From 07a01b1f4503ad5681771e2b4c5307db597f81f8 Mon Sep 17 00:00:00 2001 From: Glenn Washburn Date: Tue, 9 Oct 2018 05:43:06 -0500 Subject: Allow include to search userdir then systemdir for "bare" profile file names. --- src/firejail/profile.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 751347b29..c7c8fd9fa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -1367,7 +1367,7 @@ void profile_read(const char *fname) { if (ptr && strlen(ptr) == 6) return; - fprintf(stderr, "Error: cannot access profile file\n"); + fprintf(stderr, "Error: cannot access profile file: %s\n", fname); exit(1); } @@ -1429,17 +1429,22 @@ void profile_read(const char *fname) { if (strncmp(ptr, "include ", 8) == 0) { include_level++; - // extract profile filename and new skip params - char *newprofile = ptr + 8; // profile name + // expand macros in front of the include profile file + char *newprofile = expand_macros(ptr + 8); - // expand ${HOME}/ in front of the new profile file - char *newprofile2 = expand_macros(newprofile); + char *ptr2 = newprofile; + while (*ptr2 != '/' && *ptr2 != '\0') + ptr2++; + // profile path contains no / chars, do a search + if (*ptr2 == '\0') { + profile_find_firejail(newprofile, 0); + } + else { + profile_read(newprofile); + } - // recursivity - profile_read((newprofile2)? newprofile2:newprofile); include_level--; - if (newprofile2) - free(newprofile2); + free(newprofile); free(ptr); continue; } -- cgit v1.2.3-54-g00ecf From b343481c8fb415e91c082aaa4e9319bfcaa9e0a6 Mon Sep 17 00:00:00 2001 From: Glenn Washburn Date: Wed, 10 Oct 2018 01:58:45 -0500 Subject: Update profile manpage to detail added "include" functionality. --- src/man/firejail-profile.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index ca7b52a51..17423cac1 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -113,6 +113,10 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. +The file name may also be just the name without the leading directory components. In this case, first the user config directory (${HOME}/.config/firejail) is searched for the file name and if not found then the system configuration directory is search for the file name. Note: Unlike the \-\-profile option which takes a profile name without the '.profile' suffix, include must be given the full file name. + +Example: "include firefox.profile" will load "${HOME}/.config/firejail/firefox.profile" file and if it does not exist "${CFG}/firefox.profile" will be loaded. + System configuration files in ${CFG} are overwritten during software installation. Persistent configuration at system level is handled in ".local" files. For every profile file in ${CFG} directory, the user can create a corresponding .local file -- cgit v1.2.3-54-g00ecf From 7c533c9aa5aa9d36d51c512bb175059353eae113 Mon Sep 17 00:00:00 2001 From: Glenn Washburn Date: Tue, 9 Oct 2018 06:10:43 -0500 Subject: Remove "/etc/firejail/" from all include paths, now that profile_read will search for the file. --- etc/0ad.profile | 16 ++++++++-------- etc/2048-qt.profile | 18 +++++++++--------- etc/7z.profile | 6 +++--- etc/7za.profile | 6 +++--- etc/7zr.profile | 6 +++--- etc/Cryptocat.profile | 14 +++++++------- etc/Cyberfox.profile | 2 +- etc/Discord.profile | 6 +++--- etc/DiscordCanary.profile | 6 +++--- etc/FossaMail.profile | 2 +- etc/Fritzing.profile | 18 +++++++++--------- etc/Gitter.profile | 2 +- etc/JDownloader.profile | 20 ++++++++++---------- etc/Mathematica.profile | 16 ++++++++-------- etc/Natron.profile | 2 +- etc/QMediathekView.profile | 16 ++++++++-------- etc/Telegram.profile | 2 +- etc/Thunar.profile | 14 +++++++------- etc/Viber.profile | 16 ++++++++-------- etc/VirtualBox.profile | 2 +- etc/XMind.profile | 16 ++++++++-------- etc/Xephyr.profile | 6 +++--- etc/Xvfb.profile | 6 +++--- etc/abrowser.profile | 6 +++--- etc/acat.profile | 6 +++--- etc/adiff.profile | 6 +++--- etc/akonadi_control.profile | 16 ++++++++-------- etc/akregator.profile | 18 +++++++++--------- etc/als.profile | 6 +++--- etc/amarok.profile | 18 +++++++++--------- etc/amule.profile | 16 ++++++++-------- etc/android-studio.profile | 12 ++++++------ etc/anydesk.profile | 16 ++++++++-------- etc/aosp.profile | 14 +++++++------- etc/apack.profile | 6 +++--- etc/apktool.profile | 14 +++++++------- etc/arch-audit.profile | 16 ++++++++-------- etc/archaudit-report.profile | 18 +++++++++--------- etc/ardour4.profile | 2 +- etc/ardour5.profile | 16 ++++++++-------- etc/arduino.profile | 16 ++++++++-------- etc/arepack.profile | 6 +++--- etc/aria2c.profile | 16 ++++++++-------- etc/ark.profile | 16 ++++++++-------- etc/arm.profile | 16 ++++++++-------- etc/artha.profile | 14 +++++++------- etc/asunder.profile | 18 +++++++++--------- etc/atom-beta.profile | 4 ++-- etc/atom.profile | 10 +++++----- etc/atool.profile | 14 +++++++------- etc/atril-previewer.profile | 6 +++--- etc/atril-thumbnailer.profile | 6 +++--- etc/atril.profile | 18 +++++++++--------- etc/audacious.profile | 18 +++++++++--------- etc/audacity.profile | 18 +++++++++--------- etc/aunpack.profile | 6 +++--- etc/authenticator.profile | 14 +++++++------- etc/aweather.profile | 18 +++++++++--------- etc/awesome.profile | 6 +++--- etc/baloo_file.profile | 16 ++++++++-------- etc/baloo_filemetadata_temp_extractor.profile | 6 +++--- etc/baobab.profile | 14 +++++++------- etc/basilisk.profile | 6 +++--- etc/beaker.profile | 12 ++++++------ etc/bibletime.profile | 16 ++++++++-------- etc/bitcoin-qt.profile | 18 +++++++++--------- etc/bitlbee.profile | 16 ++++++++-------- etc/blackbox.profile | 6 +++--- etc/bleachbit.profile | 14 +++++++------- etc/blender-2.8.profile | 2 +- etc/blender.profile | 14 +++++++------- etc/bless.profile | 16 ++++++++-------- etc/bluefish.profile | 16 ++++++++-------- etc/bnox.profile | 6 +++--- etc/brackets.profile | 10 +++++----- etc/brasero.profile | 14 +++++++------- etc/brave.profile | 6 +++--- etc/bsdcat.profile | 2 +- etc/bsdcpio.profile | 2 +- etc/bsdtar.profile | 14 +++++++------- etc/bunzip2.profile | 6 +++--- etc/caja.profile | 14 +++++++------- etc/calibre.profile | 16 ++++++++-------- etc/calligra.profile | 14 +++++++------- etc/calligraauthor.profile | 2 +- etc/calligraconverter.profile | 2 +- etc/calligraflow.profile | 2 +- etc/calligraplan.profile | 2 +- etc/calligraplanwork.profile | 2 +- etc/calligrasheets.profile | 2 +- etc/calligrastage.profile | 2 +- etc/calligrawords.profile | 2 +- etc/catfish.profile | 16 ++++++++-------- etc/checkbashisms.profile | 18 +++++++++--------- etc/cherrytree.profile | 16 ++++++++-------- etc/chromium-browser.profile | 2 +- etc/chromium-common.profile | 16 ++++++++-------- etc/chromium.profile | 6 +++--- etc/cin.profile | 14 +++++++------- etc/cinelerra.profile | 2 +- etc/clamav.profile | 4 ++-- etc/clamdscan.profile | 2 +- etc/clamdtop.profile | 2 +- etc/clamscan.profile | 2 +- etc/clamtk.profile | 4 ++-- etc/claws-mail.profile | 14 +++++++------- etc/clementine.profile | 18 +++++++++--------- etc/clion.profile | 10 +++++----- etc/clipit.profile | 16 ++++++++-------- etc/cliqz.profile | 6 +++--- etc/cmus.profile | 16 ++++++++-------- etc/code.profile | 10 +++++----- etc/conkeror.profile | 10 +++++----- etc/conky.profile | 16 ++++++++-------- etc/corebird.profile | 18 +++++++++--------- etc/cower.profile | 14 +++++++------- etc/cpio.profile | 10 +++++----- etc/cryptocat.profile | 2 +- etc/curl.profile | 10 +++++----- etc/cvlc.profile | 6 +++--- etc/cyberfox.profile | 6 +++--- etc/darktable.profile | 16 ++++++++-------- etc/deadbeef.profile | 16 ++++++++-------- etc/default.profile | 16 ++++++++-------- etc/deluge.profile | 18 +++++++++--------- etc/desktop.profile | 16 ++++++++-------- etc/devilspie.profile | 14 +++++++------- etc/devilspie2.profile | 14 +++++++------- etc/dex2jar.profile | 18 +++++++++--------- etc/dia.profile | 16 ++++++++-------- etc/dig.profile | 20 ++++++++++---------- etc/digikam.profile | 18 +++++++++--------- etc/dillo.profile | 18 +++++++++--------- etc/dino.profile | 16 ++++++++-------- etc/disable-common.inc | 2 +- etc/disable-devel.inc | 2 +- etc/disable-interpreters.inc | 2 +- etc/disable-passwdmgr.inc | 2 +- etc/disable-programs.inc | 2 +- etc/disable-xdg.inc | 2 +- etc/discord-canary.profile | 6 +++--- etc/discord-common.profile | 12 ++++++------ etc/discord.profile | 6 +++--- etc/display.profile | 18 +++++++++--------- etc/dnox.profile | 6 +++--- etc/dnscrypt-proxy.profile | 16 ++++++++-------- etc/dnsmasq.profile | 16 ++++++++-------- etc/dolphin.profile | 14 +++++++------- etc/dooble-qt4.profile | 2 +- etc/dooble.profile | 16 ++++++++-------- etc/dosbox.profile | 18 +++++++++--------- etc/dragon.profile | 18 +++++++++--------- etc/dropbox.profile | 16 ++++++++-------- etc/easystroke.profile | 14 +++++++------- etc/ebook-viewer.profile | 2 +- etc/electron.profile | 10 +++++----- etc/electrum.profile | 20 ++++++++++---------- etc/elinks.profile | 16 ++++++++-------- etc/emacs.profile | 10 +++++----- etc/empathy.profile | 12 ++++++------ etc/enchant-2.profile | 6 +++--- etc/enchant-lsmod-2.profile | 6 +++--- etc/enchant-lsmod.profile | 6 +++--- etc/enchant.profile | 16 ++++++++-------- etc/engrampa.profile | 16 ++++++++-------- etc/enox.profile | 6 +++--- etc/enpass.profile | 18 +++++++++--------- etc/eog.profile | 16 ++++++++-------- etc/eom.profile | 16 ++++++++-------- etc/epiphany.profile | 14 +++++++------- etc/etr.profile | 14 +++++++------- etc/evince-previewer.profile | 6 +++--- etc/evince-thumbnailer.profile | 6 +++--- etc/evince.profile | 18 +++++++++--------- etc/evolution.profile | 14 +++++++------- etc/exiftool.profile | 14 +++++++------- etc/falkon.profile | 18 +++++++++--------- etc/fbreader.profile | 18 +++++++++--------- etc/feh.profile | 14 +++++++------- etc/fetchmail.profile | 14 +++++++------- etc/ffmpeg.profile | 16 ++++++++-------- etc/file-roller.profile | 16 ++++++++-------- etc/file.profile | 10 +++++----- etc/filezilla.profile | 14 +++++++------- etc/firefox-beta.profile | 6 +++--- etc/firefox-common-addons.inc | 2 +- etc/firefox-common.profile | 18 +++++++++--------- etc/firefox-developer-edition.profile | 6 +++--- etc/firefox-esr.profile | 6 +++--- etc/firefox-nightly.profile | 6 +++--- etc/firefox-wayland.profile | 6 +++--- etc/firefox.profile | 6 +++--- etc/flameshot.profile | 16 ++++++++-------- etc/flashpeak-slimjet.profile | 6 +++--- etc/flowblade.profile | 14 +++++++------- etc/fluxbox.profile | 6 +++--- etc/fontforge.profile | 16 ++++++++-------- etc/fossamail.profile | 8 ++++---- etc/franz.profile | 14 +++++++------- etc/freecad.profile | 16 ++++++++-------- etc/freecadcmd.profile | 2 +- etc/freshclam.profile | 4 ++-- etc/frozen-bubble.profile | 18 +++++++++--------- etc/gajim.profile | 16 ++++++++-------- etc/galculator.profile | 18 +++++++++--------- etc/gcloud.profile | 10 +++++----- etc/geany.profile | 10 +++++----- etc/geary.profile | 8 ++++---- etc/gedit.profile | 16 ++++++++-------- etc/geeqie.profile | 14 +++++++------- etc/ghb.profile | 2 +- etc/gimp-2.10.profile | 2 +- etc/gimp-2.8.profile | 2 +- etc/gimp.profile | 14 +++++++------- etc/git.profile | 10 +++++----- etc/gitg.profile | 16 ++++++++-------- etc/gitter.profile | 16 ++++++++-------- etc/gjs.profile | 14 +++++++------- etc/globaltime.profile | 16 ++++++++-------- etc/gnome-2048.profile | 18 +++++++++--------- etc/gnome-books.profile | 18 +++++++++--------- etc/gnome-builder.profile | 10 +++++----- etc/gnome-calculator.profile | 20 ++++++++++---------- etc/gnome-chess.profile | 18 +++++++++--------- etc/gnome-clocks.profile | 18 +++++++++--------- etc/gnome-contacts.profile | 20 ++++++++++---------- etc/gnome-documents.profile | 16 ++++++++-------- etc/gnome-font-viewer.profile | 18 +++++++++--------- etc/gnome-logs.profile | 18 +++++++++--------- etc/gnome-maps.profile | 18 +++++++++--------- etc/gnome-mplayer.profile | 16 ++++++++-------- etc/gnome-mpv.profile | 18 +++++++++--------- etc/gnome-music.profile | 18 +++++++++--------- etc/gnome-photos.profile | 16 ++++++++-------- etc/gnome-pie.profile | 14 +++++++------- etc/gnome-recipes.profile | 18 +++++++++--------- etc/gnome-ring.profile | 16 ++++++++-------- etc/gnome-twitch.profile | 16 ++++++++-------- etc/gnome-weather.profile | 18 +++++++++--------- etc/goobox.profile | 16 ++++++++-------- etc/google-chrome-beta.profile | 6 +++--- etc/google-chrome-stable.profile | 2 +- etc/google-chrome-unstable.profile | 6 +++--- etc/google-chrome.profile | 6 +++--- etc/google-earth.profile | 16 ++++++++-------- etc/google-play-music-desktop-player.profile | 16 ++++++++-------- etc/gpa.profile | 14 +++++++------- etc/gpg-agent.profile | 14 +++++++------- etc/gpg.profile | 14 +++++++------- etc/gpicview.profile | 16 ++++++++-------- etc/gpredict.profile | 16 ++++++++-------- etc/gradio.profile | 18 +++++++++--------- etc/gtar.profile | 2 +- etc/gthumb.profile | 14 +++++++------- etc/guayadeque.profile | 16 ++++++++-------- etc/gucharmap.profile | 16 ++++++++-------- etc/gunzip.profile | 6 +++--- etc/gwenview.profile | 16 ++++++++-------- etc/gzip.profile | 6 +++--- etc/handbrake-gtk.profile | 2 +- etc/handbrake.profile | 18 +++++++++--------- etc/hashcat.profile | 16 ++++++++-------- etc/hedgewars.profile | 16 ++++++++-------- etc/hexchat.profile | 18 +++++++++--------- etc/highlight.profile | 14 +++++++------- etc/hugin.profile | 16 ++++++++-------- etc/i3.profile | 6 +++--- etc/icecat.profile | 6 +++--- etc/icedove.profile | 8 ++++---- etc/iceweasel.profile | 6 +++--- etc/idea.profile | 6 +++--- etc/idea.sh.profile | 10 +++++----- etc/ideaIC.profile | 6 +++--- etc/imagej.profile | 14 +++++++------- etc/img2txt.profile | 16 ++++++++-------- etc/inkscape.profile | 18 +++++++++--------- etc/inox.profile | 6 +++--- etc/iridium-browser.profile | 2 +- etc/iridium.profile | 6 +++--- etc/itch.profile | 16 ++++++++-------- etc/jd-gui.profile | 18 +++++++++--------- etc/jdownloader.profile | 6 +++--- etc/jitsi.profile | 14 +++++++------- etc/k3b.profile | 18 +++++++++--------- etc/kaffeine.profile | 18 +++++++++--------- etc/karbon.profile | 2 +- etc/kate.profile | 16 ++++++++-------- etc/kcalc.profile | 18 +++++++++--------- etc/kdeinit4.profile | 16 ++++++++-------- etc/kdenlive.profile | 14 +++++++------- etc/keepass.profile | 16 ++++++++-------- etc/keepass2.profile | 2 +- etc/keepassx.profile | 18 +++++++++--------- etc/keepassx2.profile | 2 +- etc/keepassxc.profile | 18 +++++++++--------- etc/kget.profile | 16 ++++++++-------- etc/kino.profile | 14 +++++++------- etc/kmail.profile | 16 ++++++++-------- etc/knotes.profile | 6 +++--- etc/kodi.profile | 18 +++++++++--------- etc/konversation.profile | 16 ++++++++-------- etc/kopete.profile | 16 ++++++++-------- etc/krita.profile | 16 ++++++++-------- etc/krunner.profile | 16 ++++++++-------- etc/ktorrent.profile | 18 +++++++++--------- etc/kwin_x11.profile | 16 ++++++++-------- etc/kwrite.profile | 18 +++++++++--------- etc/lbunzip2.profile | 2 +- etc/lbzcat.profile | 2 +- etc/lbzip2.profile | 2 +- etc/leafpad.profile | 16 ++++++++-------- etc/less.profile | 6 +++--- etc/libreoffice.profile | 14 +++++++------- etc/liferea.profile | 18 +++++++++--------- etc/linphone.profile | 16 ++++++++-------- etc/lmms.profile | 16 ++++++++-------- etc/lobase.profile | 2 +- etc/localc.profile | 2 +- etc/lodraw.profile | 2 +- etc/loffice.profile | 2 +- etc/lofromtemplate.profile | 2 +- etc/loimpress.profile | 2 +- etc/lollypop.profile | 18 +++++++++--------- etc/lomath.profile | 2 +- etc/loweb.profile | 2 +- etc/lowriter.profile | 2 +- etc/luminance-hdr.profile | 16 ++++++++-------- etc/lximage-qt.profile | 14 +++++++------- etc/lxmusic.profile | 18 +++++++++--------- etc/lynx.profile | 16 ++++++++-------- etc/lzcat.profile | 2 +- etc/lzcmp.profile | 2 +- etc/lzdiff.profile | 2 +- etc/lzegrep.profile | 2 +- etc/lzfgrep.profile | 2 +- etc/lzgrep.profile | 2 +- etc/lzip.profile | 2 +- etc/lzless.profile | 2 +- etc/lzma.profile | 2 +- etc/lzmadec.profile | 2 +- etc/lzmainfo.profile | 2 +- etc/lzmore.profile | 2 +- etc/macrofusion.profile | 16 ++++++++-------- etc/makepkg.profile | 10 +++++----- etc/masterpdfeditor.profile | 16 ++++++++-------- etc/masterpdfeditor4.profile | 6 +++--- etc/masterpdfeditor5.profile | 6 +++--- etc/mate-calc.profile | 14 +++++++------- etc/mate-calculator.profile | 2 +- etc/mate-color-select.profile | 14 +++++++------- etc/mate-dictionary.profile | 14 +++++++------- etc/mathematica.profile | 2 +- etc/mcabber.profile | 14 +++++++------- etc/mediainfo.profile | 14 +++++++------- etc/mediathekview.profile | 16 ++++++++-------- etc/meld.profile | 14 +++++++------- etc/mencoder.profile | 16 ++++++++-------- etc/midori.profile | 14 +++++++------- etc/min.profile | 16 ++++++++-------- etc/minetest.profile | 18 +++++++++--------- etc/mousepad.profile | 16 ++++++++-------- etc/mpd.profile | 16 ++++++++-------- etc/mplayer.profile | 18 +++++++++--------- etc/mpv.profile | 18 +++++++++--------- etc/ms-excel.profile | 6 +++--- etc/ms-office.profile | 14 +++++++------- etc/ms-onenote.profile | 6 +++--- etc/ms-outlook.profile | 6 +++--- etc/ms-powerpoint.profile | 6 +++--- etc/ms-skype.profile | 6 +++--- etc/ms-word.profile | 6 +++--- etc/multimc5.profile | 16 ++++++++-------- etc/mumble.profile | 18 +++++++++--------- etc/mupdf.profile | 18 +++++++++--------- etc/mupen64plus.profile | 16 ++++++++-------- etc/musescore.profile | 18 +++++++++--------- etc/musixmatch.profile | 14 +++++++------- etc/mutt.profile | 14 +++++++------- etc/natron.profile | 14 +++++++------- etc/nautilus.profile | 14 +++++++------- etc/ncdu.profile | 4 ++-- etc/nemo.profile | 12 ++++++------ etc/netsurf.profile | 14 +++++++------- etc/neverball.profile | 16 ++++++++-------- etc/nheko.profile | 16 ++++++++-------- etc/nitroshare-cli.profile | 2 +- etc/nitroshare-nmh.profile | 2 +- etc/nitroshare-send.profile | 2 +- etc/nitroshare-ui.profile | 2 +- etc/nitroshare.profile | 14 +++++++------- etc/nylas.profile | 16 ++++++++-------- etc/obs.profile | 18 +++++++++--------- etc/odt2txt.profile | 16 ++++++++-------- etc/okular.profile | 18 +++++++++--------- etc/onionshare-gui.profile | 16 ++++++++-------- etc/open-invaders.profile | 16 ++++++++-------- etc/openbox.profile | 6 +++--- etc/openshot-qt.profile | 2 +- etc/openshot.profile | 16 ++++++++-------- etc/opera-beta.profile | 6 +++--- etc/opera.profile | 6 +++--- etc/orage.profile | 16 ++++++++-------- etc/p7zip.profile | 6 +++--- etc/palemoon.profile | 6 +++--- etc/parole.profile | 16 ++++++++-------- etc/patch.profile | 16 ++++++++-------- etc/pcmanfm.profile | 14 +++++++------- etc/pdfchain.profile | 18 +++++++++--------- etc/pdfmod.profile | 18 +++++++++--------- etc/pdfsam.profile | 16 ++++++++-------- etc/pdftotext.profile | 18 +++++++++--------- etc/peek.profile | 16 ++++++++-------- etc/picard.profile | 18 +++++++++--------- etc/pidgin.profile | 14 +++++++------- etc/ping.profile | 20 ++++++++++---------- etc/pingus.profile | 16 ++++++++-------- etc/pinta.profile | 16 ++++++++-------- etc/pithos.profile | 20 ++++++++++---------- etc/pitivi.profile | 16 ++++++++-------- etc/pix.profile | 14 +++++++------- etc/playonlinux.profile | 12 ++++++------ etc/pluma.profile | 16 ++++++++-------- etc/polari.profile | 14 +++++++------- etc/ppsspp.profile | 18 +++++++++--------- etc/psi-plus.profile | 16 ++++++++-------- etc/pybitmessage.profile | 16 ++++++++-------- etc/pycharm-community.profile | 12 ++++++------ etc/pycharm-professional.profile | 2 +- etc/qbittorrent.profile | 18 +++++++++--------- etc/qemu-launcher.profile | 10 +++++----- etc/qemu-system-x86_64.profile | 10 +++++----- etc/qlipper.profile | 16 ++++++++-------- etc/qmmp.profile | 14 +++++++------- etc/qpdfview.profile | 18 +++++++++--------- etc/qtox.profile | 18 +++++++++--------- etc/quassel.profile | 12 ++++++------ etc/quiterss.profile | 16 ++++++++-------- etc/qupzilla.profile | 18 +++++++++--------- etc/qutebrowser.profile | 14 +++++++------- etc/rambox.profile | 14 +++++++------- etc/ranger.profile | 14 +++++++------- etc/redeclipse.profile | 18 +++++++++--------- etc/remmina.profile | 18 +++++++++--------- etc/rhythmbox.profile | 18 +++++++++--------- etc/ricochet.profile | 16 ++++++++-------- etc/riot-desktop.profile | 6 +++--- etc/riot-web.profile | 8 ++++---- etc/ristretto.profile | 14 +++++++------- etc/rocketchat.profile | 8 ++++---- etc/rtorrent.profile | 14 +++++++------- etc/runenpass.sh.profile | 2 +- etc/rview.profile | 6 +++--- etc/rvim.profile | 6 +++--- etc/sayonara.profile | 14 +++++++------- etc/scallion.profile | 16 ++++++++-------- etc/scribus.profile | 18 +++++++++--------- etc/sdat2img.profile | 18 +++++++++--------- etc/seamonkey-bin.profile | 2 +- etc/seamonkey.profile | 14 +++++++------- etc/server.profile | 16 ++++++++-------- etc/shellcheck.profile | 18 +++++++++--------- etc/shotcut.profile | 14 +++++++------- etc/signal-desktop.profile | 18 +++++++++--------- etc/silentarmy.profile | 18 +++++++++--------- etc/simple-scan.profile | 16 ++++++++-------- etc/simutrans.profile | 16 ++++++++-------- etc/skanlite.profile | 16 ++++++++-------- etc/skype.profile | 14 +++++++------- etc/skypeforlinux.profile | 14 +++++++------- etc/slack.profile | 18 +++++++++--------- etc/smplayer.profile | 18 +++++++++--------- etc/smtube.profile | 18 +++++++++--------- etc/snap.profile | 12 ++++++------ etc/snox.profile | 6 +++--- etc/soffice.profile | 2 +- etc/soundconverter.profile | 18 +++++++++--------- etc/spectre-meltdown-checker.profile | 18 +++++++++--------- etc/spotify.profile | 18 +++++++++--------- etc/sqlitebrowser.profile | 18 +++++++++--------- etc/ssh-agent.profile | 10 +++++----- etc/ssh.profile | 10 +++++----- etc/standardnotes-desktop.profile | 16 ++++++++-------- etc/start-tor-browser.desktop.profile | 2 +- etc/start-tor-browser.profile | 18 +++++++++--------- etc/steam-native.profile | 2 +- etc/steam.profile | 16 ++++++++-------- etc/stellarium.profile | 18 +++++++++--------- etc/strings.profile | 6 +++--- etc/studio.sh.profile | 2 +- etc/supertux2.profile | 18 +++++++++--------- etc/surf.profile | 14 +++++++------- etc/sylpheed.profile | 14 +++++++------- etc/synfigstudio.profile | 14 +++++++------- etc/tar.profile | 6 +++--- etc/teamspeak3.profile | 16 ++++++++-------- etc/telegram-desktop.profile | 2 +- etc/telegram.profile | 12 ++++++------ etc/terasology.profile | 16 ++++++++-------- etc/thunar.profile | 2 +- etc/thunderbird-beta.profile | 2 +- etc/thunderbird.profile | 6 +++--- etc/tilp.profile | 14 +++++++------- etc/tor-browser-ar.profile | 2 +- etc/tor-browser-en-us.profile | 2 +- etc/tor-browser-en.profile | 2 +- etc/tor-browser-es-es.profile | 2 +- etc/tor-browser-es.profile | 2 +- etc/tor-browser-fa.profile | 2 +- etc/tor-browser-fr.profile | 2 +- etc/tor-browser-it.profile | 2 +- etc/tor-browser-ja.profile | 2 +- etc/tor-browser-ko.profile | 2 +- etc/tor-browser-pl.profile | 2 +- etc/tor-browser-pt-br.profile | 2 +- etc/tor-browser-ru.profile | 2 +- etc/tor-browser-vi.profile | 2 +- etc/tor-browser-zh-cn.profile | 2 +- etc/tor.profile | 16 ++++++++-------- etc/torbrowser-launcher.profile | 20 ++++++++++---------- etc/totem.profile | 18 +++++++++--------- etc/tracker.profile | 14 +++++++------- etc/transmission-cli.profile | 14 +++++++------- etc/transmission-gtk.profile | 18 +++++++++--------- etc/transmission-qt.profile | 18 +++++++++--------- etc/transmission-show.profile | 14 +++++++------- etc/truecraft.profile | 16 ++++++++-------- etc/tuxguitar.profile | 18 +++++++++--------- etc/uefitool.profile | 16 ++++++++-------- etc/uget-gtk.profile | 14 +++++++------- etc/unbound.profile | 16 ++++++++-------- etc/unknown-horizons.profile | 12 ++++++------ etc/unlzma.profile | 2 +- etc/unrar.profile | 6 +++--- etc/unxz.profile | 2 +- etc/unzip.profile | 6 +++--- etc/uudeview.profile | 6 +++--- etc/uzbl-browser.profile | 14 +++++++------- etc/viewnior.profile | 14 +++++++------- etc/viking.profile | 16 ++++++++-------- etc/vim.profile | 10 +++++----- etc/vimcat.profile | 6 +++--- etc/vimdiff.profile | 6 +++--- etc/vimpager.profile | 6 +++--- etc/vimtutor.profile | 6 +++--- etc/virtualbox.profile | 14 +++++++------- etc/vivaldi-beta.profile | 2 +- etc/vivaldi-snapshot.profile | 6 +++--- etc/vivaldi-stable.profile | 2 +- etc/vivaldi.profile | 6 +++--- etc/vlc.profile | 18 +++++++++--------- etc/vym.profile | 14 +++++++------- etc/w3m.profile | 16 ++++++++-------- etc/warzone2100.profile | 18 +++++++++--------- etc/waterfox.profile | 6 +++--- etc/webstorm.profile | 14 +++++++------- etc/weechat-curses.profile | 2 +- etc/weechat.profile | 8 ++++---- etc/wesnoth.profile | 16 ++++++++-------- etc/wget.profile | 12 ++++++------ etc/whitelist-common.inc | 2 +- etc/whitelist-var-common.inc | 2 +- etc/whois.profile | 18 +++++++++--------- etc/wine.profile | 12 ++++++------ etc/wire-desktop.profile | 16 ++++++++-------- etc/wireshark-gtk.profile | 2 +- etc/wireshark-qt.profile | 2 +- etc/wireshark.profile | 18 +++++++++--------- etc/x-terminal-emulator.profile | 4 ++-- etc/xcalc.profile | 18 +++++++++--------- etc/xchat.profile | 10 +++++----- etc/xed.profile | 16 ++++++++-------- etc/xfburn.profile | 14 +++++++------- etc/xfce4-dict.profile | 14 +++++++------- etc/xfce4-notes.profile | 14 +++++++------- etc/xiphos.profile | 16 ++++++++-------- etc/xmms.profile | 16 ++++++++-------- etc/xmr-stak.profile | 18 +++++++++--------- etc/xonotic-glx.profile | 2 +- etc/xonotic-sdl.profile | 2 +- etc/xonotic.profile | 18 +++++++++--------- etc/xpdf.profile | 18 +++++++++--------- etc/xplayer-audio-preview.profile | 6 +++--- etc/xplayer-video-thumbnailer.profile | 6 +++--- etc/xplayer.profile | 18 +++++++++--------- etc/xpra.profile | 14 +++++++------- etc/xreader-previewer.profile | 6 +++--- etc/xreader-thumbnailer.profile | 6 +++--- etc/xreader.profile | 18 +++++++++--------- etc/xviewer.profile | 16 ++++++++-------- etc/xxd.profile | 6 +++--- etc/xz.profile | 2 +- etc/xzcat.profile | 2 +- etc/xzcmp.profile | 2 +- etc/xzdec.profile | 6 +++--- etc/xzdiff.profile | 2 +- etc/xzegrep.profile | 2 +- etc/xzfgrep.profile | 2 +- etc/xzgrep.profile | 2 +- etc/xzless.profile | 2 +- etc/xzmore.profile | 2 +- etc/yandex-browser.profile | 6 +++--- etc/youtube-dl.profile | 18 +++++++++--------- etc/zaproxy.profile | 18 +++++++++--------- etc/zart.profile | 16 ++++++++-------- etc/zathura.profile | 16 ++++++++-------- etc/zoom.profile | 14 +++++++------- 606 files changed, 3406 insertions(+), 3406 deletions(-) diff --git a/etc/0ad.profile b/etc/0ad.profile index f9320f6c7..d20fdb014 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -2,19 +2,19 @@ # Description: Real-time strategy game of ancient warfare # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/0ad.local +include 0ad.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/0ad noblacklist ${HOME}/.config/0ad noblacklist ${HOME}/.local/share/0ad -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/0ad mkdir ${HOME}/.config/0ad @@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/0ad whitelist ${HOME}/.cache/0ad whitelist ${HOME}/.config/0ad whitelist ${HOME}/.local/share/0ad -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 56b38f5a2..03e71485a 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -2,25 +2,25 @@ # Description: Mathematics based puzzle game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/2048-qt.local +include 2048-qt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/2048-qt noblacklist ${HOME}/.config/xiaoyong -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/2048-qt mkdir ${HOME}/.config/xiaoyong whitelist ${HOME}/.config/2048-qt whitelist ${HOME}/.config/xiaoyong -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/7z.profile b/etc/7z.profile index e3f27b93f..909f3baf8 100644 --- a/etc/7z.profile +++ b/etc/7z.profile @@ -2,10 +2,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/7z.local +include 7z.