From 1c56e0bdfacdf0125d0f1f2619bd1727fe496e6b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 26 Mar 2016 21:16:48 -0400 Subject: consolidating disable-mgmt and disable-sercret into disable-common --- etc/Mathematica.profile | 2 -- etc/audacious.profile | 2 -- etc/bitlbee.profile | 1 - etc/cherrytree.profile | 2 -- etc/chromium.profile | 2 -- etc/clementine.profile | 2 -- etc/conkeror.profile | 2 -- etc/deadbeef.profile | 2 -- etc/deluge.profile | 2 -- etc/disable-common.inc | 41 ++++++++++++++++++++++++++++++++++++++ etc/disable-mgmt.inc | 17 ---------------- etc/dnscrypt-proxy.profile | 2 -- etc/dropbox.profile | 2 -- etc/empathy.profile | 2 -- etc/epiphany.profile | 2 -- etc/evince.profile | 2 -- etc/fbreader.profile | 2 -- etc/filezilla.profile | 2 -- etc/firefox.profile | 2 -- etc/flashpeak-slimjet.profile | 2 -- etc/generic.profile | 2 -- etc/gnome-mplayer.profile | 2 -- etc/google-chrome-beta.profile | 2 -- etc/google-chrome-unstable.profile | 2 -- etc/google-chrome.profile | 2 -- etc/hedgewars.profile | 2 -- etc/hexchat.profile | 2 -- etc/kmail.profile | 2 -- etc/lxterminal.profile | 2 -- etc/midori.profile | 2 -- etc/mupen64plus.profile | 2 -- etc/openbox.profile | 3 +-- etc/opera-beta.profile | 2 -- etc/opera.profile | 2 -- etc/parole.profile | 2 -- etc/pidgin.profile | 2 -- etc/polari.profile | 2 -- etc/qbittorrent.profile | 2 -- etc/qtox.profile | 2 -- etc/quassel.profile | 2 -- etc/qutebrowser.profile | 2 -- etc/rhythmbox.profile | 2 -- etc/rtorrent.profile | 2 -- etc/seamonkey.profile | 2 -- etc/server.profile | 1 - etc/skype.profile | 2 -- etc/spotify.profile | 2 -- etc/ssh.profile | 2 -- etc/steam.profile | 2 -- etc/telegram.profile | 2 -- etc/thunderbird.profile | 2 -- etc/totem.profile | 2 -- etc/transmission-gtk.profile | 2 -- etc/transmission-qt.profile | 2 -- etc/uget-gtk.profile | 2 -- etc/unbound.profile | 2 -- etc/vivaldi.profile | 2 -- etc/vlc.profile | 2 -- etc/weechat.profile | 2 -- etc/wesnoth.profile | 2 -- etc/wine.profile | 2 -- etc/xchat.profile | 2 -- todo | 2 ++ 63 files changed, 44 insertions(+), 135 deletions(-) diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 213aa85e5..c3ce7b618 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -5,8 +5,6 @@ mkdir ~/.Wolfram Research whitelist ~/.Wolfram Research whitelist ~/Documents/Wolfram Mathematica include /etc/firejail/whitelist-common.inc -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/audacious.profile b/etc/audacious.profile index 08537b0b4..49417fbfe 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -1,6 +1,4 @@ # Audacious media player profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 16d013bdd..c3bd58298 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -1,7 +1,6 @@ # BitlBee instant messaging profile noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 25e983b5c..09e87f043 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -1,6 +1,4 @@ # cherrytree note taking application -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/chromium.profile b/etc/chromium.profile index c9b857e71..751426db8 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/chromium noblacklist ~/.cache/chromium noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/clementine.profile b/etc/clementine.profile index 8f4670f3b..4737541db 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -1,6 +1,4 @@ # Clementine media player profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 280403811..57fedac61 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -1,7 +1,5 @@ # Firejail profile for Conkeror web browser profile noblacklist ${HOME}/.conkeror.mozdev.org -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 01378cbc4..4f222947f 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -1,6 +1,4 @@ # DeaDBeeF media player profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/deluge.profile b/etc/deluge.profile index 21d178c08..aeafb7a4a 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -1,6 +1,4 @@ # deluge bittorernt client profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/disable-common.inc b/etc/disable-common.inc index c7f36bbfd..a909afeb5 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -81,3 +81,44 @@ read-only ${HOME}/.xscreensaver # The user ~/bin directory can override commands such as ls read-only ${HOME}/bin +# top secret +blacklist ${HOME}/.ssh +blacklist ${HOME}/.gnome2/keyrings +blacklist ${HOME}/kde4/share/apps/kwallet +blacklist ${HOME}/kde/share/apps/kwallet +blacklist ${HOME}/.local/share/kwalletd +blacklist ${HOME}/.netrc +blacklist ${HOME}/.gnupg +blacklist ${HOME}/*.kdbx +blacklist ${HOME}/*.kdb +blacklist ${HOME}/*.key +blacklist /etc/shadow +blacklist /etc/gshadow +blacklist /etc/passwd- +blacklist /etc/group- +blacklist /etc/shadow- +blacklist /etc/gshadow- +blacklist /etc/passwd+ +blacklist /etc/group+ +blacklist /etc/shadow+ +blacklist /etc/gshadow+ +blacklist /etc/ssh +blacklist /var/backup + +# system management +blacklist ${PATH}/umount +blacklist ${PATH}/mount +blacklist ${PATH}/fusermount +blacklist ${PATH}/su +blacklist ${PATH}/sudo +blacklist ${PATH}/xinput +blacklist ${PATH}/evtest +blacklist ${PATH}/xev +blacklist ${PATH}/strace +blacklist ${PATH}/nc +blacklist ${PATH}/ncat + +# system directories +blacklist /sbin +blacklist /usr/sbin +blacklist /usr/local/sbin diff --git a/etc/disable-mgmt.inc b/etc/disable-mgmt.inc index 0a11d6728..e69de29bb 100644 --- a/etc/disable-mgmt.inc +++ b/etc/disable-mgmt.inc @@ -1,17 +0,0 @@ -# system directories -blacklist /sbin -blacklist /usr/sbin -blacklist /usr/local/sbin - -# system management -blacklist ${PATH}/umount -blacklist ${PATH}/mount -blacklist ${PATH}/fusermount -blacklist ${PATH}/su -blacklist ${PATH}/sudo -blacklist ${PATH}/xinput -blacklist ${PATH}/evtest -blacklist ${PATH}/xev -blacklist ${PATH}/strace -blacklist ${PATH}/nc -blacklist ${PATH}/ncat diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 