aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/0ad.profile3
-rw-r--r--etc/2048-qt.profile4
-rw-r--r--etc/Builder.profile7
-rw-r--r--etc/Documents.profile7
-rw-r--r--etc/Logs.profile7
-rw-r--r--etc/Maps.profile7
-rw-r--r--etc/assogiate.profile6
-rw-r--r--etc/atom.profile1
-rw-r--r--etc/autokey-common.profile47
-rw-r--r--etc/autokey-gtk.profile11
-rw-r--r--etc/autokey-qt.profile11
-rw-r--r--etc/autokey-run.profile11
-rw-r--r--etc/autokey-shell.profile11
-rw-r--r--etc/brackets.profile2
-rw-r--r--etc/calibre.profile4
-rw-r--r--etc/cherrytree.profile3
-rw-r--r--etc/clocks.profile7
-rw-r--r--etc/eom.profile3
-rw-r--r--etc/evince.profile6
-rw-r--r--etc/frozen-bubble.profile7
-rw-r--r--etc/geany.profile1
-rw-r--r--etc/gnome-builder.profile1
-rw-r--r--etc/gnome-chess.profile4
-rw-r--r--etc/gnome-contacts.profile3
-rw-r--r--etc/gnome-logs.profile3
-rw-r--r--etc/hexchat.profile3
-rw-r--r--etc/leafpad.profile3
-rw-r--r--etc/mousepad.profile1
-rw-r--r--etc/ping.profile3
-rw-r--r--etc/pinta.profile3
-rw-r--r--etc/sol.profile3
-rw-r--r--etc/utox.profile47
-rw-r--r--etc/virtualbox.profile1
-rw-r--r--etc/warzone2100.profile1
-rw-r--r--etc/wget.profile3
-rw-r--r--etc/xcalc.profile3
36 files changed, 209 insertions, 39 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index 674fb2c6a..88c9c453b 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/0ad
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -44,5 +45,3 @@ private-bin 0ad,pyrogenesis,sh,which
44private-dev 45private-dev
45private-tmp 46private-tmp
46 47
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
index 10f354f19..2347039a6 100644
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/xiaoyong
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -39,6 +40,3 @@ shell none
39disable-mnt 40disable-mnt
40private-dev 41private-dev
41private-tmp 42private-tmp
42
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/Builder.profile b/etc/Builder.profile
new file mode 100644
index 000000000..128e0dfe3
--- /dev/null
+++ b/etc/Builder.profile
@@ -0,0 +1,7 @@
1# Firejail profile for gnome-builder
2# This file is overwritten after every install/update
3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect
7include gnome-builder.profile
diff --git a/etc/Documents.profile b/etc/Documents.profile
new file mode 100644
index 000000000..c965c55a8
--- /dev/null
+++ b/etc/Documents.profile
@@ -0,0 +1,7 @@
1# Firejail profile for gnome-documents
2# This file is overwritten after every install/update
3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect
7include gnome-documents.profile
diff --git a/etc/Logs.profile b/etc/Logs.profile
new file mode 100644
index 000000000..f82722ed4
--- /dev/null
+++ b/etc/Logs.profile
@@ -0,0 +1,7 @@
1# Firejail profile for gnome-logs
2# This file is overwritten after every install/update
3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect
7include gnome-logs.profile
diff --git a/etc/Maps.profile b/etc/Maps.profile
new file mode 100644
index 000000000..b3fc03e38
--- /dev/null
+++ b/etc/Maps.profile
@@ -0,0 +1,7 @@
1# Firejail profile for gnome-maps
2# This file is overwritten after every install/update
3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect
7include gnome-maps.profile
diff --git a/etc/assogiate.profile b/etc/assogiate.profile
index c579cc280..6a9848e83 100644
--- a/etc/assogiate.profile
+++ b/etc/assogiate.profile
@@ -7,6 +7,7 @@ include assogiate.local
7include globals.local 7include globals.local
8 8
9noblacklist ${PICTURES} 9noblacklist ${PICTURES}
10whitelist ${PICTURES}
10 11
11include disable-common.inc 12include disable-common.inc
12include disable-devel.inc 13include disable-devel.inc
@@ -15,9 +16,8 @@ include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
17include disable-xdg.inc 18include disable-xdg.inc
18
19whitelist ${PICTURES}
20include whitelist-common.inc 19include whitelist-common.inc
20include whitelist-var-common.inc
21 21
22apparmor 22apparmor
23caps.drop all 23caps.drop all
@@ -39,7 +39,7 @@ shell none
39tracelog 39tracelog
40 40
41disable-mnt 41disable-mnt
42private-bin assogiate,gtk-update-icon-cache 42private-bin assogiate,gtk-update-icon-cache,update-mime-database
43private-cache 43private-cache
44private-dev 44private-dev
