diff options
Diffstat (limited to 'etc')
24 files changed, 115 insertions, 103 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 14f7d8cf7..faae99543 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -171,6 +171,10 @@ blacklist ${RUNUSER}/gsconnect | |||
171 | blacklist ${RUNUSER}/i3/ipc-socket.* | 171 | blacklist ${RUNUSER}/i3/ipc-socket.* |
172 | blacklist /tmp/i3-*/ipc-socket.* | 172 | blacklist /tmp/i3-*/ipc-socket.* |
173 | 173 | ||
174 | # sway IPC socket (allows arbitrary shell script execution) | ||
175 | blacklist ${RUNUSER}/sway-ipc.* | ||
176 | blacklist /tmp/sway-ipc.* | ||
177 | |||
174 | # systemd | 178 | # systemd |
175 | blacklist ${HOME}/.config/systemd | 179 | blacklist ${HOME}/.config/systemd |
176 | blacklist ${HOME}/.local/share/systemd | 180 | blacklist ${HOME}/.local/share/systemd |
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 8b70756ba..6217af780 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -14,8 +14,7 @@ whitelist ${HOME}/.cache/mozilla/abrowser | |||
14 | whitelist ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | whitelist /usr/share/abrowser | 15 | whitelist /usr/share/abrowser |
16 | 16 | ||
17 | # private-etc must first be enabled in firefox-common.profile | 17 | private-etc abrowser |
18 | #private-etc abrowser | ||
19 | 18 | ||
20 | # Redirect | 19 | # Redirect |
21 | include firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 7d2fe143c..f5595274e 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -19,8 +19,7 @@ seccomp | |||
19 | ignore seccomp | 19 | ignore seccomp |
20 | 20 | ||
21 | #private-bin basilisk | 21 | #private-bin basilisk |
22 | # private-etc must first be enabled in firefox-common.profile | 22 | private-etc basilisk |
23 | #private-etc basilisk | ||
24 | #private-opt basilisk | 23 | #private-opt basilisk |
25 | 24 | ||
26 | restrict-namespaces | 25 | restrict-namespaces |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index e596ec9d2..7afccf5cd 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -59,5 +59,8 @@ dbus-user.talk ca.desrt.dconf | |||
59 | dbus-user.talk org.freedesktop.Tracker1 | 59 | dbus-user.talk org.freedesktop.Tracker1 |
60 | dbus-system none | 60 | dbus-system none |
61 | 61 | ||
62 | env WEBKIT_FORCE_SANDBOX=0 | 62 | # Warning: Disabling the webkit sandbox may be needed to make firejail work |
63 | # with webkit2gtk, but this is not recommended (see #2995). | ||
64 | # Add the following line to bijiben.local at your own risk: | ||
65 | #env WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 | ||
63 | restrict-namespaces | 66 | restrict-namespaces |
diff --git a/etc/profile-a-l/bitwarden-desktop.profile b/etc/profile-a-l/bitwarden-desktop.profile new file mode 100644 index 000000000..4c1994c50 --- /dev/null +++ b/etc/profile-a-l/bitwarden-desktop.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # Firejail profile for bitwarden-desktop | ||
2 | # Description: A secure and free password manager for all of your devices | ||
3 | # This file is overwritten after every install/update. | ||
4 | # Persistent local customisations | ||
5 | include bitwarden-desktop.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | # Redirect | ||
11 | include bitwarden.profile | ||
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index 1572ca572..9ed48b02d 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -6,13 +6,13 @@ include bitwarden.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Disabled until someone reported positive feedback | ||
10 | ignore include whitelist-usr-share-common.inc | ||
11 | |||
12 | ignore noexec /tmp | 9 | ignore noexec /tmp |
13 | 10 | ||
14 | noblacklist ${HOME}/.config/Bitwarden | 11 | noblacklist ${HOME}/.config/Bitwarden |
15 | 12 | ||
13 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
14 | include allow-bin-sh.inc | ||
15 | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
diff --git a/etc/profile-a-l/cachy-browser.profile b/etc/profile-a-l/cachy-browser.profile index 05e1a69f1..6218dbbe8 100644 --- a/etc/profile-a-l/cachy-browser.profile +++ b/etc/profile-a-l/cachy-browser.profile | |||
@@ -26,9 +26,7 @@ whitelist /usr/share/cachy-browser | |||
26 | 26 | ||
27 | # Add the next line to your cachy-browser.local to enable private-bin (Arch Linux). | 27 | # Add the next line to your cachy-browser.local to enable private-bin (Arch Linux). |
28 | #private-bin dbus-launch,dbus-send,cachy-browser,sh | 28 | #private-bin dbus-launch,dbus-send,cachy-browser,sh |
29 | # Add the next line to your cachy-browser.local to enable private-etc. | 29 | private-etc cachy-browser |