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -22,4 +22,4 @@ tracelog private-dev -include /etc/firejail/default.profile +include default.profile diff --git a/etc/7za.profile b/etc/7za.profile index e035bf4f5..28e483a8c 100644 --- a/etc/7za.profile +++ b/etc/7za.profile @@ -1,10 +1,10 @@ # Firejail profile for 7za # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/7za.local +include 7za.local # Persistent global definitions # added by included profile -#include /etc/firejail/globals.local +#include globals.local # Redirect -include /etc/firejail/7z.profile +include 7z.profile diff --git a/etc/7zr.profile b/etc/7zr.profile index e48c5494e..1b85badbc 100644 --- a/etc/7zr.profile +++ b/etc/7zr.profile @@ -1,10 +1,10 @@ # Firejail profile for 7zr # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/7zr.local +include 7zr.local # Persistent global definitions # added by included profile -#include /etc/firejail/globals.local +#include globals.local # Redirect -include /etc/firejail/7z.profile +include 7z.profile diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index f1336be3e..cd5229576 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile @@ -1,17 +1,17 @@ # Firejail profile for Cryptocat # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Cryptocat.local +include Cryptocat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Cryptocat -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/Cyberfox.profile b/etc/Cyberfox.profile index 202bc26f4..2fb21e3cf 100644 --- a/etc/Cyberfox.profile +++ b/etc/Cyberfox.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/cyberfox.profile +include cyberfox.profile diff --git a/etc/Discord.profile b/etc/Discord.profile index 951357387..9a8957265 100644 --- a/etc/Discord.profile +++ b/etc/Discord.profile @@ -1,9 +1,9 @@ # Firejail profile for Discord # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Discord.local +include Discord.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/discord @@ -15,4 +15,4 @@ private-bin Discord private-opt Discord #Redirect -include /etc/firejail/discord-common.profile +include discord-common.profile diff --git a/etc/DiscordCanary.profile b/etc/DiscordCanary.profile index f7b0e2c56..0624ff949 100644 --- a/etc/DiscordCanary.profile +++ b/etc/DiscordCanary.profile @@ -1,9 +1,9 @@ # Firejail profile for DiscordCanary # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/DiscordCanary.local +include DiscordCanary.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/discordcanary @@ -15,4 +15,4 @@ private-bin DiscordCanary private-opt DiscordCanary #Redirect -include /etc/firejail/discord-common.profile +include discord-common.profile diff --git a/etc/FossaMail.profile b/etc/FossaMail.profile index 01e338ef2..55fd43515 100644 --- a/etc/FossaMail.profile +++ b/etc/FossaMail.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/fossamail.profile +include fossamail.profile diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile index 2e4d235b6..1e8fd0ffe 100644 --- a/etc/Fritzing.profile +++ b/etc/Fritzing.profile @@ -2,21 +2,21 @@ # Description: Easy-to-use electronic design software # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Fritzing.local +include Fritzing.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Fritzing noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/Gitter.profile b/etc/Gitter.profile index b12dbd450..53e66d108 100644 --- a/etc/Gitter.profile +++ b/etc/Gitter.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/gitter.profile +include gitter.profile diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index 659a41603..6eb8886bc 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile @@ -1,9 +1,9 @@ # Firejail profile for JDownloader # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/JDownloader.local +include JDownloader.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.jd @@ -14,18 +14,18 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.jd whitelist ${HOME}/.jd whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index deff02028..6aba2678b 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -1,25 +1,25 @@ # Firejail profile for Mathematica # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Mathematica.local +include Mathematica.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Mathematica noblacklist ${HOME}/.Wolfram Research -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.Mathematica mkdir ${HOME}/.Wolfram Research whitelist ${HOME}/.Mathematica whitelist ${HOME}/.Wolfram Research whitelist ${HOME}/Documents/Wolfram Mathematica -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all nodvd diff --git a/etc/Natron.profile b/etc/Natron.profile index b21790fe4..aadd68c5c 100644 --- a/etc/Natron.profile +++ b/etc/Natron.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/natron.profile +include natron.profile diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index 558f62f0e..f969cd855 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile @@ -2,9 +2,9 @@ # Description: Search, download or stream files from mediathek.de # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/QMediathekView.local +include QMediathekView.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/QMediathekView noblacklist ${HOME}/.local/share/QMediathekView @@ -18,13 +18,13 @@ noblacklist ${HOME}/.local/share/totem noblacklist ${HOME}/.local/share/xplayer noblacklist ${HOME}/.mplayer -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/Telegram.profile b/etc/Telegram.profile index df6557a90..51e4d9765 100644 --- a/etc/Telegram.profile +++ b/etc/Telegram.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/telegram.profile +include telegram.profile diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 6de6cfb30..9937f3883 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile @@ -2,19 +2,19 @@ # Description: File Manager for Xfce # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Thunar.local +include Thunar.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/Trash noblacklist ${HOME}/.config/Thunar noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc caps.drop all netfilter diff --git a/etc/Viber.profile b/etc/Viber.profile index cb9d01e03..01bb49a99 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile @@ -1,22 +1,22 @@ # Firejail profile for Viber # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Viber.local +include Viber.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.ViberPC -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.ViberPC -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile index c84b8a4ad..5fe8f1c57 100644 --- a/etc/VirtualBox.profile +++ b/etc/VirtualBox.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/virtualbox.profile +include virtualbox.profile diff --git a/etc/XMind.profile b/etc/XMind.profile index ff6258ca2..2f650950c 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile @@ -1,22 +1,22 @@ # Firejail profile for XMind # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/XMind.local +include XMind.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.xmind -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.xmind whitelist ${HOME}/.xmind whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index c0c322b67..56e0cf8e7 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile @@ -1,9 +1,9 @@ # Firejail profile for Xephyr # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Xephyr.local +include Xephyr.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. @@ -18,7 +18,7 @@ include /etc/firejail/globals.local blacklist /media whitelist /var/lib/xkb -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all # Xephyr needs to be allowed access to the abstract Unix socket namespace. diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 4ae2d20d2..d71a69903 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -2,9 +2,9 @@ # Description: Virtual Framebuffer 'fake' X server # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/Xvfb.local +include Xvfb.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # # This profile will sandbox Xvfb server itself when used with firejail --x11=xvfb. @@ -20,7 +20,7 @@ include /etc/firejail/globals.local blacklist /media whitelist /var/lib/xkb -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all # Xvfb needs to be allowed access to the abstract Unix socket namespace. diff --git a/etc/abrowser.profile b/etc/abrowser.profile index d757d6f49..010247c6b 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -1,9 +1,9 @@ # Firejail profile for abrowser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/abrowser.local +include abrowser.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla @@ -18,4 +18,4 @@ whitelist ${HOME}/.mozilla # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/acat.profile b/etc/acat.profile index 08593585c..0b4579035 100644 --- a/etc/acat.profile +++ b/etc/acat.profile @@ -1,9 +1,9 @@ # Firejail profile for acat # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/acat.local +include acat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atool.profile +include atool.profile diff --git a/etc/adiff.profile b/etc/adiff.profile index 2c114d765..9073b1477 100644 --- a/etc/adiff.profile +++ b/etc/adiff.profile @@ -1,9 +1,9 @@ # Firejail profile for adiff # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/adiff.local +include adiff.