diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Cryptocat.profile | 2 | ||||
| -rw-r--r-- | etc/disable-common.inc | 8 | ||||
| -rw-r--r-- | etc/disable-devel.inc | 3 | ||||
| -rw-r--r-- | etc/disable-passwdmgr.inc | 3 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 12 | ||||
| -rw-r--r-- | etc/evolution.profile | 3 | ||||
| -rw-r--r-- | etc/uzbl-browser.profile | 27 | ||||
| -rw-r--r-- | etc/whitelist-common.inc | 3 |
8 files changed, 60 insertions, 1 deletions
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 3db34c03c..b61b88f68 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # Firejail profile for | 1 | # Firejail profile for Cryptocat |
| 2 | noblacklist ${HOME}/.config/Cryptocat | 2 | noblacklist ${HOME}/.config/Cryptocat |
| 3 | 3 | ||
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 184885c7f..ac32f07e7 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -1,3 +1,6 @@ | |||
| 1 | # Local customizations come here | ||
| 2 | include /etc/firejail/disable-common.local | ||
| 3 | |||
| 1 | # History files in $HOME | 4 | # History files in $HOME |
| 2 | blacklist-nolog ${HOME}/.history | 5 | blacklist-nolog ${HOME}/.history |
| 3 | blacklist-nolog ${HOME}/.*_history | 6 | blacklist-nolog ${HOME}/.*_history |
| @@ -81,6 +84,7 @@ read-only ${HOME}/.profile | |||
| 81 | read-only ${HOME}/.antigen | 84 | read-only ${HOME}/.antigen |
| 82 | read-only ${HOME}/.bash_login | 85 | read-only ${HOME}/.bash_login |
| 83 | read-only ${HOME}/.bashrc | 86 | read-only ${HOME}/.bashrc |
| 87 | read-only ${HOME}/.bash_aliases | ||
| 84 | read-only ${HOME}/.bash_profile | 88 | read-only ${HOME}/.bash_profile |
| 85 | read-only ${HOME}/.bash_logout | 89 | read-only ${HOME}/.bash_logout |
| 86 | read-only ${HOME}/.zsh.d | 90 | read-only ${HOME}/.zsh.d |
| @@ -101,6 +105,9 @@ read-only ${HOME}/.caffrc | |||
| 101 | read-only ${HOME}/.dotfiles | 105 | read-only ${HOME}/.dotfiles |
| 102 | read-only ${HOME}/dotfiles | 106 | read-only ${HOME}/dotfiles |
| 103 | read-only ${HOME}/.mailcap | 107 | read-only ${HOME}/.mailcap |
| 108 | read-only ${HOME}/.muttrc | ||
| 109 | read-only ${HOME}/.mutt/muttrc | ||
| 110 | read-only ${HOME}/.msmtprc | ||
| 104 | read-only ${HOME}/.exrc | 111 | read-only ${HOME}/.exrc |
| 105 | read-only ${HOME}/_exrc | 112 | read-only ${HOME}/_exrc |
| 106 | read-only ${HOME}/.vimrc | 113 | read-only ${HOME}/.vimrc |
| @@ -134,6 +141,7 @@ blacklist ${HOME}/.Private | |||
| 134 | blacklist ${HOME}/.ssh | 141 | blacklist ${HOME}/.ssh |
| 135 | blacklist ${HOME}/.cert | 142 | blacklist ${HOME}/.cert |
| 136 | blacklist ${HOME}/.gnome2/keyrings | 143 | blacklist ${HOME}/.gnome2/keyrings |
| 144 | blacklist ${HOME}/.local/share/keyrings | ||
| 137 | blacklist ${HOME}/.kde4/share/apps/kwallet | 145 | blacklist ${HOME}/.kde4/share/apps/kwallet |
| 138 | blacklist ${HOME}/.kde/share/apps/kwallet | 146 | blacklist ${HOME}/.kde/share/apps/kwallet |
| 139 | blacklist ${HOME}/.local/share/kwalletd | 147 | blacklist ${HOME}/.local/share/kwalletd |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 2ac367f37..07fc3928c 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
| @@ -1,3 +1,6 @@ | |||
| 1 | # Local customizations come here | ||
| 2 | include /etc/firejail/disable-devel.local | ||
| 3 | |||
| 1 | # development tools | 4 | # development tools |
| 2 | 5 | ||
| 3 | # GCC | 6 | # GCC |
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 045b4d92b..7d129b2e4 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc | |||
| @@ -1,3 +1,6 @@ | |||
| 1 | # Local customizations come here | ||
| 2 | include /etc/firejail/disable-passwdmgr.local | ||
| 3 | |||
| 1 | blacklist ${HOME}/.pki/nssdb | 4 | blacklist ${HOME}/.pki/nssdb |
| 2 | blacklist ${HOME}/.lastpass | 5 | blacklist ${HOME}/.lastpass |
