aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/0ad.profile1
-rw-r--r--etc/7z.profile2
-rw-r--r--etc/akonadi_control.profile4
-rw-r--r--etc/apktool.profile3
-rw-r--r--etc/ardour5.profile3
-rw-r--r--etc/ark.profile3
-rw-r--r--etc/asunder.profile1
-rw-r--r--etc/atom.profile3
-rw-r--r--etc/atril.profile3
-rw-r--r--etc/audacious.profile1
-rw-r--r--etc/audacity.profile5
-rw-r--r--etc/baobab.profile3
-rw-r--r--etc/bibletime.profile1
-rw-r--r--etc/bleachbit.profile6
-rw-r--r--etc/bless.profile3
-rw-r--r--etc/bluefish.profile3
-rw-r--r--etc/calligra.profile3
-rw-r--r--etc/catfish.profile3
-rw-r--r--etc/chromium-common.profile4
-rw-r--r--etc/cin.profile3
-rw-r--r--etc/clamav.profile3
-rw-r--r--etc/cpio.profile2
-rw-r--r--etc/default.profile1
-rw-r--r--etc/dex2jar.profile3
-rw-r--r--etc/dia.profile3
-rw-r--r--etc/digikam.profile1
-rw-r--r--etc/disable-common.inc7
-rw-r--r--etc/disable-programs.inc7
-rw-r--r--etc/display.profile3
-rw-r--r--etc/ebook-viewer.profile3
-rw-r--r--etc/electron.profile1
-rw-r--r--etc/engrampa.profile6
-rw-r--r--etc/eog.profile5
-rw-r--r--etc/eom.profile5
-rw-r--r--etc/etr.profile3
-rw-r--r--etc/evince.profile3
-rw-r--r--etc/exiftool.profile2
-rw-r--r--etc/feh.profile3
-rw-r--r--etc/ffmpeg.profile3
-rw-r--r--etc/file-roller.profile6
-rw-r--r--etc/file.profile2
-rw-r--r--etc/firefox-common.profile1
-rw-r--r--etc/firejail.config3
-rw-r--r--etc/freecad.profile3
-rw-r--r--etc/frozen-bubble.profile3
-rw-r--r--etc/galculator.profile3
-rw-r--r--etc/gcloud.profile40
-rw-r--r--etc/gedit.profile6
-rw-r--r--etc/gimp.profile3
-rw-r--r--etc/gnome-calculator.profile4
-rw-r--r--etc/gnome-logs.profile40
-rw-r--r--etc/gnome-recipes.profile2
-rw-r--r--etc/gpicview.profile3
-rw-r--r--etc/gwenview.profile4
-rw-r--r--etc/gzip.profile2
-rw-r--r--etc/handbrake.profile1
-rw-r--r--etc/hashcat.profile3
-rw-r--r--etc/highlight.profile2
-rw-r--r--etc/hugin.profile3
-rw-r--r--etc/imagej.profile3
-rw-r--r--etc/img2txt.profile3
-rw-r--r--etc/inkscape.profile7
-rw-r--r--etc/jd-gui.profile3
-rw-r--r--etc/kate.profile6
-rw-r--r--etc/kcalc.profile4
-rw-r--r--etc/kdenlive.profile2
-rw-r--r--etc/keepassx.profile3
-rw-r--r--etc/keepassxc.profile4
-rw-r--r--etc/kmail.profile3
-rw-r--r--etc/knotes.profile34
-rw-r--r--etc/krita.profile2
-rw-r--r--etc/krunner.profile3
-rw-r--r--etc/kwrite.profile3
-rw-r--r--etc/less.profile2
-rw-r--r--etc/libreoffice.profile1
-rw-r--r--etc/lmms.profile3
-rw-r--r--etc/macrofusion.profile3
-rw-r--r--etc/mate-calc.profile3
-rw-r--r--etc/mediainfo.profile2
-rw-r--r--etc/meld.profile3
-rw-r--r--etc/mpv.profile1
-rw-r--r--etc/mupdf.profile3
-rw-r--r--etc/mupen64plus.profile3
-rw-r--r--etc/natron.profile3
-rw-r--r--etc/ncdu.profile29
-rw-r--r--etc/odt2txt.profile2
-rw-r--r--etc/okular.profile3
-rw-r--r--etc/open-invaders.profile3
-rw-r--r--etc/openshot.profile1
-rw-r--r--etc/pcmanfm.profile3
-rwxr-xr-xetc/pdfchain.profile4
-rw-r--r--etc/pdfmod.profile3
-rw-r--r--etc/pdfsam.profile3
-rw-r--r--etc/pdftotext.profile2
-rw-r--r--etc/peek.profile3
-rw-r--r--etc/pingus.profile3
-rw-r--r--etc/pinta.profile3
-rw-r--r--etc/pluma.profile6
-rw-r--r--etc/qbittorrent.profile1
-rw-r--r--etc/ranger.profile3
-rw-r--r--etc/rhythmbox.profile3
-rw-r--r--etc/scribus.profile6
-rw-r--r--etc/sdat2img.profile3
-rw-r--r--etc/shotcut.profile3
-rw-r--r--etc/simutrans.profile3
-rw-r--r--etc/skanlite.profile3
-rw-r--r--etc/smplayer.profile1
-rw-r--r--etc/spotify.profile1
-rw-r--r--etc/sqlitebrowser.profile3
-rw-r--r--etc/steam.profile16
-rw-r--r--etc/strings.profile2
-rw-r--r--etc/supertux2.profile3
-rw-r--r--etc/synfigstudio.profile3
-rw-r--r--etc/tar.profile2
-rw-r--r--etc/terasology.profile3
-rw-r--r--etc/totem.profile3
-rw-r--r--etc/transmission-gtk.profile1
-rw-r--r--etc/transmission-qt.profile1
-rw-r--r--etc/transmission-show.profile3
-rw-r--r--etc/uefitool.profile3
-rw-r--r--etc/unrar.profile2
-rw-r--r--etc/unzip.profile2
-rw-r--r--etc/uudeview.profile3
-rw-r--r--etc/viewnior.profile2
-rw-r--r--etc/vlc.profile2
-rw-r--r--etc/x-terminal-emulator.profile3
-rw-r--r--etc/xcalc.profile3
-rw-r--r--etc/xed.profile6
-rw-r--r--etc/xpdf.profile3
-rw-r--r--etc/xplayer.profile2
-rw-r--r--etc/xreader.profile1
-rw-r--r--etc/xviewer.profile4
-rw-r--r--etc/xzdec.profile2
-rw-r--r--etc/zart.profile3
-rw-r--r--etc/zathura.profile4
135 files changed, 316 insertions, 227 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index 057dcf49e..766783997 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc
24 24
25caps.drop all 25caps.drop all
26netfilter 26netfilter
27nodbus
27nodvd 28nodvd
28nogroups 29nogroups
29nonewprivs 30nonewprivs
diff --git a/etc/7z.profile b/etc/7z.profile
index ededacbbe..0330e4dbf 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -6,12 +6,12 @@ include /etc/firejail/7z.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
index 296b25b83..3a4404b28 100644
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@@ -23,8 +23,8 @@ include /etc/firejail/disable-programs.inc
23 23
24include /etc/firejail/whitelist-var-common.inc 24include /etc/firejail/whitelist-var-common.inc
25 25
26# the default mysqld-akonadi apparmor profile in debian and ubuntu 26# disabled options below are not compatible with the apparmor profile for mysqld-akonadi.
