aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/abiword.profile46
-rw-r--r--etc/baobab.profile2
-rw-r--r--etc/celluloid.profile1
-rw-r--r--etc/curl.profile2
-rw-r--r--etc/d-feet.profile1
-rw-r--r--etc/dconf-editor.profile1
-rw-r--r--etc/dig.profile2
-rw-r--r--etc/disable-common.inc13
-rw-r--r--etc/disable-programs.inc12
-rw-r--r--etc/discord-common.profile2
-rw-r--r--etc/elinks.profile2
-rw-r--r--etc/enchant.profile1
-rw-r--r--etc/eo-common.profile1
-rw-r--r--etc/evince.profile1
-rw-r--r--etc/evolution.profile2
-rw-r--r--etc/feedreader.profile1
-rw-r--r--etc/ferdi.profile46
-rw-r--r--etc/file-roller.profile1
-rw-r--r--etc/file.profile1
-rw-r--r--etc/filezilla.profile2
-rw-r--r--etc/flameshot.profile2
-rw-r--r--etc/four-in-a-row.profile17
-rw-r--r--etc/frogatto.profile47
-rw-r--r--etc/gedit.profile1
-rw-r--r--etc/gfeeds.profile1
-rw-r--r--etc/gitg.profile1
-rw-r--r--etc/gjs.profile1
-rw-r--r--etc/gnome-2048.profile28
-rw-r--r--etc/gnome-builder.profile2
-rw-r--r--etc/gnome-calculator.profile1
-rw-r--r--etc/gnome-characters.profile1
-rw-r--r--etc/gnome-chess.profile4
-rw-r--r--etc/gnome-clocks.profile1
-rw-r--r--etc/gnome-contacts.profile1
-rw-r--r--etc/gnome-hexgl.profile3
-rw-r--r--etc/gnome-latex.profile1
-rw-r--r--etc/gnome-logs.profile1
-rw-r--r--etc/gnome-mahjongg.profile14
-rw-r--r--etc/gnome-maps.profile1
-rw-r--r--etc/gnome-mines.profile18
-rw-r--r--etc/gnome-music.profile1
-rw-r--r--etc/gnome-nettool.profile1
-rw-r--r--etc/gnome-nibbles.profile21
-rw-r--r--etc/gnome-passwordsafe.profile6
-rw-r--r--etc/gnome-photos.profile1
-rw-r--r--etc/gnome-robots.profile17
-rw-r--r--etc/gnome-schedule.profile1
-rw-r--r--etc/gnome-screenshot.profile5
-rw-r--r--etc/gnome-sudoku.profile17
-rw-r--r--etc/gnome-taquin.profile17
-rw-r--r--etc/gnome-tetravex.profile12
-rw-r--r--etc/gnome-weather.profile1
-rw-r--r--etc/gnome_games-common.profile43
-rw-r--r--etc/gpg-agent.profile3
-rw-r--r--etc/gpg.profile3
-rw-r--r--etc/gucharmap.profile1
-rw-r--r--etc/highlight.profile1
-rw-r--r--etc/latex-common.profile1
-rw-r--r--etc/less.profile1
-rw-r--r--etc/lightsoff.profile14
-rw-r--r--etc/links.profile1
-rw-r--r--etc/lynx.profile2
-rw-r--r--etc/meld.profile2
-rw-r--r--etc/mutt.profile2
-rw-r--r--etc/newsboat.profile1
-rw-r--r--etc/nslookup.profile4
-rw-r--r--etc/pandoc.profile1
-rw-r--r--etc/patch.profile1
-rw-r--r--etc/pdftotext.profile1
-rw-r--r--etc/ping.profile4
-rw-r--r--etc/pitivi.profile2
-rw-r--r--etc/pngquant.profile2
-rw-r--r--etc/polari.profile1
-rw-r--r--etc/remmina.profile1
-rw-r--r--etc/rhythmbox.profile1
-rw-r--r--etc/rsync-download_only.profile1
-rw-r--r--etc/seahorse.profile3
-rw-r--r--etc/shellcheck.profile1
-rw-r--r--etc/ssh.profile3
-rw-r--r--etc/strings.profile1
-rw-r--r--etc/teams.profile3
-rw-r--r--etc/templates/profile.template4
-rw-r--r--etc/thunderbird.profile12
-rw-r--r--etc/tracker.profile2
-rw-r--r--etc/transmission-gtk.profile2
-rw-r--r--etc/ts3client_runscript.sh.profile19
-rw-r--r--etc/tshark.profile1
-rw-r--r--etc/vim.profile2
-rw-r--r--etc/w3m.profile2
-rw-r--r--etc/warmux.profile53
-rw-r--r--etc/wget.profile1
-rw-r--r--etc/whitelist-runuser-common.inc10
-rw-r--r--etc/whitelist-usr-share-common.inc1
-rw-r--r--etc/whois.profile1
-rw-r--r--etc/yelp.profile1
-rw-r--r--etc/youtube-dl.profile1
96 files changed, 559 insertions, 44 deletions
diff --git a/etc/abiword.profile b/etc/abiword.profile
new file mode 100644
index 000000000..748cda195
--- /dev/null
+++ b/etc/abiword.profile
@@ -0,0 +1,46 @@
1# Firejail profile for abiword
2# Description: flexible cross-platform word processor
3# This file is overwritten after every install/update
4# Persistent local customizations
5include abiword.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/abiword
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17
18whitelist /usr/share/abiword-3.0
19include whitelist-usr-share-common.inc
20include whitelist-runuser-common.inc
21include whitelist-var-common.inc
22
23apparmor
24caps.drop all
25machine-id
26net none
27no3d
28#nodbus
29nodvd
30nogroups
31nonewprivs
32noroot
33nosound
34notv
35nou2f
36novideo
37protocol unix
38seccomp
39shell none
40tracelog
41
42private-bin abiword
43private-cache
44private-dev
45private-etc fonts,gtk-3.0,passwd
46private-tmp
diff --git a/etc/baobab.profile b/etc/baobab.profile
index d87de9d66..a2cfa6d67 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -14,6 +14,8 @@ include disable-passwdmgr.inc
14# include disable-programs.inc 14# include disable-programs.inc
15# include disable-xdg.inc 15# include disable-xdg.inc
16 16
17include whitelist-runuser-common.inc
18
17caps.drop all 19caps.drop all
18net none 20net none
19no3d 21no3d
diff --git a/etc/celluloid.profile b/etc/celluloid.profile
index d099ba11e..daed19634 100644
--- a/etc/celluloid.profile
+++ b/etc/celluloid.profile
@@ -24,6 +24,7 @@ include disable-passwdmgr.inc
24include disable-programs.inc 24include disable-programs.inc
25include disable-xdg.inc 25include disable-xdg.inc
26 26
27include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 29include whitelist-var-common.inc
29 30
diff --git a/etc/curl.profile b/etc/curl.profile
index a720aca9b..a33d084ce 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -10,6 +10,8 @@ include globals.local
10noblacklist ${HOME}/.curlrc 10noblacklist ${HOME}/.curlrc
11 11
12blacklist /tmp/.X11-unix 12blacklist /tmp/.X11-unix
13blacklist ${RUNUSER}/wayland-*
14blacklist ${RUNUSER}
13 15
14include disable-common.inc 16include disable-common.inc
15include disable-exec.inc 17include disable-exec.inc
diff --git a/etc/d-feet.profile b/etc/d-feet.profile
index 897bf5f5d..51df7b455 100644
--- a/etc/d-feet.profile
+++ b/etc/d-feet.profile
@@ -24,6 +24,7 @@ mkdir ${HOME}/.config/d-feet
24whitelist ${HOME}/.config/d-feet 24whitelist ${HOME}/.config/d-feet
25whitelist /usr/share/d-feet 25whitelist /usr/share/d-feet
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 29include whitelist-var-common.inc
29 30
diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile
index a9d25128f..e7cc66e32 100644
--- a/etc/dconf-editor.profile
+++ b/etc/dconf-editor.profile
@@ -16,6 +16,7 @@ include disable-xdg.inc
16 16
17whitelist ${HOME}/.local/share/glib-2.0 17whitelist ${HOME}/.local/share/glib-2.0
18include whitelist-common.inc 18include whitelist-common.inc
19include whitelist-runuser-common.inc
19include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
21 22
diff --git a/etc/dig.profile b/etc/dig.profile
index e6b7e46d9..270a95c05 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.digrc
11noblacklist ${PATH}/dig 11noblacklist ${PATH}/dig
12 12
13blacklist /tmp/.X11-unix 13blacklist /tmp/.X11-unix
14blacklist ${RUNUSER}/wayland-*
15blacklist ${RUNUSER}
14 16
15include disable-common.inc 17include disable-common.inc
16# include disable-devel.inc 18# include disable-devel.inc
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 815e4b13d..92c6cd2a8 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -166,6 +166,14 @@ blacklist ${HOME}/VirtualBox VMs
