aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/disable-programs.inc4
-rw-r--r--etc/profile-m-z/newsbeuter.profile18
-rw-r--r--etc/profile-m-z/newsboat.profile14
-rw-r--r--etc/profile-m-z/telegram.profile10
-rw-r--r--etc/profile-m-z/virtualbox.profile1
-rw-r--r--etc/profile-m-z/youtube-dl-gui.profile56
-rw-r--r--etc/templates/profile.template2
7 files changed, 99 insertions, 6 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 06b8cfb6d..7a37c9fb4 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -334,6 +334,7 @@ blacklist ${HOME}/.config/nemo
334blacklist ${HOME}/.config/neomutt 334blacklist ${HOME}/.config/neomutt
335blacklist ${HOME}/.config/netsurf 335blacklist ${HOME}/.config/netsurf
336blacklist ${HOME}/.config/newsbeuter 336blacklist ${HOME}/.config/newsbeuter
337blacklist ${HOME}/.config/newsboat
337blacklist ${HOME}/.config/newsflash 338blacklist ${HOME}/.config/newsflash
338blacklist ${HOME}/.config/nheko 339blacklist ${HOME}/.config/nheko
339blacklist ${HOME}/.config/NitroShare 340blacklist ${HOME}/.config/NitroShare
@@ -437,6 +438,7 @@ blacklist ${HOME}/.config/yandex-browser
437blacklist ${HOME}/.config/yandex-browser-beta 438blacklist ${HOME}/.config/yandex-browser-beta
438blacklist ${HOME}/.config/yelp 439blacklist ${HOME}/.config/yelp
439blacklist ${HOME}/.config/youtube-dl 440blacklist ${HOME}/.config/youtube-dl
441blacklist ${HOME}/.config/youtube-dlg
440blacklist ${HOME}/.config/youtubemusic-nativefier-040164 442blacklist ${HOME}/.config/youtubemusic-nativefier-040164
441blacklist ${HOME}/.config/youtube-music-desktop-app 443blacklist ${HOME}/.config/youtube-music-desktop-app
442blacklist ${HOME}/.config/youtube-viewer 444blacklist ${HOME}/.config/youtube-viewer
@@ -702,6 +704,8 @@ blacklist ${HOME}/.local/share/nautilus-python
702blacklist ${HOME}/.local/share/nemo 704blacklist ${HOME}/.local/share/nemo
703blacklist ${HOME}/.local/share/nemo-python 705blacklist ${HOME}/.local/share/nemo-python
704blacklist ${HOME}/.local/share/news-flash 706blacklist ${HOME}/.local/share/news-flash
707blacklist ${HOME}/.local/share/newsbeuter
708blacklist ${HOME}/.local/share/newsboat
705blacklist ${HOME}/.local/share/nomacs 709blacklist ${HOME}/.local/share/nomacs
706blacklist ${HOME}/.local/share/notes 710blacklist ${HOME}/.local/share/notes
707blacklist ${HOME}/.local/share/ocenaudio 711blacklist ${HOME}/.local/share/ocenaudio
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index 85581a2f0..6efb19502 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -7,13 +7,23 @@ include newsbeuter.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10noblacklist ${HOME}/.config/newsbeuter 10ignore include newsboat.local
11noblacklist ${HOME}/.newsbeuter 11ignore mkdir ${HOME}/.config/newsboat
12ignore mkdir ${HOME}/.local/share/newsboat
13ignore mkdir ${HOME}/.newsboat
14blacklist ${PATH}/newsboat
15
16blacklist ${HOME}/.config/newsboat
17blacklist ${HOME}/.local/share/newsboat
18blacklist ${HOME}/.newsboat
19
20nowhitelist ${HOME}/.config/newsboat
21nowhitelist ${HOME}/.local/share/newsboat
22nowhitelist ${HOME}/.newsboat
12 23
13mkdir ${HOME}/.config/newsbeuter 24mkdir ${HOME}/.config/newsbeuter
25mkdir ${HOME}/.local/share/newsbeuter
14mkdir ${HOME}/.newsbeuter 26mkdir ${HOME}/.newsbeuter
15whitelist ${HOME}/.config/newsbeuter
16whitelist ${HOME}/.newsbeuter
17 27
18private-bin newsbeuter 28private-bin newsbeuter
19 29
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index 85b780ced..23c2de43c 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,6 +6,11 @@ include newsboat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/newsbeuter
10noblacklist ${HOME}/.config/newsboat
11noblacklist ${HOME}/.local/share/newsbeuter
12noblacklist ${HOME}/.local/share/newsboat
13noblacklist ${HOME}/.newsbeuter
9noblacklist ${HOME}/.newsboat 14noblacklist ${HOME}/.newsboat
10 15
11include disable-common.inc 16include disable-common.inc
@@ -16,7 +21,14 @@ include disable-passwdmgr.inc
16include disable-programs.inc 21include disable-programs.inc
17include disable-xdg.inc 22include disable-xdg.inc
18 23
24mkdir ${HOME}/.config/newsboat
25mkdir ${HOME}/.local/share/newsboat
19mkdir ${HOME}/.newsboat 26mkdir ${HOME}/.newsboat
27whitelist ${HOME}/.config/newsbeuter
28whitelist ${HOME}/.config/newsboat
29whitelist ${HOME}/.local/share/newsbeuter
30whitelist ${HOME}/.local/share/newsboat
31whitelist ${HOME}/.newsbeuter
20whitelist ${HOME}/.newsboat 32whitelist ${HOME}/.newsboat
