrome-unstable.profile6
-rw-r--r--etc/google-chrome.profile6
-rw-r--r--etc/google-earth.profile17
-rw-r--r--etc/google-play-music-desktop-player.profile17
-rw-r--r--etc/gpa.profile15
-rw-r--r--etc/gpg-agent.profile15
-rw-r--r--etc/gpg.profile15
-rw-r--r--etc/gpicview.profile17
-rw-r--r--etc/gpredict.profile17
-rw-r--r--etc/gradio.profile18
-rw-r--r--etc/gtar.profile2
-rw-r--r--etc/gthumb.profile15
-rw-r--r--etc/guayadeque.profile17
-rw-r--r--etc/gucharmap.profile17
-rw-r--r--etc/gunzip.profile6
-rw-r--r--etc/gwenview.profile17
-rw-r--r--etc/gzip.profile7
-rw-r--r--etc/handbrake-gtk.profile2
-rw-r--r--etc/handbrake.profile19
-rw-r--r--etc/hashcat.profile17
-rw-r--r--etc/hedgewars.profile17
-rw-r--r--etc/hexchat.profile19
-rw-r--r--etc/highlight.profile15
-rw-r--r--etc/hugin.profile17
-rw-r--r--etc/i3.profile6
-rw-r--r--etc/icecat.profile6
-rw-r--r--etc/icedove.profile8
-rw-r--r--etc/iceweasel.profile6
-rw-r--r--etc/idea.profile6
-rw-r--r--etc/idea.sh.profile11
-rw-r--r--etc/ideaIC.profile6
-rw-r--r--etc/imagej.profile15
-rw-r--r--etc/img2txt.profile17
-rw-r--r--etc/inkscape.profile19
-rw-r--r--etc/inox.profile6
-rw-r--r--etc/iridium-browser.profile2
-rw-r--r--etc/iridium.profile6
-rw-r--r--etc/itch.profile17
-rw-r--r--etc/jd-gui.profile19
-rw-r--r--etc/jdownloader.profile6
-rw-r--r--etc/jitsi.profile14
-rw-r--r--etc/k3b.profile18
-rw-r--r--etc/kaffeine.profile19
-rw-r--r--etc/karbon.profile2
-rw-r--r--etc/kate.profile17
-rw-r--r--etc/kcalc.profile19
-rw-r--r--etc/kdeinit4.profile17
-rw-r--r--etc/kdenlive.profile15
-rw-r--r--etc/keepass.profile17
-rw-r--r--etc/keepass2.profile2
-rw-r--r--etc/keepassx.profile19
-rw-r--r--etc/keepassx2.profile2
-rw-r--r--etc/keepassxc.profile19
-rw-r--r--etc/kget.profile17
-rw-r--r--etc/kino.profile15
-rw-r--r--etc/kmail.profile17
-rw-r--r--etc/knotes.profile6
-rw-r--r--etc/kodi.profile19
-rw-r--r--etc/konversation.profile17
-rw-r--r--etc/kopete.profile17
-rw-r--r--etc/krita.profile17
-rw-r--r--etc/krunner.profile16
-rw-r--r--etc/ktorrent.profile19
-rw-r--r--etc/kwin_x11.profile17
-rw-r--r--etc/kwrite.profile19
-rw-r--r--etc/lbunzip2.profile7
-rw-r--r--etc/lbzcat.profile7
-rw-r--r--etc/lbzip2.profile7
-rw-r--r--etc/leafpad.profile17
-rw-r--r--etc/less.profile7
-rw-r--r--etc/libreoffice.profile15
-rw-r--r--etc/liferea.profile19
-rw-r--r--etc/linphone.profile17
-rw-r--r--etc/lmms.profile17
-rw-r--r--etc/lobase.profile2
-rw-r--r--etc/localc.profile2
-rw-r--r--etc/lodraw.profile2
-rw-r--r--etc/loffice.profile2
-rw-r--r--etc/lofromtemplate.profile2
-rw-r--r--etc/loimpress.profile2
-rw-r--r--etc/lollypop.profile19
-rw-r--r--etc/lomath.profile2
-rw-r--r--etc/loweb.profile2
-rw-r--r--etc/lowriter.profile2
-rw-r--r--etc/luminance-hdr.profile17
-rw-r--r--etc/lximage-qt.profile15
-rw-r--r--etc/lxmusic.profile19
-rw-r--r--etc/lynx.profile17
-rw-r--r--etc/lzcat.profile7
-rw-r--r--etc/lzcmp.profile7
-rw-r--r--etc/lzdiff.profile7
-rw-r--r--etc/lzegrep.profile7
-rw-r--r--etc/lzfgrep.profile7
-rw-r--r--etc/lzgrep.profile7
-rw-r--r--etc/lzip.profile7
-rw-r--r--etc/lzless.profile7
-rw-r--r--etc/lzma.profile7
-rw-r--r--etc/lzmadec.profile2
-rw-r--r--etc/lzmainfo.profile7
-rw-r--r--etc/lzmore.profile7
-rw-r--r--etc/macrofusion.profile17
-rw-r--r--etc/makepkg.profile10
-rw-r--r--etc/masterpdfeditor.profile50
-rw-r--r--etc/masterpdfeditor4.profile12
-rw-r--r--etc/masterpdfeditor5.profile12
-rw-r--r--etc/mate-calc.profile15
-rw-r--r--etc/mate-calculator.profile2
-rw-r--r--etc/mate-color-select.profile15
-rw-r--r--etc/mate-dictionary.profile15
-rw-r--r--etc/mathematica.profile2
-rw-r--r--etc/mcabber.profile15
-rw-r--r--etc/mediainfo.profile15
-rw-r--r--etc/mediathekview.profile17
-rw-r--r--etc/meld.profile15
-rw-r--r--etc/mencoder.profile28
-rw-r--r--etc/midori.profile14
-rw-r--r--etc/min.profile17
-rw-r--r--etc/minetest.profile19
-rw-r--r--etc/mousepad.profile17
-rw-r--r--etc/mpd.profile17
-rw-r--r--etc/mplayer.profile19
-rw-r--r--etc/mpv.profile19
-rw-r--r--etc/ms-excel.profile6
-rw-r--r--etc/ms-office.profile15
-rw-r--r--etc/ms-onenote.profile6
-rw-r--r--etc/ms-outlook.profile6
-rw-r--r--etc/ms-powerpoint.profile6
-rw-r--r--etc/ms-skype.profile6
-rw-r--r--etc/ms-word.profile6
-rw-r--r--etc/multimc5.profile17
-rw-r--r--etc/mumble.profile18
-rw-r--r--etc/mupdf.profile19
-rw-r--r--etc/mupen64plus.profile16
-rw-r--r--etc/musescore.profile18
-rw-r--r--etc/musixmatch.profile15
-rw-r--r--etc/mutt.profile15
-rw-r--r--etc/natron.profile14
-rw-r--r--etc/nautilus.profile14
-rw-r--r--etc/ncdu.profile5
-rw-r--r--etc/nemo.profile12
-rw-r--r--etc/netsurf.profile14
-rw-r--r--etc/neverball.profile17
-rw-r--r--etc/nheko.profile16
-rw-r--r--etc/nitroshare-cli.profile7
-rw-r--r--etc/nitroshare-nmh.profile7
-rw-r--r--etc/nitroshare-send.profile7
-rw-r--r--etc/nitroshare-ui.profile7
-rw-r--r--etc/nitroshare.profile50
-rw-r--r--etc/nylas.profile17
-rw-r--r--etc/obs.profile19
-rw-r--r--etc/odt2txt.profile17
-rw-r--r--etc/okular.profile19
-rw-r--r--etc/onionshare-gui.profile17
-rw-r--r--etc/open-invaders.profile17
-rw-r--r--etc/openbox.profile6
-rw-r--r--etc/openshot-qt.profile2
-rw-r--r--etc/openshot.profile17
-rw-r--r--etc/opera-beta.profile6
-rw-r--r--etc/opera.profile6
-rw-r--r--etc/orage.profile17
-rw-r--r--etc/p7zip.profile6
-rw-r--r--etc/palemoon.profile6
-rw-r--r--etc/parole.profile16
-rw-r--r--etc/patch.profile17
-rw-r--r--etc/pcmanfm.profile14
-rw-r--r--etc/pdfchain.profile19
-rw-r--r--etc/pdfmod.profile19
-rw-r--r--etc/pdfsam.profile17
-rw-r--r--etc/pdftotext.profile19
-rw-r--r--etc/peek.profile17
-rw-r--r--etc/picard.profile19
-rw-r--r--etc/pidgin.profile15
-rw-r--r--etc/ping.profile21
-rw-r--r--etc/pingus.profile17
-rw-r--r--etc/pinta.profile17
-rw-r--r--etc/pithos.profile21
-rw-r--r--etc/pitivi.profile17
-rw-r--r--etc/pix.profile15
-rw-r--r--etc/playonlinux.profile12
-rw-r--r--etc/pluma.profile17
-rw-r--r--etc/polari.profile15
-rw-r--r--etc/ppsspp.profile18
-rw-r--r--etc/psi-plus.profile17
-rw-r--r--etc/pybitmessage.profile17
-rw-r--r--etc/pycharm-community.profile13
-rw-r--r--etc/pycharm-professional.profile2
-rw-r--r--etc/qbittorrent.profile19
-rw-r--r--etc/qemu-launcher.profile10
-rw-r--r--etc/qemu-system-x86_64.profile10
-rw-r--r--etc/qlipper.profile17
-rw-r--r--etc/qmmp.profile15
-rw-r--r--etc/qpdfview.profile19
-rw-r--r--etc/qtox.profile19
-rw-r--r--etc/quassel.profile12
-rw-r--r--etc/quiterss.profile17
-rw-r--r--etc/qupzilla.profile19
-rw-r--r--etc/qutebrowser.profile14
-rw-r--r--etc/rambox.profile14
-rw-r--r--etc/ranger.profile15
-rw-r--r--etc/redeclipse.profile19
-rw-r--r--etc/remmina.profile19
-rw-r--r--etc/rhythmbox.profile19
-rw-r--r--etc/ricochet.profile17
-rw-r--r--etc/riot-desktop.profile6
-rw-r--r--etc/riot-web.profile8
-rw-r--r--etc/ristretto.profile15
-rw-r--r--etc/rocketchat.profile8
-rw-r--r--etc/rtorrent.profile15
-rw-r--r--etc/runenpass.sh.profile2
-rw-r--r--etc/rview.profile6
-rw-r--r--etc/rvim.profile6
-rw-r--r--etc/sayonara.profile15
-rw-r--r--etc/scallion.profile17
-rw-r--r--etc/scribus.profile19
-rw-r--r--etc/sdat2img.profile19
-rw-r--r--etc/seamonkey-bin.profile2
-rw-r--r--etc/seamonkey.profile14
-rw-r--r--etc/server.profile17
-rw-r--r--etc/shellcheck.profile19
-rw-r--r--etc/shotcut.profile15
-rw-r--r--etc/signal-desktop.profile19
-rw-r--r--etc/silentarmy.profile19
-rw-r--r--etc/simple-scan.profile16
-rw-r--r--etc/simutrans.profile17
-rw-r--r--etc/skanlite.profile16
-rw-r--r--etc/skype.profile15
-rw-r--r--etc/skypeforlinux.profile14
-rw-r--r--etc/slack.profile19
-rw-r--r--etc/smplayer.profile19
-rw-r--r--etc/smtube.profile19
-rw-r--r--etc/snap.profile12
-rw-r--r--etc/snox.profile6
-rw-r--r--etc/soffice.profile2
-rw-r--r--etc/soundconverter.profile19
-rw-r--r--etc/spectre-meltdown-checker.profile18
-rw-r--r--etc/spotify.profile19
-rw-r--r--etc/sqlitebrowser.profile19
-rw-r--r--etc/ssh-agent.profile10
-rw-r--r--etc/ssh.profile11
-rw-r--r--etc/standardnotes-desktop.profile17
-rw-r--r--etc/start-tor-browser.desktop.profile2
-rw-r--r--etc/start-tor-browser.profile19
-rw-r--r--etc/steam-native.profile2
-rw-r--r--etc/steam.profile17
-rw-r--r--etc/stellarium.profile19
-rw-r--r--etc/strings.profile7
-rw-r--r--etc/studio.sh.profile2
-rw-r--r--etc/supertux2.profile19
-rw-r--r--etc/surf.profile15
-rw-r--r--etc/sylpheed.profile15
-rw-r--r--etc/synfigstudio.profile15
-rw-r--r--etc/tar.profile7
-rw-r--r--etc/teamspeak3.profile17
-rw-r--r--etc/telegram-desktop.profile2
-rw-r--r--etc/telegram.profile12
-rw-r--r--etc/terasology.profile17
-rw-r--r--etc/thunar.profile2
-rw-r--r--etc/thunderbird-beta.profile2
-rw-r--r--etc/thunderbird.profile6
-rw-r--r--etc/tilp.profile14
-rw-r--r--etc/tor-browser-ar.profile2
-rw-r--r--etc/tor-browser-en-us.profile2
-rw-r--r--etc/tor-browser-en.profile2
-rw-r--r--etc/tor-browser-es-es.profile2
-rw-r--r--etc/tor-browser-es.profile2
-rw-r--r--etc/tor-browser-fa.profile2
-rw-r--r--etc/tor-browser-fr.profile2
-rw-r--r--etc/tor-browser-it.profile2
-rw-r--r--etc/tor-browser-ja.profile2
-rw-r--r--etc/tor-browser-ko.profile2
-rw-r--r--etc/tor-browser-pl.profile2
-rw-r--r--etc/tor-browser-pt-br.profile2
-rw-r--r--etc/tor-browser-ru.profile2
-rw-r--r--etc/tor-browser-vi.profile2
-rw-r--r--etc/tor-browser-zh-cn.profile2
-rw-r--r--etc/tor.profile17
-rw-r--r--etc/torbrowser-launcher.profile21
-rw-r--r--etc/totem.profile19
-rw-r--r--etc/tracker.profile14
-rw-r--r--etc/transmission-cli.profile15
-rw-r--r--etc/transmission-gtk.profile19
-rw-r--r--etc/transmission-qt.profile19
-rw-r--r--etc/transmission-show.profile15
-rw-r--r--etc/truecraft.profile17
-rw-r--r--etc/tuxguitar.profile19
-rw-r--r--etc/uefitool.profile17
-rw-r--r--etc/uget-gtk.profile15
-rw-r--r--etc/unbound.profile17
-rw-r--r--etc/unknown-horizons.profile13
-rw-r--r--etc/unlzma.profile7
-rw-r--r--etc/unrar.profile7
-rw-r--r--etc/unxz.profile7
-rw-r--r--etc/unzip.profile7
-rw-r--r--etc/uudeview.profile7
-rw-r--r--etc/uzbl-browser.profile14
-rw-r--r--etc/viewnior.profile15
-rw-r--r--etc/viking.profile17
-rw-r--r--etc/vim.profile11
-rw-r--r--etc/vimcat.profile6
-rw-r--r--etc/vimdiff.profile6
-rw-r--r--etc/vimpager.profile6
-rw-r--r--etc/vimtutor.profile6
-rw-r--r--etc/virtualbox.profile14
-rw-r--r--etc/vivaldi-beta.profile2
-rw-r--r--etc/vivaldi-snapshot.profile6
-rw-r--r--etc/vivaldi-stable.profile2
-rw-r--r--etc/vivaldi.profile6
-rw-r--r--etc/vlc.profile19
-rw-r--r--etc/vym.profile15
-rw-r--r--etc/w3m.profile17
-rw-r--r--etc/warzone2100.profile19
-rw-r--r--etc/waterfox.profile6
-rw-r--r--etc/webstorm.profile15
-rw-r--r--etc/weechat-curses.profile2
-rw-r--r--etc/weechat.profile8
-rw-r--r--etc/wesnoth.profile17
-rw-r--r--etc/wget.profile13
-rw-r--r--etc/whitelist-common.inc3
-rw-r--r--etc/whitelist-var-common.inc2
-rw-r--r--etc/whois.profile19
-rw-r--r--etc/wine.profile12
-rw-r--r--etc/wire-desktop.profile17
-rw-r--r--etc/wireshark-gtk.profile2
-rw-r--r--etc/wireshark-qt.profile2
-rw-r--r--etc/wireshark.profile19
-rw-r--r--etc/x-terminal-emulator.profile5
-rw-r--r--etc/xcalc.profile19
-rw-r--r--etc/xchat.profile10
-rw-r--r--etc/xed.profile17
-rw-r--r--etc/xfburn.profile14
-rw-r--r--etc/xfce4-dict.profile15
-rw-r--r--etc/xfce4-notes.profile15
-rw-r--r--etc/xiphos.profile17
-rw-r--r--etc/xmms.profile17
-rw-r--r--etc/xmr-stak.profile19
-rw-r--r--etc/xonotic-glx.profile2
-rw-r--r--etc/xonotic-sdl.profile2
-rw-r--r--etc/xonotic.profile19
-rw-r--r--etc/xpdf.profile19
-rw-r--r--etc/xplayer-audio-preview.profile6
-rw-r--r--etc/xplayer-video-thumbnailer.profile6
-rw-r--r--etc/xplayer.profile19
-rw-r--r--etc/xpra.profile15
-rw-r--r--etc/xreader-previewer.profile6
-rw-r--r--etc/xreader-thumbnailer.profile6
-rw-r--r--etc/xreader.profile19
-rw-r--r--etc/xviewer.profile17
-rw-r--r--etc/xxd.profile6
-rw-r--r--etc/xz.profile2
-rw-r--r--etc/xzcat.profile7
-rw-r--r--etc/xzcmp.profile7
-rw-r--r--etc/xzdec.profile7
-rw-r--r--etc/xzdiff.profile7
-rw-r--r--etc/xzegrep.profile7
-rw-r--r--etc/xzfgrep.profile7
-rw-r--r--etc/xzgrep.profile7
-rw-r--r--etc/xzless.profile7
-rw-r--r--etc/xzmore.profile7
-rw-r--r--etc/yandex-browser.profile6
-rw-r--r--etc/youtube-dl.profile19
-rw-r--r--etc/zaproxy.profile19
-rw-r--r--etc/zart.profile17
-rw-r--r--etc/zathura.profile17
-rw-r--r--etc/zoom.profile14
608 files changed, 4163 insertions, 3338 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index f9320f6c7..674fb2c6a 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -2,19 +2,19 @@
2# Description: Real-time strategy game of ancient warfare 2# Description: Real-time strategy game of ancient warfare
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/0ad.local 5include 0ad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/0ad 9noblacklist ${HOME}/.cache/0ad
10noblacklist ${HOME}/.config/0ad 10noblacklist ${HOME}/.config/0ad
11noblacklist ${HOME}/.local/share/0ad 11noblacklist ${HOME}/.local/share/0ad
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/0ad 19mkdir ${HOME}/.cache/0ad
20mkdir ${HOME}/.config/0ad 20mkdir ${HOME}/.config/0ad
@@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/0ad
22whitelist ${HOME}/.cache/0ad 22whitelist ${HOME}/.cache/0ad
23whitelist ${HOME}/.config/0ad 23whitelist ${HOME}/.config/0ad
24whitelist ${HOME}/.local/share/0ad 24whitelist ${HOME}/.local/share/0ad
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
index 56b38f5a2..10f354f19 100644
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@@ -2,25 +2,25 @@
2# Description: Mathematics based puzzle game 2# Description: Mathematics based puzzle game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/2048-qt.local 5include 2048-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/2048-qt 9noblacklist ${HOME}/.config/2048-qt
10noblacklist ${HOME}/.config/xiaoyong 10noblacklist ${HOME}/.config/xiaoyong
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/2048-qt 18mkdir ${HOME}/.config/2048-qt
19mkdir ${HOME}/.config/xiaoyong 19mkdir ${HOME}/.config/xiaoyong
20whitelist ${HOME}/.config/2048-qt 20whitelist ${HOME}/.config/2048-qt
21whitelist ${HOME}/.config/xiaoyong 21whitelist ${HOME}/.config/xiaoyong
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/7z.profile b/etc/7z.profile
index e3f27b93f..363e301e2 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -2,10 +2,10 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/7z.local 5include 7z.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included default.profile 7# added by included default.profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -16,10 +16,11 @@ nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20shell none 21shell none
21tracelog 22tracelog
22 23
23private-dev 24private-dev
24 25
25include /etc/firejail/default.profile 26include default.profile
diff --git a/etc/7za.profile b/etc/7za.profile
index e035bf4f5..28e483a8c 100644
--- a/etc/7za.profile
+++ b/etc/7za.profile
@@ -1,10 +1,10 @@
1# Firejail profile for 7za 1# Firejail profile for 7za
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/7za.local 4include 7za.local
5# Persistent global definitions 5# Persistent global definitions
6# added by included profile 6# added by included profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/7z.profile 10include 7z.profile
diff --git a/etc/7zr.profile b/etc/7zr.profile
index e48c5494e..1b85badbc 100644
--- a/etc/7zr.profile
+++ b/etc/7zr.profile
@@ -1,10 +1,10 @@
1# Firejail profile for 7zr 1# Firejail profile for 7zr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/7zr.local 4include 7zr.local
5# Persistent global definitions 5# Persistent global definitions
6# added by included profile 6# added by included profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/7z.profile 10include 7z.profile
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile
index f1336be3e..e9cc07bd7 100644
--- a/etc/Cryptocat.profile
+++ b/etc/Cryptocat.profile
@@ -1,17 +1,17 @@
1# Firejail profile for Cryptocat 1# Firejail profile for Cryptocat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Cryptocat.local 4include Cryptocat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Cryptocat 8noblacklist ${HOME}/.config/Cryptocat
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24protocol unix,inet,inet6,netlink 25protocol unix,inet,inet6,netlink
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile
index 202bc26f4..2fb21e3cf 100644
--- a/etc/Cyberfox.profile
+++ b/etc/Cyberfox.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/cyberfox.profile 6include cyberfox.profile
diff --git a/etc/Discord.profile b/etc/Discord.profile
index 951357387..9a8957265 100644
--- a/etc/Discord.profile
+++ b/etc/Discord.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Discord 1# Firejail profile for Discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Discord.local 4include Discord.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discord 9noblacklist ${HOME}/.config/discord
@@ -15,4 +15,4 @@ private-bin Discord
15private-opt Discord 15private-opt Discord
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile
index f7b0e2c56..0624ff949 100644
--- a/etc/DiscordCanary.profile
+++ b/etc/DiscordCanary.profile
@@ -1,9 +1,9 @@
1# Firejail profile for DiscordCanary 1# Firejail profile for DiscordCanary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/DiscordCanary.local 4include DiscordCanary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discordcanary 9noblacklist ${HOME}/.config/discordcanary
@@ -15,4 +15,4 @@ private-bin DiscordCanary
15private-opt DiscordCanary 15private-opt DiscordCanary
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile
index 01e338ef2..55fd43515 100644
--- a/etc/FossaMail.profile
+++ b/etc/FossaMail.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/fossamail.profile 6include fossamail.profile
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile
index 2e4d235b6..55fb7bae7 100644
--- a/etc/Fritzing.profile
+++ b/etc/Fritzing.profile
@@ -2,21 +2,21 @@
2# Description: Easy-to-use electronic design software 2# Description: Easy-to-use electronic design software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Fritzing.local 5include Fritzing.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Fritzing 9noblacklist ${HOME}/.config/Fritzing
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/Gitter.profile b/etc/Gitter.profile
index b12dbd450..53e66d108 100644
--- a/etc/Gitter.profile
+++ b/etc/Gitter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gitter.profile 6include gitter.profile
diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile
index 659a41603..2803ebe07 100644
--- a/etc/JDownloader.profile
+++ b/etc/JDownloader.profile
@@ -1,9 +1,9 @@
1# Firejail profile for JDownloader 1# Firejail profile for JDownloader
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/JDownloader.local 4include JDownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.jd 9noblacklist ${HOME}/.jd
@@ -14,18 +14,18 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.jd 24mkdir ${HOME}/.jd
25whitelist ${HOME}/.jd 25whitelist ${HOME}/.jd
26whitelist ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31ipc-namespace 31ipc-namespace
@@ -38,6 +38,7 @@ nonewprivs
38noroot 38noroot
39nosound 39nosound
40notv 40notv
41nou2f
41novideo 42novideo
42protocol unix,inet,inet6 43protocol unix,inet,inet6
43seccomp 44seccomp
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index deff02028..6aba2678b 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -1,25 +1,25 @@
1# Firejail profile for Mathematica 1# Firejail profile for Mathematica
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Mathematica.local 4include Mathematica.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Mathematica 8noblacklist ${HOME}/.Mathematica
9noblacklist ${HOME}/.Wolfram Research 9noblacklist ${HOME}/.Wolfram Research
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.Mathematica 17mkdir ${HOME}/.Mathematica
18mkdir ${HOME}/.Wolfram Research 18mkdir ${HOME}/.Wolfram Research
19whitelist ${HOME}/.Mathematica 19whitelist ${HOME}/.Mathematica
20whitelist ${HOME}/.Wolfram Research 20whitelist ${HOME}/.Wolfram Research
21whitelist ${HOME}/Documents/Wolfram Mathematica 21whitelist ${HOME}/Documents/Wolfram Mathematica
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25nodvd 25nodvd
diff --git a/etc/Natron.profile b/etc/Natron.profile
index b21790fe4..aadd68c5c 100644
--- a/etc/Natron.profile
+++ b/etc/Natron.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/natron.profile 6include natron.profile
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index 558f62f0e..f969cd855 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -2,9 +2,9 @@
2# Description: Search, download or stream files from mediathek.de 2# Description: Search, download or stream files from mediathek.de
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/QMediathekView.local 5include QMediathekView.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/QMediathekView 9noblacklist ${HOME}/.config/QMediathekView
10noblacklist ${HOME}/.local/share/QMediathekView 10noblacklist ${HOME}/.local/share/QMediathekView
@@ -18,13 +18,13 @@ noblacklist ${HOME}/.local/share/totem
18noblacklist ${HOME}/.local/share/xplayer 18noblacklist ${HOME}/.local/share/xplayer
19noblacklist ${HOME}/.mplayer 19noblacklist ${HOME}/.mplayer
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile
new file mode 100644
index 000000000..1135b850b
--- /dev/null
+++ b/etc/QOwnNotes.profile
@@ -0,0 +1,56 @@
1# Firejail profile for QOwnNotes
2# Description: Plain-text file notepad with markdown support and ownCloud integration
3# This file is overwritten after every install/update
4# Persistent local customizations
5include QOwnNotes.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${DOCUMENTS}
10noblacklist ${HOME}/Nextcloud/Notes
11noblacklist ${HOME}/.config/PBE
12noblacklist ${HOME}/.local/share/PBE
13
14mkdir ${DOCUMENTS}
15mkdir ${HOME}/Nextcloud/Notes
16mkdir ${HOME}.config/PBE
17mkdir ${HOME}/.local/share/PBE
18whitelist ${DOCUMENTS}
19whitelist ${HOME}/Nextcloud/Notes
20whitelist ${HOME}/.config/PBE
21whitelist ${HOME}/.local/share/PBE
22include whitelist-common.inc
23include whitelist-var-common.inc
24
25include disable-common.inc
26include disable-devel.inc
27include disable-interpreters.inc
28include disable-passwdmgr.inc
29include disable-programs.inc
30include disable-xdg.inc
31
32caps.drop all
33machine-id
34netfilter
35no3d
36nodvd
37nogroups
38nonewprivs
39noroot
40nosound
41notv
42nou2f
43novideo
44protocol unix,inet,inet6,netlink
45seccomp
46shell none
47tracelog
48
49disable-mnt
50private-bin QOwnNotes,gio
51private-dev
52private-etc fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies
53private-tmp
54
55noexec ${HOME}
56noexec /tmp
diff --git a/etc/Telegram.profile b/etc/Telegram.profile
index df6557a90..51e4d9765 100644
--- a/etc/Telegram.profile
+++ b/etc/Telegram.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/telegram.profile 6include telegram.profile
diff --git a/etc/Thunar.profile b/etc/Thunar.profile
index 6de6cfb30..9937f3883 100644
--- a/etc/Thunar.profile
+++ b/etc/Thunar.profile
@@ -2,19 +2,19 @@
2# Description: File Manager for Xfce 2# Description: File Manager for Xfce
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Thunar.local 5include Thunar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/Trash 9noblacklist ${HOME}/.local/share/Trash
10noblacklist ${HOME}/.config/Thunar 10noblacklist ${HOME}/.config/Thunar
11noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml 11noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17# include /etc/firejail/disable-programs.inc 17# include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/Viber.profile b/etc/Viber.profile
index cb9d01e03..01bb49a99 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -1,22 +1,22 @@
1# Firejail profile for Viber 1# Firejail profile for Viber
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Viber.local 4include Viber.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.ViberPC 9noblacklist ${HOME}/.ViberPC
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.ViberPC 18whitelist ${HOME}/.ViberPC
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile
index c84b8a4ad..5fe8f1c57 100644
--- a/etc/VirtualBox.profile
+++ b/etc/VirtualBox.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/virtualbox.profile 7include virtualbox.profile
diff --git a/etc/XMind.profile b/etc/XMind.profile
index ff6258ca2..6b767555c 100644
--- a/etc/XMind.profile
+++ b/etc/XMind.profile
@@ -1,22 +1,22 @@
1# Firejail profile for XMind 1# Firejail profile for XMind
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/XMind.local 4include XMind.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmind 8noblacklist ${HOME}/.xmind
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.xmind 16mkdir ${HOME}/.xmind
17whitelist ${HOME}/.xmind 17whitelist ${HOME}/.xmind
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile
index c0c322b67..a95c8989a 100644
--- a/etc/Xephyr.profile
+++ b/etc/Xephyr.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Xephyr 1# Firejail profile for Xephyr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/Xephyr.local 4include Xephyr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# 8#
9# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. 9# This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr.
@@ -18,7 +18,7 @@ include /etc/firejail/globals.local
18blacklist /media 18blacklist /media
19 19
20whitelist /var/lib/xkb 20whitelist /var/lib/xkb
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24# Xephyr needs to be allowed access to the abstract Unix socket namespace. 24# Xephyr needs to be allowed access to the abstract Unix socket namespace.
@@ -29,6 +29,7 @@ nonewprivs
29# noroot 29# noroot
30nosound 30nosound
31notv 31notv
32nou2f
32protocol unix 33protocol unix
33seccomp 34seccomp
34shell none 35shell none
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 4ae2d20d2..967946a6c 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -2,9 +2,9 @@
2# Description: Virtual Framebuffer 'fake' X server 2# Description: Virtual Framebuffer 'fake' X server
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/Xvfb.local 5include Xvfb.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# 9#
10# This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. 10# This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb.
@@ -20,7 +20,7 @@ include /etc/firejail/globals.local
20blacklist /media 20blacklist /media
21 21
22whitelist /var/lib/xkb 22whitelist /var/lib/xkb
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26# Xvfb needs to be allowed access to the abstract Unix socket namespace. 26# Xvfb needs to be allowed access to the abstract Unix socket namespace.
