3 files changed, 56 insertions, 1 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index d18ee0287..ed6ee315b 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -14,6 +14,7 @@ blacklist /etc/xdg/autostart
 blacklist ${HOME}/.kde4/Autostart
 blacklist ${HOME}/.kde4/share/autostart
 blacklist ${HOME}/.kde/Autostart
+blacklist ${HOME}/.kde/share/autostart
 blacklist ${HOME}/.config/plasma-workspace/shutdown
 blacklist ${HOME}/.config/plasma-workspace/env
 blacklist ${HOME}/.config/lxsession/LXDE/autostart
@@ -168,3 +169,5 @@ blacklist ${PATH}/roxterm-config
 blacklist ${PATH}/terminix
 blacklist ${PATH}/urxvtc
 blacklist ${PATH}/urxvtcd
+blacklist ${PATH}/konsole
+blacklist ${PATH}/yakuake
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 25d426ad2..2f8e2df7f 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,2 +1,51 @@
 # Firejail profile for GNU Icecat
-include /etc/firejail/firefox.profile
+noblacklist ~/.mozilla
+noblacklist ~/.cache/mozilla
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+whitelist ${DOWNLOADS}
+mkdir ~/.mozilla
+whitelist ~/.mozilla
+mkdir ~/.cache/mozilla/icecat
+whitelist ~/.cache/mozilla/icecat
+whitelist ~/dwhelper
+whitelist ~/.zotero
+whitelist ~/.vimperatorrc
+whitelist ~/.vimperator
+whitelist ~/.pentadactylrc
+whitelist ~/.pentadactyl
+whitelist ~/.keysnail.js
+whitelist ~/.config/gnome-mplayer
+whitelist ~/.cache/gnome-mplayer/plugin
+whitelist ~/.pki
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+#silverlight
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.config/pipelight-silverlight5.1
+include /etc/firejail/whitelist-common.inc
+# experimental features
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 2317133c5..abbb4a9fc 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -20,8 +20,11 @@ whitelist ~/.cache/fontconfig
 # gtk
 whitelist ~/.gtkrc
 whitelist ~/.gtkrc-2.0
+whitelist ~/.config/gtk-2.0
 whitelist ~/.config/gtk-3.0
 whitelist ~/.themes
+whitelist ~/.kde/share/config/gtkrc
+whitelist ~/.kde/share/config/gtkrc-2.0
 # dconf
 mkdir ~/.config/dconf

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index d18ee0287..ed6ee315b 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -14,6 +14,7 @@ blacklist /etc/xdg/autostart
14	blacklist ${HOME}/.kde4/Autostart	14	blacklist ${HOME}/.kde4/Autostart
15	blacklist ${HOME}/.kde4/share/autostart	15	blacklist ${HOME}/.kde4/share/autostart
16	blacklist ${HOME}/.kde/Autostart	16	blacklist ${HOME}/.kde/Autostart
		17	blacklist ${HOME}/.kde/share/autostart
17	blacklist ${HOME}/.config/plasma-workspace/shutdown	18	blacklist ${HOME}/.config/plasma-workspace/shutdown
18	blacklist ${HOME}/.config/plasma-workspace/env	19	blacklist ${HOME}/.config/plasma-workspace/env
19	blacklist ${HOME}/.config/lxsession/LXDE/autostart	20	blacklist ${HOME}/.config/lxsession/LXDE/autostart
@@ -168,3 +169,5 @@ blacklist ${PATH}/roxterm-config
168	blacklist ${PATH}/terminix	169	blacklist ${PATH}/terminix
169	blacklist ${PATH}/urxvtc	170	blacklist ${PATH}/urxvtc
170	blacklist ${PATH}/urxvtcd	171	blacklist ${PATH}/urxvtcd
		172	blacklist ${PATH}/konsole
		173	blacklist ${PATH}/yakuake


diff --git a/etc/icecat.profile b/etc/icecat.profile index 25d426ad2..2f8e2df7f 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile
@@ -1,2 +1,51 @@
1	# Firejail profile for GNU Icecat	1	# Firejail profile for GNU Icecat
2	include /etc/firejail/firefox.profile	2
		3	noblacklist ~/.mozilla
		4	noblacklist ~/.cache/mozilla
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8
		9	caps.drop all
		10	netfilter
		11	nonewprivs
		12	noroot
		13	protocol unix,inet,inet6,netlink
		14	seccomp
		15	tracelog
		16
		17	whitelist ${DOWNLOADS}
		18	mkdir ~/.mozilla
		19	whitelist ~/.mozilla
		20	mkdir ~/.cache/mozilla/icecat
		21	whitelist ~/.cache/mozilla/icecat
		22	whitelist ~/dwhelper
		23	whitelist ~/.zotero
		24	whitelist ~/.vimperatorrc
		25	whitelist ~/.vimperator
		26	whitelist ~/.pentadactylrc
		27	whitelist ~/.pentadactyl
		28	whitelist ~/.keysnail.js
		29	whitelist ~/.config/gnome-mplayer
		30	whitelist ~/.cache/gnome-mplayer/plugin
		31	whitelist ~/.pki
		32
		33	# lastpass, keepassx
		34	whitelist ~/.keepassx
		35	whitelist ~/.config/keepassx
		36	whitelist ~/keepassx.kdbx
		37	whitelist ~/.lastpass
		38	whitelist ~/.config/lastpass
		39
		40
		41	#silverlight
		42	whitelist ~/.wine-pipelight
		43	whitelist ~/.wine-pipelight64
		44	whitelist ~/.config/pipelight-widevine
		45	whitelist ~/.config/pipelight-silverlight5.1
		46
		47	include /etc/firejail/whitelist-common.inc
		48
		49	# experimental features
		50	#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
		51


diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 2317133c5..abbb4a9fc 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc
@@ -20,8 +20,11 @@ whitelist ~/.cache/fontconfig
20	# gtk	20	# gtk
21	whitelist ~/.gtkrc	21	whitelist ~/.gtkrc
22	whitelist ~/.gtkrc-2.0	22	whitelist ~/.gtkrc-2.0
		23	whitelist ~/.config/gtk-2.0
23	whitelist ~/.config/gtk-3.0	24	whitelist ~/.config/gtk-3.0
24	whitelist ~/.themes	25	whitelist ~/.themes
		26	whitelist ~/.kde/share/config/gtkrc
		27	whitelist ~/.kde/share/config/gtkrc-2.0
25		28
26	# dconf	29	# dconf
27	mkdir ~/.config/dconf	30	mkdir ~/.config/dconf