45private-lib gnome-vfs-2.0,libattr.so.*,libacl.so.*,libfam.so.* 45private-lib gnome-vfs-2.0,libattr.so.*,libacl.so.*,libfam.so.*
diff --git a/etc/atom.profile b/etc/atom.profile
index 995c5598d..1c0afb277 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.atom
10noblacklist ${HOME}/.config/Atom 10noblacklist ${HOME}/.config/Atom
11noblacklist ${HOME}/.cargo/config 11noblacklist ${HOME}/.cargo/config
12noblacklist ${HOME}/.cargo/registry 12noblacklist ${HOME}/.cargo/registry
13noblacklist ${HOME}/.gitconfig
13 14
14include disable-common.inc 15include disable-common.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
diff --git a/etc/autokey-common.profile b/etc/autokey-common.profile
new file mode 100644
index 000000000..44c0a3c15
--- /dev/null
+++ b/etc/autokey-common.profile
@@ -0,0 +1,47 @@
1# Firejail profile for autokey
2# Description: Desktop automation utility
3# This file is overwritten after every install/update
4# Persistent local customizations
5include autokey-common.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/autokey
10noblacklist ${HOME}/.local/share/autokey
11
12# Allow python (blacklisted by disable-interpreters.inc)
13noblacklist ${PATH}/python2*
14noblacklist ${PATH}/python3*
15noblacklist /usr/lib/python2*
16noblacklist /usr/lib/python3*
17noblacklist /usr/local/lib/python2*
18noblacklist /usr/local/lib/python3*
19noblacklist /usr/share/python2*
20noblacklist /usr/share/python3*
21
22include disable-common.inc
23include disable-devel.inc
24# disable-exec.inc might break scripting functionality
25#include disable-exec.inc
26include disable-interpreters.inc
27include disable-passwdmgr.inc
28include disable-programs.inc
29include whitelist-var-common.inc
30
31caps.drop all
32netfilter
33no3d
34nogroups
35nonewprivs
36noroot
37nou2f
38protocol unix,inet,inet6
39seccomp
40shell none
41tracelog
42
43private-cache
44private-dev
45private-tmp
46
47# memory-deny-write-execute - Breaks on Arch
diff --git a/etc/autokey-gtk.profile b/etc/autokey-gtk.profile
new file mode 100644
index 000000000..86168ba0d
--- /dev/null
+++ b/etc/autokey-gtk.profile
@@ -0,0 +1,11 @@
1# Firejail profile for autokey-gtk
2# Description: Desktop automation utility (GTK version)
3# This file is overwritten after every install/update
4# Persistent local customizations
5include autokey-gtk.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10#Redirect
11include autokey-common.profile
diff --git a/etc/autokey-qt.profile b/etc/autokey-qt.profile
new file mode 100644
index 000000000..f3877d829
--- /dev/null
+++ b/etc/autokey-qt.profile
@@ -0,0 +1,11 @@
1# Firejail profile for autokey-qt
2# Description: Desktop automation utility (Qt version)
3# This file is overwritten after every install/update
4# Persistent local customizations
5include autokey-qt.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10#Redirect
11include autokey-common.profile
diff --git a/etc/autokey-run.profile b/etc/autokey-run.profile
new file mode 100644
index 000000000..b70239022
--- /dev/null
+++ b/etc/autokey-run.profile
@@ -0,0 +1,11 @@
1# Firejail profile for autokey-run
2# Description: Desktop automation utility (CLI version)
3# This file is overwritten after every install/update
4# Persistent local customizations
5include autokey-run.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10#Redirect
11include autokey-common.profile
diff --git a/etc/autokey-shell.profile b/etc/autokey-shell.profile
new file mode 100644
index 000000000..5745fce77
--- /dev/null
+++ b/etc/autokey-shell.profile
@@ -0,0 +1,11 @@
1# Firejail profile for autokey-shell
2# Description: Desktop automation utility (CLI shell)
3# This file is overwritten after every install/update
4# Persistent local customizations
5include autokey-shell.local
6# Persistent global definitions
7# added by included profile
8#include globals.local
9
10#Redirect
11include autokey-common.profile
diff --git a/etc/brackets.profile b/etc/brackets.profile
index cead6ec24..46870e1ad 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -9,8 +9,10 @@ noblacklist ${HOME}/.config/Brackets
9#noblacklist /opt/brackets/ 9#noblacklist /opt/brackets/
10#noblacklist /opt/google/ 10#noblacklist /opt/google/
11# Uncomment the the next two lines if you are developing rust. 11# Uncomment the the next two lines if you are developing rust.
