diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/Cryptocat.profile | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 8 | ||||
-rw-r--r-- | etc/disable-devel.inc | 3 | ||||
-rw-r--r-- | etc/disable-passwdmgr.inc | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 12 | ||||
-rw-r--r-- | etc/evolution.profile | 3 | ||||
-rw-r--r-- | etc/uzbl-browser.profile | 27 | ||||
-rw-r--r-- | etc/whitelist-common.inc | 3 |
8 files changed, 60 insertions, 1 deletions
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 3db34c03c..b61b88f68 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # Firejail profile for | 1 | # Firejail profile for Cryptocat |
2 | noblacklist ${HOME}/.config/Cryptocat | 2 | noblacklist ${HOME}/.config/Cryptocat |
3 | 3 | ||
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 184885c7f..ac32f07e7 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-common.local | ||
3 | |||
1 | # History files in $HOME | 4 | # History files in $HOME |
2 | blacklist-nolog ${HOME}/.history | 5 | blacklist-nolog ${HOME}/.history |
3 | blacklist-nolog ${HOME}/.*_history | 6 | blacklist-nolog ${HOME}/.*_history |
@@ -81,6 +84,7 @@ read-only ${HOME}/.profile | |||
81 | read-only ${HOME}/.antigen | 84 | read-only ${HOME}/.antigen |
82 | read-only ${HOME}/.bash_login | 85 | read-only ${HOME}/.bash_login |
83 | read-only ${HOME}/.bashrc | 86 | read-only ${HOME}/.bashrc |
87 | read-only ${HOME}/.bash_aliases | ||
84 | read-only ${HOME}/.bash_profile | 88 | read-only ${HOME}/.bash_profile |
85 | read-only ${HOME}/.bash_logout | 89 | read-only ${HOME}/.bash_logout |
86 | read-only ${HOME}/.zsh.d | 90 | read-only ${HOME}/.zsh.d |
@@ -101,6 +105,9 @@ read-only ${HOME}/.caffrc | |||
101 | read-only ${HOME}/.dotfiles | 105 | read-only ${HOME}/.dotfiles |
102 | read-only ${HOME}/dotfiles | 106 | read-only ${HOME}/dotfiles |
103 | read-only ${HOME}/.mailcap | 107 | read-only ${HOME}/.mailcap |
108 | read-only ${HOME}/.muttrc | ||
109 | read-only ${HOME}/.mutt/muttrc | ||
110 | read-only ${HOME}/.msmtprc | ||
104 | read-only ${HOME}/.exrc | 111 | read-only ${HOME}/.exrc |
105 | read-only ${HOME}/_exrc | 112 | read-only ${HOME}/_exrc |
106 | read-only ${HOME}/.vimrc | 113 | read-only ${HOME}/.vimrc |
@@ -134,6 +141,7 @@ blacklist ${HOME}/.Private | |||
134 | blacklist ${HOME}/.ssh | 141 | blacklist ${HOME}/.ssh |
135 | blacklist ${HOME}/.cert | 142 | blacklist ${HOME}/.cert |
136 | blacklist ${HOME}/.gnome2/keyrings | 143 | blacklist ${HOME}/.gnome2/keyrings |
144 | blacklist ${HOME}/.local/share/keyrings | ||
137 | blacklist ${HOME}/.kde4/share/apps/kwallet | 145 | blacklist ${HOME}/.kde4/share/apps/kwallet |
138 | blacklist ${HOME}/.kde/share/apps/kwallet | 146 | blacklist ${HOME}/.kde/share/apps/kwallet |
139 | blacklist ${HOME}/.local/share/kwalletd | 147 | blacklist ${HOME}/.local/share/kwalletd |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 2ac367f37..07fc3928c 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-devel.local | ||
3 | |||
1 | # development tools | 4 | # development tools |
2 | 5 | ||
3 | # GCC | 6 | # GCC |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 045b4d92b..7d129b2e4 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-passwdmgr.local | ||
3 | |||
1 | blacklist ${HOME}/.pki/nssdb | 4 | blacklist ${HOME}/.pki/nssdb |
2 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.lastpass |
3 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.keepassx |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e5eb4f857..b307978da 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/disable-programs.local | ||
3 | |||
1 | blacklist ${HOME}/.*coin | 4 | blacklist ${HOME}/.*coin |
2 | blacklist ${HOME}/.8pecxstudios | 5 | blacklist ${HOME}/.8pecxstudios |
3 | blacklist ${HOME}/.Atom | 6 | blacklist ${HOME}/.Atom |
@@ -174,8 +177,17 @@ blacklist ${HOME}/.icedove | |||
174 | blacklist ${HOME}/.inkscape | 177 | blacklist ${HOME}/.inkscape |
175 | blacklist ${HOME}/.jitsi | 178 | blacklist ${HOME}/.jitsi |
176 | blacklist ${HOME}/.kde/share/apps/gwenview | 179 | blacklist ${HOME}/.kde/share/apps/gwenview |
180 | blacklist ${HOME}/.kde/share/apps/kcookiejar | ||
181 | blacklist ${HOME}/.kde/share/apps/khtml | ||
182 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | ||
183 | blacklist ${HOME}/.kde/share/apps/konqueror | ||
177 | blacklist ${HOME}/.kde/share/apps/okular | 184 | blacklist ${HOME}/.kde/share/apps/okular |
178 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 185 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
186 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | ||
187 | blacklist ${HOME}/.kde/share/config/khtmlrc | ||
188 | blacklist ${HOME}/.kde/share/config/konq_history | ||
189 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | ||
190 | blacklist ${HOME}/.kde/share/config/konquerorrc | ||
179 | blacklist ${HOME}/.kde/share/config/okularpartrc | 191 | blacklist ${HOME}/.kde/share/config/okularpartrc |
180 | blacklist ${HOME}/.kde/share/config/okularrc | 192 | blacklist ${HOME}/.kde/share/config/okularrc |
181 | blacklist ${HOME}/.killingfloor | 193 | blacklist ${HOME}/.killingfloor |
diff --git a/etc/evolution.profile b/etc/evolution.profile index ab6dd7a4a..1707e562b 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -6,6 +6,9 @@ noblacklist ~/.pki | |||
6 | noblacklist ~/.pki/nssdb | 6 | noblacklist ~/.pki/nssdb |
7 | noblacklist ~/.gnupg | 7 | noblacklist ~/.gnupg |
8 | 8 | ||
9 | noblacklist /var/spool/mail | ||
10 | noblacklist /var/mail | ||
11 | |||
9 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile new file mode 100644 index 000000000..1346b7fc2 --- /dev/null +++ b/etc/uzbl-browser.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # Firejail profile for uzbl-browser | ||
2 | |||
3 | noblacklist ~/.config/uzbl | ||
4 | noblacklist ~/.cache/uzbl | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | tracelog | ||
17 | |||
18 | mkdir ~/.config/uzbl | ||
19 | whitelist ~/.config/uzbl | ||
20 | mkdir ~/.cache/uzbl | ||
21 | whitelist ~/.cache/uzbl | ||
22 | mkdir ~/.local/share/uzbl | ||
23 | whitelist ~/.local/share/uzbl | ||
24 | |||
25 | whitelist ${DOWNLOADS} | ||
26 | |||
27 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index d4e69948e..cf7797100 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -1,3 +1,6 @@ | |||
1 | # Local customizations come here | ||
2 | include /etc/firejail/whitelist-common.local | ||
3 | |||
1 | # common whitelist for all profiles | 4 | # common whitelist for all profiles |
2 | 5 | ||
3 | whitelist ~/.XCompose | 6 | whitelist ~/.XCompose |