@@ -31,6 +31,7 @@ nonewprivs
31#noroot 31#noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix 35protocol unix
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index d757d6f49..010247c6b 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for abrowser 1# Firejail profile for abrowser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/abrowser.local 4include abrowser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
@@ -18,4 +18,4 @@ whitelist ${HOME}/.mozilla
18 18
19 19
20# Redirect 20# Redirect
21include /etc/firejail/firefox-common.profile 21include firefox-common.profile
diff --git a/etc/acat.profile b/etc/acat.profile
index 08593585c..0b4579035 100644
--- a/etc/acat.profile
+++ b/etc/acat.profile
@@ -1,9 +1,9 @@
1# Firejail profile for acat 1# Firejail profile for acat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/acat.local 4include acat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/adiff.profile b/etc/adiff.profile
index 2c114d765..9073b1477 100644
--- a/etc/adiff.profile
+++ b/etc/adiff.profile
@@ -1,9 +1,9 @@
1# Firejail profile for adiff 1# Firejail profile for adiff
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/adiff.local 4include adiff.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
index 0cbe306e8..4d40e6594 100644
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@@ -1,8 +1,8 @@
1# Firejail profile for akonadi_control 1# Firejail profile for akonadi_control
2# Persistent local customizations 2# Persistent local customizations
3include /etc/firejail/akonadi_control.local 3include akonadi_control.local
4# Persistent global definitions 4# Persistent global definitions
5include /etc/firejail/globals.local 5include globals.local
6 6
7noblacklist ${HOME}/.cache/akonadi* 7noblacklist ${HOME}/.cache/akonadi*
8noblacklist ${HOME}/.config/akonadi* 8noblacklist ${HOME}/.config/akonadi*
@@ -20,13 +20,13 @@ noblacklist ${HOME}/.local/share/notes
20noblacklist /tmp/akonadi-* 20noblacklist /tmp/akonadi-*
21noblacklist /usr/sbin 21noblacklist /usr/sbin
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27include /etc/firejail/disable-programs.inc 27include disable-programs.inc
28 28
29include /etc/firejail/whitelist-var-common.inc 29include whitelist-var-common.inc
30 30
31# disabled options below are not compatible with the apparmor profile for mysqld-akonadi. 31# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
32# this affects ubuntu and debian currently 32# this affects ubuntu and debian currently
@@ -42,6 +42,7 @@ nogroups
42noroot 42noroot
43nosound 43nosound
44notv 44notv
45nou2f
45novideo 46novideo
46# protocol unix,inet,inet6 47# protocol unix,inet,inet6
47# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice 48# seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
diff --git a/etc/akregator.profile b/etc/akregator.profile
index af8dd2a3e..e7d0b74b9 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -2,26 +2,26 @@
2# Description: RSS/Atom feed aggregator 2# Description: RSS/Atom feed aggregator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/akregator.local 5include akregator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/akregatorrc 9noblacklist ${HOME}/.config/akregatorrc
10noblacklist ${HOME}/.local/share/akregator 10noblacklist ${HOME}/.local/share/akregator
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkfile ${HOME}/.config/akregatorrc 18mkfile ${HOME}/.config/akregatorrc
19mkdir ${HOME}/.local/share/akregator 19mkdir ${HOME}/.local/share/akregator
20whitelist ${HOME}/.config/akregatorrc 20whitelist ${HOME}/.config/akregatorrc
21whitelist ${HOME}/.local/share/akregator 21whitelist ${HOME}/.local/share/akregator
22whitelist ${HOME}/.local/share/kssl 22whitelist ${HOME}/.local/share/kssl
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36# chroot syscalls are needed for setting up the built-in sandbox 37# chroot syscalls are needed for setting up the built-in sandbox
diff --git a/etc/als.profile b/etc/als.profile
index 8cd9a9182..24b8b976b 100644
--- a/etc/als.profile
+++ b/etc/als.profile
@@ -1,9 +1,9 @@
1# Firejail profile for als 1# Firejail profile for als
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/als.local 4include als.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/amarok.profile b/etc/amarok.profile
index 3ee50a20b..6f2e6b3cc 100644
--- a/etc/amarok.profile
+++ b/etc/amarok.profile
@@ -2,20 +2,20 @@
2# Description: Easy to use media player based on the KDE Platform 2# Description: Easy to use media player based on the KDE Platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/amarok.local 5include amarok.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28# seccomp 29# seccomp
diff --git a/etc/amule.profile b/etc/amule.profile
index f052a312f..e969bb1df 100644
--- a/etc/amule.profile
+++ b/etc/amule.profile
@@ -2,22 +2,22 @@
2# Description: Client for the eD2k and Kad networks, like eMule 2# Description: Client for the eD2k and Kad networks, like eMule
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/amule.local 5include amule.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.aMule 10noblacklist ${HOME}/.aMule
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.aMule 19whitelist ${HOME}/.aMule
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index 8f5cd56cc..180e4871b 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -1,9 +1,9 @@
1# Firejail profile for android-studio 1# Firejail profile for android-studio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/android-studio.local 4include android-studio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.AndroidStudio* 8noblacklist ${HOME}/.AndroidStudio*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.local/share/JetBrains
16noblacklist ${HOME}/.ssh 16noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/anydesk.profile b/etc/anydesk.profile
index 17e083f4e..35b18bab4 100644
--- a/etc/anydesk.profile
+++ b/etc/anydesk.profile
@@ -1,21 +1,21 @@
1# Firejail profile for AnyDesk 1# Firejail profile for AnyDesk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/anydesk.local 4include anydesk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.anydesk 8noblacklist ${HOME}/.anydesk
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15 15
16mkdir ${HOME}/.anydesk 16mkdir ${HOME}/.anydesk
17whitelist ${HOME}/.anydesk 17whitelist ${HOME}/.anydesk
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/aosp.profile b/etc/aosp.profile
index 8622d6acd..a4eea4bad 100644
--- a/etc/aosp.profile
+++ b/etc/aosp.profile
@@ -1,9 +1,9 @@
1# Firejail profile for aosp 1# Firejail profile for aosp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/aosp.local 4include aosp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -18,12 +18,12 @@ noblacklist ${HOME}/.repoconfig
18noblacklist ${HOME}/.ssh 18noblacklist ${HOME}/.ssh
19noblacklist ${HOME}/.tooling 19noblacklist ${HOME}/.tooling
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29ipc-namespace 29ipc-namespace
diff --git a/etc/apack.profile b/etc/apack.profile
index ad44b227e..bd5e49a01 100644
--- a/etc/apack.profile
+++ b/etc/apack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for apack 1# Firejail profile for apack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/apack.local 4include apack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/apktool.profile b/etc/apktool.profile
index d157b1478..bad0c9346 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -3,16 +3,16 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/apktool.local 6include apktool.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13include /etc/firejail/disable-xdg.inc 13include disable-xdg.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index 9cd200ef2..7321f4e90 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/arch-audit.local 6include arch-audit.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10 10
11noblacklist /var/lib/pacman 11noblacklist /var/lib/pacman
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile
index 27b15412f..1b029d1ac 100644
--- a/etc/archaudit-report.profile
+++ b/etc/archaudit-report.profile
@@ -2,21 +2,21 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/archaudit-report.local 5include archaudit-report.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist /var/lib/pacman 10noblacklist /var/lib/pacman
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
index 7d1163174..5c22b57d0 100644
--- a/etc/ardour4.profile
+++ b/etc/ardour4.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/ardour5.profile 6include ardour5.profile
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index 99649cc3f..3c207b5b3 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -1,9 +1,9 @@
1# Firejail profile for ardour5 1# Firejail profile for ardour5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ardour5.local 4include ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/ardour4 8noblacklist ${HOME}/.config/ardour4
9noblacklist ${HOME}/.config/ardour5 9noblacklist ${HOME}/.config/ardour5
@@ -12,12 +12,12 @@ noblacklist ${HOME}/.vst
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13noblacklist ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix 32protocol unix
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/arduino.profile b/etc/arduino.profile
index 9f28cada4..6c2375fae 100644
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@@ -2,9 +2,9 @@
2# Description: AVR development board IDE and built-in libraries 2# Description: AVR development board IDE and built-in libraries
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/arduino.local 5include arduino.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.arduino15 9noblacklist ${HOME}/.arduino15
10noblacklist ${HOME}/.java 10noblacklist ${HOME}/.java
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/arepack.profile b/etc/arepack.profile
index f7a9f724a..f5584b2be 100644
--- a/etc/arepack.profile
+++ b/etc/arepack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for arepack 1# Firejail profile for arepack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/arepack.local 4include arepack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
index 4231c58ff..3015349b7 100644
--- a/etc/aria2c.profile
+++ b/etc/aria2c.profile
@@ -2,18 +2,18 @@
2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink 2# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/aria2c.local 5include aria2c.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.aria2 9noblacklist ${HOME}/.aria2
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/ark.profile b/etc/ark.profile
index d5a7f45f4..37211682c 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -2,19 +2,19 @@
2# Description: Archive utility 2# Description: Archive utility
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ark.local 5include ark.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/arkrc 9noblacklist ${HOME}/.config/arkrc
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/arm.profile b/etc/arm.profile
index da9b45928..288dd972a 100644
--- a/etc/arm.profile
+++ b/etc/arm.profile
@@ -2,9 +2,9 @@
2# Description: Terminal status monitor for Tor relays 2# Description: Terminal status monitor for Tor relays
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/arm.local 5include arm.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.arm 9noblacklist ${HOME}/.arm
10 10
@@ -14,15 +14,15 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.arm 23mkdir ${HOME}/.arm
24whitelist ${HOME}/.arm 24whitelist ${HOME}/.arm
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28ipc-namespace 28ipc-namespace
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/artha.profile b/etc/artha.profile
new file mode 100644
index 000000000..7b0c6735b
--- /dev/null
+++ b/etc/artha.profile
@@ -0,0 +1,46 @@
1# Firejail profile for artha
2# Description: A free cross-platform English thesaurus based on WordNet
3# This file is overwritten after every install/update
4# Persistent local customizations
5include artha.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/artha.conf
10noblacklist ${HOME}/.config/enchant
11
12include disable-common.inc
13include disable-devel.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17
18caps.drop all
19ipc-namespace
20machine-id
21net none
22no3d
23# nodbus
24nodvd
25nogroups
26nonewprivs
27noroot
28nosound
29notv
30nou2f
31novideo
32protocol unix
33seccomp
34shell none
35
36disable-mnt
37private-bin artha,enchant,notify-send
38private-cache
39private-dev
40private-etc fonts
41private-lib libnotify.so.*
42private-tmp
43
44memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 9c059ed0a..3167dfe12 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -2,9 +2,9 @@
2# Description: Graphical audio CD ripper and encoder 2# Description: Graphical audio CD ripper and encoder
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/asunder.local 5include asunder.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/asunder 9noblacklist ${HOME}/.config/asunder
10noblacklist ${HOME}/.asunder_album_genre 10noblacklist ${HOME}/.asunder_album_genre
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.asunder_album_title
12noblacklist ${HOME}/.asunder_album_artist 12noblacklist ${HOME}/.asunder_album_artist
13noblacklist ${MUSIC} 13noblacklist ${MUSIC}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
@@ -28,6 +28,7 @@ nodbus
28# nogroups 28# nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31nou2f
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile
index a153d08b4..36baee5c4 100644
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@@ -1,6 +1,6 @@
1# Firejail profile for atom-beta 1# Firejail profile for atom-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atom-beta.local 4include atom-beta.local
5# Profile redirect 5# Profile redirect
6include /etc/firejail/atom.profile 6include atom.profile
diff --git a/etc/atom.profile b/etc/atom.profile
index 1ff4e162d..ceb68ef3d 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -2,16 +2,16 @@
2# Description: A hackable text editor for the 21st Century 2# Description: A hackable text editor for the 21st Century
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atom.local 5include atom.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.atom 9noblacklist ${HOME}/.atom
10noblacklist ${HOME}/.config/Atom 10noblacklist ${HOME}/.config/Atom
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17# net none 17# net none
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
28seccomp 29seccomp
diff --git a/etc/atool.profile b/etc/atool.profile
index 161b211eb..b7addf36e 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -2,9 +2,9 @@
2# Description: Tool for managing file archives of various types 2# Description: Tool for managing file archives of various types
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atool.local 5include atool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -15,11 +15,11 @@ noblacklist ${PATH}/perl
15noblacklist /usr/lib/perl* 15noblacklist /usr/lib/perl*
16noblacklist /usr/share/perl* 16noblacklist /usr/share/perl*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19# include /etc/firejail/disable-devel.inc 19# include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile
index 5d841bc0e..3f24acefa 100644
--- a/etc/atril-previewer.profile
+++ b/etc/atril-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for atril-previewer 1# Firejail profile for atril-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atril-previewer.local 4include atril-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/atril.profile 10include atril.profile
diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile
index 88c74735d..de4a52514 100644
--- a/etc/atril-thumbnailer.profile
+++ b/etc/atril-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for atril-thumbnailer 1# Firejail profile for atril-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/atril-thumbnailer.local 4include atril-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/atril.profile 10include atril.profile
diff --git a/etc/atril.profile b/etc/atril.profile
index 6e5286e5f..92fae21d4 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -2,9 +2,9 @@
2# Description: MATE document viewer 2# Description: MATE document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/atril.local 5include atril.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/atril 9noblacklist ${HOME}/.cache/atril
10noblacklist ${HOME}/.config/atril 10noblacklist ${HOME}/.config/atril
@@ -13,14 +13,14 @@ noblacklist ${DOCUMENTS}
13#noblacklist ${HOME}/.local/share 13#noblacklist ${HOME}/.local/share
14# it seems to use only ${HOME}/.local/share/webkitgtk 14# it seems to use only ${HOME}/.local/share/webkitgtk
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25# apparmor 25# apparmor
26caps.drop all 26caps.drop all
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix 37protocol unix
37seccomp 38seccomp
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 627c1a72d..93a2f4b3e 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -2,22 +2,22 @@
2# Description: Small and fast audio player which supports lots of formats 2# Description: Small and fast audio player which supports lots of formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/audacious.local 5include audacious.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Audaciousrc 9noblacklist ${HOME}/.config/Audaciousrc
10noblacklist ${HOME}/.config/audacious 10noblacklist ${HOME}/.config/audacious
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 685319f7f..4dd412359 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -2,22 +2,22 @@
2# Description: Fast, cross-platform audio editor 2# Description: Fast, cross-platform audio editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/audacity.local 5include audacity.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.audacity-data 9noblacklist ${HOME}/.audacity-data
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -29,6 +29,7 @@ nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/aunpack.profile b/etc/aunpack.profile
index 4f03ac60d..cde9473e3 100644
--- a/etc/aunpack.profile
+++ b/etc/aunpack.profile
@@ -1,9 +1,9 @@
1# Firejail profile for aunpack 1# Firejail profile for aunpack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/aunpack.local 4include aunpack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/atool.profile 9include atool.profile
diff --git a/etc/authenticator.profile b/etc/authenticator.profile
index f10abdda8..9656bb3d7 100644
--- a/etc/authenticator.profile
+++ b/etc/authenticator.profile
@@ -2,9 +2,9 @@
2# Description: 2FA code generator for GNOME 2# Description: 2FA code generator for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/authenticator.local 5include authenticator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# blacklisted in 'disable-programs.local' 9# blacklisted in 'disable-programs.local'
10noblacklist ${HOME}/.config/Authenticator 10noblacklist ${HOME}/.config/Authenticator
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.config/Authenticator
13noblacklist ${PATH}/python3* 13noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22# apparmor 22# apparmor
23caps.drop all 23caps.drop all
@@ -30,8 +30,8 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33# novideo
34nou2f 33nou2f
34# novideo
35protocol unix 35protocol unix
36seccomp 36seccomp
37shell none 37shell none
diff --git a/etc/aweather.profile b/etc/aweather.profile
index 823b07c8c..d7228570f 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -2,22 +2,22 @@
2# Description: Advanced Weather Monitoring Program 2# Description: Advanced Weather Monitoring Program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/aweather.local 5include aweather.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/aweather 9noblacklist ${HOME}/.config/aweather
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/aweather 17mkdir ${HOME}/.config/aweather
18whitelist ${HOME}/.config/aweather 18whitelist ${HOME}/.config/aweather
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/awesome.profile b/etc/awesome.profile
index 49c1a4aad..5d1bf5071 100644
--- a/etc/awesome.profile
+++ b/etc/awesome.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/awesome.local 5include awesome.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.config/awesome 10noblacklist ${HOME}/.config/awesome
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 240573f44..5e749cac1 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -1,9 +1,9 @@
1# Firejail profile for baloo_file 1# Firejail profile for baloo_file
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/baloo_file.local 4include baloo_file.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/baloofilerc 8noblacklist ${HOME}/.config/baloofilerc
9noblacklist ${HOME}/.kde/share/config/baloofilerc 9noblacklist ${HOME}/.kde/share/config/baloofilerc
@@ -12,13 +12,13 @@ noblacklist ${HOME}/.kde4/share/config/baloofilerc
12noblacklist ${HOME}/.kde4/share/config/baloorc 12noblacklist ${HOME}/.kde4/share/config/baloorc
13noblacklist ${HOME}/.local/share/baloo 13noblacklist ${HOME}/.local/share/baloo
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24no3d 24no3d
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33# blacklisting of ioprio_set system calls breaks baloo_file 34# blacklisting of ioprio_set system calls breaks baloo_file
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile
index 87f2949e6..94496ede8 100644
--- a/etc/baloo_filemetadata_temp_extractor.profile
+++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -2,12 +2,12 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/baloo_filemetadata_temp_extractor.local 5include baloo_filemetadata_temp_extractor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9ignore read-write 9ignore read-write
10read-only ${HOME} 10read-only ${HOME}
11 11
12# Redirect 12# Redirect
13include /etc/firejail/baloo_file.profile 13include baloo_file.profile
diff --git a/etc/baobab.profile b/etc/baobab.profile
index d0c3f2712..c223b138e 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -2,15 +2,15 @@
2# Description: GNOME disk usage analyzer 2# Description: GNOME disk usage analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/baobab.local 5include baobab.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13# include /etc/firejail/disable-programs.inc 13# include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix 27protocol unix
27seccomp 28seccomp
diff --git a/etc/basilisk.profile b/etc/basilisk.profile
index 43ba5adcb..5f9fc8ef7 100644
--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@@ -1,9 +1,9 @@
1# Firejail profile for basilisk 1# Firejail profile for basilisk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/basilisk.local 4include basilisk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/moonchild productions/basilisk 8noblacklist ${HOME}/.cache/moonchild productions/basilisk
9noblacklist ${HOME}/.moonchild productions/basilisk 9noblacklist ${HOME}/.moonchild productions/basilisk
@@ -24,4 +24,4 @@ seccomp
24#private-opt basilisk 24#private-opt basilisk
25 25
26# Redirect 26# Redirect
27include /etc/firejail/firefox-common.profile 27include firefox-common.profile
diff --git a/etc/beaker.profile b/etc/beaker.profile
index 9215576c7..d18429408 100644
--- a/etc/beaker.profile
+++ b/etc/beaker.profile
@@ -1,19 +1,19 @@
1# Firejail profile for beaker 1# Firejail profile for beaker
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/beaker.local 4include beaker.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Beaker Browser 8noblacklist ${HOME}/.config/Beaker Browser
9 9
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12 12
13mkdir ${HOME}/.config/Beaker Browser 13mkdir ${HOME}/.config/Beaker Browser
14whitelist ${HOME}/.config/Beaker Browser 14whitelist ${HOME}/.config/Beaker Browser
15whitelist ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16include /etc/firejail/whitelist-common.inc 16include whitelist-common.inc
17 17
18# Redirect 18# Redirect
19include /etc/firejail/electron.profile 19include electron.profile
diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index 57595e8e2..0691b32c3 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -2,24 +2,24 @@
2# Description: Bible study tool 2# Description: Bible study tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bibletime.local 5include bibletime.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
11noblacklist ${HOME}/.bibletime 11noblacklist ${HOME}/.bibletime
12noblacklist ${HOME}/.sword 12noblacklist ${HOME}/.sword
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist ${HOME}/.bibletime 20whitelist ${HOME}/.bibletime
21whitelist ${HOME}/.sword 21whitelist ${HOME}/.sword
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25machine-id 25machine-id
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile
index 9b6affe24..46ce0775b 100644
--- a/etc/bitcoin-qt.profile
+++ b/etc/bitcoin-qt.profile
@@ -2,25 +2,25 @@
2# Description: Bitcoin is a peer-to-peer network based digital currency 2# Description: Bitcoin is a peer-to-peer network based digital currency
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bitcoin-qt.local 5include bitcoin-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.bitcoin 9noblacklist ${HOME}/.bitcoin
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.bitcoin 17mkdir ${HOME}/.bitcoin
18mkdir ${HOME}/.config/Bitcoin 18mkdir ${HOME}/.config/Bitcoin
19whitelist ${HOME}/.bitcoin 19whitelist ${HOME}/.bitcoin
20whitelist ${HOME}/.config/Bitcoin 20whitelist ${HOME}/.config/Bitcoin
21 21
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index e663d7799..2c2f88ed5 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -2,20 +2,20 @@
2# Description: IRC to other chat networks gateway 2# Description: IRC to other chat networks gateway
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bitlbee.local 5include bitlbee.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist /sbin 9noblacklist /sbin
10noblacklist /usr/sbin 10noblacklist /usr/sbin
11# noblacklist /var/log 11# noblacklist /var/log
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20netfilter 20netfilter
21no3d 21no3d
@@ -23,6 +23,7 @@ nodvd
23nonewprivs 23nonewprivs
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/blackbox.profile b/etc/blackbox.profile
index 2672c812a..13e83493d 100644
--- a/etc/blackbox.profile
+++ b/etc/blackbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/blackbox.local 5include blackbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.blackbox 10noblacklist ${HOME}/.blackbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 49d058ab4..fa850fe1a 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -2,9 +2,9 @@
2# Description: Delete unnecessary files from the system 2# Description: Delete unnecessary files from the system
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bleachbit.local 5include bleachbit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,11 +12,11 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19# include /etc/firejail/disable-programs.inc 19# include disable-programs.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile
index 4b907018e..9da0cb921 100644
--- a/etc/blender-2.8.profile
+++ b/etc/blender-2.8.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/blender.profile 6include blender.profile
diff --git a/etc/blender.profile b/etc/blender.profile
index 43a8622f7..77d073cd7 100644
--- a/etc/blender.profile
+++ b/etc/blender.profile
@@ -2,9 +2,9 @@
2# Description: Very fast and versatile 3D modeller/renderer 2# Description: Very fast and versatile 3D modeller/renderer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/blender.local 5include blender.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/blender 9noblacklist ${HOME}/.config/blender
10 10
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23# Allow usage of AMD GPU by OpenCL 23# Allow usage of AMD GPU by OpenCL
24noblacklist /sys/module 24noblacklist /sys/module
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/bless.profile b/etc/bless.profile
index 0da3436e8..cc03107a5 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -2,19 +2,19 @@
2# Description: A full featured hexadecimal editor 2# Description: A full featured hexadecimal editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bless.local 5include bless.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/bless 9noblacklist ${HOME}/.config/bless
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/bluefish.profile b/etc/bluefish.profile
index 23ba34d42..ce47cb9ab 100644
--- a/etc/bluefish.profile
+++ b/etc/bluefish.profile
@@ -2,17 +2,17 @@
2# Description: Advanced Gtk+ text editor for web and software development 2# Description: Advanced Gtk+ text editor for web and software development
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bluefish.local 5include bluefish.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/bnox.profile b/etc/bnox.profile
index 3207a2923..031f3f4bd 100644
--- a/etc/bnox.profile
+++ b/etc/bnox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for bnox 1# Firejail profile for bnox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/bnox.local 4include bnox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/bnox 8noblacklist ${HOME}/.cache/bnox
9noblacklist ${HOME}/.config/bnox 9noblacklist ${HOME}/.config/bnox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/bnox
14whitelist ${HOME}/.config/bnox 14whitelist ${HOME}/.config/bnox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 8f1068506..1c03b2119 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -1,17 +1,17 @@
1# Firejail profile for brackets 1# Firejail profile for brackets
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/brackets.local 4include brackets.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Brackets 8noblacklist ${HOME}/.config/Brackets
9#noblacklist /opt/brackets/ 9#noblacklist /opt/brackets/
10#noblacklist /opt/google/ 10#noblacklist /opt/google/
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6,netlink 26protocol unix,inet,inet6,netlink
26seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic 27seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic
diff --git a/etc/brasero.profile b/etc/brasero.profile
index 1c0b5f843..8ab9472ac 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -2,17 +2,17 @@
2# Description: CD/DVD burning application for GNOME 2# Description: CD/DVD burning application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/brasero.local 5include brasero.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/brasero 9noblacklist ${HOME}/.config/brasero
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
diff --git a/etc/brave.profile b/etc/brave.profile
index 08bcea561..315564b05 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -1,9 +1,9 @@
1# Firejail profile for brave 1# Firejail profile for brave
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/brave.local 4include brave.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/brave 8noblacklist ${HOME}/.config/brave
9# brave uses gpg for built-in password manager 9# brave uses gpg for built-in password manager
@@ -17,4 +17,4 @@ whitelist ${HOME}/.gnupg
17ignore noexec /tmp 17ignore noexec /tmp
18 18
19# Redirect 19# Redirect
20include /etc/firejail/chromium-common.profile 20include chromium-common.profile
diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile
index b900eb4bf..e95dfdf2d 100644
--- a/etc/bsdcat.profile
+++ b/etc/bsdcat.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/bsdtar.profile 6include bsdtar.profile
diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile
index b900eb4bf..e95dfdf2d 100644
--- a/etc/bsdcpio.profile
+++ b/etc/bsdcpio.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/bsdtar.profile 6include bsdtar.profile
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index 57220ef4a..f6864386e 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -2,15 +2,15 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/bsdtar.local 5include bsdtar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15blacklist /tmp/.X11-unix 15blacklist /tmp/.X11-unix
16 16
@@ -25,6 +25,7 @@ nonewprivs
25# noroot 25# noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29nonewprivs 30nonewprivs
30protocol unix 31protocol unix
diff --git a/etc/bunzip2.profile b/etc/bunzip2.profile
index f483a1d3d..891476cb1 100644
--- a/etc/bunzip2.profile
+++ b/etc/bunzip2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for bunzip2 1# Firejail profile for bunzip2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/bunzip2.local 4include bunzip2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/gzip.profile 9include gzip.profile
diff --git a/etc/caja.profile b/etc/caja.profile
index 20e690a14..f938792cd 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -2,9 +2,9 @@
2# Description: File manager for the MATE desktop 2# Description: File manager for the MATE desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/caja.local 5include caja.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there 9# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10# is already a caja process running on MATE desktops firejail will have no effect. 10# is already a caja process running on MATE desktops firejail will have no effect.
@@ -19,11 +19,11 @@ noblacklist ${PATH}/python3*
19noblacklist /usr/lib/python2* 19noblacklist /usr/lib/python2*
20noblacklist /usr/lib/python3* 20noblacklist /usr/lib/python3*
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25include /etc/firejail/disable-passwdmgr.inc 25include disable-passwdmgr.inc
26# include /etc/firejail/disable-programs.inc 26# include disable-programs.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/calibre.profile b/etc/calibre.profile
index 7a5d798c5..5c7d3e1e7 100644
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@@ -2,21 +2,21 @@
2# Description: Powerful and easy to use e-book manager 2# Description: Powerful and easy to use e-book manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/calibre.local 5include calibre.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/calibre 9noblacklist ${HOME}/.cache/calibre
10noblacklist ${HOME}/.config/calibre 10noblacklist ${HOME}/.config/calibre
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/calligra.profile b/etc/calligra.profile
index ab2845db4..84a60a196 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -2,15 +2,15 @@
2# Description: Extensive productivity and creative suite 2# Description: Extensive productivity and creative suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/calligra.local 5include calligra.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16ipc-namespace 16ipc-namespace
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix 26protocol unix
26seccomp 27seccomp
diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraauthor.profile
+++ b/etc/calligraauthor.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraconverter.profile
+++ b/etc/calligraconverter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraflow.profile
+++ b/etc/calligraflow.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraplan.profile
+++ b/etc/calligraplan.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligraplanwork.profile
+++ b/etc/calligraplanwork.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrasheets.profile
+++ b/etc/calligrasheets.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrastage.profile
+++ b/etc/calligrastage.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile
index 629ab46c1..b9c06a588 100644
--- a/etc/calligrawords.profile
+++ b/etc/calligrawords.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/calligra.profile 6include calligra.profile
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 422dc93e5..1afcd0365 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -2,9 +2,9 @@
2# Description: File searching tool 2# Description: File searching tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/catfish.local 5include catfish.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# We can't blacklist much since catfish 9# We can't blacklist much since catfish
10# is for finding files/content 10# is for finding files/content
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21# include /etc/firejail/disable-devel.inc 21# include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26whitelist /var/lib/mlocate 26whitelist /var/lib/mlocate
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30net none 30net none
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
index c8b8be04e..601ca58a9 100644
--- a/etc/checkbashisms.profile
+++ b/etc/checkbashisms.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/checkbashisms.local 6include checkbashisms.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
@@ -16,14 +16,14 @@ noblacklist ${PATH}/perl
16noblacklist /usr/lib/perl* 16noblacklist /usr/lib/perl*
17noblacklist /usr/share/perl* 17noblacklist /usr/share/perl*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29ipc-namespace 29ipc-namespace
@@ -36,6 +36,7 @@ nonewprivs
36noroot 36noroot
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix 41protocol unix
41seccomp 42seccomp
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 0159bddae..134a06c48 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -2,9 +2,9 @@
2# Description: Hierarchical note taking application 2# Description: Hierarchical note taking application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/cherrytree.local 5include cherrytree.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/cherrytree 9noblacklist ${HOME}/.config/cherrytree
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile
index 472841e92..f83052d9a 100644
--- a/etc/chromium-browser.profile
+++ b/etc/chromium-browser.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4# Redirect 4# Redirect
5include /etc/firejail/chromium.profile 5include chromium.profile
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index fc3df86db..e7062c5b8 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -1,23 +1,23 @@
1# Firejail profile for chromium-common 1# Firejail profile for chromium-common
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/chromium-common.local 4include chromium-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9noblacklist ${HOME}/.pki 9noblacklist ${HOME}/.pki
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.pki 16mkdir ${HOME}/.pki
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.pki 18whitelist ${HOME}/.pki
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.keep sys_chroot,sys_admin 23caps.keep sys_chroot,sys_admin
@@ -27,6 +27,7 @@ nodbus
27nodvd 27nodvd
28nogroups 28nogroups
29notv 29notv
30nou2f
30shell none 31shell none
31 32
32disable-mnt 33disable-mnt
diff --git a/etc/chromium.profile b/etc/chromium.profile
index a1488e3e9..dab9ce449 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -2,9 +2,9 @@
2# Description: A web browser built for speed, simplicity, and security 2# Description: A web browser built for speed, simplicity, and security
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/chromium.local 5include chromium.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/chromium 9noblacklist ${HOME}/.cache/chromium
10noblacklist ${HOME}/.config/chromium 10noblacklist ${HOME}/.config/chromium
@@ -19,4 +19,4 @@ whitelist ${HOME}/.config/chromium-flags.conf
19# private-bin chromium,chromium-browser,chromedriver 19# private-bin chromium,chromium-browser,chromedriver
20 20
21# Redirect 21# Redirect
22include /etc/firejail/chromium-common.profile 22include chromium-common.profile
diff --git a/etc/cin.profile b/etc/cin.profile
index 92baef33a..02511c478 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -1,17 +1,17 @@
1# Firejail profile for cin 1# Firejail profile for cin
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cin.local 4include cin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.bcast5 8noblacklist ${HOME}/.bcast5
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
@@ -21,6 +21,7 @@ nodvd
21#nogroups 21#nogroups
22nonewprivs 22nonewprivs
23notv 23notv
24nou2f
24noroot 25noroot
25protocol unix 26protocol unix
26 27
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile
index e6a1941b5..26f782384 100644
--- a/etc/cinelerra.profile
+++ b/etc/cinelerra.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/cin.profile 6include cin.profile
diff --git a/etc/clamav.profile b/etc/clamav.profile
index cf46b8582..a48fa8039 100644
--- a/etc/clamav.profile
+++ b/etc/clamav.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/clamav.local 6include clamav.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10caps.drop all 10caps.drop all
11ipc-namespace 11ipc-namespace
@@ -18,6 +18,7 @@ nonewprivs
18noroot 18noroot
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22protocol unix 23protocol unix
23seccomp 24seccomp
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamdscan.profile
+++ b/etc/clamdscan.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamdtop.profile
+++ b/etc/clamdtop.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
index f6861dfa1..f146d05ec 100644
--- a/etc/clamscan.profile
+++ b/etc/clamscan.profile
@@ -4,4 +4,4 @@ quiet
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/clamav.profile 7include clamav.profile
diff --git a/etc/clamtk.profile b/etc/clamtk.profile
index d916381b2..c3b5f3ce5 100644
--- a/etc/clamtk.profile
+++ b/etc/clamtk.profile
@@ -1,9 +1,9 @@
1# Firejail profile for clamtk 1# Firejail profile for clamtk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/clamtk.local 4include clamtk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8caps.drop all 8caps.drop all
9ipc-namespace 9ipc-namespace
@@ -16,6 +16,7 @@ nonewprivs
16noroot 16noroot
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20protocol unix 21protocol unix
21seccomp 22seccomp
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index f7f0fccca..f0656385f 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -2,19 +2,19 @@
2# Description: Fast, lightweight and user-friendly GTK+2 based email client 2# Description: Fast, lightweight and user-friendly GTK+2 based email client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/claws-mail.local 5include claws-mail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.claws-mail 9noblacklist ${HOME}/.claws-mail
10noblacklist ${HOME}/.gnupg 10noblacklist ${HOME}/.gnupg
11noblacklist ${HOME}/.signature 11noblacklist ${HOME}/.signature
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/clementine.profile b/etc/clementine.profile
index a72bc39cf..147b0de4b 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -2,27 +2,28 @@
2# Description: Modern music player and library organizer 2# Description: Modern music player and library organizer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clementine.local 5include clementine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/Clementine 9noblacklist ${HOME}/.cache/Clementine
10noblacklist ${HOME}/.config/Clementine 10noblacklist ${HOME}/.config/Clementine
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28# blacklisting of ioprio_set system calls breaks clementine 29# blacklisting of ioprio_set system calls breaks clementine
diff --git a/etc/clion.profile b/etc/clion.profile
index bcb18114e..e230a740d 100644
--- a/etc/clion.profile
+++ b/etc/clion.profile
@@ -1,9 +1,9 @@
1# Firejail profile for CLion 1# Firejail profile for CLion
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/clion.local 4include clion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.CLion* 8noblacklist ${HOME}/.CLion*
9noblacklist ${HOME}/.gitconfig 9noblacklist ${HOME}/.gitconfig
@@ -12,9 +12,9 @@ noblacklist ${HOME}/.local/share/JetBrains
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13noblacklist ${HOME}/.tooling 13noblacklist ${HOME}/.tooling
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/clipit.profile b/etc/clipit.profile
index fd6fbd61b..1b3ed8c62 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight GTK+ clipboard manager 2# Description: Lightweight GTK+ clipboard manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clipit.local 5include clipit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/clipit 9noblacklist ${HOME}/.config/clipit
10noblacklist ${HOME}/.local/share/clipit 10noblacklist ${HOME}/.local/share/clipit
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/cliqz.profile b/etc/cliqz.profile
index 4ff96311d..70277f1ce 100644
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@@ -1,9 +1,9 @@
1# Firejail profile for cliqz 1# Firejail profile for cliqz
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cliqz.local 4include cliqz.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/cliqz 8noblacklist ${HOME}/.cache/cliqz
9noblacklist ${HOME}/.config/cliqz 9noblacklist ${HOME}/.config/cliqz
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/cliqz
17#private-etc cliqz 17#private-etc cliqz
18 18
19# Redirect 19# Redirect
20include /etc/firejail/firefox-common.profile 20include firefox-common.profile
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 5744d462b..ee6600b76 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight ncurses audio player 2# Description: Lightweight ncurses audio player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/cmus.local 5include cmus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/cmus 9noblacklist ${HOME}/.config/cmus
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/code.profile b/etc/code.profile
index ab69008f1..6528b63ff 100644
--- a/etc/code.profile
+++ b/etc/code.profile
@@ -1,16 +1,16 @@
1# Firejail profile for Visual Studio Code 1# Firejail profile for Visual Studio Code
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/code.local 4include code.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.vscode 8noblacklist ${HOME}/.vscode
9noblacklist ${HOME}/.config/Code 9noblacklist ${HOME}/.config/Code
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6,netlink 26protocol unix,inet,inet6,netlink
26seccomp 27seccomp
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 2489e2df4..ca38600d1 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -1,14 +1,14 @@
1# Firejail profile for conkeror 1# Firejail profile for conkeror
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/conkeror.local 4include conkeror.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.conkeror.mozdev.org 8noblacklist ${HOME}/.conkeror.mozdev.org
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13whitelist ${HOME}/.conkeror.mozdev.org 13whitelist ${HOME}/.conkeror.mozdev.org
14whitelist ${HOME}/.conkerorrc 14whitelist ${HOME}/.conkerorrc
@@ -21,7 +21,7 @@ whitelist ${HOME}/.vimperatorrc
21whitelist ${HOME}/.zotero 21whitelist ${HOME}/.zotero
22whitelist ${HOME}/Downloads 22whitelist ${HOME}/Downloads
23whitelist ${HOME}/dwhelper 23whitelist ${HOME}/dwhelper
24include /etc/firejail/whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
diff --git a/etc/conky.profile b/etc/conky.profile
index f6d07d6de..846868be2 100644
--- a/etc/conky.profile
+++ b/etc/conky.profile
@@ -2,18 +2,18 @@
2# Description: Highly configurable system monitor 2# Description: Highly configurable system monitor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/conky.local 5include conky.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/corebird.profile b/etc/corebird.profile
index c7f8a8874..bf2e97356 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -2,20 +2,20 @@
2# Description: Native Gtk+ Twitter client for the Linux desktop 2# Description: Native Gtk+ Twitter client for the Linux desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/corebird.local 5include corebird.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/corebird 9noblacklist ${HOME}/.config/corebird
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/cower.profile b/etc/cower.profile
index dcc388f87..ebd83b326 100644
--- a/etc/cower.profile
+++ b/etc/cower.profile
@@ -8,20 +8,20 @@
8quiet 8quiet
9 9
10# Persistent local customizations 10# Persistent local customizations
11include /etc/firejail/cower.local 11include cower.local
12# Persistent global definitions 12# Persistent global definitions
13include /etc/firejail/globals.local 13include globals.local
14 14
15noblacklist ${HOME}/.config/cower/config 15noblacklist ${HOME}/.config/cower/config
16read-only ${HOME}/.config/cower/config 16read-only ${HOME}/.config/cower/config
17 17
18noblacklist /var/lib/pacman 18noblacklist /var/lib/pacman
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/cpio.profile b/etc/cpio.profile
index 3c7d0748c..f63e0a552 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -3,18 +3,18 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/cpio.local 6include cpio.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist /sbin 12noblacklist /sbin
13noblacklist /usr/sbin 13noblacklist /usr/sbin
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile
index 3d3de7268..7a9039ea4 100644
--- a/etc/cryptocat.profile
+++ b/etc/cryptocat.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/Cryptocat.profile 6include Cryptocat.profile
diff --git a/etc/curl.profile b/etc/curl.profile
index e77b8bf4f..d20e00740 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/curl.local 6include curl.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist ${HOME}/.curlrc 12noblacklist ${HOME}/.curlrc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index 81ccbc530..1070b602c 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -1,12 +1,12 @@
1# Firejail profile for cvlc 1# Firejail profile for cvlc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cvlc.local 4include cvlc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# cvlc doesn't like private-bin 8# cvlc doesn't like private-bin
9ignore private-bin 9ignore private-bin
10 10
11# Redirect 11# Redirect
12include /etc/firejail/vlc.profile 12include vlc.profile
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index ce51906ba..fcb448b30 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for cyberfox 1# Firejail profile for cyberfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/cyberfox.local 4include cyberfox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.8pecxstudios 8noblacklist ${HOME}/.8pecxstudios
9noblacklist ${HOME}/.cache/8pecxstudios 9noblacklist ${HOME}/.cache/8pecxstudios
@@ -18,4 +18,4 @@ whitelist ${HOME}/.cache/8pecxstudios
18#private-etc cyberfox 18#private-etc cyberfox
19 19
20# Redirect 20# Redirect
21include /etc/firejail/firefox-common.profile 21include firefox-common.profile
diff --git a/etc/darktable.profile b/etc/darktable.profile
index 74144e68e..af834f90b 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -2,20 +2,20 @@
2# Description: Virtual lighttable and darkroom for photographers 2# Description: Virtual lighttable and darkroom for photographers
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/darktable.local 5include darktable.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/darktable 9noblacklist ${HOME}/.cache/darktable
10noblacklist ${HOME}/.config/darktable 10noblacklist ${HOME}/.config/darktable
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 8f5961647..f751b7bb0 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -2,19 +2,19 @@
2# Description: A GTK+ audio player for GNU/Linux 2# Description: A GTK+ audio player for GNU/Linux
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/deadbeef.local 5include deadbeef.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/deadbeef 9noblacklist ${HOME}/.config/deadbeef
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/default.profile b/etc/default.profile
index f8e54c8d3..27feb7dd1 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -1,19 +1,19 @@
1# Firejail profile for default 1# Firejail profile for default
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/default.local 4include default.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# generic gui profile 8# generic gui profile
9# depending on your usage, you can enable some of the commands below: 9# depending on your usage, you can enable some of the commands below:
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12# include /etc/firejail/disable-devel.inc 12# include disable-devel.inc
13# include /etc/firejail/disable-interpreters.inc 13# include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16#include /etc/firejail/disable-xdg.inc 16#include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19# ipc-namespace 19# ipc-namespace
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 27ca036ca..cb8bff07e 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client written in Python/PyGTK 2# Description: BitTorrent client written in Python/PyGTK
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/deluge.local 5include deluge.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/deluge 9noblacklist ${HOME}/.config/deluge
10 10
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18# include /etc/firejail/disable-devel.inc 18# include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.config/deluge 23mkdir ${HOME}/.config/deluge
24whitelist ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25whitelist ${HOME}/.config/deluge 25whitelist ${HOME}/.config/deluge
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30machine-id 30machine-id
