diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/allow-gjs.inc | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/firefox-common.profile | 3 | ||||
-rw-r--r-- | etc/shortwave.profile | 50 | ||||
-rw-r--r-- | etc/templates/profile.template | 2 |
5 files changed, 55 insertions, 3 deletions
diff --git a/etc/allow-gjs.inc b/etc/allow-gjs.inc index f552ede9d..f4f9926cd 100644 --- a/etc/allow-gjs.inc +++ b/etc/allow-gjs.inc | |||
@@ -8,3 +8,4 @@ noblacklist /usr/lib/gjs | |||
8 | noblacklist /usr/lib64/gjs | 8 | noblacklist /usr/lib64/gjs |
9 | noblacklist /usr/lib/libgjs* | 9 | noblacklist /usr/lib/libgjs* |
10 | noblacklist /usr/lib64/libgjs* | 10 | noblacklist /usr/lib64/libgjs* |
11 | noblacklist /usr/lib64/libmozjs-* | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 59eac1ee8..ffe60e283 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -501,6 +501,7 @@ blacklist ${HOME}/.local/share/QGIS | |||
501 | blacklist ${HOME}/.local/share/QMediathekView | 501 | blacklist ${HOME}/.local/share/QMediathekView |
502 | blacklist ${HOME}/.local/share/QuiteRss | 502 | blacklist ${HOME}/.local/share/QuiteRss |
503 | blacklist ${HOME}/.local/share/Ricochet | 503 | blacklist ${HOME}/.local/share/Ricochet |
504 | blacklist ${HOME}/.local/share/Shortwave | ||
504 | blacklist ${HOME}/.local/share/Steam | 505 | blacklist ${HOME}/.local/share/Steam |
505 | blacklist ${HOME}/.local/share/SuperHexagon | 506 | blacklist ${HOME}/.local/share/SuperHexagon |
506 | blacklist ${HOME}/.local/share/TelegramDesktop | 507 | blacklist ${HOME}/.local/share/TelegramDesktop |
@@ -759,6 +760,7 @@ blacklist ${HOME}/.cache/Franz | |||
759 | blacklist ${HOME}/.cache/INRIA | 760 | blacklist ${HOME}/.cache/INRIA |
760 | blacklist ${HOME}/.cache/MusicBrainz | 761 | blacklist ${HOME}/.cache/MusicBrainz |
761 | blacklist ${HOME}/.cache/QuiteRss | 762 | blacklist ${HOME}/.cache/QuiteRss |
763 | blacklist ${HOME}/.cache/Shortwave | ||
762 | blacklist ${HOME}/.cache/Tox | 764 | blacklist ${HOME}/.cache/Tox |
763 | blacklist ${HOME}/.cache/Zeal | 765 | blacklist ${HOME}/.cache/Zeal |
764 | blacklist ${HOME}/.cache/agenda | 766 | blacklist ${HOME}/.cache/agenda |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index bc64a5abf..7c343c26d 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -44,8 +44,7 @@ notv | |||
44 | protocol unix,inet,inet6,netlink | 44 | protocol unix,inet,inet6,netlink |
45 | # The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds. | 45 | # The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds. |
46 | seccomp !chroot | 46 | seccomp !chroot |
47 | # Uncomment the next line (or put it into your firefox-common.local) if your firefox doesn't require a shell to lauch. | 47 | shell none |
48 | #shell none | ||
49 | # Disable tracelog, it breaks or causes major issues with many firefox based browsers, see https://github.com/netblue30/firejail/issues/1930. | 48 | # Disable tracelog, it breaks or causes major issues with many firefox based browsers, see https://github.com/netblue30/firejail/issues/1930. |
50 | #tracelog | 49 | #tracelog |
51 | 50 | ||
diff --git a/etc/shortwave.profile b/etc/shortwave.profile new file mode 100644 index 000000000..ee2314833 --- /dev/null +++ b/etc/shortwave.profile | |||
@@ -0,0 +1,50 @@ | |||
1 | # Firejail profile for shortwave | ||
2 | # Description: Listen to internet radio | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include shortwave.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/Shortwave | ||
10 | noblacklist ${HOME}/.local/share/Shortwave | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.cache/Shortwave | ||
21 | mkdir ${HOME}/.local/share/Shortwave | ||
22 | whitelist ${HOME}/.cache/Shortwave | ||
23 | whitelist ${HOME}/.local/share/Shortwave | ||
24 | whitelist /usr/share/shortwave | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | ||
29 | |||
30 | apparmor | ||
31 | caps.drop all | ||
32 | netfilter | ||
33 | nodvd | ||
34 | nogroups | ||
35 | nonewprivs | ||
36 | noroot | ||
37 | notv | ||
38 | nou2f | ||
39 | novideo | ||
40 | protocol unix,inet,inet6 | ||
41 | seccomp | ||
42 | shell none | ||
43 | tracelog | ||
44 | |||
45 | disable-mnt | ||
46 | private-bin shortwave | ||
47 | private-cache | ||
48 | private-dev | ||
49 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | ||
50 | private-tmp | ||
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index b3ebd4996..d339ce476 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -119,7 +119,7 @@ include globals.local | |||
119 | ##mkfile PATH | 119 | ##mkfile PATH |
120 | #whitelist PATH | 120 | #whitelist PATH |
121 | #include whitelist-common.inc | 121 | #include whitelist-common.inc |
122 | #GTK3 only: include whitelist-runuser-common.inc | 122 | #include whitelist-runuser-common.inc |
123 | #include whitelist-usr-share-common.inc | 123 | #include whitelist-usr-share-common.inc |
124 | #include whitelist-var-common.inc | 124 | #include whitelist-var-common.inc |
125 | 125 | ||