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atool.profile +include atool.profile diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 0cbe306e8..7ea57e235 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile @@ -1,8 +1,8 @@ # Firejail profile for akonadi_control # Persistent local customizations -include /etc/firejail/akonadi_control.local +include akonadi_control.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/akonadi* noblacklist ${HOME}/.config/akonadi* @@ -20,13 +20,13 @@ noblacklist ${HOME}/.local/share/notes noblacklist /tmp/akonadi-* noblacklist /usr/sbin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # disabled options below are not compatible with the apparmor profile for mysqld-akonadi. # this affects ubuntu and debian currently diff --git a/etc/akregator.profile b/etc/akregator.profile index af8dd2a3e..8147e33e5 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile @@ -2,26 +2,26 @@ # Description: RSS/Atom feed aggregator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/akregator.local +include akregator.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/akregatorrc noblacklist ${HOME}/.local/share/akregator -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkfile ${HOME}/.config/akregatorrc mkdir ${HOME}/.local/share/akregator whitelist ${HOME}/.config/akregatorrc whitelist ${HOME}/.local/share/akregator whitelist ${HOME}/.local/share/kssl -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/als.profile b/etc/als.profile index 8cd9a9182..24b8b976b 100644 --- a/etc/als.profile +++ b/etc/als.profile @@ -1,9 +1,9 @@ # Firejail profile for als # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/als.local +include als.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atool.profile +include atool.profile diff --git a/etc/amarok.profile b/etc/amarok.profile index 3ee50a20b..71bd87241 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile @@ -2,20 +2,20 @@ # Description: Easy to use media player based on the KDE Platform # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/amarok.local +include amarok.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/amule.profile b/etc/amule.profile index f052a312f..a7b6f0770 100644 --- a/etc/amule.profile +++ b/etc/amule.profile @@ -2,22 +2,22 @@ # Description: Client for the eD2k and Kad networks, like eMule # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/amule.local +include amule.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.aMule -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.aMule -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 8f5cd56cc..180e4871b 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile @@ -1,9 +1,9 @@ # Firejail profile for android-studio # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/android-studio.local +include android-studio.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.AndroidStudio* noblacklist ${HOME}/.android @@ -16,11 +16,11 @@ noblacklist ${HOME}/.local/share/JetBrains noblacklist ${HOME}/.ssh noblacklist ${HOME}/.tooling -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/anydesk.profile b/etc/anydesk.profile index 17e083f4e..bd66f984b 100644 --- a/etc/anydesk.profile +++ b/etc/anydesk.profile @@ -1,21 +1,21 @@ # Firejail profile for AnyDesk # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/anydesk.local +include anydesk.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.anydesk -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-interpreters.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-interpreters.inc mkdir ${HOME}/.anydesk whitelist ${HOME}/.anydesk -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/aosp.profile b/etc/aosp.profile index 8622d6acd..a4eea4bad 100644 --- a/etc/aosp.profile +++ b/etc/aosp.profile @@ -1,9 +1,9 @@ # Firejail profile for aosp # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/aosp.local +include aosp.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.android @@ -18,12 +18,12 @@ noblacklist ${HOME}/.repoconfig noblacklist ${HOME}/.ssh noblacklist ${HOME}/.tooling -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/apack.profile b/etc/apack.profile index ad44b227e..bd5e49a01 100644 --- a/etc/apack.profile +++ b/etc/apack.profile @@ -1,9 +1,9 @@ # Firejail profile for apack # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/apack.local +include apack.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atool.profile +include atool.profile diff --git a/etc/apktool.profile b/etc/apktool.profile index d157b1478..552c35321 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile @@ -3,16 +3,16 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/apktool.local +include apktool.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 9cd200ef2..e76f86fa4 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile @@ -3,19 +3,19 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/arch-audit.local +include arch-audit.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist /var/lib/pacman -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 27b15412f..1b029d1ac 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile @@ -2,21 +2,21 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/archaudit-report.local +include archaudit-report.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist /var/lib/pacman -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/ardour4.profile b/etc/ardour4.profile index 7d1163174..5c22b57d0 100644 --- a/etc/ardour4.profile +++ b/etc/ardour4.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/ardour5.profile +include ardour5.profile diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 99649cc3f..9bce48b91 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile @@ -1,9 +1,9 @@ # Firejail profile for ardour5 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ardour5.local +include ardour5.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/ardour4 noblacklist ${HOME}/.config/ardour5 @@ -12,12 +12,12 @@ noblacklist ${HOME}/.vst noblacklist ${DOCUMENTS} noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/arduino.profile b/etc/arduino.profile index 9f28cada4..6c2375fae 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile @@ -2,9 +2,9 @@ # Description: AVR development board IDE and built-in libraries # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/arduino.local +include arduino.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.arduino15 noblacklist ${HOME}/.java @@ -17,12 +17,12 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/arepack.profile b/etc/arepack.profile index f7a9f724a..f5584b2be 100644 --- a/etc/arepack.profile +++ b/etc/arepack.profile @@ -1,9 +1,9 @@ # Firejail profile for arepack # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/arepack.local +include arepack.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atool.profile +include atool.profile diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 4231c58ff..bc341d710 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile @@ -2,18 +2,18 @@ # Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/aria2c.local +include aria2c.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.aria2 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/ark.profile b/etc/ark.profile index d5a7f45f4..75dc76c7f 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -2,19 +2,19 @@ # Description: Archive utility # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ark.local +include ark.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/arkrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/arm.profile b/etc/arm.profile index da9b45928..667b8f06e 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -2,9 +2,9 @@ # Description: Terminal status monitor for Tor relays # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/arm.local +include arm.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.arm @@ -14,15 +14,15 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.arm whitelist ${HOME}/.arm -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/artha.profile b/etc/artha.profile index befe9295f..7b0c6735b 100644 --- a/etc/artha.profile +++ b/etc/artha.profile @@ -2,18 +2,18 @@ # Description: A free cross-platform English thesaurus based on WordNet # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/artha.local +include artha.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/artha.conf noblacklist ${HOME}/.config/enchant -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/asunder.profile b/etc/asunder.profile index 9c059ed0a..4efe62c39 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile @@ -2,9 +2,9 @@ # Description: Graphical audio CD ripper and encoder # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/asunder.local +include asunder.