27# is not compatible with the commented options below 27# this affects ubuntu and debian currently
28 28
29# apparmor 29# apparmor
30caps.drop all 30caps.drop all
diff --git a/etc/apktool.profile b/etc/apktool.profile
index bbf91c264..d5063d79b 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -6,8 +6,6 @@ include /etc/firejail/apktool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 11include /etc/firejail/disable-programs.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index 1f2228544..cf72561da 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -5,8 +5,6 @@ include /etc/firejail/ardour5.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/ardour4 8noblacklist ${HOME}/.config/ardour4
11noblacklist ${HOME}/.config/ardour5 9noblacklist ${HOME}/.config/ardour5
12noblacklist ${HOME}/.lv2 10noblacklist ${HOME}/.lv2
@@ -20,6 +18,7 @@ include /etc/firejail/disable-programs.inc
20caps.drop all 18caps.drop all
21ipc-namespace 19ipc-namespace
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/ark.profile b/etc/ark.profile
index beeb652cf..8e156df0f 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -5,8 +5,6 @@ include /etc/firejail/ark.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/arkrc 8noblacklist ${HOME}/.config/arkrc
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ apparmor
20caps.drop all 18caps.drop all
21# net none 19# net none
22netfilter 20netfilter
21# nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 0fbc3a158..7d643877f 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
20apparmor 20apparmor
21caps.drop all 21caps.drop all
22netfilter 22netfilter
23nodbus
23# nogroups 24# nogroups
24nonewprivs 25nonewprivs
25noroot 26noroot
diff --git a/etc/atom.profile b/etc/atom.profile
index de09275cc..c513c7531 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.atom 8noblacklist ${HOME}/.atom
11noblacklist ${HOME}/.config/Atom 9noblacklist ${HOME}/.config/Atom
12 10
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18# net none 16# net none
19netfilter 17netfilter
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/atril.profile b/etc/atril.profile
index a05f11076..e08b70ac6 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -5,6 +5,7 @@ include /etc/firejail/atril.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/atril
8noblacklist ${HOME}/.config/atril 9noblacklist ${HOME}/.config/atril
9 10
10#noblacklist ${HOME}/.local/share 11#noblacklist ${HOME}/.local/share
@@ -17,7 +18,7 @@ include /etc/firejail/disable-programs.inc
17 18
18include /etc/firejail/whitelist-var-common.inc 19include /etc/firejail/whitelist-var-common.inc
19 20
20apparmor 21# apparmor
21caps.drop all 22caps.drop all
22machine-id 23machine-id
23no3d 24no3d
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 93ba5a45d..71003f156 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21nodbus
21nogroups 22nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 8c85dd6be..907dbeb55 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -5,8 +5,6 @@ include /etc/firejail/audacity.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.audacity-data 8noblacklist ${HOME}/.audacity-data
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,8 +16,9 @@ include /etc/firejail/whitelist-var-common.inc
18 16
19apparmor 17apparmor
20caps.drop all 18caps.drop all
21#net none 19net none
22no3d 20no3d
21# nodbus - problems on Fedora 27
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/baobab.profile b/etc/baobab.profile
index e47e31bb1..5c1675611 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -5,8 +5,6 @@ include /etc/firejail/baobab.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index 018569603..f23a29052 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc
21 21
22caps.drop all 22caps.drop all
23netfilter 23netfilter
24nodbus
24nodvd 25nodvd
25nogroups 26nogroups
26nonewprivs 27nonewprivs
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index dce7892a4..ae40c3ec7 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -5,8 +5,6 @@ include /etc/firejail/bleachbit.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
@@ -29,6 +28,7 @@ shell none
29private-dev 28private-dev
30# private-tmp 29# private-tmp
31 30
32memory-deny-write-execute 31# memory-deny-write-execute breaks some systems, see issue #1850
32# memory-deny-write-execute
33noexec ${HOME} 33noexec ${HOME}
34noexec /tmp 34noexec /tmp
diff --git a/etc/bless.profile b/etc/bless.profile
index 37d1e856f..10b471582 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -5,8 +5,6 @@ include /etc/firejail/bless.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/bless 8noblacklist ${HOME}/.config/bless
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/bluefish.profile b/etc/bluefish.profile
index 66ba0168b..6eb1d753f 100644
--- a/etc/bluefish.profile
+++ b/etc/bluefish.profile
@@ -5,8 +5,6 @@ include /etc/firejail/bluefish.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -17,6 +15,7 @@ include /etc/firejail/whitelist-var-common.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/calligra.profile b/etc/calligra.profile
index f09716bc3..f7df8ce85 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -5,8 +5,6 @@ include /etc/firejail/calligra.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16ipc-namespace 14ipc-namespace
17# net none 15# net none
16# nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 6d5ec1c52..6a608c673 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -8,8 +8,6 @@ include /etc/firejail/globals.local
8# We can't blacklist much since catfish 8# We can't blacklist much since catfish
9# is for finding files/content 9# is for finding files/content
10 10
11blacklist /run/user/*/bus
12
13noblacklist ${HOME}/.config/catfish 11noblacklist ${HOME}/.config/catfish
14 12
15include /etc/firejail/disable-common.inc 13include /etc/firejail/disable-common.inc
@@ -23,6 +21,7 @@ include /etc/firejail/whitelist-var-common.inc
23caps.drop all 21caps.drop all
24net none 22net none
25no3d 23no3d
24nodbus
26nodvd 25nodvd
27nogroups 26nogroups
28nonewprivs 27nonewprivs
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index a11947334..7f07c5b26 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
20apparmor 20apparmor
21caps.keep sys_chroot,sys_admin 21caps.keep sys_chroot,sys_admin
22netfilter 22netfilter
23nodbus
23nodvd 24nodvd
24nogroups 25nogroups
25notv 26notv
@@ -31,3 +32,6 @@ private-dev
31 32
32noexec ${HOME} 33noexec ${HOME}
33noexec /tmp 34noexec /tmp
35
36# the file dialog needs to work without d-bus
37env NO_CHROME_KDE_FILE_DIALOG=1
diff --git a/etc/cin.profile b/etc/cin.profile
index d114e50b1..e86a4d9b4 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -5,8 +5,6 @@ include /etc/firejail/cin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.bcast5 8noblacklist ${HOME}/.bcast5
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/clamav.profile b/etc/clamav.profile
index c3a0132d0..41bd3b679 100644
--- a/etc/clamav.profile
+++ b/etc/clamav.profile
@@ -6,12 +6,11 @@ include /etc/firejail/clamav.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11caps.drop all 9caps.drop all
12ipc-namespace 10ipc-namespace
13net none 11net none
14no3d 12no3d
13nodbus
15nodvd 14nodvd
16nogroups 15nogroups
17nonewprivs 16nonewprivs
diff --git a/etc/cpio.profile b/etc/cpio.profile
index caee6570e..445e1cec7 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -6,7 +6,6 @@ include /etc/firejail/cpio.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12noblacklist /sbin 11noblacklist /sbin
@@ -19,6 +18,7 @@ include /etc/firejail/disable-programs.inc
19caps.drop all 18caps.drop all
20net none 19net none
21no3d 20no3d
21nodbus
22nodvd 22nodvd
23nonewprivs 23nonewprivs
24nosound 24nosound
diff --git a/etc/default.profile b/etc/default.profile
index 82eded802..1af7ceba4 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -17,6 +17,7 @@ caps.drop all
17# ipc-namespace 17# ipc-namespace
18netfilter 18netfilter
19# no3d 19# no3d
20# nodbus
20# nodvd 21# nodvd
21# nogroups 22# nogroups
22nonewprivs 23nonewprivs
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index f89e17239..ed73b8b8c 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -6,8 +6,6 @@ include /etc/firejail/dex2jar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 14caps.drop all
17net none 15net none
18no3d 16no3d
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/dia.profile b/etc/dia.profile
index b1a723da0..fb3506955 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -5,8 +5,6 @@ include /etc/firejail/dia.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.dia 8noblacklist ${HOME}/.dia
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/digikam.profile b/etc/digikam.profile
index 516876c6b..4df344cbc 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
20apparmor 20apparmor
21caps.drop all 21caps.drop all
22netfilter 22netfilter
23# nodbus
23nodvd 24nodvd
24nogroups 25nogroups
25nonewprivs 26nonewprivs
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index e5de0b61f..0f605b933 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -297,6 +297,13 @@ blacklist /etc/ssh
297blacklist /home/.ecryptfs 297blacklist /home/.ecryptfs
298blacklist /var/backup 298blacklist /var/backup
299 299
300# cloud provider configuration
301blacklist ${HOME}/.aws
302blacklist ${HOME}/.boto
303blacklist /etc/boto.cfg
304blacklist ${HOME}/.config/gcloud
305blacklist ${HOME}/.kube
306
300# system directories 307# system directories
301blacklist /sbin 308blacklist /sbin
302blacklist /usr/local/sbin 309blacklist /usr/local/sbin
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 96cc9b48c..a6f12f3db 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -138,6 +138,7 @@ blacklist ${HOME}/.config/itch
138blacklist ${HOME}/.config/jd-gui.cfg 138blacklist ${HOME}/.config/jd-gui.cfg
139blacklist ${HOME}/.config/k3brc 139blacklist ${HOME}/.config/k3brc