21include whitelist-common.inc 33include whitelist-common.inc
22include whitelist-runuser-common.inc 34include whitelist-runuser-common.inc
@@ -38,7 +50,7 @@ seccomp
38shell none 50shell none
39 51
40disable-mnt 52disable-mnt
41private-bin gzip,lynx,newsboat,sh 53private-bin gzip,lynx,newsboat,sh,w3m
42private-cache 54private-cache
43private-dev 55private-dev
44private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo 56private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile
index fce7dc461..38d291324 100644
--- a/etc/profile-m-z/telegram.profile
+++ b/etc/profile-m-z/telegram.profile
@@ -36,10 +36,20 @@ noroot
36notv 36notv
37protocol unix,inet,inet6,netlink 37protocol unix,inet,inet6,netlink
38seccomp 38seccomp
39seccomp.block-secondary
39shell none 40shell none
41tracelog
40 42
41disable-mnt 43disable-mnt
44#private-bin telegram,Telegram,telegram-desktop
42private-cache 45private-cache
43private-dev 46private-dev
44private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg 47private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg
45private-tmp 48private-tmp
49
50dbus-user filter
51dbus-user.talk org.freedesktop.Notifications
52dbus-user.talk org.kde.StatusNotifierWatcher
53dbus-user.talk org.gnome.Mutter.IdleMonitor
54dbus-user.talk org.freedesktop.ScreenSaver
55dbus-system none
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile
index 232ff8ae4..64d787bfb 100644
--- a/etc/profile-m-z/virtualbox.profile
+++ b/etc/profile-m-z/virtualbox.profile
@@ -44,6 +44,7 @@ shell none
44tracelog 44tracelog
45 45
46#disable-mnt 46#disable-mnt
47#private-bin basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami
47private-cache 48private-cache
48private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl 49private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
49private-tmp 50private-tmp
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile
new file mode 100644
index 000000000..c072d6267
--- /dev/null
+++ b/etc/profile-m-z/youtube-dl-gui.profile
@@ -0,0 +1,56 @@
1# Firejail profile for youtube-dl-gui
2# Description: A cross platform front-end GUI of the popular youtube-dl media downloader
3include youtube-dl-gui.local
4# This file is overwritten after every install/update
5include globals.local
6
7#These are blacklisted by disable-interpreters.inc
8include allow-python2.inc
9include allow-python3.inc
10
11noblacklist ${HOME}/.config/youtube-dlg
12
13include disable-common.inc
14include disable-devel.inc
15include disable-exec.inc
16include disable-interpreters.inc
17include disable-passwdmgr.inc
18include disable-programs.inc
19include disable-shell.inc
20include disable-xdg.inc
21
22mkdir ${HOME}/.config/youtube-dlg
23whitelist ${HOME}/.config/youtube-dlg
24whitelist ${DOWNLOADS}
25include whitelist-common.inc
26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc
28include whitelist-var-common.inc
29
30apparmor
31caps.drop all
32machine-id
33netfilter
34nodvd
35nogroups
36nonewprivs
37noroot
38nosound
39notv
40nou2f
41novideo
42protocol unix,inet,inet6
43seccomp
44seccomp.block-secondary
45shell none
46tracelog
47
48disable-mnt
49private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui
50private-cache
51private-dev
52private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,locale,locale.conf,passwd,pki,resolv.conf,ssl
53private-tmp
54
55dbus-user none
56dbus-system none
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index af5497757..065245a63 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -203,7 +203,7 @@ include globals.local
203# - Some features like native notifications are implemented as portal too. 203# - Some features like native notifications are implemented as portal too.
204# - In order to make dconf work (when used by the app) you need to allow 204# - In order to make dconf work (when used by the app) you need to allow
205# 'ca.desrt.dconf' even when not allowed by flatpak. 205# 'ca.desrt.dconf' even when not allowed by flatpak.
206# Notes and Policiy about addresses can be found at 206# Notes and policies about addresses can be found at
207# <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus> 207# <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus>
208#dbus-user filter 208#dbus-user filter
209#dbus-user.own com.github.netblue30.firejail 209#dbus-user.own com.github.netblue30.firejail
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-21 11:26:13 +0000