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/asunder noblacklist ${HOME}/.asunder_album_genre @@ -12,14 +12,14 @@ noblacklist ${HOME}/.asunder_album_title noblacklist ${HOME}/.asunder_album_artist noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index a153d08b4..36baee5c4 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile @@ -1,6 +1,6 @@ # Firejail profile for atom-beta # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/atom-beta.local +include atom-beta.local # Profile redirect -include /etc/firejail/atom.profile +include atom.profile diff --git a/etc/atom.profile b/etc/atom.profile index 1ff4e162d..0d9626396 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -2,16 +2,16 @@ # Description: A hackable text editor for the 21st Century # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/atom.local +include atom.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.atom noblacklist ${HOME}/.config/Atom -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all # net none diff --git a/etc/atool.profile b/etc/atool.profile index c672ed11d..d7b02a23a 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -2,9 +2,9 @@ # Description: Tool for managing file archives of various types # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/atool.local +include atool.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix @@ -15,11 +15,11 @@ noblacklist ${PATH}/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/atril-previewer.profile b/etc/atril-previewer.profile index 5d841bc0e..3f24acefa 100644 --- a/etc/atril-previewer.profile +++ b/etc/atril-previewer.profile @@ -1,10 +1,10 @@ # Firejail profile for atril-previewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/atril-previewer.local +include atril-previewer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atril.profile +include atril.profile diff --git a/etc/atril-thumbnailer.profile b/etc/atril-thumbnailer.profile index 88c74735d..de4a52514 100644 --- a/etc/atril-thumbnailer.profile +++ b/etc/atril-thumbnailer.profile @@ -1,10 +1,10 @@ # Firejail profile for atril-thumbnailer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/atril-thumbnailer.local +include atril-thumbnailer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atril.profile +include atril.profile diff --git a/etc/atril.profile b/etc/atril.profile index 6e5286e5f..85c9c04ca 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -2,9 +2,9 @@ # Description: MATE document viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/atril.local +include atril.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/atril noblacklist ${HOME}/.config/atril @@ -13,14 +13,14 @@ noblacklist ${DOCUMENTS} #noblacklist ${HOME}/.local/share # it seems to use only ${HOME}/.local/share/webkitgtk -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor caps.drop all diff --git a/etc/audacious.profile b/etc/audacious.profile index 627c1a72d..9a95769ba 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -2,22 +2,22 @@ # Description: Small and fast audio player which supports lots of formats # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/audacious.local +include audacious.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Audaciousrc noblacklist ${HOME}/.config/audacious noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/audacity.profile b/etc/audacity.profile index 685319f7f..44237cdc5 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -2,22 +2,22 @@ # Description: Fast, cross-platform audio editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/audacity.local +include audacity.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.audacity-data noblacklist ${DOCUMENTS} noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/aunpack.profile b/etc/aunpack.profile index 4f03ac60d..cde9473e3 100644 --- a/etc/aunpack.profile +++ b/etc/aunpack.profile @@ -1,9 +1,9 @@ # Firejail profile for aunpack # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/aunpack.local +include aunpack.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/atool.profile +include atool.profile diff --git a/etc/authenticator.profile b/etc/authenticator.profile index f10abdda8..46473484e 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile @@ -2,9 +2,9 @@ # Description: 2FA code generator for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/authenticator.local +include authenticator.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # blacklisted in 'disable-programs.local' noblacklist ${HOME}/.config/Authenticator @@ -13,11 +13,11 @@ noblacklist ${HOME}/.config/Authenticator noblacklist ${PATH}/python3* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc # apparmor caps.drop all diff --git a/etc/aweather.profile b/etc/aweather.profile index 823b07c8c..99829898b 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -2,22 +2,22 @@ # Description: Advanced Weather Monitoring Program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/aweather.local +include aweather.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/aweather -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/aweather whitelist ${HOME}/.config/aweather -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/awesome.profile b/etc/awesome.profile index 49c1a4aad..5d1bf5071 100644 --- a/etc/awesome.profile +++ b/etc/awesome.profile @@ -2,13 +2,13 @@ # Description: Standards-compliant, fast, light-weight and extensible window manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/awesome.local +include awesome.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # all applications started in awesome will run in this profile noblacklist ${HOME}/.config/awesome -include /etc/firejail/disable-common.inc +include disable-common.inc caps.drop all netfilter diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 240573f44..d70825ecf 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -1,9 +1,9 @@ # Firejail profile for baloo_file # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/baloo_file.local +include baloo_file.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/baloofilerc noblacklist ${HOME}/.kde/share/config/baloofilerc @@ -12,13 +12,13 @@ noblacklist ${HOME}/.kde4/share/config/baloofilerc noblacklist ${HOME}/.kde4/share/config/baloorc noblacklist ${HOME}/.local/share/baloo -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all no3d diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile index 87f2949e6..94496ede8 100644 --- a/etc/baloo_filemetadata_temp_extractor.profile +++ b/etc/baloo_filemetadata_temp_extractor.profile @@ -2,12 +2,12 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/baloo_filemetadata_temp_extractor.local +include baloo_filemetadata_temp_extractor.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local ignore read-write read-only ${HOME} # Redirect -include /etc/firejail/baloo_file.profile +include baloo_file.profile diff --git a/etc/baobab.profile b/etc/baobab.profile index d0c3f2712..4749601d6 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile @@ -2,15 +2,15 @@ # Description: GNOME disk usage analyzer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/baobab.local +include baobab.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc caps.drop all net none diff --git a/etc/basilisk.profile b/etc/basilisk.profile index 43ba5adcb..5f9fc8ef7 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile @@ -1,9 +1,9 @@ # Firejail profile for basilisk # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/basilisk.local +include basilisk.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/moonchild productions/basilisk noblacklist ${HOME}/.moonchild productions/basilisk @@ -24,4 +24,4 @@ seccomp #private-opt basilisk # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/beaker.profile b/etc/beaker.profile index 9215576c7..d18429408 100644 --- a/etc/beaker.profile +++ b/etc/beaker.profile @@ -1,19 +1,19 @@ # Firejail profile for beaker # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/beaker.local +include beaker.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Beaker Browser -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc +include disable-devel.inc +include disable-interpreters.inc mkdir ${HOME}/.config/Beaker Browser whitelist ${HOME}/.config/Beaker Browser whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc # Redirect -include /etc/firejail/electron.profile +include electron.profile diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 57595e8e2..6c5b7bcad 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -2,24 +2,24 @@ # Description: Bible study tool # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bibletime.local +include bibletime.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist ${HOME}/.bashrc noblacklist ${HOME}/.bibletime noblacklist ${HOME}/.sword -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${HOME}/.bibletime whitelist ${HOME}/.sword -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all machine-id diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 9b6affe24..2cf42400d 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile @@ -2,25 +2,25 @@ # Description: Bitcoin is a peer-to-peer network based digital currency # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bitcoin-qt.local +include bitcoin-qt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.bitcoin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.bitcoin mkdir ${HOME}/.config/Bitcoin whitelist ${HOME}/.bitcoin whitelist ${HOME}/.config/Bitcoin -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index e663d7799..bceffe4aa 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -2,20 +2,20 @@ # Description: IRC to other chat networks gateway # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bitlbee.local +include bitlbee.