diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/Cryptocat.profile | 2 | ||||
-rw-r--r-- | etc/FossaMail.profile | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 6 | ||||
-rw-r--r-- | etc/disable-devel.inc | 3 | ||||
-rw-r--r-- | etc/disable-passwdmgr.inc | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/evolution.profile | 3 | ||||
-rw-r--r-- | etc/fossamail.profile | 15 | ||||
-rw-r--r-- | etc/gpa.profile | 2 | ||||
-rw-r--r-- | etc/gpg-agent.profile | 4 | ||||
-rw-r--r-- | etc/gpg.profile | 5 | ||||
-rw-r--r-- | etc/uzbl-browser.profile | 27 | ||||
-rw-r--r-- | etc/whitelist-common.inc | 3 |
13 files changed, 68 insertions, 10 deletions
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 3db34c03c..b61b88f68 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile for | 1 | # Firejail profile for Cryptocat |
2 | noblacklist ${HOME}/.config/Cryptocat | 2 | noblacklist ${HOME}/.config/Cryptocat |
3 | 3 | ||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile new file mode 100644 index 000000000..0da235467 --- /dev/null +++ b/etc/FossaMail.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | # Firejail profile for FossaMail | ||
2 | include /etc/firejail/fossamail.profile | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 22f54604a..6f21b9681 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-common.local | ||
3 | |||
1 | # History files in $HOME | 4 | # History files in $HOME |
2 | blacklist-nolog ${HOME}/.history | 5 | blacklist-nolog ${HOME}/.history |
3 | blacklist-nolog ${HOME}/.*_history | 6 | blacklist-nolog ${HOME}/.*_history |
@@ -102,6 +105,9 @@ read-only ${HOME}/.caffrc | |||
102 | read-only ${HOME}/.dotfiles | 105 | read-only ${HOME}/.dotfiles |
103 | read-only ${HOME}/dotfiles | 106 | read-only ${HOME}/dotfiles |
104 | read-only ${HOME}/.mailcap | 107 | read-only ${HOME}/.mailcap |
108 | read-only ${HOME}/.muttrc | ||
109 | read-only ${HOME}/.mutt/muttrc | ||
110 | read-only ${HOME}/.msmtprc | ||
105 | read-only ${HOME}/.exrc | 111 | read-only ${HOME}/.exrc |
106 | read-only ${HOME}/_exrc | 112 | read-only ${HOME}/_exrc |
107 | read-only ${HOME}/.vimrc | 113 | read-only ${HOME}/.vimrc |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 2ac367f37..07fc3928c 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-devel.local | ||
3 | |||
1 | # development tools | 4 | # development tools |
2 | 5 | ||
3 | # GCC | 6 | # GCC |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 045b4d92b..7d129b2e4 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-passwdmgr.local | ||
3 | |||
1 | blacklist ${HOME}/.pki/nssdb | 4 | blacklist ${HOME}/.pki/nssdb |
2 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.lastpass |
3 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.keepassx |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 69f0a2e1b..b307978da 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-programs.local | ||
3 | |||
1 | blacklist ${HOME}/.*coin | 4 | blacklist ${HOME}/.*coin |
2 | blacklist ${HOME}/.8pecxstudios | 5 | blacklist ${HOME}/.8pecxstudios |
3 | blacklist ${HOME}/.Atom | 6 | blacklist ${HOME}/.Atom |
diff --git a/etc/evolution.profile b/etc/evolution.profile index ab6dd7a4a..1707e562b 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -6,6 +6,9 @@ noblacklist ~/.pki | |||
6 | noblacklist ~/.pki/nssdb | 6 | noblacklist ~/.pki/nssdb |
7 | noblacklist ~/.gnupg | 7 | noblacklist ~/.gnupg |
8 | 8 | ||
9 | noblacklist /var/spool/mail | ||
10 | noblacklist /var/mail | ||
11 | |||
9 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/fossamail.profile b/etc/fossamail.profile new file mode 100644 index 000000000..a0dc8ae59 --- /dev/null +++ b/etc/fossamail.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # Firejail profile for FossaMail | ||
2 | |||
3 | noblacklist ~/.gnupg | ||
4 | mkdir ~/.gnupg | ||
5 | whitelist ~/.gnupg | ||
6 | |||
7 | noblacklist ~/.fossamail | ||
8 | mkdir ~/.fossamail | ||
9 | whitelist ~/.fossamail | ||
10 | |||
11 | noblacklist ~/.cache/fossamail | ||
12 | mkdir ~/.cache/fossamail | ||
13 | whitelist ~/.cache/fossamail | ||
14 | |||
15 | include /etc/firejail/firefox.profile | ||
diff --git a/etc/gpa.profile b/etc/gpa.profile index 7d7277190..9da750f9e 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
@@ -18,6 +18,4 @@ shell none | |||
18 | tracelog | 18 | tracelog |
19 | 19 | ||
20 | # private-bin gpa,gpg | 20 | # private-bin gpa,gpg |
21 | private-tmp | ||
22 | private-dev | 21 | private-dev |
23 | # private-etc none | ||
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 59c7383d7..f587f0d53 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -11,7 +11,7 @@ nogroups | |||
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
13 | nosound | 13 | nosound |
14 | protocol unix | 14 | protocol unix,inet,inet6 |
15 | seccomp | 15 | seccomp |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
@@ -21,6 +21,4 @@ tracelog | |||
21 | blacklist /tmp/.X11-unix | 21 | blacklist /tmp/.X11-unix |
22 | 22 | ||
23 | # private-bin gpg-agent,gpg | 23 | # private-bin gpg-agent,gpg |
24 | private-tmp | ||
25 | private-dev | 24 | private-dev |
26 | # private-etc none | ||
diff --git a/etc/gpg.profile b/etc/gpg.profile index d711c6f3e..963ff5ed7 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -11,10 +11,9 @@ nogroups | |||
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
13 | nosound | 13 | nosound |
14 | protocol unix | 14 | protocol unix,inet,inet6 |
15 | seccomp | 15 | seccomp |
16 | netfilter | 16 | netfilter |
17 | net none | ||
18 | no3d | 17 | no3d |
19 | shell none | 18 | shell none |
20 | tracelog | 19 | tracelog |
@@ -22,6 +21,4 @@ tracelog | |||
22 | blacklist /tmp/.X11-unix | 21 | blacklist /tmp/.X11-unix |
23 | 22 | ||
24 | # private-bin gpg,gpg-agent | 23 | # private-bin gpg,gpg-agent |
25 | private-tmp | ||
26 | private-dev | 24 | private-dev |
27 | # private-etc none | ||
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile new file mode 100644 index 000000000..1346b7fc2 --- /dev/null +++ b/etc/uzbl-browser.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # Firejail profile for uzbl-browser | ||
2 | |||
3 | noblacklist ~/.config/uzbl | ||
4 | noblacklist ~/.cache/uzbl | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | tracelog | ||
17 | |||
18 | mkdir ~/.config/uzbl | ||
19 | whitelist ~/.config/uzbl | ||
20 | mkdir ~/.cache/uzbl | ||
21 | whitelist ~/.cache/uzbl | ||
22 | mkdir ~/.local/share/uzbl | ||
23 | whitelist ~/.local/share/uzbl | ||
24 | |||
25 | whitelist ${DOWNLOADS} | ||
26 | |||
27 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index d4e69948e..cf7797100 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/whitelist-common.local | ||
3 | |||
1 | # common whitelist for all profiles | 4 | # common whitelist for all profiles |
2 | 5 | ||
3 | whitelist ~/.XCompose | 6 | whitelist ~/.XCompose |