5702473d3..368830f15 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -1,11 +1,9 @@ # security profile for dnscrypt-proxy noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-terminals.inc private private-dev diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 94b69281b..d31d1be8f 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -1,6 +1,4 @@ # dropbox profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/empathy.profile b/etc/empathy.profile index 015318290..46a69120b 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -1,6 +1,4 @@ # Empathy instant messaging profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 2e4c7bfc1..b06e6ea78 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -1,6 +1,4 @@ # Epiphany browser profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/evince.profile b/etc/evince.profile index 8adf82443..7b81c0453 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -1,6 +1,4 @@ # evince pdf reader profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 04d53a841..e7d61160e 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -1,7 +1,5 @@ # fbreader ebook reader profile noblacklist ${HOME}/.FBReader -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 3643f3f98..39689e717 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -1,8 +1,6 @@ # FileZilla ftp profile noblacklist ${HOME}/.filezilla noblacklist ${HOME}/.config/filezilla -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/firefox.profile b/etc/firefox.profile index 9942bd255..f23f84097 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -3,8 +3,6 @@ noblacklist ~/.mozilla noblacklist ~/.cache/mozilla noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index ff3e266c5..613ef6652 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -8,8 +8,6 @@ noblacklist ~/.config/slimjet noblacklist ~/.cache/slimjet noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/generic.profile b/etc/generic.profile index 42e39e86c..ae42c8a3b 100644 --- a/etc/generic.profile +++ b/etc/generic.profile @@ -1,8 +1,6 @@ ################################ # Generic GUI application profile ################################ -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 414873870..2313f36fc 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -1,6 +1,4 @@ # GNOME MPlayer profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index fd167d9e0..57c224191 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/google-chrome-beta noblacklist ~/.cache/google-chrome-beta noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index bcd56ed62..e222ccf54 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/google-chrome-unstable noblacklist ~/.cache/google-chrome-unstable noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index c2665f709..767f73f88 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/google-chrome noblacklist ~/.cache/google-chrome noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 0c3743ba3..a9f1da373 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -3,8 +3,6 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-terminals.inc caps.drop all diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 48b0dac40..6ceeaefce 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -1,7 +1,5 @@ # HexChat instant messaging profile noblacklist ${HOME}/.config/hexchat -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/kmail.profile b/etc/kmail.profile index 931df67c3..35a1a15a0 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -1,7 +1,5 @@ # kmail profile noblacklist ${HOME}/.gnupg -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index 7f45c95a9..1d18b0d18 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile @@ -1,7 +1,5 @@ # lxterminal (LXDE) profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc blacklist ${HOME}/.pki/nssdb diff --git a/etc/midori.profile b/etc/midori.profile index 64a19d452..1cd686bfe 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -1,7 +1,5 @@ # Midori browser profile noblacklist ${HOME}/.config/midori -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index ae61ae068..5a4ad4f24 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -1,7 +1,5 @@ # mupen64plus profile # manually whitelist ROM files -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/openbox.profile b/etc/openbox.profile index 5fadcee90..42eb5e9fa 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile @@ -1,8 +1,7 @@ ################################ # Generic GUI application profile ################################ -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc +include /etc/firejail/disable-common.inc include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 91c858738..9659b30de 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/opera-beta noblacklist ~/.cache/opera-beta noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/opera.profile b/etc/opera.profile index 74e331bab..3c8868896 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/opera noblacklist ~/.cache/opera noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/parole.profile b/etc/parole.profile index 9c7764ff9..3369b191c 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -1,6 +1,4 @@ # Profile for Parole, the default XFCE4 media player -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/pidgin.profile b/etc/pidgin.profile index b8b04df18..8080a8905 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -1,7 +1,5 @@ # Pidgin profile noblacklist ${HOME}/.purple -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/polari.profile b/etc/polari.profile index 8cedddc4e..5e40aedf5 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -1,6 +1,4 @@ # Polari IRC profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 9d0f1ae54..87afb78a6 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -1,6 +1,4 @@ # qbittorrent bittorrent profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/qtox.profile