30 | # Note: private-etc must first be enabled in firefox-common.local. | ||
31 | #private-etc cachy-browser | ||
32 | 30 | ||
33 | dbus-user filter | 31 | dbus-user filter |
34 | dbus-user.own org.mozilla.cachybrowser.* | 32 | dbus-user.own org.mozilla.cachybrowser.* |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index d0bf9797e..bded735a9 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -17,8 +17,7 @@ whitelist ${HOME}/.cliqz | |||
17 | whitelist ${HOME}/.config/cliqz | 17 | whitelist ${HOME}/.config/cliqz |
18 | whitelist /usr/share/cliqz | 18 | whitelist /usr/share/cliqz |
19 | 19 | ||
20 | # private-etc must first be enabled in firefox-common.profile | 20 | private-etc cliqz |
21 | #private-etc cliqz | ||
22 | 21 | ||
23 | # Redirect | 22 | # Redirect |
24 | include firefox-common.profile | 23 | include firefox-common.profile |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index c7a42e0eb..173c5b4a5 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -16,8 +16,7 @@ whitelist /usr/share/8pecxstudios | |||
16 | whitelist /usr/share/cyberfox | 16 | whitelist /usr/share/cyberfox |
17 | 17 | ||
18 | #private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 18 | #private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
19 | # private-etc must first be enabled in firefox-common.profile | 19 | private-etc cyberfox |
20 | #private-etc cyberfox | ||
21 | 20 | ||
22 | # Redirect | 21 | # Redirect |
23 | include firefox-common.profile | 22 | include firefox-common.profile |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index 75338eb6d..e11134616 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -12,45 +12,16 @@ noblacklist ${HOME}/.config/d-feet | |||
12 | include allow-python2.inc | 12 | include allow-python2.inc |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
14 | 14 | ||
15 | include disable-common.inc | ||
16 | include disable-devel.inc | ||
17 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-shell.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | mkdir ${HOME}/.config/d-feet | 15 | mkdir ${HOME}/.config/d-feet |
24 | whitelist ${HOME}/.config/d-feet | 16 | whitelist ${HOME}/.config/d-feet |
25 | whitelist /usr/share/d-feet | 17 | whitelist /usr/share/d-feet |
26 | include whitelist-common.inc | ||
27 | include whitelist-runuser-common.inc | ||
28 | include whitelist-usr-share-common.inc | ||
29 | include whitelist-var-common.inc | ||
30 | 18 | ||
31 | apparmor | 19 | # breaks on Ubuntu |
32 | caps.drop all | 20 | ignore net none |
33 | ipc-namespace | ||
34 | #net none # breaks on Ubuntu | ||
35 | no3d | ||
36 | nodvd | ||
37 | nogroups | ||
38 | noinput | ||
39 | nonewprivs | ||
40 | noroot | ||
41 | nosound | ||
42 | notv | ||
43 | nou2f | ||
44 | novideo | ||
45 | protocol unix | ||
46 | seccomp | ||
47 | 21 | ||
48 | disable-mnt | ||
49 | private-bin d-feet,python* | 22 | private-bin d-feet,python* |
50 | private-cache | ||
51 | private-dev | ||
52 | private-etc dbus-1 | ||
53 | private-tmp | ||
54 | 23 | ||
55 | #memory-deny-write-execute # breaks on Arch (see issue #1803) | 24 | #memory-deny-write-execute # breaks on Arch (see issue #1803) |
56 | restrict-namespaces | 25 | |
26 | # Redirect | ||
27 | include dbus-debug-common.profile | ||
diff --git a/etc/profile-a-l/d-spy.profile b/etc/profile-a-l/d-spy.profile index 9ff429ecb..2c9ef52cb 100644 --- a/etc/profile-a-l/d-spy.profile +++ b/etc/profile-a-l/d-spy.profile | |||
@@ -6,43 +6,7 @@ include d-spy.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-proc.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-shell.inc | ||
16 | include disable-xdg.inc | ||
17 | |||
18 | include whitelist-common.inc | ||
19 | include whitelist-runuser-common.inc | ||
20 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | net none | ||
27 | no3d | ||
28 | nodvd | ||
29 | nogroups | ||
30 | noinput | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | |||
40 | disable-mnt | ||
41 | private-bin d-spy | 9 | private-bin d-spy |
42 | private-cache | ||
43 | private-dev | ||
44 | private-etc dbus-1 | ||
45 | private-tmp | ||
46 | 10 | ||
47 | read-only ${HOME} | 11 | # Redirect |
48 | restrict-namespaces | 12 | include dbus-debug-common.profile |
diff --git a/etc/profile-a-l/dbus-debug-common.profile b/etc/profile-a-l/dbus-debug-common.profile new file mode 100644 index 000000000..0ef060f3a --- /dev/null +++ b/etc/profile-a-l/dbus-debug-common.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for dbus-debug-common | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include dbus-debug-common.local | ||
5 | # Persistent global definitions | ||
6 | # added by caller profile | ||
