aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/amarok.profile19
-rw-r--r--etc/ark.profile23
-rw-r--r--etc/atool.profile24
-rw-r--r--etc/bleachbit.profile21
-rw-r--r--etc/brasero.profile23
-rw-r--r--etc/dolphin.profile23
-rw-r--r--etc/dragon.profile22
-rw-r--r--etc/elinks.profile24
-rw-r--r--etc/enchant.profile23
-rw-r--r--etc/exiftool.profile28
-rw-r--r--etc/file-roller.profile21
-rw-r--r--etc/gedit.profile26
-rw-r--r--etc/gjs.profile28
-rw-r--r--etc/gnome-books.profile26
-rw-r--r--etc/gnome-clocks.profile22
-rw-r--r--etc/gnome-documents.profile24
-rw-r--r--etc/gnome-maps.profile24
-rw-r--r--etc/gnome-music.profile22
-rw-r--r--etc/gnome-photos.profile26
-rw-r--r--etc/gnome-weather.profile26
-rw-r--r--etc/goobox.profile20
-rw-r--r--etc/gpa.profile23
-rw-r--r--etc/gpg-agent.profile24
-rw-r--r--etc/gpg.profile24
-rw-r--r--etc/highlight.profile24
-rw-r--r--etc/img2txt.profile24
-rw-r--r--etc/k3b.profile21
-rw-r--r--etc/kate.profile28
-rw-r--r--etc/lynx.profile22
-rw-r--r--etc/mediainfo.profile26
-rw-r--r--etc/nautilus.profile26
-rw-r--r--etc/odt2txt.profile24
-rw-r--r--etc/okular.profile16
-rw-r--r--etc/pdftotext.profile22
-rw-r--r--etc/simple-scan.profile23
-rw-r--r--etc/skanlite.profile21
-rw-r--r--etc/ssh-agent.profile15
-rw-r--r--etc/tracker.profile24
-rw-r--r--etc/transmission-cli.profile24
-rw-r--r--etc/transmission-show.profile24
-rw-r--r--etc/w3m.profile23
-rw-r--r--etc/xfburn.profile23
-rw-r--r--etc/xpra.profile21
43 files changed, 989 insertions, 8 deletions
diff --git a/etc/amarok.profile b/etc/amarok.profile
new file mode 100644
index 000000000..962865790
--- /dev/null
+++ b/etc/amarok.profile
@@ -0,0 +1,19 @@
1# amorak profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8netfilter
9nogroups
10nonewprivs
11noroot
12shell none
13#seccomp
14protocol unix,inet,inet6
15
16#private-bin amorak
17private-dev
18private-tmp
19#private-etc none
diff --git a/etc/ark.profile b/etc/ark.profile
new file mode 100644
index 000000000..61b4c6f60
--- /dev/null
+++ b/etc/ark.profile
@@ -0,0 +1,23 @@
1# ark profile
2noblacklist ~/.config/arkrc
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10netfilter
11nogroups
12nonewprivs
13noroot
14nosound
15shell none
16seccomp
17protocol unix
18
19# private-bin
20private-dev
21private-tmp
22# private-etc
23
diff --git a/etc/atool.profile b/etc/atool.profile
new file mode 100644
index 000000000..3fbfb9fc7
--- /dev/null
+++ b/etc/atool.profile
@@ -0,0 +1,24 @@
1# atool profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4# include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15net none
16shell none
17tracelog
18
19# private-bin atool
20private-tmp
21private-dev
22private-etc none
23
24
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
new file mode 100644
index 000000000..0a71db9f0
--- /dev/null
+++ b/etc/bleachbit.profile
@@ -0,0 +1,21 @@
1# bleachbit profile
2include /etc/firejail/disable-common.inc
3# include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8netfilter
9nogroups
10nonewprivs
11noroot
12nosound
13shell none
14seccomp
15protocol unix
16
17# private-bin
18# private-dev
19# private-tmp
20# private-etc
21
diff --git a/etc/brasero.profile b/etc/brasero.profile
new file mode 100644
index 000000000..66de6fa50
--- /dev/null
+++ b/etc/brasero.profile
@@ -0,0 +1,23 @@
1# brasero profile
2noblacklist ~/.config/brasero
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix
15seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin brasero
21# private-tmp
22# private-dev
23# private-etc fonts
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
new file mode 100644
index 000000000..1a6abb71d
--- /dev/null