b/etc/qtox.profile index aa6efa5cb..976e80c31 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -1,7 +1,5 @@ # qTox instant messaging profile noblacklist ${HOME}/.config/tox -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/quassel.profile b/etc/quassel.profile index d64b0eaa0..073b50623 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -1,6 +1,4 @@ # Quassel IRC profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 685a4c86f..31b075c7a 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/qutebrowser noblacklist ~/.cache/qutebrowser -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 3ef6da11c..3215063fa 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -1,6 +1,4 @@ # Rhythmbox media player profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 2bb6bf38b..2c6689811 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -1,6 +1,4 @@ # rtorrent bittorrent profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-terminals.inc include /etc/firejail/disable-devel.inc diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index cbe48e425..08a6ad521 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -2,8 +2,6 @@ noblacklist ~/.mozilla noblacklist ~/.cache/mozilla noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/server.profile b/etc/server.profile index 5471aed91..dde80bd18 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -2,7 +2,6 @@ # it allows /sbin and /usr/sbin directories - this is where servers are installed noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-mgmt.inc private private-dev private-tmp diff --git a/etc/skype.profile b/etc/skype.profile index c301050b4..77f10e644 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -1,7 +1,5 @@ # Skype profile noblacklist ${HOME}/.Skype -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/spotify.profile b/etc/spotify.profile index 5b7cb49a5..326d5d93e 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -1,6 +1,4 @@ # Spotify media player profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/ssh.profile b/etc/ssh.profile index d78fa749d..f0e33540a 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -1,7 +1,5 @@ # ssh client noblacklist ~/.ssh -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/steam.profile b/etc/steam.profile index 73ef1e70b..7cfa21028 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -1,8 +1,6 @@ # Steam profile (applies to games/apps launched from Steam as well) noblacklist ${HOME}/.steam noblacklist ${HOME}/.local/share/steam -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/telegram.profile b/etc/telegram.profile index 8027846dc..acafdda00 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -1,7 +1,5 @@ # Telegram IRC profile noblacklist ${HOME}/.TelegramDesktop -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index f56d50523..7f83e2809 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile @@ -1,7 +1,5 @@ # Firejail profile for Mozilla Thunderbird (Icedove in Debian) noblacklist ${HOME}/.gnupg -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-terminals.inc diff --git a/etc/totem.profile b/etc/totem.profile index bee8d8678..2cff319a7 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -1,6 +1,4 @@ # Totem media player profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index ac229e43b..269686fa1 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -1,6 +1,4 @@ # transmission-gtk profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 6e4f096a0..d032752b4 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -1,6 +1,4 @@ # transmission-qt profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index b3360ffb1..4a6544a12 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -1,6 +1,4 @@ # uGet profile -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/unbound.profile b/etc/unbound.profile index 7f36e9588..594d67cf9 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -1,11 +1,9 @@ # security profile for unbound (https://unbound.net) noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-terminals.inc private private-dev diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index a353a4ca8..e039c4676 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -2,8 +2,6 @@ noblacklist ~/.config/vivaldi noblacklist ~/.cache/vivaldi noblacklist ~/keepassx.kdbx -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/vlc.profile b/etc/vlc.profile index 3652e1f7d..980d2816f 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -1,7 +1,5 @@ # VLC media player profile noblacklist ${HOME}/.config/vlc -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/weechat.profile b/etc/weechat.profile index 4041332be..ec305b45b 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -1,9 +1,7 @@ # Weechat IRC profile noblacklist ${HOME}/.weechat -include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-terminals.inc caps.drop all seccomp diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 57bb13e9d..7a2ade1fe 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -3,8 +3,6 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-terminals.inc caps.drop all diff --git a/etc/wine.profile b/etc/wine.profile index 5a86977ee..993037794 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -2,8 +2,6 @@ noblacklist ${HOME}/.steam noblacklist ${HOME}/.local/share/steam noblacklist ${HOME}/.wine -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xchat.profile b/etc/xchat.profile index 360ca96a5..552918750 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -1,7 +1,5 @@ # XChat IRC profile noblacklist ${HOME}/.config/xchat -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/todo b/todo index 4e7d20e7f..4d00229c1 100644 --- a/todo +++ b/todo @@ -75,3 +75,5 @@ CapBnd: 0000003fffffffff CapAmb: 0000000000000000 11. cleanup thunderbird profile - disable-common was commented out + +12. removed disable_mgmgt.inc form server.profile, replace the information -- cgit v1.2.3-54-g00ecf