166blacklist ${HOME}/.config/gnome-boxes 166blacklist ${HOME}/.config/gnome-boxes
167blacklist ${HOME}/.local/share/gnome-boxes 167blacklist ${HOME}/.local/share/gnome-boxes
168 168
169# libvirt
170blacklist ${HOME}/.cache/libvirt
171blacklist ${HOME}/.config/libvirt
172blacklist ${RUNUSER}/libvirt
173blacklist /var/cache/libvirt
174blacklist /var/lib/libvirt
175blacklist /var/log/libvirt
176
169# VeraCrypt 177# VeraCrypt
170blacklist ${HOME}/.VeraCrypt 178blacklist ${HOME}/.VeraCrypt
171blacklist ${PATH}/veracrypt 179blacklist ${PATH}/veracrypt
@@ -453,6 +461,11 @@ blacklist ${HOME}/.local/share/flatpak/overrides
453blacklist ${HOME}/.local/share/flatpak/repo 461blacklist ${HOME}/.local/share/flatpak/repo
454blacklist ${HOME}/.local/share/flatpak/runtime 462blacklist ${HOME}/.local/share/flatpak/runtime
455blacklist ${HOME}/.var 463blacklist ${HOME}/.var
464blacklist ${RUNUSER}/app
465blacklist ${RUNUSER}/doc
466blacklist ${RUNUSER}/.dbus-proxy
467blacklist ${RUNUSER}/.flatpak
468blacklist ${RUNUSER}/.flatpak-helper
456blacklist /usr/share/flatpak 469blacklist /usr/share/flatpak
457blacklist /var/lib/flatpak 470blacklist /var/lib/flatpak
458# most of the time bwrap is SUID binary 471# most of the time bwrap is SUID binary
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 5b3fe475c..5bb2f851a 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -8,6 +8,8 @@ blacklist ${HOME}/Monero/wallets
8blacklist ${HOME}/Nextcloud/Notes 8blacklist ${HOME}/Nextcloud/Notes
9blacklist ${HOME}/SoftMaker 9blacklist ${HOME}/SoftMaker
10blacklist ${HOME}/Standard Notes Backups 10blacklist ${HOME}/Standard Notes Backups
11blacklist ${HOME}/TeamSpeak3-Client-linux_x86
12blacklist ${HOME}/TeamSpeak3-Client-linux_amd64
11blacklist ${HOME}/mps 13blacklist ${HOME}/mps
12blacklist ${HOME}/wallet.dat 14blacklist ${HOME}/wallet.dat
13blacklist ${HOME}/.*coin 15blacklist ${HOME}/.*coin
@@ -73,6 +75,7 @@ blacklist ${HOME}/.config/Code Industry
73blacklist ${HOME}/.config/Cryptocat 75blacklist ${HOME}/.config/Cryptocat
74blacklist ${HOME}/.config/Debauchee/Barrier.conf 76blacklist ${HOME}/.config/Debauchee/Barrier.conf
75blacklist ${HOME}/.config/Enox 77blacklist ${HOME}/.config/Enox
78blacklist ${HOME}/.config/Ferdi
76blacklist ${HOME}/.config/Franz 79blacklist ${HOME}/.config/Franz
77blacklist ${HOME}/.config/FreeCAD 80blacklist ${HOME}/.config/FreeCAD
78blacklist ${HOME}/.config/Fritzing 81blacklist ${HOME}/.config/Fritzing
@@ -116,6 +119,7 @@ blacklist ${HOME}/.config/Thunar
116blacklist ${HOME}/.config/VirtualBox 119blacklist ${HOME}/.config/VirtualBox
117blacklist ${HOME}/.config/Wire 120blacklist ${HOME}/.config/Wire
118blacklist ${HOME}/.config/Zeal 121blacklist ${HOME}/.config/Zeal
122blacklist ${HOME}/.config/abiword
119blacklist ${HOME}/.config/agenda 123blacklist ${HOME}/.config/agenda
120blacklist ${HOME}/.config/akonadi* 124blacklist ${HOME}/.config/akonadi*
121blacklist ${HOME}/.config/akregatorrc 125blacklist ${HOME}/.config/akregatorrc
@@ -330,6 +334,7 @@ blacklist ${HOME}/.config/vivaldi
330blacklist ${HOME}/.config/vivaldi-snapshot 334blacklist ${HOME}/.config/vivaldi-snapshot
331blacklist ${HOME}/.config/vlc 335blacklist ${HOME}/.config/vlc
332blacklist ${HOME}/.config/wesnoth 336blacklist ${HOME}/.config/wesnoth
337blacklist ${HOME}/.config/wormux
333blacklist ${HOME}/.config/Whalebird 338blacklist ${HOME}/.config/Whalebird
334blacklist ${HOME}/.config/wireshark 339blacklist ${HOME}/.config/wireshark
335blacklist ${HOME}/.config/xchat 340blacklist ${HOME}/.config/xchat
@@ -378,6 +383,7 @@ blacklist ${HOME}/.fossamail
378blacklist ${HOME}/.freeciv 383blacklist ${HOME}/.freeciv
379blacklist ${HOME}/.freecol 384blacklist ${HOME}/.freecol
380blacklist ${HOME}/.freemind 385blacklist ${HOME}/.freemind
386blacklist ${HOME}/.frogatto
381blacklist ${HOME}/.frozen-bubble 387blacklist ${HOME}/.frozen-bubble
382blacklist ${HOME}/.gimp* 388blacklist ${HOME}/.gimp*
383blacklist ${HOME}/.gist 389blacklist ${HOME}/.gist
@@ -536,11 +542,14 @@ blacklist ${HOME}/.local/share/gnome-2048
536blacklist ${HOME}/.local/share/gnome-chess 542blacklist ${HOME}/.local/share/gnome-chess
537blacklist ${HOME}/.local/share/gnome-builder 543blacklist ${HOME}/.local/share/gnome-builder
538blacklist ${HOME}/.local/share/gnome-latex 544blacklist ${HOME}/.local/share/gnome-latex
545blacklist ${HOME}/.local/share/gnome-mines
539blacklist ${HOME}/.local/share/gnome-music 546blacklist ${HOME}/.local/share/gnome-music
547blacklist ${HOME}/.local/share/gnome-nibbles
540blacklist ${HOME}/.local/share/gnome-photos 548blacklist ${HOME}/.local/share/gnome-photos
541blacklist ${HOME}/.local/share/gnome-pomodoro 549blacklist ${HOME}/.local/share/gnome-pomodoro
542blacklist ${HOME}/.local/share/gnome-recipes 550blacklist ${HOME}/.local/share/gnome-recipes
543blacklist ${HOME}/.local/share/gnome-ring 551blacklist ${HOME}/.local/share/gnome-ring
552blacklist ${HOME}/.local/share/gnome-sudoku
544blacklist ${HOME}/.local/share/gnome-twitch 553blacklist ${HOME}/.local/share/gnome-twitch
545blacklist ${HOME}/.local/share/godot 554blacklist ${HOME}/.local/share/godot
546blacklist ${HOME}/.local/share/gradio 555blacklist ${HOME}/.local/share/gradio
@@ -610,6 +619,7 @@ blacklist ${HOME}/.local/share/vpltd
610blacklist ${HOME}/.local/share/vulkan 619blacklist ${HOME}/.local/share/vulkan
611blacklist ${HOME}/.local/share/warsow-2.1 620blacklist ${HOME}/.local/share/warsow-2.1
612blacklist ${HOME}/.local/share/wesnoth 621blacklist ${HOME}/.local/share/wesnoth
622blacklist ${HOME}/.local/share/wormux
613blacklist ${HOME}/.local/share/xplayer 623blacklist ${HOME}/.local/share/xplayer
614blacklist ${HOME}/.local/share/xreader 624blacklist ${HOME}/.local/share/xreader
615blacklist ${HOME}/.local/share/zathura 625blacklist ${HOME}/.local/share/zathura
@@ -706,6 +716,7 @@ blacklist ${HOME}/.widelands
706blacklist ${HOME}/.wine 716blacklist ${HOME}/.wine
707blacklist ${HOME}/.wine64 717blacklist ${HOME}/.wine64
708blacklist ${HOME}/.wireshark 718blacklist ${HOME}/.wireshark
719blacklist ${HOME}/.wormux
709blacklist ${HOME}/.xiphos 720blacklist ${HOME}/.xiphos
710blacklist ${HOME}/.xmind 721blacklist ${HOME}/.xmind
711blacklist ${HOME}/.xmms 722blacklist ${HOME}/.xmms
@@ -730,6 +741,7 @@ blacklist ${HOME}/.cache/BraveSoftware
730blacklist ${HOME}/.cache/Clementine 741blacklist ${HOME}/.cache/Clementine
731blacklist ${HOME}/.cache/Enox 742blacklist ${HOME}/.cache/Enox
732blacklist ${HOME}/.cache/Enpass 743blacklist ${HOME}/.cache/Enpass
744blacklist ${HOME}/.cache/Ferdi
733blacklist ${HOME}/.cache/Franz 745blacklist ${HOME}/.cache/Franz
734blacklist ${HOME}/.cache/INRIA 746blacklist ${HOME}/.cache/INRIA
735blacklist ${HOME}/.cache/MusicBrainz 747blacklist ${HOME}/.cache/MusicBrainz
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index 43e8d5cd7..cbeef798f 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -15,6 +15,8 @@ include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16 16
