aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/bitlbee.profile1
-rw-r--r--etc/disable-common.inc4
-rw-r--r--etc/disable-programs.inc1
-rw-r--r--etc/firefox-common-addons.inc13
-rw-r--r--etc/flowblade.profile6
-rw-r--r--etc/less.profile2
-rw-r--r--etc/musixmatch.profile1
-rw-r--r--etc/openshot.profile6
-rw-r--r--etc/ranger.profile10
-rw-r--r--etc/uzbl-browser.profile7
-rw-r--r--etc/zathura.profile3
11 files changed, 47 insertions, 7 deletions
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index b6baa66bc..1cd5d6a69 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -28,7 +28,6 @@ seccomp
28disable-mnt 28disable-mnt
29private 29private
30private-dev 30private-dev
31private-dev
32private-tmp 31private-tmp
33read-write /var/lib/bitlbee 32read-write /var/lib/bitlbee
34 33
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ff5dc7b6b..7bc66b1e9 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -116,6 +116,10 @@ blacklist /run/user/*/kdeinit5__*
116# blacklist /tmp/ksocket-*/kdeinit4__* 116# blacklist /tmp/ksocket-*/kdeinit4__*
117# - causes issues when kdeinit4 gets killed; enable on KDE Plasma 4 117# - causes issues when kdeinit4 gets killed; enable on KDE Plasma 4
118 118
119# gnome
120# contains extensions, last used times of applications, and notifications
121blacklist ${HOME}/.local/share/gnome-shell
122
119# systemd 123# systemd
120blacklist ${HOME}/.config/systemd 124blacklist ${HOME}/.config/systemd
121blacklist ${HOME}/.local/share/systemd 125blacklist ${HOME}/.local/share/systemd
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index b68dde0c4..eddb12e08 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -429,6 +429,7 @@ blacklist ${HOME}/.local/share/telepathy
429blacklist ${HOME}/.local/share/terasology 429blacklist ${HOME}/.local/share/terasology
430blacklist ${HOME}/.local/share/torbrowser 430blacklist ${HOME}/.local/share/torbrowser
431blacklist ${HOME}/.local/share/totem 431blacklist ${HOME}/.local/share/totem
432blacklist ${HOME}/.local/share/uzbl
432blacklist ${HOME}/.local/share/vlc 433blacklist ${HOME}/.local/share/vlc
433blacklist ${HOME}/.local/share/vpltd 434blacklist ${HOME}/.local/share/vpltd
434blacklist ${HOME}/.local/share/vulkan 435blacklist ${HOME}/.local/share/vulkan
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc
index b237c3c05..333ebdaa2 100644
--- a/etc/firefox-common-addons.inc
+++ b/etc/firefox-common-addons.inc
@@ -16,7 +16,6 @@ noblacklist ${HOME}/.kde4/share/apps/okular
16noblacklist ${HOME}/.kde4/share/config/kgetrc 16noblacklist ${HOME}/.kde4/share/config/kgetrc
17noblacklist ${HOME}/.kde4/share/config/okularpartrc 17noblacklist ${HOME}/.kde4/share/config/okularpartrc
18noblacklist ${HOME}/.kde4/share/config/okularrc 18noblacklist ${HOME}/.kde4/share/config/okularrc
19# noblacklist ${HOME}/.local/share/gnome-shell/extensions
20noblacklist ${HOME}/.local/share/kget 19noblacklist ${HOME}/.local/share/kget
21noblacklist ${HOME}/.local/share/okular 20noblacklist ${HOME}/.local/share/okular
22noblacklist ${HOME}/.local/share/qpdfview 21noblacklist ${HOME}/.local/share/qpdfview
@@ -41,7 +40,6 @@ whitelist ${HOME}/.kde4/share/config/okularpartrc
41whitelist ${HOME}/.kde4/share/config/okularrc 40whitelist ${HOME}/.kde4/share/config/okularrc
42whitelist ${HOME}/.keysnail.js 41whitelist ${HOME}/.keysnail.js
43whitelist ${HOME}/.lastpass 42whitelist ${HOME}/.lastpass
44whitelist ${HOME}/.local/share/gnome-shell/extensions
45whitelist ${HOME}/.local/share/kget 43whitelist ${HOME}/.local/share/kget
46whitelist ${HOME}/.local/share/okular 44whitelist ${HOME}/.local/share/okular
47whitelist ${HOME}/.local/share/qpdfview 45whitelist ${HOME}/.local/share/qpdfview
@@ -53,3 +51,14 @@ whitelist ${HOME}/.wine-pipelight
53whitelist ${HOME}/.wine-pipelight64 51whitelist ${HOME}/.wine-pipelight64
54whitelist ${HOME}/.zotero 52whitelist ${HOME}/.zotero
55whitelist ${HOME}/dwhelper 53whitelist ${HOME}/dwhelper
54
55# GNOME Shell integration (chrome-gnome-shell) needs dbus and python 3 (blacklisted by disable-interpreters.inc)
56noblacklist ${HOME}/.local/share/gnome-shell/extensions
57whitelist ${HOME}/.local/share/gnome-shell/extensions
58ignore nodbus
59noblacklist ${PATH}/python3*
60noblacklist /usr/lib/python3*
61
62# Flash plugin
63# private-etc must first be enabled in firefox-common.profile and in profiles including it.