12# or put it in your brackets.local
12#noblacklist ${HOME}/.cargo/config 13#noblacklist ${HOME}/.cargo/config
13#noblacklist ${HOME}/.cargo/registry 14#noblacklist ${HOME}/.cargo/registry
15noblacklist ${HOME}/.gitconfig
14 16
15include disable-common.inc 17include disable-common.inc
16include disable-passwdmgr.inc 18include disable-passwdmgr.inc
diff --git a/etc/calibre.profile b/etc/calibre.profile
index 5c7d3e1e7..363e9191d 100644
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@@ -12,6 +12,7 @@ noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
17include disable-xdg.inc 18include disable-xdg.inc
@@ -36,6 +37,3 @@ tracelog
36 37
37private-dev 38private-dev
38private-tmp 39private-tmp
39
40noexec ${HOME}
41noexec /tmp
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 22bda418a..44ef12aa2 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -19,6 +19,7 @@ noblacklist /usr/local/lib/python3*
19 19
20include disable-common.inc 20include disable-common.inc
21include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
22include disable-interpreters.inc 23include disable-interpreters.inc
23include disable-passwdmgr.inc 24include disable-passwdmgr.inc
24include disable-programs.inc 25include disable-programs.inc
@@ -44,5 +45,3 @@ private-cache
44private-dev 45private-dev
45private-tmp 46private-tmp
46 47
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/clocks.profile b/etc/clocks.profile
new file mode 100644
index 000000000..dd234ce44
--- /dev/null
+++ b/etc/clocks.profile
@@ -0,0 +1,7 @@
1# Firejail profile for gnome-clocks
2# This file is overwritten after every install/update
3
4
5# Temporary fix for https://github.com/netblue30/firejail/issues/2624
6# Redirect
7include gnome-clocks.profile
diff --git a/etc/eom.profile b/etc/eom.profile
index a6007f99c..745e650aa 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.steam
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -43,5 +44,3 @@ private-lib
43private-tmp 44private-tmp
44 45
45#memory-deny-write-execute - breaks on Arch 46#memory-deny-write-execute - breaks on Arch
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/evince.profile b/etc/evince.profile
index c3c6d4be0..b1f984784 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -11,6 +11,7 @@ noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -23,7 +24,8 @@ machine-id
23# net none - breaks AppArmor on Ubuntu systems 24# net none - breaks AppArmor on Ubuntu systems
24netfilter 25netfilter
25no3d 26no3d
26nodbus # might break two-page-view on some systems 27# nodbus might break two-page-view on some systems
28nodbus
27nodvd 29nodvd
28nogroups 30nogroups
29nonewprivs 31nonewprivs
@@ -45,5 +47,3 @@ private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,li
45private-tmp 47private-tmp
46 48
47# memory-deny-write-execute - might break application (https://github.com/netblue30/firejail/issues/1803) 49# memory-deny-write-execute - might break application (https://github.com/netblue30/firejail/issues/1803)
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index ed3b4490f..6de61840c 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -8,6 +8,13 @@ include globals.local
8 8
9noblacklist ${HOME}/.frozen-bubble 9noblacklist ${HOME}/.frozen-bubble
10 10
11# Allow perl (blacklisted by disable-interpreters.inc)
12noblacklist ${PATH}/cpan*
13noblacklist ${PATH}/core_perl
14noblacklist ${PATH}/perl
15noblacklist /usr/lib/perl*
16noblacklist /usr/share/perl*
17
11include disable-common.inc 18include disable-common.inc
12include disable-devel.inc 19include disable-devel.inc
13include disable-interpreters.inc 20include disable-interpreters.inc
diff --git a/etc/geany.profile b/etc/geany.profile
index a21e19329..7f96449c9 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9noblacklist ${HOME}/.config/geany 9noblacklist ${HOME}/.config/geany
10noblacklist ${HOME}/.python-history 10noblacklist ${HOME}/.python-history