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/desktop.profile b/etc/desktop.profile
index 8bfa885a3..bfb1618b2 100644
--- a/etc/desktop.profile
+++ b/etc/desktop.profile
@@ -2,20 +2,20 @@
2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop 2# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/github-desktop.local 5include github-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9whitelist ${HOME}/.gitconfig 9whitelist ${HOME}/.gitconfig
10whitelist ${HOME}/.config/GitHub Desktop 10whitelist ${HOME}/.config/GitHub Desktop
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17 17
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index dbfb05798..b3558a038 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -2,17 +2,17 @@
2# Description: Window matching daemon 2# Description: Window matching daemon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/devilspie.local 5include devilspie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.devilspie 9noblacklist ${HOME}/.devilspie
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index 3a9a9659a..4ab2634e8 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -2,17 +2,17 @@
2# Description: Window matching daemon (Lua) 2# Description: Window matching daemon (Lua)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/devilspie2.local 5include devilspie2.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/devilspie2 9noblacklist ${HOME}/.config/devilspie2
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index da59fc71a..b0226f1e9 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dex2jar.local 5include dex2jar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow access to java 9# Allow access to java
10noblacklist ${PATH}/java 10noblacklist ${PATH}/java
@@ -12,14 +12,14 @@ noblacklist /usr/lib/java
12noblacklist /etc/java 12noblacklist /etc/java
13noblacklist /usr/share/java 13noblacklist /usr/share/java
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25net none 25net none
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/dia.profile b/etc/dia.profile
index fdc40980f..a0075acaf 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -2,19 +2,19 @@
2# Description: Diagram editor 2# Description: Diagram editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dia.local 5include dia.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dia 9noblacklist ${HOME}/.dia
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/dig.profile b/etc/dig.profile
index 4b6ab0975..a27ae6be4 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -2,20 +2,20 @@ quiet
2# Firejail profile for dig 2# Firejail profile for dig
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dig.local 5include dig.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11# include /etc/firejail/disable-interpreters.inc 11# include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14#include /etc/firejail/disable-xdg.inc 14#include disable-xdg.inc
15 15
16whitelist ~/.digrc 16whitelist ~/.digrc
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21# ipc-namespace 21# ipc-namespace
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 470f60779..ccc0a6544 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -2,9 +2,9 @@
2# Description: Digital photo management application for KDE 2# Description: Digital photo management application for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/digikam.local 5include digikam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/digikam 9noblacklist ${HOME}/.config/digikam
10noblacklist ${HOME}/.config/digikamrc 10noblacklist ${HOME}/.config/digikamrc
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.kde/share/apps/digikam
12noblacklist ${HOME}/.kde4/share/apps/digikam 12noblacklist ${HOME}/.kde4/share/apps/digikam
13noblacklist ${PICTURES} 13noblacklist ${PICTURES}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 8c3da1b3e..7103d0285 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -2,25 +2,25 @@
2# Description: Small and fast web browser 2# Description: Small and fast web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dillo.local 5include dillo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dillo 9noblacklist ${HOME}/.dillo
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.dillo 17mkdir ${HOME}/.dillo
18mkdir ${HOME}/.fltk 18mkdir ${HOME}/.fltk
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.dillo 20whitelist ${HOME}/.dillo
21whitelist ${HOME}/.fltk 21whitelist ${HOME}/.fltk
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -28,6 +28,7 @@ nodvd
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
33tracelog 34tracelog
diff --git a/etc/dino.profile b/etc/dino.profile
index a39ec8931..9844ce81a 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -1,22 +1,22 @@
1# Firejail profile for dino 1# Firejail profile for dino
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dino.local 4include dino.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/dino 8noblacklist ${HOME}/.local/share/dino
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.local/share/dino 16mkdir ${HOME}/.local/share/dino
17whitelist ${HOME}/.local/share/dino 17whitelist ${HOME}/.local/share/dino
18whitelist ${HOME}/Downloads 18whitelist ${HOME}/Downloads
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ceca17826..e6ba99874 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-common.local 3include disable-common.local
4 4
5# History files in $HOME and clipboard managers 5# History files in $HOME and clipboard managers
6blacklist-nolog ${HOME}/.*_history 6blacklist-nolog ${HOME}/.*_history
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc
index 627856803..5c41692da 100644
--- a/etc/disable-devel.inc
+++ b/etc/disable-devel.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-devel.local 3include disable-devel.local
4 4
5# development tools 5# development tools
6 6
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc
index 0e0caade1..0d5f5737e 100644
--- a/etc/disable-interpreters.inc
+++ b/etc/disable-interpreters.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-interpreters.local 3include disable-interpreters.local
4 4
5# Lua 5# Lua
6blacklist ${PATH}/lua* 6blacklist ${PATH}/lua*
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 6ef11780e..72e1a66ee 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -1,7 +1,8 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-passwdmgr.local 3include disable-passwdmgr.local
4 4
5blacklist ${HOME}/.config/Bitwarden
5blacklist ${HOME}/.config/KeePass 6blacklist ${HOME}/.config/KeePass
6blacklist ${HOME}/.config/keepass 7blacklist ${HOME}/.config/keepass
7blacklist ${HOME}/.config/keepassx 8blacklist ${HOME}/.config/keepassx
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 251362b77..edf3c7be5 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -1,8 +1,9 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-programs.local 3include disable-programs.local
4 4
5blacklist ${HOME}/Monero/wallets 5blacklist ${HOME}/Monero/wallets
6blacklist ${HOME}/Nextcloud/Notes
6blacklist ${HOME}/Standard Notes Backups 7blacklist ${HOME}/Standard Notes Backups
7blacklist ${HOME}/snap 8blacklist ${HOME}/snap
8blacklist ${HOME}/.*coin 9blacklist ${HOME}/.*coin
@@ -52,6 +53,7 @@ blacklist ${HOME}/.config/Beaker Browser
52blacklist ${HOME}/.config/Brackets 53blacklist ${HOME}/.config/Brackets
53blacklist ${HOME}/.config/Clementine 54blacklist ${HOME}/.config/Clementine
54blacklist ${HOME}/.config/Code 55blacklist ${HOME}/.config/Code
56blacklist ${HOME}/.config/Code Industry
55blacklist ${HOME}/.config/Cryptocat 57blacklist ${HOME}/.config/Cryptocat
56blacklist ${HOME}/.config/Franz 58blacklist ${HOME}/.config/Franz
57blacklist ${HOME}/.config/FreeCAD 59blacklist ${HOME}/.config/FreeCAD
@@ -72,7 +74,9 @@ blacklist ${HOME}/.config/Mumble
72blacklist ${HOME}/.config/MusE 74blacklist ${HOME}/.config/MusE
73blacklist ${HOME}/.config/MuseScore 75blacklist ${HOME}/.config/MuseScore
74blacklist ${HOME}/.config/MusicBrainz 76blacklist ${HOME}/.config/MusicBrainz
77blacklist ${HOME}/.config/Nathan Osman
75blacklist ${HOME}/.config/Nylas Mail 78blacklist ${HOME}/.config/Nylas Mail
79blacklist ${HOME}/.config/PBE
76blacklist ${HOME}/.config/Qlipper 80blacklist ${HOME}/.config/Qlipper
77blacklist ${HOME}/.config/QMediathekView 81blacklist ${HOME}/.config/QMediathekView
78blacklist ${HOME}/.config/QuiteRss 82blacklist ${HOME}/.config/QuiteRss
@@ -91,6 +95,7 @@ blacklist ${HOME}/.config/akregatorrc
91blacklist ${HOME}/.config/ardour4 95blacklist ${HOME}/.config/ardour4
92blacklist ${HOME}/.config/ardour5 96blacklist ${HOME}/.config/ardour5
93blacklist ${HOME}/.config/arkrc 97blacklist ${HOME}/.config/arkrc
98blacklist ${HOME}/.config/artha.conf
94blacklist ${HOME}/.config/asunder 99blacklist ${HOME}/.config/asunder
95blacklist ${HOME}/.config/atril 100blacklist ${HOME}/.config/atril
96blacklist ${HOME}/.config/audacious 101blacklist ${HOME}/.config/audacious
@@ -142,6 +147,7 @@ blacklist ${HOME}/.config/ghb
142blacklist ${HOME}/.config/globaltime 147blacklist ${HOME}/.config/globaltime
143blacklist ${HOME}/.config/gnome-mplayer 148blacklist ${HOME}/.config/gnome-mplayer
144blacklist ${HOME}/.config/gnome-mpv 149blacklist ${HOME}/.config/gnome-mpv
150blacklist ${HOME}/.config/gnome-pie
145blacklist ${HOME}/.config/google-chrome 151blacklist ${HOME}/.config/google-chrome
146blacklist ${HOME}/.config/google-chrome-beta 152blacklist ${HOME}/.config/google-chrome-beta
147blacklist ${HOME}/.config/google-chrome-unstable 153blacklist ${HOME}/.config/google-chrome-unstable
@@ -191,6 +197,7 @@ blacklist ${HOME}/.config/nautilus
191blacklist ${HOME}/.config/nemo 197blacklist ${HOME}/.config/nemo
192blacklist ${HOME}/.config/netsurf 198blacklist ${HOME}/.config/netsurf
193blacklist ${HOME}/.config/nheko 199blacklist ${HOME}/.config/nheko
200blacklist ${HOME}/.config/NitroShare
194blacklist ${HOME}/.config/okularpartrc 201blacklist ${HOME}/.config/okularpartrc
195blacklist ${HOME}/.config/okularrc 202blacklist ${HOME}/.config/okularrc
196blacklist ${HOME}/.config/onionshare 203blacklist ${HOME}/.config/onionshare
@@ -368,6 +375,7 @@ blacklist ${HOME}/.local/share/3909/PapersPlease
368blacklist ${HOME}/.local/share/Empathy 375blacklist ${HOME}/.local/share/Empathy
369blacklist ${HOME}/.local/share/JetBrains 376blacklist ${HOME}/.local/share/JetBrains
370blacklist ${HOME}/.local/share/Mumble 377blacklist ${HOME}/.local/share/Mumble
378blacklist ${HOME}/.local/share/PBE
371blacklist ${HOME}/.local/share/QMediathekView 379blacklist ${HOME}/.local/share/QMediathekView
372blacklist ${HOME}/.local/share/QuiteRss 380blacklist ${HOME}/.local/share/QuiteRss
373blacklist ${HOME}/.local/share/Ricochet 381blacklist ${HOME}/.local/share/Ricochet
@@ -458,6 +466,7 @@ blacklist ${HOME}/.local/share/xplayer
458blacklist ${HOME}/.local/share/xreader 466blacklist ${HOME}/.local/share/xreader
459blacklist ${HOME}/.local/share/zathura 467blacklist ${HOME}/.local/share/zathura
460blacklist ${HOME}/.lv2 468blacklist ${HOME}/.lv2
469blacklist ${HOME}/.masterpdfeditor
461blacklist ${HOME}/.mcabber 470blacklist ${HOME}/.mcabber
462blacklist ${HOME}/.mcabberrc 471blacklist ${HOME}/.mcabberrc
463blacklist ${HOME}/.mediathek3 472blacklist ${HOME}/.mediathek3
diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc
index 519f00afb..22acf272d 100644
--- a/etc/disable-xdg.inc
+++ b/etc/disable-xdg.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/disable-xdg.local 3include disable-xdg.local
4 4
5blacklist ${DOCUMENTS} 5blacklist ${DOCUMENTS}
6blacklist ${MUSIC} 6blacklist ${MUSIC}
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile
index b6958cbd3..12b5433b2 100644
--- a/etc/discord-canary.profile
+++ b/etc/discord-canary.profile
@@ -1,9 +1,9 @@
1# Firejail profile for discord-canary 1# Firejail profile for discord-canary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord-canary.local 4include discord-canary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discordcanary 9noblacklist ${HOME}/.config/discordcanary
@@ -15,4 +15,4 @@ private-bin discord-canary
15private-opt discord-canary 15private-opt discord-canary
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index babef37b1..9c6a40e8a 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -1,15 +1,15 @@
1# Firejail profile for discord 1# Firejail profile for discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord-common.local 4include discord-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14whitelist ${DOWNLOADS} 14whitelist ${DOWNLOADS}
15 15
@@ -20,6 +20,7 @@ nogroups
20nonewprivs 20nonewprivs
21noroot 21noroot
22notv 22notv
23nou2f
23novideo 24novideo
24protocol unix,inet,inet6,netlink 25protocol unix,inet,inet6,netlink
25seccomp 26seccomp
diff --git a/etc/discord.profile b/etc/discord.profile
index 63aed5eca..62c4a5658 100644
--- a/etc/discord.profile
+++ b/etc/discord.profile
@@ -1,9 +1,9 @@
1# Firejail profile for discord 1# Firejail profile for discord
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/discord.local 4include discord.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.config/discord 9noblacklist ${HOME}/.config/discord
@@ -15,4 +15,4 @@ private-bin discord
15private-opt discord 15private-opt discord
16 16
17#Redirect 17#Redirect
18include /etc/firejail/discord-common.profile 18include discord-common.profile
diff --git a/etc/display.profile b/etc/display.profile
index 41a426375..3182aebbe 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -1,9 +1,9 @@
1# Firejail profile for display 1# Firejail profile for display
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/display.local 4include display.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${PICTURES} 8noblacklist ${PICTURES}
9 9
@@ -13,14 +13,14 @@ noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2* 13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix 35protocol unix
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/dnox.profile b/etc/dnox.profile
index 505884ca6..e02395771 100644
--- a/etc/dnox.profile
+++ b/etc/dnox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for dnox 1# Firejail profile for dnox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dnox.local 4include dnox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/dnox 8noblacklist ${HOME}/.cache/dnox
9noblacklist ${HOME}/.config/dnox 9noblacklist ${HOME}/.config/dnox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/dnox
14whitelist ${HOME}/.config/dnox 14whitelist ${HOME}/.config/dnox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index ce73d7e72..0dc0cc793 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -2,21 +2,21 @@
2# Description: Tool for securing communications between a client and a DNS resolver 2# Description: Tool for securing communications between a client and a DNS resolver
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dnscrypt-proxy.local 5include dnscrypt-proxy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot 21caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
22no3d 22no3d
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open 29seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
29 30
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index d68806945..bb41b71d1 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -2,21 +2,21 @@
2# Description: Small caching DNS proxy and DHCP/TFTP server 2# Description: Small caching DNS proxy and DHCP/TFTP server
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dnsmasq.local 5include dnsmasq.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.keep net_admin,net_bind_service,net_raw,setgid,setuid 21caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
22no3d 22no3d
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6,netlink 29protocol unix,inet,inet6,netlink
29seccomp 30seccomp
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index 819998edf..936876ddf 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -2,9 +2,9 @@
2# Description: File manager 2# Description: File manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dolphin.local 5include dolphin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 9# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
10 10
@@ -13,12 +13,12 @@ noblacklist ${HOME}/.local/share/Trash
13# noblacklist ${HOME}/.config/dolphinrc 13# noblacklist ${HOME}/.config/dolphinrc
14# noblacklist ${HOME}/.local/share/dolphin 14# noblacklist ${HOME}/.local/share/dolphin
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files 20# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
21# include /etc/firejail/disable-programs.inc 21# include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
index 4e1227a0f..075a24c92 100644
--- a/etc/dooble-qt4.profile
+++ b/etc/dooble-qt4.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/dooble.profile 6include dooble.profile
diff --git a/etc/dooble.profile b/etc/dooble.profile
index df68a4aef..bc4a4c348 100644
--- a/etc/dooble.profile
+++ b/etc/dooble.profile
@@ -1,23 +1,23 @@
1# Firejail profile for dooble 1# Firejail profile for dooble
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dooble-qt4.local 4include dooble-qt4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.dooble 9noblacklist ${HOME}/.dooble
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.dooble 17mkdir ${HOME}/.dooble
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.dooble 19whitelist ${HOME}/.dooble
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
index 319daf407..17ccc9b9a 100644
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@@ -2,21 +2,21 @@
2# Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS 2# Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dosbox.local 5include dosbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.dosbox 9noblacklist ${HOME}/.dosbox
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/dragon.profile b/etc/dragon.profile
index 9f41bf87a..cdf941acd 100644
--- a/etc/dragon.profile
+++ b/etc/dragon.profile
@@ -2,22 +2,22 @@
2# Description: A multimedia player where the focus is on simplicity, instead of features 2# Description: A multimedia player where the focus is on simplicity, instead of features
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/dragon.local 5include dragon.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/dragonplayerrc 9noblacklist ${HOME}/.config/dragonplayerrc
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index 24b69e118..1b242d422 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -1,19 +1,19 @@
1# Firejail profile for dropbox 1# Firejail profile for dropbox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/dropbox.local 4include dropbox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9noblacklist ${HOME}/.dropbox 9noblacklist ${HOME}/.dropbox
10noblacklist ${HOME}/.dropbox-dist 10noblacklist ${HOME}/.dropbox-dist
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.dropbox 18mkdir ${HOME}/.dropbox
19mkdir ${HOME}/.dropbox-dist 19mkdir ${HOME}/.dropbox-dist
@@ -23,7 +23,7 @@ whitelist ${HOME}/.config/autostart/dropbox.desktop
23whitelist ${HOME}/.dropbox 23whitelist ${HOME}/.dropbox
24whitelist ${HOME}/.dropbox-dist 24whitelist ${HOME}/.dropbox-dist
25whitelist ${HOME}/Dropbox 25whitelist ${HOME}/Dropbox
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 6fac08a5d..ddf967e55 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -2,17 +2,17 @@
2# Description: Control your desktop using mouse gestures 2# Description: Control your desktop using mouse gestures
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/easystroke.local 5include easystroke.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.easystroke 9noblacklist ${HOME}/.easystroke
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile
index 1e28b854a..b2fd635b1 100644
--- a/etc/ebook-viewer.profile
+++ b/etc/ebook-viewer.profile
@@ -5,4 +5,4 @@ net none
5nodbus 5nodbus
6 6
7# Redirect 7# Redirect
8include /etc/firejail/calibre.profile 8include calibre.profile
diff --git a/etc/electron.profile b/etc/electron.profile
index ccfde78bb..c24100f17 100644
--- a/etc/electron.profile
+++ b/etc/electron.profile
@@ -2,13 +2,13 @@
2# Description: Build cross platform desktop apps with web technologies 2# Description: Build cross platform desktop apps with web technologies
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/electron.local 5include electron.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-passwdmgr.inc 10include disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13whitelist ${DOWNLOADS} 13whitelist ${DOWNLOADS}
14 14
diff --git a/etc/electrum.profile b/etc/electrum.profile
index b3e1ab36f..d24a31299 100644
--- a/etc/electrum.profile
+++ b/etc/electrum.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight Bitcoin wallet 2# Description: Lightweight Bitcoin wallet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/electrum.local 5include electrum.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.electrum 9noblacklist ${HOME}/.electrum
10 10
@@ -14,17 +14,17 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.electrum 24mkdir ${HOME}/.electrum
25whitelist ${HOME}/.electrum 25whitelist ${HOME}/.electrum
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
@@ -37,6 +37,7 @@ nonewprivs
37noroot 37noroot
38nosound 38nosound
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/elinks.profile b/etc/elinks.profile
index bafc19e1a..6643c5fda 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -2,20 +2,20 @@
2# Description: Advanced text-mode WWW browser 2# Description: Advanced text-mode WWW browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/elinks.local 5include elinks.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.elinks 11noblacklist ${HOME}/.elinks
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/emacs.profile b/etc/emacs.profile
index 90b25bfcf..c2057f6fb 100644
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@@ -2,16 +2,16 @@
2# Description: GNU Emacs editor 2# Description: GNU Emacs editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/emacs.local 5include emacs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.emacs 9noblacklist ${HOME}/.emacs
10noblacklist ${HOME}/.emacs.d 10noblacklist ${HOME}/.emacs.d
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 007b51c35..5ca640d30 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -2,15 +2,15 @@
2# Description: GNOME multi-protocol chat and call client 2# Description: GNOME multi-protocol chat and call client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/empathy.local 5include empathy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/enchant-2.profile b/etc/enchant-2.profile
index ba7573289..295d74a38 100644
--- a/etc/enchant-2.profile
+++ b/etc/enchant-2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-2 1# Firejail profile for enchant-2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-2.local 4include enchant-2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant-lsmod-2.profile b/etc/enchant-lsmod-2.profile
index 1b646eef6..991ea63ef 100644
--- a/etc/enchant-lsmod-2.profile
+++ b/etc/enchant-lsmod-2.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-lsmod-2 1# Firejail profile for enchant-lsmod-2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-lsmod-2.local 4include enchant-lsmod-2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant-lsmod.profile b/etc/enchant-lsmod.profile
index 3452b0421..d7bcae6a0 100644
--- a/etc/enchant-lsmod.profile
+++ b/etc/enchant-lsmod.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enchant-lsmod 1# Firejail profile for enchant-lsmod
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enchant-lsmod.local 4include enchant-lsmod.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/enchant.profile 9include enchant.profile
diff --git a/etc/enchant.profile b/etc/enchant.profile
index cf7d76b4c..e29e542ab 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -2,18 +2,18 @@
2# Description: Wrapper for various spell checker engines 2# Description: Wrapper for various spell checker engines
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/enchant.local 5include enchant.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index eaf246d3c..b9f2632c4 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -2,17 +2,17 @@
2# Description: Archive manager for MATE 2# Description: Archive manager for MATE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/engrampa.local 5include engrampa.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17apparmor 17apparmor
18caps.drop all 18caps.drop all
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/enox.profile b/etc/enox.profile
index 46f409346..d8ac8b24a 100644
--- a/etc/enox.profile
+++ b/etc/enox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for enox 1# Firejail profile for enox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/enox.local 4include enox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/Enox 8noblacklist ${HOME}/.cache/Enox
9noblacklist ${HOME}/.config/Enox 9noblacklist ${HOME}/.config/Enox
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/Enox
16whitelist ${HOME}/.config/Enox 16whitelist ${HOME}/.config/Enox
17 17
18# Redirect 18# Redirect
19include /etc/firejail/chromium-common.profile 19include chromium-common.profile
diff --git a/etc/enpass.profile b/etc/enpass.profile
index 3a30f8b04..3208c9454 100644
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@@ -1,20 +1,20 @@
1# This file is overwritten after every install/update. 1# This file is overwritten after every install/update.
2# Persistent local customisations 2# Persistent local customisations
3include /etc/firejail/enpass.local 3include enpass.local
4# Persistent global definitions 4# Persistent global definitions
5include /etc/firejail/globals.local 5include globals.local
6 6
7noblacklist ${HOME}/.config/Sinew Software Systems 7noblacklist ${HOME}/.config/Sinew Software Systems
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20machine-id 20machine-id
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/eog.profile b/etc/eog.profile
index 017fe5c75..8cb64009c 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -2,22 +2,22 @@
2# Description: Eye of GNOME graphics viewer program 2# Description: Eye of GNOME graphics viewer program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/eog.local 5include eog.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.config/eog 10noblacklist ${HOME}/.config/eog
11noblacklist ${HOME}/.local/share/Trash 11noblacklist ${HOME}/.local/share/Trash
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22# apparmor - makes settings immutable 22# apparmor - makes settings immutable
23caps.drop all 23caps.drop all
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/eom.profile b/etc/eom.profile
index a0ce712c8..7d84cd3b4 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -2,22 +2,22 @@
2# Description: Eye of MATE graphics viewer program 2# Description: Eye of MATE graphics viewer program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/eom.local 5include eom.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.config/mate/eom 10noblacklist ${HOME}/.config/mate/eom
11noblacklist ${HOME}/.local/share/Trash 11noblacklist ${HOME}/.local/share/Trash
12noblacklist ${HOME}/.steam 12noblacklist ${HOME}/.steam
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22# apparmor - makes settings immutable 22# apparmor - makes settings immutable
23caps.drop all 23caps.drop all
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
index b04cf72b4..6868ca391 100644
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@@ -2,18 +2,18 @@
2# Description: Clone of Boulder Dash game 2# Description: Clone of Boulder Dash game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/epiphany.local 5include epiphany.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/epiphany 9noblacklist ${HOME}/.cache/epiphany
10noblacklist ${HOME}/.config/epiphany 10noblacklist ${HOME}/.config/epiphany
11noblacklist ${HOME}/.local/share/epiphany 11noblacklist ${HOME}/.local/share/epiphany
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/epiphany 18mkdir ${HOME}/.cache/epiphany
19mkdir ${HOME}/.config/epiphany 19mkdir ${HOME}/.config/epiphany
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/epiphany 22whitelist ${HOME}/.cache/epiphany
23whitelist ${HOME}/.config/epiphany 23whitelist ${HOME}/.config/epiphany
24whitelist ${HOME}/.local/share/epiphany 24whitelist ${HOME}/.local/share/epiphany
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/etr.profile b/etc/etr.profile
index 5c01636cc..6c3db897b 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -1,20 +1,20 @@
1# Firejail profile for etr 1# Firejail profile for etr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/etr.local 4include etr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.etr 8noblacklist ${HOME}/.etr
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14mkdir ${HOME}/.etr 14mkdir ${HOME}/.etr
15whitelist ${HOME}/.etr 15whitelist ${HOME}/.etr
16include /etc/firejail/whitelist-common.inc 16include whitelist-common.inc
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27protocol unix,netlink 28protocol unix,netlink
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile
index d5bc6db33..e43bb2da8 100644
--- a/etc/evince-previewer.profile
+++ b/etc/evince-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for evince-previewer 1# Firejail profile for evince-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/evince-previewer.local 4include evince-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/evince.profile 10include evince.profile
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile
index abc21632d..4036e1ecb 100644
--- a/etc/evince-thumbnailer.profile
+++ b/etc/evince-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for evince-thumbnailer 1# Firejail profile for evince-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/evince-thumbnailer.local 4include evince-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/evince.profile 10include evince.profile
diff --git a/etc/evince.profile b/etc/evince.profile
index ea46ccc40..1702daeff 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -2,21 +2,21 @@
2# Description: Document (PostScript, PDF) viewer 2# Description: Document (PostScript, PDF) viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/evince.local 5include evince.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/evince 9noblacklist ${HOME}/.config/evince
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/evolution.profile b/etc/evolution.profile
index f691b3c3d..1cce0656c 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -2,9 +2,9 @@
2# Description: Groupware suite with mail client and organizer 2# Description: Groupware suite with mail client and organizer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/evolution.local 5include evolution.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist /var/mail 9noblacklist /var/mail
10noblacklist /var/spool/mail 10noblacklist /var/spool/mail
@@ -15,11 +15,11 @@ noblacklist ${HOME}/.gnupg
15noblacklist ${HOME}/.local/share/evolution 15noblacklist ${HOME}/.local/share/evolution
16noblacklist ${HOME}/.pki 16noblacklist ${HOME}/.pki
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 2666397f4..3eac35bac 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/exiftool.local 5include exiftool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -13,11 +13,11 @@ noblacklist ${PATH}/perl
13noblacklist /usr/lib/perl* 13noblacklist /usr/lib/perl*
14noblacklist /usr/share/perl* 14noblacklist /usr/share/perl*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23net none 23net none
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/falkon.profile b/etc/falkon.profile
index 41e1386dd..9fd446fe1 100644
--- a/etc/falkon.profile
+++ b/etc/falkon.profile
@@ -2,24 +2,24 @@
2# Description: Lightweight web browser based on Qt WebEngine 2# Description: Lightweight web browser based on Qt WebEngine
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/falkon.local 5include falkon.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/falkon 9noblacklist ${HOME}/.cache/falkon
10noblacklist ${HOME}/.config/falkon 10noblacklist ${HOME}/.config/falkon
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.cache/falkon 19whitelist ${HOME}/.cache/falkon
20whitelist ${HOME}/.config/falkon 20whitelist ${HOME}/.config/falkon
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32# blacklisting of chroot system calls breaks falkon 33# blacklisting of chroot system calls breaks falkon
33seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 34seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index c5afde9ec..701f14dce 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -2,21 +2,21 @@
2# Description: E-book reader 2# Description: E-book reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fbreader.local 5include fbreader.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.FBReader 9noblacklist ${HOME}/.FBReader
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/feh.profile b/etc/feh.profile
index 197581ae7..ddf0fa154 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -2,15 +2,15 @@
2# Description: imlib2 based image viewer 2# Description: imlib2 based image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/feh.local 5include feh.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16net none 16net none
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix 27protocol unix
27seccomp 28seccomp
diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile
index d9b347d70..46d0bd08e 100644
--- a/etc/fetchmail.profile
+++ b/etc/fetchmail.profile
@@ -2,18 +2,18 @@
2# Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder 2# Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fetchmail.local 5include fetchmail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.fetchmailrc 9noblacklist ${HOME}/.fetchmailrc
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index 09574ffb7..8aa6198df 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/ffmpeg.local 6include ffmpeg.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -22,6 +22,7 @@ nodbus
22nodvd 22nodvd
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26nonewprivs 27nonewprivs
27noroot 28noroot
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 11883f03e..d79b4de4b 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -2,17 +2,17 @@
2# Description: Archive manager for GNOME 2# Description: Archive manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/file-roller.local 5include file-roller.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17apparmor 17apparmor
18caps.drop all 18caps.drop all
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/file.profile b/etc/file.profile
index fbeea83a8..daf2a524e 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -3,15 +3,15 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/file.local 6include file.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17hostname file 17hostname file
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 7a5ad4301..2e77937ea 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -2,9 +2,9 @@
2# Description: Full-featured graphical FTP/FTPS/SFTP client 2# Description: Full-featured graphical FTP/FTPS/SFTP client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/filezilla.local 5include filezilla.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/filezilla 9noblacklist ${HOME}/.config/filezilla
10noblacklist ${HOME}/.filezilla 10noblacklist ${HOME}/.filezilla
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile
index f9924fee5..ee158703d 100644
--- a/etc/firefox-beta.profile
+++ b/etc/firefox-beta.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-beta 1# Firejail profile for firefox-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-beta.local 4include firefox-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc
index f5fd4aa5b..7a0c3e99f 100644
--- a/etc/firefox-common-addons.inc
+++ b/etc/firefox-common-addons.inc
@@ -1,6 +1,6 @@
1# This file is overwritten during software install. 1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include /etc/firejail/firefox-common-addons.local 3include firefox-common-addons.local
4 4
5noblacklist ${HOME}/.config/kgetrc 5noblacklist ${HOME}/.config/kgetrc
6noblacklist ${HOME}/.config/okularpartrc 6noblacklist ${HOME}/.config/okularpartrc
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 8ed26e22f..253f1b3bd 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -1,26 +1,26 @@
1# Firejail profile for firefox-common 1# Firejail profile for firefox-common
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-common.local 4include firefox-common.local
5# Persistent global definitions 5# Persistent global definitions
6# already included by caller profile 6# already included by caller profile
7#include /etc/firejail/globals.local 7#include globals.local
8 8
9# uncomment the following line to allow access to common programs/addons/plugins 9# uncomment the following line to allow access to common programs/addons/plugins
10#include /etc/firejail/firefox-common-addons.inc 10#include firefox-common-addons.inc
11 11
12noblacklist ${HOME}/.pki 12noblacklist ${HOME}/.pki
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.pki 19mkdir ${HOME}/.pki
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.pki 21whitelist ${HOME}/.pki
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
26caps.drop all 26caps.drop all
@@ -35,6 +35,7 @@ nogroups
35nonewprivs 35nonewprivs
36noroot 36noroot
37notv 37notv
38nou2f
38protocol unix,inet,inet6,netlink 39protocol unix,inet,inet6,netlink
39seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 40seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
40shell none 41shell none
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile
index 7458d9e10..56a0485cb 100644
--- a/etc/firefox-developer-edition.profile
+++ b/etc/firefox-developer-edition.profile
@@ -2,10 +2,10 @@
2# Description: Developer Edition of the popular Firefox web browser 2# Description: Developer Edition of the popular Firefox web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/firefox-developer-edition.local 5include firefox-developer-edition.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/firefox.profile 11include firefox.profile
diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile
index 9821c7150..0ba04d9c1 100644
--- a/etc/firefox-esr.profile
+++ b/etc/firefox-esr.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-esr 1# Firejail profile for firefox-esr
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-esr.local 4include firefox-esr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile
index 302f6eb24..6f3838e33 100644
--- a/etc/firefox-nightly.profile
+++ b/etc/firefox-nightly.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-nightly 1# Firejail profile for firefox-nightly
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-nightly.local 4include firefox-nightly.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile
index 806d50e31..e47ca32f9 100644
--- a/etc/firefox-wayland.profile
+++ b/etc/firefox-wayland.profile
@@ -1,10 +1,10 @@
1# Firejail profile for firefox-wayland 1# Firejail profile for firefox-wayland
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/firefox-wayland.local 4include firefox-wayland.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/firefox.profile 10include firefox.profile
diff --git a/etc/firefox.profile b/etc/firefox.profile
index c968e964e..830bbc6a7 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -2,9 +2,9 @@
2# Description: Safe and easy web browser from Mozilla 2# Description: Safe and easy web browser from Mozilla
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/firefox.local 5include firefox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
@@ -20,4 +20,4 @@ whitelist ${HOME}/.mozilla
20#private-etc firefox 20#private-etc firefox
21 21
22# Redirect 22# Redirect
23include /etc/firejail/firefox-common.profile 23include firefox-common.profile
diff --git a/etc/firejail.config b/etc/firejail.config
index 91a03f095..d7106e76c 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -22,7 +22,8 @@
22# dbus yes 22# dbus yes
23 23
24# Disable /mnt, /media, /run/mount and /run/media access. By default access 24# Disable /mnt, /media, /run/mount and /run/media access. By default access
25# to these directories is enabled. 25# to these directories is enabled. Unlike --disable-mnt profile option this
26# cannot be overridden by --noblacklist.
26# disable-mnt no 27# disable-mnt no
27 28
28# Enable or disable file transfer support, default enabled. 29# Enable or disable file transfer support, default enabled.
diff --git a/etc/flameshot.profile b/etc/flameshot.profile
index e4987280a..32e416b34 100644
--- a/etc/flameshot.profile
+++ b/etc/flameshot.profile
@@ -2,18 +2,18 @@
2# Description: Powerful yet simple-to-use screenshot software 2# Description: Powerful yet simple-to-use screenshot software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/flameshot.local 5include flameshot.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index 63f9d19a9..b841bce75 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -1,9 +1,9 @@
1# Firejail profile for flashpeak-slimjet 1# Firejail profile for flashpeak-slimjet
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/flashpeak-slimjet.local 4include flashpeak-slimjet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/slimjet 8noblacklist ${HOME}/.cache/slimjet
9noblacklist ${HOME}/.config/slimjet 9noblacklist ${HOME}/.config/slimjet
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/slimjet
14whitelist ${HOME}/.config/slimjet 14whitelist ${HOME}/.config/slimjet
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index bc95a2b51..4628b85ee 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -2,9 +2,9 @@
2# Description: Non-linear video editor 2# Description: Non-linear video editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/flowblade.local 5include flowblade.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/flowblade 9noblacklist ${HOME}/.config/flowblade
10noblacklist ${HOME}/.flowblade 10noblacklist ${HOME}/.flowblade
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile
index 5fafef95a..c296c0491 100644
--- a/etc/fluxbox.profile
+++ b/etc/fluxbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fluxbox.local 5include fluxbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.fluxbox 10noblacklist ${HOME}/.fluxbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
index 2ae80964d..2a833de06 100644
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@@ -2,9 +2,9 @@
2# Description: Font editor 2# Description: Font editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/fontforge.local 5include fontforge.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.FontForge 9noblacklist ${HOME}/.FontForge
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/fossamail.profile b/etc/fossamail.profile
index 4316c0988..e821f6f65 100644
--- a/etc/fossamail.profile
+++ b/etc/fossamail.profile
@@ -1,9 +1,9 @@
1# Firejail profile for fossamail 1# Firejail profile for fossamail
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/fossamail.local 4include fossamail.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/fossamail 8noblacklist ${HOME}/.cache/fossamail
9noblacklist ${HOME}/.fossamail 9noblacklist ${HOME}/.fossamail
@@ -15,8 +15,8 @@ mkdir ${HOME}/.gnupg
15whitelist ${HOME}/.cache/fossamail 15whitelist ${HOME}/.cache/fossamail
16whitelist ${HOME}/.fossamail 16whitelist ${HOME}/.fossamail
17whitelist ${HOME}/.gnupg 17whitelist ${HOME}/.gnupg
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20# allow browsers 20# allow browsers
21# Redirect 21# Redirect
22include /etc/firejail/firefox.profile 22include firefox.profile
diff --git a/etc/franz.profile b/etc/franz.profile
index fbe1c0f65..5ce8954c4 100644
--- a/etc/franz.profile
+++ b/etc/franz.profile
@@ -1,18 +1,18 @@
1# Firejail profile for franz 1# Firejail profile for franz
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/franz.local 4include franz.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/Franz 8noblacklist ${HOME}/.cache/Franz
9noblacklist ${HOME}/.config/Franz 9noblacklist ${HOME}/.config/Franz
10noblacklist ${HOME}/.pki 10noblacklist ${HOME}/.pki
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/Franz 17mkdir ${HOME}/.cache/Franz
18mkdir ${HOME}/.config/Franz 18mkdir ${HOME}/.config/Franz
@@ -21,7 +21,7 @@ whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/Franz 21whitelist ${HOME}/.cache/Franz
22whitelist ${HOME}/.config/Franz 22whitelist ${HOME}/.config/Franz
23whitelist ${HOME}/.pki 23whitelist ${HOME}/.pki
24include /etc/firejail/whitelist-common.inc 24include whitelist-common.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33protocol unix,inet,inet6,netlink 34protocol unix,inet,inet6,netlink
34seccomp 35seccomp
35shell none 36shell none
diff --git a/etc/freecad.profile b/etc/freecad.profile
index 934f1d0fb..11fe3245c 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -2,19 +2,19 @@
2# Description: Extensible Open Source CAx program 2# Description: Extensible Open Source CAx program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/freecad.local 5include freecad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/FreeCAD 9noblacklist ${HOME}/.config/FreeCAD
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile
index f8bbff593..d98b05e65 100644
--- a/etc/freecadcmd.profile
+++ b/etc/freecadcmd.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/freecad.profile 6include freecad.profile
diff --git a/etc/freshclam.profile b/etc/freshclam.profile
index 4e224dd3e..2dd55d8cc 100644
--- a/etc/freshclam.profile
+++ b/etc/freshclam.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/clamav.local 5include clamav.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10caps.keep setgid,setuid 10caps.keep setgid,setuid
@@ -16,6 +16,7 @@ nogroups
16nonewprivs 16nonewprivs
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20protocol unix,inet,inet6 21protocol unix,inet,inet6
21seccomp 22seccomp
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 279e5d403..3697252e7 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -2,22 +2,22 @@
2# Description: Cool game where you pop out the bubbles 2# Description: Cool game where you pop out the bubbles
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/frozen-bubble.local 5include frozen-bubble.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.frozen-bubble 9noblacklist ${HOME}/.frozen-bubble
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.frozen-bubble 17mkdir ${HOME}/.frozen-bubble
18whitelist ${HOME}/.frozen-bubble 18whitelist ${HOME}/.frozen-bubble
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23net none 23net none
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30protocol unix,netlink 31protocol unix,netlink
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 90ba59954..b60437c6e 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -2,9 +2,9 @@
2# Description: GTK+-based Jabber client 2# Description: GTK+-based Jabber client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gajim.local 5include gajim.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gajim 9noblacklist ${HOME}/.cache/gajim
10noblacklist ${HOME}/.config/gajim 10noblacklist ${HOME}/.config/gajim
@@ -15,11 +15,11 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16noblacklist /usr/lib64/python3* 16noblacklist /usr/lib64/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.cache/gajim 24mkdir ${HOME}/.cache/gajim
25mkdir ${HOME}/.config/gajim 25mkdir ${HOME}/.config/gajim
@@ -29,7 +29,7 @@ whitelist ${HOME}/.cache/gajim
29whitelist ${HOME}/.config/gajim 29whitelist ${HOME}/.config/gajim
30whitelist ${HOME}/.local/share/gajim 30whitelist ${HOME}/.local/share/gajim
31whitelist ${HOME}/Downloads 31whitelist ${HOME}/Downloads
32include /etc/firejail/whitelist-common.inc 32include whitelist-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
@@ -38,6 +38,7 @@ nogroups
38nonewprivs 38nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
43 44
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 699fb7d78..323c880a8 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -2,22 +2,22 @@
2# Description: Scientific calculator 2# Description: Scientific calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/galculator.local 5include galculator.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/galculator 9noblacklist ${HOME}/.config/galculator
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/galculator 17mkdir ${HOME}/.config/galculator
18whitelist ${HOME}/.config/galculator 18whitelist ${HOME}/.config/galculator
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
index 195dc9302..5aa73b38f 100644
--- a/etc/gcloud.profile
+++ b/etc/gcloud.profile
@@ -1,17 +1,17 @@
1# Firejail profile for gcloud 1# Firejail profile for gcloud
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gcloud.local 4include gcloud.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.boto 8noblacklist ${HOME}/.boto
9noblacklist ${HOME}/.config/gcloud 9noblacklist ${HOME}/.config/gcloud
10noblacklist /var/run/docker.sock 10noblacklist /var/run/docker.sock
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16apparmor 16apparmor
17caps.drop all 17caps.drop all
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/geany.profile b/etc/geany.profile
index d69bca1ad..a236ea2c5 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -2,15 +2,15 @@
2# Description: Fast and lightweight IDE 2# Description: Fast and lightweight IDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geany.local 5include geany.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/geany 9noblacklist ${HOME}/.config/geany
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/geary.profile b/etc/geary.profile
index 735206da2..a21eed9f1 100644
--- a/etc/geary.profile
+++ b/etc/geary.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight email client designed for the GNOME desktop 2# Description: Lightweight email client designed for the GNOME desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geary.local 5include geary.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Users have Geary set to open a browser by clicking a link in an email 9# Users have Geary set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
@@ -20,7 +20,7 @@ whitelist ${HOME}/.gnupg
20whitelist ${HOME}/.config/geary 20whitelist ${HOME}/.config/geary
21whitelist ${HOME}/.local/share/geary 21whitelist ${HOME}/.local/share/geary
22 22
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25ignore nodbus 25ignore nodbus
26ignore private-tmp 26ignore private-tmp
@@ -29,4 +29,4 @@ read-only ${HOME}/.config/mimeapps.list
29 29
30# allow browsers 30# allow browsers
31# Redirect 31# Redirect
32include /etc/firejail/firefox.profile 32include firefox.profile
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 1a4d9634a..d537f1294 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -2,21 +2,21 @@
2# Description: Official text editor of the GNOME desktop environment 2# Description: Official text editor of the GNOME desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gedit.local 5include gedit.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/enchant 9noblacklist ${HOME}/.config/enchant
10noblacklist ${HOME}/.config/gedit 10noblacklist ${HOME}/.config/gedit
11noblacklist ${HOME}/.gitconfig 11noblacklist ${HOME}/.gitconfig
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14# include /etc/firejail/disable-devel.inc 14# include disable-devel.inc
15# include /etc/firejail/disable-interpreters.inc 15# include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/geeqie.profile b/etc/geeqie.profile
index 3fbe245d6..a7d82b5fb 100644
--- a/etc/geeqie.profile
+++ b/etc/geeqie.profile
@@ -2,19 +2,19 @@
2# Description: Image viewer using GTK+ 2# Description: Image viewer using GTK+
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/geeqie.local 5include geeqie.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/geeqie 9noblacklist ${HOME}/.cache/geeqie
10noblacklist ${HOME}/.config/geeqie 10noblacklist ${HOME}/.config/geeqie
11noblacklist ${HOME}/.local/share/geeqie 11noblacklist ${HOME}/.local/share/geeqie
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/ghb.profile b/etc/ghb.profile
index de6244a32..1cb09ddde 100644
--- a/etc/ghb.profile
+++ b/etc/ghb.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/handbrake.profile 6include handbrake.profile
diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile
index a4e04af20..d42307710 100644
--- a/etc/gimp-2.10.profile
+++ b/etc/gimp-2.10.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gimp.profile 6include gimp.profile
diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile
index a4e04af20..d42307710 100644
--- a/etc/gimp-2.8.profile
+++ b/etc/gimp-2.8.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/gimp.profile 6include gimp.profile
diff --git a/etc/gimp.profile b/etc/gimp.profile
index fa27d2cea..9b14b1fe8 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -2,21 +2,21 @@
2# Description: GNU Image Manipulation Program 2# Description: GNU Image Manipulation Program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gimp.local 5include gimp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.gimp* 10noblacklist ${HOME}/.gimp*
