aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/basilisk.profile5
-rw-r--r--etc/firefox-common.profile5
-rw-r--r--etc/firejail-default1
-rw-r--r--etc/palemoon.profile5
4 files changed, 14 insertions, 2 deletions
diff --git a/etc/basilisk.profile b/etc/basilisk.profile
index ac7f30c04..fe63a59f1 100644
--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@@ -14,6 +14,11 @@ whitelist ${DOWNLOADS}
14whitelist ${HOME}/.cache/moonchild productions/basilisk 14whitelist ${HOME}/.cache/moonchild productions/basilisk
15whitelist ${HOME}/.moonchild productions 15whitelist ${HOME}/.moonchild productions
16 16
17# Basilisk can use the full firejail seccomp filter (unlike firefox >= 60)
18ignore seccomp.drop
19seccomp
20shell none
21
17#private-bin basilisk 22#private-bin basilisk
18# private-etc must first be enabled in firefox-common.profile 23# private-etc must first be enabled in firefox-common.profile
19#private-etc basilisk 24#private-etc basilisk
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 3fe83eda0..843f41fee 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -33,8 +33,9 @@ nonewprivs
33noroot 33noroot
34notv 34notv
35protocol unix,inet,inet6,netlink 35protocol unix,inet,inet6,netlink
36seccomp 36seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
37shell none 37# shell none breaks firefox>=60, see issue #1765
38# shell none
38tracelog 39tracelog
39 40
40disable-mnt 41disable-mnt
diff --git a/etc/firejail-default b/etc/firejail-default
index 5d116fbbc..ad3fdd718 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -72,6 +72,7 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk,
72########## 72##########
73/proc/ r, 73/proc/ r,
74/proc/** r, 74/proc/** r,
75owner /proc/[0-9]*/{uid_map,gid_map,setgroups} w,
75# Uncomment to silence all denied write warnings 76# Uncomment to silence all denied write warnings
76#deny /proc/** w, 77#deny /proc/** w,
77deny /proc/@{PID}/oom_adj w, 78deny /proc/@{PID}/oom_adj w,
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index ff7087e55..c68574df5 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -13,6 +13,11 @@ mkdir ${HOME}/.moonchild productions
13whitelist ${HOME}/.cache/moonchild productions/pale moon 13whitelist ${HOME}/.cache/moonchild productions/pale moon
14whitelist ${HOME}/.moonchild productions 14whitelist ${HOME}/.moonchild productions
15 15
16# Palemoon can use the full firejail seccomp filter (unlike firefox >= 60)
17ignore seccomp.drop
18seccomp
19shell none
20
16#private-bin palemoon 21#private-bin palemoon
17# private-etc must first be enabled in firefox-common.profile 22# private-etc must first be enabled in firefox-common.profile
18#private-etc palemoon 23#private-etc palemoon
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 07:22:01 +0000