11noblacklist ${HOME}/.gitconfig
11 12
12include disable-common.inc 13include disable-common.inc
13include disable-passwdmgr.inc 14include disable-passwdmgr.inc
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index 05ebea80c..d5e3cd435 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -9,6 +9,7 @@ include globals.local
9noblacklist ${HOME}/.cargo/config 9noblacklist ${HOME}/.cargo/config
10noblacklist ${HOME}/.cargo/registry 10noblacklist ${HOME}/.cargo/registry
11noblacklist ${HOME}/.python-history 11noblacklist ${HOME}/.python-history
12noblacklist ${HOME}/.gitconfig
12 13
13include disable-common.inc 14include disable-common.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index dc5b62428..2f4626891 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/gnome-chess
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -37,6 +38,3 @@ private-bin fairymax,gnome-chess,hoichess,gnuchess
37private-dev 38private-dev
38private-etc alternatives,fonts,gnome-chess 39private-etc alternatives,fonts,gnome-chess
39private-tmp 40private-tmp
40
41noexec ${HOME}
42noexec /tmp
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile
index 2a13b3b27..ac6d82451 100644
--- a/etc/gnome-contacts.profile
+++ b/etc/gnome-contacts.profile
@@ -10,6 +10,7 @@ noblacklist ${DOCUMENTS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -35,5 +36,3 @@ disable-mnt
35private-dev 36private-dev
36private-tmp 37private-tmp
37 38
38noexec ${HOME}
39noexec /tmp
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index c7cbd8388..9a12162db 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -26,6 +26,7 @@ nodbus
26nodvd 26nodvd
27# When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html), 27# When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html),
28# comment both 'nogroups' and 'noroot' 28# comment both 'nogroups' and 'noroot'
29# or put 'ignore nogroups' and 'ignore noroot' to your gnome-logs.local.
29nogroups 30nogroups
30nonewprivs 31nonewprivs
31noroot 32noroot
@@ -46,7 +47,5 @@ private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.s
46private-tmp 47private-tmp
47writable-var-log 48writable-var-log
48 49
49memory-deny-write-execute
50
51# comment this if you export logs to a file in your ${HOME} 50# comment this if you export logs to a file in your ${HOME}
52read-only ${HOME} 51read-only ${HOME}
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index e8abf4b31..ee70e6655 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -19,6 +19,7 @@ noblacklist /usr/local/lib/python3*
19 19
20include disable-common.inc 20include disable-common.inc
21include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
22include disable-interpreters.inc 23include disable-interpreters.inc
23include disable-passwdmgr.inc 24include disable-passwdmgr.inc
24include disable-programs.inc 25include disable-programs.inc
@@ -53,5 +54,3 @@ private-dev
53private-tmp 54private-tmp
54 55
55# memory-deny-write-execute - breaks python 56# memory-deny-write-execute - breaks python
56noexec ${HOME}
57noexec /tmp
diff --git a/etc/leafpad.profile b/etc/leafpad.profile
index 47ea5606a..56a792c8e 100644
--- a/etc/leafpad.profile
+++ b/etc/leafpad.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/leafpad
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -36,5 +37,3 @@ private-dev
36private-lib 37private-lib
37private-tmp 38private-tmp
38 39
39noexec ${HOME}
40noexec /tmp
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index 4500f74a5..3b9807b28 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/Mousepad
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
diff --git a/etc/ping.profile b/etc/ping.profile
index bdd29c1a1..66574bab5 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -46,5 +47,3 @@ private-tmp
46 47
47# memory-deny-write-execute is built using seccomp; nonewprivs will kill it 48# memory-deny-write-execute is built using seccomp; nonewprivs will kill it
