diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/bitlbee.profile | 1 | ||||
-rw-r--r-- | etc/disable-common.inc | 4 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/firefox-common-addons.inc | 13 | ||||
-rw-r--r-- | etc/flowblade.profile | 6 | ||||
-rw-r--r-- | etc/less.profile | 2 | ||||
-rw-r--r-- | etc/musixmatch.profile | 1 | ||||
-rw-r--r-- | etc/openshot.profile | 6 | ||||
-rw-r--r-- | etc/ranger.profile | 10 | ||||
-rw-r--r-- | etc/uzbl-browser.profile | 7 | ||||
-rw-r--r-- | etc/zathura.profile | 3 |
11 files changed, 47 insertions, 7 deletions
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index b6baa66bc..1cd5d6a69 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -28,7 +28,6 @@ seccomp | |||
28 | disable-mnt | 28 | disable-mnt |
29 | private | 29 | private |
30 | private-dev | 30 | private-dev |
31 | private-dev | ||
32 | private-tmp | 31 | private-tmp |
33 | read-write /var/lib/bitlbee | 32 | read-write /var/lib/bitlbee |
34 | 33 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index ff5dc7b6b..7bc66b1e9 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -116,6 +116,10 @@ blacklist /run/user/*/kdeinit5__* | |||
116 | # blacklist /tmp/ksocket-*/kdeinit4__* | 116 | # blacklist /tmp/ksocket-*/kdeinit4__* |
117 | # - causes issues when kdeinit4 gets killed; enable on KDE Plasma 4 | 117 | # - causes issues when kdeinit4 gets killed; enable on KDE Plasma 4 |
118 | 118 | ||
119 | # gnome | ||
120 | # contains extensions, last used times of applications, and notifications | ||
121 | blacklist ${HOME}/.local/share/gnome-shell | ||
122 | |||
119 | # systemd | 123 | # systemd |
120 | blacklist ${HOME}/.config/systemd | 124 | blacklist ${HOME}/.config/systemd |
121 | blacklist ${HOME}/.local/share/systemd | 125 | blacklist ${HOME}/.local/share/systemd |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index b68dde0c4..eddb12e08 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -429,6 +429,7 @@ blacklist ${HOME}/.local/share/telepathy | |||
429 | blacklist ${HOME}/.local/share/terasology | 429 | blacklist ${HOME}/.local/share/terasology |
430 | blacklist ${HOME}/.local/share/torbrowser | 430 | blacklist ${HOME}/.local/share/torbrowser |
431 | blacklist ${HOME}/.local/share/totem | 431 | blacklist ${HOME}/.local/share/totem |
432 | blacklist ${HOME}/.local/share/uzbl | ||
432 | blacklist ${HOME}/.local/share/vlc | 433 | blacklist ${HOME}/.local/share/vlc |
433 | blacklist ${HOME}/.local/share/vpltd | 434 | blacklist ${HOME}/.local/share/vpltd |
434 | blacklist ${HOME}/.local/share/vulkan | 435 | blacklist ${HOME}/.local/share/vulkan |
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index b237c3c05..333ebdaa2 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc | |||
@@ -16,7 +16,6 @@ noblacklist ${HOME}/.kde4/share/apps/okular | |||
16 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 16 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
17 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 17 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
18 | noblacklist ${HOME}/.kde4/share/config/okularrc | 18 | noblacklist ${HOME}/.kde4/share/config/okularrc |
19 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions | ||
20 | noblacklist ${HOME}/.local/share/kget | 19 | noblacklist ${HOME}/.local/share/kget |
21 | noblacklist ${HOME}/.local/share/okular | 20 | noblacklist ${HOME}/.local/share/okular |
22 | noblacklist ${HOME}/.local/share/qpdfview | 21 | noblacklist ${HOME}/.local/share/qpdfview |
@@ -41,7 +40,6 @@ whitelist ${HOME}/.kde4/share/config/okularpartrc | |||
41 | whitelist ${HOME}/.kde4/share/config/okularrc | 40 | whitelist ${HOME}/.kde4/share/config/okularrc |
42 | whitelist ${HOME}/.keysnail.js | 41 | whitelist ${HOME}/.keysnail.js |
43 | whitelist ${HOME}/.lastpass | 42 | whitelist ${HOME}/.lastpass |
44 | whitelist ${HOME}/.local/share/gnome-shell/extensions | ||
45 | whitelist ${HOME}/.local/share/kget | 43 | whitelist ${HOME}/.local/share/kget |
46 | whitelist ${HOME}/.local/share/okular | 44 | whitelist ${HOME}/.local/share/okular |
47 | whitelist ${HOME}/.local/share/qpdfview | 45 | whitelist ${HOME}/.local/share/qpdfview |
@@ -53,3 +51,14 @@ whitelist ${HOME}/.wine-pipelight | |||
53 | whitelist ${HOME}/.wine-pipelight64 | 51 | whitelist ${HOME}/.wine-pipelight64 |
54 | whitelist ${HOME}/.zotero | 52 | whitelist ${HOME}/.zotero |
55 | whitelist ${HOME}/dwhelper | 53 | whitelist ${HOME}/dwhelper |
54 | |||
55 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python 3 (blacklisted by disable-interpreters.inc) | ||
56 | noblacklist ${HOME}/.local/share/gnome-shell/extensions | ||
57 | whitelist ${HOME}/.local/share/gnome-shell/extensions | ||
58 | ignore nodbus | ||
59 | noblacklist ${PATH}/python3* | ||
60 | noblacklist /usr/lib/python3* | ||
61 | |||
62 | # Flash plugin | ||