17whitelist ${DOWNLOADS} 17whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/BetterDiscord
19whitelist ${HOME}/.local/share/betterdiscordctl
18include whitelist-common.inc 20include whitelist-common.inc
19include whitelist-var-common.inc 21include whitelist-var-common.inc
20 22
diff --git a/etc/elinks.profile b/etc/elinks.profile
index 82d1ba528..2a306d704 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -18,6 +18,8 @@ include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21include whitelist-runuser-common.inc
22
21caps.drop all 23caps.drop all
22netfilter 24netfilter
23no3d 25no3d
diff --git a/etc/enchant.profile b/etc/enchant.profile
index fa556c7d2..69e8b1e44 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -21,6 +21,7 @@ include disable-xdg.inc
21mkdir ${HOME}/.config/enchant 21mkdir ${HOME}/.config/enchant
22whitelist ${HOME}/.config/enchant 22whitelist ${HOME}/.config/enchant
23include whitelist-common.inc 23include whitelist-common.inc
24include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 26include whitelist-var-common.inc
26 27
diff --git a/etc/eo-common.profile b/etc/eo-common.profile
index 13f498c03..80c704c6b 100644
--- a/etc/eo-common.profile
+++ b/etc/eo-common.profile
@@ -18,6 +18,7 @@ include disable-interpreters.inc
18include disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20 20
21include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 22include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 23include whitelist-var-common.inc
23 24
diff --git a/etc/evince.profile b/etc/evince.profile
index 143a347e6..68ef5eb9a 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -21,6 +21,7 @@ whitelist /usr/share/doc
21whitelist /usr/share/evince 21whitelist /usr/share/evince
22whitelist /usr/share/poppler 22whitelist /usr/share/poppler
23whitelist /usr/share/tracker 23whitelist /usr/share/tracker
24include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 25include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 26include whitelist-var-common.inc
26 27
diff --git a/etc/evolution.profile b/etc/evolution.profile
index 71a7a5600..4740bf935 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -23,6 +23,8 @@ include disable-interpreters.inc
23include disable-passwdmgr.inc 23include disable-passwdmgr.inc
24include disable-programs.inc 24include disable-programs.inc
25 25
26include whitelist-runuser-common.inc
27
26caps.drop all 28caps.drop all
27netfilter 29netfilter
28# no3d breaks under wayland 30# no3d breaks under wayland
diff --git a/etc/feedreader.profile b/etc/feedreader.profile
index 5a72b60ea..7d3c7a8f4 100644
--- a/etc/feedreader.profile
+++ b/etc/feedreader.profile
@@ -23,6 +23,7 @@ whitelist ${HOME}/.cache/feedreader
23whitelist ${HOME}/.local/share/feedreader 23whitelist ${HOME}/.local/share/feedreader
24whitelist /usr/share/feedreader 24whitelist /usr/share/feedreader
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
27include whitelist-var-common.inc 28include whitelist-var-common.inc
28 29
diff --git a/etc/ferdi.profile b/etc/ferdi.profile
new file mode 100644
index 000000000..9b4c5f114
--- /dev/null
+++ b/etc/ferdi.profile
@@ -0,0 +1,46 @@
1# Firejail profile for ferdi
2# This file is overwritten after every install/update
3# Persistent local customizations
4include ferdi.local
5# Persistent global definitions
6include globals.local
7
8ignore noexec /tmp
9
10noblacklist ${HOME}/.cache/Ferdi
11noblacklist ${HOME}/.config/Ferdi
12noblacklist ${HOME}/.pki
13noblacklist ${HOME}/.local/share/pki
14
15include disable-common.inc
16include disable-devel.inc
17include disable-exec.inc
18include disable-interpreters.inc
19include disable-programs.inc
20
21mkdir ${HOME}/.cache/Ferdi
22mkdir ${HOME}/.config/Ferdi
23mkdir ${HOME}/.pki
24mkdir ${HOME}/.local/share/pki
25whitelist ${DOWNLOADS}
26whitelist ${HOME}/.cache/Ferdi
27whitelist ${HOME}/.config/Ferdi
28whitelist ${HOME}/.pki
29whitelist ${HOME}/.local/share/pki
30include whitelist-common.inc
31
32caps.drop all
33netfilter
34nodvd
35nogroups
36nonewprivs
37noroot
38notv
39nou2f
40protocol unix,inet,inet6,netlink
41seccomp !chroot
42shell none
43
44disable-mnt
45private-dev
46private-tmp
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 9d84f07de..70dd030ee 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -14,6 +14,7 @@ include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15 15
16whitelist /usr/share/file-roller 16whitelist /usr/share/file-roller
17include whitelist-runuser-common.inc
17include whitelist-usr-share-common.inc 18include whitelist-usr-share-common.inc
18include whitelist-var-common.inc 19include whitelist-var-common.inc
19 20
diff --git a/etc/file.profile b/etc/file.profile
index 82b161d48..854586354 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -8,6 +8,7 @@ include file.local
8include globals.local 8include globals.local
9 9
10blacklist ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11blacklist ${RUNUSER}
11 12
12include disable-common.inc 13include disable-common.inc
13include disable-exec.inc 14include disable-exec.inc
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index d8d4c1746..6c7ab8f0d 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -17,6 +17,8 @@ include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20
21include whitelist-runuser-common.inc
20include whitelist-var-common.inc 22include whitelist-var-common.inc
21 23
22caps.drop all 24caps.drop all
diff --git a/etc/flameshot.profile b/etc/flameshot.profile
index 3aad9723b..9a3df98f4 100644
--- a/etc/flameshot.profile
+++ b/etc/flameshot.profile
@@ -17,6 +17,8 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20include whitelist-runuser-common.inc
21
20caps.drop all 22caps.drop all
21ipc-namespace 23ipc-namespace
22netfilter 24netfilter
diff --git a/etc/four-in-a-row.profile b/etc/four-in-a-row.profile
new file mode 100644
index 000000000..b468c3435
--- /dev/null
+++ b/etc/four-in-a-row.profile
@@ -0,0 +1,17 @@
1# Firejail profile for four-in-a-row
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include four-in-a-row.local
6# Persistent global definitions
7include globals.local
8
9ignore machine-id
10ignore nosound
11
12whitelist /usr/share/four-in-a-row
13
14private-bin four-in-a-row
15
16# Redirect
17include gnome_games-common.profile
diff --git a/etc/frogatto.profile b/etc/frogatto.profile
new file mode 100644
index 000000000..fd7c5fc16
--- /dev/null
+++ b/etc/frogatto.profile
@@ -0,0 +1,47 @@
1# Firejail profile for frogatto
2# Description: 2D platformer game starring a quixotic frog
3# This file is overwritten after every install/update
4# Persistent local customizations
5include frogatto.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.frogatto
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.frogatto
20whitelist ${HOME}/.frogatto
21whitelist /usr/share/frogatto
