diff options
Diffstat (limited to 'etc')
91 files changed, 136 insertions, 3 deletions
diff --git a/etc/7z.profile b/etc/7z.profile index ea67bbe19..ededacbbe 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/7z.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | ignore noroot | 12 | ignore noroot |
diff --git a/etc/apktool.profile b/etc/apktool.profile index 13c8f3311..bbf91c264 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/apktool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 69b3dde46..1f2228544 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/ardour4 | 10 | noblacklist ${HOME}/.config/ardour4 |
10 | noblacklist ${HOME}/.config/ardour5 | 11 | noblacklist ${HOME}/.config/ardour5 |
diff --git a/etc/atom.profile b/etc/atom.profile index db3cbc687..dc8db46dc 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/atom.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.atom | 10 | noblacklist ~/.atom |
9 | noblacklist ~/.config/Atom | 11 | noblacklist ~/.config/Atom |
10 | 12 | ||
@@ -13,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
14 | 16 | ||
15 | caps.drop all | 17 | caps.drop all |
18 | # net none | ||
16 | netfilter | 19 | netfilter |
17 | nodvd | 20 | nodvd |
18 | nogroups | 21 | nogroups |
@@ -23,7 +26,6 @@ notv | |||
23 | novideo | 26 | novideo |
24 | protocol unix,inet,inet6,netlink | 27 | protocol unix,inet,inet6,netlink |
25 | seccomp | 28 | seccomp |
26 | # net none | ||
27 | shell none | 29 | shell none |
28 | 30 | ||
29 | private-dev | 31 | private-dev |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 88aea243e..52e32badb 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/audacity.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.audacity-data | 10 | noblacklist ~/.audacity-data |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/baobab.profile b/etc/baobab.profile index ef733632d..52f8af82e 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/baobab.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index f3498e9b9..e066a606d 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/bleachbit.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/bless.profile b/etc/bless.profile index e4d2f0730..37d1e856f 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/bless.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.config/bless | 10 | noblacklist ${HOME}/.config/bless |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 052d03425..66ba0168b 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/bluefish.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/calligra.profile b/etc/calligra.profile index d2b76d22c..a57694752 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/calligra.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/catfish.profile b/etc/catfish.profile index 45aa6c35c..139951680 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -7,7 +7,11 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # We can't blacklist much since catfish | 8 | # We can't blacklist much since catfish |
9 | # is for finding files/content | 9 | # is for finding files/content |
10 | |||
11 | blacklist /run/user/*/bus | ||
12 | |||
10 | noblacklist ~/.config/catfish | 13 | noblacklist ~/.config/catfish |
14 | |||
11 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
12 | # include /etc/firejail/disable-devel.inc | 16 | # include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/cin.profile b/etc/cin.profile index 6b3e3888b..d114e50b1 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.bcast5 | 10 | noblacklist ${HOME}/.bcast5 |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/clamav.profile b/etc/clamav.profile index a5aacc1d5..c3a0132d0 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/clamav.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | 10 | ||
10 | caps.drop all | 11 | caps.drop all |
11 | ipc-namespace | 12 | ipc-namespace |
diff --git a/etc/cpio.profile b/etc/cpio.profile index 7f4bc4a84..caee6570e 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/cpio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | noblacklist /sbin | 12 | noblacklist /sbin |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index 5261bb865..f89e17239 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/dex2jar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/dia.profile b/etc/dia.profile index 800c3bbf1..bf3c384ab 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/dia.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.dia | 10 | noblacklist ~/.dia |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/display.profile b/etc/display.profile index d44733e30..41512a0cb 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile index 11499aba0..9f7e1382b 100644 --- a/etc/ebook-viewer.profile +++ b/etc/ebook-viewer.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # Firejail profile alias for calibre | 1 | # Firejail profile alias for calibre |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | 3 | ||
4 | blacklist /run/user/*/bus | ||
4 | 5 | ||
5 | net none | 6 | net none |
6 | 7 | ||
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index c198adba9..ae61f1d93 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/engrampa.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/eog.profile b/etc/eog.profile index 112ec7c98..c07268e14 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/eog.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
8 | noblacklist ~/.Steam | 10 | noblacklist ~/.Steam |
9 | noblacklist ~/.config/eog | 11 | noblacklist ~/.config/eog |
10 | noblacklist ~/.local/share/Trash | 12 | noblacklist ~/.local/share/Trash |
diff --git a/etc/eom.profile b/etc/eom.profile index af7ded91a..5e0008ab3 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/eom.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
8 | noblacklist ~/.Steam | 10 | noblacklist ~/.Steam |
9 | noblacklist ~/.config/mate/eom | 11 | noblacklist ~/.config/mate/eom |
10 | noblacklist ~/.local/share/Trash | 12 | noblacklist ~/.local/share/Trash |