140blacklist ${HOME}/.config/kaffeinerc 140blacklist ${HOME}/.config/kaffeinerc
141blacklist ${HOME}/.config/katemetainfos
141blacklist ${HOME}/.config/katepartrc 142blacklist ${HOME}/.config/katepartrc
142blacklist ${HOME}/.config/katerc 143blacklist ${HOME}/.config/katerc
143blacklist ${HOME}/.config/kateschemarc 144blacklist ${HOME}/.config/kateschemarc
@@ -384,6 +385,7 @@ blacklist ${HOME}/.local/share/kate
384blacklist ${HOME}/.local/share/kdenlive 385blacklist ${HOME}/.local/share/kdenlive
385blacklist ${HOME}/.local/share/kget 386blacklist ${HOME}/.local/share/kget
386blacklist ${HOME}/.local/share/kmail2 387blacklist ${HOME}/.local/share/kmail2
388blacklist ${HOME}/.local/share/knotes
387blacklist ${HOME}/.local/share/krita 389blacklist ${HOME}/.local/share/krita
388blacklist ${HOME}/.local/share/ktorrentrc 390blacklist ${HOME}/.local/share/ktorrentrc
389blacklist ${HOME}/.local/share/ktorrent 391blacklist ${HOME}/.local/share/ktorrent
@@ -507,6 +509,7 @@ blacklist ${HOME}/.cache/INRIA
507blacklist ${HOME}/.cache/MusicBrainz 509blacklist ${HOME}/.cache/MusicBrainz
508blacklist ${HOME}/.cache/QuiteRss 510blacklist ${HOME}/.cache/QuiteRss
509blacklist ${HOME}/.cache/akonadi* 511blacklist ${HOME}/.cache/akonadi*
512blacklist ${HOME}/.cache/atril
510blacklist ${HOME}/.cache/attic 513blacklist ${HOME}/.cache/attic
511blacklist ${HOME}/.cache/borg 514blacklist ${HOME}/.cache/borg
512blacklist ${HOME}/.cache/calibre 515blacklist ${HOME}/.cache/calibre
@@ -529,11 +532,14 @@ blacklist ${HOME}/.cache/google-chrome-unstable
529blacklist ${HOME}/.cache/gnome-twitch 532blacklist ${HOME}/.cache/gnome-twitch
530blacklist ${HOME}/.cache/icedove 533blacklist ${HOME}/.cache/icedove
531blacklist ${HOME}/.cache/INRIA/Natron 534blacklist ${HOME}/.cache/INRIA/Natron
535blacklist ${HOME}/.cache/inkscape
532blacklist ${HOME}/.cache/inox 536blacklist ${HOME}/.cache/inox
533blacklist ${HOME}/.cache/iridium 537blacklist ${HOME}/.cache/iridium
534blacklist ${HOME}/.cache/kdenlive 538blacklist ${HOME}/.cache/kdenlive
535blacklist ${HOME}/.cache/kinfocenter 539blacklist ${HOME}/.cache/kinfocenter
540blacklist ${HOME}/.cache/kmail2
536blacklist ${HOME}/.cache/krunner 541blacklist ${HOME}/.cache/krunner
542blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite
537blacklist ${HOME}/.cache/kscreenlocker_greet 543blacklist ${HOME}/.cache/kscreenlocker_greet
538blacklist ${HOME}/.cache/ksmserver-logout-greeter 544blacklist ${HOME}/.cache/ksmserver-logout-greeter
539blacklist ${HOME}/.cache/ksplashqml 545blacklist ${HOME}/.cache/ksplashqml
@@ -566,6 +572,7 @@ blacklist ${HOME}/.cache/torbrowser
566blacklist ${HOME}/.cache/transmission 572blacklist ${HOME}/.cache/transmission
567blacklist ${HOME}/.cache/vivaldi 573blacklist ${HOME}/.cache/vivaldi
568blacklist ${HOME}/.cache/vivaldi-snapshot 574blacklist ${HOME}/.cache/vivaldi-snapshot
575blacklist ${HOME}/.cache/vlc
569blacklist ${HOME}/.cache/waterfox 576blacklist ${HOME}/.cache/waterfox
570blacklist ${HOME}/.cache/wesnoth 577blacklist ${HOME}/.cache/wesnoth
571blacklist ${HOME}/.cache/xmms2 578blacklist ${HOME}/.cache/xmms2
diff --git a/etc/display.profile b/etc/display.profile
index 41512a0cb..69183f4ca 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -5,8 +5,6 @@ include /etc/firejail/display.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ include /etc/firejail/whitelist-var-common.inc
16 14
17caps.drop all 15caps.drop all
18net none 16net none
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile
index 9f7e1382b..1e28b854a 100644
--- a/etc/ebook-viewer.profile
+++ b/etc/ebook-viewer.profile
@@ -1,9 +1,8 @@
1# Firejail profile alias for calibre 1# Firejail profile alias for calibre
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3 3
4blacklist /run/user/*/bus
5
6net none 4net none
5nodbus
7 6
8# Redirect 7# Redirect
9include /etc/firejail/calibre.profile 8include /etc/firejail/calibre.profile
diff --git a/etc/electron.profile b/etc/electron.profile
index 222beada0..52d45b3f8 100644
--- a/etc/electron.profile
+++ b/etc/electron.profile
@@ -14,6 +14,7 @@ whitelist ${DOWNLOADS}
14apparmor 14apparmor
15caps.drop all 15caps.drop all
16netfilter 16netfilter
17nodbus
17nodvd 18nodvd
18nogroups 19nogroups
19nonewprivs 20nonewprivs
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index ae61f1d93..cf32d579e 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -5,8 +5,6 @@ include /etc/firejail/engrampa.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -14,9 +12,11 @@ include /etc/firejail/disable-programs.inc
14 12
15include /etc/firejail/whitelist-var-common.inc 13include /etc/firejail/whitelist-var-common.inc
16 14
15apparmor
17caps.drop all 16caps.drop all
18# net none - makes settings immutable 17net none
19no3d 18no3d
19nodbus
20nodvd 20nodvd
21nogroups 21nogroups
22nonewprivs 22nonewprivs
diff --git a/etc/eog.profile b/etc/eog.profile
index 475abc4a5..66434ae05 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -5,8 +5,6 @@ include /etc/firejail/eog.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.config/eog 9noblacklist ${HOME}/.config/eog
12noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -19,10 +17,11 @@ include /etc/firejail/disable-programs.inc
19 17
20include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
21 19
22apparmor 20# apparmor - makes settings immutable
23caps.drop all 21caps.drop all
24# net none - makes settings immutable 22# net none - makes settings immutable
25no3d 23no3d
24# nodbus - makes settings immutable
26nodvd 25nodvd
27nogroups 26nogroups
28nonewprivs 27nonewprivs
diff --git a/etc/eom.profile b/etc/eom.profile
index c7c92db0e..48965bcb9 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/eom.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.config/mate/eom 9noblacklist ${HOME}/.config/mate/eom
12noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -19,10 +17,11 @@ include /etc/firejail/disable-programs.inc
19 17
20include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
21 19
22apparmor 20# apparmor - makes settings immutable
23caps.drop all 21caps.drop all
24# net none - makes settings immutable 22# net none - makes settings immutable
25no3d 23no3d
24# nodbus - makes settings immutable
26nodvd 25nodvd
27nogroups 26nogroups
28nonewprivs 27nonewprivs
diff --git a/etc/etr.profile b/etc/etr.profile
index ad2e5be5d..5c01636cc 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -5,8 +5,6 @@ include /etc/firejail/etr.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.etr 8noblacklist ${HOME}/.etr
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/evince.profile b/etc/evince.profile
index 72c1ffc97..08c82086b 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -5,8 +5,6 @@ include /etc/firejail/evince.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/evince 8noblacklist ${HOME}/.config/evince
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -21,6 +19,7 @@ machine-id
21# net none breaks AppArmor on Ubuntu systems 19# net none breaks AppArmor on Ubuntu systems
22netfilter 20netfilter
23no3d 21no3d
22# nodbus
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 18d1e3c81..8ab6012f5 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -6,7 +6,6 @@ include /etc/firejail/exiftool.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12noblacklist /usr/bin/perl 11noblacklist /usr/bin/perl
@@ -21,6 +20,7 @@ include /etc/firejail/disable-programs.inc
21caps.drop all 20caps.drop all
22net none 21net none
23no3d 22no3d
23nodbus
24nodvd 24nodvd
25nogroups 25nogroups
26nonewprivs 26nonewprivs
diff --git a/etc/feh.profile b/etc/feh.profile
index 1320434f1..ba7a76c49 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -5,8 +5,6 @@ include /etc/firejail/feh.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16net none 14net none
17no3d 15no3d
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index acea1e834..538179107 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -6,8 +6,6 @@ include /etc/firejail/ffmpeg.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc
18caps.drop all 16caps.drop all
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nosound 21nosound
23notv 22notv
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index bc4e70da4..eb76d1dbb 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -5,8 +5,6 @@ include /etc/firejail/file-roller.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -14,9 +12,11 @@ include /etc/firejail/disable-programs.inc
14 12
15include /etc/firejail/whitelist-var-common.inc 13include /etc/firejail/whitelist-var-common.inc
16 14
15apparmor
17caps.drop all 16caps.drop all
18# net none - makes settings immutable 17net none
19no3d 18no3d
19nodbus
20nodvd 20nodvd
21nogroups 21nogroups
22nonewprivs 22nonewprivs
diff --git a/etc/file.profile b/etc/file.profile
index 041bf5ae5..2bdbaaaa8 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -6,7 +6,6 @@ include /etc/firejail/file.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12include /etc/firejail/disable-common.inc 11include /etc/firejail/disable-common.inc
@@ -17,6 +16,7 @@ caps.drop all
17hostname file 16hostname file
18net none 17net none
19no3d 18no3d
19nodbus
20nodvd 20nodvd
21nogroups 21nogroups
22nonewprivs 22nonewprivs
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 12d160155..1f531c1b7 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -25,6 +25,7 @@ caps.drop all
25# machine-id breaks pulse audio; it should work fine in setups where sound is not required 25# machine-id breaks pulse audio; it should work fine in setups where sound is not required
26#machine-id 26#machine-id
27netfilter 27netfilter
28nodbus
28nodvd 29nodvd
29nogroups 30nogroups
30nonewprivs 31nonewprivs
diff --git a/etc/firejail.config b/etc/firejail.config
index ade3e3c84..0cd4dca3a 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -23,6 +23,9 @@
23# and it will harden the rest of the chroot tree. 23# and it will harden the rest of the chroot tree.