22include whitelist-common.inc
23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc
25
26apparmor
27caps.drop all
28net none
29nodbus
30nodvd
31nogroups
32nonewprivs
33noroot
34notv
35nou2f
36novideo
37protocol unix
38seccomp
39shell none
40tracelog
41
42disable-mnt
43private-bin frogatto,sh
44private-cache
45private-dev
46private-etc machine-id
47private-tmp
diff --git a/etc/gedit.profile b/etc/gedit.profile
index a4471077a..148b98c99 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
19include disable-passwdmgr.inc 19include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21 21
22include whitelist-runuser-common.inc
22include whitelist-var-common.inc 23include whitelist-var-common.inc
23 24
24# apparmor - makes settings immutable 25# apparmor - makes settings immutable
diff --git a/etc/gfeeds.profile b/etc/gfeeds.profile
index d332c1bbe..7de762e0d 100644
--- a/etc/gfeeds.profile
+++ b/etc/gfeeds.profile
@@ -29,6 +29,7 @@ whitelist ${HOME}/.cache/org.gabmus.gfeeds
29whitelist ${HOME}/.config/org.gabmus.gfeeds.json 29whitelist ${HOME}/.config/org.gabmus.gfeeds.json
30whitelist /usr/share/gfeeds 30whitelist /usr/share/gfeeds
31include whitelist-common.inc 31include whitelist-common.inc
32include whitelist-runuser-common.inc
32include whitelist-usr-share-common.inc 33include whitelist-usr-share-common.inc
33include whitelist-var-common.inc 34include whitelist-var-common.inc
34 35
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 3c6f9d72f..68f38c3ce 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -28,6 +28,7 @@ include disable-programs.inc
28#include whitelist-common.inc 28#include whitelist-common.inc
29 29
30whitelist /usr/share/gitg 30whitelist /usr/share/gitg
31include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 32include whitelist-usr-share-common.inc
32include whitelist-var-common.inc 33include whitelist-var-common.inc
33 34
diff --git a/etc/gjs.profile b/etc/gjs.profile
index 85dd57f29..9c8848b8a 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -22,6 +22,7 @@ include disable-interpreters.inc
22include disable-passwdmgr.inc 22include disable-passwdmgr.inc
23include disable-programs.inc 23include disable-programs.inc
24 24
25include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 27include whitelist-var-common.inc
27 28
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile
index 6fa23c92e..978a13244 100644
--- a/etc/gnome-2048.profile
+++ b/etc/gnome-2048.profile
@@ -8,32 +8,10 @@ include globals.local
8 8
9noblacklist ${HOME}/.local/share/gnome-2048 9noblacklist ${HOME}/.local/share/gnome-2048
10 10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17
18include whitelist-var-common.inc
19
20mkdir ${HOME}/.local/share/gnome-2048 11mkdir ${HOME}/.local/share/gnome-2048
21whitelist ${HOME}/.local/share/gnome-2048 12whitelist ${HOME}/.local/share/gnome-2048
22include whitelist-common.inc
23
24apparmor
25caps.drop all
26netfilter
27nodvd
28nonewprivs
29noroot
30notv
31nou2f
32novideo
33protocol unix,inet,inet6
34seccomp
35 13
36disable-mnt 14private-bin gnome-2048
37private-dev
38private-tmp
39 15
16# Redirect
17include gnome_games-common.profile
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index eaf48931d..7a684dd59 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -17,6 +17,8 @@ include disable-common.inc
17include disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19 19
20include whitelist-runuser-common.inc
21
20caps.drop all 22caps.drop all
21ipc-namespace 23ipc-namespace
22netfilter 24netfilter
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 6709a331e..627ae368a 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -16,6 +16,7 @@ include disable-programs.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18include whitelist-common.inc 18include whitelist-common.inc
19include whitelist-runuser-common.inc
19include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
21 22
diff --git a/etc/gnome-characters.profile b/etc/gnome-characters.profile
index f02fe13f6..77b0c3c15 100644
--- a/etc/gnome-characters.profile
+++ b/etc/gnome-characters.profile
@@ -19,6 +19,7 @@ include disable-xdg.inc
19 19
20whitelist /usr/share/org.gnome.Characters 20whitelist /usr/share/org.gnome.Characters
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-runuser-common.inc
22include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
23include whitelist-var-common.inc 24include whitelist-var-common.inc
24 25
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index e657293ac..a80e1ca6d 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -16,6 +16,10 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19whitelist /usr/share/gnuchess
20whitelist /usr/share/gnome-chess
21include whitelist-runuser-common.inc
22include whitelist-usr-share-common.inc
19include whitelist-var-common.inc 23include whitelist-var-common.inc
20 24
21apparmor 25apparmor
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index 025335a23..b865423c5 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -17,6 +17,7 @@ include disable-xdg.inc
17whitelist /usr/share/gnome-clocks 17whitelist /usr/share/gnome-clocks
18whitelist /usr/share/libgweather 18whitelist /usr/share/libgweather
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-runuser-common.inc
20include whitelist-usr-share-common.inc 21include whitelist-usr-share-common.inc
21include whitelist-var-common.inc 22include whitelist-var-common.inc
22 23
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile
index ac6d82451..7c1e4bb58 100644
--- a/etc/gnome-contacts.profile
+++ b/etc/gnome-contacts.profile
@@ -17,6 +17,7 @@ include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-runuser-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
21 22
22caps.drop all 23caps.drop all
diff --git a/etc/gnome-hexgl.profile b/etc/gnome-hexgl.profile
index 386c33d7f..a06ccc9c1 100644
--- a/etc/gnome-hexgl.profile
+++ b/etc/gnome-hexgl.profile
@@ -15,9 +15,8 @@ include disable-programs.inc
15include disable-xdg.inc 15include disable-xdg.inc
16 16
17mkdir ${HOME}/.cache/mesa_shader_cache 17mkdir ${HOME}/.cache/mesa_shader_cache
18whitelist ${RUNUSER}/pulse
19whitelist ${RUNUSER}/wayland-0
20whitelist /usr/share/gnome-hexgl 18whitelist /usr/share/gnome-hexgl
19include whitelist-runuser-common.inc
21include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
22include whitelist-var-common.inc 21include whitelist-var-common.inc
23 22
diff --git a/etc/gnome-latex.profile b/etc/gnome-latex.profile
index 1bf48c6ab..ea4151137 100644
--- a/etc/gnome-latex.profile
+++ b/etc/gnome-latex.profile
@@ -22,6 +22,7 @@ include disable-programs.inc
22whitelist /usr/share/gnome-latex 22whitelist /usr/share/gnome-latex
23whitelist /usr/share/perl5 23whitelist /usr/share/perl5
24whitelist /usr/share/texlive 24whitelist /usr/share/texlive
25include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
26# May cause issues. 27# May cause issues.