diff --git a/etc/etr.profile b/etc/etr.profile index 2438793a8..579aa570a 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/etr.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.etr | 10 | noblacklist ~/.etr |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/evince.profile b/etc/evince.profile index 516661126..acca8878f 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/evince.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.config/evince | 10 | noblacklist ~/.config/evince |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 75e5be1b9..18d1e3c81 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | noblacklist /usr/bin/perl | 12 | noblacklist /usr/bin/perl |
diff --git a/etc/feh.profile b/etc/feh.profile index 7935b1354..1320434f1 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/feh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 5db39cf61..acea1e834 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -6,6 +6,8 @@ include /etc/firejail/ffmpeg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
9 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 01e689b9d..98b7aad42 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/file-roller.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/file.profile b/etc/file.profile index 2316b8e9b..041bf5ae5 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/file.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/freecad.profile b/etc/freecad.profile index 4fde66839..bac502a5f 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/freecad.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/FreeCAD | 10 | noblacklist ${HOME}/.config/FreeCAD |
10 | 11 | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 858917c75..0480faf6f 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/frozen-bubble.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.frozen-bubble | 10 | noblacklist ~/.frozen-bubble |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/galculator.profile b/etc/galculator.profile index 777bbdf6b..fdb9e3f1d 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/galculator.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.config/galculator | 10 | noblacklist ~/.config/galculator |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 4ff3a94db..c383a5675 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/gedit.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/enchant | 10 | noblacklist ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/gedit | 11 | noblacklist ${HOME}/.config/gedit |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 292c2aac9..b398813f6 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/gimp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.gimp* | 10 | noblacklist ${HOME}/.gimp* |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index b37af2843..5ed447ac4 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/gpicview.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.config/gpicview | 10 | noblacklist ~/.config/gpicview |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 0f04953d8..5187bb9f0 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/gzip.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | ignore noroot | 12 | ignore noroot |
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 5f08d7cb8..ad1aae523 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -6,6 +6,8 @@ include /etc/firejail/hashcat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
10 | |||
9 | noblacklist ${HOME}/.hashcat | 11 | noblacklist ${HOME}/.hashcat |
10 | noblacklist /usr/include | 12 | noblacklist /usr/include |
11 | 13 | ||
diff --git a/etc/highlight.profile b/etc/highlight.profile index d3cacc581..a7c667ce1 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/highlight.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
diff --git a/etc/hugin.profile b/etc/hugin.profile index 64b6e0c69..bff074b74 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/hugin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.hugin | 10 | noblacklist ${HOME}/.hugin |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/imagej.profile b/etc/imagej.profile index 88a56c706..058da2805 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/imagej.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.imagej | 10 | noblacklist ${HOME}/.imagej |
10 | 11 | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 943350484..5a19a75f1 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 5cb1e1828..bf461b93d 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.config/jd-gui.cfg | 10 | noblacklist ${HOME}/.config/jd-gui.cfg |
9 | noblacklist ${HOME}/.java | 11 | noblacklist ${HOME}/.java |
10 | 12 | ||
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 10c2909a0..e42e5920a 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/kdenlive.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 27ca408f5..f7b0bd5d1 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/keepassx.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/*.kdb | 10 | noblacklist ${HOME}/*.kdb |
9 | noblacklist ${HOME}/*.kdbx | 11 | noblacklist ${HOME}/*.kdbx |
10 | noblacklist ${HOME}/.config/keepassx | 12 | noblacklist ${HOME}/.config/keepassx |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index a8c6d65f5..f0c173d9c 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/keepassxc.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/*.kdb | 10 | noblacklist ${HOME}/*.kdb |
9 | noblacklist ${HOME}/*.kdbx | 11 | noblacklist ${HOME}/*.kdbx |
10 | noblacklist ${HOME}/.config/keepassxc | 12 | noblacklist ${HOME}/.config/keepassxc |
diff --git a/etc/krita.profile b/etc/krita.profile index e91f5b242..ac723f303 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/krita.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/less.profile b/etc/less.profile index 0935f8945..3546649af 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/less.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | ignore noroot | 12 | ignore noroot |
diff --git a/etc/lmms.profile b/etc/lmms.profile index 29ed235c6..b2bacb246 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/lmms.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.lmmsrc.xml | 10 | noblacklist ${HOME}/.lmmsrc.xml |
10 | 11 | ||