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist /sbin noblacklist /usr/sbin # noblacklist /var/log -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc netfilter no3d diff --git a/etc/blackbox.profile b/etc/blackbox.profile index 2672c812a..13e83493d 100644 --- a/etc/blackbox.profile +++ b/etc/blackbox.profile @@ -2,13 +2,13 @@ # Description: Standards-compliant, fast, light-weight and extensible window manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/blackbox.local +include blackbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # all applications started in awesome will run in this profile noblacklist ${HOME}/.blackbox -include /etc/firejail/disable-common.inc +include disable-common.inc caps.drop all netfilter diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 49d058ab4..8163ac400 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -2,9 +2,9 @@ # Description: Delete unnecessary files from the system # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bleachbit.local +include bleachbit.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Allow python (blacklisted by disable-interpreters.inc) noblacklist ${PATH}/python2* @@ -12,11 +12,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc caps.drop all net none diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile index 4b907018e..9da0cb921 100644 --- a/etc/blender-2.8.profile +++ b/etc/blender-2.8.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/blender.profile +include blender.profile diff --git a/etc/blender.profile b/etc/blender.profile index 43a8622f7..05a26220b 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -2,9 +2,9 @@ # Description: Very fast and versatile 3D modeller/renderer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/blender.local +include blender.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/blender @@ -14,11 +14,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc # Allow usage of AMD GPU by OpenCL noblacklist /sys/module diff --git a/etc/bless.profile b/etc/bless.profile index 0da3436e8..555424126 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -2,19 +2,19 @@ # Description: A full featured hexadecimal editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bless.local +include bless.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/bless -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 23ba34d42..3a3072a6e 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile @@ -2,17 +2,17 @@ # Description: Advanced Gtk+ text editor for web and software development # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bluefish.local +include bluefish.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/bnox.profile b/etc/bnox.profile index 3207a2923..031f3f4bd 100644 --- a/etc/bnox.profile +++ b/etc/bnox.profile @@ -1,9 +1,9 @@ # Firejail profile for bnox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bnox.local +include bnox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/bnox noblacklist ${HOME}/.config/bnox @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/bnox whitelist ${HOME}/.config/bnox # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/brackets.profile b/etc/brackets.profile index 8f1068506..a89f87859 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile @@ -1,17 +1,17 @@ # Firejail profile for brackets # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/brackets.local +include brackets.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Brackets #noblacklist /opt/brackets/ #noblacklist /opt/google/ -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/brasero.profile b/etc/brasero.profile index 1c0b5f843..8ab9472ac 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile @@ -2,17 +2,17 @@ # Description: CD/DVD burning application for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/brasero.local +include brasero.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/brasero -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/brave.profile b/etc/brave.profile index 08bcea561..315564b05 100644 --- a/etc/brave.profile +++ b/etc/brave.profile @@ -1,9 +1,9 @@ # Firejail profile for brave # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/brave.local +include brave.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/brave # brave uses gpg for built-in password manager @@ -17,4 +17,4 @@ whitelist ${HOME}/.gnupg ignore noexec /tmp # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/bsdcat.profile b/etc/bsdcat.profile index b900eb4bf..e95dfdf2d 100644 --- a/etc/bsdcat.profile +++ b/etc/bsdcat.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/bsdtar.profile +include bsdtar.profile diff --git a/etc/bsdcpio.profile b/etc/bsdcpio.profile index b900eb4bf..e95dfdf2d 100644 --- a/etc/bsdcpio.profile +++ b/etc/bsdcpio.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/bsdtar.profile +include bsdtar.profile diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 57220ef4a..da36d9ced 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile @@ -2,15 +2,15 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/bsdtar.local +include bsdtar.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc blacklist /tmp/.X11-unix diff --git a/etc/bunzip2.profile b/etc/bunzip2.profile index f483a1d3d..891476cb1 100644 --- a/etc/bunzip2.profile +++ b/etc/bunzip2.profile @@ -1,9 +1,9 @@ # Firejail profile for bunzip2 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/bunzip2.local +include bunzip2.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/gzip.profile +include gzip.profile diff --git a/etc/caja.profile b/etc/caja.profile index 20e690a14..f938792cd 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -2,9 +2,9 @@ # Description: File manager for the MATE desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/caja.local +include caja.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there # is already a caja process running on MATE desktops firejail will have no effect. @@ -19,11 +19,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc caps.drop all netfilter diff --git a/etc/calibre.profile b/etc/calibre.profile index 7a5d798c5..122259ac8 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile @@ -2,21 +2,21 @@ # Description: Powerful and easy to use e-book manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/calibre.local +include calibre.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/calibre noblacklist ${HOME}/.config/calibre noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/calligra.profile b/etc/calligra.profile index ab2845db4..b300ef240 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile @@ -2,15 +2,15 @@ # Description: Extensive productivity and creative suite # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/calligra.local +include calligra.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/calligraauthor.profile b/etc/calligraauthor.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraauthor.profile +++ b/etc/calligraauthor.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligraconverter.profile b/etc/calligraconverter.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraconverter.profile +++ b/etc/calligraconverter.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligraflow.profile b/etc/calligraflow.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraflow.profile +++ b/etc/calligraflow.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligraplan.profile b/etc/calligraplan.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraplan.profile +++ b/etc/calligraplan.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligraplanwork.profile b/etc/calligraplanwork.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligraplanwork.profile +++ b/etc/calligraplanwork.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligrasheets.profile b/etc/calligrasheets.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrasheets.profile +++ b/etc/calligrasheets.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligrastage.profile b/etc/calligrastage.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrastage.profile +++ b/etc/calligrastage.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/calligrawords.profile b/etc/calligrawords.profile index 629ab46c1..b9c06a588 100644 --- a/etc/calligrawords.profile +++ b/etc/calligrawords.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/calligra.profile +include calligra.profile diff --git a/etc/catfish.profile b/etc/catfish.profile index 422dc93e5..1afcd0365 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -2,9 +2,9 @@ # Description: File searching tool # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/catfish.local +include catfish.