27#include whitelist-var-common.inc 28#include whitelist-var-common.inc
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index 0c5bec144..31b7cfb4f 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -15,6 +15,7 @@ include disable-programs.inc
15include disable-xdg.inc 15include disable-xdg.inc
16 16
17whitelist /var/log/journal 17whitelist /var/log/journal
18include whitelist-runuser-common.inc
18include whitelist-usr-share-common.inc 19include whitelist-usr-share-common.inc
19include whitelist-var-common.inc 20include whitelist-var-common.inc
20 21
diff --git a/etc/gnome-mahjongg.profile b/etc/gnome-mahjongg.profile
new file mode 100644
index 000000000..653c5f949
--- /dev/null
+++ b/etc/gnome-mahjongg.profile
@@ -0,0 +1,14 @@
1# Firejail profile for gnome-mahjongg
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-mahjongg.local
6# Persistent global definitions
7include globals.local
8
9whitelist /usr/share/gnome-mahjongg
10
11private-bin gnome-mahjongg
12
13# Redirect
14include gnome_games-common.profile
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
index 12415a937..bf263efa9 100644
--- a/etc/gnome-maps.profile
+++ b/etc/gnome-maps.profile
@@ -35,6 +35,7 @@ whitelist ${PICTURES}
35whitelist /usr/share/gnome-maps 35whitelist /usr/share/gnome-maps
36whitelist /usr/share/libgweather 36whitelist /usr/share/libgweather
37include whitelist-common.inc 37include whitelist-common.inc
38include whitelist-runuser-common.inc
38include whitelist-usr-share-common.inc 39include whitelist-usr-share-common.inc
39include whitelist-var-common.inc 40include whitelist-var-common.inc
40 41
diff --git a/etc/gnome-mines.profile b/etc/gnome-mines.profile
new file mode 100644
index 000000000..9cae75524
--- /dev/null
+++ b/etc/gnome-mines.profile
@@ -0,0 +1,18 @@
1# Firejail profile for gnome-mines
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-mines.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.local/share/gnome-mines
10
11mkdir ${HOME}/.local/share/gnome-mines
12whitelist ${HOME}/.local/share/gnome-mines
13whitelist /usr/share/gnome-mines
14
15private-bin gnome-mines
16
17# Redirect
18include gnome_games-common.profile
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index 9c3131162..36b46897c 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -21,6 +21,7 @@ include disable-passwdmgr.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24include whitelist-runuser-common.inc
24include whitelist-var-common.inc 25include whitelist-var-common.inc
25 26
26apparmor 27apparmor
diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile
index d15299890..649473679 100644
--- a/etc/gnome-nettool.profile
+++ b/etc/gnome-nettool.profile
@@ -16,6 +16,7 @@ include disable-xdg.inc
16 16
17whitelist /usr/share/gnome-nettool 17whitelist /usr/share/gnome-nettool
18#include whitelist-common.inc -- see #903 18#include whitelist-common.inc -- see #903
19include whitelist-runuser-common.inc
19include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
21 22
diff --git a/etc/gnome-nibbles.profile b/etc/gnome-nibbles.profile
new file mode 100644
index 000000000..4e42b6b15
--- /dev/null
+++ b/etc/gnome-nibbles.profile
@@ -0,0 +1,21 @@
1# Firejail profile for gnome-nibbles
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-nibbles.local
6# Persistent global definitions
7include globals.local
8
9ignore machine-id
10ignore nosound
11
12noblacklist ${HOME}/.local/share/gnome-nibbles
13
14mkdir ${HOME}/.local/share/gnome-nibbles
15whitelist ${HOME}/.local/share/gnome-nibbles
16whitelist /usr/share/gnome-nibbles
17
18private-bin gnome-nibbles
19
20# Redirect
21include gnome_games-common.profile
diff --git a/etc/gnome-passwordsafe.profile b/etc/gnome-passwordsafe.profile
index de8f6ad7d..555a59d93 100644
--- a/etc/gnome-passwordsafe.profile
+++ b/etc/gnome-passwordsafe.profile
@@ -21,13 +21,9 @@ include disable-passwdmgr.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24whitelist ${RUNUSER}/bus
25# If you have a second wayland compositor, whitelist its socket here.
26whitelist ${RUNUSER}/wayland-0
27whitelist ${RUNUSER}/gdm/Xauthority
28
29whitelist /usr/share/cracklib 24whitelist /usr/share/cracklib
30whitelist /usr/share/passwordsafe 25whitelist /usr/share/passwordsafe
26include whitelist-runuser-common.inc
31include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
32include whitelist-var-common.inc 28include whitelist-var-common.inc
33 29
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index c28217efb..2af406af9 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -17,6 +17,7 @@ include disable-interpreters.inc
17include disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19 19
20include whitelist-runuser-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
21 22
22apparmor 23apparmor
diff --git a/etc/gnome-robots.profile b/etc/gnome-robots.profile
new file mode 100644
index 000000000..888324a5c
--- /dev/null
+++ b/etc/gnome-robots.profile
@@ -0,0 +1,17 @@
1# Firejail profile for gnome-robots
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-robots.local
6# Persistent global definitions
7include globals.local
8
9ignore machine-id
10ignore nosound
11
12whitelist /usr/share/gnome-robots
13
14private-bin gnome-robots
15
16# Redirect
17include gnome_games-common.profile
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile
index c8dd8ead7..55913a2d7 100644
--- a/etc/gnome-schedule.profile
+++ b/etc/gnome-schedule.profile
@@ -39,6 +39,7 @@ whitelist /usr/share/gnome-schedule
39whitelist /var/spool/atd 39whitelist /var/spool/atd
40whitelist /var/spool/cron 40whitelist /var/spool/cron
41include whitelist-common.inc 41include whitelist-common.inc
42include whitelist-runuser-common.inc
42include whitelist-usr-share-common.inc 43include whitelist-usr-share-common.inc
43include whitelist-var-common.inc 44include whitelist-var-common.inc
44 45
diff --git a/etc/gnome-screenshot.profile b/etc/gnome-screenshot.profile
index c00aefdb7..cc5efb161 100644
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -17,11 +17,8 @@ include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20whitelist ${RUNUSER}/bus
21whitelist ${RUNUSER}/pulse
22whitelist ${RUNUSER}/gdm/Xauthority
23whitelist ${RUNUSER}/wayland-0
24include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
21include whitelist-runuser-common.inc
25include whitelist-var-common.inc 22include whitelist-var-common.inc
26 23
27apparmor 24apparmor
diff --git a/etc/gnome-sudoku.profile b/etc/gnome-sudoku.profile
new file mode 100644
index 000000000..b41bccd1e
--- /dev/null
+++ b/etc/gnome-sudoku.profile
@@ -0,0 +1,17 @@
1# Firejail profile for gnome-sudoku
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-sudoku.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.local/share/gnome-sudoku
10
11mkdir ${HOME}/.local/share/gnome-sudoku
12whitelist ${HOME}/.local/share/gnome-sudoku
13
14private-bin gnome-sudoku
15
16# Redirect
17include gnome_games-common.profile
diff --git a/etc/gnome-taquin.profile b/etc/gnome-taquin.profile
new file mode 100644
index 000000000..efd64d455
--- /dev/null
+++ b/etc/gnome-taquin.profile
@@ -0,0 +1,17 @@
1# Firejail profile for gnome-taquin
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-taquin.local
6# Persistent global definitions
7include globals.local
8
9ignore machine-id
10ignore nosound
11
12whitelist /usr/share/gnome-taquin
13
14private-bin gnome-taquin
15
16# Redirect
17include gnome_games-common.profile
diff --git a/etc/gnome-tetravex.profile b/etc/gnome-tetravex.profile
new file mode 100644
index 000000000..e9622539c
--- /dev/null
+++ b/etc/gnome-tetravex.profile
@@ -0,0 +1,12 @@
1# Firejail profile for gnome-tetravex
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include gnome-tetravex.local
6# Persistent global definitions
7include globals.local
8
9private-bin gnome-tetravex
10
11# Redirect
12include gnome_games-common.profile
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
index 10db6296b..a181f1b9e 100644
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@@ -21,6 +21,7 @@ include disable-passwdmgr.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24include whitelist-runuser-common.inc
