diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/akregator.profile | 30 | ||||
-rw-r--r-- | etc/disable-programs.inc | 4 | ||||
-rw-r--r-- | etc/kcalc.profile | 29 | ||||
-rw-r--r-- | etc/ktorrent.profile | 30 |
4 files changed, 93 insertions, 0 deletions
diff --git a/etc/akregator.profile b/etc/akregator.profile new file mode 100644 index 000000000..c99153450 --- /dev/null +++ b/etc/akregator.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/akregator.local | ||
4 | |||
5 | ################################ | ||
6 | # Generic GUI application profile | ||
7 | ################################ | ||
8 | noblacklist ${HOME}/.config/akregatorrc | ||
9 | noblacklist ${HOME}/.local/share/akregator | ||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | netfilter | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix,inet,inet6 | ||
19 | seccomp | ||
20 | |||
21 | # | ||
22 | # depending on you usage, you can enable some of the commands below: | ||
23 | # | ||
24 | # nogroups | ||
25 | # shell none | ||
26 | # private-bin program | ||
27 | # private-etc none | ||
28 | # private-dev | ||
29 | # private-tmp | ||
30 | |||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32adac298..fbe614b0d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5 | |||
21 | blacklist ${HOME}/.bibletime | 21 | blacklist ${HOME}/.bibletime |
22 | blacklist ${HOME}/.claws-mail | 22 | blacklist ${HOME}/.claws-mail |
23 | blacklist ${HOME}/.config/0ad | 23 | blacklist ${HOME}/.config/0ad |
24 | blacklist ${HOME}/.config/akregatorrc | ||
24 | blacklist ${HOME}/.config/Atom | 25 | blacklist ${HOME}/.config/Atom |
25 | blacklist ${HOME}/.config/Audaciousrc | 26 | blacklist ${HOME}/.config/Audaciousrc |
26 | blacklist ${HOME}/.config/Brackets | 27 | blacklist ${HOME}/.config/Brackets |
@@ -179,6 +180,7 @@ blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | |||
179 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 180 | blacklist ${HOME}/.kde4/share/config/konquerorrc |
180 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 181 | blacklist ${HOME}/.kde4/share/config/okularpartrc |
181 | blacklist ${HOME}/.kde4/share/config/okularrc | 182 | blacklist ${HOME}/.kde4/share/config/okularrc |
183 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
182 | blacklist ${HOME}/.kde/share/apps/gwenview | 184 | blacklist ${HOME}/.kde/share/apps/gwenview |
183 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 185 | blacklist ${HOME}/.kde/share/apps/kcookiejar |
184 | blacklist ${HOME}/.kde/share/apps/khtml | 186 | blacklist ${HOME}/.kde/share/apps/khtml |
@@ -196,6 +198,7 @@ blacklist ${HOME}/.kde/share/config/konqsidebartngrc | |||
196 | blacklist ${HOME}/.kde/share/config/konquerorrc | 198 | blacklist ${HOME}/.kde/share/config/konquerorrc |
197 | blacklist ${HOME}/.kde/share/config/okularpartrc | 199 | blacklist ${HOME}/.kde/share/config/okularpartrc |
198 | blacklist ${HOME}/.kde/share/config/okularrc | 200 | blacklist ${HOME}/.kde/share/config/okularrc |
201 | blacklist ${HOME}/.kde/share/config/ktorrentrc | ||
199 | blacklist ${HOME}/.killingfloor | 202 | blacklist ${HOME}/.killingfloor |
200 | blacklist ${HOME}/.kino-history | 203 | blacklist ${HOME}/.kino-history |
201 | blacklist ${HOME}/.kinorc | 204 | blacklist ${HOME}/.kinorc |
@@ -207,6 +210,7 @@ blacklist ${HOME}/.local/.share/maps-places.json | |||
207 | blacklist ${HOME}/.local/lib/python2.7/site-packages | 210 | blacklist ${HOME}/.local/lib/python2.7/site-packages |
208 | blacklist ${HOME}/.local/share/0ad | 211 | blacklist ${HOME}/.local/share/0ad |
209 | blacklist ${HOME}/.local/share/3909/PapersPlease | 212 | blacklist ${HOME}/.local/share/3909/PapersPlease |
213 | blacklist ${HOME}/.local/share/akregator | ||
210 | blacklist ${HOME}/.local/share/Empathy | 214 | blacklist ${HOME}/.local/share/Empathy |
211 | blacklist ${HOME}/.local/share/Mumble | 215 | blacklist ${HOME}/.local/share/Mumble |
212 | blacklist ${HOME}/.local/share/QuiteRss | 216 | blacklist ${HOME}/.local/share/QuiteRss |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile new file mode 100644 index 000000000..88f84fdf6 --- /dev/null +++ b/etc/kcalc.profile | |||
@@ -0,0 +1,29 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/kcalc.local | ||
4 | |||
5 | ################################ | ||
6 | # Generic GUI application profile | ||
7 | ################################ | ||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-programs.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | |||
12 | caps.drop all | ||
13 | netfilter | ||
14 | nonewprivs | ||
15 | noroot | ||
16 | protocol unix,inet,inet6 | ||
17 | seccomp | ||
18 | |||
19 | # | ||
20 | # depending on you usage, you can enable some of the commands below: | ||
21 | # | ||
22 | private | ||
23 | nogroups | ||
24 | shell none | ||
25 | # private-bin program | ||
26 | # private-etc none | ||
27 | private-dev | ||
28 | private-tmp | ||
29 | |||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile new file mode 100644 index 000000000..f1a5d995d --- /dev/null +++ b/etc/ktorrent.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/ktorrent.local | ||
4 | |||
5 | ################################ | ||
6 | # Generic GUI application profile | ||
7 | ################################ | ||
8 | blacklist ${HOME}/.kde/share/config/ktorrentrc | ||
9 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | netfilter | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix,inet,inet6 | ||
19 | seccomp | ||
20 | |||
21 | # | ||
22 | # depending on you usage, you can enable some of the commands below: | ||
23 | # | ||
24 | nogroups | ||
25 | shell none | ||
26 | # private-bin program | ||
27 | # private-etc none | ||
28 | private-dev | ||
29 | # private-tmp | ||
30 | |||