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12noblacklist ${PICTURES} 12noblacklist ${PICTURES}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21apparmor 21apparmor
22caps.drop all 22caps.drop all
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31protocol unix 32protocol unix
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/git.profile b/etc/git.profile
index 9c8d22fd3..7d4392c80 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/git.local 6include git.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -17,9 +17,9 @@ noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.vim 17noblacklist ${HOME}/.vim
18noblacklist ${HOME}/.viminfo 18noblacklist ${HOME}/.viminfo
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 87d8c0a1f..f6d78cc54 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -2,21 +2,21 @@
2# Description: Git repository viewer 2# Description: Git repository viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gitg.local 5include gitg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.gitconfig 9noblacklist ${HOME}/.gitconfig
10noblacklist ${HOME}/.local/share/gitg 10noblacklist ${HOME}/.local/share/gitg
11noblacklist ${HOME}/.ssh 11noblacklist ${HOME}/.ssh
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22no3d 22no3d
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/gitter.profile b/etc/gitter.profile
index b5bedb66d..d8439fa79 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -1,23 +1,23 @@
1# Firejail profile for gitter 1# Firejail profile for gitter
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gitter.local 4include gitter.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/autostart 8noblacklist ${HOME}/.config/autostart
9noblacklist ${HOME}/.config/Gitter 9noblacklist ${HOME}/.config/Gitter
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/autostart 18whitelist ${HOME}/.config/autostart
19whitelist ${HOME}/.config/Gitter 19whitelist ${HOME}/.config/Gitter
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23machine-id 23machine-id
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/gjs.profile b/etc/gjs.profile
index a603ad695..9c7aa5700 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -2,9 +2,9 @@
2# Description: Mozilla-based javascript bindings for the GNOME platform 2# Description: Mozilla-based javascript bindings for the GNOME platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gjs.local 5include gjs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.cache/org.gnome.Books
13noblacklist ${HOME}/.config/libreoffice 13noblacklist ${HOME}/.config/libreoffice
14noblacklist ${HOME}/.local/share/gnome-photos 14noblacklist ${HOME}/.local/share/gnome-photos
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
index e414abf8c..c007fb0cc 100644
--- a/etc/globaltime.profile
+++ b/etc/globaltime.profile
@@ -1,18 +1,18 @@
1# Firejail profile for globaltime 1# Firejail profile for globaltime
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/globaltime.local 4include globaltime.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/globaltime 8noblacklist ${HOME}/.config/globaltime
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile
index 62b67b942..ce83fbb66 100644
--- a/etc/gnome-2048.profile
+++ b/etc/gnome-2048.profile
@@ -2,23 +2,23 @@
2# Description: Sliding tile puzzle game 2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-2048.local 5include gnome-2048.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-2048 9noblacklist ${HOME}/.local/share/gnome-2048
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19mkdir ${HOME}/.local/share/gnome-2048 19mkdir ${HOME}/.local/share/gnome-2048
20whitelist ${HOME}/.local/share/gnome-2048 20whitelist ${HOME}/.local/share/gnome-2048
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -26,6 +26,7 @@ nodvd
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
index 6fc2671d8..c748cf7e3 100644
--- a/etc/gnome-books.profile
+++ b/etc/gnome-books.profile
@@ -1,23 +1,23 @@
1# Firejail profile for gnome-books 1# Firejail profile for gnome-books
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gnome-books.local 4include gnome-books.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 8# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
9 9
10noblacklist ${HOME}/.cache/org.gnome.Books 10noblacklist ${HOME}/.cache/org.gnome.Books
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index 3b7e3d53a..dffe16263 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -2,14 +2,14 @@
2# Description: IDE for GNOME 2# Description: IDE for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-builder.local 5include gnome-builder.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15ipc-namespace 15ipc-namespace
@@ -19,6 +19,7 @@ nogroups
19nonewprivs 19nonewprivs
20noroot 20noroot
21notv 21notv
22nou2f
22novideo 23novideo
23protocol unix,inet,inet6 24protocol unix,inet,inet6
24seccomp 25seccomp
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 315564ee5..7974211c7 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/gnome-calculator.local 6include gnome-calculator.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20# apparmor - makes settings immutable 20# apparmor - makes settings immutable
21caps.drop all 21caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index 74194cb33..fbd8c22c0 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -2,20 +2,20 @@
2# Description: Simple chess game 2# Description: Simple chess game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-chess.local 5include gnome-chess.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-chess 9noblacklist ${HOME}/.local/share/gnome-chess
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21no3d 21no3d
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index a914c302f..54356a1b7 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -2,19 +2,19 @@
2# Description: Simple GNOME app with stopwatch, timer, and world clock support 2# Description: Simple GNOME app with stopwatch, timer, and world clock support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-clocks.local 5include gnome-clocks.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nogroups
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile
index 91593c89b..2a13b3b27 100644
--- a/etc/gnome-contacts.profile
+++ b/etc/gnome-contacts.profile
@@ -2,21 +2,21 @@
2# Description: Contacts manager for GNOME 2# Description: Contacts manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-contacts.local 5include gnome-contacts.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
index 44886d562..36b69ce90 100644
--- a/etc/gnome-documents.profile
+++ b/etc/gnome-documents.profile
@@ -2,21 +2,21 @@
2# Description: Document manager for GNOME 2# Description: Document manager for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-documents.local 5include gnome-documents.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.config/libreoffice 11noblacklist ${HOME}/.config/libreoffice
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile
index e11d6eb5d..c616b7381 100644
--- a/etc/gnome-font-viewer.profile
+++ b/etc/gnome-font-viewer.profile
@@ -2,19 +2,19 @@
2# Description: Font viewer for GNOME 2# Description: Font viewer for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-font-viewer.local 5include gnome-font-viewer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index edb895794..f89684219 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -2,19 +2,19 @@
2# Description: Viewer for the systemd journal 2# Description: Viewer for the systemd journal
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-logs.local 5include gnome-logs.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16whitelist /var/log/journal 16whitelist /var/log/journal
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
index f8ff61d84..d27d90d29 100644
--- a/etc/gnome-maps.profile
+++ b/etc/gnome-maps.profile
@@ -2,22 +2,22 @@
2# Description: Map application for GNOME 2# Description: Map application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-maps.local 5include gnome-maps.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.cache/champlain 11noblacklist ${HOME}/.cache/champlain
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 9ba4969e5..3dd623ea9 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -2,25 +2,26 @@
2# Description: GTK/Gnome interface around MPlayer 2# Description: GTK/Gnome interface around MPlayer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-mplayer.local 5include gnome-mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-mplayer 9noblacklist ${HOME}/.config/gnome-mplayer
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21nogroups 21nogroups
22nonewprivs 22nonewprivs
23noroot 23noroot
24nou2f
24protocol unix,inet,inet6 25protocol unix,inet,inet6
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile
index 84a70c4c5..ffb04add1 100644
--- a/etc/gnome-mpv.profile
+++ b/etc/gnome-mpv.profile
@@ -2,28 +2,29 @@
2# Description: Simple GTK+ frontend for mpv 2# Description: Simple GTK+ frontend for mpv
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-mpv.local 5include gnome-mpv.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gnome-mpv 9noblacklist ${HOME}/.config/gnome-mpv
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23nodbus 23nodbus
24nogroups 24nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27nou2f
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index 819c40c98..54e055358 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -2,9 +2,9 @@
2# Description: GNOME music player 2# Description: GNOME music player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-music.local 5include gnome-music.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-music 9noblacklist ${HOME}/.local/share/gnome-music
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index 5a3ac53d8..2e3356607 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -2,21 +2,21 @@
2# Description: Access, organize and share your photos with GNOME 2# Description: Access, organize and share your photos with GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-photos.local 5include gnome-photos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.local/share/gnome-photos 11noblacklist ${HOME}/.local/share/gnome-photos
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29protocol unix 30protocol unix
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile
new file mode 100644
index 000000000..cef741eb3
--- /dev/null
+++ b/etc/gnome-pie.profile
@@ -0,0 +1,43 @@
1# Firejail profile for gnome-pie
2# Description: Alternative AppMenu
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-pie.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/gnome-pie
10
11#include disable-common.inc
12include disable-devel.inc
13#include disable-interpreters.inc
14include disable-passwdmgr.inc
15#include disable-programs.inc
16
17caps.drop all
18ipc-namespace
19machine-id
20net none
21no3d
22nodvd
23nogroups
24nonewprivs
25noroot
26nosound
27notv
28nou2f
29novideo
30protocol unix
31seccomp
32shell none
33
34disable-mnt
35private-cache
36private-dev
37private-etc fonts
38private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
39private-tmp
40
41memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index ed6d341eb..761c604ff 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -2,23 +2,23 @@
2# Description: Recipe application for GNOME 2# Description: Recipe application for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-recipes.local 5include gnome-recipes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.local/share/gnome-recipes 10noblacklist ${HOME}/.local/share/gnome-recipes
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/gnome-recipes 18mkdir ${HOME}/.cache/gnome-recipes
19whitelist ${HOME}/.cache/gnome-recipes 19whitelist ${HOME}/.cache/gnome-recipes
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile
index cbc79320e..f660df690 100644
--- a/etc/gnome-ring.profile
+++ b/etc/gnome-ring.profile
@@ -1,19 +1,19 @@
1# Firejail profile for gnome-ring 1# Firejail profile for gnome-ring
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gnome-ring.local 4include gnome-ring.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/gnome-ring 8noblacklist ${HOME}/.local/share/gnome-ring
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile
index e670ba22f..4b54d9627 100644
--- a/etc/gnome-twitch.profile
+++ b/etc/gnome-twitch.profile
@@ -2,24 +2,24 @@
2# Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash 2# Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-twitch.local 5include gnome-twitch.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gnome-twitch 9noblacklist ${HOME}/.cache/gnome-twitch
10noblacklist ${HOME}/.local/share/gnome-twitch 10noblacklist ${HOME}/.local/share/gnome-twitch
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/gnome-twitch 18mkdir ${HOME}/.cache/gnome-twitch
19mkdir ${HOME}/.local/share/gnome-twitch 19mkdir ${HOME}/.local/share/gnome-twitch
20whitelist ${HOME}/.cache/gnome-twitch 20whitelist ${HOME}/.cache/gnome-twitch
21whitelist ${HOME}/.local/share/gnome-twitch 21whitelist ${HOME}/.local/share/gnome-twitch
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25nodvd 25nodvd
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
index 4d28278b1..6b5f5480d 100644
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@@ -2,22 +2,22 @@
2# Description: Access current conditions and forecasts 2# Description: Access current conditions and forecasts
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gnome-weather.local 5include gnome-weather.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them 9# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
10 10
11noblacklist ${HOME}/.cache/libgweather 11noblacklist ${HOME}/.cache/libgweather
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/goobox.profile b/etc/goobox.profile
index ba949f1c9..3cc159eb2 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -2,18 +2,18 @@
2# Description: CD player and ripper with GNOME 3 integration 2# Description: CD player and ripper with GNOME 3 integration
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/goobox.local 5include goobox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -22,6 +22,7 @@ nogroups
22nonewprivs 22nonewprivs
23noroot 23noroot
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix,inet,inet6 27protocol unix,inet,inet6
27seccomp 28seccomp
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index ab16558ea..73101f509 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome-beta 1# Firejail profile for google-chrome-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome-beta.local 4include google-chrome-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-beta 8noblacklist ${HOME}/.cache/google-chrome-beta
9noblacklist ${HOME}/.config/google-chrome-beta 9noblacklist ${HOME}/.config/google-chrome-beta
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-beta
14whitelist ${HOME}/.config/google-chrome-beta 14whitelist ${HOME}/.config/google-chrome-beta
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile
index 6ade19021..55868e0b7 100644
--- a/etc/google-chrome-stable.profile
+++ b/etc/google-chrome-stable.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/google-chrome.profile 6include google-chrome.profile
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index b7d0eccf3..50e9923aa 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome-unstable 1# Firejail profile for google-chrome-unstable
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome-unstable.local 4include google-chrome-unstable.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome-unstable 8noblacklist ${HOME}/.cache/google-chrome-unstable
9noblacklist ${HOME}/.config/google-chrome-unstable 9noblacklist ${HOME}/.config/google-chrome-unstable
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-unstable
14whitelist ${HOME}/.config/google-chrome-unstable 14whitelist ${HOME}/.config/google-chrome-unstable
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 6e44190ae..c69e98271 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-chrome 1# Firejail profile for google-chrome
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-chrome.local 4include google-chrome.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/google-chrome 8noblacklist ${HOME}/.cache/google-chrome
9noblacklist ${HOME}/.config/google-chrome 9noblacklist ${HOME}/.config/google-chrome
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome
14whitelist ${HOME}/.config/google-chrome 14whitelist ${HOME}/.config/google-chrome
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/google-earth.profile b/etc/google-earth.profile
index bafa716d1..6e5f99745 100644
--- a/etc/google-earth.profile
+++ b/etc/google-earth.profile
@@ -1,9 +1,9 @@
1# Firejail profile for google-earth 1# Firejail profile for google-earth
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-earth.local 4include google-earth.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Google 8noblacklist ${HOME}/.config/Google
9noblacklist ${HOME}/.googleearth/Cache/ 9noblacklist ${HOME}/.googleearth/Cache/
@@ -11,11 +11,11 @@ noblacklist ${HOME}/.googleearth/Temp/
11noblacklist ${HOME}/.googleearth/myplaces.backup.kml 11noblacklist ${HOME}/.googleearth/myplaces.backup.kml
12noblacklist ${HOME}/.googleearth/myplaces.kml 12noblacklist ${HOME}/.googleearth/myplaces.kml
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.config/Google 20mkdir ${HOME}/.config/Google
21mkdir ${HOME}/.googleearth/Cache/ 21mkdir ${HOME}/.googleearth/Cache/
@@ -27,7 +27,7 @@ whitelist ${HOME}/.googleearth/Cache/
27whitelist ${HOME}/.googleearth/Temp/ 27whitelist ${HOME}/.googleearth/Temp/
28whitelist ${HOME}/.googleearth/myplaces.backup.kml 28whitelist ${HOME}/.googleearth/myplaces.backup.kml
29whitelist ${HOME}/.googleearth/myplaces.kml 29whitelist ${HOME}/.googleearth/myplaces.kml
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
33ipc-namespace 33ipc-namespace
@@ -37,6 +37,7 @@ nogroups
37nonewprivs 37nonewprivs
38noroot 38noroot
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index 7a19cc676..4932c9e42 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -1,22 +1,22 @@
1# Firejail profile for google-play-music-desktop-player 1# Firejail profile for google-play-music-desktop-player
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/google-play-music-desktop-player.local 4include google-play-music-desktop-player.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Google Play Music Desktop Player 8noblacklist ${HOME}/.config/Google Play Music Desktop Player
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16# whitelist ${HOME}/.config/pulse 16# whitelist ${HOME}/.config/pulse
17# whitelist ${HOME}/.pulse 17# whitelist ${HOME}/.pulse
18whitelist ${HOME}/.config/Google Play Music Desktop Player 18whitelist ${HOME}/.config/Google Play Music Desktop Player
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/gpa.profile b/etc/gpa.profile
index c890beb2e..ce7c8496d 100644
--- a/etc/gpa.profile
+++ b/etc/gpa.profile
@@ -2,17 +2,17 @@
2# Description: GNU Privacy Assistant (GPA) 2# Description: GNU Privacy Assistant (GPA)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpa.local 5include gpa.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix,inet,inet6 27protocol unix,inet,inet6
27seccomp 28seccomp
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 0cc17b366..7181837d5 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -2,19 +2,19 @@
2# Description: GNU privacy guard - cryptographic agent 2# Description: GNU privacy guard - cryptographic agent
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpg-agent.local 5include gpg-agent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 259a95807..e920b9072 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -2,19 +2,19 @@
2# Description: GNU Privacy Guard -- minimalist public key operations 2# Description: GNU Privacy Guard -- minimalist public key operations
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpg.local 5include gpg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 04aecc782..d3e1123f3 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight image viewer 2# Description: Lightweight image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpicview.local 5include gpicview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gpicview 9noblacklist ${HOME}/.config/gpicview
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index ea60e7287..76a10f697 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -2,20 +2,20 @@
2# Description: Satellite tracking program 2# Description: Satellite tracking program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gpredict.local 5include gpredict.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Gpredict 9noblacklist ${HOME}/.config/Gpredict
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${HOME}/.config/Gpredict 17whitelist ${HOME}/.config/Gpredict
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/gradio.profile b/etc/gradio.profile
index bba92a0bc..e7f415090 100644
--- a/etc/gradio.profile
+++ b/etc/gradio.profile
@@ -1,25 +1,25 @@
1# Firejail profile for gradio 1# Firejail profile for gradio
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gradio.local 4include gradio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/gradio 8noblacklist ${HOME}/.cache/gradio
9noblacklist ${HOME}/.local/share/gradio 9noblacklist ${HOME}/.local/share/gradio
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/gradio 17mkdir ${HOME}/.cache/gradio
18mkdir ${HOME}/.local/share/gradio 18mkdir ${HOME}/.local/share/gradio
19whitelist ${HOME}/.cache/gradio 19whitelist ${HOME}/.cache/gradio
20whitelist ${HOME}/.local/share/gradio 20whitelist ${HOME}/.local/share/gradio
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/gtar.profile b/etc/gtar.profile
index d4bf18f95..12acb8356 100644
--- a/etc/gtar.profile
+++ b/etc/gtar.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/tar.profile 6include tar.profile
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index 6c4de8bf0..77de59802 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -2,19 +2,19 @@
2# Description: Image viewer and browser 2# Description: Image viewer and browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gthumb.local 5include gthumb.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/gthumb 9noblacklist ${HOME}/.config/gthumb
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile
index 775c79521..22457c547 100644
--- a/etc/guayadeque.profile
+++ b/etc/guayadeque.profile
@@ -1,19 +1,19 @@
1# Firejail profile for guayadeque 1# Firejail profile for guayadeque
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/guayadeque.local 4include guayadeque.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.guayadeque 8noblacklist ${HOME}/.guayadeque
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6,netlink 26protocol unix,inet,inet6,netlink
26seccomp 27seccomp
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 88e441b14..13db746f8 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -2,17 +2,17 @@
2# Description: Unicode character picker and font browser 2# Description: Unicode character picker and font browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gucharmap.local 5include gucharmap.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/gunzip.profile b/etc/gunzip.profile
index 8ea523df7..fe35f8fe7 100644
--- a/etc/gunzip.profile
+++ b/etc/gunzip.profile
@@ -1,9 +1,9 @@
1# Firejail profile for gunzip 1# Firejail profile for gunzip
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/gunzip.local 4include gunzip.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Redirect 8# Redirect
9include /etc/firejail/gzip.profile 9include gzip.profile
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index cf9b27e0f..8723b0135 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -2,9 +2,9 @@
2# Description: Image viewer 2# Description: Image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/gwenview.local 5include gwenview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/GIMP 9noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.config/gwenviewrc 10noblacklist ${HOME}/.config/gwenviewrc
@@ -17,13 +17,13 @@ noblacklist ${HOME}/.kde4/share/config/gwenviewrc
17noblacklist ${HOME}/.local/share/gwenview 17noblacklist ${HOME}/.local/share/gwenview
18noblacklist ${HOME}/.local/share/org.kde.gwenview 18noblacklist ${HOME}/.local/share/org.kde.gwenview
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28apparmor 28apparmor
29caps.drop all 29caps.drop all
@@ -34,6 +34,7 @@ nogroups
34nonewprivs 34nonewprivs
35noroot 35noroot
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix 39protocol unix
39seccomp 40seccomp
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 9157d398a..16ca6b94d 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/gzip.local 6include gzip.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -17,10 +17,11 @@ nodbus
17nodvd 17nodvd
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21shell none 22shell none
22tracelog 23tracelog
23 24
24private-dev 25private-dev
25 26
26include /etc/firejail/default.profile 27include default.profile
diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile
index de6244a32..1cb09ddde 100644
--- a/etc/handbrake-gtk.profile
+++ b/etc/handbrake-gtk.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/handbrake.profile 6include handbrake.profile
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index 32da097ce..a98f80bc7 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -2,22 +2,22 @@
2# Description: Versatile DVD ripper and video transcoder (GTK+ GUI) 2# Description: Versatile DVD ripper and video transcoder (GTK+ GUI)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/handbrake.local 5include handbrake.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ghb 9noblacklist ${HOME}/.config/ghb
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -26,6 +26,7 @@ nodbus
26nogroups 26nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index 8bc861dde..bf4836c45 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -3,20 +3,20 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/hashcat.local 6include hashcat.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.hashcat 10noblacklist ${HOME}/.hashcat
11noblacklist /usr/include 11noblacklist /usr/include
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 542771639..4dfb40890 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -2,21 +2,21 @@
2# Description: Funny turn-based artillery game, featuring fighting hedgehogs 2# Description: Funny turn-based artillery game, featuring fighting hedgehogs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hedgewars.local 5include hedgewars.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.hedgewars 9noblacklist ${HOME}/.hedgewars
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.hedgewars 17mkdir ${HOME}/.hedgewars
18whitelist ${HOME}/.hedgewars 18whitelist ${HOME}/.hedgewars
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28seccomp 29seccomp
29tracelog 30tracelog
30 31
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index a2c163e6a..783f91e82 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -2,9 +2,9 @@
2# Description: IRC client for X based on X-Chat 2 2# Description: IRC client for X based on X-Chat 2
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hexchat.local 5include hexchat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/hexchat 9noblacklist ${HOME}/.config/hexchat
10noblacklist /usr/share/perl* 10noblacklist /usr/share/perl*
@@ -15,16 +15,16 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.config/hexchat 24mkdir ${HOME}/.config/hexchat
25whitelist ${HOME}/.config/hexchat 25whitelist ${HOME}/.config/hexchat
26include /etc/firejail/whitelist-common.inc 26include whitelist-common.inc
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30machine-id 30machine-id
@@ -36,6 +36,7 @@ nonewprivs
36noroot 36noroot
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix,inet,inet6 41protocol unix,inet,inet6
41seccomp 42seccomp
diff --git a/etc/highlight.profile b/etc/highlight.profile
index d313f2769..ae2cce0b4 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -2,17 +2,17 @@
2# Description: Universal source code to formatted text converter 2# Description: Universal source code to formatted text converter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/highlight.local 5include highlight.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/hugin.profile b/etc/hugin.profile
index 35505c698..1e235f381 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -2,20 +2,20 @@
2# Description: Panorama photo stitcher 2# Description: Panorama photo stitcher
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/hugin.local 5include hugin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.hugin 9noblacklist ${HOME}/.hugin
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21net none 21net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/i3.profile b/etc/i3.profile
index efbc1f6e7..c1ca0e413 100644
--- a/etc/i3.profile
+++ b/etc/i3.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/i3.local 5include i3.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in awesome will run in this profile 9# all applications started in awesome will run in this profile
10noblacklist ${HOME}/.config/i3 10noblacklist ${HOME}/.config/i3
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 42e762c21..660343a29 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,9 +1,9 @@
1# Firejail profile for icecat 1# Firejail profile for icecat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/icecat.local 4include icecat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.mozilla 9noblacklist ${HOME}/.mozilla
@@ -17,4 +17,4 @@ whitelist ${HOME}/.mozilla
17#private-etc icecat 17#private-etc icecat
18 18
19# Redirect 19# Redirect
20include /etc/firejail/firefox-common.profile 20include firefox-common.profile
diff --git a/etc/icedove.profile b/etc/icedove.profile
index 80cff3878..a66309bf1 100644
--- a/etc/icedove.profile
+++ b/etc/icedove.profile
@@ -1,9 +1,9 @@
1# Firejail profile for icedove 1# Firejail profile for icedove
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/icedove.local 4include icedove.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Users have icedove set to open a browser by clicking a link in an email 8# Users have icedove set to open a browser by clicking a link in an email
9# We are not allowed to blacklist browser-specific directories 9# We are not allowed to blacklist browser-specific directories
@@ -18,10 +18,10 @@ mkdir ${HOME}/.icedove
18whitelist ${HOME}/.cache/icedove 18whitelist ${HOME}/.cache/icedove
19whitelist ${HOME}/.gnupg 19whitelist ${HOME}/.gnupg
20whitelist ${HOME}/.icedove 20whitelist ${HOME}/.icedove
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23ignore private-tmp 23ignore private-tmp
24 24
25# allow browsers 25# allow browsers
26# Redirect 26# Redirect
27include /etc/firejail/firefox.profile 27include firefox.profile
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile
index 51f15aa1b..24a2f4cc3 100644
--- a/etc/iceweasel.profile
+++ b/etc/iceweasel.profile
@@ -1,12 +1,12 @@
1# Firejail profile for iceweasel 1# Firejail profile for iceweasel
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/iceweasel.local 4include iceweasel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# private-etc must first be enabled in firefox-common.profile 8# private-etc must first be enabled in firefox-common.profile
9#private-etc iceweasel 9#private-etc iceweasel
10 10
11# Redirect 11# Redirect
12include /etc/firejail/firefox.profile 12include firefox.profile
diff --git a/etc/idea.profile b/etc/idea.profile
index 623d71734..d56dceb71 100644
--- a/etc/idea.profile
+++ b/etc/idea.profile
@@ -1,10 +1,10 @@
1# Firejail profile for idea 1# Firejail profile for idea
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/idea.local 4include idea.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/idea.sh.profile 10include idea.sh.profile
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile
index 06328ccbf..bbacef764 100644
--- a/etc/idea.sh.profile
+++ b/etc/idea.sh.profile
@@ -1,9 +1,9 @@
1# Firejail profile for idea.sh 1# Firejail profile for idea.sh
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/idea.sh.local 4include idea.sh.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.IdeaIC* 8noblacklist ${HOME}/.IdeaIC*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -16,9 +16,9 @@ noblacklist ${HOME}/.local/share/JetBrains
16noblacklist ${HOME}/.ssh 16noblacklist ${HOME}/.ssh
17noblacklist ${HOME}/.tooling 17noblacklist ${HOME}/.tooling
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
index f7a69fa94..b960b08e5 100644
--- a/etc/ideaIC.profile
+++ b/etc/ideaIC.profile
@@ -1,10 +1,10 @@
1# Firejail profile for ideaIC 1# Firejail profile for ideaIC
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ideaIC.local 4include ideaIC.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/idea.sh.profile 10include idea.sh.profile
diff --git a/etc/imagej.profile b/etc/imagej.profile
index 4de064390..9ff0f9203 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -2,9 +2,9 @@
2# Description: Image processing program with a focus on microscopy images 2# Description: Image processing program with a focus on microscopy images
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/imagej.local 5include imagej.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.imagej 9noblacklist ${HOME}/.imagej
10 10
@@ -14,11 +14,11 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index c9ee18f80..6f860a3d4 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -1,19 +1,19 @@
1# Firejail profile for img2txt 1# Firejail profile for img2txt
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/img2txt.local 4include img2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 56fdfd081..a13f5c378 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -2,9 +2,9 @@
2# Description: Vector-based drawing program 2# Description: Vector-based drawing program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/inkscape.local 5include inkscape.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/inkscape 9noblacklist ${HOME}/.cache/inkscape
10noblacklist ${HOME}/.config/inkscape 10noblacklist ${HOME}/.config/inkscape
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.inkscape
12noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
13noblacklist ${PICTURES} 13noblacklist ${PICTURES}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/inox.profile b/etc/inox.profile
index 652761c54..1b3db73b4 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for inox 1# Firejail profile for inox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/inox.local 4include inox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/inox 8noblacklist ${HOME}/.cache/inox
9noblacklist ${HOME}/.config/inox 9noblacklist ${HOME}/.config/inox
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/inox
14whitelist ${HOME}/.config/inox 14whitelist ${HOME}/.config/inox
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile
index 1baa07cb7..0a6418d5c 100644
--- a/etc/iridium-browser.profile
+++ b/etc/iridium-browser.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/iridium.profile 6include iridium.profile
diff --git a/etc/iridium.profile b/etc/iridium.profile
index 2869c3070..ebb39b0a3 100644
--- a/etc/iridium.profile
+++ b/etc/iridium.profile
@@ -1,9 +1,9 @@
1# Firejail profile for iridium 1# Firejail profile for iridium
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/iridium.local 4include iridium.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/iridium 8noblacklist ${HOME}/.cache/iridium
9noblacklist ${HOME}/.config/iridium 9noblacklist ${HOME}/.config/iridium
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/iridium
14whitelist ${HOME}/.config/iridium 14whitelist ${HOME}/.config/iridium
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/itch.profile b/etc/itch.profile
index 2ad669952..c0b4fe6ce 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -1,24 +1,24 @@
1# Firejail profile for itch 1# Firejail profile for itch
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/itch.local 4include itch.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# itch.io has native firejail/sandboxing support bundled in 8# itch.io has native firejail/sandboxing support bundled in
9# See https://itch.io/docs/itch/using/sandbox/linux.html 9# See https://itch.io/docs/itch/using/sandbox/linux.html
10 10
11noblacklist ${HOME}/.config/itch 11noblacklist ${HOME}/.config/itch
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.config/itch 19mkdir ${HOME}/.config/itch
20whitelist ${HOME}/.config/itch 20whitelist ${HOME}/.config/itch
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 3a280dab7..443e6b550 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -1,9 +1,9 @@
1# Firejail profile for jd-gui 1# Firejail profile for jd-gui
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jd-gui.local 4include jd-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/jd-gui.cfg 8noblacklist ${HOME}/.config/jd-gui.cfg
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
@@ -14,14 +14,14 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27net none 27net none
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile
index dbcc85e8d..037d92338 100644
--- a/etc/jdownloader.profile
+++ b/etc/jdownloader.profile
@@ -1,10 +1,10 @@
1# Firejail profile for jdownloader 1# Firejail profile for jdownloader
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jdownloader.local 4include jdownloader.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/JDownloader.profile 10include JDownloader.profile
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index b3b09f4b1..5a575bb71 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -1,9 +1,9 @@
1# Firejail profile for jitsi 1# Firejail profile for jitsi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/jitsi.local 4include jitsi.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.jitsi 8noblacklist ${HOME}/.jitsi
9 9
@@ -13,11 +13,11 @@ noblacklist /usr/lib/java
13noblacklist /etc/java 13noblacklist /etc/java
14noblacklist /usr/share/java 14noblacklist /usr/share/java
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23nodvd 23nodvd
diff --git a/etc/k3b.profile b/etc/k3b.profile
index 6b4c15560..8c599d0ca 100644
--- a/etc/k3b.profile
+++ b/etc/k3b.profile
@@ -2,23 +2,23 @@
2# Description: Sophisticated CD/DVD burning application 2# Description: Sophisticated CD/DVD burning application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/k3b.local 5include k3b.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/k3brc 9noblacklist ${HOME}/.config/k3brc
10noblacklist ${HOME}/.kde/share/config/k3brc 10noblacklist ${HOME}/.kde/share/config/k3brc
11noblacklist ${HOME}/.kde4/share/config/k3brc 11noblacklist ${HOME}/.kde4/share/config/k3brc
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24no3d 24no3d
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile
index 204c20501..85870da36 100644
--- a/etc/kaffeine.profile
+++ b/etc/kaffeine.profile
@@ -2,9 +2,9 @@
2# Description: Versatile media player for KDE 2# Description: Versatile media player for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kaffeine.local 5include kaffeine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kaffeinerc 9noblacklist ${HOME}/.config/kaffeinerc
10noblacklist ${HOME}/.kde/share/apps/kaffeine 10noblacklist ${HOME}/.kde/share/apps/kaffeine
@@ -15,20 +15,21 @@ noblacklist ${HOME}/.local/share/kaffeine
15noblacklist ${MUSIC} 15noblacklist ${MUSIC}
16noblacklist ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
29nogroups 29nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/karbon.profile b/etc/karbon.profile
index 3525a3e06..e9e3c2a69 100644
--- a/etc/karbon.profile
+++ b/etc/karbon.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/krita.profile 6include krita.profile
diff --git a/etc/kate.profile b/etc/kate.profile
index 8a53a56a8..cce36eacc 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -2,9 +2,9 @@
2# Description: Powerful text editor 2# Description: Powerful text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kate.local 5include kate.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/katemetainfos 9noblacklist ${HOME}/.config/katemetainfos
10noblacklist ${HOME}/.config/katepartrc 10noblacklist ${HOME}/.config/katepartrc
@@ -14,13 +14,13 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc
14noblacklist ${HOME}/.config/katevirc 14noblacklist ${HOME}/.config/katevirc
15noblacklist ${HOME}/.local/share/kate 15noblacklist ${HOME}/.local/share/kate
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18# include /etc/firejail/disable-devel.inc 18# include disable-devel.inc
19# include /etc/firejail/disable-interpreters.inc 19# include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25# apparmor 25# apparmor
26caps.drop all 26caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 20ad8f23a..8baefaa98 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -2,16 +2,16 @@
2# Description: Simple and scientific calculator 2# Description: Simple and scientific calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kcalc.local 5include kcalc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkfile ${HOME}/.config/kcalcrc 16mkfile ${HOME}/.config/kcalcrc
17mkfile ${HOME}/.kde/share/config/kcalcrc 17mkfile ${HOME}/.kde/share/config/kcalcrc
@@ -19,8 +19,8 @@ mkfile ${HOME}/.kde4/share/config/kcalcrc
19whitelist ${HOME}/.config/kcalcrc 19whitelist ${HOME}/.config/kcalcrc
20whitelist ${HOME}/.kde/share/config/kcalcrc 20whitelist ${HOME}/.kde/share/config/kcalcrc
21whitelist ${HOME}/.kde4/share/config/kcalcrc 21whitelist ${HOME}/.kde4/share/config/kcalcrc
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
26caps.drop all 26caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile
index 76de15ccf..cd7c4cae3 100644
--- a/etc/kdeinit4.profile
+++ b/etc/kdeinit4.profile
@@ -1,19 +1,19 @@
1# Firejail profile for kdeinit4 1# Firejail profile for kdeinit4
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/kdeinit4.local 4include kdeinit4.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# use outside KDE Plasma 4 8# use outside KDE Plasma 4
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -22,6 +22,7 @@ nogroups
22nonewprivs 22nonewprivs
23# nosound - disabled for knotify 23# nosound - disabled for knotify
24noroot 24noroot
25nou2f
25novideo 26novideo
26notv 27notv
27protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 4aca10995..2ef44bc7f 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -2,19 +2,19 @@
2# Description: Non-linear video editor 2# Description: Non-linear video editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kdenlive.local 5include kdenlive.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/kdenlive 9noblacklist ${HOME}/.cache/kdenlive
10noblacklist ${HOME}/.config/kdenliverc 10noblacklist ${HOME}/.config/kdenliverc
11noblacklist ${HOME}/.local/share/kdenlive 11noblacklist ${HOME}/.local/share/kdenlive
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28protocol unix,netlink 29protocol unix,netlink
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/keepass.profile b/etc/keepass.profile
index e27248357..788561a14 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -2,9 +2,9 @@
2# Description: An easy-to-use password manager 2# Description: An easy-to-use password manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepass.local 5include keepass.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -15,12 +15,12 @@ noblacklist ${HOME}/.local/share/KeePass
15noblacklist ${HOME}/.local/share/keepass 15noblacklist ${HOME}/.local/share/keepass
16noblacklist ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
diff --git a/etc/keepass2.profile b/etc/keepass2.profile
index d29fc6abc..9e33e08db 100644
--- a/etc/keepass2.profile
+++ b/etc/keepass2.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/keepass.profile 6include keepass.profile
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 94aaa5597..fc9386618 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -2,9 +2,9 @@
2# Description: Cross Platform Password Manager 2# Description: Cross Platform Password Manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepassx.local 5include keepassx.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.config/keepassx
12noblacklist ${HOME}/.keepassx 12noblacklist ${HOME}/.keepassx
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25machine-id 25machine-id
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix 37protocol unix
37seccomp 38seccomp
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index 4e74c2cea..fdd27e9f9 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -3,4 +3,4 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4 4
5# Redirects 5# Redirects
6include /etc/firejail/keepassx.profile 6include keepassx.profile
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index a00d17878..053344cc2 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -2,9 +2,9 @@
2# Description: Cross Platform Password Manager 2# Description: Cross Platform Password Manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/keepassxc.local 5include keepassxc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/*.kdb 9noblacklist ${HOME}/*.kdb
10noblacklist ${HOME}/*.kdbx 10noblacklist ${HOME}/*.kdbx
@@ -14,14 +14,14 @@ noblacklist ${HOME}/.keepassxc
14noblacklist ${HOME}/.mozilla 14noblacklist ${HOME}/.mozilla
15noblacklist ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27machine-id 27machine-id
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix 39protocol unix
39seccomp 40seccomp
diff --git a/etc/kget.profile b/etc/kget.profile
index a32b51626..2ef84a0ee 100644
--- a/etc/kget.profile
+++ b/etc/kget.profile
@@ -2,9 +2,9 @@
2# Description: Download manager 2# Description: Download manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kget.local 5include kget.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kgetrc 9noblacklist ${HOME}/.config/kgetrc
10noblacklist ${HOME}/.kde/share/apps/kget 10noblacklist ${HOME}/.kde/share/apps/kget
@@ -13,13 +13,13 @@ noblacklist ${HOME}/.kde4/share/apps/kget
13noblacklist ${HOME}/.kde4/share/config/kgetrc 13noblacklist ${HOME}/.kde4/share/config/kgetrc
14noblacklist ${HOME}/.local/share/kget 14noblacklist ${HOME}/.local/share/kget
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/kino.profile b/etc/kino.profile
index cda86ddc6..ead42f9ca 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -2,18 +2,18 @@
2# Description: Non-linear editor for Digital Video data 2# Description: Non-linear editor for Digital Video data
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kino.local 5include kino.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kino-history 9noblacklist ${HOME}/.kino-history
10noblacklist ${HOME}/.kinorc 10noblacklist ${HOME}/.kinorc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix 26protocol unix
26seccomp 27seccomp
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 308a981f7..1f8403ef1 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -2,9 +2,9 @@
2# Description: Full featured graphical email client 2# Description: Full featured graphical email client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kmail.local 5include kmail.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# kmail has problems launching akonadi in debian and ubuntu. 9# kmail has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when kmail is started 10# one solution is to have akonadi already running when kmail is started
@@ -29,13 +29,13 @@ noblacklist ${HOME}/.local/share/local-mail
29noblacklist ${HOME}/.local/share/notes 29noblacklist ${HOME}/.local/share/notes
30noblacklist /tmp/akonadi-* 30noblacklist /tmp/akonadi-*
31 31
32include /etc/firejail/disable-common.inc 32include disable-common.inc
33include /etc/firejail/disable-devel.inc 33include disable-devel.inc
34include /etc/firejail/disable-interpreters.inc 34include disable-interpreters.inc
35include /etc/firejail/disable-passwdmgr.inc 35include disable-passwdmgr.inc
36include /etc/firejail/disable-programs.inc 36include disable-programs.inc
37 37
38include /etc/firejail/whitelist-var-common.inc 38include whitelist-var-common.inc
39 39
40# apparmor 40# apparmor
41caps.drop all 41caps.drop all
@@ -46,6 +46,7 @@ nonewprivs
46noroot 46noroot
47nosound 47nosound
48notv 48notv
49nou2f
49novideo 50novideo
50protocol unix,inet,inet6,netlink 51protocol unix,inet,inet6,netlink
51# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls 52# we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls
diff --git a/etc/knotes.profile b/etc/knotes.profile
index 147d2d831..e7ea04873 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -2,9 +2,9 @@
2# Description: Sticky notes application 2# Description: Sticky notes application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/knotes.local 5include knotes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# knotes has problems launching akonadi in debian and ubuntu. 9# knotes has problems launching akonadi in debian and ubuntu.
10# one solution is to have akonadi already running when knotes is started 10# one solution is to have akonadi already running when knotes is started
@@ -14,4 +14,4 @@ noblacklist ${HOME}/.local/share/knotes
14 14
15 15
16# Redirect 16# Redirect
17include /etc/firejail/kmail.profile 17include kmail.profile
diff --git a/etc/kodi.profile b/etc/kodi.profile
index 9dd7770ad..3a161db4c 100644
--- a/etc/kodi.profile
+++ b/etc/kodi.profile
@@ -2,9 +2,9 @@
2# Description: Open Source Home Theatre 2# Description: Open Source Home Theatre
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kodi.local 5include kodi.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kodi 9noblacklist ${HOME}/.kodi
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29apparmor 29apparmor
30caps.drop all 30caps.drop all
@@ -32,6 +32,7 @@ netfilter
32nogroups 32nogroups
33nonewprivs 33nonewprivs
34noroot 34noroot
35nou2f
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/konversation.profile b/etc/konversation.profile
index b66f40600..c679bd61b 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -2,21 +2,21 @@
2# Description: User friendly Internet Relay Chat (IRC) client for KDE 2# Description: User friendly Internet Relay Chat (IRC) client for KDE
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/konversation.local 5include konversation.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/konversationrc 9noblacklist ${HOME}/.config/konversationrc
10noblacklist ${HOME}/.kde/share/config/konversationrc 10noblacklist ${HOME}/.kde/share/config/konversationrc
11noblacklist ${HOME}/.kde4/share/config/konversationrc 11noblacklist ${HOME}/.kde4/share/config/konversationrc
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/kopete.profile b/etc/kopete.profile
index d7829113d..fef415f6e 100644
--- a/etc/kopete.profile
+++ b/etc/kopete.profile
@@ -2,23 +2,23 @@
2# Description: Instant messaging and chat application 2# Description: Instant messaging and chat application
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kopete.local 5include kopete.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.kde/share/apps/kopete 9noblacklist ${HOME}/.kde/share/apps/kopete
10noblacklist ${HOME}/.kde/share/config/kopeterc 10noblacklist ${HOME}/.kde/share/config/kopeterc
11noblacklist ${HOME}/.kde4/share/apps/kopete 11noblacklist ${HOME}/.kde4/share/apps/kopete
12noblacklist ${HOME}/.kde4/share/config/kopeterc 12noblacklist ${HOME}/.kde4/share/config/kopeterc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist /var/lib/winpopup 20whitelist /var/lib/winpopup
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
32writable-var 33writable-var
diff --git a/etc/krita.profile b/etc/krita.profile
index 5a1f3d031..bd02522f6 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -2,9 +2,9 @@
2# Description: Pixel-based image manipulation program 2# Description: Pixel-based image manipulation program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/krita.local 5include krita.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/kritarc 9noblacklist ${HOME}/.config/kritarc
10noblacklist ${HOME}/.local/share/krita 10noblacklist ${HOME}/.local/share/krita
@@ -17,12 +17,12 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27apparmor 27apparmor
28caps.drop all 28caps.drop all
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36nosound 36nosound
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix 40protocol unix
40seccomp 41seccomp
diff --git a/etc/krunner.profile b/etc/krunner.profile
index 0b1b9e5de..c64113c15 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -2,9 +2,9 @@
2# Description: Framework for providing different actions given a string query 2# Description: Framework for providing different actions given a string query
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/krunner.local 5include krunner.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# - programs started in krunner run with this generic profile. 9# - programs started in krunner run with this generic profile.
