aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/QOwnNotes.profile15
-rw-r--r--etc/baloo_file.profile2
-rw-r--r--etc/bitcoin-qt.profile1
-rw-r--r--etc/brackets.profile1
-rw-r--r--etc/bsdtar.profile4
-rw-r--r--etc/clawsker.profile4
-rw-r--r--etc/d-feet.profile1
-rw-r--r--etc/dconf-editor.profile1
-rw-r--r--etc/dconf.profile3
-rw-r--r--etc/dig.profile5
-rw-r--r--etc/disable-programs.inc1
-rw-r--r--etc/discord-common.profile2
-rw-r--r--etc/gconf-editor.profile2
-rw-r--r--etc/gitter.profile1
-rw-r--r--etc/gucharmap.profile6
-rw-r--r--etc/hedgewars.profile2
-rw-r--r--etc/mendeleydesktop.profile1
-rw-r--r--etc/min.profile2
-rw-r--r--etc/mpDris2.profile1
-rw-r--r--etc/mupdf.profile1
-rw-r--r--etc/qbittorrent.profile3
-rw-r--r--etc/skypeforlinux.profile2
-rw-r--r--etc/transgui.profile4
-rw-r--r--etc/transmission-gtk.profile2
-rw-r--r--etc/transmission-qt.profile2
-rw-r--r--etc/xfce4-mixer.profile1
26 files changed, 38 insertions, 32 deletions
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile
index f63a8b9ef..090845259 100644
--- a/etc/QOwnNotes.profile
+++ b/etc/QOwnNotes.profile
@@ -11,7 +11,13 @@ noblacklist ${HOME}/Nextcloud/Notes
11noblacklist ${HOME}/.config/PBE 11noblacklist ${HOME}/.config/PBE
12noblacklist ${HOME}/.local/share/PBE 12noblacklist ${HOME}/.local/share/PBE
13 13
14mkdir ${DOCUMENTS} 14include disable-common.inc
15include disable-devel.inc
16include disable-interpreters.inc
17include disable-passwdmgr.inc
18include disable-programs.inc
19include disable-xdg.inc
20
15mkdir ${HOME}/Nextcloud/Notes 21mkdir ${HOME}/Nextcloud/Notes
16mkdir ${HOME}.config/PBE 22mkdir ${HOME}.config/PBE
17mkdir ${HOME}/.local/share/PBE 23mkdir ${HOME}/.local/share/PBE
@@ -22,13 +28,6 @@ whitelist ${HOME}/.local/share/PBE
22include whitelist-common.inc 28include whitelist-common.inc
23include whitelist-var-common.inc 29include whitelist-var-common.inc
24 30
25include disable-common.inc
26include disable-devel.inc
27include disable-interpreters.inc
28include disable-passwdmgr.inc
29include disable-programs.inc
30include disable-xdg.inc
31
32caps.drop all 31caps.drop all
33machine-id 32machine-id
34netfilter 33netfilter
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index 0d108ac13..176d8cae7 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -7,7 +7,7 @@ include globals.local
7 7
8# Make home directory read-only and allow writing only to ${HOME}/.local/share 8# Make home directory read-only and allow writing only to ${HOME}/.local/share
9# Note: Baloo will not be able to update the "first run" key in its configuration files. 9# Note: Baloo will not be able to update the "first run" key in its configuration files.
