diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/bluefish.profile | 4 | ||||
-rw-r--r-- | etc/cliqz.profile | 4 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/pinta.profile | 12 | ||||
-rw-r--r-- | etc/uefitool.profile | 33 |
5 files changed, 47 insertions, 9 deletions
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index a0bceabbe..f18dea296 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -1,11 +1,10 @@ | |||
1 | # Firejail profile for pluma | 1 | # Firejail profile for bluefish |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/pluma.local | 4 | include /etc/firejail/pluma.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/pluma | ||
9 | 8 | ||
10 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
@@ -29,7 +28,6 @@ tracelog | |||
29 | 28 | ||
30 | private-bin bluefish | 29 | private-bin bluefish |
31 | private-dev | 30 | private-dev |
32 | # private-etc fonts | ||
33 | private-tmp | 31 | private-tmp |
34 | 32 | ||
35 | noexec ${HOME} | 33 | noexec ${HOME} |
diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 9c0f44e97..a7c791a02 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile | |||
@@ -1,7 +1,7 @@ | |||
1 | # Firejail profile for firefox | 1 | # Firejail profile for cliqz |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/firefox.local | 4 | include /etc/firejail/cliqz.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 615e28172..ad589890c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -81,6 +81,7 @@ blacklist ${HOME}/.config/chromium | |||
81 | blacklist ${HOME}/.config/chromium-dev | 81 | blacklist ${HOME}/.config/chromium-dev |
82 | blacklist ${HOME}/.config/chromium-flags.conf | 82 | blacklist ${HOME}/.config/chromium-flags.conf |
83 | blacklist ${HOME}/.config/clipit | 83 | blacklist ${HOME}/.config/clipit |
84 | blacklist ${HOME}/.config/cliqz | ||
84 | blacklist ${HOME}/.config/cmus | 85 | blacklist ${HOME}/.config/cmus |
85 | blacklist ${HOME}/.config/corebird | 86 | blacklist ${HOME}/.config/corebird |
86 | blacklist ${HOME}/.config/darktable | 87 | blacklist ${HOME}/.config/darktable |
@@ -142,6 +143,7 @@ blacklist ${HOME}/.config/opera-beta | |||
142 | blacklist ${HOME}/.config/orage | 143 | blacklist ${HOME}/.config/orage |
143 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 144 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
144 | blacklist ${HOME}/.config/pcmanfm | 145 | blacklist ${HOME}/.config/pcmanfm |
146 | blacklist ${HOME}/.config/Pinta | ||
145 | blacklist ${HOME}/.config/pix | 147 | blacklist ${HOME}/.config/pix |
146 | blacklist ${HOME}/.config/pluma | 148 | blacklist ${HOME}/.config/pluma |
147 | blacklist ${HOME}/.config/psi+ | 149 | blacklist ${HOME}/.config/psi+ |
@@ -408,6 +410,7 @@ blacklist ${HOME}/.cache/calibre | |||
408 | blacklist ${HOME}/.cache/champlain | 410 | blacklist ${HOME}/.cache/champlain |
409 | blacklist ${HOME}/.cache/chromium | 411 | blacklist ${HOME}/.cache/chromium |
410 | blacklist ${HOME}/.cache/chromium-dev | 412 | blacklist ${HOME}/.cache/chromium-dev |
413 | blacklist ${HOME}/.cache/cliqz | ||
411 | blacklist ${HOME}/.cache/darktable | 414 | blacklist ${HOME}/.cache/darktable |
412 | blacklist ${HOME}/.cache/epiphany | 415 | blacklist ${HOME}/.cache/epiphany |
413 | blacklist ${HOME}/.cache/evolution | 416 | blacklist ${HOME}/.cache/evolution |
diff --git a/etc/pinta.profile b/etc/pinta.profile index 2562e1b80..4228e5880 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -1,15 +1,21 @@ | |||
1 | # Firejail profile for krita | 1 | # Firejail profile for pinta |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/krita.local | 4 | include /etc/firejail/pinta.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | |||
9 | noblacklist ${HOME}/.config/Pinta | ||
10 | |||
8 | include /etc/firejail/disable-common.inc | 11 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
10 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
11 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
12 | 15 | ||
16 | whitelist ${HOME}/.config/Pinta | ||
17 | include /etc/firejail/whitelist-common.inc | ||
18 | |||
13 | caps.drop all | 19 | caps.drop all |
14 | ipc-namespace | 20 | ipc-namespace |
15 | net none | 21 | net none |
@@ -27,7 +33,5 @@ shell none | |||
27 | private-dev | 33 | private-dev |
28 | private-tmp | 34 | private-tmp |
29 | 35 | ||
30 | |||
31 | whitelist ~/.config/Pinta | ||
32 | noexec ${HOME} | 36 | noexec ${HOME} |
33 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile new file mode 100644 index 000000000..138f69aa8 --- /dev/null +++ b/etc/uefitool.profile | |||
@@ -0,0 +1,33 @@ | |||
1 | # Firejail profile for uefitool | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/uefitool.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | |||
14 | caps.drop all | ||
15 | ipc-namespace | ||
16 | net none | ||
17 | no3d | ||
18 | nodvd | ||
19 | nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | nosound | ||
23 | notv | ||
24 | novideo | ||
25 | protocol unix | ||
26 | seccomp | ||
27 | shell none | ||
28 | |||
29 | private-dev | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||