64#private-etc adobe
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index bad8538cf..e06107f0f 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -8,6 +8,12 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.config/flowblade 8noblacklist ${HOME}/.config/flowblade
9noblacklist ${HOME}/.flowblade 9noblacklist ${HOME}/.flowblade
10 10
11# Allow python (blacklisted by disable-interpreters.inc)
12noblacklist ${PATH}/python2*
13noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3*
16
11include /etc/firejail/disable-common.inc 17include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 18include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 19include /etc/firejail/disable-interpreters.inc
diff --git a/etc/less.profile b/etc/less.profile
index e2616ba4f..9b04329f2 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -20,7 +20,7 @@ shell none
20tracelog 20tracelog
21writable-var-log 21writable-var-log
22 22
23# The user can have a custom coloring scritps configured in ${HOME}/.lessfilter. 23# The user can have a custom coloring script configured in ${HOME}/.lessfilter.
24# Enable private-bin and private-lib if you are not using any filter. 24# Enable private-bin and private-lib if you are not using any filter.
25# private-bin less 25# private-bin less
26# private-lib 26# private-lib
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile
index 1a3ee5e6f..fce60e89e 100644
--- a/etc/musixmatch.profile
+++ b/etc/musixmatch.profile
@@ -24,7 +24,6 @@ notv
24novideo 24novideo
25protocol unix,inet,inet6,netlink 25protocol unix,inet,inet6,netlink
26seccomp 26seccomp
27shell none
28 27
29disable-mnt 28disable-mnt
30private-dev 29private-dev
diff --git a/etc/openshot.profile b/etc/openshot.profile
index 114580f1e..832008564 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -8,6 +8,12 @@ include /etc/firejail/globals.local
8noblacklist ${HOME}/.openshot 8noblacklist ${HOME}/.openshot
9noblacklist ${HOME}/.openshot_qt 9noblacklist ${HOME}/.openshot_qt
10 10
11# Allow python (blacklisted by disable-interpreters.inc)
12noblacklist ${PATH}/python2*
13noblacklist ${PATH}/python3*
14noblacklist /usr/lib/python2*
15noblacklist /usr/lib/python3*
16
11include /etc/firejail/disable-common.inc 17include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 18include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-interpreters.inc 19include /etc/firejail/disable-interpreters.inc
diff --git a/etc/ranger.profile b/etc/ranger.profile
index 94b282669..ff65a057b 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -5,11 +5,19 @@ include /etc/firejail/ranger.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.config/ranger
9
10# Allow python (blacklisted by disable-interpreters.inc)
11noblacklist ${PATH}/python2*
12noblacklist ${PATH}/python3*
13noblacklist /usr/lib/python2*
14noblacklist /usr/lib/python3*
15
16# Allow perl
8# noblacklist ${PATH}/cpan* 17# noblacklist ${PATH}/cpan*
9noblacklist ${PATH}/perl 18noblacklist ${PATH}/perl
10noblacklist /usr/lib/perl* 19noblacklist /usr/lib/perl*
11noblacklist /usr/share/perl* 20noblacklist /usr/share/perl*
12noblacklist ${HOME}/.config/ranger
13 21
14include /etc/firejail/disable-common.inc 22include /etc/firejail/disable-common.inc
15include /etc/firejail/disable-devel.inc 23include /etc/firejail/disable-devel.inc
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile
index 0a3549c97..b8a3fa497 100644
--- a/etc/uzbl-browser.profile
+++ b/etc/uzbl-browser.profile
@@ -7,6 +7,13 @@ include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.config/uzbl 8noblacklist ${HOME}/.config/uzbl
9noblacklist ${HOME}/.gnupg 9noblacklist ${HOME}/.gnupg
10noblacklist ${HOME}/.local/share/uzbl
11
12# Allow python (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/python2*
14noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3*
10 17
11include /etc/firejail/disable-common.inc 18include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc 19include /etc/firejail/disable-devel.inc
diff --git a/etc/zathura.profile b/etc/zathura.profile
index b47aeb0da..028e15ef5 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc 15include /etc/firejail/disable-programs.inc
16 16
17caps.drop all 17caps.drop all
18machine-id
18# net none 19# net none
19# nodbus 20# nodbus
20nodvd 21nodvd
@@ -29,7 +30,7 @@ shell none
29 30
30private-bin zathura 31private-bin zathura
31private-dev 32private-dev
32private-etc fonts 33private-etc fonts,machine-id
33private-tmp 34private-tmp
34 35
35read-only ${HOME}/ 36read-only ${HOME}/
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-01 19:23:19 +0000