7 | #include globals.local | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-proc.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-shell.inc | ||
16 | include disable-xdg.inc | ||
17 | |||
18 | include whitelist-common.inc | ||
19 | include whitelist-runuser-common.inc | ||
20 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | net none | ||
27 | no3d | ||
28 | nodvd | ||
29 | nogroups | ||
30 | noinput | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | seccomp.block-secondary | ||
40 | tracelog | ||
41 | |||
42 | disable-mnt | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-etc dbus-1 | ||
46 | private-tmp | ||
47 | |||
48 | read-only ${HOME} | ||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dtui.profile b/etc/profile-a-l/dtui.profile new file mode 100644 index 000000000..b85ae451b --- /dev/null +++ b/etc/profile-a-l/dtui.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # Firejail profile for dtui | ||
2 | # Description: TUI D-Bus debugger | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include dtui.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | private-bin dtui | ||
11 | |||
12 | memory-deny-write-execute | ||
13 | |||
14 | # Redirect | ||
15 | include dbus-debug-common.profile | ||
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile index 1af2884b6..52a439c48 100644 --- a/etc/profile-a-l/element-desktop.profile +++ b/etc/profile-a-l/element-desktop.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.config/Element | |||
14 | mkdir ${HOME}/.config/Element | 14 | mkdir ${HOME}/.config/Element |
15 | whitelist ${HOME}/.config/Element | 15 | whitelist ${HOME}/.config/Element |
16 | whitelist /opt/Element | 16 | whitelist /opt/Element |
17 | whitelist /usr/share/element | ||
17 | 18 | ||
18 | dbus-user filter | 19 | dbus-user filter |
19 | dbus-user.talk org.freedesktop.Notifications | 20 | dbus-user.talk org.freedesktop.Notifications |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index ccc2dc7f6..5e3d0983d 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -92,8 +92,7 @@ include allow-python3.inc | |||
92 | #private-bin keepassxc-proxy | 92 | #private-bin keepassxc-proxy |
93 | 93 | ||
94 | # Flash plugin | 94 | # Flash plugin |
95 | # private-etc must first be enabled in firefox-common.profile and in profiles including it. | 95 | private-etc adobe |
96 | #private-etc adobe | ||
97 | 96 | ||
98 | # ff2mpv | 97 | # ff2mpv |
99 | #ignore noexec ${HOME} | 98 | #ignore noexec ${HOME} |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index b0a42fb77..19bda5454 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -14,8 +14,7 @@ whitelist ${HOME}/.cache/mozilla/icecat | |||
14 | whitelist ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | whitelist /usr/share/icecat | 15 | whitelist /usr/share/icecat |
16 | 16 | ||
17 | # private-etc must first be enabled in firefox-common.profile | 17 | private-etc icecat |
18 | #private-etc icecat | ||
19 | 18 | ||
20 | # Redirect | 19 | # Redirect |
21 | include firefox-common.profile | 20 | include firefox-common.profile |
diff --git a/etc/profile-a-l/iceweasel.profile b/etc/profile-a-l/iceweasel.profile index badd2648a..d6a925a77 100644 --- a/etc/profile-a-l/iceweasel.profile +++ b/etc/profile-a-l/iceweasel.profile | |||
@@ -6,8 +6,7 @@ include iceweasel.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # private-etc must first be enabled in firefox-common.profile | 9 | private-etc iceweasel |
10 | #private-etc iceweasel | ||
11 | 10 | ||
12 | # Redirect | 11 | # Redirect |
13 | include firefox.profile | 12 | include firefox.profile |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 65a4a3787..8db82d364 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -27,9 +27,7 @@ whitelist /usr/share/librewolf | |||
27 | 27 | ||
28 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 28 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
29 | #private-bin dbus-launch,dbus-send,librewolf,sh | 29 | #private-bin dbus-launch,dbus-send,librewolf,sh |
30 | # Add the next line to your librewolf.local to enable private-etc. | 30 | private-etc librewolf |
31 | # Note: private-etc must first be enabled in firefox-common.local. | ||
32 | #private-etc librewolf | ||
33 | 31 | ||
34 | dbus-user filter | 32 | dbus-user filter |
35 | dbus-user.own io.gitlab.librewolf.* | 33 | dbus-user.own io.gitlab.librewolf.* |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 9f4990246..645510124 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -58,7 +58,7 @@ protocol unix | |||
58 | seccomp | 58 | seccomp |
59 | tracelog | 59 | tracelog |
60 | 60 | ||