+++ b/etc/dolphin.profile
@@ -0,0 +1,23 @@
1# dolphin profile
2noblacklist ~/.config/dolphinrc
3noblacklist ~/.local/share/dolphin
4
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12nogroups
13nonewprivs
14noroot
15shell none
16seccomp
17protocol unix
18
19# private-bin
20# private-dev
21# private-tmp
22# private-etc
23
diff --git a/etc/dragon.profile b/etc/dragon.profile
new file mode 100644
index 000000000..09cb73802
--- /dev/null
+++ b/etc/dragon.profile
@@ -0,0 +1,22 @@
1# dragon player profile
2noblacklist ~/.config/dragonplayerrc
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10netfilter
11nogroups
12nonewprivs
13noroot
14shell none
15seccomp
16protocol unix,inet,inet6
17
18private-bin dragon
19private-dev
20private-tmp
21# private-etc
22
diff --git a/etc/elinks.profile b/etc/elinks.profile
new file mode 100644
index 000000000..df817ea56
--- /dev/null
+++ b/etc/elinks.profile
@@ -0,0 +1,24 @@
1# elinks profile
2noblacklist ~/.elinks
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix,inet,inet6
15seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin elinks
21private-tmp
22private-dev
23# private-etc none
24
diff --git a/etc/enchant.profile b/etc/enchant.profile
new file mode 100644
index 000000000..cf8288919
--- /dev/null
+++ b/etc/enchant.profile
@@ -0,0 +1,23 @@
1# enchant profile
2noblacklist ~/.config/enchant
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix
15seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin enchant
21# private-tmp
22# private-dev
23# private-etc fonts
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
new file mode 100644
index 000000000..384695473
--- /dev/null
+++ b/etc/exiftool.profile
@@ -0,0 +1,28 @@
1# exiftool profile
2noblacklist /usr/bin/perl
3noblacklist /usr/share/perl*
4noblacklist /usr/lib/perl*
5
6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc
8include /etc/firejail/disable-devel.inc
9include /etc/firejail/disable-passwdmgr.inc
10
11caps.drop all
12nogroups
13nonewprivs
14noroot
15nosound
16protocol unix
17seccomp
18netfilter
19net none
20shell none
21tracelog
22
23# private-bin exiftool,perl
24private-tmp
25private-dev
26private-etc none
27
28
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
new file mode 100644
index 000000000..6116389db
--- /dev/null
+++ b/etc/file-roller.profile
@@ -0,0 +1,21 @@
1# file-roller profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15shell none
16tracelog
17
18# private-bin file-roller
19# private-tmp
20private-dev
21# private-etc fonts
diff --git a/etc/gedit.profile b/etc/gedit.profile
new file mode 100644
index 000000000..a25286bfa
--- /dev/null
+++ b/etc/gedit.profile
@@ -0,0 +1,26 @@
1# gedit profile
2
3# when gedit is started via gnome-shell, firejail is not applied because systemd will start it
4
5noblacklist ~/.config/gedit
6
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9#include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11
12caps.drop all
13nogroups
14nonewprivs
15noroot
16nosound
17protocol unix
18seccomp
19netfilter
20shell none
21tracelog
22
23# private-bin gedit
24private-tmp
25private-dev
26# private-etc fonts
diff --git a/etc/gjs.profile b/etc/gjs.profile
new file mode 100644
index 000000000..8d71728a2
--- /dev/null
+++ b/etc/gjs.profile
@@ -0,0 +1,28 @@
1# gjs (gnome javascript bindings) profile
2
3# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
4
5noblacklist ~/.cache/org.gnome.Books
6noblacklist ~/.config/libreoffice
7noblacklist ~/.local/share/gnome-photos
8noblacklist ~/.cache/libgweather
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-programs.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14
15caps.drop all
16nogroups
17nonewprivs
18noroot
19protocol unix,inet,inet6
20seccomp
21netfilter
22shell none
23tracelog
24
25# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
26private-tmp
27private-dev
28# private-etc fonts
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
new file mode 100644
index 000000000..10b06e173
--- /dev/null
+++ b/etc/gnome-books.profile
@@ -0,0 +1,26 @@
1# gnome-books profile
2
3# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
4
5noblacklist ~/.cache/org.gnome.Books
6
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11
12caps.drop all
13nogroups
14nonewprivs
15noroot
16nosound
17protocol unix
18seccomp
19netfilter
20shell none
21tracelog
22
23# private-bin gjs gnome-books
24private-tmp
25private-dev
26private-etc fonts
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
new file mode 100644
index 000000000..30adadda1
--- /dev/null
+++ b/etc/gnome-clocks.profile
@@ -0,0 +1,22 @@
1# gnome-clocks profile
2
3include /etc/firejail/disable-common.inc
4include /etc/firejail/disable-programs.inc
5include /etc/firejail/disable-devel.inc
6include /etc/firejail/disable-passwdmgr.inc
7
8caps.drop all
9nogroups
10nonewprivs
11noroot
12nosound
13protocol unix,inet,inet6
14seccomp
15netfilter
16shell none
17tracelog
18
19# private-bin gnome-clocks
20private-tmp
21private-dev
22# private-etc fonts
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
new file mode 100644
index 000000000..c5def7aff
--- /dev/null
+++ b/etc/gnome-documents.profile
@@ -0,0 +1,24 @@
1# gnome-documents profile
2
3# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
4
5noblacklist ~/.config/libreoffice
6
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11
12caps.drop all
13nogroups
14nonewprivs
15noroot
16nosound
17protocol unix
18seccomp
19netfilter
20shell none
21tracelog
22
23private-tmp
24private-dev
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
new file mode 100644
index 000000000..f1451506e
--- /dev/null
+++ b/etc/gnome-maps.profile
@@ -0,0 +1,24 @@
1# gnome-maps profile
2
3# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
4
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11nogroups
12nonewprivs
13noroot
14nosound
15protocol unix,inet,inet6
16seccomp
17netfilter
18shell none
19tracelog
20
21# private-bin gjs gnome-maps
22private-tmp
23private-dev
24# private-etc fonts
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
new file mode 100644
index 000000000..4a8adeb22
--- /dev/null
+++ b/etc/gnome-music.profile
@@ -0,0 +1,22 @@
1# gnome-music profile
2noblacklist ~/.local/share/gnome-music
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13protocol unix
14seccomp
15netfilter
16shell none
17tracelog
18
19# private-bin gnome-music,python3
20private-tmp
21private-dev
22# private-etc fonts
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
new file mode 100644
index 000000000..8f9d60cb5
--- /dev/null
+++ b/etc/gnome-photos.profile
@@ -0,0 +1,26 @@
1# gnome-photos profile
2
3# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
4
5noblacklist ~/.local/share/gnome-photos
6
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11
12caps.drop all
13nogroups
14nonewprivs
15noroot
16nosound
17protocol unix
18seccomp
19netfilter
20shell none
21tracelog
22
23# private-bin gjs gnome-photos
24private-tmp
25private-dev
26# private-etc fonts
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
new file mode 100644
index 000000000..9f93b8f15
--- /dev/null
+++ b/etc/gnome-weather.profile
@@ -0,0 +1,26 @@
1# gnome-weather profile
2
3# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
4
5noblacklist ~/.cache/libgweather
6
7include /etc/firejail/disable-common.inc
8include /etc/firejail/disable-programs.inc
9include /etc/firejail/disable-devel.inc
10include /etc/firejail/disable-passwdmgr.inc
11
12caps.drop all
13nogroups
14nonewprivs
15noroot
16nosound
17protocol unix,inet,inet6
18seccomp
19netfilter
20shell none
21tracelog
22
23# private-bin gjs gnome-weather
24private-tmp
25private-dev
26# private-etc fonts
diff --git a/etc/goobox.profile b/etc/goobox.profile
new file mode 100644
index 000000000..8990943fc
--- /dev/null
+++ b/etc/goobox.profile
@@ -0,0 +1,20 @@
1# goobox profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11protocol unix
12seccomp
13netfilter
14shell none
15tracelog
16
17# private-bin goobox
18# private-tmp
19# private-dev
20# private-etc fonts
diff --git a/etc/gpa.profile b/etc/gpa.profile
new file mode 100644
index 000000000..7d7277190
--- /dev/null
+++ b/etc/gpa.profile
@@ -0,0 +1,23 @@
1# gpa profile
2noblacklist ~/.gnupg
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix,inet,inet6
15seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin gpa,gpg
21private-tmp
22private-dev
23# private-etc none
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
new file mode 100644
index 000000000..31ed8812e
--- /dev/null
+++ b/etc/gpg-agent.profile
@@ -0,0 +1,24 @@
1# gpg-agent profile
2
3noblacklist ~/.gnupg
4
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11nogroups
12nonewprivs
13noroot
14nosound
15protocol unix
16seccomp
17netfilter
18shell none
19tracelog
20
21# private-bin gpg-agent,gpg
22private-tmp
23private-dev
24# private-etc none
diff --git a/etc/gpg.profile b/etc/gpg.profile
new file mode 100644
index 000000000..31372eb90
--- /dev/null
+++ b/etc/gpg.profile
@@ -0,0 +1,24 @@
1# gpg profile
2noblacklist ~/.gnupg
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix
15seccomp
16netfilter
17net none
18shell none
19tracelog
20
21# private-bin gpg,gpg-agent
22private-tmp
23private-dev
24# private-etc none
diff --git a/etc/highlight.profile b/etc/highlight.profile
new file mode 100644
index 000000000..f95f3924a
--- /dev/null
+++ b/etc/highlight.profile
@@ -0,0 +1,24 @@
1# highlight profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15net none
16shell none
17tracelog
18
19private-bin highlight
20private-tmp
21private-dev
22
23
24
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
new file mode 100644
index 000000000..d55a31cd0
--- /dev/null
+++ b/etc/img2txt.profile
@@ -0,0 +1,24 @@
1# img2txt profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15net none
16shell none
17tracelog
18
19#private-bin img2txt
20private-tmp
21private-dev
22#private-etc none
23
24
diff --git a/etc/k3b.profile b/etc/k3b.profile
new file mode 100644
index 000000000..6e16d233c
--- /dev/null
+++ b/etc/k3b.profile
@@ -0,0 +1,21 @@
1# k3b profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8netfilter
9nogroups
10nonewprivs
11noroot
12nosound
13shell none
14seccomp
15protocol unix
16
17# private-bin
18private-dev
19private-tmp
20# private-etc
21
diff --git a/etc/kate.profile b/etc/kate.profile
new file mode 100644
index 000000000..4b07ea6cb
--- /dev/null
+++ b/etc/kate.profile
@@ -0,0 +1,28 @@
1# kate profile
2noblacklist ~/.local/share/kate
3noblacklist ~/.config/katerc
4noblacklist ~/.config/katepartrc
5noblacklist ~/.config/kateschemarc
6noblacklist ~/.config/katesyntaxhighlightingrc
7noblacklist ~/.config/katevirc
8
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-programs.inc
11#include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13
14caps.drop all
15nogroups
16nonewprivs
17noroot
18nosound
19protocol unix
20seccomp
21netfilter
22shell none
23tracelog
24
25# private-bin kate