24# chroot-desktop yes 24# chroot-desktop yes
25 25
26# Enable or disable dbus handling by --nodbus flag, default enabled.
27# dbus yes
28
26# Disable /mnt, /media, /run/mount and /run/media access. By default access 29# Disable /mnt, /media, /run/mount and /run/media access. By default access
27# to these directories is enabled. 30# to these directories is enabled.
28# disable-mnt no 31# disable-mnt no
diff --git a/etc/freecad.profile b/etc/freecad.profile
index bac502a5f..c51d88f7a 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -5,8 +5,6 @@ include /etc/firejail/freecad.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/FreeCAD 8noblacklist ${HOME}/.config/FreeCAD
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index ca38ed1b8..8acd32bdd 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -5,8 +5,6 @@ include /etc/firejail/frozen-bubble.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.frozen-bubble 8noblacklist ${HOME}/.frozen-bubble
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -21,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc
21 19
22caps.drop all 20caps.drop all
23net none 21net none
22nodbus
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/galculator.profile b/etc/galculator.profile
index b28c7943f..8229f8250 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -5,8 +5,6 @@ include /etc/firejail/galculator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/galculator 8noblacklist ${HOME}/.config/galculator
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -22,6 +20,7 @@ include /etc/firejail/whitelist-var-common.inc
22apparmor 20apparmor
23caps.drop all 21caps.drop all
24net none 22net none
23nodbus
25nodvd 24nodvd
26nogroups 25nogroups
27nonewprivs 26nonewprivs
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
new file mode 100644
index 000000000..195dc9302
--- /dev/null
+++ b/etc/gcloud.profile
@@ -0,0 +1,40 @@
1# Firejail profile for gcloud
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/gcloud.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.boto
9noblacklist ${HOME}/.config/gcloud
10noblacklist /var/run/docker.sock
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-programs.inc
15
16apparmor
17caps.drop all
18machine-id
19netfilter
20nodbus
21nodvd
22# required for sudo-free docker
23#nogroups
24nonewprivs
25noroot
26notv
27protocol unix,inet,inet6
28seccomp
29shell none
30tracelog
31
32disable-mnt
33private-dev
34private-etc ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache
35private-tmp
36
37noexec /tmp
38
39# will break user-local installs of gcloud tooling
40# noexec ${HOME}
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 97eb692de..e78b8a708 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gedit.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.config/enchant 8noblacklist ${HOME}/.config/enchant
11noblacklist ${HOME}/.config/gedit 9noblacklist ${HOME}/.config/gedit
12noblacklist ${HOME}/.gitconfig 10noblacklist ${HOME}/.gitconfig
@@ -18,10 +16,12 @@ include /etc/firejail/disable-programs.inc
18 16
19include /etc/firejail/whitelist-var-common.inc 17include /etc/firejail/whitelist-var-common.inc
20 18
19# apparmor - makes settings immutable
21caps.drop all 20caps.drop all
22# net none - makes settings immutable
23machine-id 21machine-id
22# net none - makes settings immutable
24no3d 23no3d
24# nodbus - makes settings immutable
25nodvd 25nodvd
26nogroups 26nogroups
27nonewprivs 27nonewprivs
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 3cc012a88..49df54d1f 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gimp.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.gimp* 8noblacklist ${HOME}/.gimp*
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 16apparmor
19caps.drop all 17caps.drop all
20net none 18net none
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index a219ac644..dfb93c3b0 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -13,10 +13,12 @@ include /etc/firejail/disable-programs.inc
13include /etc/firejail/whitelist-common.inc 13include /etc/firejail/whitelist-common.inc
14include /etc/firejail/whitelist-var-common.inc 14include /etc/firejail/whitelist-var-common.inc
15 15
16apparmor 16# apparmor - makes settings immutable
17caps.drop all 17caps.drop all
18# net none
18netfilter 19netfilter
19no3d 20no3d
21# nodbus - makes settings immutable
20nodvd 22nodvd
21nogroups 23nogroups
22nonewprivs 24nonewprivs
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
new file mode 100644
index 000000000..7e7902dff
--- /dev/null
+++ b/etc/gnome-logs.profile
@@ -0,0 +1,40 @@
1# Firejail profile for gnome-logs
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/gnome-logs.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8include /etc/firejail/disable-common.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11include /etc/firejail/disable-programs.inc
12
13whitelist /var/log/journal
14include /etc/firejail/whitelist-var-common.inc
15
16caps.drop all
17net none
18no3d
19nodbus
20nodvd
21nogroups
22nonewprivs
23noroot
24nosound
25notv
26novideo
27protocol unix
28seccomp
29shell none
30
31disable-mnt
32private-bin gnome-logs
33private-dev
34#private-etc fonts
35#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,librsvg-2.so.2
36private-tmp
37writable-var-log
38
39noexec ${HOME}
40noexec /tmp
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index 2392440a6..2f7657c0c 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -35,7 +35,7 @@ shell none
35disable-mnt 35disable-mnt
36private-bin gnome-recipes,tar 36private-bin gnome-recipes,tar
37private-dev 37private-dev
38private-etc ca-certificates,fonts,ssl 38private-etc ca-certificates,fonts,ssl,crypto-policies,pki
39# private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) 39# private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux)
40# not widely tested though, leaving it to devs discretion to enable it later 40# not widely tested though, leaving it to devs discretion to enable it later
41#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 41#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 8d47d9c31..c6453e972 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gpicview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/gpicview 8noblacklist ${HOME}/.config/gpicview
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ include /etc/firejail/whitelist-var-common.inc
18 16
19caps.drop all 17caps.drop all
20net none 18net none
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index d79b72152..d17be41cc 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gwenview.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/gwenviewrc 8noblacklist ${HOME}/.config/gwenviewrc
11noblacklist ${HOME}/.config/org.kde.gwenviewrc 9noblacklist ${HOME}/.config/org.kde.gwenviewrc
12noblacklist ${HOME}/.gimp* 10noblacklist ${HOME}/.gimp*
@@ -24,8 +22,10 @@ include /etc/firejail/disable-programs.inc
24 22
25include /etc/firejail/whitelist-var-common.inc 23include /etc/firejail/whitelist-var-common.inc
26 24
25apparmor
27caps.drop all 26caps.drop all
28# net none 27# net none
28# nodbus
29nodvd 29nodvd
30nogroups 30nogroups
31nonewprivs 31nonewprivs
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 5187bb9f0..779067770 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -6,12 +6,12 @@ include /etc/firejail/gzip.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index b99842d60..ff9dd248f 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-var-common.inc
17apparmor 17apparmor
18caps.drop all 18caps.drop all
19netfilter 19netfilter
20nodbus
20nogroups 21nogroups
21nonewprivs 22nonewprivs
22noroot 23noroot
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index ad1aae523..c8ab268c8 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -6,8 +6,6 @@ include /etc/firejail/hashcat.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11noblacklist ${HOME}/.hashcat 9noblacklist ${HOME}/.hashcat
12noblacklist /usr/include 10noblacklist /usr/include
13 11
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc
18 16
19caps.drop all 17caps.drop all
20net none 18net none
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/highlight.profile b/etc/highlight.profile
index a7c667ce1..781866f3b 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -5,7 +5,6 @@ include /etc/firejail/highlight.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 15caps.drop all
17net none 16net none
18no3d 17no3d
18nodbus
19nodvd 19nodvd
20nogroups 20nogroups
21nonewprivs 21nonewprivs
diff --git a/etc/hugin.profile b/etc/hugin.profile