| 3 | blacklist ${HOME}/.keepassx | 6 | blacklist ${HOME}/.keepassx |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e5eb4f857..b307978da 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -1,3 +1,6 @@ | |||
| 1 | # Local customizations come here | ||
| 2 | include /etc/firejail/disable-programs.local | ||
| 3 | |||
| 1 | blacklist ${HOME}/.*coin | 4 | blacklist ${HOME}/.*coin |
| 2 | blacklist ${HOME}/.8pecxstudios | 5 | blacklist ${HOME}/.8pecxstudios |
| 3 | blacklist ${HOME}/.Atom | 6 | blacklist ${HOME}/.Atom |
| @@ -174,8 +177,17 @@ blacklist ${HOME}/.icedove | |||
| 174 | blacklist ${HOME}/.inkscape | 177 | blacklist ${HOME}/.inkscape |
| 175 | blacklist ${HOME}/.jitsi | 178 | blacklist ${HOME}/.jitsi |
| 176 | blacklist ${HOME}/.kde/share/apps/gwenview | 179 | blacklist ${HOME}/.kde/share/apps/gwenview |
| 180 | blacklist ${HOME}/.kde/share/apps/kcookiejar | ||
| 181 | blacklist ${HOME}/.kde/share/apps/khtml | ||
| 182 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | ||
| 183 | blacklist ${HOME}/.kde/share/apps/konqueror | ||
| 177 | blacklist ${HOME}/.kde/share/apps/okular | 184 | blacklist ${HOME}/.kde/share/apps/okular |
| 178 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 185 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
| 186 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | ||
| 187 | blacklist ${HOME}/.kde/share/config/khtmlrc | ||
| 188 | blacklist ${HOME}/.kde/share/config/konq_history | ||
| 189 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | ||
| 190 | blacklist ${HOME}/.kde/share/config/konquerorrc | ||
| 179 | blacklist ${HOME}/.kde/share/config/okularpartrc | 191 | blacklist ${HOME}/.kde/share/config/okularpartrc |
| 180 | blacklist ${HOME}/.kde/share/config/okularrc | 192 | blacklist ${HOME}/.kde/share/config/okularrc |
| 181 | blacklist ${HOME}/.killingfloor | 193 | blacklist ${HOME}/.killingfloor |
diff --git a/etc/evolution.profile b/etc/evolution.profile index ab6dd7a4a..1707e562b 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
| @@ -6,6 +6,9 @@ noblacklist ~/.pki | |||
| 6 | noblacklist ~/.pki/nssdb | 6 | noblacklist ~/.pki/nssdb |
| 7 | noblacklist ~/.gnupg | 7 | noblacklist ~/.gnupg |
| 8 | 8 | ||
| 9 | noblacklist /var/spool/mail | ||
| 10 | noblacklist /var/mail | ||
| 11 | |||
| 9 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 11 | include /etc/firejail/disable-devel.inc | 14 | include /etc/firejail/disable-devel.inc |
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile new file mode 100644 index 000000000..1346b7fc2 --- /dev/null +++ b/etc/uzbl-browser.profile | |||
| @@ -0,0 +1,27 @@ | |||
| 1 | # Firejail profile for uzbl-browser | ||
| 2 | |||
| 3 | noblacklist ~/.config/uzbl | ||
| 4 | noblacklist ~/.cache/uzbl | ||
| 5 | include /etc/firejail/disable-common.inc | ||
| 6 | include /etc/firejail/disable-programs.inc | ||
| 7 | include /etc/firejail/disable-devel.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | |||
| 10 | caps.drop all | ||
| 11 | netfilter | ||
| 12 | nonewprivs | ||
| 13 | noroot | ||
| 14 | protocol unix,inet,inet6 | ||
| 15 | seccomp | ||
| 16 | tracelog | ||
| 17 | |||
| 18 | mkdir ~/.config/uzbl | ||
| 19 | whitelist ~/.config/uzbl | ||
| 20 | mkdir ~/.cache/uzbl | ||
| 21 | whitelist ~/.cache/uzbl | ||
| 22 | mkdir ~/.local/share/uzbl | ||
| 23 | whitelist ~/.local/share/uzbl | ||
| 24 | |||
| 25 | whitelist ${DOWNLOADS} | ||
| 26 | |||
| 27 | include /etc/firejail/whitelist-common.inc | ||
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index d4e69948e..cf7797100 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
| @@ -1,3 +1,6 @@ | |||
| 1 | # Local customizations come here | ||
| 2 | include /etc/firejail/whitelist-common.local | ||
| 3 | |||
| 1 | # common whitelist for all profiles | 4 | # common whitelist for all profiles |
| 2 | 5 | ||
| 3 | whitelist ~/.XCompose | 6 | whitelist ~/.XCompose |