61 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar | 61 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,ps2pdf,unar,unrar |
62 | private-dev | 62 | private-dev |
63 | private-etc @x11,cups | 63 | private-etc @x11,cups |
64 | # on KDE we need access to the real /tmp for data exchange with email clients | 64 | # on KDE we need access to the real /tmp for data exchange with email clients |
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index 8917a9bc5..8e1a5daf5 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -21,8 +21,7 @@ seccomp | |||
21 | ignore seccomp | 21 | ignore seccomp |
22 | 22 | ||
23 | #private-bin palemoon | 23 | #private-bin palemoon |
24 | # private-etc must first be enabled in firefox-common.profile | 24 | private-etc palemoon |
25 | #private-etc palemoon | ||
26 | 25 | ||
27 | restrict-namespaces | 26 | restrict-namespaces |
28 | ignore restrict-namespaces | 27 | ignore restrict-namespaces |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 62efa28db..1c4d85ea0 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -19,7 +19,8 @@ include disable-exec.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist ${RUNUSER}/gcr/ssh | 21 | whitelist ${RUNUSER}/gcr/ssh |
22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh | 22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh # default gpg homedir setup |
23 | whitelist ${RUNUSER}/gnupg/*/S.gpg-agent.ssh # custom gpg homedir setup | ||
23 | whitelist ${RUNUSER}/keyring/ssh | 24 | whitelist ${RUNUSER}/keyring/ssh |
24 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
25 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/sway.profile b/etc/profile-m-z/sway.profile index f71905150..b7f90f6ad 100644 --- a/etc/profile-m-z/sway.profile +++ b/etc/profile-m-z/sway.profile | |||
@@ -10,6 +10,10 @@ include globals.local | |||
10 | noblacklist ${HOME}/.config/sway | 10 | noblacklist ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | noblacklist ${HOME}/.config/i3 | 12 | noblacklist ${HOME}/.config/i3 |
13 | # allow creation of IPC socket | ||
14 | noblacklist ${RUNUSER}/sway-ipc.* | ||
15 | noblacklist /tmp/sway-ipc.* | ||
16 | |||
13 | include disable-common.inc | 17 | include disable-common.inc |
14 | 18 | ||
15 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index bf6f45e41..cf2fced64 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -21,9 +21,7 @@ whitelist /usr/share/waterfox | |||
21 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. | 21 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. |
22 | # Add the next line to your waterfox.local to enable private-bin. | 22 | # Add the next line to your waterfox.local to enable private-bin. |
23 | #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which | 23 | #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which |
24 | # Add the next line to your waterfox.local to enable private-etc. Note that private-etc must first be | 24 | private-etc waterfox |
25 | # enabled in your firefox-common.local. | ||
26 | #private-etc waterfox | ||
27 | 25 | ||
28 | # Redirect | 26 | # Redirect |
29 | include firefox-common.profile | 27 | include firefox-common.profile |
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index 306212f85..430934df2 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -19,6 +19,7 @@ ignore dbus-system none | |||
19 | noblacklist ${HOME}/.config/zoom.conf | 19 | noblacklist ${HOME}/.config/zoom.conf |
20 | noblacklist ${HOME}/.config/zoomus.conf | 20 | noblacklist ${HOME}/.config/zoomus.conf |
21 | noblacklist ${HOME}/.zoom | 21 | noblacklist ${HOME}/.zoom |
22 | noblacklist ${DOCUMENTS} | ||
22 | 23 | ||
23 | nowhitelist ${DOWNLOADS} | 24 | nowhitelist ${DOWNLOADS} |
24 | 25 | ||
@@ -26,10 +27,12 @@ mkdir ${HOME}/.cache/zoom | |||
26 | mkfile ${HOME}/.config/zoom.conf | 27 | mkfile ${HOME}/.config/zoom.conf |
27 | mkfile ${HOME}/.config/zoomus.conf | 28 | mkfile ${HOME}/.config/zoomus.conf |
28 | mkdir ${HOME}/.zoom | 29 | mkdir ${HOME}/.zoom |
30 | mkdir ${HOME}/Documents/Zoom | ||
29 | whitelist ${HOME}/.cache/zoom | 31 | whitelist ${HOME}/.cache/zoom |
30 | whitelist ${HOME}/.config/zoom.conf | 32 | whitelist ${HOME}/.config/zoom.conf |
31 | whitelist ${HOME}/.config/zoomus.conf | 33 | whitelist ${HOME}/.config/zoomus.conf |
32 | whitelist ${HOME}/.zoom | 34 | whitelist ${HOME}/.zoom |
35 | whitelist ${HOME}/Documents/Zoom | ||
33 | 36 | ||
34 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 | 37 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 |
35 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 38 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |