aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/chromium.profile1
-rw-r--r--etc/clementine.profile3
-rw-r--r--etc/disable-common.inc3
-rw-r--r--etc/gnome-calculator.profile1
-rw-r--r--etc/google-chrome.profile1
5 files changed, 7 insertions, 2 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 071c8a18a..ff51f6976 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -24,6 +24,7 @@ whitelist ~/.config/chromium-flags.conf
24 24
25include /etc/firejail/whitelist-common.inc 25include /etc/firejail/whitelist-common.inc
26 26
27caps.keep sys_chroot,sys_admin
27ipc-namespace 28ipc-namespace
28netfilter 29netfilter
29nogroups 30nogroups
diff --git a/etc/clementine.profile b/etc/clementine.profile
index f92413a36..d9ce4c9c8 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -12,4 +12,5 @@ caps.drop all
12nonewprivs 12nonewprivs
13noroot 13noroot
14protocol unix,inet,inet6 14protocol unix,inet,inet6
15seccomp 15# Clementine makes ioprio_set system calls, which are blacklisted by default.
16seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 7a5e8bf5b..c78640cd7 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -6,6 +6,7 @@ include /etc/firejail/disable-common.local
6blacklist-nolog ${HOME}/.history 6blacklist-nolog ${HOME}/.history
7blacklist-nolog ${HOME}/.*_history 7blacklist-nolog ${HOME}/.*_history
8blacklist-nolog ${HOME}/.bash_history 8blacklist-nolog ${HOME}/.bash_history
9blacklist-nolog ${HOME}/.local/share/fish/fish_history
9blacklist-nolog ${HOME}/.adobe 10blacklist-nolog ${HOME}/.adobe
10blacklist-nolog ${HOME}/.macromedia 11blacklist-nolog ${HOME}/.macromedia
11 12
@@ -142,6 +143,8 @@ read-only ${HOME}/.zsh_files
142read-only ${HOME}/.tcshrc 143read-only ${HOME}/.tcshrc
143read-only ${HOME}/.cshrc 144read-only ${HOME}/.cshrc
144read-only ${HOME}/.csh_files 145read-only ${HOME}/.csh_files
146read-only ${HOME}/.config/fish
147read-only ${HOME}/.local/share/fish
145read-only ${HOME}/.profile 148read-only ${HOME}/.profile
146read-only ${HOME}/.forward 149read-only ${HOME}/.forward
147read-only ${HOME}/.login 150read-only ${HOME}/.login
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index eb9027ca4..67610abea 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -16,7 +16,6 @@ include /etc/firejail/whitelist-common.inc
16 16
17#Options 17#Options
18caps.drop all 18caps.drop all
19ipc-namespace
20netfilter 19netfilter
21#net none 20#net none
22no3d 21no3d
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 38feb12a5..9cfafdb82 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc
13# include /etc/firejail/disable-devel.inc 13# include /etc/firejail/disable-devel.inc
14# 14#
15 15
16caps.keep sys_chroot,sys_admin
16netfilter 17netfilter
17 18
18whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 02:05:43 +0000