24include whitelist-var-common.inc 25include whitelist-var-common.inc
25 26
26caps.drop all 27caps.drop all
diff --git a/etc/gnome_games-common.profile b/etc/gnome_games-common.profile
new file mode 100644
index 000000000..0b75c5e92
--- /dev/null
+++ b/etc/gnome_games-common.profile
@@ -0,0 +1,43 @@
1# Firejail profile for gnome_games-common
2# This file is overwritten after every install/update
3# Persistent local customizations
4include gnome_games-common.local
5# Persistent global definitions
6# added by caller profile
7#include globals.local
8
9include disable-common.inc
10include disable-devel.inc
11include disable-exec.inc
12include disable-interpreters.inc
13include disable-passwdmgr.inc
14include disable-programs.inc
15include disable-xdg.inc
16
17include whitelist-common.inc
18include whitelist-runuser-common.inc
19include whitelist-usr-share-common.inc
20include whitelist-var-common.inc
21
22apparmor
23caps.drop all
24machine-id
25net none
26nodvd
27nogroups
28nonewprivs
29noroot
30nosound
31notv
32nou2f
33novideo
34protocol unix
35seccomp
36shell none
37tracelog
38
39disable-mnt
40private-cache
41private-dev
42private-etc dconf,fonts,gconf,gtk-2.0,gtk-3.0,machine-id,pango,X11
43private-tmp
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 16bda186e..adc8957e6 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -21,9 +21,12 @@ include disable-xdg.inc
21 21
22mkdir ${HOME}/.gnupg 22mkdir ${HOME}/.gnupg
23whitelist ${HOME}/.gnupg 23whitelist ${HOME}/.gnupg
24whitelist ${RUNUSER}/gnupg
25whitelist ${RUNUSER}/keyring
24whitelist /usr/share/gnupg 26whitelist /usr/share/gnupg
25whitelist /usr/share/gnupg2 27whitelist /usr/share/gnupg2
26include whitelist-common.inc 28include whitelist-common.inc
29include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 30include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 31include whitelist-var-common.inc
29 32
diff --git a/etc/gpg.profile b/etc/gpg.profile
index b408a0123..787f35f9e 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -18,9 +18,12 @@ include disable-interpreters.inc
18include disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20 20
21whitelist ${RUNUSER}/gnupg
22whitelist ${RUNUSER}/keyring
21whitelist /usr/share/gnupg 23whitelist /usr/share/gnupg
22whitelist /usr/share/gnupg2 24whitelist /usr/share/gnupg2
23whitelist /usr/share/pacman/keyrings 25whitelist /usr/share/pacman/keyrings
26include whitelist-runuser-common.inc
24include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
25include whitelist-var-common.inc 28include whitelist-var-common.inc
26 29
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index b3aa58d29..f3e3ab14d 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -15,6 +15,7 @@ include disable-programs.inc
15include disable-xdg.inc 15include disable-xdg.inc
16 16
17include whitelist-common.inc 17include whitelist-common.inc
18include whitelist-runuser-common.inc
18include whitelist-usr-share-common.inc 19include whitelist-usr-share-common.inc
19include whitelist-var-common.inc 20include whitelist-var-common.inc
20 21
diff --git a/etc/highlight.profile b/etc/highlight.profile
index 036de8d99..fc8b2f65a 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -7,6 +7,7 @@ include highlight.local
7include globals.local 7include globals.local
8 8
9blacklist ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10blacklist ${RUNUSER}
10 11
11include disable-common.inc 12include disable-common.inc
12include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/latex-common.profile b/etc/latex-common.profile
index 712ada722..84901e8ef 100644
--- a/etc/latex-common.profile
+++ b/etc/latex-common.profile
@@ -14,6 +14,7 @@ include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15 15
16whitelist /var/lib 16whitelist /var/lib
17include whitelist-runuser-common.inc
17include whitelist-var-common.inc 18include whitelist-var-common.inc
18 19
19caps.drop all 20caps.drop all
diff --git a/etc/less.profile b/etc/less.profile
index 00624e0f1..27e24c852 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -8,6 +8,7 @@ include less.local
8include globals.local 8include globals.local
9 9
10blacklist ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11blacklist ${RUNUSER}
11 12
12noblacklist ${HOME}/.lesshst 13noblacklist ${HOME}/.lesshst
13 14
diff --git a/etc/lightsoff.profile b/etc/lightsoff.profile
new file mode 100644
index 000000000..65c8bd78d
--- /dev/null
+++ b/etc/lightsoff.profile
@@ -0,0 +1,14 @@
1# Firejail profile for lightsoff
2# Description: Sliding tile puzzle game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include lightsoff.local
6# Persistent global definitions
7include globals.local
8
9whitelist /usr/share/lightsoff
10
11private-bin lightsoff
12
13# Redirect
14include gnome_games-common.profile
diff --git a/etc/links.profile b/etc/links.profile
index a31001c87..b2f94d3cf 100644
--- a/etc/links.profile
+++ b/etc/links.profile
@@ -24,6 +24,7 @@ include disable-xdg.inc
24mkdir ${HOME}/.links 24mkdir ${HOME}/.links
25whitelist ${HOME}/.links 25whitelist ${HOME}/.links
26whitelist ${DOWNLOADS} 26whitelist ${DOWNLOADS}
27include whitelist-runuser-common.inc
27include whitelist-var-common.inc 28include whitelist-var-common.inc
28 29
29caps.drop all 30caps.drop all
diff --git a/etc/lynx.profile b/etc/lynx.profile
index fb6fe94ec..dbd0a61e5 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19include whitelist-runuser-common.inc
20
19caps.drop all 21caps.drop all
20netfilter 22netfilter
21no3d 23no3d
diff --git a/etc/meld.profile b/etc/meld.profile
index 9a320c13d..be13e9643 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -36,6 +36,8 @@ include disable-passwdmgr.inc
36# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc. 36# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc.
37#include disable-programs.inc 37#include disable-programs.inc
38 38
39include whitelist-runuser-common.inc
40
39# Uncomment the next lines (or put it into your meld.local) if you don't need to compare files in /usr/share. 41# Uncomment the next lines (or put it into your meld.local) if you don't need to compare files in /usr/share.
40#whitelist /usr/share/meld 42#whitelist /usr/share/meld
41#include whitelist-usr-share-common.inc 43#include whitelist-usr-share-common.inc
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 1fc412955..8ff547b52 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -40,6 +40,8 @@ include disable-interpreters.inc
40include disable-passwdmgr.inc 40include disable-passwdmgr.inc
41include disable-programs.inc 41include disable-programs.inc
42 42
43include whitelist-runuser-common.inc
44
43caps.drop all 45caps.drop all
44netfilter 46netfilter
45no3d 47no3d
diff --git a/etc/newsboat.profile b/etc/newsboat.profile
index e063abe53..eabd17b4b 100644
--- a/etc/newsboat.profile
+++ b/etc/newsboat.profile
@@ -19,6 +19,7 @@ include disable-xdg.inc
19mkdir ${HOME}/.newsboat 19mkdir ${HOME}/.newsboat
20whitelist ${HOME}/.newsboat 20whitelist ${HOME}/.newsboat
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-runuser-common.inc
22include whitelist-var-common.inc 23include whitelist-var-common.inc
23 24
24caps.drop all 25caps.drop all
diff --git a/etc/nslookup.profile b/etc/nslookup.profile
index 40cb3b6d8..4aa1cfcbf 100644
--- a/etc/nslookup.profile
+++ b/etc/nslookup.profile
@@ -7,6 +7,10 @@ include nslookup.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix
11blacklist ${RUNUSER}/wayland-*
12blacklist ${RUNUSER}
13
10noblacklist ${PATH}/nslookup 14noblacklist ${PATH}/nslookup
11 15
12include disable-common.inc 16include disable-common.inc
diff --git a/etc/pandoc.profile b/etc/pandoc.profile
index 9a8d82a96..9117b0c07 100644
--- a/etc/pandoc.profile
+++ b/etc/pandoc.profile
@@ -8,6 +8,7 @@ include pandoc.local
8include globals.local 8include globals.local
9 9
10blacklist ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11blacklist ${RUNUSER}
11 12
12noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
13 14
diff --git a/etc/patch.profile b/etc/patch.profile
index 4a3365378..95c92a3f5 100644
--- a/etc/patch.profile
+++ b/etc/patch.profile
@@ -8,6 +8,7 @@ include patch.local