26private-tmp
27private-dev
28# private-etc fonts
diff --git a/etc/lynx.profile b/etc/lynx.profile
new file mode 100644
index 000000000..6e150f62e
--- /dev/null
+++ b/etc/lynx.profile
@@ -0,0 +1,22 @@
1# lynx profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix,inet,inet6
13seccomp
14netfilter
15shell none
16tracelog
17
18# private-bin lynx
19private-tmp
20private-dev
21# private-etc none
22
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
new file mode 100644
index 000000000..c07a9a9e8
--- /dev/null
+++ b/etc/mediainfo.profile
@@ -0,0 +1,26 @@
1# mediainfo profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15net none
16shell none
17tracelog
18
19private-bin mediainfo
20private-tmp
21private-dev
22private-etc none
23
24
25
26
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
new file mode 100644
index 000000000..264ee0b9d
--- /dev/null
+++ b/etc/nautilus.profile
@@ -0,0 +1,26 @@
1# nautilus profile
2
3# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect.
4
5noblacklist ~/.config/nautilus
6
7include /etc/firejail/disable-common.inc
8# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
9#include /etc/firejail/disable-programs.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12
13caps.drop all
14nogroups
15nonewprivs
16noroot
17protocol unix
18seccomp
19netfilter
20shell none
21tracelog
22
23# private-bin nautilus
24# private-tmp
25# private-dev
26# private-etc fonts
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
new file mode 100644
index 000000000..329275022
--- /dev/null
+++ b/etc/odt2txt.profile
@@ -0,0 +1,24 @@
1# odt2txt profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15net none
16shell none
17tracelog
18
19private-bin odt2txt
20private-tmp
21private-dev
22private-etc none
23
24read-only ${HOME}
diff --git a/etc/okular.profile b/etc/okular.profile
index b43a5fbea..22e223cea 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -9,17 +9,17 @@ include /etc/firejail/disable-devel.inc
9include /etc/firejail/disable-passwdmgr.inc 9include /etc/firejail/disable-passwdmgr.inc
10 10
11caps.drop all 11caps.drop all
12nogroups 12netfilter
13nonewprivs 13nonewprivs
14nogroups
14noroot 15noroot
16nosound
15protocol unix 17protocol unix
16seccomp 18seccomp
17nosound 19shell none
20tracelog
18 21
22# private-bin okular,kbuildsycoca4,kbuildsycoca5
23# private-etc X11
19private-dev 24private-dev
20 25private-tmp
21#Experimental:
22#net none
23#shell none
24#private-bin okular,kbuildsycoca4,kbuildsycoca5
25#private-etc X11
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
new file mode 100644
index 000000000..632c9d15e
--- /dev/null
+++ b/etc/pdftotext.profile
@@ -0,0 +1,22 @@
1# pdftotext profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8nogroups
9nonewprivs
10noroot
11nosound
12protocol unix
13seccomp
14netfilter
15net none
16shell none
17tracelog
18
19private-bin pdftotext
20private-tmp
21private-dev
22private-etc none
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
new file mode 100644
index 000000000..03089482b
--- /dev/null
+++ b/etc/simple-scan.profile
@@ -0,0 +1,23 @@
1# simple-scan profile
2noblacklist ~/.cache/simple-scan
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix,inet,inet6
15#seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin simple-scan
21# private-tmp
22# private-dev
23# private-etc fonts
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
new file mode 100644
index 000000000..6e8face75
--- /dev/null
+++ b/etc/skanlite.profile
@@ -0,0 +1,21 @@
1# skanlite profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8netfilter
9nogroups
10nonewprivs
11noroot
12nosound
13shell none
14#seccomp
15protocol unix