10# - when a file is opened in krunner, the file viewer runs in its own sandbox 10# - when a file is opened in krunner, the file viewer runs in its own sandbox
@@ -19,13 +19,13 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc
19# noblacklist ${HOME}/.local/share/baloo 19# noblacklist ${HOME}/.local/share/baloo
20# noblacklist ${HOME}/.mozilla 20# noblacklist ${HOME}/.mozilla
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23# include /etc/firejail/disable-devel.inc 23# include disable-devel.inc
24# include /etc/firejail/disable-interpreters.inc 24# include disable-interpreters.inc
25# include /etc/firejail/disable-passwdmgr.inc 25# include disable-passwdmgr.inc
26# include /etc/firejail/disable-programs.inc 26# include disable-programs.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31netfilter 31netfilter
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 14ee3322c..4dc635df7 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client based on the KDE platform 2# Description: BitTorrent client based on the KDE platform
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ktorrent.local 5include ktorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ktorrentrc 9noblacklist ${HOME}/.config/ktorrentrc
10noblacklist ${HOME}/.kde/share/apps/ktorrent 10noblacklist ${HOME}/.kde/share/apps/ktorrent
@@ -13,11 +13,11 @@ noblacklist ${HOME}/.kde4/share/apps/ktorrent
13noblacklist ${HOME}/.kde4/share/config/ktorrentrc 13noblacklist ${HOME}/.kde4/share/config/ktorrentrc
14noblacklist ${HOME}/.local/share/ktorrent 14noblacklist ${HOME}/.local/share/ktorrent
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22mkdir ${HOME}/.kde/share/apps/ktorrent 22mkdir ${HOME}/.kde/share/apps/ktorrent
23mkdir ${HOME}/.kde4/share/apps/ktorrent 23mkdir ${HOME}/.kde4/share/apps/ktorrent
@@ -32,8 +32,8 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc
32whitelist ${HOME}/.kde4/share/apps/ktorrent 32whitelist ${HOME}/.kde4/share/apps/ktorrent
33whitelist ${HOME}/.kde4/share/config/ktorrentrc 33whitelist ${HOME}/.kde4/share/config/ktorrentrc
34whitelist ${HOME}/.local/share/ktorrent 34whitelist ${HOME}/.local/share/ktorrent
35include /etc/firejail/whitelist-common.inc 35include whitelist-common.inc
36include /etc/firejail/whitelist-var-common.inc 36include whitelist-var-common.inc
37 37
38caps.drop all 38caps.drop all
39machine-id 39machine-id
@@ -45,6 +45,7 @@ nonewprivs
45noroot 45noroot
46nosound 46nosound
47notv 47notv
48nou2f
48novideo 49novideo
49protocol unix,inet,inet6,netlink 50protocol unix,inet,inet6,netlink
50seccomp 51seccomp
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index ca7c5042d..4cb489577 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -1,22 +1,22 @@
1# Firejail profile for kwin_x11 1# Firejail profile for kwin_x11
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/kwin_x11.local 4include kwin_x11.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/kwin 8noblacklist ${HOME}/.cache/kwin
9noblacklist ${HOME}/.config/kwinrc 9noblacklist ${HOME}/.config/kwinrc
10noblacklist ${HOME}/.config/kwinrulesrc 10noblacklist ${HOME}/.config/kwinrulesrc
11noblacklist ${HOME}/.local/share/kwin 11noblacklist ${HOME}/.local/share/kwin
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index f080b3ffc..9922cb0b5 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -2,9 +2,9 @@
2# Description: Simple text editor 2# Description: Simple text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/kwrite.local 5include kwrite.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/katepartrc 9noblacklist ${HOME}/.config/katepartrc
10noblacklist ${HOME}/.config/katerc 10noblacklist ${HOME}/.config/katerc
@@ -15,14 +15,14 @@ noblacklist ${HOME}/.config/kwriterc
15noblacklist ${HOME}/.local/share/kwrite 15noblacklist ${HOME}/.local/share/kwrite
16noblacklist ${DOCUMENTS} 16noblacklist ${DOCUMENTS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27apparmor 27apparmor
28caps.drop all 28caps.drop all
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36# nosound - KWrite is using ALSA! 36# nosound - KWrite is using ALSA!
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix 40protocol unix
40seccomp 41seccomp
diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile
new file mode 100644
index 000000000..ec9a8f546
--- /dev/null
+++ b/etc/lbunzip2.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include gzip.profile
diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile
new file mode 100644
index 000000000..ec9a8f546
--- /dev/null
+++ b/etc/lbzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include gzip.profile
diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile
new file mode 100644
index 000000000..ec9a8f546
--- /dev/null
+++ b/etc/lbzip2.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for gzip
2# Description: GNU compression utilities
3# This file is overwritten after every install/update
4
5
6# Redirect
7include gzip.profile
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
index d3335893f..47ea5606a 100644
--- a/etc/leafpad.profile
+++ b/etc/leafpad.profile
@@ -2,19 +2,19 @@
2# Description: GTK+ based simple text editor 2# Description: GTK+ based simple text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/leafpad.local 5include leafpad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/leafpad 9noblacklist ${HOME}/.config/leafpad
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/less.profile b/etc/less.profile
index a08d2c547..466539c6b 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/less.local 6include less.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -17,6 +17,7 @@ nodbus
17nodvd 17nodvd
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21shell none 22shell none
22tracelog 23tracelog
@@ -33,4 +34,4 @@ memory-deny-write-execute
33noexec ${HOME} 34noexec ${HOME}
34noexec /tmp 35noexec /tmp
35 36
36include /etc/firejail/default.profile 37include default.profile
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 905dd22b9..1a3f6cbd1 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -2,9 +2,9 @@
2# Description: Office productivity suite 2# Description: Office productivity suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/libreoffice.local 5include libreoffice.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist /usr/local/sbin 10noblacklist /usr/local/sbin
@@ -17,12 +17,12 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27# Ubuntu 18.04 uses its own apparmor profile 27# Ubuntu 18.04 uses its own apparmor profile
28# uncomment the next line if you are not on Ubuntu 28# uncomment the next line if you are not on Ubuntu
@@ -36,6 +36,7 @@ nogroups
36#nonewprivs - fix for Ubuntu 18.04/Debian 10 36#nonewprivs - fix for Ubuntu 18.04/Debian 10
37noroot 37noroot
38notv 38notv
39nou2f
39#protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10 40#protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10
40#seccomp - fix for Ubuntu 18.04/Debian 10 41#seccomp - fix for Ubuntu 18.04/Debian 10
41shell none 42shell none
diff --git a/etc/liferea.profile b/etc/liferea.profile
index 04c649121..c498541d4 100644
--- a/etc/liferea.profile
+++ b/etc/liferea.profile
@@ -2,9 +2,9 @@
2# Description: Feed/news/podcast client with plugin support 2# Description: Feed/news/podcast client with plugin support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/liferea.local 5include liferea.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/liferea 9noblacklist ${HOME}/.cache/liferea
10noblacklist ${HOME}/.config/liferea 10noblacklist ${HOME}/.config/liferea
@@ -16,11 +16,11 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25mkdir ${HOME}/.cache/liferea 25mkdir ${HOME}/.cache/liferea
26mkdir ${HOME}/.config/liferea 26mkdir ${HOME}/.config/liferea
@@ -28,8 +28,8 @@ mkdir ${HOME}/.local/share/liferea
28whitelist ${HOME}/.cache/liferea 28whitelist ${HOME}/.cache/liferea
29whitelist ${HOME}/.config/liferea 29whitelist ${HOME}/.config/liferea
30whitelist ${HOME}/.local/share/liferea 30whitelist ${HOME}/.local/share/liferea
31include /etc/firejail/whitelist-common.inc 31include whitelist-common.inc
32include /etc/firejail/whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
@@ -40,6 +40,7 @@ nonewprivs
40noroot 40noroot
41# nosound 41# nosound
42notv 42notv
43nou2f
43novideo 44novideo
44protocol unix,inet,inet6 45protocol unix,inet,inet6
45seccomp 46seccomp
diff --git a/etc/linphone.profile b/etc/linphone.profile
index b469b9711..feb4037fb 100644
--- a/etc/linphone.profile
+++ b/etc/linphone.profile
@@ -2,25 +2,25 @@
2# Description: SIP softphone - graphical client 2# Description: SIP softphone - graphical client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/linphone.local 5include linphone.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.linphone-history.db 9noblacklist ${HOME}/.linphone-history.db
10noblacklist ${HOME}/.linphonerc 10noblacklist ${HOME}/.linphonerc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkfile ${HOME}/.linphone-history.db 18mkfile ${HOME}/.linphone-history.db
19mkfile ${HOME}/.linphonerc 19mkfile ${HOME}/.linphonerc
20whitelist ${HOME}/.linphone-history.db 20whitelist ${HOME}/.linphone-history.db
21whitelist ${HOME}/.linphonerc 21whitelist ${HOME}/.linphonerc
22whitelist ${HOME}/Downloads 22whitelist ${HOME}/Downloads
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/lmms.profile b/etc/lmms.profile
index d3ef1b40e..6c81b9172 100644
--- a/etc/lmms.profile
+++ b/etc/lmms.profile
@@ -2,20 +2,20 @@
2# Description: Linux Multimedia Studio 2# Description: Linux Multimedia Studio
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lmms.local 5include lmms.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.lmmsrc.xml 9noblacklist ${HOME}/.lmmsrc.xml
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/lobase.profile b/etc/lobase.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lobase.profile
+++ b/etc/lobase.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/localc.profile b/etc/localc.profile
index c702a4ece..ea0f84631 100644
--- a/etc/localc.profile
+++ b/etc/localc.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lodraw.profile b/etc/lodraw.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lodraw.profile
+++ b/etc/lodraw.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loffice.profile b/etc/loffice.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loffice.profile
+++ b/etc/loffice.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lofromtemplate.profile
+++ b/etc/lofromtemplate.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loimpress.profile b/etc/loimpress.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loimpress.profile
+++ b/etc/loimpress.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index efd40e899..6e53fc62b 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -2,9 +2,9 @@
2# Description: Music player for GNOME 2# Description: Music player for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lollypop.local 5include lollypop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/lollypop 9noblacklist ${HOME}/.local/share/lollypop
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
@@ -15,14 +15,14 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
diff --git a/etc/lomath.profile b/etc/lomath.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lomath.profile
+++ b/etc/lomath.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/loweb.profile b/etc/loweb.profile
index c702a4ece..ea0f84631 100644
--- a/etc/loweb.profile
+++ b/etc/loweb.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/lowriter.profile b/etc/lowriter.profile
index c702a4ece..ea0f84631 100644
--- a/etc/lowriter.profile
+++ b/etc/lowriter.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index a4ccefb6d..38f2ab10c 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -2,19 +2,19 @@
2# Description: Graphical user interface providing a workflow for HDR imaging 2# Description: Graphical user interface providing a workflow for HDR imaging
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/luminance-hdr.local 5include luminance-hdr.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Luminance 9noblacklist ${HOME}/.config/Luminance
10noblacklist ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 4b3c457f6..c275a69c8 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -2,17 +2,17 @@
2# Description: Image viewer for LXQt 2# Description: Image viewer for LXQt
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lximage-qt.local 5include lximage-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/lximage-qt 9noblacklist ${HOME}/.config/lximage-qt
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index 7c3334075..e0c03db50 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -2,22 +2,22 @@
2# Description: LXDE music player 2# Description: LXDE music player
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lxmusic.local 5include lxmusic.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/xmms2 9noblacklist ${HOME}/.cache/xmms2
10noblacklist ${HOME}/.config/xmms2 10noblacklist ${HOME}/.config/xmms2
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/lynx.profile b/etc/lynx.profile
index f5ec44fda..e8d44823b 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -2,18 +2,18 @@
2# Description: Classic non-graphical (text-mode) web browser 2# Description: Classic non-graphical (text-mode) web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/lynx.local 5include lynx.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/lzcat.profile b/etc/lzcat.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzcmp.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzdiff.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzegrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzfgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzip.profile b/etc/lzip.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzip.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzless.profile b/etc/lzless.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzless.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzma.profile b/etc/lzma.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzma.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile
index 7c26620dd..9ba22601b 100644
--- a/etc/lzmadec.profile
+++ b/etc/lzmadec.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/xzdec.profile 7include xzdec.profile
diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzmainfo.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/lzmore.profile b/etc/lzmore.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/lzmore.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index 4107d91ad..170085117 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -1,9 +1,9 @@
1# Firejail profile for macrofusion 1# Firejail profile for macrofusion
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/macrofusion.local 4include macrofusion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mfusion 8noblacklist ${HOME}/.config/mfusion
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
@@ -14,12 +14,12 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24caps.drop all 24caps.drop all
25ipc-namespace 25ipc-namespace
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/makepkg.profile b/etc/makepkg.profile
index ac337b9a1..317a3dd78 100644
--- a/etc/makepkg.profile
+++ b/etc/makepkg.profile
@@ -10,9 +10,9 @@
10 10
11quiet 11quiet
12# Persistent local customizations 12# Persistent local customizations
13include /etc/firejail/makepkg.local 13include makepkg.local
14# Persistent global definitions 14# Persistent global definitions
15include /etc/firejail/globals.local 15include globals.local
16 16
17 17
18# Enable severely restricted access to ${HOME}/.gnupg 18# Enable severely restricted access to ${HOME}/.gnupg
@@ -30,9 +30,9 @@ blacklist ${HOME}/.gnupg/openpgp-revocs.d
30# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} 30# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only}
31noblacklist /var/lib/pacman 31noblacklist /var/lib/pacman
32 32
33include /etc/firejail/disable-common.inc 33include disable-common.inc
34include /etc/firejail/disable-passwdmgr.inc 34include disable-passwdmgr.inc
35include /etc/firejail/disable-programs.inc 35include disable-programs.inc
36 36
37caps.drop all 37caps.drop all
38ipc-namespace 38ipc-namespace
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile
new file mode 100644
index 000000000..e35ddd2a7
--- /dev/null
+++ b/etc/masterpdfeditor.profile
@@ -0,0 +1,50 @@
1# Firejail profile for masterpdfeditor
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include masterpdfeditor.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/Code Industry
10noblacklist ${HOME}/.masterpdfeditor
11
12include disable-common.inc
13include disable-devel.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17
18include whitelist-var-common.inc
19
20caps.drop all
21ipc-namespace
22machine-id
23net none
24no3d
25nodbus
26nodvd
27nogroups
28nonewprivs
29noroot
30nosound
31notv
32nou2f
33novideo
34protocol unix
35seccomp
36shell none
37tracelog
38
39# disable-mnt
40# private
41private-bin masterpdfeditor*
42private-cache
43private-dev
44private-etc fonts
45# private-lib
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile
new file mode 100644
index 000000000..5612fdaa4
--- /dev/null
+++ b/etc/masterpdfeditor4.profile
@@ -0,0 +1,12 @@
1# Firejail profile for masterpdfeditor4
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include masterpdfeditor4.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10
11# Redirect
12include masterpdfeditor.profile
diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile
new file mode 100644
index 000000000..8669ceb11
--- /dev/null
+++ b/etc/masterpdfeditor5.profile
@@ -0,0 +1,12 @@
1# Firejail profile for masterpdfeditor5
2# Description: A complete solution for creating and editing PDF files
3# This file is overwritten after every install/update
4# Persistent local customizations
5include masterpdfeditor5.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10
11# Redirect
12include masterpdfeditor.profile
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile
index 874fcf8cb..e3220076d 100644
--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@@ -2,17 +2,17 @@
2# Description: MATE desktop calculator 2# Description: MATE desktop calculator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mate-calc.local 5include mate-calc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mate-calc 9noblacklist ${HOME}/.config/mate-calc
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${HOME}/.cache/mate-calc 17whitelist ${HOME}/.cache/mate-calc
18whitelist ${HOME}/.config/caja 18whitelist ${HOME}/.config/caja
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile
index 43bb3ebb4..442acf8ff 100644
--- a/etc/mate-calculator.profile
+++ b/etc/mate-calculator.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/mate-calc.profile 6include mate-calc.profile
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile
index c3a3ee446..1ba744d5a 100644
--- a/etc/mate-color-select.profile
+++ b/etc/mate-color-select.profile
@@ -1,16 +1,16 @@
1# Firejail profile for mate-color-select 1# Firejail profile for mate-color-select
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/mate-color-select.local 4include mate-color-select.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15whitelist ${HOME}/.config/gtk-3.0 15whitelist ${HOME}/.config/gtk-3.0
16whitelist ${HOME}/.fonts 16whitelist ${HOME}/.fonts
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index b0bd99519..ba179dfdd 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -1,17 +1,17 @@
1# Firejail profile for mate-dictionary 1# Firejail profile for mate-dictionary
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/mate-dictionary.local 4include mate-dictionary.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mate/mate-dictionary 8noblacklist ${HOME}/.config/mate/mate-dictionary
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16whitelist ${HOME}/.config/mate/mate-dictionary 16whitelist ${HOME}/.config/mate/mate-dictionary
17whitelist ${HOME}/.config/gtk-3.0 17whitelist ${HOME}/.config/gtk-3.0
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/mathematica.profile b/etc/mathematica.profile
index 984ea9e97..5f29181cd 100644
--- a/etc/mathematica.profile
+++ b/etc/mathematica.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/Mathematica.profile 6include Mathematica.profile
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index 0ed8952e5..ea4cb0250 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -2,18 +2,18 @@
2# Description: Small Jabber (XMPP) console client 2# Description: Small Jabber (XMPP) console client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mcabber.local 5include mcabber.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.mcabber 9noblacklist ${HOME}/.mcabber
10noblacklist ${HOME}/.mcabberrc 10noblacklist ${HOME}/.mcabberrc
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol inet,inet6 27protocol inet,inet6
27seccomp 28seccomp
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index 7556098a7..115444e0f 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -2,17 +2,17 @@
2# Description: Command-line utility for reading information from audio/video files 2# Description: Command-line utility for reading information from audio/video files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mediainfo.local 5include mediainfo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile
index e53ced860..06e140990 100644
--- a/etc/mediathekview.profile
+++ b/etc/mediathekview.profile
@@ -2,9 +2,9 @@
2# Description: View streams from German public television stations 2# Description: View streams from German public television stations
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mediathekview.local 5include mediathekview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.config/smplayer 10noblacklist ${HOME}/.config/smplayer
@@ -23,13 +23,13 @@ noblacklist /usr/lib/java
23noblacklist /etc/java 23noblacklist /etc/java
24noblacklist /usr/share/java 24noblacklist /usr/share/java
25 25
26include /etc/firejail/disable-common.inc 26include disable-common.inc
27include /etc/firejail/disable-devel.inc 27include disable-devel.inc
28include /etc/firejail/disable-interpreters.inc 28include disable-interpreters.inc
29include /etc/firejail/disable-passwdmgr.inc 29include disable-passwdmgr.inc
30include /etc/firejail/disable-programs.inc 30include disable-programs.inc
31 31
32include /etc/firejail/whitelist-var-common.inc 32include whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
@@ -38,6 +38,7 @@ nogroups
38nonewprivs 38nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f
41novideo 42novideo
42protocol unix,inet,inet6 43protocol unix,inet,inet6
43seccomp 44seccomp
diff --git a/etc/meld.profile b/etc/meld.profile
index 1a7935800..2b87094fb 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -2,18 +2,18 @@
2# Description: Graphical tool to diff and merge files 2# Description: Graphical tool to diff and merge files
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/meld.local 5include meld.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/meld 9noblacklist ${HOME}/.local/share/meld
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/mencoder.profile b/etc/mencoder.profile
new file mode 100644
index 000000000..136412d11
--- /dev/null
+++ b/etc/mencoder.profile
@@ -0,0 +1,28 @@
1# Firejail profile for mencoder
2# Description: Free command line video decoding, encoding and filtering tool
3# This file is overwritten after every install/update
4# Persistent local customizations
5include mencoder.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10include disable-common.inc
11include disable-devel.inc
12include disable-interpreters.inc
13include disable-passwdmgr.inc
14include disable-programs.inc
15
16net none
17no3d
18nodbus
19nosound
20notv
21nou2f
22protocol unix
23seccomp
24shell none
25
26private-bin mencoder
27
28include mplayer.profile
diff --git a/etc/midori.profile b/etc/midori.profile
index 7c56910a7..6a69f2282 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -2,9 +2,9 @@
2# Description: Lightweight web browser 2# Description: Lightweight web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/midori.local 5include midori.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/midori 9noblacklist ${HOME}/.config/midori
10noblacklist ${HOME}/.local/share/midori 10noblacklist ${HOME}/.local/share/midori
@@ -12,10 +12,10 @@ noblacklist ${HOME}/.local/share/midori
12# noblacklist ${HOME}/.local/share/webkitgtk 12# noblacklist ${HOME}/.local/share/webkitgtk
13noblacklist ${HOME}/.pki 13noblacklist ${HOME}/.pki
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/midori 20mkdir ${HOME}/.cache/midori
21mkdir ${HOME}/.config/midori 21mkdir ${HOME}/.config/midori
@@ -33,7 +33,7 @@ whitelist ${HOME}/.local/share/midori
33whitelist ${HOME}/.local/share/webkit 33whitelist ${HOME}/.local/share/webkit
34whitelist ${HOME}/.local/share/webkitgtk 34whitelist ${HOME}/.local/share/webkitgtk
35whitelist ${HOME}/.pki 35whitelist ${HOME}/.pki
36include /etc/firejail/whitelist-common.inc 36include whitelist-common.inc
37 37
38caps.drop all 38caps.drop all
39netfilter 39netfilter
diff --git a/etc/min.profile b/etc/min.profile
index 91c6fce3c..3029c2952 100644
--- a/etc/min.profile
+++ b/etc/min.profile
@@ -2,24 +2,24 @@
2# Description: A faster, smarter web browser. 2# Description: A faster, smarter web browser.
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/min.local 5include min.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Min 9noblacklist ${HOME}/.config/Min
10 10
11noblacklist ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.pki 18mkdir ${HOME}/.pki
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.pki 20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25# ipc-namespace 25# ipc-namespace
@@ -33,6 +33,7 @@ nogroups
33nonewprivs 33nonewprivs
34noroot 34noroot
35notv 35notv
36nou2f
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
38shell none 39shell none
diff --git a/etc/minetest.profile b/etc/minetest.profile
index 3e06b6d30..17b39f7c6 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -2,22 +2,22 @@
2# Description: Multiplayer infinite-world block sandbox 2# Description: Multiplayer infinite-world block sandbox
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/minetest.local 5include minetest.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.minetest 9noblacklist ${HOME}/.minetest
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.minetest 17mkdir ${HOME}/.minetest
18whitelist ${HOME}/.minetest 18whitelist ${HOME}/.minetest
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index 421637509..4500f74a5 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -2,19 +2,19 @@
2# Description: Simple Xfce oriented text editor 2# Description: Simple Xfce oriented text editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mousepad.local 5include mousepad.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Mousepad 9noblacklist ${HOME}/.config/Mousepad
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27protocol unix 28protocol unix
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 709f2ef89..4f0977c40 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -2,21 +2,21 @@
2# Description: Music Player Daemon 2# Description: Music Player Daemon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mpd.local 5include mpd.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpd 9noblacklist ${HOME}/.config/mpd
10noblacklist ${HOME}/.mpd 10noblacklist ${HOME}/.mpd
11noblacklist ${HOME}/.mpdconf 11noblacklist ${HOME}/.mpdconf
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nodvd
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/mplayer.profile b/etc/mplayer.profile
index 29ef21b9d..8c0b50eca 100644
--- a/etc/mplayer.profile
+++ b/etc/mplayer.profile
@@ -2,28 +2,29 @@
2# Description: Movie player for Unix-like systems 2# Description: Movie player for Unix-like systems
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mplayer.local 5include mplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.mplayer 9noblacklist ${HOME}/.mplayer
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11noblacklist ${VIDEOS} 11noblacklist ${VIDEOS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
24# nogroups 24# nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27nou2f
27protocol unix,inet,inet6,netlink 28protocol unix,inet,inet6,netlink
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/mpv.profile b/etc/mpv.profile
index 5747cd3fa..3d73a8eae 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -2,9 +2,9 @@
2# Description: Video player based on MPlayer/mplayer2 2# Description: Video player based on MPlayer/mplayer2
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mpv.local 5include mpv.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mpv 9noblacklist ${HOME}/.config/mpv
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29apparmor 29apparmor
30caps.drop all 30caps.drop all
@@ -34,6 +34,7 @@ nodbus
34nogroups 34nogroups
35nonewprivs 35nonewprivs
36noroot 36noroot
37nou2f
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
39shell none 40shell none
diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile
index 4fb8c6fc1..e103baf19 100644
--- a/etc/ms-excel.profile
+++ b/etc/ms-excel.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Excel 1# Firejail profile for Microsoft Office Online - Excel
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-excel.local 4include ms-excel.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-excel-online 8noblacklist ${HOME}/.cache/ms-excel-online
9private-bin ms-excel 9private-bin ms-excel
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-office.profile b/etc/ms-office.profile
index cedc5eff4..6c8cb213f 100644
--- a/etc/ms-office.profile
+++ b/etc/ms-office.profile
@@ -1,9 +1,9 @@
1# Firejail profile for Microsoft Office Online 1# Firejail profile for Microsoft Office Online
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-office.local 4include ms-office.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-office-online 8noblacklist ${HOME}/.cache/ms-office-online
9noblacklist ${HOME}/.jak 9noblacklist ${HOME}/.jak
@@ -14,11 +14,11 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile
index 520544ab4..1259d55c8 100644
--- a/etc/ms-onenote.profile
+++ b/etc/ms-onenote.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Onenote 1# Firejail profile for Microsoft Office Online - Onenote
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-onenote.local 4include ms-onenote.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-onenote-online 8noblacklist ${HOME}/.cache/ms-onenote-online
9private-bin ms-onenote 9private-bin ms-onenote
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile
index e438bbdfc..a9fadc2c1 100644
--- a/etc/ms-outlook.profile
+++ b/etc/ms-outlook.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Outlook 1# Firejail profile for Microsoft Office Online - Outlook
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-outlook.local 4include ms-outlook.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-outlook-online 8noblacklist ${HOME}/.cache/ms-outlook-online
9private-bin ms-outlook 9private-bin ms-outlook
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile
index 82be095d0..4c096de4e 100644
--- a/etc/ms-powerpoint.profile
+++ b/etc/ms-powerpoint.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Powerpoint 1# Firejail profile for Microsoft Office Online - Powerpoint
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-powerpoint.local 4include ms-powerpoint.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-powerpoint-online 8noblacklist ${HOME}/.cache/ms-powerpoint-online
9private-bin ms-powerpoint 9private-bin ms-powerpoint
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile
index fa3c4a314..02084d923 100644
--- a/etc/ms-skype.profile
+++ b/etc/ms-skype.profile
@@ -1,13 +1,13 @@
1# Firejail profile for Microsoft Office Online - Skype 1# Firejail profile for Microsoft Office Online - Skype
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-skype.local 4include ms-skype.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-skype-online 8noblacklist ${HOME}/.cache/ms-skype-online
9ignore novideo 9ignore novideo
10private-bin ms-skype 10private-bin ms-skype
11 11
12# Redirect 12# Redirect
13include /etc/firejail/ms-office.profile 13include ms-office.profile
diff --git a/etc/ms-word.profile b/etc/ms-word.profile
index fdcab27a7..f21e987d4 100644
--- a/etc/ms-word.profile
+++ b/etc/ms-word.profile
@@ -1,12 +1,12 @@
1# Firejail profile for Microsoft Office Online - Word 1# Firejail profile for Microsoft Office Online - Word
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ms-word.local 4include ms-word.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/ms-word-online 8noblacklist ${HOME}/.cache/ms-word-online
9private-bin ms-word 9private-bin ms-word
10 10
11# Redirect 11# Redirect
12include /etc/firejail/ms-office.profile 12include ms-office.profile
diff --git a/etc/multimc5.profile b/etc/multimc5.profile
index 2b63c2032..75e6e2804 100644
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@@ -1,9 +1,9 @@
1# Firejail profile for multimc5 1# Firejail profile for multimc5
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/multimc5.local 4include multimc5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
9noblacklist ${HOME}/.local/share/multimc 9noblacklist ${HOME}/.local/share/multimc
@@ -16,17 +16,17 @@ noblacklist /usr/lib/java
16noblacklist /etc/java 16noblacklist /etc/java
17noblacklist /usr/share/java 17noblacklist /usr/share/java
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25mkdir ${HOME}/.local/share/multimc 25mkdir ${HOME}/.local/share/multimc
26whitelist ${HOME}/.local/share/multimc 26whitelist ${HOME}/.local/share/multimc
27whitelist ${HOME}/.local/share/multimc5 27whitelist ${HOME}/.local/share/multimc5
28whitelist ${HOME}/.multimc5 28whitelist ${HOME}/.multimc5
29include /etc/firejail/whitelist-common.inc 29include whitelist-common.inc
30 30
31caps.drop all 31caps.drop all
32netfilter 32netfilter
@@ -35,6 +35,7 @@ nogroups
35nonewprivs 35nonewprivs
36noroot 36noroot
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix,inet,inet6 40protocol unix,inet,inet6
40# seccomp 41# seccomp
diff --git a/etc/mumble.profile b/etc/mumble.profile
index c5af9aa42..276e77c68 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -2,25 +2,25 @@
2# Description: Low latency encrypted VoIP client 2# Description: Low latency encrypted VoIP client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mumble.local 5include mumble.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Mumble 9noblacklist ${HOME}/.config/Mumble
10noblacklist ${HOME}/.local/share/data/Mumble 10noblacklist ${HOME}/.local/share/data/Mumble
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/Mumble 18mkdir ${HOME}/.config/Mumble
19mkdir ${HOME}/.local/share/data/Mumble 19mkdir ${HOME}/.local/share/data/Mumble
20whitelist ${HOME}/.config/Mumble 20whitelist ${HOME}/.config/Mumble
21whitelist ${HOME}/.local/share/data/Mumble 21whitelist ${HOME}/.local/share/data/Mumble
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index b49597e00..011e85c0e 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -2,20 +2,20 @@
2# Description: Lightweight PDF viewer 2# Description: Lightweight PDF viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mupdf.local 5include mupdf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21machine-id 21machine-id
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index a235c44c8..3798609d2 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -2,25 +2,25 @@
2# Description: Nintendo64 Emulator 2# Description: Nintendo64 Emulator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mupen64plus.local 5include mupen64plus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/mupen64plus 9noblacklist ${HOME}/.config/mupen64plus
10noblacklist ${HOME}/.local/share/mupen64plus 10noblacklist ${HOME}/.local/share/mupen64plus
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18# you'll need to manually whitelist ROM files 18# you'll need to manually whitelist ROM files
19mkdir ${HOME}/.config/mupen64plus 19mkdir ${HOME}/.config/mupen64plus
20mkdir ${HOME}/.local/share/mupen64plus 20mkdir ${HOME}/.local/share/mupen64plus
21whitelist ${HOME}/.config/mupen64plus/ 21whitelist ${HOME}/.config/mupen64plus/
22whitelist ${HOME}/.local/share/mupen64plus/ 22whitelist ${HOME}/.local/share/mupen64plus/
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/musescore.profile b/etc/musescore.profile
index 3eb929bd1..5f009c681 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -2,9 +2,9 @@
2# Description: Free music composition and notation software 2# Description: Free music composition and notation software
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/musescore.local 5include musescore.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/MusE 9noblacklist ${HOME}/.config/MusE
10noblacklist ${HOME}/.config/MuseScore 10noblacklist ${HOME}/.config/MuseScore
@@ -13,14 +13,14 @@ noblacklist ${HOME}/.local/share/data/MuseScore
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14noblacklist ${MUSIC} 14noblacklist ${MUSIC}
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21include /etc/firejail/disable-xdg.inc 21include disable-xdg.inc
22 22
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile
index ba010d6a3..d5fde525e 100644
--- a/etc/musixmatch.profile
+++ b/etc/musixmatch.profile
@@ -1,17 +1,17 @@
1# Firejail profile for Musixmatch 1# Firejail profile for Musixmatch
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/musixmatch.local 4include musixmatch.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${MUSIC} 8noblacklist ${MUSIC}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16caps.drop all 16caps.drop all
17ipc-namespace 17ipc-namespace
@@ -24,6 +24,7 @@ noroot
24nogroups 24nogroups
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6,netlink 29protocol unix,inet,inet6,netlink
29seccomp 30seccomp
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 6cb09ec78..b092f2333 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -2,9 +2,9 @@
2# Description: Text-based mailreader supporting MIME, GPG, PGP and threading 2# Description: Text-based mailreader supporting MIME, GPG, PGP and threading
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/mutt.local 5include mutt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -32,11 +32,11 @@ noblacklist ${HOME}/mail
32noblacklist ${HOME}/postponed 32noblacklist ${HOME}/postponed
33noblacklist ${HOME}/sent 33noblacklist ${HOME}/sent
34 34
35include /etc/firejail/disable-common.inc 35include disable-common.inc
36include /etc/firejail/disable-devel.inc 36include disable-devel.inc
37include /etc/firejail/disable-interpreters.inc 37include disable-interpreters.inc
38include /etc/firejail/disable-passwdmgr.inc 38include disable-passwdmgr.inc
39include /etc/firejail/disable-programs.inc 39include disable-programs.inc
40 40
41caps.drop all 41caps.drop all
42netfilter 42netfilter
@@ -47,6 +47,7 @@ nonewprivs
47noroot 47noroot
48nosound 48nosound
49notv 49notv
50nou2f
50novideo 51novideo
51protocol unix,inet,inet6 52protocol unix,inet,inet6
52seccomp 53seccomp
diff --git a/etc/natron.profile b/etc/natron.profile
index 76e909f83..790fe437d 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -1,9 +1,9 @@
1# Firejail profile for natron 1# Firejail profile for natron
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/natron.local 4include natron.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# Allow access to python 8# Allow access to python
9noblacklist ${PATH}/python2* 9noblacklist ${PATH}/python2*
@@ -16,11 +16,11 @@ noblacklist ${HOME}/.cache/INRIA/Natron
16noblacklist ${HOME}/.config/INRIA 16noblacklist ${HOME}/.config/INRIA
17noblacklist /opt/natron 17noblacklist /opt/natron
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24 24
25caps.drop all 25caps.drop all
26net none 26net none
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 1809a6b3c..13fe9a9e1 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -2,9 +2,9 @@
2# Description: File manager and graphical shell for GNOME 2# Description: File manager and graphical shell for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nautilus.local 5include nautilus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there 9# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10# is already a nautilus process running on gnome desktops firejail will have no effect. 10# is already a nautilus process running on gnome desktops firejail will have no effect.