index bff074b74..3847a7daf 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -5,8 +5,6 @@ include /etc/firejail/hugin.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.hugin 8noblacklist ${HOME}/.hugin
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16 14
17caps.drop all 15caps.drop all
18net none 16net none
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/imagej.profile b/etc/imagej.profile
index 058da2805..7396160af 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -5,8 +5,6 @@ include /etc/firejail/imagej.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.imagej 8noblacklist ${HOME}/.imagej
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index 5a19a75f1..8c157bf2a 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -5,8 +5,6 @@ include /etc/firejail/img2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -14,6 +12,7 @@ include /etc/firejail/disable-programs.inc
14 12
15caps.drop all 13caps.drop all
16net none 14net none
15nodbus
17nodvd 16nodvd
18nogroups 17nogroups
19nonewprivs 18nonewprivs
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index 6e669ea2c..af24bc3e9 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -5,9 +5,9 @@ include /etc/firejail/inkscape.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.inkscape 8noblacklist ${HOME}/.cache/inkscape
9noblacklist ${HOME}/.config/inkscape 9noblacklist ${HOME}/.config/inkscape
10 10noblacklist ${HOME}/.inkscape
11 11
12include /etc/firejail/disable-common.inc 12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc 13include /etc/firejail/disable-devel.inc
@@ -18,7 +18,8 @@ include /etc/firejail/whitelist-var-common.inc
18 18
19apparmor 19apparmor
20caps.drop all 20caps.drop all
21netfilter 21net none
22nodbus
22nodvd 23nodvd
23nogroups 24nogroups
24nonewprivs 25nonewprivs
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index bf461b93d..f70eff3e4 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -5,8 +5,6 @@ include /etc/firejail/jd-gui.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/jd-gui.cfg 8noblacklist ${HOME}/.config/jd-gui.cfg
11noblacklist ${HOME}/.java 9noblacklist ${HOME}/.java
12 10
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc
18caps.drop all 16caps.drop all
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/kate.profile b/etc/kate.profile
index 5042077e5..b3c1e81d8 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -5,8 +5,7 @@ include /etc/firejail/kate.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus 8noblacklist ${HOME}/.config/katemetainfos
9
10noblacklist ${HOME}/.config/katepartrc 9noblacklist ${HOME}/.config/katepartrc
11noblacklist ${HOME}/.config/katerc 10noblacklist ${HOME}/.config/katerc
12noblacklist ${HOME}/.config/kateschemarc 11noblacklist ${HOME}/.config/kateschemarc
@@ -21,9 +20,10 @@ include /etc/firejail/disable-programs.inc
21 20
22include /etc/firejail/whitelist-var-common.inc 21include /etc/firejail/whitelist-var-common.inc
23 22
24apparmor 23# apparmor
25caps.drop all 24caps.drop all
26# net none 25# net none
26# nodbus
27netfilter 27netfilter
28nodvd 28nodvd
29nogroups 29nogroups
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 3f024f3fa..86a3b1462 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -20,9 +20,11 @@ whitelist ${HOME}/.kde4/share/config/kcalcrc
20include /etc/firejail/whitelist-common.inc 20include /etc/firejail/whitelist-common.inc
21include /etc/firejail/whitelist-var-common.inc 21include /etc/firejail/whitelist-var-common.inc
22 22
23apparmor
23caps.drop all 24caps.drop all
24netfilter 25net none
25no3d 26no3d
27nodbus
26nodvd 28nodvd
27nogroups 29nogroups
28nonewprivs 30nonewprivs
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index 5c770856a..819279b10 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -5,7 +5,6 @@ include /etc/firejail/kdenlive.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9noblacklist ${HOME}/.cache/kdenlive 8noblacklist ${HOME}/.cache/kdenlive
10noblacklist ${HOME}/.config/kdenliverc 9noblacklist ${HOME}/.config/kdenliverc
11noblacklist ${HOME}/.local/share/kdenlive 10noblacklist ${HOME}/.local/share/kdenlive
@@ -18,6 +17,7 @@ include /etc/firejail/disable-programs.inc
18apparmor 17apparmor
19caps.drop all 18caps.drop all
20# net none 19# net none
20# nodbus
21nodvd 21nodvd
22nogroups 22nogroups
23nonewprivs 23nonewprivs
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index f7b0bd5d1..14af2682c 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -5,8 +5,6 @@ include /etc/firejail/keepassx.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/*.kdb 8noblacklist ${HOME}/*.kdb
11noblacklist ${HOME}/*.kdbx 9noblacklist ${HOME}/*.kdbx
12noblacklist ${HOME}/.config/keepassx 10noblacklist ${HOME}/.config/keepassx
@@ -23,6 +21,7 @@ caps.drop all
23machine-id 21machine-id
24net none 22net none
25no3d 23no3d
24nodbus
26nodvd 25nodvd
27nogroups 26nogroups
28nonewprivs 27nonewprivs
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index 66b524d29..0e464cbe4 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -5,8 +5,6 @@ include /etc/firejail/keepassxc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/*.kdb 8noblacklist ${HOME}/*.kdb
11noblacklist ${HOME}/*.kdbx 9noblacklist ${HOME}/*.kdbx
12noblacklist ${HOME}/.config/keepassxc 10noblacklist ${HOME}/.config/keepassxc
@@ -22,9 +20,11 @@ include /etc/firejail/disable-programs.inc
22include /etc/firejail/whitelist-var-common.inc 20include /etc/firejail/whitelist-var-common.inc
23 21
24caps.drop all 22caps.drop all
23machine-id
25net none 24net none
26no3d 25no3d
27nodvd 26nodvd
27nodbus
28nogroups 28nogroups
29nonewprivs 29nonewprivs
30noroot 30noroot
diff --git a/etc/kmail.profile b/etc/kmail.profile
index e33eae84f..3e425b62e 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -9,6 +9,7 @@ include /etc/firejail/globals.local
9# one solution is to have akonadi already running when kmail is started 9# one solution is to have akonadi already running when kmail is started
10 10
11noblacklist ${HOME}/.cache/akonadi* 11noblacklist ${HOME}/.cache/akonadi*
12noblacklist ${HOME}/.cache/kmail2
12noblacklist ${HOME}/.config/akonadi* 13noblacklist ${HOME}/.config/akonadi*
13noblacklist ${HOME}/.config/baloorc 14noblacklist ${HOME}/.config/baloorc
14noblacklist ${HOME}/.config/emailidentities 15noblacklist ${HOME}/.config/emailidentities
@@ -27,6 +28,8 @@ include /etc/firejail/disable-devel.inc
27include /etc/firejail/disable-passwdmgr.inc 28include /etc/firejail/disable-passwdmgr.inc
28include /etc/firejail/disable-programs.inc 29include /etc/firejail/disable-programs.inc
29 30
31include /etc/firejail/whitelist-var-common.inc
32
30# apparmor 33# apparmor
31caps.drop all 34caps.drop all
32netfilter 35netfilter
diff --git a/etc/knotes.profile b/etc/knotes.profile
index 85b267f8b..4bbbd332d 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -5,34 +5,12 @@ include /etc/firejail/knotes.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.config/akonadi* 8# knotes has problems launching akonadi in debian and ubuntu.
9noblacklist ${HOME}/.config/knotesrc 9# one solution is to have akonadi already running when knotes is started
10noblacklist ${HOME}/.local/share/akonadi*
11noblacklist /tmp/akonadi-*
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
17 10
18include /etc/firejail/whitelist-var-common.inc 11noblacklist ${HOME}/.config/knotesrc
19 12noblacklist ${HOME}/.local/share/knotes
20caps.drop all
21netfilter
22nodvd
23nogroups
24nonewprivs
25noroot
26nosound
27notv
28novideo
29protocol unix
30seccomp
31shell none
32tracelog
33 13
34private-dev
35# private-tmp - interrupts connection to akonadi
36 14
37noexec ${HOME} 15# Redirect
38noexec /tmp 16include /etc/firejail/kmail.profile
diff --git a/etc/krita.profile b/etc/krita.profile
index 0f4c5210b..24948c584 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -5,7 +5,6 @@ include /etc/firejail/krita.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9noblacklist ${HOME}/.config/kritarc 8noblacklist ${HOME}/.config/kritarc
10noblacklist ${HOME}/.local/share/krita 9noblacklist ${HOME}/.local/share/krita
11 10
@@ -18,6 +17,7 @@ apparmor
18caps.drop all 17caps.drop all
19ipc-namespace 18ipc-namespace
20# net none 19# net none
20# nodbus
21nodvd 21nodvd
22nogroups 22nogroups
23nonewprivs 23nonewprivs
diff --git a/etc/krunner.profile b/etc/krunner.profile
index 1e97f4290..17526c4ea 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -10,10 +10,13 @@ include /etc/firejail/globals.local
10# with its own profile, if it is sandboxed automatically. 10# with its own profile, if it is sandboxed automatically.