16
17private-bin skanlite
18# private-dev
19# private-tmp
20# private-etc
21
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
new file mode 100644
index 000000000..485bd8f3b
--- /dev/null
+++ b/etc/ssh-agent.profile
@@ -0,0 +1,15 @@
1# ssh-agent
2quiet
3noblacklist ~/.ssh
4noblacklist /tmp/ssh-*
5
6include /etc/firejail/disable-common.inc
7include /etc/firejail/disable-programs.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12nonewprivs
13noroot
14protocol unix,inet,inet6
15seccomp
diff --git a/etc/tracker.profile b/etc/tracker.profile
new file mode 100644
index 000000000..217631216
--- /dev/null
+++ b/etc/tracker.profile
@@ -0,0 +1,24 @@
1# tracker profile
2
3# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
4
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11nogroups
12nonewprivs
13noroot
14nosound
15protocol unix
16seccomp
17netfilter
18shell none
19tracelog
20
21# private-bin tracker
22# private-tmp
23# private-dev
24# private-etc fonts
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
new file mode 100644
index 000000000..88ded649c
--- /dev/null
+++ b/etc/transmission-cli.profile
@@ -0,0 +1,24 @@
1# transmission-cli bittorrent profile
2noblacklist ${HOME}/.config/transmission
3noblacklist ${HOME}/.cache/transmission
4
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12net none
13nonewprivs
14noroot
15nosound
16protocol unix
17seccomp
18shell none
19tracelog
20
21#private-bin transmission-cli
22private-tmp
23private-dev
24private-etc none
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
new file mode 100644
index 000000000..5e5284b34
--- /dev/null
+++ b/etc/transmission-show.profile
@@ -0,0 +1,24 @@
1# transmission-show profile
2noblacklist ${HOME}/.config/transmission
3noblacklist ${HOME}/.cache/transmission
4
5include /etc/firejail/disable-common.inc
6include /etc/firejail/disable-programs.inc
7include /etc/firejail/disable-devel.inc
8include /etc/firejail/disable-passwdmgr.inc
9
10caps.drop all
11netfilter
12net none
13nonewprivs
14noroot
15nosound
16protocol unix
17seccomp
18shell none
19tracelog
20
21# private-bin
22private-tmp
23private-dev
24private-etc none
diff --git a/etc/w3m.profile b/etc/w3m.profile
new file mode 100644
index 000000000..d765217cf
--- /dev/null
+++ b/etc/w3m.profile
@@ -0,0 +1,23 @@
1# w3m profile
2noblacklist ~/.w3m
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix,inet,inet6
15seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin w3m
21private-tmp
22private-dev
23private-etc none
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
new file mode 100644
index 000000000..1dd24aa61
--- /dev/null
+++ b/etc/xfburn.profile
@@ -0,0 +1,23 @@
1# xfburn profile
2noblacklist ~/.config/xfburn
3
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-programs.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-passwdmgr.inc
8
9caps.drop all
10nogroups
11nonewprivs
12noroot
13nosound
14protocol unix
15seccomp
16netfilter
17shell none
18tracelog
19
20# private-bin xfburn
21# private-tmp
22# private-dev
23# private-etc fonts
diff --git a/etc/xpra.profile b/etc/xpra.profile
new file mode 100644
index 000000000..8584e4e5b
--- /dev/null
+++ b/etc/xpra.profile
@@ -0,0 +1,21 @@
1# xpra profile
2include /etc/firejail/disable-common.inc
3include /etc/firejail/disable-programs.inc
4include /etc/firejail/disable-devel.inc
5include /etc/firejail/disable-passwdmgr.inc
6
7caps.drop all
8netfilter
9nogroups
10nonewprivs
11noroot
12nosound
13shell none
14seccomp
15protocol unix,inet,inet6
16
17# private-bin
18private-dev
19private-tmp
20# private-etc
21
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-02 09:25:22 +0000