@@ -20,11 +20,11 @@ noblacklist ${PATH}/python3*
20noblacklist /usr/lib/python2* 20noblacklist /usr/lib/python2*
21noblacklist /usr/lib/python3* 21noblacklist /usr/lib/python3*
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27# include /etc/firejail/disable-programs.inc 27# include disable-programs.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
diff --git a/etc/ncdu.profile b/etc/ncdu.profile
index fa566b9fd..ac0fd19b2 100644
--- a/etc/ncdu.profile
+++ b/etc/ncdu.profile
@@ -2,9 +2,9 @@
2# Description: Ncurses disk usage viewer 2# Description: Ncurses disk usage viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ncdu.local 5include ncdu.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9caps.drop all 9caps.drop all
10ipc-namespace 10ipc-namespace
@@ -17,6 +17,7 @@ nonewprivs
17noroot 17noroot
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21protocol unix 22protocol unix
22seccomp 23seccomp
diff --git a/etc/nemo.profile b/etc/nemo.profile
index 98e4ba1bd..8da094015 100644
--- a/etc/nemo.profile
+++ b/etc/nemo.profile
@@ -2,9 +2,9 @@
2# Description: File manager and graphical shell for Cinnamon 2# Description: File manager and graphical shell for Cinnamon
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nemo.local 5include nemo.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nemo 9noblacklist ${HOME}/.config/nemo
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -17,10 +17,10 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index cb38d9de0..0ddb7bbbe 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -2,24 +2,24 @@
2# Description: Lightweight and fast web browser 2# Description: Lightweight and fast web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/netsurf.local 5include netsurf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/netsurf 9noblacklist ${HOME}/.cache/netsurf
10noblacklist ${HOME}/.config/netsurf 10noblacklist ${HOME}/.config/netsurf
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.cache/netsurf 17mkdir ${HOME}/.cache/netsurf
18mkdir ${HOME}/.config/netsurf 18mkdir ${HOME}/.config/netsurf
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.cache/netsurf 20whitelist ${HOME}/.cache/netsurf
21whitelist ${HOME}/.config/netsurf 21whitelist ${HOME}/.config/netsurf
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
diff --git a/etc/neverball.profile b/etc/neverball.profile
index 5e6032ae5..34493485a 100644
--- a/etc/neverball.profile
+++ b/etc/neverball.profile
@@ -2,21 +2,21 @@
2# Description: 3D floor-tilting game 2# Description: 3D floor-tilting game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/neverball.local 5include neverball.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.neverball 9noblacklist ${HOME}/.neverball
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.neverball 17mkdir ${HOME}/.neverball
18whitelist ${HOME}/.neverball 18whitelist ${HOME}/.neverball
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22netfilter 22netfilter
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
diff --git a/etc/nheko.profile b/etc/nheko.profile
index f216a9fa5..ea99b2f5a 100644
--- a/etc/nheko.profile
+++ b/etc/nheko.profile
@@ -2,18 +2,18 @@
2# Description: Desktop IM client for the Matrix protocol 2# Description: Desktop IM client for the Matrix protocol
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/nheko.local 5include nheko.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/nheko 9noblacklist ${HOME}/.config/nheko
10noblacklist ${HOME}/.cache/nheko/nheko 10noblacklist ${HOME}/.cache/nheko/nheko
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/nheko 18mkdir ${HOME}/.config/nheko
19mkdir ${HOME}/.cache/nheko/nheko 19mkdir ${HOME}/.cache/nheko/nheko
@@ -22,7 +22,7 @@ whitelist ${HOME}/.config/nheko
22whitelist ${HOME}/.cache/nheko/nheko 22whitelist ${HOME}/.cache/nheko/nheko
23whitelist ${DOWNLOADS} 23whitelist ${DOWNLOADS}
24 24
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-cli.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-nmh.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-send.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile
new file mode 100644
index 000000000..5ee683711
--- /dev/null
+++ b/etc/nitroshare-ui.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4
5
6# Redirect
7include nitroshare.profile
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile
new file mode 100644
index 000000000..67c651429
--- /dev/null
+++ b/etc/nitroshare.profile
@@ -0,0 +1,50 @@
1# Firejail profile for nitroshare
2# Description: Network File Transfer Application
3# This file is overwritten after every install/update
4# Persistent local customizations
5include nitroshare.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/Nathan Osman
10noblacklist ${HOME}/.config/NitroShare
11
12# Allow python (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/python2*
14noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3*
17
18include disable-common.inc
19include disable-devel.inc
20include disable-interpreters.inc
21include disable-passwdmgr.inc
22include disable-programs.inc
23
24caps.drop all
25netfilter
26no3d
27# nodbus
28nodvd
29nogroups
30nonewprivs
31noroot
32nosound
33notv
34nou2f
35novideo
36protocol unix,inet,inet6,netlink
37seccomp
38shell none
39
40disable-mnt
41private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui
42private-cache
43private-dev
44private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl
45# private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare
46private-tmp
47
48# memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/nylas.profile b/etc/nylas.profile
index 28305a203..263e09198 100644
--- a/etc/nylas.profile
+++ b/etc/nylas.profile
@@ -1,23 +1,23 @@
1# Firejail profile for nylas 1# Firejail profile for nylas
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/nylas.local 4include nylas.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Nylas Mail 8noblacklist ${HOME}/.config/Nylas Mail
9noblacklist ${HOME}/.nylas-mail 9noblacklist ${HOME}/.nylas-mail
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/Nylas Mail 18whitelist ${HOME}/.config/Nylas Mail
19whitelist ${HOME}/.nylas-mail 19whitelist ${HOME}/.nylas-mail
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
diff --git a/etc/obs.profile b/etc/obs.profile
index 611ecdd67..87afdc222 100644
--- a/etc/obs.profile
+++ b/etc/obs.profile
@@ -1,9 +1,9 @@
1# Firejail profile for obs 1# Firejail profile for obs
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/obs.local 4include obs.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/obs-studio 8noblacklist ${HOME}/.config/obs-studio
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29nodvd 29nodvd
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index 59470f3bb..3a1369b83 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -2,20 +2,20 @@
2# Description: Simple converter from OpenDocument Text to plain text 2# Description: Simple converter from OpenDocument Text to plain text
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/odt2txt.local 5include odt2txt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21net none 21net none
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/okular.profile b/etc/okular.profile
index 0f15500af..0192a1d3d 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -2,9 +2,9 @@
2# Description: Universal document viewer 2# Description: Universal document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/okular.local 5include okular.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/okular 9noblacklist ${HOME}/.cache/okular
10noblacklist ${HOME}/.config/okularpartrc 10noblacklist ${HOME}/.config/okularpartrc
@@ -18,14 +18,14 @@ noblacklist ${HOME}/.kde4/share/config/okularrc
18noblacklist ${HOME}/.local/share/okular 18noblacklist ${HOME}/.local/share/okular
19noblacklist ${DOCUMENTS} 19noblacklist ${DOCUMENTS}
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26include /etc/firejail/disable-xdg.inc 26include disable-xdg.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30apparmor 30apparmor
31caps.drop all 31caps.drop all
@@ -39,6 +39,7 @@ nonewprivs
39noroot 39noroot
40nosound 40nosound
41notv 41notv
42nou2f
42novideo 43novideo
43protocol unix 44protocol unix
44seccomp 45seccomp
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
index 1c93ef9b9..1955901b0 100644
--- a/etc/onionshare-gui.profile
+++ b/etc/onionshare-gui.profile
@@ -1,9 +1,9 @@
1# Firejail profile for onionshare-gui 1# Firejail profile for onionshare-gui
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/onionshare-gui.local 4include onionshare-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/onionshare 8noblacklist ${HOME}/.config/onionshare
9 9
@@ -11,13 +11,13 @@ noblacklist ${HOME}/.config/onionshare
11noblacklist ${PATH}/python3* 11noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python3* 12noblacklist /usr/lib/python3*
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 1cd9e9537..108398104 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -2,21 +2,21 @@
2# Description: Space Invaders clone 2# Description: Space Invaders clone
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/open-invaders.local 5include open-invaders.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.openinvaders 9noblacklist ${HOME}/.openinvaders
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.openinvaders 17mkdir ${HOME}/.openinvaders
18whitelist ${HOME}/.openinvaders 18whitelist ${HOME}/.openinvaders
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/openbox.profile b/etc/openbox.profile
index 1540b71bd..1fb93c79c 100644
--- a/etc/openbox.profile
+++ b/etc/openbox.profile
@@ -2,13 +2,13 @@
2# Description: Standards-compliant, fast, light-weight and extensible window manager 2# Description: Standards-compliant, fast, light-weight and extensible window manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/openbox.local 5include openbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# all applications started in OpenBox will run in this profile 9# all applications started in OpenBox will run in this profile
10noblacklist ${HOME}/.config/openbox 10noblacklist ${HOME}/.config/openbox
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile
index cbd1f8fe8..b86073b41 100644
--- a/etc/openshot-qt.profile
+++ b/etc/openshot-qt.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/openshot.profile 6include openshot.profile
diff --git a/etc/openshot.profile b/etc/openshot.profile
index 242511243..e383ecf06 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -2,9 +2,9 @@
2# Description: Create and edit videos and movies 2# Description: Create and edit videos and movies
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/openshot.local 5include openshot.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.openshot 9noblacklist ${HOME}/.openshot
10noblacklist ${HOME}/.openshot_qt 10noblacklist ${HOME}/.openshot_qt
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35protocol unix,inet,inet6,netlink 36protocol unix,inet,inet6,netlink
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index 38a3152d2..8658d30c6 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -1,9 +1,9 @@
1# Firejail profile for opera-beta 1# Firejail profile for opera-beta
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/opera-beta.local 4include opera-beta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/opera 8noblacklist ${HOME}/.cache/opera
9noblacklist ${HOME}/.config/opera-beta 9noblacklist ${HOME}/.config/opera-beta
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/opera
14whitelist ${HOME}/.config/opera-beta 14whitelist ${HOME}/.config/opera-beta
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/opera.profile b/etc/opera.profile
index 294041c24..b342b3961 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -2,9 +2,9 @@
2# Description: A fast and secure web browser 2# Description: A fast and secure web browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/opera.local 5include opera.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/opera 9noblacklist ${HOME}/.cache/opera
10noblacklist ${HOME}/.config/opera 10noblacklist ${HOME}/.config/opera
@@ -18,4 +18,4 @@ whitelist ${HOME}/.config/opera
18whitelist ${HOME}/.opera 18whitelist ${HOME}/.opera
19 19
20# Redirect 20# Redirect
21include /etc/firejail/chromium-common.profile 21include chromium-common.profile
diff --git a/etc/orage.profile b/etc/orage.profile
index 8fc6330d9..29b8ef749 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -2,19 +2,19 @@
2# Description: Calendar for Xfce Desktop Environment 2# Description: Calendar for Xfce Desktop Environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/orage.local 5include orage.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/orage 9noblacklist ${HOME}/.config/orage
10noblacklist ${HOME}/.local/share/orage 10noblacklist ${HOME}/.local/share/orage
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/p7zip.profile b/etc/p7zip.profile
index f8b2d6f1a..644292f2b 100644
--- a/etc/p7zip.profile
+++ b/etc/p7zip.profile
@@ -2,10 +2,10 @@
2# Description: 7zr file archiver with high compression ratio 2# Description: 7zr file archiver with high compression ratio
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/p7zip.local 5include p7zip.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included profile 7# added by included profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10# Redirect 10# Redirect
11include /etc/firejail/7z.profile 11include 7z.profile
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 1104acff4..11464e6cf 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -1,9 +1,9 @@
1# Firejail profile for palemoon 1# Firejail profile for palemoon
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/palemoon.local 4include palemoon.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/moonchild productions/pale moon 8noblacklist ${HOME}/.cache/moonchild productions/pale moon
9noblacklist ${HOME}/.moonchild productions/pale moon 9noblacklist ${HOME}/.moonchild productions/pale moon
@@ -23,4 +23,4 @@ seccomp
23#private-opt palemoon 23#private-opt palemoon
24 24
25# Redirect 25# Redirect
26include /etc/firejail/firefox-common.profile 26include firefox-common.profile
diff --git a/etc/parole.profile b/etc/parole.profile
index 00e1466b4..9ad59d2e6 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -2,19 +2,19 @@
2# Description: Media player based on GStreamer framework 2# Description: Media player based on GStreamer framework
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/parole.local 5include parole.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10noblacklist ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/patch.profile b/etc/patch.profile
index 8fa6ac966..26542e229 100644
--- a/etc/patch.profile
+++ b/etc/patch.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/patch.local 6include patch.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index c7e449166..0c1e95e63 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -2,19 +2,19 @@
2# Description: Extremely fast and lightweight file manager 2# Description: Extremely fast and lightweight file manager
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pcmanfm.local 5include pcmanfm.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.local/share/Trash 9noblacklist ${HOME}/.local/share/Trash
10# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below 10# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
11# noblacklist ${HOME}/.config/pcmanfm 11# noblacklist ${HOME}/.config/pcmanfm
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17# include /etc/firejail/disable-programs.inc 17# include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20# net none - see issue #1467, computer:/// location broken 20# net none - see issue #1467, computer:/// location broken
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
index f6a615632..f0db20b74 100644
--- a/etc/pdfchain.profile
+++ b/etc/pdfchain.profile
@@ -1,20 +1,20 @@
1# Firejail profile for pdfchain 1# Firejail profile for pdfchain
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pdfchain.local 4include pdfchain.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile
index 34cf5e44f..3b6116c85 100644
--- a/etc/pdfmod.profile
+++ b/etc/pdfmod.profile
@@ -2,22 +2,22 @@
2# Description: Simple tool for modifying PDF documents 2# Description: Simple tool for modifying PDF documents
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pdfmod.local 5include pdfmod.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/pdfmod 9noblacklist ${HOME}/.cache/pdfmod
10noblacklist ${HOME}/.config/pdfmod 10noblacklist ${HOME}/.config/pdfmod
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23ipc-namespace 23ipc-namespace
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index a09ab0a8a..4eed98e88 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -2,9 +2,9 @@
2# Description: PDF Split and Merge 2# Description: PDF Split and Merge
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pdfsam.local 5include pdfsam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
@@ -15,12 +15,12 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index d162f45b5..6b2b0fba5 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -1,22 +1,22 @@
1# Firejail profile for pdftotext 1# Firejail profile for pdftotext
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pdftotext.local 4include pdftotext.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/peek.profile b/etc/peek.profile
index edc43d006..06e7b3e62 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -1,20 +1,20 @@
1# Firejail profile for peek 1# Firejail profile for peek
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/peek.local 4include peek.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/peek 8noblacklist ${HOME}/.cache/peek
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10noblacklist ${VIDEOS} 10noblacklist ${VIDEOS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20net none 20net none
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
diff --git a/etc/picard.profile b/etc/picard.profile
index 8474eeda6..dc13d7d6e 100644
--- a/etc/picard.profile
+++ b/etc/picard.profile
@@ -2,9 +2,9 @@
2# Description: Next-Generation MusicBrainz audio files tagger 2# Description: Next-Generation MusicBrainz audio files tagger
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/picard.local 5include picard.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/MusicBrainz 9noblacklist ${HOME}/.cache/MusicBrainz
10noblacklist ${HOME}/.config/MusicBrainz 10noblacklist ${HOME}/.config/MusicBrainz
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29no3d 29no3d
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index e891f5fd8..91a204557 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -2,17 +2,17 @@
2# Description: Graphical multi-protocol instant messaging client 2# Description: Graphical multi-protocol instant messaging client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pidgin.local 5include pidgin.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.purple 9noblacklist ${HOME}/.purple
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24protocol unix,inet,inet6 25protocol unix,inet,inet6
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/ping.profile b/etc/ping.profile
index 2b20bf8c9..bdd29c1a1 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -2,17 +2,17 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ping.local 5include ping.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15include /etc/firejail/whitelist-common.inc 15include whitelist-common.inc
16 16
17caps.keep net_raw 17caps.keep net_raw
18ipc-namespace 18ipc-namespace
@@ -27,6 +27,7 @@ nogroups
27#noroot 27#noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31 32
32# protocol command is built using seccomp; nonewprivs will kill it 33# protocol command is built using seccomp; nonewprivs will kill it
@@ -47,5 +48,3 @@ private-tmp
47#memory-deny-write-execute 48#memory-deny-write-execute
48noexec ${HOME} 49noexec ${HOME}
49noexec /tmp 50noexec /tmp
50
51
diff --git a/etc/pingus.profile b/etc/pingus.profile
index 4ce584d1e..f071e664f 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -2,21 +2,21 @@
2# Description: Free Lemmings(TM) clone 2# Description: Free Lemmings(TM) clone
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pingus.local 5include pingus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.pingus 9noblacklist ${HOME}/.pingus
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.pingus 17mkdir ${HOME}/.pingus
18whitelist ${HOME}/.pingus 18whitelist ${HOME}/.pingus
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 506918b92..3dfe3cc1b 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -2,20 +2,20 @@
2# Description: Simple drawing/painting program 2# Description: Simple drawing/painting program
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pinta.local 5include pinta.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Pinta 9noblacklist ${HOME}/.config/Pinta
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11noblacklist ${PICTURES} 11noblacklist ${PICTURES}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/pithos.profile b/etc/pithos.profile
index cbe7ac9c6..b201dcfea 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -2,9 +2,9 @@
2# Description: Pandora Radio client for the GNOME desktop 2# Description: Pandora Radio client for the GNOME desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pithos.local 5include pithos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,15 +12,15 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/pitivi.profile b/etc/pitivi.profile
index 6f6aed117..5bd6fd357 100644
--- a/etc/pitivi.profile
+++ b/etc/pitivi.profile
@@ -2,9 +2,9 @@
2# Description: Non-linear audio/video editor using GStreamer 2# Description: Non-linear audio/video editor using GStreamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pitivi.local 5include pitivi.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10noblacklist ${HOME}/.config/pitivi 10noblacklist ${HOME}/.config/pitivi
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
@@ -31,6 +31,7 @@ nogroups
31nonewprivs 31nonewprivs
32noroot 32noroot
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/pix.profile b/etc/pix.profile
index dfc6d780e..9864ed718 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -1,20 +1,20 @@
1# Firejail profile for pix 1# Firejail profile for pix
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pix.local 4include pix.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/pix 8noblacklist ${HOME}/.config/pix
9noblacklist ${HOME}/.local/share/pix 9noblacklist ${HOME}/.local/share/pix
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile
index 119baf6b5..707c75cec 100644
--- a/etc/playonlinux.profile
+++ b/etc/playonlinux.profile
@@ -2,9 +2,9 @@
2# Description: Front-end for Wine 2# Description: Front-end for Wine
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/playonlinux.local 5include playonlinux.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.local/share/Steam 10noblacklist ${HOME}/.local/share/Steam
@@ -22,11 +22,11 @@ noblacklist ${PATH}/perl
22noblacklist /usr/lib/perl* 22noblacklist /usr/lib/perl*
23noblacklist /usr/share/perl* 23noblacklist /usr/share/perl*
24 24
25include /etc/firejail/disable-common.inc 25include disable-common.inc
26# playonlinux uses perl 26# playonlinux uses perl
27include /etc/firejail/disable-devel.inc 27include disable-devel.inc
28include /etc/firejail/disable-interpreters.inc 28include disable-interpreters.inc
29include /etc/firejail/disable-programs.inc 29include disable-programs.inc
30 30
31caps.drop all 31caps.drop all
32netfilter 32netfilter
diff --git a/etc/pluma.profile b/etc/pluma.profile
index 832e7a3f4..35b141c1a 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -2,19 +2,19 @@
2# Description: Official text editor of the MATE desktop environment 2# Description: Official text editor of the MATE desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/pluma.local 5include pluma.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/pluma 9noblacklist ${HOME}/.config/pluma
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include whitelist-var-common.inc
18 18
19# apparmor - makes settings immutable 19# apparmor - makes settings immutable
20caps.drop all 20caps.drop all
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/polari.profile b/etc/polari.profile
index cb6b0f73c..5fa717cb3 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -2,15 +2,15 @@
2# Description: Internet Relay Chat (IRC) client 2# Description: Internet Relay Chat (IRC) client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/polari.local 5include polari.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.cache/telepathy 15mkdir ${HOME}/.cache/telepathy
16mkdir ${HOME}/.config/telepathy-account-widgets 16mkdir ${HOME}/.config/telepathy-account-widgets
@@ -24,7 +24,7 @@ whitelist ${HOME}/.local/share/Empathy
24whitelist ${HOME}/.local/share/TpLogger 24whitelist ${HOME}/.local/share/TpLogger
25whitelist ${HOME}/.local/share/telepathy 25whitelist ${HOME}/.local/share/telepathy
26whitelist ${HOME}/.purple 26whitelist ${HOME}/.purple
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36nosound 36nosound
37notv 37notv
38nou2f
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
40shell none 41shell none
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
index 8fcc19e65..fc37e6fd2 100644
--- a/etc/ppsspp.profile
+++ b/etc/ppsspp.profile
@@ -2,23 +2,23 @@
2# Description: A PSP emulator written in C++ 2# Description: A PSP emulator written in C++
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ppsspp.local 5include ppsspp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ppsspp 9noblacklist ${HOME}/.config/ppsspp
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11# with >=llvm-4 mesa drivers need llvm stuff 11# with >=llvm-4 mesa drivers need llvm stuff
12noblacklist /usr/lib/llvm* 12noblacklist /usr/lib/llvm*
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index d2612c95c..7ec789440 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -2,18 +2,18 @@
2# Description: Qt-based XMPP/Jabber client 2# Description: Qt-based XMPP/Jabber client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/psi-plus.local 5include psi-plus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/psi+ 9noblacklist ${HOME}/.config/psi+
10noblacklist ${HOME}/.local/share/psi+ 10noblacklist ${HOME}/.local/share/psi+
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/psi+ 18mkdir ${HOME}/.cache/psi+
19mkdir ${HOME}/.config/psi+ 19mkdir ${HOME}/.config/psi+
@@ -22,7 +22,7 @@ whitelist ${DOWNLOADS}
22whitelist ${HOME}/.cache/psi+ 22whitelist ${HOME}/.cache/psi+
23whitelist ${HOME}/.config/psi+ 23whitelist ${HOME}/.config/psi+
24whitelist ${HOME}/.local/share/psi+ 24whitelist ${HOME}/.local/share/psi+
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
@@ -32,6 +32,7 @@ nogroups
32nonewprivs 32nonewprivs
33noroot 33noroot
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix,inet,inet6 37protocol unix,inet,inet6
37seccomp 38seccomp
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile
index 02c35b104..eea0d9e9f 100644
--- a/etc/pybitmessage.profile
+++ b/etc/pybitmessage.profile
@@ -1,9 +1,9 @@
1# Firejail profile for pybitmessage 1# Firejail profile for pybitmessage
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pybitmessage.local 4include pybitmessage.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist /sbin 8noblacklist /sbin
9noblacklist /usr/local/sbin 9noblacklist /usr/local/sbin
@@ -15,13 +15,13 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27ipc-namespace 27ipc-namespace
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6,netlink 38protocol unix,inet,inet6,netlink
38seccomp 39seccomp
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile
index 89bb9dadf..32fdc750f 100644
--- a/etc/pycharm-community.profile
+++ b/etc/pycharm-community.profile
@@ -1,9 +1,9 @@
1# Firejail profile for pycharm-community 1# Firejail profile for pycharm-community
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/pycharm-community.local 4include pycharm-community.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/snap 8noblacklist ${HOME}/snap
9noblacklist ${HOME}/.PyCharmCE* 9noblacklist ${HOME}/.PyCharmCE*
@@ -15,10 +15,10 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23caps.drop all 23caps.drop all
24machine-id 24machine-id
@@ -26,6 +26,7 @@ nodvd
26nogroups 26nogroups
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30shell none 31shell none
31tracelog 32tracelog
diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile
index b28082dc4..a14d0268b 100644
--- a/etc/pycharm-professional.profile
+++ b/etc/pycharm-professional.profile
@@ -4,4 +4,4 @@
4noblacklist ${HOME}/.PyCharm* 4noblacklist ${HOME}/.PyCharm*
5 5
6# Redirect 6# Redirect
7include /etc/firejail/pycharm-community.profile 7include pycharm-community.profile
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 4ba5d3871..b6b94c703 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -2,9 +2,9 @@
2# Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI 2# Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qbittorrent.local 5include qbittorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/qBittorrent 9noblacklist ${HOME}/.cache/qBittorrent
10noblacklist ${HOME}/.config/qBittorrent 10noblacklist ${HOME}/.config/qBittorrent
@@ -17,11 +17,11 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25 25
26mkdir ${HOME}/.cache/qBittorrent 26mkdir ${HOME}/.cache/qBittorrent
27mkdir ${HOME}/.config/qBittorrent 27mkdir ${HOME}/.config/qBittorrent
@@ -31,8 +31,8 @@ whitelist ${HOME}/.cache/qBittorrent
31whitelist ${HOME}/.config/qBittorrent 31whitelist ${HOME}/.config/qBittorrent
32whitelist ${HOME}/.config/qBittorrentrc 32whitelist ${HOME}/.config/qBittorrentrc
33whitelist ${HOME}/.local/share/data/qBittorrent 33whitelist ${HOME}/.local/share/data/qBittorrent
34include /etc/firejail/whitelist-common.inc 34include whitelist-common.inc
35include /etc/firejail/whitelist-var-common.inc 35include whitelist-var-common.inc
36 36
37apparmor 37apparmor
38caps.drop all 38caps.drop all
@@ -45,6 +45,7 @@ nonewprivs
45noroot 45noroot
46nosound 46nosound
47notv 47notv
48nou2f
48novideo 49novideo
49protocol unix,inet,inet6,netlink 50protocol unix,inet,inet6,netlink
50seccomp 51seccomp
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index 263c71535..ac60384fd 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -1,15 +1,15 @@
1# Firejail profile for qemu-launcher 1# Firejail profile for qemu-launcher
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qemu-launcher.local 4include qemu-launcher.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.qemu-launcher 8noblacklist ${HOME}/.qemu-launcher
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15netfilter 15netfilter
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 3ab25e92e..1399328d3 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -1,14 +1,14 @@
1# Firejail profile for qemu-system-x86_64 1# Firejail profile for qemu-system-x86_64
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qemu-system-x86_64.local 4include qemu-system-x86_64.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-passwdmgr.inc 10include disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc 11include disable-programs.inc
12 12
13caps.drop all 13caps.drop all
14netfilter 14netfilter
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
index 1293fa30d..ec0b6c64d 100644
--- a/etc/qlipper.profile
+++ b/etc/qlipper.profile
@@ -2,18 +2,18 @@
2# Description: Lightweight and cross-platform clipboard history applet 2# Description: Lightweight and cross-platform clipboard history applet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qlipper.local 5include qlipper.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Qlipper 9noblacklist ${HOME}/.config/Qlipper
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/qmmp.profile b/etc/qmmp.profile
index 9d127731f..66c27a585 100644
--- a/etc/qmmp.profile
+++ b/etc/qmmp.profile
@@ -2,18 +2,18 @@
2# Description: Feature-rich audio player with support of many formats 2# Description: Feature-rich audio player with support of many formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qmmp.local 5include qmmp.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.qmmp 9noblacklist ${HOME}/.qmmp
10noblacklist ${MUSIC} 10noblacklist ${MUSIC}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
index 3063010cc..06598c769 100644
--- a/etc/qpdfview.profile
+++ b/etc/qpdfview.profile
@@ -2,22 +2,22 @@
2# Description: Tabbed document viewer 2# Description: Tabbed document viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qpdfview.local 5include qpdfview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/qpdfview 9noblacklist ${HOME}/.config/qpdfview
10noblacklist ${HOME}/.local/share/qpdfview 10noblacklist ${HOME}/.local/share/qpdfview
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23machine-id 23machine-id
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 3c1697085..450e005f7 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -2,23 +2,23 @@
2# Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines 2# Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qtox.local 5include qtox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/tox 9noblacklist ${HOME}/.config/tox
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/tox 17mkdir ${HOME}/.config/tox
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.config/tox 19whitelist ${HOME}/.config/tox
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/quassel.profile b/etc/quassel.profile
index 69c6aa61b..a78d1edcd 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -2,15 +2,15 @@
2# Description: Distributed IRC client 2# Description: Distributed IRC client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/quassel.local 5include quassel.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 368a3d996..ce0816114 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -2,20 +2,20 @@
2# Description: RSS/Atom news feeds reader 2# Description: RSS/Atom news feeds reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/quiterss.local 5include quiterss.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/QuiteRss 9noblacklist ${HOME}/.cache/QuiteRss
10noblacklist ${HOME}/.config/QuiteRss 10noblacklist ${HOME}/.config/QuiteRss
11noblacklist ${HOME}/.config/QuiteRssrc 11noblacklist ${HOME}/.config/QuiteRssrc
12noblacklist ${HOME}/.local/share/QuiteRss 12noblacklist ${HOME}/.local/share/QuiteRss
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.cache/QuiteRss 20mkdir ${HOME}/.cache/QuiteRss
21mkdir ${HOME}/.config/QuiteRss 21mkdir ${HOME}/.config/QuiteRss
@@ -27,7 +27,7 @@ whitelist ${HOME}/.config/QuiteRssrc
27whitelist ${HOME}/.local/share/data/QuiteRss 27whitelist ${HOME}/.local/share/data/QuiteRss
28whitelist ${HOME}/.local/share/QuiteRss 28whitelist ${HOME}/.local/share/QuiteRss
29whitelist ${HOME}/quiterssfeeds.opml 29whitelist ${HOME}/quiterssfeeds.opml
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
@@ -37,6 +37,7 @@ nonewprivs
37noroot 37noroot
38nosound 38nosound
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile
index e73e8a5e1..efee6ce84 100644
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@@ -1,24 +1,24 @@
1# Firejail profile for qupzilla 1# Firejail profile for qupzilla
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/qupzilla.local 4include qupzilla.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/qupzilla 8noblacklist ${HOME}/.cache/qupzilla
9noblacklist ${HOME}/.config/qupzilla 9noblacklist ${HOME}/.config/qupzilla
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.cache/qupzilla 18whitelist ${HOME}/.cache/qupzilla
19whitelist ${HOME}/.config/qupzilla 19whitelist ${HOME}/.config/qupzilla
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31# blacklisting of chroot system calls breaks qupzilla 32# blacklisting of chroot system calls breaks qupzilla
32seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 33seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index d4d8e3b97..ac9f9bfd9 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -2,9 +2,9 @@
2# Description: Keyboard-driven, vim-like browser based on PyQt5 2# Description: Keyboard-driven, vim-like browser based on PyQt5
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/qutebrowser.local 5include qutebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/qutebrowser 9noblacklist ${HOME}/.cache/qutebrowser
10noblacklist ${HOME}/.config/qutebrowser 10noblacklist ${HOME}/.config/qutebrowser
@@ -19,10 +19,10 @@ noblacklist /usr/lib/python3*
19# with >=llvm-4 mesa drivers need llvm stuff 19# with >=llvm-4 mesa drivers need llvm stuff
20noblacklist /usr/lib/llvm* 20noblacklist /usr/lib/llvm*
21 21
22include /etc/firejail/disable-common.inc 22include disable-common.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26 26
27mkdir ${HOME}/.cache/qutebrowser 27mkdir ${HOME}/.cache/qutebrowser
28mkdir ${HOME}/.config/qutebrowser 28mkdir ${HOME}/.config/qutebrowser
@@ -31,7 +31,7 @@ whitelist ${DOWNLOADS}
31whitelist ${HOME}/.cache/qutebrowser 31whitelist ${HOME}/.cache/qutebrowser
32whitelist ${HOME}/.config/qutebrowser 32whitelist ${HOME}/.config/qutebrowser
33whitelist ${HOME}/.local/share/qutebrowser 33whitelist ${HOME}/.local/share/qutebrowser
34include /etc/firejail/whitelist-common.inc 34include whitelist-common.inc
35 35
36caps.drop all 36caps.drop all
37netfilter 37netfilter
diff --git a/etc/rambox.profile b/etc/rambox.profile
index afe9b41e7..6c65f869b 100644
--- a/etc/rambox.profile
+++ b/etc/rambox.profile
@@ -1,24 +1,24 @@
1# Firejail profile for rambox 1# Firejail profile for rambox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rambox.local 4include rambox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Rambox 8noblacklist ${HOME}/.config/Rambox
9noblacklist ${HOME}/.pki 9noblacklist ${HOME}/.pki
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.config/Rambox 16mkdir ${HOME}/.config/Rambox
17mkdir ${HOME}/.pki 17mkdir ${HOME}/.pki
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19whitelist ${HOME}/.config/Rambox 19whitelist ${HOME}/.config/Rambox
20whitelist ${HOME}/.pki 20whitelist ${HOME}/.pki
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24netfilter 24netfilter
diff --git a/etc/ranger.profile b/etc/ranger.profile
index fe4131e88..f582b8dfb 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -2,9 +2,9 @@
2# Description: File manager with an ncurses frontend written in Python 2# Description: File manager with an ncurses frontend written in Python
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ranger.local 5include ranger.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ranger 9noblacklist ${HOME}/.config/ranger
10 10
@@ -20,11 +20,11 @@ noblacklist ${PATH}/perl
20noblacklist /usr/lib/perl* 20noblacklist /usr/lib/perl*
21noblacklist /usr/share/perl* 21noblacklist /usr/share/perl*
22 22
23include /etc/firejail/disable-common.inc 23include disable-common.inc
24include /etc/firejail/disable-devel.inc 24include disable-devel.inc
25include /etc/firejail/disable-interpreters.inc 25include disable-interpreters.inc
26include /etc/firejail/disable-passwdmgr.inc 26include disable-passwdmgr.inc
27include /etc/firejail/disable-programs.inc 27include disable-programs.inc
28 28
29caps.drop all 29caps.drop all
30net none 30net none
@@ -35,6 +35,7 @@ nonewprivs
35noroot 35noroot
36nosound 36nosound
37notv 37notv
38nou2f
38novideo 39novideo
39protocol unix 40protocol unix
40seccomp 41seccomp
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile
index 7271ac2f4..278514538 100644
--- a/etc/redeclipse.profile
+++ b/etc/redeclipse.profile
@@ -2,22 +2,22 @@
2# Description: Free, casual arena shooter 2# Description: Free, casual arena shooter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/redeclipse.local 5include redeclipse.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.redeclipse 9noblacklist ${HOME}/.redeclipse
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.redeclipse 17mkdir ${HOME}/.redeclipse
18whitelist ${HOME}/.redeclipse 18whitelist ${HOME}/.redeclipse
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/remmina.profile b/etc/remmina.profile
index 51c0f2d17..888f3819f 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -2,23 +2,23 @@
2# Description: GTK+ Remote Desktop Client 2# Description: GTK+ Remote Desktop Client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/remmina.local 5include remmina.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.remmina 9noblacklist ${HOME}/.remmina
10noblacklist ${HOME}/.config/remmina 10noblacklist ${HOME}/.config/remmina
11noblacklist ${HOME}/.local/share/remmina 11noblacklist ${HOME}/.local/share/remmina
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24nodvd 24nodvd
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 7dc6470f9..f9b7115ac 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -2,21 +2,21 @@
2# Description: Music player and organizer for GNOME 2# Description: Music player and organizer for GNOME
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/rhythmbox.local 5include rhythmbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13# rhythmbox is using Python 13# rhythmbox is using Python
14#include /etc/firejail/disable-interpreters.inc 14#include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
index 2e2143a54..cbdc28cf6 100644
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@@ -1,22 +1,22 @@
1# Firejail profile for ricochet 1# Firejail profile for ricochet
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/ricochet.local 4include ricochet.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9noblacklist ${HOME}/.local/share/Ricochet 9noblacklist ${HOME}/.local/share/Ricochet
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.local/share/Ricochet 18whitelist ${HOME}/.local/share/Ricochet
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile
index cc8b68ebb..fececd850 100644
--- a/etc/riot-desktop.profile
+++ b/etc/riot-desktop.profile
@@ -2,9 +2,9 @@
2# Description: A glossy Matrix collaboration client for the desktop 2# Description: A glossy Matrix collaboration client for the desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/riot-desktop.local 5include riot-desktop.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Redirect 9# Redirect
10include /etc/firejail/riot-web.profile 10include riot-web.profile
diff --git a/etc/riot-web.profile b/etc/riot-web.profile
index 5379223c5..c9f597626 100644
--- a/etc/riot-web.profile
+++ b/etc/riot-web.profile
@@ -2,15 +2,15 @@
2# Description: A glossy Matrix collaboration client for the web 2# Description: A glossy Matrix collaboration client for the web
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/riot-web.local 5include riot-web.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/Riot 9noblacklist ${HOME}/.config/Riot
10 10
11mkdir ${HOME}/.config/Riot 11mkdir ${HOME}/.config/Riot
12whitelist ${HOME}/.config/Riot 12whitelist ${HOME}/.config/Riot
13include /etc/firejail/whitelist-common.inc 13include whitelist-common.inc
14 14
15# Redirect 15# Redirect
16include /etc/firejail/electron.profile 16include electron.profile
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
index bb2a7e95b..e6b22b914 100644
--- a/etc/ristretto.profile
+++ b/etc/ristretto.profile
@@ -2,19 +2,19 @@
2# Description: Lightweight picture-viewer for the Xfce desktop environment 2# Description: Lightweight picture-viewer for the Xfce desktop environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ristretto.local 5include ristretto.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/ristretto 9noblacklist ${HOME}/.config/ristretto
10noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile
index da92cd938..c95bc3c3d 100644
--- a/etc/rocketchat.profile
+++ b/etc/rocketchat.profile
@@ -1,14 +1,14 @@
1# Firejail profile for rocketchat 1# Firejail profile for rocketchat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rocketchat.local 4include rocketchat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Rocket.Chat 8noblacklist ${HOME}/.config/Rocket.Chat
9 9
10whitelist ${HOME}/.config/Rocket.Chat 10whitelist ${HOME}/.config/Rocket.Chat
11include /etc/firejail/whitelist-common.inc 11include whitelist-common.inc
12 12
13# Redirect 13# Redirect
14include /etc/firejail/electron.profile 14include electron.profile
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index bdc5b9232..0b4d6e1b1 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -2,16 +2,16 @@
2# Description: Ncurses BitTorrent client based on LibTorrent from rakshasa 2# Description: Ncurses BitTorrent client based on LibTorrent from rakshasa
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/rtorrent.local 5include rtorrent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17machine-id 17machine-id
@@ -21,6 +21,7 @@ nonewprivs
21noroot 21noroot
22nosound 22nosound
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile
index 05ffbfe20..794c38d6e 100644
--- a/etc/runenpass.sh.profile
+++ b/etc/runenpass.sh.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/enpass.profile 6include enpass.profile
diff --git a/etc/rview.profile b/etc/rview.profile
index 90481b019..b3a6bfbdc 100644
--- a/etc/rview.profile
+++ b/etc/rview.profile
@@ -1,10 +1,10 @@
1# Firejail profile for rview 1# Firejail profile for rview
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rview.local 4include rview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/rvim.profile b/etc/rvim.profile
index 1070e9376..5481dfe43 100644
--- a/etc/rvim.profile
+++ b/etc/rvim.profile
@@ -1,10 +1,10 @@
1# Firejail profile for rvim 1# Firejail profile for rvim
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/rvim.local 4include rvim.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/sayonara.profile b/etc/sayonara.profile
index 8a369be7e..ce86c80f9 100644
--- a/etc/sayonara.profile
+++ b/etc/sayonara.profile
@@ -1,18 +1,18 @@
1# Firejail profile for sayonara player 1# Firejail profile for sayonara player
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/sayonara.local 4include sayonara.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Sayonara 8noblacklist ${HOME}/.Sayonara
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/scallion.profile b/etc/scallion.profile
index 35cd04f8f..b4d0ef240 100644
--- a/etc/scallion.profile
+++ b/etc/scallion.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/scallion.local 5include scallion.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${PATH}/llvm* 9noblacklist ${PATH}/llvm*
10noblacklist /usr/lib/llvm* 10noblacklist /usr/lib/llvm*
@@ -12,13 +12,13 @@ noblacklist ${PATH}/openssl
12noblacklist ${PATH}/openssl-1.0 12noblacklist ${PATH}/openssl-1.0
13noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31nosound 31nosound
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
diff --git a/etc/scribus.profile b/etc/scribus.profile
index 375983667..a8e510b8a 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -2,9 +2,9 @@
2# Description: Open Source Desktop Page Layout 2# Description: Open Source Desktop Page Layout
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/scribus.local 5include scribus.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Support for PDF readers comes with Scribus 1.5 and higher 9# Support for PDF readers comes with Scribus 1.5 and higher
10noblacklist ${HOME}/.cache/okular 10noblacklist ${HOME}/.cache/okular
@@ -32,14 +32,14 @@ noblacklist ${PATH}/python3*
32noblacklist /usr/lib/python2* 32noblacklist /usr/lib/python2*
33noblacklist /usr/lib/python3* 33noblacklist /usr/lib/python3*
34 34
35include /etc/firejail/disable-common.inc 35include disable-common.inc
36include /etc/firejail/disable-devel.inc 36include disable-devel.inc
37include /etc/firejail/disable-interpreters.inc 37include disable-interpreters.inc
38include /etc/firejail/disable-passwdmgr.inc 38include disable-passwdmgr.inc
39include /etc/firejail/disable-programs.inc 39include disable-programs.inc
40include /etc/firejail/disable-xdg.inc 40include disable-xdg.inc
41 41
42include /etc/firejail/whitelist-var-common.inc 42include whitelist-var-common.inc
43 43
44caps.drop all 44caps.drop all
45net none 45net none
@@ -50,6 +50,7 @@ nonewprivs
50noroot 50noroot
51nosound 51nosound
52notv 52notv
53nou2f
53novideo 54novideo
54protocol unix 55protocol unix
55seccomp 56seccomp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index a2a54f838..01a056767 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sdat2img.local 5include sdat2img.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Allow python (blacklisted by disable-interpreters.inc) 9# Allow python (blacklisted by disable-interpreters.inc)
10noblacklist ${PATH}/python2* 10noblacklist ${PATH}/python2*
@@ -12,14 +12,14 @@ noblacklist ${PATH}/python3*