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 506fdd549..f8c5c34ca 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/macrofusion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/mfusion | 10 | noblacklist ${HOME}/.config/mfusion |
10 | 11 | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 39117b718..be5dac206 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/mate-calc.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.config/mate-calc | 10 | noblacklist ${HOME}/.config/mate-calc |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index e502269f7..de9297174 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/mediainfo.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
diff --git a/etc/meld.profile b/etc/meld.profile index 5043f2496..1a451ff57 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/meld.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.local/share/meld | 10 | noblacklist ${HOME}/.local/share/meld |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index a25cc352f..a3955b298 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/mupdf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 4937df51f..e05babc91 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/mupen64plus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.config/mupen64plus | 10 | noblacklist ${HOME}/.config/mupen64plus |
9 | noblacklist ${HOME}/.local/share/mupen64plus | 11 | noblacklist ${HOME}/.local/share/mupen64plus |
10 | 12 | ||
diff --git a/etc/natron.profile b/etc/natron.profile index b76649605..413ea53f9 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/natron.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.Natron | 10 | noblacklist ${HOME}/.Natron |
10 | noblacklist ${HOME}/.cache/INRIA/Natron | 11 | noblacklist ${HOME}/.cache/INRIA/Natron |
@@ -17,7 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
17 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
18 | 19 | ||
19 | caps.drop all | 20 | caps.drop all |
20 | netfilter | 21 | net none |
21 | nodvd | 22 | nodvd |
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
@@ -26,7 +27,6 @@ notv | |||
26 | protocol unix,inet,inet6 | 27 | protocol unix,inet,inet6 |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
29 | net none | ||
30 | 30 | ||
31 | private-bin natron,Natron,NatronRenderer | 31 | private-bin natron,Natron,NatronRenderer |
32 | 32 | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index e8c2d54c7..b6d4a63b5 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/odt2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 998d57f62..20a9b2227 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/open-invaders.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.openinvaders | 10 | noblacklist ~/.openinvaders |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 6c8dd4319..7d2121710 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/pcmanfm.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
9 | noblacklist ~/.config/libfm | 11 | noblacklist ~/.config/libfm |
10 | noblacklist ~/.config/pcmanfm | 12 | noblacklist ~/.config/pcmanfm |
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 8489e79a6..059d6660b 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/pdfmod.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.cache/pdfmod | 10 | noblacklist ${HOME}/.cache/pdfmod |
10 | noblacklist ${HOME}/.config/pdfmod | 11 | noblacklist ${HOME}/.config/pdfmod |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index fd52fb9ee..3611de8a0 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/pdfsam.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.java | 10 | noblacklist ${HOME}/.java |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 0c6bf9cde..9e4f7d4f2 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/pdftotext.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
diff --git a/etc/peek.profile b/etc/peek.profile index 13c0c72e0..01db4fa08 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/peek.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.cache/peek | 10 | noblacklist ${HOME}/.cache/peek |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/pingus.profile b/etc/pingus.profile index 68d5a98ad..c491a2669 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/pingus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.pingus | 10 | noblacklist ~/.pingus |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/pinta.profile b/etc/pinta.profile index cb6e05d35..4a8815a73 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/pinta.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/Pinta | 10 | noblacklist ${HOME}/.config/Pinta |
10 | 11 | ||
diff --git a/etc/pluma.profile b/etc/pluma.profile index 3fa6d3494..b50e3cbaf 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/pluma.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
8 | noblacklist ${HOME}/.config/pluma | 10 | noblacklist ${HOME}/.config/pluma |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/ranger.profile b/etc/ranger.profile index 9be19c4b1..0dac16424 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/ranger.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | # noblacklist /usr/bin/cpan* | 10 | # noblacklist /usr/bin/cpan* |
9 | noblacklist /usr/bin/perl | 11 | noblacklist /usr/bin/perl |
10 | noblacklist /usr/lib/perl* | 12 | noblacklist /usr/lib/perl* |
diff --git a/etc/scribus.profile b/etc/scribus.profile index e07caffe5..e49d484ed 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/scribus.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | # Support for PDF readers comes with Scribus 1.5 and higher | 10 | # Support for PDF readers comes with Scribus 1.5 and higher |
9 | noblacklist ~/.config/okularpartrc | 11 | noblacklist ~/.config/okularpartrc |
10 | noblacklist ~/.config/okularrc | 12 | noblacklist ~/.config/okularrc |
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 62a056a30..bc94ae2a0 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/sdat2img.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | 10 | ||
10 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index 4e8b1da05..3f2cc3d33 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/shotcut.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.config/Meltytech | 10 | noblacklist ${HOME}/.config/Meltytech |