10# read-only ${HOME} 10# read-only ${HOME}
11# read-write ${HOME}/.local/share 11# read-write ${HOME}/.local/share
12 12
13noblacklist ${HOME}/.config/baloofilerc 13noblacklist ${HOME}/.config/baloofilerc
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile
index 54c04f837..74123ee51 100644
--- a/etc/bitcoin-qt.profile
+++ b/etc/bitcoin-qt.profile
@@ -7,6 +7,7 @@ include bitcoin-qt.local
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.bitcoin 9noblacklist ${HOME}/.bitcoin
10noblacklist ${HOME}/.config/Bitcoin
10 11
11include disable-common.inc 12include disable-common.inc
12include disable-devel.inc 13include disable-devel.inc
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 783b9db87..cead6ec24 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -12,7 +12,6 @@ noblacklist ${HOME}/.config/Brackets
12#noblacklist ${HOME}/.cargo/config 12#noblacklist ${HOME}/.cargo/config
13#noblacklist ${HOME}/.cargo/registry 13#noblacklist ${HOME}/.cargo/registry
14 14
15
16include disable-common.inc 15include disable-common.inc
17include disable-passwdmgr.inc 16include disable-passwdmgr.inc
18include disable-programs.inc 17include disable-programs.inc
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index a2cd5e559..b6b673976 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -6,14 +6,14 @@ include bsdtar.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9blacklist /tmp/.X11-unix
10
9include disable-common.inc 11include disable-common.inc
10# include disable-devel.inc 12# include disable-devel.inc
11include disable-interpreters.inc 13include disable-interpreters.inc
12include disable-passwdmgr.inc 14include disable-passwdmgr.inc
13include disable-programs.inc 15include disable-programs.inc
14 16
15blacklist /tmp/.X11-unix
16
17caps.drop all 17caps.drop all
18hostname bsdtar 18hostname bsdtar
19ipc-namespace 19ipc-namespace
diff --git a/etc/clawsker.profile b/etc/clawsker.profile
index a3ae74582..404e1b8ed 100644
--- a/etc/clawsker.profile
+++ b/etc/clawsker.profile
@@ -21,6 +21,7 @@ include disable-interpreters.inc
21include disable-passwdmgr.inc 21include disable-passwdmgr.inc
22include disable-programs.inc 22include disable-programs.inc
23 23
24mkdir ${HOME}/.claws-mail
24whitelist ${HOME}/.claws-mail 25whitelist ${HOME}/.claws-mail
25include whitelist-common.inc 26include whitelist-common.inc
26 27
@@ -40,8 +41,7 @@ protocol unix
40seccomp 41seccomp
41shell none 42shell none
42 43
43# disable-mnt 44disable-mnt
44# private
45private-bin clawsker,perl 45private-bin clawsker,perl
46private-cache 46private-cache
47private-dev 47private-dev
diff --git a/etc/d-feet.profile b/etc/d-feet.profile
index aa4ab191b..a7068383d 100644
--- a/etc/d-feet.profile
+++ b/etc/d-feet.profile
@@ -21,6 +21,7 @@ include disable-passwdmgr.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24whitelist ${HOME}/.config/d-feet
24include whitelist-common.inc 25include whitelist-common.inc
25include whitelist-var-common.inc 26include whitelist-var-common.inc
26 27
diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile
index 72b4f7a77..5f498f58c 100644
--- a/etc/dconf-editor.profile
+++ b/etc/dconf-editor.profile
@@ -20,7 +20,6 @@ caps.drop all
20machine-id 20machine-id
21net none 21net none
22no3d 22no3d
23# nodbus - DBUS is needed to commit changes to dconf
24nodvd 23nodvd
25nogroups 24nogroups
26nonewprivs 25nonewprivs
diff --git a/etc/dconf.profile b/etc/dconf.profile
index 0f1869fb8..d2376cc35 100644
--- a/etc/dconf.profile
+++ b/etc/dconf.profile
@@ -13,8 +13,7 @@ include disable-passwdmgr.inc
13include disable-programs.inc 13include disable-programs.inc
14include disable-xdg.inc 14include disable-xdg.inc
15 15
16mkdir ${HOME}/.config/dconf 16# dconf paths are whitelisted by the following
17whitelist ${HOME}/.config/dconf
18include whitelist-common.inc 17include whitelist-common.inc
19 18
20apparmor 19apparmor
diff --git a/etc/dig.profile b/etc/dig.profile
index 6d5e97ac3..23970d9d0 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -7,13 +7,16 @@ include dig.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.digrc
11
10include disable-common.inc 12include disable-common.inc
11# include disable-devel.inc 13# include disable-devel.inc
12# include disable-interpreters.inc 14# include disable-interpreters.inc
13include disable-passwdmgr.inc 15include disable-passwdmgr.inc