12noblacklist /usr/lib/python2* 12noblacklist /usr/lib/python2*
13noblacklist /usr/lib/python3* 13noblacklist /usr/lib/python3*
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25net none 25net none
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34novideo 35novideo
35protocol unix 36protocol unix
36seccomp 37seccomp
diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile
index 1ceed99fd..e420d8124 100644
--- a/etc/seamonkey-bin.profile
+++ b/etc/seamonkey-bin.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/seamonkey.profile 6include seamonkey.profile
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index b702d8b23..9c38414bb 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -2,18 +2,18 @@
2# Description: SeaMonkey internet suite 2# Description: SeaMonkey internet suite
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/seamonkey.local 5include seamonkey.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/mozilla 9noblacklist ${HOME}/.cache/mozilla
10noblacklist ${HOME}/.mozilla 10noblacklist ${HOME}/.mozilla
11noblacklist ${HOME}/.pki 11noblacklist ${HOME}/.pki
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/mozilla 18mkdir ${HOME}/.cache/mozilla
19mkdir ${HOME}/.mozilla 19mkdir ${HOME}/.mozilla
@@ -35,7 +35,7 @@ whitelist ${HOME}/.wine-pipelight
35whitelist ${HOME}/.wine-pipelight64 35whitelist ${HOME}/.wine-pipelight64
36whitelist ${HOME}/.zotero 36whitelist ${HOME}/.zotero
37whitelist ${HOME}/dwhelper 37whitelist ${HOME}/dwhelper
38include /etc/firejail/whitelist-common.inc 38include whitelist-common.inc
39 39
40caps.drop all 40caps.drop all
41netfilter 41netfilter
diff --git a/etc/server.profile b/etc/server.profile
index 8d3382dee..3526e88ab 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -1,9 +1,9 @@
1# Firejail profile for server 1# Firejail profile for server
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/server.local 4include server.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8# generic server profile 8# generic server profile
9# it allows /sbin and /usr/sbin directories - this is where servers are installed 9# it allows /sbin and /usr/sbin directories - this is where servers are installed
@@ -15,12 +15,12 @@ noblacklist /sbin
15noblacklist /usr/sbin 15noblacklist /usr/sbin
16# noblacklist /var/opt 16# noblacklist /var/opt
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19# include /etc/firejail/disable-devel.inc 19# include disable-devel.inc
20# include /etc/firejail/disable-interpreters.inc 20# include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23#include /etc/firejail/disable-xdg.inc 23#include disable-xdg.inc
24 24
25caps 25caps
26# ipc-namespace 26# ipc-namespace
@@ -33,6 +33,7 @@ nodvd
33# noroot 33# noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37seccomp 38seccomp
38# shell none 39# shell none
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
index 90fc9cb8c..429633a6d 100644
--- a/etc/shellcheck.profile
+++ b/etc/shellcheck.profile
@@ -3,20 +3,20 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/shellcheck.local 6include shellcheck.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index e5a8ce4df..264566dcd 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -1,17 +1,17 @@
1# Firejail profile for shotcut 1# Firejail profile for shotcut
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/shotcut.local 4include shotcut.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Meltytech 8noblacklist ${HOME}/.config/Meltytech
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24protocol unix 25protocol unix
25seccomp 26seccomp
26shell none 27shell none
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
index c52f45f31..008cd218e 100644
--- a/etc/signal-desktop.profile
+++ b/etc/signal-desktop.profile
@@ -1,23 +1,23 @@
1# Firejail profile for signal-desktop 1# Firejail profile for signal-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/signal-desktop.local 4include signal-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Signal 8noblacklist ${HOME}/.config/Signal
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15 15
16mkdir ${HOME}/.config/Signal 16mkdir ${HOME}/.config/Signal
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/Signal 18whitelist ${HOME}/.config/Signal
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,inet,inet6,netlink 30protocol unix,inet,inet6,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
index 0fa19e610..5ef96a4ea 100644
--- a/etc/silentarmy.profile
+++ b/etc/silentarmy.profile
@@ -1,19 +1,19 @@
1# Firejail profile for silentarmy 1# Firejail profile for silentarmy
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/silentarmy.local 4include silentarmy.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index 30d2203de..85cb00ef1 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -2,19 +2,19 @@
2# Description: Simple Scanning Utility 2# Description: Simple Scanning Utility
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/simple-scan.local 5include simple-scan.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/simple-scan 9noblacklist ${HOME}/.cache/simple-scan
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 3722d9414..a4e4d892c 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -2,21 +2,21 @@
2# Description: Transportation simulator 2# Description: Transportation simulator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/simutrans.local 5include simutrans.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.simutrans 9noblacklist ${HOME}/.simutrans
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.simutrans 17mkdir ${HOME}/.simutrans
18whitelist ${HOME}/.simutrans 18whitelist ${HOME}/.simutrans
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix 30protocol unix
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index f8bca415d..76b050d18 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -2,18 +2,18 @@
2# Description: Image scanner based on the KSane backend 2# Description: Image scanner based on the KSane backend
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/skanlite.local 5include skanlite.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19# net none 19# net none
diff --git a/etc/skype.profile b/etc/skype.profile
index 04f15b454..09b9baa11 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -1,17 +1,17 @@
1# Firejail profile for skype 1# Firejail profile for skype
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/skype.local 4include skype.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Skype 8noblacklist ${HOME}/.Skype
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
@@ -20,6 +20,7 @@ nogroups
20nonewprivs 20nonewprivs
21noroot 21noroot
22notv 22notv
23nou2f
23protocol unix,inet,inet6 24protocol unix,inet,inet6
24seccomp 25seccomp
25shell none 26shell none
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile
index c675f0345..bccef9705 100644
--- a/etc/skypeforlinux.profile
+++ b/etc/skypeforlinux.profile
@@ -1,17 +1,17 @@
1# Firejail profile for skypeforlinux 1# Firejail profile for skypeforlinux
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/skypeforlinux.local 4include skypeforlinux.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/skypeforlinux 8noblacklist ${HOME}/.config/skypeforlinux
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/slack.profile b/etc/slack.profile
index ba77a16b9..995d49687 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -1,25 +1,25 @@
1# Firejail profile for slack 1# Firejail profile for slack
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/slack.local 4include slack.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Slack 8noblacklist ${HOME}/.config/Slack
9noblacklist ${HOME}/Downloads 9noblacklist ${HOME}/Downloads
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config 17mkdir ${HOME}/.config
18mkdir ${HOME}/.config/Slack 18mkdir ${HOME}/.config/Slack
19whitelist ${HOME}/.config/Slack 19whitelist ${HOME}/.config/Slack
20whitelist ${HOME}/Downloads 20whitelist ${HOME}/Downloads
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25name slack 25name slack
@@ -29,6 +29,7 @@ nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32protocol unix,inet,inet6,netlink 33protocol unix,inet,inet6,netlink
33seccomp 34seccomp
34shell none 35shell none
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 6d8355e6f..57ab2cde6 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -2,23 +2,23 @@
2# Description: Complete front-end for MPlayer and mpv 2# Description: Complete front-end for MPlayer and mpv
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/smplayer.local 5include smplayer.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.mplayer 10noblacklist ${HOME}/.mplayer
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12noblacklist ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23apparmor 23apparmor
24caps.drop all 24caps.drop all
@@ -27,6 +27,7 @@ netfilter
27# nogroups 27# nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30nou2f
30protocol unix,inet,inet6,netlink 31protocol unix,inet,inet6,netlink
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/smtube.profile b/etc/smtube.profile
index 430b4e5cf..24f3db40a 100644
--- a/etc/smtube.profile
+++ b/etc/smtube.profile
@@ -2,9 +2,9 @@
2# Description: YouTube videos browser 2# Description: YouTube videos browser
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/smtube.local 5include smtube.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/smplayer 9noblacklist ${HOME}/.config/smplayer
10noblacklist ${HOME}/.config/smtube 10noblacklist ${HOME}/.config/smtube
@@ -15,19 +15,20 @@ noblacklist ${HOME}/.local/share/vlc
15noblacklist ${MUSIC} 15noblacklist ${MUSIC}
16noblacklist ${VIDEOS} 16noblacklist ${VIDEOS}
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25include /etc/firejail/whitelist-var-common.inc 25include whitelist-var-common.inc
26 26
27caps.drop all 27caps.drop all
28netfilter 28netfilter
29nodvd 29nodvd
30notv 30notv
31nou2f
31novideo 32novideo
32nogroups 33nogroups
33nonewprivs 34nonewprivs
diff --git a/etc/snap.profile b/etc/snap.profile
index bcfdc8911..1c6d750e4 100644
--- a/etc/snap.profile
+++ b/etc/snap.profile
@@ -2,16 +2,16 @@
2# Description: Location of genes from DNA sequence with hidden markov model 2# Description: Location of genes from DNA sequence with hidden markov model
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/snap.local 5include snap.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Generic Ubuntu snap application profile 9# Generic Ubuntu snap application profile
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15whitelist ${DOWNLOADS} 15whitelist ${DOWNLOADS}
16whitelist ${HOME}/snap 16whitelist ${HOME}/snap
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
diff --git a/etc/snox.profile b/etc/snox.profile
index 22bb0cdb0..3b3fd1ae1 100644
--- a/etc/snox.profile
+++ b/etc/snox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for snox 1# Firejail profile for snox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/snox.local 4include snox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/snox 8noblacklist ${HOME}/.cache/snox
9noblacklist ${HOME}/.config/snox 9noblacklist ${HOME}/.config/snox
@@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/snox
16whitelist ${HOME}/.config/snox 16whitelist ${HOME}/.config/snox
17 17
18# Redirect 18# Redirect
19include /etc/firejail/chromium-common.profile 19include chromium-common.profile
diff --git a/etc/soffice.profile b/etc/soffice.profile
index c702a4ece..ea0f84631 100644
--- a/etc/soffice.profile
+++ b/etc/soffice.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/libreoffice.profile 6include libreoffice.profile
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index 69efe5244..d34ccf901 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -2,9 +2,9 @@
2# Description: GNOME application to convert audio files into other formats 2# Description: GNOME application to convert audio files into other formats
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/soundconverter.local 5include soundconverter.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
@@ -14,14 +14,14 @@ noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2* 14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3* 15noblacklist /usr/lib/python3*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22include /etc/firejail/disable-xdg.inc 22include disable-xdg.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26caps.drop all 26caps.drop all
27net none 27net none
@@ -32,6 +32,7 @@ nonewprivs
32noroot 32noroot
33nosound 33nosound
34notv 34notv
35nou2f
35novideo 36novideo
36protocol unix 37protocol unix
37seccomp 38seccomp
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile
index 18d3a0575..350f10632 100644
--- a/etc/spectre-meltdown-checker.profile
+++ b/etc/spectre-meltdown-checker.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/spectre-meltdown-checker.local 5include spectre-meltdown-checker.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# sudo firejail --allow-debuggers spectre-meltdown-checker 9# sudo firejail --allow-debuggers spectre-meltdown-checker
10 10
@@ -18,14 +18,14 @@ noblacklist ${PATH}/perl
18noblacklist /usr/lib/perl* 18noblacklist /usr/lib/perl*
19noblacklist /usr/share/perl* 19noblacklist /usr/share/perl*
20 20
21include /etc/firejail/disable-common.inc 21include disable-common.inc
22include /etc/firejail/disable-devel.inc 22include disable-devel.inc
23include /etc/firejail/disable-interpreters.inc 23include disable-interpreters.inc
24include /etc/firejail/disable-passwdmgr.inc 24include disable-passwdmgr.inc
25include /etc/firejail/disable-programs.inc 25include disable-programs.inc
26include /etc/firejail/disable-xdg.inc 26include disable-xdg.inc
27 27
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.keep sys_rawio 30caps.keep sys_rawio
31ipc-namespace 31ipc-namespace
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 3adf3183c..f6f31028f 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -1,9 +1,9 @@
1# Firejail profile for spotify 1# Firejail profile for spotify
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/spotify.local 4include spotify.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8blacklist ${HOME}/.bashrc 8blacklist ${HOME}/.bashrc
9blacklist /lost+found 9blacklist /lost+found
@@ -14,11 +14,11 @@ noblacklist ${HOME}/.cache/spotify
14noblacklist ${HOME}/.config/spotify 14noblacklist ${HOME}/.config/spotify
15noblacklist ${HOME}/.local/share/spotify 15noblacklist ${HOME}/.local/share/spotify
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.cache/spotify 23mkdir ${HOME}/.cache/spotify
24mkdir ${HOME}/.config/spotify 24mkdir ${HOME}/.config/spotify
@@ -26,8 +26,8 @@ mkdir ${HOME}/.local/share/spotify
26whitelist ${HOME}/.cache/spotify 26whitelist ${HOME}/.cache/spotify
27whitelist ${HOME}/.config/spotify 27whitelist ${HOME}/.config/spotify
28whitelist ${HOME}/.local/share/spotify 28whitelist ${HOME}/.local/share/spotify
29include /etc/firejail/whitelist-common.inc 29include whitelist-common.inc
30include /etc/firejail/whitelist-var-common.inc 30include whitelist-var-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
@@ -37,6 +37,7 @@ nogroups
37nonewprivs 37nonewprivs
38noroot 38noroot
39notv 39notv
40nou2f
40protocol unix,inet,inet6,netlink 41protocol unix,inet,inet6,netlink
41seccomp 42seccomp
42shell none 43shell none
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 0f030d559..6bdd437cd 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -2,21 +2,21 @@
2# Description: GUI editor for SQLite databases 2# Description: GUI editor for SQLite databases
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sqlitebrowser.local 5include sqlitebrowser.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/sqlitebrowser 9noblacklist ${HOME}/.config/sqlitebrowser
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index b71c20231..02b66955f 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -2,9 +2,9 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/ssh-agent.local 5include ssh-agent.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
@@ -12,9 +12,9 @@ noblacklist /etc/ssh
12noblacklist /tmp/ssh-* 12noblacklist /tmp/ssh-*
13noblacklist ${HOME}/.ssh 13noblacklist ${HOME}/.ssh
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19shell none 19shell none
20caps.drop all 20caps.drop all
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 584294f05..de627dcf0 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -3,17 +3,17 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/ssh.local 6include ssh.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist /etc/ssh 10noblacklist /etc/ssh
11noblacklist /tmp/ssh-* 11noblacklist /tmp/ssh-*
12noblacklist ${HOME}/.ssh 12noblacklist ${HOME}/.ssh
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19ipc-namespace 19ipc-namespace
@@ -25,6 +25,7 @@ nonewprivs
25# noroot - see issue #1543 25# noroot - see issue #1543
26nosound 26nosound
27notv 27notv
28nou2f
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile
index 9f62b42c5..4486c8869 100644
--- a/etc/standardnotes-desktop.profile
+++ b/etc/standardnotes-desktop.profile
@@ -1,24 +1,24 @@
1# Firejail profile for standardnotes-desktop 1# Firejail profile for standardnotes-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/standardnotes-desktop.local 4include standardnotes-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/Standard Notes Backups 8noblacklist ${HOME}/Standard Notes Backups
9noblacklist ${HOME}/.config/Standard Notes 9noblacklist ${HOME}/.config/Standard Notes
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/Standard Notes Backups 17mkdir ${HOME}/Standard Notes Backups
18mkdir ${HOME}/.config/Standard Notes 18mkdir ${HOME}/.config/Standard Notes
19whitelist ${HOME}/Standard Notes Backups 19whitelist ${HOME}/Standard Notes Backups
20whitelist ${HOME}/.config/Standard Notes 20whitelist ${HOME}/.config/Standard Notes
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23apparmor 23apparmor
24caps.drop all 24caps.drop all
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix,inet,inet6,netlink 35protocol unix,inet,inet6,netlink
35seccomp 36seccomp
36 37
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile
index c17815969..2b01eca88 100644
--- a/etc/start-tor-browser.desktop.profile
+++ b/etc/start-tor-browser.desktop.profile
@@ -63,4 +63,4 @@ mkdir ${HOME}/.tor-browser-zh-cn:
63whitelist ${HOME}/.tor-browser-zh-cn: 63whitelist ${HOME}/.tor-browser-zh-cn:
64 64
65# Redirect 65# Redirect
66include /etc/firejail/torbrowser-launcher.profile 66include torbrowser-launcher.profile
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile
index 4d9ebcb2e..d3b0b27e3 100644
--- a/etc/start-tor-browser.profile
+++ b/etc/start-tor-browser.profile
@@ -1,19 +1,19 @@
1# Firejail profile for start-tor-browser 1# Firejail profile for start-tor-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/start-tor-browser.local 4include start-tor-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10include /etc/firejail/disable-devel.inc 10include disable-devel.inc
11include /etc/firejail/disable-interpreters.inc 11include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14include /etc/firejail/disable-xdg.inc 14include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -23,6 +23,7 @@ nogroups
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 29seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/steam-native.profile b/etc/steam-native.profile
index b85b1659b..47608ad28 100644
--- a/etc/steam-native.profile
+++ b/etc/steam-native.profile
@@ -2,4 +2,4 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4# Redirect 4# Redirect
5include /etc/firejail/steam.profile 5include steam.profile
diff --git a/etc/steam.profile b/etc/steam.profile
index 903384ecf..775b6c875 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -2,9 +2,9 @@
2# Description: Valve's Steam digital software delivery system 2# Description: Valve's Steam digital software delivery system
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/steam.local 5include steam.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.killingfloor 10noblacklist ${HOME}/.killingfloor
@@ -37,13 +37,13 @@ noblacklist ${PATH}/python3*
37noblacklist /usr/lib/python2* 37noblacklist /usr/lib/python2*
38noblacklist /usr/lib/python3* 38noblacklist /usr/lib/python3*
39 39
40include /etc/firejail/disable-common.inc 40include disable-common.inc
41include /etc/firejail/disable-devel.inc 41include disable-devel.inc
42include /etc/firejail/disable-interpreters.inc 42include disable-interpreters.inc
43include /etc/firejail/disable-passwdmgr.inc 43include disable-passwdmgr.inc
44include /etc/firejail/disable-programs.inc 44include disable-programs.inc
45 45
46include /etc/firejail/whitelist-var-common.inc 46include whitelist-var-common.inc
47 47
48caps.drop all 48caps.drop all
49#ipc-namespace 49#ipc-namespace
@@ -55,6 +55,7 @@ nogroups
55nonewprivs 55nonewprivs
56noroot 56noroot
57notv 57notv
58nou2f
58# novideo should be commented for VR 59# novideo should be commented for VR
59novideo 60novideo
60protocol unix,inet,inet6,netlink 61protocol unix,inet,inet6,netlink
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index cddbd99d6..7d0000fb3 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -2,25 +2,25 @@
2# Description: Real-time photo-realistic sky generator 2# Description: Real-time photo-realistic sky generator
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/stellarium.local 5include stellarium.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/stellarium 9noblacklist ${HOME}/.config/stellarium
10noblacklist ${HOME}/.stellarium 10noblacklist ${HOME}/.stellarium
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.config/stellarium 18mkdir ${HOME}/.config/stellarium
19mkdir ${HOME}/.stellarium 19mkdir ${HOME}/.stellarium
20whitelist ${HOME}/.config/stellarium 20whitelist ${HOME}/.config/stellarium
21whitelist ${HOME}/.stellarium 21whitelist ${HOME}/.stellarium
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23include /etc/firejail/whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25caps.drop all 25caps.drop all
26machine-id 26machine-id
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32nosound 32nosound
33notv 33notv
34nou2f
34protocol unix,inet,inet6,netlink 35protocol unix,inet,inet6,netlink
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/strings.profile b/etc/strings.profile
index ae2fbf18f..f243606ec 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -2,10 +2,10 @@
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/strings.local 5include strings.local
6# Persistent global definitions 6# Persistent global definitions
7# added by included default.profile 7# added by included default.profile
8#include /etc/firejail/globals.local 8#include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
@@ -16,6 +16,7 @@ nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
19nou2f
19novideo 20novideo
20shell none 21shell none
21tracelog 22tracelog
@@ -30,4 +31,4 @@ memory-deny-write-execute
30noexec ${HOME} 31noexec ${HOME}
31noexec /tmp 32noexec /tmp
32 33
33include /etc/firejail/default.profile 34include default.profile
diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile
index b4eee28df..d556521e1 100644
--- a/etc/studio.sh.profile
+++ b/etc/studio.sh.profile
@@ -1,4 +1,4 @@
1# Firejail profile alias for Android Studio 1# Firejail profile alias for Android Studio
2 2
3# Redirect 3# Redirect
4include /etc/firejail/android-studio.profile 4include android-studio.profile
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 84083e9aa..fc523ce0a 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -1,22 +1,22 @@
1# Firejail profile for supertux2 1# Firejail profile for supertux2
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/supertux2.local 4include supertux2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.local/share/supertux2 8noblacklist ${HOME}/.local/share/supertux2
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.local/share/supertux2 16mkdir ${HOME}/.local/share/supertux2
17whitelist ${HOME}/.local/share/supertux2 17whitelist ${HOME}/.local/share/supertux2
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,netlink 30protocol unix,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/surf.profile b/etc/surf.profile
index 3d40ea49b..3a1b1f383 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -2,20 +2,20 @@
2# Description: Simple web browser by suckless community 2# Description: Simple web browser by suckless community
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/surf.local 5include surf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.surf 9noblacklist ${HOME}/.surf
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.surf 16mkdir ${HOME}/.surf
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -23,6 +23,7 @@ nodvd
23nonewprivs 23nonewprivs
24noroot 24noroot
25notv 25notv
26nou2f
26protocol unix,inet,inet6,netlink 27protocol unix,inet,inet6,netlink
27seccomp 28seccomp
28shell none 29shell none
diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile
index 5f30c95ba..64de64eb4 100644
--- a/etc/sylpheed.profile
+++ b/etc/sylpheed.profile
@@ -2,17 +2,17 @@
2# Description: Light weight e-mail client with GTK+ 2# Description: Light weight e-mail client with GTK+
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/sylpheed.local 5include sylpheed.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.sylpheed-2.0 9noblacklist ${HOME}/.sylpheed-2.0
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -22,6 +22,7 @@ nonewprivs
22noroot 22noroot
23nosound 23nosound
24notv 24notv
25nou2f
25novideo 26novideo
26protocol unix,inet,inet6 27protocol unix,inet,inet6
27seccomp 28seccomp
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 0fc59fd17..9ce1bb183 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -2,18 +2,18 @@
2# Description: Vector-based 2D animation package 2# Description: Vector-based 2D animation package
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/synfigstudio.local 5include synfigstudio.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/synfig 9noblacklist ${HOME}/.config/synfig
10noblacklist ${HOME}/.synfig 10noblacklist ${HOME}/.synfig
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19net none 19net none
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix 29protocol unix
29seccomp 30seccomp
diff --git a/etc/tar.profile b/etc/tar.profile
index 7409393c6..cbf421914 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/tar.local 6include tar.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -18,6 +18,7 @@ nodbus
18nodvd 18nodvd
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22shell none 23shell none
23tracelog 24tracelog
@@ -28,4 +29,4 @@ private-dev
28private-etc passwd,group,localtime 29private-etc passwd,group,localtime
29private-lib 30private-lib
30 31
31include /etc/firejail/default.profile 32include default.profile
diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile
index 55a95157d..25928882b 100644
--- a/etc/teamspeak3.profile
+++ b/etc/teamspeak3.profile
@@ -2,23 +2,23 @@
2# Description: TeamSpeak is software for quality voice communication via the Internet 2# Description: TeamSpeak is software for quality voice communication via the Internet
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/teamspeak3.local 5include teamspeak3.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.ts3client 9noblacklist ${HOME}/.ts3client
10noblacklist ${PATH}/openssl 10noblacklist ${PATH}/openssl
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.ts3client 18mkdir ${HOME}/.ts3client
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
20whitelist ${HOME}/.ts3client 20whitelist ${HOME}/.ts3client
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24ipc-namespace 24ipc-namespace
@@ -29,6 +29,7 @@ nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6,netlink 34protocol unix,inet,inet6,netlink
34seccomp 35seccomp
diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile
index 9e4855247..ef60bdc8c 100644
--- a/etc/telegram-desktop.profile
+++ b/etc/telegram-desktop.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/telegram.profile 7include telegram.profile
diff --git a/etc/telegram.profile b/etc/telegram.profile
index 9ffb9f287..fb2c06a27 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -1,17 +1,17 @@
1# Firejail profile for telegram 1# Firejail profile for telegram
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/telegram.local 4include telegram.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.TelegramDesktop 8noblacklist ${HOME}/.TelegramDesktop
9noblacklist ${HOME}/.local/share/TelegramDesktop 9noblacklist ${HOME}/.local/share/TelegramDesktop
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter 17netfilter
diff --git a/etc/terasology.profile b/etc/terasology.profile
index fa45eb880..22038e0b4 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -1,9 +1,9 @@
1# Firejail profile for terasology 1# Firejail profile for terasology
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/terasology.local 4include terasology.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
9noblacklist ${HOME}/.local/share/terasology 9noblacklist ${HOME}/.local/share/terasology
@@ -14,17 +14,17 @@ noblacklist /usr/lib/java
14noblacklist /etc/java 14noblacklist /etc/java
15noblacklist /usr/share/java 15noblacklist /usr/share/java
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-passwdmgr.inc 20include disable-passwdmgr.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.java 23mkdir ${HOME}/.java
24mkdir ${HOME}/.local/share/terasology 24mkdir ${HOME}/.local/share/terasology
25whitelist ${HOME}/.java 25whitelist ${HOME}/.java
26whitelist ${HOME}/.local/share/terasology 26whitelist ${HOME}/.local/share/terasology
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
@@ -36,6 +36,7 @@ nogroups
36nonewprivs 36nonewprivs
37noroot 37noroot
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix,inet,inet6 41protocol unix,inet,inet6
41seccomp 42seccomp
diff --git a/etc/thunar.profile b/etc/thunar.profile
index 37d10ae0d..0c7a048c4 100644
--- a/etc/thunar.profile
+++ b/etc/thunar.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/Thunar.profile 7include Thunar.profile
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile
index 73d2419da..2bd06cb14 100644
--- a/etc/thunderbird-beta.profile
+++ b/etc/thunderbird-beta.profile
@@ -5,4 +5,4 @@
5whitelist /opt/thunderbird-beta 5whitelist /opt/thunderbird-beta
6 6
7# Redirect 7# Redirect
8include /etc/firejail/thunderbird.profile 8include thunderbird.profile
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index 86671d1be..5f1af91be 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -2,9 +2,9 @@
2# Description: Email, RSS and newsgroup client with integrated spam filter 2# Description: Email, RSS and newsgroup client with integrated spam filter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/thunderbird.local 5include thunderbird.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Users have thunderbird set to open a browser by clicking a link in an email 9# Users have thunderbird set to open a browser by clicking a link in an email
10# We are not allowed to blacklist browser-specific directories 10# We are not allowed to blacklist browser-specific directories
@@ -38,4 +38,4 @@ writable-run-user
38 38
39# allow browsers 39# allow browsers
40# Redirect 40# Redirect
41include /etc/firejail/firefox.profile 41include firefox.profile
diff --git a/etc/tilp.profile b/etc/tilp.profile
index 7d63df630..ecacd1deb 100644
--- a/etc/tilp.profile
+++ b/etc/tilp.profile
@@ -1,17 +1,17 @@
1# Firejail profile for tilp 1# Firejail profile for tilp
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/tilp.local 4include tilp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.tilp 8noblacklist ${HOME}/.tilp
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17net none 17net none
diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile
index a668a05d4..612b2d01b 100644
--- a/etc/tor-browser-ar.profile
+++ b/etc/tor-browser-ar.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ar
7whitelist ${HOME}/.tor-browser-ar 7whitelist ${HOME}/.tor-browser-ar
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile
index 195377f0f..db56dda1b 100644
--- a/etc/tor-browser-en-us.profile
+++ b/etc/tor-browser-en-us.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en-us
7whitelist ${HOME}/.tor-browser-en-us 7whitelist ${HOME}/.tor-browser-en-us
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile
index 75aad1a09..ad4110c0e 100644
--- a/etc/tor-browser-en.profile
+++ b/etc/tor-browser-en.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en
7whitelist ${HOME}/.tor-browser-en 7whitelist ${HOME}/.tor-browser-en
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile
index b6e5dedbc..1aa586658 100644
--- a/etc/tor-browser-es-es.profile
+++ b/etc/tor-browser-es-es.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es-es
7whitelist ${HOME}/.tor-browser-es-es 7whitelist ${HOME}/.tor-browser-es-es
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile
index c607c93e3..a386e3387 100644
--- a/etc/tor-browser-es.profile
+++ b/etc/tor-browser-es.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es
7whitelist ${HOME}/.tor-browser-es 7whitelist ${HOME}/.tor-browser-es
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile
index 3ce689c21..7f847a7c2 100644
--- a/etc/tor-browser-fa.profile
+++ b/etc/tor-browser-fa.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fa
7whitelist ${HOME}/.tor-browser-fa 7whitelist ${HOME}/.tor-browser-fa
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile
index 369184aba..bce470ec8 100644
--- a/etc/tor-browser-fr.profile
+++ b/etc/tor-browser-fr.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fr
7whitelist ${HOME}/.tor-browser-fr 7whitelist ${HOME}/.tor-browser-fr
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile
index e5d54617d..3c239ca29 100644
--- a/etc/tor-browser-it.profile
+++ b/etc/tor-browser-it.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-it
7whitelist ${HOME}/.tor-browser-it 7whitelist ${HOME}/.tor-browser-it
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile
index a3cfa1987..c52e0f64e 100644
--- a/etc/tor-browser-ja.profile
+++ b/etc/tor-browser-ja.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ja
7whitelist ${HOME}/.tor-browser-ja 7whitelist ${HOME}/.tor-browser-ja
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile
index 6a7fe905c..8faa5afa1 100644
--- a/etc/tor-browser-ko.profile
+++ b/etc/tor-browser-ko.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ko
7whitelist ${HOME}/.tor-browser-ko 7whitelist ${HOME}/.tor-browser-ko
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile
index e72d64a3e..08ddd4ae7 100644
--- a/etc/tor-browser-pl.profile
+++ b/etc/tor-browser-pl.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pl
7whitelist ${HOME}/.tor-browser-pl 7whitelist ${HOME}/.tor-browser-pl
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile
index d3a5d1b79..9942a3fe8 100644
--- a/etc/tor-browser-pt-br.profile
+++ b/etc/tor-browser-pt-br.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pt-br
7whitelist ${HOME}/.tor-browser-pt-br 7whitelist ${HOME}/.tor-browser-pt-br
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile
index 22b772b28..6294f8ca0 100644
--- a/etc/tor-browser-ru.profile
+++ b/etc/tor-browser-ru.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ru
7whitelist ${HOME}/.tor-browser-ru 7whitelist ${HOME}/.tor-browser-ru
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile
index cd1c5b0b3..734c38698 100644
--- a/etc/tor-browser-vi.profile
+++ b/etc/tor-browser-vi.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-vi
7whitelist ${HOME}/.tor-browser-vi 7whitelist ${HOME}/.tor-browser-vi
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile
index bf1bc75d6..21e813e45 100644
--- a/etc/tor-browser-zh-cn.profile
+++ b/etc/tor-browser-zh-cn.profile
@@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-zh-cn
7whitelist ${HOME}/.tor-browser-zh-cn 7whitelist ${HOME}/.tor-browser-zh-cn
8 8
9# Redirect 9# Redirect
10include /etc/firejail/torbrowser-launcher.profile 10include torbrowser-launcher.profile
diff --git a/etc/tor.profile b/etc/tor.profile
index ddaa9806c..04a6c3abb 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -2,9 +2,9 @@
2# Description: Anonymizing overlay network for TCP 2# Description: Anonymizing overlay network for TCP
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tor.local 5include tor.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# How to use: 9# How to use:
10# Create a script called anything (e.g. mytor) 10# Create a script called anything (e.g. mytor)
@@ -17,12 +17,12 @@ include /etc/firejail/globals.local
17# You'll also likely want to disable the system service (if it exists) 17# You'll also likely want to disable the system service (if it exists)
18# Run mytor (or whatever you called the script above) whenever you want to start tor 18# Run mytor (or whatever you called the script above) whenever you want to start tor
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27caps.keep setuid,setgid,net_bind_service,dac_read_search 27caps.keep setuid,setgid,net_bind_service,dac_read_search
28ipc-namespace 28ipc-namespace
@@ -34,6 +34,7 @@ nogroups
34nonewprivs 34nonewprivs
35nosound 35nosound
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 307377acc..a9244683f 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -2,9 +2,9 @@
2# Description: Helps download and run the Tor Browser Bundle 2# Description: Helps download and run the Tor Browser Bundle
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/torbrowser-launcher.local 5include torbrowser-launcher.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/torbrowser 9noblacklist ${HOME}/.config/torbrowser
10noblacklist ${HOME}/.local/share/torbrowser 10noblacklist ${HOME}/.local/share/torbrowser
@@ -15,20 +15,20 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.config/torbrowser 25mkdir ${HOME}/.config/torbrowser
26mkdir ${HOME}/.local/share/torbrowser 26mkdir ${HOME}/.local/share/torbrowser
27whitelist ${DOWNLOADS} 27whitelist ${DOWNLOADS}
28whitelist ${HOME}/.config/torbrowser 28whitelist ${HOME}/.config/torbrowser
29whitelist ${HOME}/.local/share/torbrowser 29whitelist ${HOME}/.local/share/torbrowser
30include /etc/firejail/whitelist-common.inc 30include whitelist-common.inc
31include /etc/firejail/whitelist-var-common.inc 31include whitelist-var-common.inc
32 32
33caps.drop all 33caps.drop all
34netfilter 34netfilter
@@ -38,6 +38,7 @@ nogroups
38nonewprivs 38nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f
41novideo 42novideo
42protocol unix,inet,inet6 43protocol unix,inet,inet6
43seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 44seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
diff --git a/etc/totem.profile b/etc/totem.profile
index bfa5883e2..3055ea542 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -2,23 +2,23 @@
2# Description: Simple media player for the GNOME desktop based on GStreamer 2# Description: Simple media player for the GNOME desktop based on GStreamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/totem.local 5include totem.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/totem 9noblacklist ${HOME}/.config/totem
10noblacklist ${HOME}/.local/share/totem 10noblacklist ${HOME}/.local/share/totem
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
12noblacklist ${VIDEOS} 12noblacklist ${VIDEOS}
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21include /etc/firejail/whitelist-var-common.inc 21include whitelist-var-common.inc
22 22
23# apparmor - makes settings immutable 23# apparmor - makes settings immutable
24caps.drop all 24caps.drop all
@@ -27,6 +27,7 @@ netfilter
27nogroups 27nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30nou2f
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/tracker.profile b/etc/tracker.profile
index 142089c34..6d86b2951 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -2,19 +2,19 @@
2# Description: Metadata database, indexer and search tool 2# Description: Metadata database, indexer and search tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tracker.local 5include tracker.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default 9# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 1a22a713c..cc2e4467e 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -2,18 +2,18 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-cli.local 5include transmission-cli.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18caps.drop all 18caps.drop all
19machine-id 19machine-id
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 758205ccf..867f9f113 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -2,26 +2,26 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-gtk.local 5include transmission-gtk.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index c8eb9e326..81b8f38cf 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -2,26 +2,26 @@
2# Description: Lightweight BitTorrent client 2# Description: Lightweight BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transmission-qt.local 5include transmission-qt.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/transmission 9noblacklist ${HOME}/.cache/transmission
10noblacklist ${HOME}/.config/transmission 10noblacklist ${HOME}/.config/transmission
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include /etc/firejail/whitelist-common.inc 23include whitelist-common.inc
24include /etc/firejail/whitelist-var-common.inc 24include whitelist-var-common.inc
25 25
26apparmor 26apparmor
27caps.drop all 27caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix,inet,inet6 38protocol unix,inet,inet6
38seccomp 39seccomp
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 06b79effd..248eb977e 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -1,18 +1,18 @@
1# Firejail profile for transmission-show 1# Firejail profile for transmission-show
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/transmission-show.local 4include transmission-show.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/transmission 8noblacklist ${HOME}/.cache/transmission
9noblacklist ${HOME}/.config/transmission 9noblacklist ${HOME}/.config/transmission
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18machine-id 18machine-id
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/truecraft.profile b/etc/truecraft.profile
index 1eb7b65ba..ae1d85473 100644
--- a/etc/truecraft.profile
+++ b/etc/truecraft.profile
@@ -1,24 +1,24 @@
1# Firejail profile for truecraft 1# Firejail profile for truecraft
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/truecraft.local 4include truecraft.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/mono 8noblacklist ${HOME}/.config/mono
9noblacklist ${HOME}/.config/truecraft 9noblacklist ${HOME}/.config/truecraft
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/mono 17mkdir ${HOME}/.config/mono
18mkdir ${HOME}/.config/truecraft 18mkdir ${HOME}/.config/truecraft
19whitelist ${HOME}/.config/mono 19whitelist ${HOME}/.config/mono
20whitelist ${HOME}/.config/truecraft 20whitelist ${HOME}/.config/truecraft
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22 22
23caps.drop all 23caps.drop all
24nodvd 24nodvd
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile
index d467e1a83..1b657d083 100644
--- a/etc/tuxguitar.profile
+++ b/etc/tuxguitar.profile
@@ -2,9 +2,9 @@
2# Description: Multitrack guitar tablature editor and player (gp3 to gp5) 2# Description: Multitrack guitar tablature editor and player (gp3 to gp5)
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/tuxguitar.local 5include tuxguitar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.tuxguitar* 10noblacklist ${HOME}/.tuxguitar*
@@ -17,14 +17,14 @@ noblacklist /usr/lib/java
17noblacklist /etc/java 17noblacklist /etc/java
18noblacklist /usr/share/java 18noblacklist /usr/share/java
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30netfilter 30netfilter
@@ -34,6 +34,7 @@ nogroups
34nonewprivs 34nonewprivs
35noroot 35noroot
36notv 36notv
37nou2f
37novideo 38novideo
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39seccomp 40seccomp
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index d4016d061..218b41e15 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -1,18 +1,18 @@
1# Firejail profile for uefitool 1# Firejail profile for uefitool
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uefitool.local 4include uefitool.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${DOCUMENTS} 8noblacklist ${DOCUMENTS}
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15include /etc/firejail/disable-xdg.inc 15include disable-xdg.inc
16 16
17caps.drop all 17caps.drop all
18ipc-namespace 18ipc-namespace
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 3c3c685e0..09821b411 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -1,21 +1,21 @@
1# Firejail profile for uget-gtk 1# Firejail profile for uget-gtk
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uget-gtk.local 4include uget-gtk.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/uGet 8noblacklist ${HOME}/.config/uGet
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.config/uGet 15mkdir ${HOME}/.config/uGet
16whitelist ${DOWNLOADS} 16whitelist ${DOWNLOADS}
17whitelist ${HOME}/.config/uGet 17whitelist ${HOME}/.config/uGet
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -24,6 +24,7 @@ nonewprivs
24noroot 24noroot
25nosound 25nosound
26notv 26notv
27nou2f
27novideo 28novideo
28protocol unix,inet,inet6 29protocol unix,inet,inet6
29seccomp 30seccomp
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 5bc350e8d..6e4b5ed1c 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -2,21 +2,21 @@
2# Description: Validating, recursive, caching DNS resolver 2# Description: Validating, recursive, caching DNS resolver
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/unbound.local 5include unbound.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist /sbin 11noblacklist /sbin
12noblacklist /usr/sbin 12noblacklist /usr/sbin
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19include /etc/firejail/disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist /var/lib/unbound 21whitelist /var/lib/unbound
22whitelist /var/run 22whitelist /var/run
@@ -27,6 +27,7 @@ nodvd
27nonewprivs 27nonewprivs
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open 32seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
32writable-var 33writable-var
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 5b2944a88..f62f018a6 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -2,19 +2,19 @@
2# Description: 2D realtime strategy simulation 2# Description: 2D realtime strategy simulation
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/unknown-horizons.local 5include unknown-horizons.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.unknown-horizons 9noblacklist ${HOME}/.unknown-horizons
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.unknown-horizons 15mkdir ${HOME}/.unknown-horizons
16whitelist ${HOME}/.unknown-horizons 16whitelist ${HOME}/.unknown-horizons
17include /etc/firejail/whitelist-common.inc 17include whitelist-common.inc
18 18
19caps.drop all 19caps.drop all
20nodvd 20nodvd
@@ -22,6 +22,7 @@ nogroups
22nonewprivs 22nonewprivs
23noroot 23noroot
24notv 24notv
25nou2f
25protocol unix,netlink,inet,inet6 26protocol unix,netlink,inet,inet6
26seccomp 27seccomp
27shell none 28shell none
diff --git a/etc/unlzma.profile b/etc/unlzma.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/unlzma.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/unrar.profile b/etc/unrar.profile
index c8c72f1f3..00fe0887b 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/unrar.local 6include unrar.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -18,6 +18,7 @@ nodbus
18nodvd 18nodvd
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22shell none 23shell none
23tracelog 24tracelog
@@ -27,4 +28,4 @@ private-dev
27private-etc passwd,group,localtime 28private-etc passwd,group,localtime
28private-tmp 29private-tmp
29 30
30include /etc/firejail/default.profile 31include default.profile
diff --git a/etc/unxz.profile b/etc/unxz.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/unxz.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/unzip.profile b/etc/unzip.profile
index 0b8b0cc50..8e659c256 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/unzip.local 6include unzip.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -18,6 +18,7 @@ nodbus
18nodvd 18nodvd
19nosound 19nosound
20notv 20notv
21nou2f
21novideo 22novideo
22shell none 23shell none
23tracelog 24tracelog
@@ -29,4 +30,4 @@ private-etc passwd,group,localtime
29# GNOME Shell integration (chrome-gnome-shell) 30# GNOME Shell integration (chrome-gnome-shell)
30noblacklist ${HOME}/.local/share/gnome-shell 31noblacklist ${HOME}/.local/share/gnome-shell