11 11
12# noblacklist ${HOME}/.cache/krunner 12# noblacklist ${HOME}/.cache/krunner
13# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite
14# noblacklist ${HOME}/.config/chromium
13noblacklist ${HOME}/.config/krunnerrc 15noblacklist ${HOME}/.config/krunnerrc
14noblacklist ${HOME}/.kde/share/config/krunnerrc 16noblacklist ${HOME}/.kde/share/config/krunnerrc
15noblacklist ${HOME}/.kde4/share/config/krunnerrc 17noblacklist ${HOME}/.kde4/share/config/krunnerrc
16# noblacklist ${HOME}/.local/share/baloo 18# noblacklist ${HOME}/.local/share/baloo
19# noblacklist ${HOME}/.mozilla
17 20
18include /etc/firejail/disable-common.inc 21include /etc/firejail/disable-common.inc
19# include /etc/firejail/disable-devel.inc 22# include /etc/firejail/disable-devel.inc
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index 1c4e50b77..ac51259c0 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -5,8 +5,6 @@ include /etc/firejail/kwrite.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/katepartrc 8noblacklist ${HOME}/.config/katepartrc
11noblacklist ${HOME}/.config/katerc 9noblacklist ${HOME}/.config/katerc
12noblacklist ${HOME}/.config/kateschemarc 10noblacklist ${HOME}/.config/kateschemarc
@@ -26,6 +24,7 @@ apparmor
26caps.drop all 24caps.drop all
27# net none 25# net none
28netfilter 26netfilter
27# nodbus
29nodvd 28nodvd
30nogroups 29nogroups
31nonewprivs 30nonewprivs
diff --git a/etc/less.profile b/etc/less.profile
index 3b1c5d6bf..e2616ba4f 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -6,12 +6,12 @@ include /etc/firejail/less.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index ceb680951..15961321e 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -21,6 +21,7 @@ apparmor
21caps.drop all 21caps.drop all
22machine-id 22machine-id
23netfilter 23netfilter
24nodbus
24nodvd 25nodvd
25nogroups 26nogroups
26nonewprivs 27nonewprivs
diff --git a/etc/lmms.profile b/etc/lmms.profile
index b2bacb246..a9fecf5be 100644
--- a/etc/lmms.profile
+++ b/etc/lmms.profile
@@ -5,8 +5,6 @@ include /etc/firejail/lmms.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.lmmsrc.xml 8noblacklist ${HOME}/.lmmsrc.xml
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index f8c5c34ca..948c7226d 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -5,8 +5,6 @@ include /etc/firejail/macrofusion.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/mfusion 8noblacklist ${HOME}/.config/mfusion
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile
index be5dac206..f452b751a 100644
--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@@ -5,8 +5,6 @@ include /etc/firejail/mate-calc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/mate-calc 8noblacklist ${HOME}/.config/mate-calc
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -24,6 +22,7 @@ whitelist ${HOME}/.themes
24caps.drop all 22caps.drop all
25net none 23net none
26no3d 24no3d
25nodbus
27nodvd 26nodvd
28nogroups 27nogroups
29nonewprivs 28nonewprivs
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index de9297174..c3c84ed39 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -5,7 +5,6 @@ include /etc/firejail/mediainfo.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 15caps.drop all
17net none 16net none
18no3d 17no3d
18nodbus
19nodvd 19nodvd
20nogroups 20nogroups
21nonewprivs 21nonewprivs
diff --git a/etc/meld.profile b/etc/meld.profile
index 1a451ff57..78d9e0c76 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -5,8 +5,6 @@ include /etc/firejail/meld.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.local/share/meld 8noblacklist ${HOME}/.local/share/meld
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/mpv.profile b/etc/mpv.profile
index a4dc679f4..dcd8b05e1 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21nodbus
21nogroups 22nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 9e04c3a81..af5859dbc 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -5,8 +5,6 @@ include /etc/firejail/mupdf.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -17,6 +15,7 @@ include /etc/firejail/whitelist-var-common.inc
17caps.drop all 15caps.drop all
18machine-id 16machine-id
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index e05babc91..2e3d7cfb8 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -5,8 +5,6 @@ include /etc/firejail/mupen64plus.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/mupen64plus 8noblacklist ${HOME}/.config/mupen64plus
11noblacklist ${HOME}/.local/share/mupen64plus 9noblacklist ${HOME}/.local/share/mupen64plus
12 10
@@ -24,6 +22,7 @@ include /etc/firejail/whitelist-common.inc
24 22
25caps.drop all 23caps.drop all
26net none 24net none
25nodbus
27nodvd 26nodvd
28nonewprivs 27nonewprivs
29noroot 28noroot
diff --git a/etc/natron.profile b/etc/natron.profile
index 413ea53f9..cf01c862c 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -5,8 +5,6 @@ include /etc/firejail/natron.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.Natron 8noblacklist ${HOME}/.Natron
11noblacklist ${HOME}/.cache/INRIA/Natron 9noblacklist ${HOME}/.cache/INRIA/Natron
12noblacklist ${HOME}/.config/INRIA 10noblacklist ${HOME}/.config/INRIA
@@ -19,6 +17,7 @@ include /etc/firejail/disable-programs.inc
19 17
20caps.drop all 18caps.drop all
21net none 19net none
20nodbus
22nodvd 21nodvd
23nogroups 22nogroups
24nonewprivs 23nonewprivs
diff --git a/etc/ncdu.profile b/etc/ncdu.profile
new file mode 100644
index 000000000..ab79a325e
--- /dev/null
+++ b/etc/ncdu.profile
@@ -0,0 +1,29 @@
1# Firejail profile for ncdu
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/ncdu.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8caps.drop all
9ipc-namespace
10nodbus
11net none
12no3d
13nodvd
14nogroups
15nonewprivs
16noroot
17nosound
18notv
19novideo
20protocol unix
21seccomp
22shell none
23
24private-dev
25# private-tmp
26
27memory-deny-write-execute
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index b6d4a63b5..c807a5399 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -5,7 +5,6 @@ include /etc/firejail/odt2txt.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +15,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 15caps.drop all
17net none 16net none
18no3d 17no3d
18nodbus
19nodvd 19nodvd
20nogroups 20nogroups
21nonewprivs 21nonewprivs
diff --git a/etc/okular.profile b/etc/okular.profile
index ffe0d2bfb..f1f0b2c7e 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -5,8 +5,6 @@ include /etc/firejail/okular.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/okular 8noblacklist ${HOME}/.cache/okular
11noblacklist ${HOME}/.config/okularpartrc 9noblacklist ${HOME}/.config/okularpartrc
12noblacklist ${HOME}/.config/okularrc 10noblacklist ${HOME}/.config/okularrc
@@ -30,6 +28,7 @@ caps.drop all
30machine-id 28machine-id
31# net none 29# net none
32netfilter 30netfilter
31# nodbus
33nodvd 32nodvd
34nogroups 33nogroups
35nonewprivs 34nonewprivs
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 191f8d87b..3c3609dae 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -5,8 +5,6 @@ include /etc/firejail/open-invaders.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.openinvaders 8noblacklist ${HOME}/.openinvaders
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/openshot.profile b/etc/openshot.profile
index ca9110be6..b9eb29590 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21nodbus
21nodvd 22nodvd
22nogroups 23nogroups
23nonewprivs 24nonewprivs
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index 08c607020..0dcd21549 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pcmanfm.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.local/share/Trash 8noblacklist ${HOME}/.local/share/Trash
11# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below 9# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
12# noblacklist ${HOME}/.config/pcmanfm 10# noblacklist ${HOME}/.config/pcmanfm
@@ -19,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc
19caps.drop all 17caps.drop all
20# net none - see issue #1467, computer:/// location broken 18# net none - see issue #1467, computer:/// location broken
21no3d 19no3d
20# nodbus
22nodvd 21nodvd
23nonewprivs 22nonewprivs
24noroot 23noroot
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile
index d43c0911e..b4ccb6003 100755
--- a/etc/pdfchain.profile
+++ b/etc/pdfchain.profile
@@ -5,9 +5,6 @@ include /etc/firejail/pdfchain.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-programs.inc 9include /etc/firejail/disable-programs.inc
13include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
@@ -19,6 +16,7 @@ caps.drop all
19ipc-namespace 16ipc-namespace
20net none 17net none
21no3d 18no3d
19nodbus
22nogroups 20nogroups
23nonewprivs 21nonewprivs
24noroot 22noroot
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile
index 8ac09dcdc..9b08dfd84 100644
--- a/etc/pdfmod.profile
+++ b/etc/pdfmod.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pdfmod.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/pdfmod 8noblacklist ${HOME}/.cache/pdfmod
11noblacklist ${HOME}/.config/pdfmod 9noblacklist ${HOME}/.config/pdfmod
12 10
@@ -22,6 +20,7 @@ ipc-namespace
22machine-id 20machine-id
23net none 21net none
24no3d 22no3d
23nodbus
25nodvd 24nodvd
26nogroups 25nogroups
27nonewprivs 26nonewprivs
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index c1515ab73..465f68fd6 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pdfsam.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -18,6 +16,7 @@ caps.drop all
18machine-id 16machine-id
19net none 17net none
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 736faa5ea..a97063754 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -5,7 +5,6 @@ include /etc/firejail/pdftotext.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist /tmp/.X11-unix 8blacklist /tmp/.X11-unix
10 9
11include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -19,6 +18,7 @@ caps.drop all
19machine-id 18machine-id
20net none 19net none
21no3d 20no3d
21nodbus
22nodvd 22nodvd
23nogroups 23nogroups
24nonewprivs 24nonewprivs
diff --git a/etc/peek.profile b/etc/peek.profile
index 01db4fa08..7b7ab9470 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -5,8 +5,6 @@ include /etc/firejail/peek.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/peek 8noblacklist ${HOME}/.cache/peek