8include globals.local 8include globals.local
9 9
10blacklist ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11blacklist ${RUNUSER}
11 12
12noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
13 14
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 73ebf4615..a7112f1e8 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -7,6 +7,7 @@ include pdftotext.local
7include globals.local 7include globals.local
8 8
9blacklist ${RUNUSER}/wayland-* 9blacklist ${RUNUSER}/wayland-*
10blacklist ${RUNUSER}
10 11
11noblacklist ${DOCUMENTS} 12noblacklist ${DOCUMENTS}
12 13
diff --git a/etc/ping.profile b/etc/ping.profile
index 75ad0ee31..3ef8ad64a 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -7,6 +7,10 @@ include ping.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10blacklist /tmp/.X11-unix
11blacklist ${RUNUSER}/wayland-*
12blacklist ${RUNUSER}
13
10include disable-common.inc 14include disable-common.inc
11include disable-devel.inc 15include disable-devel.inc
12include disable-exec.inc 16include disable-exec.inc
diff --git a/etc/pitivi.profile b/etc/pitivi.profile
index 71032f2ee..c722e29b4 100644
--- a/etc/pitivi.profile
+++ b/etc/pitivi.profile
@@ -6,7 +6,6 @@ include pitivi.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9
10noblacklist ${HOME}/.config/pitivi 9noblacklist ${HOME}/.config/pitivi
11 10
12# Allow python (blacklisted by disable-interpreters.inc) 11# Allow python (blacklisted by disable-interpreters.inc)
@@ -20,6 +19,7 @@ include disable-interpreters.inc
20include disable-passwdmgr.inc 19include disable-passwdmgr.inc
21include disable-programs.inc 20include disable-programs.inc
22 21
22include whitelist-runuser-common.inc
23include whitelist-var-common.inc 23include whitelist-var-common.inc
24 24
25apparmor 25apparmor
diff --git a/etc/pngquant.profile b/etc/pngquant.profile
index f9ce43c4c..4695eee71 100644
--- a/etc/pngquant.profile
+++ b/etc/pngquant.profile
@@ -16,6 +16,8 @@ include disable-interpreters.inc
16include disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19include whitelist-runuser-common.inc
20include whitelist-usr-share-common.inc
19include whitelist-var-common.inc 21include whitelist-var-common.inc
20 22
21apparmor 23apparmor
diff --git a/etc/polari.profile b/etc/polari.profile
index 939e2537e..87a53775f 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -28,6 +28,7 @@ whitelist ${HOME}/.local/share/TpLogger
28whitelist ${HOME}/.local/share/telepathy 28whitelist ${HOME}/.local/share/telepathy
29whitelist ${HOME}/.purple 29whitelist ${HOME}/.purple
30include whitelist-common.inc 30include whitelist-common.inc
31include whitelist-runuser-common.inc
31 32
32caps.drop all 33caps.drop all
33netfilter 34netfilter
diff --git a/etc/remmina.profile b/etc/remmina.profile
index e85ceca13..6311c91df 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -19,6 +19,7 @@ include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22include whitelist-runuser-common.inc
22include whitelist-var-common.inc 23include whitelist-var-common.inc
23 24
24caps.drop all 25caps.drop all
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index aff8b08e3..689fbe626 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -25,6 +25,7 @@ include disable-xdg.inc
25whitelist /usr/share/rhythmbox 25whitelist /usr/share/rhythmbox
26whitelist /usr/share/lua 26whitelist /usr/share/lua
27whitelist /usr/share/libquvi-scripts 27whitelist /usr/share/libquvi-scripts
28include whitelist-runuser-common.inc
28include whitelist-usr-share-common.inc 29include whitelist-usr-share-common.inc
29include whitelist-var-common.inc 30include whitelist-var-common.inc
30 31
diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile
index 84147f0a5..500656a4b 100644
--- a/etc/rsync-download_only.profile
+++ b/etc/rsync-download_only.profile
@@ -14,6 +14,7 @@ include globals.local
14 14
15blacklist /tmp/.X11-unix 15blacklist /tmp/.X11-unix
16blacklist ${RUNUSER}/wayland-* 16blacklist ${RUNUSER}/wayland-*
17blacklist ${RUNUSER}
17 18
18include disable-common.inc 19include disable-common.inc
19include disable-devel.inc 20include disable-devel.inc
diff --git a/etc/seahorse.profile b/etc/seahorse.profile
index 5a742d05f..3a69086b5 100644
--- a/etc/seahorse.profile
+++ b/etc/seahorse.profile
@@ -31,7 +31,10 @@ whitelist /usr/share/gnupg
31whitelist /usr/share/gnupg2 31whitelist /usr/share/gnupg2
32whitelist /usr/share/seahorse 32whitelist /usr/share/seahorse
33whitelist /usr/share/seahorse-nautilus 33whitelist /usr/share/seahorse-nautilus
34whitelist ${RUNUSER}/gnupg
35whitelist ${RUNUSER}/keyring
34#include whitelist-common.inc 36#include whitelist-common.inc
37include whitelist-runuser-common.inc
35include whitelist-usr-share-common.inc 38include whitelist-usr-share-common.inc
36include whitelist-var-common.inc 39include whitelist-var-common.inc
37 40
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
index 7b4041222..fb43c61e4 100644
--- a/etc/shellcheck.profile
+++ b/etc/shellcheck.profile
@@ -8,6 +8,7 @@ include shellcheck.local
8include globals.local 8include globals.local
9 9
10blacklist ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11blacklist ${RUNUSER}
11 12
12noblacklist ${DOCUMENTS} 13noblacklist ${DOCUMENTS}
13 14
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 1551c3fb6..cbd59c6e0 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -18,7 +18,10 @@ include disable-exec.inc
18include disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20 20
21whitelist ${RUNUSER}/keyring/ssh
22whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh
21include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-runuser-common.inc
22 25
23caps.drop all 26caps.drop all
24ipc-namespace 27ipc-namespace
diff --git a/etc/strings.profile b/etc/strings.profile
index 7dc453b1f..7d2d035a4 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -8,6 +8,7 @@ include strings.local
8include globals.local 8include globals.local
9 9
10blacklist ${RUNUSER}/wayland-* 10blacklist ${RUNUSER}/wayland-*
11blacklist ${RUNUSER}
11 12
12#include disable-common.inc 13#include disable-common.inc
13include disable-devel.inc 14include disable-devel.inc
diff --git a/etc/teams.profile b/etc/teams.profile
index 8b60a941e..0e5a42be7 100644
--- a/etc/teams.profile
+++ b/etc/teams.profile
@@ -9,6 +9,8 @@ include teams.local
9# added by included profile 9# added by included profile
10#include globals.local 10#include globals.local
11 11
12ignore nodbus
13
12noblacklist ${HOME}/.config/teams 14noblacklist ${HOME}/.config/teams
13noblacklist ${HOME}/.config/Microsoft 15noblacklist ${HOME}/.config/Microsoft
14 16
@@ -30,7 +32,6 @@ tracelog
30disable-mnt 32disable-mnt
31private-cache 33private-cache
32private-dev 34private-dev
33private-tmp
34 35
35# Redirect 36# Redirect
36include electron.profile 37include electron.profile
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 0362b82af..4cb40027c 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -27,6 +27,7 @@
27# ALLOW INCLUDES 27# ALLOW INCLUDES
28# BLACKLISTS 28# BLACKLISTS
29# DISABLE INCLUDES 29# DISABLE INCLUDES
30# NOWHITELISTS
30# MKDIRS 31# MKDIRS
31# WHITELISTS 32# WHITELISTS
32# WHITELIST INCLUDES 33# WHITELIST INCLUDES
@@ -62,6 +63,8 @@ include globals.local
62#blacklist /tmp/.X11-unix 63#blacklist /tmp/.X11-unix
63# Disable Wayland 64# Disable Wayland
64#blacklist ${RUNUSER}/wayland-* 65#blacklist ${RUNUSER}/wayland-*
66# Disable RUNUSER (cli only)
67#blacklist ${RUNUSER}
65 68
66# It is common practice to add files/dirs containing program-specific configuration 69# It is common practice to add files/dirs containing program-specific configuration
67# (often ${HOME}/PROGRAMNAME or ${HOME}/.config/PROGRAMNAME) into disable-programs.inc 70# (often ${HOME}/PROGRAMNAME or ${HOME}/.config/PROGRAMNAME) into disable-programs.inc
@@ -116,6 +119,7 @@ include globals.local
116##mkfile PATH 119##mkfile PATH
117#whitelist PATH 120#whitelist PATH
118#include whitelist-common.inc 121#include whitelist-common.inc
122#GTK3 only: include whitelist-runuser-common.inc
119#include whitelist-usr-share-common.inc 123#include whitelist-usr-share-common.inc