31 32
32include /etc/firejail/default.profile 33include default.profile
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index d1130960d..3bd0ebe70 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/uudeview.local 6include uudeview.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11hostname uudeview 11hostname uudeview
12ignore noroot 12ignore noroot
@@ -15,6 +15,7 @@ nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
18nou2f
18novideo 19novideo
19shell none 20shell none
20tracelog 21tracelog
@@ -24,4 +25,4 @@ private-cache
24private-dev 25private-dev
25private-etc ld.so.preload 26private-etc ld.so.preload
26 27
27include /etc/firejail/default.profile 28include default.profile
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile
index b8a3fa497..7e6b35d13 100644
--- a/etc/uzbl-browser.profile
+++ b/etc/uzbl-browser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for uzbl-browser 1# Firejail profile for uzbl-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/uzbl-browser.local 4include uzbl-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/uzbl 8noblacklist ${HOME}/.config/uzbl
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
@@ -15,10 +15,10 @@ noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2* 15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3* 16noblacklist /usr/lib/python3*
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-programs.inc 21include disable-programs.inc
22 22
23mkdir ${HOME}/.config/uzbl 23mkdir ${HOME}/.config/uzbl
24mkdir ${HOME}/.gnupg 24mkdir ${HOME}/.gnupg
@@ -29,7 +29,7 @@ whitelist ${HOME}/.config/uzbl
29whitelist ${HOME}/.gnupg 29whitelist ${HOME}/.gnupg
30whitelist ${HOME}/.local/share/uzbl 30whitelist ${HOME}/.local/share/uzbl
31whitelist ${HOME}/.password-store 31whitelist ${HOME}/.password-store
32include /etc/firejail/whitelist-common.inc 32include whitelist-common.inc
33 33
34caps.drop all 34caps.drop all
35netfilter 35netfilter
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 08f9fd309..4c22f8e6f 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -2,9 +2,9 @@
2# Description: Simple, fast and elegant image viewer 2# Description: Simple, fast and elegant image viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/viewnior.local 5include viewnior.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
@@ -12,11 +12,11 @@ noblacklist ${HOME}/.Steam
12noblacklist ${HOME}/.config/viewnior 12noblacklist ${HOME}/.config/viewnior
13noblacklist ${HOME}/.steam 13noblacklist ${HOME}/.steam
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20 20
21caps.drop all 21caps.drop all
22net none 22net none
@@ -28,6 +28,7 @@ nonewprivs
28noroot 28noroot
29nosound 29nosound
30notv 30notv
31nou2f
31novideo 32novideo
32protocol unix 33protocol unix
33seccomp 34seccomp
diff --git a/etc/viking.profile b/etc/viking.profile
index 624cb962b..baf268691 100644
--- a/etc/viking.profile
+++ b/etc/viking.profile
@@ -2,20 +2,20 @@
2# Description: GPS data editor, analyzer and viewer 2# Description: GPS data editor, analyzer and viewer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/viking.local 5include viking.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.viking 9noblacklist ${HOME}/.viking
10noblacklist ${HOME}/.viking-maps 10noblacklist ${HOME}/.viking-maps
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/vim.profile b/etc/vim.profile
index 1f98a018a..e4e759b86 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -2,17 +2,17 @@
2# Description: Vi IMproved - enhanced vi editor 2# Description: Vi IMproved - enhanced vi editor
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vim.local 5include vim.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.vim 9noblacklist ${HOME}/.vim
10noblacklist ${HOME}/.viminfo 10noblacklist ${HOME}/.viminfo
11noblacklist ${HOME}/.vimrc 11noblacklist ${HOME}/.vimrc
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -21,6 +21,7 @@ nogroups
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/vimcat.profile b/etc/vimcat.profile
index 5067c2fd1..a8f7758e0 100644
--- a/etc/vimcat.profile
+++ b/etc/vimcat.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimcat 1# Firejail profile for vimcat
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimcat.local 4include vimcat.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile
index f89a2c112..53a5c6224 100644
--- a/etc/vimdiff.profile
+++ b/etc/vimdiff.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimdiff 1# Firejail profile for vimdiff
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimdiff.local 4include vimdiff.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/vimpager.profile b/etc/vimpager.profile
index 9c59cb82f..ef2c20ef1 100644
--- a/etc/vimpager.profile
+++ b/etc/vimpager.profile
@@ -2,10 +2,10 @@
2# Description: A vim-based script to use as a PAGER 2# Description: A vim-based script to use as a PAGER
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vimpager.local 5include vimpager.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/vim.profile 11include vim.profile
diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile
index 83851d37e..7330d6da2 100644
--- a/etc/vimtutor.profile
+++ b/etc/vimtutor.profile
@@ -1,10 +1,10 @@
1# Firejail profile for vimtutor 1# Firejail profile for vimtutor
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vimtutor.local 4include vimtutor.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/vim.profile 10include vim.profile
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index c634348c7..1ef44dd5c 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -2,9 +2,9 @@
2# Description: x86 virtualization solution 2# Description: x86 virtualization solution
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/virtualbox.local 5include virtualbox.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.VirtualBox 9noblacklist ${HOME}/.VirtualBox
10noblacklist ${HOME}/.config/VirtualBox 10noblacklist ${HOME}/.config/VirtualBox
@@ -13,17 +13,17 @@ noblacklist ${HOME}/VirtualBox VMs
13noblacklist /usr/lib/virtualbox 13noblacklist /usr/lib/virtualbox
14noblacklist /usr/lib64/virtualbox 14noblacklist /usr/lib64/virtualbox
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20mkdir ${HOME}/.config/VirtualBox 20mkdir ${HOME}/.config/VirtualBox
21mkdir ${HOME}/VirtualBox VMs 21mkdir ${HOME}/VirtualBox VMs
22whitelist ${HOME}/.config/VirtualBox 22whitelist ${HOME}/.config/VirtualBox
23whitelist ${HOME}/VirtualBox VMs 23whitelist ${HOME}/VirtualBox VMs
24whitelist ${DOWNLOADS} 24whitelist ${DOWNLOADS}
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28caps.drop all 28caps.drop all
29netfilter 29netfilter
diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile
index d1ceb74f4..bee5d6be6 100644
--- a/etc/vivaldi-beta.profile
+++ b/etc/vivaldi-beta.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/vivaldi.profile 6include vivaldi.profile
diff --git a/etc/vivaldi-snapshot.profile b/etc/vivaldi-snapshot.profile
index f8691025f..ea4a4009f 100644
--- a/etc/vivaldi-snapshot.profile
+++ b/etc/vivaldi-snapshot.profile
@@ -1,9 +1,9 @@
1# Firejail profile for vivaldi-snapshot 1# Firejail profile for vivaldi-snapshot
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vivaldi-snapshot.local 4include vivaldi-snapshot.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/vivaldi-snapshot 8noblacklist ${HOME}/.cache/vivaldi-snapshot
9noblacklist ${HOME}/.config/vivaldi-snapshot 9noblacklist ${HOME}/.config/vivaldi-snapshot
@@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/vivaldi-snapshot
14whitelist ${HOME}/.config/vivaldi-snapshot 14whitelist ${HOME}/.config/vivaldi-snapshot
15 15
16# Redirect 16# Redirect
17include /etc/firejail/chromium-common.profile 17include chromium-common.profile
diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile
index d1ceb74f4..bee5d6be6 100644
--- a/etc/vivaldi-stable.profile
+++ b/etc/vivaldi-stable.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/vivaldi.profile 6include vivaldi.profile
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 8b37ca40b..96f1bd99d 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -1,9 +1,9 @@
1# Firejail profile for vivaldi 1# Firejail profile for vivaldi
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/vivaldi.local 4include vivaldi.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/vivaldi 8noblacklist ${HOME}/.cache/vivaldi
9noblacklist ${HOME}/.config/vivaldi 9noblacklist ${HOME}/.config/vivaldi
@@ -17,4 +17,4 @@ whitelist ${HOME}/.config/vivaldi
17ignore nodbus 17ignore nodbus
18 18
19# Redirect 19# Redirect
20include /etc/firejail/chromium-common.profile 20include chromium-common.profile
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 594a5944b..0395a5a59 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -2,9 +2,9 @@
2# Description: Multimedia player and streamer 2# Description: Multimedia player and streamer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vlc.local 5include vlc.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/vlc 9noblacklist ${HOME}/.cache/vlc
10noblacklist ${HOME}/.config/vlc 10noblacklist ${HOME}/.config/vlc
@@ -12,14 +12,14 @@ noblacklist ${HOME}/.local/share/vlc
12noblacklist ${MUSIC} 12noblacklist ${MUSIC}
13noblacklist ${VIDEOS} 13noblacklist ${VIDEOS}
14 14
15include /etc/firejail/disable-common.inc 15include disable-common.inc
16include /etc/firejail/disable-devel.inc 16include disable-devel.inc
17include /etc/firejail/disable-interpreters.inc 17include disable-interpreters.inc
18include /etc/firejail/disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include /etc/firejail/disable-programs.inc 19include disable-programs.inc
20include /etc/firejail/disable-xdg.inc 20include disable-xdg.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24#apparmor - on Ubuntu 18.04 it refuses to start without dbus access 24#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
25caps.drop all 25caps.drop all
@@ -28,6 +28,7 @@ netfilter
28nogroups 28nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/vym.profile b/etc/vym.profile
index bb044069d..bb3f6ac56 100644
--- a/etc/vym.profile
+++ b/etc/vym.profile
@@ -2,17 +2,17 @@
2# Description: Mindmapping tool 2# Description: Mindmapping tool
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/vym.local 5include vym.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/InSilmaril 9noblacklist ${HOME}/.config/InSilmaril
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix 28protocol unix
28seccomp 29seccomp
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 858b30a5f..c03df49cd 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -2,20 +2,20 @@
2# Description: WWW browsable pager with excellent tables/frames support 2# Description: WWW browsable pager with excellent tables/frames support
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/w3m.local 5include w3m.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.w3m 11noblacklist ${HOME}/.w3m
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 632a56074..816f2236c 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -2,24 +2,24 @@
2# Description: 3D real time strategy game 2# Description: 3D real time strategy game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/warzone2100.local 5include warzone2100.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.warzone2100-3.* 9noblacklist ${HOME}/.warzone2100-3.*
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17# mkdir ${HOME}/.warzone2100-3.1 17# mkdir ${HOME}/.warzone2100-3.1
18# mkdir ${HOME}/.warzone2100-3.2 18# mkdir ${HOME}/.warzone2100-3.2
19whitelist ${HOME}/.warzone2100-3.1 19whitelist ${HOME}/.warzone2100-3.1
20whitelist ${HOME}/.warzone2100-3.2 20whitelist ${HOME}/.warzone2100-3.2
21include /etc/firejail/whitelist-common.inc 21include whitelist-common.inc
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -28,6 +28,7 @@ nogroups
28nonewprivs 28nonewprivs
29noroot 29noroot
30notv 30notv
31nou2f
31protocol unix,inet,inet6,netlink 32protocol unix,inet,inet6,netlink
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index fdd299bbf..3dc21958d 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -1,9 +1,9 @@
1# Firejail profile for waterfox 1# Firejail profile for waterfox
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/waterfox.local 4include waterfox.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/mozilla 8noblacklist ${HOME}/.cache/mozilla
9noblacklist ${HOME}/.cache/waterfox 9noblacklist ${HOME}/.cache/waterfox
@@ -25,4 +25,4 @@ whitelist ${HOME}/.waterfox
25#private-etc waterfox 25#private-etc waterfox
26 26
27# Redirect 27# Redirect
28include /etc/firejail/firefox-common.profile 28include firefox-common.profile
diff --git a/etc/webstorm.profile b/etc/webstorm.profile
index 1a77fd833..9a25727a9 100644
--- a/etc/webstorm.profile
+++ b/etc/webstorm.profile
@@ -1,9 +1,9 @@
1# Firejail profile for WebStorm 1# Firejail profile for WebStorm
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/webstorm.local 4include webstorm.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.WebStorm* 8noblacklist ${HOME}/.WebStorm*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
@@ -17,11 +17,11 @@ noblacklist ${HOME}/.tooling
17noblacklist ${PATH}/node 17noblacklist ${PATH}/node
18noblacklist ${HOME}/.nvm 18noblacklist ${HOME}/.nvm
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23include /etc/firejail/disable-devel.inc 23include disable-devel.inc
24include /etc/firejail/disable-interpreters.inc 24include disable-interpreters.inc
25 25
26caps.drop all 26caps.drop all
27netfilter 27netfilter
@@ -30,6 +30,7 @@ nogroups
30nonewprivs 30nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f
33novideo 34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile
index 0da7d45d6..4e9d6826c 100644
--- a/etc/weechat-curses.profile
+++ b/etc/weechat-curses.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/weechat.profile 6include weechat.profile
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 213271367..99b34048f 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -2,14 +2,14 @@
2# Description: Fast, light and extensible chat client 2# Description: Fast, light and extensible chat client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/weechat.local 5include weechat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.weechat 9noblacklist ${HOME}/.weechat
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15netfilter 15netfilter
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index 215d2e72d..a67d3a1b8 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -2,19 +2,19 @@
2# Description: Fantasy turn-based strategy game 2# Description: Fantasy turn-based strategy game
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wesnoth.local 5include wesnoth.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/wesnoth 9noblacklist ${HOME}/.cache/wesnoth
10noblacklist ${HOME}/.config/wesnoth 10noblacklist ${HOME}/.config/wesnoth
11noblacklist ${HOME}/.local/share/wesnoth 11noblacklist ${HOME}/.local/share/wesnoth
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.cache/wesnoth 19mkdir ${HOME}/.cache/wesnoth
20mkdir ${HOME}/.config/wesnoth 20mkdir ${HOME}/.config/wesnoth
@@ -22,13 +22,14 @@ mkdir ${HOME}/.local/share/wesnoth
22whitelist ${HOME}/.cache/wesnoth 22whitelist ${HOME}/.cache/wesnoth
23whitelist ${HOME}/.config/wesnoth 23whitelist ${HOME}/.config/wesnoth
24whitelist ${HOME}/.local/share/wesnoth 24whitelist ${HOME}/.local/share/wesnoth
25include /etc/firejail/whitelist-common.inc 25include whitelist-common.inc
26 26
27caps.drop all 27caps.drop all
28nodvd 28nodvd
29nonewprivs 29nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f
32protocol unix,inet,inet6 33protocol unix,inet,inet6
33seccomp 34seccomp
34 35
diff --git a/etc/wget.profile b/etc/wget.profile
index abe2436d7..213840726 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -3,19 +3,19 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/wget.local 6include wget.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12noblacklist ${HOME}/.wgetrc 12noblacklist ${HOME}/.wgetrc
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17 17
18include /etc/firejail/whitelist-var-common.inc 18include whitelist-var-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol unix,inet,inet6 31protocol unix,inet,inet6
31seccomp 32seccomp
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index e1fa809b4..38ec5d85d 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -1,5 +1,5 @@
1# Local customizations come here 1# Local customizations come here
2include /etc/firejail/whitelist-common.local 2include whitelist-common.local
3 3
4# common whitelist for all profiles 4# common whitelist for all profiles
5 5
@@ -13,6 +13,7 @@ whitelist ${HOME}/.config/user-dirs.dirs
13read-only ${HOME}/.config/user-dirs.dirs 13read-only ${HOME}/.config/user-dirs.dirs
14whitelist ${HOME}/.drirc 14whitelist ${HOME}/.drirc
15whitelist ${HOME}/.icons 15whitelist ${HOME}/.icons
16?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit
16whitelist ${HOME}/.local/share/applications 17whitelist ${HOME}/.local/share/applications
17read-only ${HOME}/.local/share/applications 18read-only ${HOME}/.local/share/applications
18whitelist ${HOME}/.local/share/icons 19whitelist ${HOME}/.local/share/icons
diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc
index 024995f20..e2210057b 100644
--- a/etc/whitelist-var-common.inc
+++ b/etc/whitelist-var-common.inc
@@ -1,5 +1,5 @@
1# Local customizations come here 1# Local customizations come here
2include /etc/firejail/whitelist-var-common.local 2include whitelist-var-common.local
3 3
4# common /var whitelist for all profiles 4# common /var whitelist for all profiles
5 5
diff --git a/etc/whois.profile b/etc/whois.profile
index 3ef2e1476..368f8b5bb 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -2,18 +2,18 @@ quiet
2# Firejail profile for whois 2# Firejail profile for whois
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/whois.local 5include whois.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9include /etc/firejail/disable-common.inc 9include disable-common.inc
10# include /etc/firejail/disable-devel.inc 10# include disable-devel.inc
11# include /etc/firejail/disable-interpreters.inc 11# include disable-interpreters.inc
12include /etc/firejail/disable-passwdmgr.inc 12include disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14#include /etc/firejail/disable-xdg.inc 14#include disable-xdg.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include whitelist-var-common.inc
17 17
18caps.drop all 18caps.drop all
19# ipc-namespace 19# ipc-namespace
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27nosound 27nosound
28notv 28notv
29nou2f
29novideo 30novideo
30protocol inet,inet6 31protocol inet,inet6
31seccomp 32seccomp
diff --git a/etc/wine.profile b/etc/wine.profile
index 88cdd2ffc..34c695cf1 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -2,9 +2,9 @@
2# Description: A compatibility layer for running Windows programs 2# Description: A compatibility layer for running Windows programs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wine.local 5include wine.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.Steam 9noblacklist ${HOME}/.Steam
10noblacklist ${HOME}/.local/share/Steam 10noblacklist ${HOME}/.local/share/Steam
@@ -14,10 +14,10 @@ noblacklist ${HOME}/.wine
14# with >=llvm-4 mesa drivers need llvm stuff 14# with >=llvm-4 mesa drivers need llvm stuff
15noblacklist /usr/lib/llvm* 15noblacklist /usr/lib/llvm*
16 16
17include /etc/firejail/disable-common.inc 17include disable-common.inc
18include /etc/firejail/disable-devel.inc 18include disable-devel.inc
19include /etc/firejail/disable-interpreters.inc 19include disable-interpreters.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index 64d2cefd5..f464a2fb9 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -1,23 +1,23 @@
1# Firejail profile for wire-desktop 1# Firejail profile for wire-desktop
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/wire-desktop.local 4include wire-desktop.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/Wire 8noblacklist ${HOME}/.config/Wire
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-passwdmgr.inc 13include disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include disable-programs.inc
15 15
16mkdir ${HOME}/.config/Wire 16mkdir ${HOME}/.config/Wire
17whitelist ${HOME}/.config/Wire 17whitelist ${HOME}/.config/Wire
18whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
19 19
20include /etc/firejail/whitelist-common.inc 20include whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -26,6 +26,7 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f
29protocol unix,inet,inet6,netlink 30protocol unix,inet,inet6,netlink
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile
index 26747379a..14978013d 100644
--- a/etc/wireshark-gtk.profile
+++ b/etc/wireshark-gtk.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/wireshark.profile 7include wireshark.profile
diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile
index 26747379a..14978013d 100644
--- a/etc/wireshark-qt.profile
+++ b/etc/wireshark-qt.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/wireshark.profile 7include wireshark.profile
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 330f0140e..4f1142826 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -2,9 +2,9 @@
2# Description: Network traffic analyzer 2# Description: Network traffic analyzer
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/wireshark.local 5include wireshark.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/wireshark 9noblacklist ${HOME}/.config/wireshark
10noblacklist ${HOME}/.wireshark 10noblacklist ${HOME}/.wireshark
@@ -16,14 +16,14 @@ noblacklist /usr/lib/lua
16noblacklist /usr/include/lua* 16noblacklist /usr/include/lua*
17noblacklist /usr/share/lua 17noblacklist /usr/share/lua
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28apparmor 28apparmor
29# caps.drop all 29# caps.drop all
@@ -36,6 +36,7 @@ no3d
36nodvd 36nodvd
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40# protocol unix,inet,inet6,netlink 41# protocol unix,inet,inet6,netlink
41# seccomp - breaks network traffic capture for unprivileged users 42# seccomp - breaks network traffic capture for unprivileged users
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index ac8f0fe2a..e21b74030 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -1,9 +1,9 @@
1# Firejail profile for x-terminal-emulator 1# Firejail profile for x-terminal-emulator
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/x-terminal-emulator.local 4include x-terminal-emulator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8caps.drop all 8caps.drop all
9ipc-namespace 9ipc-namespace
@@ -12,6 +12,7 @@ netfilter
12nodbus 12nodbus
13nogroups 13nogroups
14noroot 14noroot
15nou2f
15protocol unix 16protocol unix
16seccomp 17seccomp
17 18
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index dd7c66523..1941787b1 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -1,18 +1,18 @@
1# Firejail profile for xcalc 1# Firejail profile for xcalc
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xcalc.local 4include xcalc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8include /etc/firejail/disable-common.inc 8include disable-common.inc
9include /etc/firejail/disable-devel.inc 9include disable-devel.inc
10include /etc/firejail/disable-interpreters.inc 10include disable-interpreters.inc
11include /etc/firejail/disable-passwdmgr.inc 11include disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include disable-programs.inc
13include /etc/firejail/disable-xdg.inc 13include disable-xdg.inc
14 14
15include /etc/firejail/whitelist-var-common.inc 15include whitelist-var-common.inc
16 16
17caps.drop all 17caps.drop all
18net none 18net none
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/xchat.profile b/etc/xchat.profile
index af6da1ac5..a94444aab 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -2,15 +2,15 @@
2# Description: IRC client for X similar to AmIRC 2# Description: IRC client for X similar to AmIRC
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xchat.local 5include xchat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xchat 9noblacklist ${HOME}/.config/xchat
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16nodvd 16nodvd
diff --git a/etc/xed.profile b/etc/xed.profile
index f65b52658..7dffae05a 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -1,9 +1,9 @@
1# Firejail profile for xed 1# Firejail profile for xed
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xed.local 4include xed.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/xed 8noblacklist ${HOME}/.config/xed
9 9
@@ -13,13 +13,13 @@ noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2* 13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3* 14noblacklist /usr/lib/python3*
15 15
16include /etc/firejail/disable-common.inc 16include disable-common.inc
17include /etc/firejail/disable-devel.inc 17include disable-devel.inc
18include /etc/firejail/disable-interpreters.inc 18include disable-interpreters.inc
19include /etc/firejail/disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include /etc/firejail/disable-programs.inc 20include disable-programs.inc
21 21
22include /etc/firejail/whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24# apparmor - makes settings immutable 24# apparmor - makes settings immutable
25caps.drop all 25caps.drop all
@@ -33,6 +33,7 @@ nonewprivs
33noroot 33noroot
34nosound 34nosound
35notv 35notv
36nou2f
36novideo 37novideo
37protocol unix 38protocol unix
38seccomp 39seccomp
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
index 207e62232..3dc525755 100644
--- a/etc/xfburn.profile
+++ b/etc/xfburn.profile
@@ -2,17 +2,17 @@
2# Description: CD-burner application for Xfce Desktop Environment 2# Description: CD-burner application for Xfce Desktop Environment
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfburn.local 5include xfburn.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfburn 9noblacklist ${HOME}/.config/xfburn
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile
index e84c78b24..0dc021ef3 100644
--- a/etc/xfce4-dict.profile
+++ b/etc/xfce4-dict.profile
@@ -2,17 +2,17 @@
2# Description: Dictionary plugin for Xfce4 panel 2# Description: Dictionary plugin for Xfce4 panel
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfce4-dict.local 5include xfce4-dict.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfce4-dict 9noblacklist ${HOME}/.config/xfce4-dict
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18netfilter 18netfilter
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26nou2f
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile
index 99aeebb7f..df1b575b2 100644
--- a/etc/xfce4-notes.profile
+++ b/etc/xfce4-notes.profile
@@ -2,19 +2,19 @@
2# Description: Notes application for the Xfce4 desktop 2# Description: Notes application for the Xfce4 desktop
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xfce4-notes.local 5include xfce4-notes.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc 9noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc 10noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
11noblacklist ${HOME}/.local/share/notes 11noblacklist ${HOME}/.local/share/notes
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19caps.drop all 19caps.drop all
20netfilter 20netfilter
@@ -25,6 +25,7 @@ nonewprivs
25noroot 25noroot
26nosound 26nosound
27notv 27notv
28nou2f
28novideo 29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 703579562..6adfcd819 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -2,24 +2,24 @@
2# Description: Environment for Bible reading, study, and research 2# Description: Environment for Bible reading, study, and research
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xiphos.local 5include xiphos.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9blacklist ${HOME}/.bashrc 9blacklist ${HOME}/.bashrc
10 10
11noblacklist ${HOME}/.sword 11noblacklist ${HOME}/.sword
12noblacklist ${HOME}/.xiphos 12noblacklist ${HOME}/.xiphos
13 13
14include /etc/firejail/disable-common.inc 14include disable-common.inc
15include /etc/firejail/disable-devel.inc 15include disable-devel.inc
16include /etc/firejail/disable-interpreters.inc 16include disable-interpreters.inc
17include /etc/firejail/disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include /etc/firejail/disable-programs.inc 18include disable-programs.inc
19 19
20whitelist ${HOME}/.sword 20whitelist ${HOME}/.sword
21whitelist ${HOME}/.xiphos 21whitelist ${HOME}/.xiphos
22include /etc/firejail/whitelist-common.inc 22include whitelist-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter 25netfilter
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
diff --git a/etc/xmms.profile b/etc/xmms.profile
index d016e0c23..7a11e1244 100644
--- a/etc/xmms.profile
+++ b/etc/xmms.profile
@@ -1,19 +1,19 @@
1# Firejail profile for xmms 1# Firejail profile for xmms
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmms.local 4include xmms.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmms 8noblacklist ${HOME}/.xmms
9noblacklist ${MUSIC} 9noblacklist ${MUSIC}
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18caps.drop all 18caps.drop all
19netfilter 19netfilter
@@ -21,6 +21,7 @@ no3d
21nonewprivs 21nonewprivs
22noroot 22noroot
23notv 23notv
24nou2f
24novideo 25novideo
25protocol unix,inet,inet6 26protocol unix,inet,inet6
26seccomp 27seccomp
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile
index 7a445f6a5..25b2b8c91 100644
--- a/etc/xmr-stak.profile
+++ b/etc/xmr-stak.profile
@@ -1,22 +1,22 @@
1# Firejail profile for xmr-stak 1# Firejail profile for xmr-stak
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmr-stak.local 4include xmr-stak.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.xmr-stak 8noblacklist ${HOME}/.xmr-stak
9noblacklist /usr/lib/llvm* 9noblacklist /usr/lib/llvm*
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16include /etc/firejail/disable-xdg.inc 16include disable-xdg.inc
17 17
18mkdir ${HOME}/.xmr-stak 18mkdir ${HOME}/.xmr-stak
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22ipc-namespace 22ipc-namespace
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile
index 041a063bb..8a44fb587 100644
--- a/etc/xonotic-glx.profile
+++ b/etc/xonotic-glx.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/xonotic.profile 6include xonotic.profile
diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile
index 041a063bb..8a44fb587 100644
--- a/etc/xonotic-sdl.profile
+++ b/etc/xonotic-sdl.profile
@@ -3,4 +3,4 @@
3 3
4 4
5# Redirect 5# Redirect
6include /etc/firejail/xonotic.profile 6include xonotic.profile
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index a7e8edc0f..054cf4896 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -2,22 +2,22 @@
2# Description: A free, fast-paced crossplatform first-person shooter 2# Description: A free, fast-paced crossplatform first-person shooter
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xonotic.local 5include xonotic.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.xonotic 9noblacklist ${HOME}/.xonotic
10 10
11include /etc/firejail/disable-common.inc 11include disable-common.inc
12include /etc/firejail/disable-devel.inc 12include disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 13include disable-interpreters.inc
14include /etc/firejail/disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.xonotic 17mkdir ${HOME}/.xonotic
18whitelist ${HOME}/.xonotic 18whitelist ${HOME}/.xonotic
19include /etc/firejail/whitelist-common.inc 19include whitelist-common.inc
20include /etc/firejail/whitelist-var-common.inc 20include whitelist-var-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
@@ -27,6 +27,7 @@ nogroups
27nonewprivs 27nonewprivs
28noroot 28noroot
29notv 29notv
30nou2f
30novideo 31novideo
31protocol unix,inet,inet6 32protocol unix,inet,inet6
32seccomp 33seccomp
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index c12a3437c..4a82942ad 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -2,21 +2,21 @@
2# Description: Portable Document Format (PDF) reader 2# Description: Portable Document Format (PDF) reader
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xpdf.local 5include xpdf.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.xpdfrc 9noblacklist ${HOME}/.xpdfrc
10noblacklist ${DOCUMENTS} 10noblacklist ${DOCUMENTS}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21caps.drop all 21caps.drop all
22machine-id 22machine-id
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile
index a422b9989..78252c134 100644
--- a/etc/xplayer-audio-preview.profile
+++ b/etc/xplayer-audio-preview.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xplayer-audio-preview 1# Firejail profile for xplayer-audio-preview
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer-audio-preview.local 4include xplayer-audio-preview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile
index 1ec5250bf..ac8986c69 100644
--- a/etc/xplayer-video-thumbnailer.profile
+++ b/etc/xplayer-video-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xplayer-video-thumbnailer 1# Firejail profile for xplayer-video-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer-video-thumbnailer.local 4include xplayer-video-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xplayer.profile 10include xplayer.profile
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index f51362b6b..b8297295a 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -1,9 +1,9 @@
1# Firejail profile for xplayer 1# Firejail profile for xplayer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xplayer.local 4include xplayer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/xplayer 8noblacklist ${HOME}/.config/xplayer
9noblacklist ${HOME}/.local/share/xplayer 9noblacklist ${HOME}/.local/share/xplayer
@@ -16,14 +16,14 @@ noblacklist ${PATH}/python3*
16noblacklist /usr/lib/python2* 16noblacklist /usr/lib/python2*
17noblacklist /usr/lib/python3* 17noblacklist /usr/lib/python3*
18 18
19include /etc/firejail/disable-common.inc 19include disable-common.inc
20include /etc/firejail/disable-devel.inc 20include disable-devel.inc
21include /etc/firejail/disable-interpreters.inc 21include disable-interpreters.inc
22include /etc/firejail/disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include /etc/firejail/disable-programs.inc 23include disable-programs.inc
24include /etc/firejail/disable-xdg.inc 24include disable-xdg.inc
25 25
26include /etc/firejail/whitelist-var-common.inc 26include whitelist-var-common.inc
27 27
28# apparmor - makes settings immutable 28# apparmor - makes settings immutable
29caps.drop all 29caps.drop all
@@ -32,6 +32,7 @@ netfilter
32nogroups 32nogroups
33nonewprivs 33nonewprivs
34noroot 34noroot
35nou2f
35protocol unix,inet,inet6 36protocol unix,inet,inet6
36seccomp 37seccomp
37shell none 38shell none
diff --git a/etc/xpra.profile b/etc/xpra.profile
index 960c493b9..23f3294bd 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -2,9 +2,9 @@
2# Description: Tool to detach/reattach running X programs 2# Description: Tool to detach/reattach running X programs
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xpra.local 5include xpra.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9# 9#
10# This profile will sandbox Xpra server itself when used with firejail --x11=xpra. 10# This profile will sandbox Xpra server itself when used with firejail --x11=xpra.
@@ -22,11 +22,11 @@ noblacklist ${PATH}/python3*
22noblacklist /usr/lib/python2* 22noblacklist /usr/lib/python2*
23noblacklist /usr/lib/python3* 23noblacklist /usr/lib/python3*
24 24
25include /etc/firejail/disable-common.inc 25include disable-common.inc
26include /etc/firejail/disable-devel.inc 26include disable-devel.inc
27include /etc/firejail/disable-interpreters.inc 27include disable-interpreters.inc
28include /etc/firejail/disable-passwdmgr.inc 28include disable-passwdmgr.inc
29include /etc/firejail/disable-programs.inc 29include disable-programs.inc
30 30
31whitelist /var/lib/xkb 31whitelist /var/lib/xkb
32# whitelisting home directory, or including whitelist-common.inc 32# whitelisting home directory, or including whitelist-common.inc
@@ -41,6 +41,7 @@ nonewprivs
41#noroot 41#noroot
42nosound 42nosound
43notv 43notv
44nou2f
44novideo 45novideo
45protocol unix 46protocol unix
46seccomp 47seccomp
diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile
index 4c42c147c..2d7e7644c 100644
--- a/etc/xreader-previewer.profile
+++ b/etc/xreader-previewer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xreader-previewer 1# Firejail profile for xreader-previewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xreader-previewer.local 4include xreader-previewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xreader.profile 10include xreader.profile
diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile
index bc0bcbb67..d463787e6 100644
--- a/etc/xreader-thumbnailer.profile
+++ b/etc/xreader-thumbnailer.profile
@@ -1,10 +1,10 @@
1# Firejail profile for xreader-thumbnailer 1# Firejail profile for xreader-thumbnailer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xreader-thumbnailer.local 4include xreader-thumbnailer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8 8
9# Redirect 9# Redirect
10include /etc/firejail/xreader.profile 10include xreader.profile
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 25e790fe0..a879e8b04 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -2,23 +2,23 @@
2# Description: Document viewer for files like PDF and Postscript. X-Apps Project. 2# Description: Document viewer for files like PDF and Postscript. X-Apps Project.
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xreader.local 5include xreader.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/xreader 9noblacklist ${HOME}/.cache/xreader
10noblacklist ${HOME}/.config/xreader 10noblacklist ${HOME}/.config/xreader
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20# Breaks xreader on Mint 18.3 20# Breaks xreader on Mint 18.3
21# include /etc/firejail/whitelist-var-common.inc 21# include whitelist-var-common.inc
22 22
23# apparmor 23# apparmor
24caps.drop all 24caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 7ecc1ca0b..e6185807e 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -1,22 +1,22 @@
1# Firejail profile for xviewer 1# Firejail profile for xviewer
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xviewer.local 4include xviewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
9noblacklist ${HOME}/.config/xviewer 9noblacklist ${HOME}/.config/xviewer
10noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
11noblacklist ${HOME}/.steam 11noblacklist ${HOME}/.steam
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18 18
19include /etc/firejail/whitelist-var-common.inc 19include whitelist-var-common.inc
20 20
21# apparmor - makes settings immutable 21# apparmor - makes settings immutable
22caps.drop all 22caps.drop all
@@ -29,6 +29,7 @@ nonewprivs
29noroot 29noroot
30nosound 30nosound
31notv 31notv
32nou2f
32novideo 33novideo
33protocol unix 34protocol unix
34seccomp 35seccomp
diff --git a/etc/xxd.profile b/etc/xxd.profile
index baee905b7..f5072da75 100644
--- a/etc/xxd.profile
+++ b/etc/xxd.profile
@@ -2,10 +2,10 @@
2# Description: Tool to make (or reverse) a hex dump 2# Description: Tool to make (or reverse) a hex dump
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/xxd.local 5include xxd.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9 9
10# Redirect 10# Redirect
11include /etc/firejail/vim.profile 11include vim.profile
diff --git a/etc/xz.profile b/etc/xz.profile
index cd79eebc6..748dad2e3 100644
--- a/etc/xz.profile
+++ b/etc/xz.profile
@@ -4,4 +4,4 @@
4 4
5 5
6# Redirect 6# Redirect
7include /etc/firejail/cpio.profile 7include cpio.profile
diff --git a/etc/xzcat.profile b/etc/xzcat.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzcat.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzcmp.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index 796c1d642..6c12f7d55 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -3,10 +3,10 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/xzdec.local 6include xzdec.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included default.profile 8# added by included default.profile
9#include /etc/firejail/globals.local 9#include globals.local
10 10
11blacklist /tmp/.X11-unix 11blacklist /tmp/.X11-unix
12 12
@@ -17,10 +17,11 @@ nodbus
17nodvd 17nodvd
18nosound 18nosound
19notv 19notv
20nou2f
20novideo 21novideo
21shell none 22shell none
22tracelog 23tracelog
23 24
24private-dev 25private-dev
25 26
26include /etc/firejail/default.profile 27include default.profile
diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzdiff.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzegrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzfgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzgrep.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzless.profile b/etc/xzless.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzless.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/xzmore.profile b/etc/xzmore.profile
new file mode 100644
index 000000000..748dad2e3
--- /dev/null
+++ b/etc/xzmore.profile
@@ -0,0 +1,7 @@
1# Firejail profile alias for cpio
2# Description: Library and command line tools for XZ and LZMA compressed files
3# This file is overwritten after every install/update
4
5
6# Redirect
7include cpio.profile
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index fdb7694a5..680bef677 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -1,9 +1,9 @@
1# Firejail profile for yandex-browser 1# Firejail profile for yandex-browser
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/yandex-browser.local 4include yandex-browser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.cache/yandex-browser 8noblacklist ${HOME}/.cache/yandex-browser
9noblacklist ${HOME}/.cache/yandex-browser-beta 9noblacklist ${HOME}/.cache/yandex-browser-beta
@@ -20,4 +20,4 @@ whitelist ${HOME}/.config/yandex-browser
20whitelist ${HOME}/.config/yandex-browser-beta 20whitelist ${HOME}/.config/yandex-browser-beta
21 21
22# Redirect 22# Redirect
23include /etc/firejail/chromium-common.profile 23include chromium-common.profile
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 75d4514b6..a9868b5ac 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -3,9 +3,9 @@
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet 4quiet
5# Persistent local customizations 5# Persistent local customizations
6include /etc/firejail/youtube-dl.local 6include youtube-dl.local
7# Persistent global definitions 7# Persistent global definitions
8include /etc/firejail/globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.netrc 10noblacklist ${HOME}/.netrc
11noblacklist ${MUSIC} 11noblacklist ${MUSIC}
@@ -17,14 +17,14 @@ noblacklist ${PATH}/python3*
17noblacklist /usr/lib/python2* 17noblacklist /usr/lib/python2*
18noblacklist /usr/lib/python3* 18noblacklist /usr/lib/python3*
19 19
20include /etc/firejail/disable-common.inc 20include disable-common.inc
21include /etc/firejail/disable-devel.inc 21include disable-devel.inc
22include /etc/firejail/disable-interpreters.inc 22include disable-interpreters.inc
23include /etc/firejail/disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc 24include disable-programs.inc
25include /etc/firejail/disable-xdg.inc 25include disable-xdg.inc
26 26
27include /etc/firejail/whitelist-var-common.inc 27include whitelist-var-common.inc
28 28
29caps.drop all 29caps.drop all
30ipc-namespace 30ipc-namespace
@@ -36,6 +36,7 @@ nonewprivs
36noroot 36noroot
37nosound 37nosound
38notv 38notv
39nou2f
39novideo 40novideo
40protocol unix,inet,inet6 41protocol unix,inet,inet6
41seccomp 42seccomp
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile
index 872719ebc..cc572cbfe 100644
--- a/etc/zaproxy.profile
+++ b/etc/zaproxy.profile
@@ -2,9 +2,9 @@
2# Description: Integrated penetration testing tool for finding vulnerabilities in web applications 2# Description: Integrated penetration testing tool for finding vulnerabilities in web applications
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zaproxy.local 5include zaproxy.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
10noblacklist ${HOME}/.ZAP 10noblacklist ${HOME}/.ZAP
@@ -15,17 +15,17 @@ noblacklist /usr/lib/java
15noblacklist /etc/java 15noblacklist /etc/java
16noblacklist /usr/share/java 16noblacklist /usr/share/java
17 17
18include /etc/firejail/disable-common.inc 18include disable-common.inc
19include /etc/firejail/disable-devel.inc 19include disable-devel.inc
20include /etc/firejail/disable-interpreters.inc 20include disable-interpreters.inc
21include /etc/firejail/disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include /etc/firejail/disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.ZAP 24mkdir ${HOME}/.ZAP
25whitelist ${HOME}/.java 25whitelist ${HOME}/.java
26whitelist ${HOME}/.ZAP 26whitelist ${HOME}/.ZAP
27include /etc/firejail/whitelist-common.inc 27include whitelist-common.inc
28include /etc/firejail/whitelist-var-common.inc 28include whitelist-var-common.inc
29 29
30caps.drop all 30caps.drop all
31ipc-namespace 31ipc-namespace
@@ -37,6 +37,7 @@ nonewprivs
37noroot 37noroot
38nosound 38nosound
39notv 39notv
40nou2f
40novideo 41novideo
41protocol unix,inet,inet6 42protocol unix,inet,inet6
42seccomp 43seccomp
diff --git a/etc/zart.profile b/etc/zart.profile
index a4b22ed5d..32df94841 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -2,19 +2,19 @@
2# Description: A GUI for G'MIC real-time manipulations on the output of a webcam 2# Description: A GUI for G'MIC real-time manipulations on the output of a webcam
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zart.local 5include zart.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10noblacklist ${PICTURES} 10noblacklist ${PICTURES}
11 11
12include /etc/firejail/disable-common.inc 12include disable-common.inc
13include /etc/firejail/disable-devel.inc 13include disable-devel.inc
14include /etc/firejail/disable-interpreters.inc 14include disable-interpreters.inc
15include /etc/firejail/disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include disable-programs.inc
17include /etc/firejail/disable-xdg.inc 17include disable-xdg.inc
18 18
19caps.drop all 19caps.drop all
20ipc-namespace 20ipc-namespace
@@ -25,6 +25,7 @@ nogroups
25nonewprivs 25nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f
28protocol unix 29protocol unix
29seccomp 30seccomp
30shell none 31shell none
diff --git a/etc/zathura.profile b/etc/zathura.profile
index c1785e332..2eee47fa0 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -2,20 +2,20 @@
2# Description: Document viewer with a minimalistic interface 2# Description: Document viewer with a minimalistic interface
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/zathura.local 5include zathura.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/zathura 9noblacklist ${HOME}/.config/zathura
10noblacklist ${HOME}/.local/share/zathura 10noblacklist ${HOME}/.local/share/zathura
11noblacklist ${DOCUMENTS} 11noblacklist ${DOCUMENTS}
12 12
13include /etc/firejail/disable-common.inc 13include disable-common.inc
14include /etc/firejail/disable-devel.inc 14include disable-devel.inc
15include /etc/firejail/disable-interpreters.inc 15include disable-interpreters.inc
16include /etc/firejail/disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include /etc/firejail/disable-programs.inc 17include disable-programs.inc
18include /etc/firejail/disable-xdg.inc 18include disable-xdg.inc
19 19
20caps.drop all 20caps.drop all
21machine-id 21machine-id
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28nosound 28nosound
29notv 29notv
30nou2f
30protocol unix 31protocol unix
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/zoom.profile b/etc/zoom.profile
index 419c25f18..4fbf7ca01 100644
--- a/etc/zoom.profile
+++ b/etc/zoom.profile
@@ -1,21 +1,21 @@
1# Firejail profile for zoom 1# Firejail profile for zoom
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/zoom.local 4include zoom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include globals.local
7 7
8noblacklist ${HOME}/.config/zoomus.conf 8noblacklist ${HOME}/.config/zoomus.conf
9 9
10include /etc/firejail/disable-common.inc 10include disable-common.inc
11include /etc/firejail/disable-devel.inc 11include disable-devel.inc
12include /etc/firejail/disable-interpreters.inc 12include disable-interpreters.inc
13include /etc/firejail/disable-programs.inc 13include disable-programs.inc
14 14
15mkdir ${HOME}/.zoom 15mkdir ${HOME}/.zoom
16whitelist ${HOME}/.cache/zoom 16whitelist ${HOME}/.cache/zoom
17whitelist ${HOME}/.zoom 17whitelist ${HOME}/.zoom
18include /etc/firejail/whitelist-common.inc 18include whitelist-common.inc
19 19
20caps.drop all 20caps.drop all
21netfilter 21netfilter
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 00:47:27 +0000