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/pingus.profile b/etc/pingus.profile
index ec7eff632..b287e7ee8 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pingus.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.pingus 8noblacklist ${HOME}/.pingus
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 4a8815a73..b51521ef7 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pinta.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/Pinta 8noblacklist ${HOME}/.config/Pinta
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18ipc-namespace 16ipc-namespace
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/pluma.profile b/etc/pluma.profile
index b50e3cbaf..d0acfeb1a 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -5,8 +5,6 @@ include /etc/firejail/pluma.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.config/pluma 8noblacklist ${HOME}/.config/pluma
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,10 +14,12 @@ include /etc/firejail/disable-programs.inc
16 14
17include /etc/firejail/whitelist-var-common.inc 15include /etc/firejail/whitelist-var-common.inc
18 16
17# apparmor - makes settings immutable
19caps.drop all 18caps.drop all
20# net none - makes settings immutable
21machine-id 19machine-id
20# net none - makes settings immutable
22no3d 21no3d
22# nodbus - makes settings immutable
23nodvd 23nodvd
24nogroups 24nogroups
25nonewprivs 25nonewprivs
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 8df8177eb..14a9e8adc 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -30,6 +30,7 @@ apparmor
30caps.drop all 30caps.drop all
31machine-id 31machine-id
32netfilter 32netfilter
33nodbus
33nodvd 34nodvd
34nogroups 35nogroups
35nonewprivs 36nonewprivs
diff --git a/etc/ranger.profile b/etc/ranger.profile
index 211a1b2d5..fd5bbf89c 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -5,8 +5,6 @@ include /etc/firejail/ranger.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10# noblacklist /usr/bin/cpan* 8# noblacklist /usr/bin/cpan*
11noblacklist /usr/bin/perl 9noblacklist /usr/bin/perl
12noblacklist /usr/lib/perl* 10noblacklist /usr/lib/perl*
@@ -20,6 +18,7 @@ include /etc/firejail/disable-programs.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index a20bdb883..6322f8217 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -13,10 +13,11 @@ include /etc/firejail/disable-programs.inc
13 13
14include /etc/firejail/whitelist-var-common.inc 14include /etc/firejail/whitelist-var-common.inc
15 15
16apparmor 16# apparmor - makes settings immutable
17caps.drop all 17caps.drop all
18netfilter 18netfilter
19# no3d 19# no3d
20# nodbus - makes settings immutable
20nogroups 21nogroups
21nonewprivs 22nonewprivs
22noroot 23noroot
diff --git a/etc/scribus.profile b/etc/scribus.profile
index 8ce63fbf0..f9f585a20 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -5,8 +5,6 @@ include /etc/firejail/scribus.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10# Support for PDF readers comes with Scribus 1.5 and higher 8# Support for PDF readers comes with Scribus 1.5 and higher
11noblacklist ${HOME}/.cache/okular 9noblacklist ${HOME}/.cache/okular
12noblacklist ${HOME}/.config/okularpartrc 10noblacklist ${HOME}/.config/okularpartrc
@@ -33,6 +31,7 @@ include /etc/firejail/whitelist-var-common.inc
33 31
34caps.drop all 32caps.drop all
35net none 33net none
34nodbus
36nodvd 35nodvd
37nogroups 36nogroups
38nonewprivs 37nonewprivs
@@ -48,3 +47,6 @@ tracelog
48# private-bin scribus,gs,gimp* 47# private-bin scribus,gs,gimp*
49private-dev 48private-dev
50private-tmp 49private-tmp
50
51noexec ${HOME}
52noexec /tmp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index bc94ae2a0..2f3d94f01 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -6,8 +6,6 @@ include /etc/firejail/sdat2img.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11include /etc/firejail/disable-common.inc 9include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 10include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 11include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16caps.drop all 14caps.drop all
17net none 15net none
18no3d 16no3d
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index 3f2cc3d33..293a89ba3 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -5,8 +5,6 @@ include /etc/firejail/shotcut.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/Meltytech 8noblacklist ${HOME}/.config/Meltytech
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,6 +14,7 @@ include /etc/firejail/disable-programs.inc
16 14
17caps.drop all 15caps.drop all
18net none 16net none
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 8b4113d2f..adde3f8ce 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -5,8 +5,6 @@ include /etc/firejail/simutrans.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.simutrans 8noblacklist ${HOME}/.simutrans
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ include /etc/firejail/whitelist-common.inc
20 18
21caps.drop all 19caps.drop all
22net none 20net none
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index 316cf5821..4fa649654 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -5,8 +5,6 @@ include /etc/firejail/skanlite.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16# net none 14# net none
17netfilter 15netfilter
16# nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 64eff5670..187b0674a 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 18apparmor
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21# nodbus - problems with KDE
21# nogroups 22# nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 5a6227a8a..dfd3bae7f 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -31,6 +31,7 @@ include /etc/firejail/whitelist-var-common.inc
31 31
32caps.drop all 32caps.drop all
33netfilter 33netfilter
34nodbus
34nodvd 35nodvd
35nogroups 36nogroups
36nonewprivs 37nonewprivs
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 933d55b79..22c37645d 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -5,8 +5,6 @@ include /etc/firejail/sqlitebrowser.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/sqlitebrowser 8noblacklist ${HOME}/.config/sqlitebrowser
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17caps.drop all 15caps.drop all
18net none 16net none
19no3d 17no3d
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/steam.profile b/etc/steam.profile
index 4965d3a54..bcdea9bc7 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -32,7 +32,10 @@ include /etc/firejail/disable-programs.inc
32include /etc/firejail/whitelist-var-common.inc 32include /etc/firejail/whitelist-var-common.inc
33 33
34caps.drop all 34caps.drop all
35#ipc-namespace
35netfilter 36netfilter
37# nodbus disabled as it breaks appindicator support
38#nodbus
36nodvd 39nodvd
37nogroups 40nogroups
38nonewprivs 41nonewprivs
@@ -44,10 +47,17 @@ protocol unix,inet,inet6,netlink
44seccomp 47seccomp
45shell none 48shell none
46# tracelog disabled as it breaks integrated browser 49# tracelog disabled as it breaks integrated browser
47# tracelog 50#tracelog
51
52# private-bin is disabled while in testing, but has been tested working with multiple games
53#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lspci,lsof,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity
54# extra programs are available which might be needed for select games
55#private-bin java,java-config,mono,python*
56# picture viewers are are needed for viewing screenshots
57#private-bin eog,eom,gthumb,pix,viewnior,xviewer
48 58
49# private-dev should be commented for controllers 59# private-dev should be commented for controllers
50private-dev 60private-dev
51# private-etc breaks some games 61# private-etc breaks a small selection of games on some systems, comment to support those
52#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies 62private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives
53private-tmp 63private-tmp
diff --git a/etc/strings.profile b/etc/strings.profile
index 09273f35d..8995ad2a6 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -6,12 +6,12 @@ include /etc/firejail/strings.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index d60d7fa5f..24f42c276 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -5,8 +5,6 @@ include /etc/firejail/supertux2.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.local/share/supertux2 8noblacklist ${HOME}/.local/share/supertux2
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -21,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc
21 19
22caps.drop all 20caps.drop all
23net none 21net none
22nodbus
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 415a42cf5..be9c2aa64 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -5,8 +5,6 @@ include /etc/firejail/synfigstudio.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/synfig 8noblacklist ${HOME}/.config/synfig
11noblacklist ${HOME}/.synfig 9noblacklist ${HOME}/.synfig
12 10
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17 15
18caps.drop all 16caps.drop all
19net none 17net none
18nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
diff --git a/etc/tar.profile b/etc/tar.profile
index bd7973abf..5f54bf02d 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -6,13 +6,13 @@ include /etc/firejail/tar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12hostname tar 11hostname tar
13ignore noroot 12ignore noroot
14net none 13net none
15no3d 14no3d
15nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
diff --git a/etc/terasology.profile b/etc/terasology.profile
index ea25938d3..e671c4dc3 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -5,8 +5,6 @@ include /etc/firejail/terasology.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.java 8noblacklist ${HOME}/.java
11noblacklist ${HOME}/.local/share/terasology 9noblacklist ${HOME}/.local/share/terasology
12 10
@@ -25,6 +23,7 @@ caps.drop all
25ipc-namespace 23ipc-namespace
26net none 24net none
27netfilter 25netfilter
26nodbus
28nodvd 27nodvd
29nogroups 28nogroups
30nonewprivs 29nonewprivs
diff --git a/etc/totem.profile b/etc/totem.profile