14include disable-programs.inc 16include disable-programs.inc
15#include disable-xdg.inc 17include disable-xdg.inc
16 18
19mkfile ${HOME}/.digrc
17whitelist ${HOME}/.digrc 20whitelist ${HOME}/.digrc
18include whitelist-common.inc 21include whitelist-common.inc
19include whitelist-var-common.inc 22include whitelist-var-common.inc
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index b1717d086..4ed3ba2ea 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -288,6 +288,7 @@ blacklist ${HOME}/.curlrc
288blacklist ${HOME}/.dashcore 288blacklist ${HOME}/.dashcore
289blacklist ${HOME}/.devilspie 289blacklist ${HOME}/.devilspie
290blacklist ${HOME}/.dia 290blacklist ${HOME}/.dia
291blacklist ${HOME}/.digrc
291blacklist ${HOME}/.dillo 292blacklist ${HOME}/.dillo
292blacklist ${HOME}/.dooble 293blacklist ${HOME}/.dooble
293blacklist ${HOME}/.dosbox 294blacklist ${HOME}/.dosbox
diff --git a/etc/discord-common.profile b/etc/discord-common.profile
index c520454e8..c453d77d0 100644
--- a/etc/discord-common.profile
+++ b/etc/discord-common.profile
@@ -12,6 +12,8 @@ include disable-passwdmgr.inc
12include disable-programs.inc 12include disable-programs.inc
13 13
14whitelist ${DOWNLOADS} 14whitelist ${DOWNLOADS}
15include whitelist-common.inc
16include whitelist-var-common.inc
15 17
16caps.drop all 18caps.drop all
17netfilter 19netfilter
diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile
index a5132e937..20cc5c36f 100644
--- a/etc/gconf-editor.profile
+++ b/etc/gconf-editor.profile
@@ -15,6 +15,7 @@ include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18whitelist ${HOME}/.config/gconf
18include whitelist-common.inc 19include whitelist-common.inc
19 20
20apparmor 21apparmor
@@ -22,7 +23,6 @@ caps.drop all
22machine-id 23machine-id
23net none 24net none
24no3d 25no3d
25# nodbus - DBUS is needed to commit changes to gconf
26nodvd 26nodvd
27nogroups 27nogroups
28nonewprivs 28nonewprivs
diff --git a/etc/gitter.profile b/etc/gitter.profile
index d84f01f20..ab333d1fb 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -14,6 +14,7 @@ include disable-interpreters.inc
14include disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.config/Gitter
17whitelist ${DOWNLOADS} 18whitelist ${DOWNLOADS}
18whitelist ${HOME}/.config/autostart 19whitelist ${HOME}/.config/autostart
19whitelist ${HOME}/.config/Gitter 20whitelist ${HOME}/.config/Gitter
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index c85424de9..b1bd59307 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -14,6 +14,9 @@ include disable-passwdmgr.inc
14include disable-programs.inc 14include disable-programs.inc
15include disable-xdg.inc 15include disable-xdg.inc
16 16
17include whitelist-common.inc
18include whitelist-var-common.inc
19
17apparmor 20apparmor
18caps.drop all 21caps.drop all
19machine-id 22machine-id
@@ -32,8 +35,6 @@ seccomp
32shell none 35shell none
33 36
34disable-mnt 37disable-mnt
35# for GTK theme support comment 'private'
36private
37private-cache 38private-cache
38private-dev 39private-dev
39private-tmp 40private-tmp
@@ -42,5 +43,4 @@ memory-deny-write-execute
42noexec ${HOME} 43noexec ${HOME}
43noexec /tmp 44noexec /tmp
44 45
45# gucharmap will never write anything
46read-only ${HOME} 46read-only ${HOME}
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 4dfb40890..1e9f898e0 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -14,7 +14,7 @@ include disable-interpreters.inc
14include disable-passwdmgr.inc 14include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16 16
17mkdir ${HOME}/.hedgewars 17mkdir ${HOME}/.hedgewars
18whitelist ${HOME}/.hedgewars 18whitelist ${HOME}/.hedgewars
19include whitelist-common.inc 19include whitelist-common.inc
20 20
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile
index 3a5edc364..046526310 100644
--- a/etc/mendeleydesktop.profile
+++ b/etc/mendeleydesktop.profile
@@ -7,7 +7,6 @@ include mendeleydesktop.local
7include globals.local 7include globals.local
8 8
9noblacklist ${DOCUMENTS} 9noblacklist ${DOCUMENTS}
10noblacklist ${DOWNLOADS}
11noblacklist ${HOME}/.cache/Mendeley Ltd. 10noblacklist ${HOME}/.cache/Mendeley Ltd.
12noblacklist ${HOME}/.config/Mendeley Ltd. 11noblacklist ${HOME}/.config/Mendeley Ltd.
13noblacklist ${HOME}/.local/share/Mendeley Ltd. 12noblacklist ${HOME}/.local/share/Mendeley Ltd.