63 | # private-etc must first be enabled in firefox-common.profile and in profiles including it. | ||
64 | #private-etc adobe | ||
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index bad8538cf..e06107f0f 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
@@ -8,6 +8,12 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.config/flowblade | 8 | noblacklist ${HOME}/.config/flowblade |
9 | noblacklist ${HOME}/.flowblade | 9 | noblacklist ${HOME}/.flowblade |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
12 | noblacklist ${PATH}/python2* | ||
13 | noblacklist ${PATH}/python3* | ||
14 | noblacklist /usr/lib/python2* | ||
15 | noblacklist /usr/lib/python3* | ||
16 | |||
11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
diff --git a/etc/less.profile b/etc/less.profile index e2616ba4f..9b04329f2 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -20,7 +20,7 @@ shell none | |||
20 | tracelog | 20 | tracelog |
21 | writable-var-log | 21 | writable-var-log |
22 | 22 | ||
23 | # The user can have a custom coloring scritps configured in ${HOME}/.lessfilter. | 23 | # The user can have a custom coloring script configured in ${HOME}/.lessfilter. |
24 | # Enable private-bin and private-lib if you are not using any filter. | 24 | # Enable private-bin and private-lib if you are not using any filter. |
25 | # private-bin less | 25 | # private-bin less |
26 | # private-lib | 26 | # private-lib |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index 1a3ee5e6f..fce60e89e 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -24,7 +24,6 @@ notv | |||
24 | novideo | 24 | novideo |
25 | protocol unix,inet,inet6,netlink | 25 | protocol unix,inet,inet6,netlink |
26 | seccomp | 26 | seccomp |
27 | shell none | ||
28 | 27 | ||
29 | disable-mnt | 28 | disable-mnt |
30 | private-dev | 29 | private-dev |
diff --git a/etc/openshot.profile b/etc/openshot.profile index 114580f1e..832008564 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -8,6 +8,12 @@ include /etc/firejail/globals.local | |||
8 | noblacklist ${HOME}/.openshot | 8 | noblacklist ${HOME}/.openshot |
9 | noblacklist ${HOME}/.openshot_qt | 9 | noblacklist ${HOME}/.openshot_qt |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | ||
12 | noblacklist ${PATH}/python2* | ||
13 | noblacklist ${PATH}/python3* | ||
14 | noblacklist /usr/lib/python2* | ||
15 | noblacklist /usr/lib/python3* | ||
16 | |||
11 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 18 | include /etc/firejail/disable-devel.inc |
13 | include /etc/firejail/disable-interpreters.inc | 19 | include /etc/firejail/disable-interpreters.inc |
diff --git a/etc/ranger.profile b/etc/ranger.profile index 94b282669..ff65a057b 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -5,11 +5,19 @@ include /etc/firejail/ranger.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ranger | ||
9 | |||
10 | # Allow python (blacklisted by disable-interpreters.inc) | ||
11 | noblacklist ${PATH}/python2* | ||
12 | noblacklist ${PATH}/python3* | ||
13 | noblacklist /usr/lib/python2* | ||
14 | noblacklist /usr/lib/python3* | ||
15 | |||
16 | # Allow perl | ||
8 | # noblacklist ${PATH}/cpan* | 17 | # noblacklist ${PATH}/cpan* |
9 | noblacklist ${PATH}/perl | 18 | noblacklist ${PATH}/perl |
10 | noblacklist /usr/lib/perl* | 19 | noblacklist /usr/lib/perl* |
11 | noblacklist /usr/share/perl* | 20 | noblacklist /usr/share/perl* |
12 | noblacklist ${HOME}/.config/ranger | ||
13 | 21 | ||
14 | include /etc/firejail/disable-common.inc | 22 | include /etc/firejail/disable-common.inc |
15 | include /etc/firejail/disable-devel.inc | 23 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index 0a3549c97..b8a3fa497 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
@@ -7,6 +7,13 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uzbl | 8 | noblacklist ${HOME}/.config/uzbl |
9 | noblacklist ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.local/share/uzbl | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | noblacklist ${PATH}/python2* | ||
14 | noblacklist ${PATH}/python3* | ||
15 | noblacklist /usr/lib/python2* | ||
16 | noblacklist /usr/lib/python3* | ||
10 | 17 | ||
11 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
12 | include /etc/firejail/disable-devel.inc | 19 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/zathura.profile b/etc/zathura.profile index b47aeb0da..028e15ef5 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | machine-id | ||
18 | # net none | 19 | # net none |
19 | # nodbus | 20 | # nodbus |
20 | nodvd | 21 | nodvd |
@@ -29,7 +30,7 @@ shell none | |||
29 | 30 | ||
30 | private-bin zathura | 31 | private-bin zathura |
31 | private-dev | 32 | private-dev |
32 | private-etc fonts | 33 | private-etc fonts,machine-id |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
35 | read-only ${HOME}/ | 36 | read-only ${HOME}/ |