120#include whitelist-var-common.inc 124#include whitelist-var-common.inc
121 125
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index f6efcf1a4..4193ef963 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -17,12 +17,12 @@ writable-run-user
17#whitelist /var/spool/mail 17#whitelist /var/spool/mail
18#writable-var 18#writable-var
19 19
20# Uncomment the next 4 lines or put them in your thunderbird.local to 20# These lines are needed to allow Firefox to load your profile when clicking a link in an email
21# allow Firefox to load your profile when clicking a link in an email 21noblacklist ${HOME}/.cache/mozilla
22#noblacklist ${HOME}/.cache/mozilla 22noblacklist ${HOME}/.mozilla
23#noblacklist ${HOME}/.mozilla 23whitelist ${HOME}/.cache/mozilla/firefox
24#whitelist ${HOME}/.cache/mozilla/firefox 24whitelist ${HOME}/.mozilla/firefox/profiles.ini
25#whitelist ${HOME}/.mozilla 25read-only ${HOME}/.mozilla/firefox/profiles.ini
26 26
27noblacklist ${HOME}/.cache/thunderbird 27noblacklist ${HOME}/.cache/thunderbird
28noblacklist ${HOME}/.gnupg 28noblacklist ${HOME}/.gnupg
diff --git a/etc/tracker.profile b/etc/tracker.profile
index d47185b1d..9030b1e01 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -17,6 +17,8 @@ include disable-interpreters.inc
17include disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19 19
20include whitelist-runuser-common.inc
21
20caps.drop all 22caps.drop all
21netfilter 23netfilter
22no3d 24no3d
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 01bdeb4ef..baa970307 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -7,6 +7,8 @@ include transmission-gtk.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10include whitelist-runuser-common.inc
11
10private-bin transmission-gtk 12private-bin transmission-gtk
11 13
12ignore memory-deny-write-execute 14ignore memory-deny-write-execute
diff --git a/etc/ts3client_runscript.sh.profile b/etc/ts3client_runscript.sh.profile
new file mode 100644
index 000000000..8d4675454
--- /dev/null
+++ b/etc/ts3client_runscript.sh.profile
@@ -0,0 +1,19 @@
1# Firejail profile alias for teamspeak3
2# Description: TeamSpeak is software for quality voice communication via the Internet
3# This file is overwritten after every install/update
4# Persistent local customizations
5include ts3client_runscript.sh.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10ignore noexec ${HOME}
11
12noblacklist ${HOME}/TeamSpeak3-Client-linux_x86
13noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64
14
15whitelist ${HOME}/TeamSpeak3-Client-linux_x86
16whitelist ${HOME}/TeamSpeak3-Client-linux_amd64
17
18# Redirect
19include teamspeak3.profile
diff --git a/etc/tshark.profile b/etc/tshark.profile
index 211f59f29..684a9491d 100644
--- a/etc/tshark.profile
+++ b/etc/tshark.profile
@@ -16,6 +16,7 @@ include disable-xdg.inc
16 16
17whitelist /usr/share/wireshark 17whitelist /usr/share/wireshark
18include whitelist-common.inc 18include whitelist-common.inc
19include whitelist-runuser-common.inc
19include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
21 22
diff --git a/etc/vim.profile b/etc/vim.profile
index d27a9a633..e9a474239 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -17,6 +17,8 @@ include disable-common.inc
17include disable-passwdmgr.inc 17include disable-passwdmgr.inc
18include disable-programs.inc 18include disable-programs.inc
19 19
20include whitelist-runuser-common.inc
21
20caps.drop all 22caps.drop all
21netfilter 23netfilter
22nodvd 24nodvd
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 97465baa1..5215ee6f5 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -20,6 +20,8 @@ include disable-passwdmgr.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23include whitelist-runuser-common.inc
24
23caps.drop all 25caps.drop all
24netfilter 26netfilter
25no3d 27no3d
diff --git a/etc/warmux.profile b/etc/warmux.profile
new file mode 100644
index 000000000..df7af49c4
--- /dev/null
+++ b/etc/warmux.profile
@@ -0,0 +1,53 @@
1# Firejail profile for warmux
2# Description: a convivial mass murder game
3# This file is overwritten after every install/update
4# Persistent local customizations
5include warmux.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/wormux
10noblacklist ${HOME}/.local/share/wormux
11noblacklist ${HOME}/.wormux
12
13include disable-common.inc
14include disable-devel.inc
15include disable-exec.inc
16include disable-interpreters.inc
17include disable-passwdmgr.inc
18include disable-programs.inc
19include disable-xdg.inc
20
21mkdir ${HOME}/.config/wormux
22mkdir ${HOME}/.local/share/wormux
23mkdir ${HOME}/.wormux
24whitelist ${HOME}/.config/wormux
25whitelist ${HOME}/.local/share/wormux
26whitelist ${HOME}/.wormux
27whitelist /usr/share/warmux
28include whitelist-common.inc
29include whitelist-usr-share-common.inc
30include whitelist-var-common.inc
31
32apparmor
33caps.drop all
34netfilter
35nodbus
36nodvd
37nogroups
38nonewprivs
39noroot
40notv
41nou2f
42novideo
43protocol unix,inet,inet6
44seccomp
45shell none
46tracelog
47
48disable-mnt
49private-bin warmux
50private-cache
51private-dev
52private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
53private-tmp
diff --git a/etc/wget.profile b/etc/wget.profile
index d402316e9..ad7a14c41 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.wgetrc
13 13
14blacklist /tmp/.X11-unix 14blacklist /tmp/.X11-unix
15blacklist ${RUNUSER}/wayland-* 15blacklist ${RUNUSER}/wayland-*
16blacklist ${RUNUSER}
16 17
17include disable-common.inc 18include disable-common.inc
18include disable-devel.inc 19include disable-devel.inc
diff --git a/etc/whitelist-runuser-common.inc b/etc/whitelist-runuser-common.inc
new file mode 100644
index 000000000..de59d03d3
--- /dev/null
+++ b/etc/whitelist-runuser-common.inc
@@ -0,0 +1,10 @@
1# Local customizations come here
2include whitelist-runuser-common.local
3
4# common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles
5
6whitelist ${RUNUSER}/bus
7whitelist ${RUNUSER}/dconf
8whitelist ${RUNUSER}/gdm/Xauthority
9whitelist ${RUNUSER}/pulse/native
10whitelist ${RUNUSER}/wayland-0
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc
index a9d4cadb8..8a0f6774a 100644
--- a/etc/whitelist-usr-share-common.inc
+++ b/etc/whitelist-usr-share-common.inc
@@ -22,6 +22,7 @@ whitelist /usr/share/glib-2.0
22whitelist /usr/share/glvnd 22whitelist /usr/share/glvnd
23whitelist /usr/share/gtk-2.0 23whitelist /usr/share/gtk-2.0
24whitelist /usr/share/gtk-3.0 24whitelist /usr/share/gtk-3.0
25whitelist /usr/share/gtk-engines
25whitelist /usr/share/gtksourceview-3.0 26whitelist /usr/share/gtksourceview-3.0
26whitelist /usr/share/gtksourceview-4 27whitelist /usr/share/gtksourceview-4
27whitelist /usr/share/hunspell 28whitelist /usr/share/hunspell
diff --git a/etc/whois.profile b/etc/whois.profile
index 9af6d6843..5fea610d8 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -9,6 +9,7 @@ include globals.local
9 9
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11blacklist ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12blacklist ${RUNUSER}
12 13
13include disable-common.inc 14include disable-common.inc
14include disable-devel.inc 15include disable-devel.inc
diff --git a/etc/yelp.profile b/etc/yelp.profile
index acd483209..7053f98e8 100644
--- a/etc/yelp.profile
+++ b/etc/yelp.profile
@@ -23,6 +23,7 @@ whitelist /usr/share/help
23whitelist /usr/share/yelp 23whitelist /usr/share/yelp
24whitelist /usr/share/yelp-xsl 24whitelist /usr/share/yelp-xsl
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc
26include whitelist-usr-share-common.inc 27include whitelist-usr-share-common.inc
27include whitelist-var-common.inc 28include whitelist-var-common.inc
28 29
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 19effef47..6066313a3 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -22,6 +22,7 @@ include allow-python3.inc
22 22
23blacklist /tmp/.X11-unix 23blacklist /tmp/.X11-unix
24blacklist ${RUNUSER}/wayland-* 24blacklist ${RUNUSER}/wayland-*
25blacklist ${RUNUSER}
25 26
26include disable-common.inc 27include disable-common.inc
27include disable-devel.inc 28include disable-devel.inc
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-15 18:35:21 +0000