10 | 11 | ||
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index fda5204e2..1cbd9756c 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/simutrans.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.simutrans | 10 | noblacklist ~/.simutrans |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 1a53cc71c..61627f5d8 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/skanlite.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 5d7129b5a..c27fb3819 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/soundconverter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 65e8073c9..933d55b79 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/sqlitebrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.config/sqlitebrowser | 10 | noblacklist ${HOME}/.config/sqlitebrowser |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/strings.profile b/etc/strings.profile index 83561cae5..09273f35d 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/strings.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | ignore noroot | 12 | ignore noroot |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index ff55e1c40..120f0a043 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/supertux2.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.local/share/supertux2 | 10 | noblacklist ~/.local/share/supertux2 |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 2617c0e51..415a42cf5 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/synfigstudio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.config/synfig | 10 | noblacklist ${HOME}/.config/synfig |
9 | noblacklist ${HOME}/.synfig | 11 | noblacklist ${HOME}/.synfig |
10 | 12 | ||
diff --git a/etc/tar.profile b/etc/tar.profile index 92ddaa2f3..bd7973abf 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/tar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | hostname tar | 12 | hostname tar |
diff --git a/etc/terasology.profile b/etc/terasology.profile index ca580c0d0..02a7baeb7 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/default.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | noblacklist ${HOME}/.java | 10 | noblacklist ${HOME}/.java |
10 | noblacklist ${HOME}/.local/share/terasology | 11 | noblacklist ${HOME}/.local/share/terasology |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 0b09bffcb..86cbebc82 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/transmission-show.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.cache/transmission | 10 | noblacklist ${HOME}/.cache/transmission |
9 | noblacklist ${HOME}/.config/transmission | 11 | noblacklist ${HOME}/.config/transmission |
10 | 12 | ||
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 138f69aa8..6cff5249c 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/uefitool.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 12559a721..f7e25d5d7 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/unrar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | hostname unrar | 12 | hostname unrar |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 9828fa9b4..fe16c670d 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/unzip.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | hostname unzip | 12 | hostname unzip |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index b30cbaa2a..f7699552d 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/uudeview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | 10 | ||
10 | hostname uudeview | 11 | hostname uudeview |
11 | ignore noroot | 12 | ignore noroot |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index af4a2d655..92d59e732 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/viewnior.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | blacklist ~/.Xauthority | 9 | blacklist ~/.Xauthority |
9 | blacklist ~/.bashrc | 10 | blacklist ~/.bashrc |
10 | 11 | ||
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index 1395b81c9..67707ffb8 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/x-terminal-emulator.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | caps.drop all | 10 | caps.drop all |
10 | ipc-namespace | 11 | ipc-namespace |
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index cfe6937e3..467f96003 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/xcalc.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/xed.profile b/etc/xed.profile index b80d02948..e4ab673e8 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/xed.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
8 | noblacklist ${HOME}/.config/xed | 10 | noblacklist ${HOME}/.config/xed |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 8caba5cc5..8b7774225 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/xpdf.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ${HOME}/.xpdfrc | 10 | noblacklist ${HOME}/.xpdfrc |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 985b82c79..5c624c384 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/xviewer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
8 | noblacklist ~/.Steam | 10 | noblacklist ~/.Steam |
9 | noblacklist ~/.config/xviewer | 11 | noblacklist ~/.config/xviewer |
10 | noblacklist ~/.local/share/Trash | 12 | noblacklist ~/.local/share/Trash |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index d5c4ac6f0..1136a6535 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/xzdec.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
8 | 8 | ||
9 | blacklist /run/user/*/bus | ||
9 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
10 | 11 | ||
11 | ignore noroot | 12 | ignore noroot |
diff --git a/etc/zart.profile b/etc/zart.profile index 6e136d0c9..e9fd9b3bd 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/zart.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/zathura.profile b/etc/zathura.profile index 0036a3521..ad64371e8 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/zathura.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.config/zathura | 10 | noblacklist ~/.config/zathura |
9 | noblacklist ~/.local/share/zathura | 11 | noblacklist ~/.local/share/zathura |
10 | 12 | ||