index 6dbc5f0c2..ad3845d90 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -15,9 +15,10 @@ include /etc/firejail/disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include /etc/firejail/whitelist-var-common.inc
17 17
18apparmor 18# apparmor - makes settings immutable
19caps.drop all 19caps.drop all
20netfilter 20netfilter
21# nodbus - makes settings immutable
21nogroups 22nogroups
22nonewprivs 23nonewprivs
23noroot 24noroot
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 3d249748d..ee044aa0d 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -25,6 +25,7 @@ apparmor
25caps.drop all 25caps.drop all
26machine-id 26machine-id
27netfilter 27netfilter
28nodbus
28nodvd 29nodvd
29nonewprivs 30nonewprivs
30noroot 31noroot
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 4f4d9bac1..a8fb80fd8 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -25,6 +25,7 @@ apparmor
25caps.drop all 25caps.drop all
26machine-id 26machine-id
27netfilter 27netfilter
28nodbus
28nodvd 29nodvd
29nonewprivs 30nonewprivs
30noroot 31noroot
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 135371747..575bf77dc 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -5,8 +5,6 @@ include /etc/firejail/transmission-show.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.cache/transmission 8noblacklist ${HOME}/.cache/transmission
11noblacklist ${HOME}/.config/transmission 9noblacklist ${HOME}/.config/transmission
12 10
@@ -18,6 +16,7 @@ include /etc/firejail/disable-programs.inc
18caps.drop all 16caps.drop all
19machine-id 17machine-id
20net none 18net none
19nodbus
21nodvd 20nodvd
22nonewprivs 21nonewprivs
23noroot 22noroot
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index 6cff5249c..a10b44fb1 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -5,8 +5,6 @@ include /etc/firejail/uefitool.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -16,6 +14,7 @@ caps.drop all
16ipc-namespace 14ipc-namespace
17net none 15net none
18no3d 16no3d
17nodbus
19nodvd 18nodvd
20nogroups 19nogroups
21nonewprivs 20nonewprivs
diff --git a/etc/unrar.profile b/etc/unrar.profile
index f7e25d5d7..ba2a86f4c 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -6,13 +6,13 @@ include /etc/firejail/unrar.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12hostname unrar 11hostname unrar
13ignore noroot 12ignore noroot
14net none 13net none
15no3d 14no3d
15nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
diff --git a/etc/unzip.profile b/etc/unzip.profile
index fe16c670d..fddc79260 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -6,13 +6,13 @@ include /etc/firejail/unzip.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12hostname unzip 11hostname unzip
13ignore noroot 12ignore noroot
14net none 13net none
15no3d 14no3d
15nodbus
16nodvd 16nodvd
17nosound 17nosound
18notv 18notv
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index f7699552d..b64ecaa3e 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -6,11 +6,10 @@ include /etc/firejail/uudeview.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10
11hostname uudeview 9hostname uudeview
12ignore noroot 10ignore noroot
13net none 11net none
12nodbus
14nodvd 13nodvd
15nosound 14nosound
16notv 15notv
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 39bf3f7ce..135147266 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -5,7 +5,6 @@ include /etc/firejail/viewnior.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9blacklist ${HOME}/.bashrc 8blacklist ${HOME}/.bashrc
10 9
11noblacklist ${HOME}/.Steam 10noblacklist ${HOME}/.Steam
@@ -20,6 +19,7 @@ include /etc/firejail/disable-programs.inc
20caps.drop all 19caps.drop all
21net none 20net none
22no3d 21no3d
22nodbus
23nodvd 23nodvd
24nogroups 24nogroups
25nonewprivs 25nonewprivs
diff --git a/etc/vlc.profile b/etc/vlc.profile
index dad9a9ae1..c8c84b992 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -5,6 +5,7 @@ include /etc/firejail/vlc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.cache/vlc
8noblacklist ${HOME}/.config/vlc 9noblacklist ${HOME}/.config/vlc
9noblacklist ${HOME}/.local/share/vlc 10noblacklist ${HOME}/.local/share/vlc
10 11
@@ -18,6 +19,7 @@ include /etc/firejail/whitelist-var-common.inc
18apparmor 19apparmor
19caps.drop all 20caps.drop all
20netfilter 21netfilter
22# nodbus - problems with KDE
21# nogroups 23# nogroups
22nonewprivs 24nonewprivs
23noroot 25noroot
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
index 67707ffb8..ac8f0fe2a 100644
--- a/etc/x-terminal-emulator.profile
+++ b/etc/x-terminal-emulator.profile
@@ -5,12 +5,11 @@ include /etc/firejail/x-terminal-emulator.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10caps.drop all 8caps.drop all
11ipc-namespace 9ipc-namespace
12net none 10net none
13netfilter 11netfilter
12nodbus
14nogroups 13nogroups
15noroot 14noroot
16protocol unix 15protocol unix
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index 467f96003..8493fe658 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xcalc.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -18,6 +16,7 @@ caps.drop all
18net none 16net none
19netfilter 17netfilter
20no3d 18no3d
19nodbus
21nodvd 20nodvd
22nogroups 21nogroups
23nonewprivs 22nonewprivs
diff --git a/etc/xed.profile b/etc/xed.profile
index e4ab673e8..5d46560b7 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xed.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.config/xed 8noblacklist ${HOME}/.config/xed
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -16,10 +14,12 @@ include /etc/firejail/disable-programs.inc
16 14
17include /etc/firejail/whitelist-var-common.inc 15include /etc/firejail/whitelist-var-common.inc
18 16
17# apparmor - makes settings immutable
19caps.drop all 18caps.drop all
20# net none - makes settings immutable
21machine-id 19machine-id
20# net none - makes settings immutable
22no3d 21no3d
22# nodbus - makes settings immutable
23nodvd 23nodvd
24nogroups 24nogroups
25nonewprivs 25nonewprivs
diff --git a/etc/xpdf.profile b/etc/xpdf.profile
index 7b8042e5c..9eeda4d29 100644
--- a/etc/xpdf.profile
+++ b/etc/xpdf.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xpdf.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.xpdfrc 8noblacklist ${HOME}/.xpdfrc
11 9
12include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
@@ -20,6 +18,7 @@ caps.drop all
20machine-id 18machine-id
21net none 19net none
22no3d 20no3d
21nodbus
23nodvd 22nodvd
24nogroups 23nogroups
25nonewprivs 24nonewprivs
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 8ea361d79..7e475bd58 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -15,8 +15,10 @@ include /etc/firejail/disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc 16include /etc/firejail/whitelist-var-common.inc
17 17
18# apparmor - makes settings immutable
18caps.drop all 19caps.drop all
19netfilter 20netfilter
21# nodbus - makes settings immutable
20nogroups 22nogroups
21nonewprivs 23nonewprivs
22noroot 24noroot
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 00bd1ee2f..1ddfad26f 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc
16 16
17include /etc/firejail/whitelist-var-common.inc 17include /etc/firejail/whitelist-var-common.inc
18 18
19# apparmor
19caps.drop all 20caps.drop all
20no3d 21no3d
21nodvd 22nodvd
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 7c4ede111..26f9f0238 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -5,8 +5,6 @@ include /etc/firejail/xviewer.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus - makes settings immutable
9
10noblacklist ${HOME}/.Steam 8noblacklist ${HOME}/.Steam
11noblacklist ${HOME}/.config/xviewer 9noblacklist ${HOME}/.config/xviewer
12noblacklist ${HOME}/.local/share/Trash 10noblacklist ${HOME}/.local/share/Trash
@@ -19,9 +17,11 @@ include /etc/firejail/disable-programs.inc
19 17
20include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
21 19
20# apparmor - makes settings immutable
22caps.drop all 21caps.drop all
23# net none - makes settings immutable 22# net none - makes settings immutable
24no3d 23no3d
24# nodbus - makes settings immutable
25nodvd 25nodvd
26nogroups 26nogroups
27nonewprivs 27nonewprivs
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index 1136a6535..5913fd07a 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -6,12 +6,12 @@ include /etc/firejail/xzdec.local
6# Persistent global definitions 6# Persistent global definitions
7include /etc/firejail/globals.local 7include /etc/firejail/globals.local
8 8
9blacklist /run/user/*/bus
10blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
11 10
12ignore noroot 11ignore noroot
13net none 12net none
14no3d 13no3d
14nodbus
15nodvd 15nodvd
16nosound 16nosound
17notv 17notv
diff --git a/etc/zart.profile b/etc/zart.profile
index e9fd9b3bd..60eb09c71 100644
--- a/etc/zart.profile
+++ b/etc/zart.profile
@@ -5,8 +5,6 @@ include /etc/firejail/zart.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8blacklist /run/user/*/bus
9
10include /etc/firejail/disable-common.inc 8include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc 9include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 10include /etc/firejail/disable-passwdmgr.inc
@@ -15,6 +13,7 @@ include /etc/firejail/disable-programs.inc
15caps.drop all 13caps.drop all
16ipc-namespace 14ipc-namespace
17net none 15net none
16nodbus
18nodvd 17nodvd
19nogroups 18nogroups
20nonewprivs 19nonewprivs
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 288abb8ec..3edece779 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -5,8 +5,6 @@ include /etc/firejail/zathura.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8# blacklist /run/user/*/bus
9
10noblacklist ${HOME}/.config/zathura 8noblacklist ${HOME}/.config/zathura
11noblacklist ${HOME}/.local/share/zathura 9noblacklist ${HOME}/.local/share/zathura
12 10
@@ -17,6 +15,7 @@ include /etc/firejail/disable-programs.inc
17 15
18caps.drop all 16caps.drop all
19# net none 17# net none
18# nodbus
20nodvd 19nodvd
21nogroups 20nogroups
22nonewprivs 21nonewprivs
@@ -31,5 +30,6 @@ private-bin zathura
31private-dev 30private-dev
32private-etc fonts 31private-etc fonts
33private-tmp 32private-tmp
33
34read-only ${HOME}/ 34read-only ${HOME}/
35read-write ${HOME}/.local/share/zathura/ 35read-write ${HOME}/.local/share/zathura/
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 19:25:14 +0000