diff --git a/etc/min.profile b/etc/min.profile
index c44855636..eb1163175 100644
--- a/etc/min.profile
+++ b/etc/min.profile
@@ -17,9 +17,11 @@ include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18 18
19mkdir ${HOME}/.pki 19mkdir ${HOME}/.pki
20mkdir ${HOME}/.config/Min
20mkdir ${HOME}/.local/share/pki 21mkdir ${HOME}/.local/share/pki
21whitelist ${DOWNLOADS} 22whitelist ${DOWNLOADS}
22whitelist ${HOME}/.pki 23whitelist ${HOME}/.pki
24whitelist ${HOME}/.config/Min
23whitelist ${HOME}/.local/share/pki 25whitelist ${HOME}/.local/share/pki
24include whitelist-common.inc 26include whitelist-common.inc
25include whitelist-var-common.inc 27include whitelist-var-common.inc
diff --git a/etc/mpDris2.profile b/etc/mpDris2.profile
index 909144fc2..48b5070f6 100644
--- a/etc/mpDris2.profile
+++ b/etc/mpDris2.profile
@@ -48,5 +48,4 @@ private-tmp
48noexec ${HOME} 48noexec ${HOME}
49noexec /tmp 49noexec /tmp
50 50
51# mpDris2 will never write anything
52read-only ${HOME} 51read-only ${HOME}
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index 59ad36305..c1d4f2cbe 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -40,5 +40,4 @@ private-dev
40private-etc alternatives,fonts 40private-etc alternatives,fonts
41private-tmp 41private-tmp
42 42
43# mupdf will never write anything
44read-only ${HOME} 43read-only ${HOME}
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 0420d38e9..7b1f05574 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -25,8 +25,9 @@ include disable-programs.inc
25 25
26mkdir ${HOME}/.cache/qBittorrent 26mkdir ${HOME}/.cache/qBittorrent
27mkdir ${HOME}/.config/qBittorrent 27mkdir ${HOME}/.config/qBittorrent
28mkfile ${HOME}/.config/qBittorrentrc
28mkdir ${HOME}/.local/share/data/qBittorrent 29mkdir ${HOME}/.local/share/data/qBittorrent
29whitelist ${DOWNLOADS} 30whitelist ${DOWNLOADS}
30whitelist ${HOME}/.cache/qBittorrent 31whitelist ${HOME}/.cache/qBittorrent
31whitelist ${HOME}/.config/qBittorrent 32whitelist ${HOME}/.config/qBittorrent
32whitelist ${HOME}/.config/qBittorrentrc 33whitelist ${HOME}/.config/qBittorrentrc
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile
index f8198adab..ad200be37 100644
--- a/etc/skypeforlinux.profile
+++ b/etc/skypeforlinux.profile
@@ -30,4 +30,4 @@ private-cache
30private-tmp 30private-tmp
31 31
32noexec ${HOME} 32noexec ${HOME}
33# noexec /tmp - breaks Skype 33# noexec /tmp - breaks Skype
diff --git a/etc/transgui.profile b/etc/transgui.profile
index 21daa0685..83191ab58 100644
--- a/etc/transgui.profile
+++ b/etc/transgui.profile
@@ -1,5 +1,5 @@
1# Firejail profile for transgui 1# Firejail profile for transgui
2# Description: Cross-platform Transmission BitTorrent client 2# Description: Cross-platform Transmission BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# Persistent local customizations 4# Persistent local customizations
5include /etc/firejail/transgui.local 5include /etc/firejail/transgui.local
@@ -7,7 +7,6 @@ include /etc/firejail/transgui.local
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/transgui 9noblacklist ${HOME}/.config/transgui
10noblacklist ${DOWNLOADS}
11 10
12include disable-common.inc 11include disable-common.inc
13include disable-devel.inc 12include disable-devel.inc
@@ -18,6 +17,7 @@ include disable-xdg.inc
18 17
19mkdir ${HOME}/.config/transgui 18mkdir ${HOME}/.config/transgui
20whitelist ${HOME}/.config/transgui 19whitelist ${HOME}/.config/transgui
20whitelist ${DOWNLOADS}
21include whitelist-common.inc 21include whitelist-common.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 867f9f113..00de26003 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -17,7 +17,7 @@ include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include whitelist-common.inc 23include whitelist-common.inc
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 81b8f38cf..96d9b4bb0 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -17,7 +17,7 @@ include disable-programs.inc
17 17
18mkdir ${HOME}/.cache/transmission 18mkdir ${HOME}/.cache/transmission
19mkdir ${HOME}/.config/transmission 19mkdir ${HOME}/.config/transmission
20whitelist ${DOWNLOADS} 20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/transmission 21whitelist ${HOME}/.cache/transmission
22whitelist ${HOME}/.config/transmission 22whitelist ${HOME}/.config/transmission
23include whitelist-common.inc 23include whitelist-common.inc
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile
index 093fba362..9c8c5c531 100644
--- a/etc/xfce4-mixer.profile
+++ b/etc/xfce4-mixer.profile
@@ -15,6 +15,7 @@ include disable-passwdmgr.inc
15include disable-programs.inc 15include disable-programs.inc
16include disable-xdg.inc 16include disable-xdg.inc
17 17
18mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
18whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml 19whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
19include whitelist-common.inc 20include whitelist-common.inc
20include whitelist-var-common.inc 21include whitelist-var-common.inc
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-07 16:19:07 +0000