48#memory-deny-write-execute 49#memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 3dfe3cc1b..8151bc98f 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -12,6 +12,7 @@ noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -37,5 +38,3 @@ private-dev
37private-cache 38private-cache
38private-tmp 39private-tmp
39 40
40noexec ${HOME}
41noexec /tmp
diff --git a/etc/sol.profile b/etc/sol.profile
index c194eed05..ea1620b31 100644
--- a/etc/sol.profile
+++ b/etc/sol.profile
@@ -7,6 +7,7 @@ include globals.local
7 7
8include disable-common.inc 8include disable-common.inc
9include disable-devel.inc 9include disable-devel.inc
10include disable-exec.inc
10include disable-interpreters.inc 11include disable-interpreters.inc
11include disable-passwdmgr.inc 12include disable-passwdmgr.inc
12include disable-programs.inc 13include disable-programs.inc
@@ -40,5 +41,3 @@ private-dev
40private-tmp 41private-tmp
41 42
42# memory-deny-write-execute 43# memory-deny-write-execute
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/utox.profile b/etc/utox.profile
new file mode 100644
index 000000000..9216a6a05
--- /dev/null
+++ b/etc/utox.profile
@@ -0,0 +1,47 @@
1# Firejail profile for utox
2# Description: Lightweight Tox client
3# This file is overwritten after every install/update
4# Persistent local customizations
5include utox.local
6# Persistent global definitions
7include globals.local
8
9noblacklist ${HOME}/.config/tox
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-passwdmgr.inc
16include disable-programs.inc
17include disable-xdg.inc
18
19mkdir ${HOME}/.config/tox
20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.config/tox
22include whitelist-common.inc
23include whitelist-var-common.inc
24
25apparmor
26caps.drop all
27ipc-namespace
28netfilter
29nodvd
30nogroups
31nonewprivs
32noroot
33notv
34nou2f
35protocol unix,inet,inet6
36seccomp
37shell none
38tracelog
39
40disable-mnt
41private-bin utox
42private-cache
43private-dev
44private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse,openal
45private-tmp
46
47memory-deny-write-execute
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index 1ef44dd5c..45f9949f3 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -14,6 +14,7 @@ noblacklist /usr/lib/virtualbox
14noblacklist /usr/lib64/virtualbox 14noblacklist /usr/lib64/virtualbox
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-exec.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
19 20
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 816f2236c..85cbc5e43 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.warzone2100-3.*
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
diff --git a/etc/wget.profile b/etc/wget.profile
index c0a6f0d21..a7ef32e2c 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.wget-hsts
13noblacklist ${HOME}/.wgetrc 13noblacklist ${HOME}/.wgetrc
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-exec.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
18 19
@@ -38,5 +39,3 @@ private-dev
38# private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies 39# private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies
39# private-tmp 40# private-tmp
40 41
41noexec ${HOME}
42noexec /tmp
diff --git a/etc/xcalc.profile b/etc/xcalc.profile
index 1941787b1..0ad423d30 100644
--- a/etc/xcalc.profile
+++ b/etc/xcalc.profile
@@ -7,6 +7,7 @@ include globals.local
7 7
8include disable-common.inc 8include disable-common.inc
9include disable-devel.inc 9include disable-devel.inc
10include disable-exec.inc
10include disable-interpreters.inc 11include disable-interpreters.inc
11include disable-passwdmgr.inc 12include disable-passwdmgr.inc
12include disable-programs.inc 13include disable-programs.inc
@@ -38,5 +39,3 @@ private-dev
38private-lib 39private-lib
39private-tmp 40private-tmp
40 41
41noexec ${HOME}
42noexec /tmp
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-05 22:36:54 +0000