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # We can't blacklist much since catfish # is for finding files/content @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist /var/lib/mlocate -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index c8b8be04e..4d572f580 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile @@ -3,9 +3,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/checkbashisms.local +include checkbashisms.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} @@ -16,14 +16,14 @@ noblacklist ${PATH}/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 0159bddae..1cb7c50df 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -2,9 +2,9 @@ # Description: Hierarchical note taking application # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/cherrytree.local +include cherrytree.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/cherrytree noblacklist ${DOCUMENTS} @@ -15,12 +15,12 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile index 472841e92..f83052d9a 100644 --- a/etc/chromium-browser.profile +++ b/etc/chromium-browser.profile @@ -2,4 +2,4 @@ # This file is overwritten after every install/update # Redirect -include /etc/firejail/chromium.profile +include chromium.profile diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index fc3df86db..732a7865f 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile @@ -1,23 +1,23 @@ # Firejail profile for chromium-common # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/chromium-common.local +include chromium-common.local # Persistent global definitions # already included by caller profile -#include /etc/firejail/globals.local +#include globals.local noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.pki whitelist ${DOWNLOADS} whitelist ${HOME}/.pki -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.keep sys_chroot,sys_admin diff --git a/etc/chromium.profile b/etc/chromium.profile index a1488e3e9..dab9ce449 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -2,9 +2,9 @@ # Description: A web browser built for speed, simplicity, and security # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/chromium.local +include chromium.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/chromium noblacklist ${HOME}/.config/chromium @@ -19,4 +19,4 @@ whitelist ${HOME}/.config/chromium-flags.conf # private-bin chromium,chromium-browser,chromedriver # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/cin.profile b/etc/cin.profile index 92baef33a..7a6f7035c 100644 --- a/etc/cin.profile +++ b/etc/cin.profile @@ -1,17 +1,17 @@ # Firejail profile for cin # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/cin.local +include cin.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.bcast5 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile index e6a1941b5..26f782384 100644 --- a/etc/cinelerra.profile +++ b/etc/cinelerra.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/cin.profile +include cin.profile diff --git a/etc/clamav.profile b/etc/clamav.profile index cf46b8582..e5b198dab 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile @@ -3,9 +3,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/clamav.local +include clamav.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local caps.drop all ipc-namespace diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamdscan.profile +++ b/etc/clamdscan.profile @@ -4,4 +4,4 @@ quiet # Redirect -include /etc/firejail/clamav.profile +include clamav.profile diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamdtop.profile +++ b/etc/clamdtop.profile @@ -4,4 +4,4 @@ quiet # Redirect -include /etc/firejail/clamav.profile +include clamav.profile diff --git a/etc/clamscan.profile b/etc/clamscan.profile index f6861dfa1..f146d05ec 100644 --- a/etc/clamscan.profile +++ b/etc/clamscan.profile @@ -4,4 +4,4 @@ quiet # Redirect -include /etc/firejail/clamav.profile +include clamav.profile diff --git a/etc/clamtk.profile b/etc/clamtk.profile index d916381b2..6b64af7d8 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile @@ -1,9 +1,9 @@ # Firejail profile for clamtk # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/clamtk.local +include clamtk.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local caps.drop all ipc-namespace diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index f7f0fccca..f0656385f 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile @@ -2,19 +2,19 @@ # Description: Fast, lightweight and user-friendly GTK+2 based email client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/claws-mail.local +include claws-mail.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.claws-mail noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.signature -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/clementine.profile b/etc/clementine.profile index a72bc39cf..224488325 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -2,22 +2,22 @@ # Description: Modern music player and library organizer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/clementine.local +include clementine.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/Clementine noblacklist ${HOME}/.config/Clementine noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all nonewprivs diff --git a/etc/clion.profile b/etc/clion.profile index bcb18114e..fba610d29 100644 --- a/etc/clion.profile +++ b/etc/clion.profile @@ -1,9 +1,9 @@ # Firejail profile for CLion # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/clion.local +include clion.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.CLion* noblacklist ${HOME}/.gitconfig @@ -12,9 +12,9 @@ noblacklist ${HOME}/.local/share/JetBrains noblacklist ${HOME}/.ssh noblacklist ${HOME}/.tooling -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/clipit.profile b/etc/clipit.profile index fd6fbd61b..0caa1faf2 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile @@ -2,19 +2,19 @@ # Description: Lightweight GTK+ clipboard manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/clipit.local +include clipit.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/clipit noblacklist ${HOME}/.local/share/clipit -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 4ff96311d..70277f1ce 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile @@ -1,9 +1,9 @@ # Firejail profile for cliqz # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/cliqz.local +include cliqz.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/cliqz noblacklist ${HOME}/.config/cliqz @@ -17,4 +17,4 @@ whitelist ${HOME}/.config/cliqz #private-etc cliqz # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/cmus.profile b/etc/cmus.profile index 5744d462b..ee6600b76 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -2,19 +2,19 @@ # Description: Lightweight ncurses audio player # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/cmus.local +include cmus.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/cmus noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/code.profile b/etc/code.profile index ab69008f1..da710bba1 100644 --- a/etc/code.profile +++ b/etc/code.profile @@ -1,16 +1,16 @@ # Firejail profile for Visual Studio Code # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/code.local +include code.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.vscode noblacklist ${HOME}/.config/Code -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 2489e2df4..ca38600d1 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -1,14 +1,14 @@ # Firejail profile for conkeror # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/conkeror.local +include conkeror.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.conkeror.mozdev.org -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-programs.inc whitelist ${HOME}/.conkeror.mozdev.org whitelist ${HOME}/.conkerorrc @@ -21,7 +21,7 @@ whitelist ${HOME}/.vimperatorrc whitelist ${HOME}/.zotero whitelist ${HOME}/Downloads whitelist ${HOME}/dwhelper -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/conky.profile b/etc/conky.profile index f6d07d6de..bbac5e751 100644 --- a/etc/conky.profile +++ b/etc/conky.profile @@ -2,18 +2,18 @@ # Description: Highly configurable system monitor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/conky.local +include conky.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/corebird.profile b/etc/corebird.profile index c7f8a8874..e382c1361 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -2,20 +2,20 @@ # Description: Native Gtk+ Twitter client for the Linux desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/corebird.local +include corebird.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/corebird -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/cower.profile b/etc/cower.profile index dcc388f87..cb2d9b332 100644 --- a/etc/cower.profile +++ b/etc/cower.profile @@ -8,20 +8,20 @@ quiet # Persistent local customizations -include /etc/firejail/cower.local +include cower.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/cower/config read-only ${HOME}/.config/cower/config noblacklist /var/lib/pacman -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/cpio.profile b/etc/cpio.profile index 3c7d0748c..ab9e37d73 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -3,18 +3,18 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/cpio.local +include cpio.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/cryptocat.profile b/etc/cryptocat.profile index 3d3de7268..7a9039ea4 100644 --- a/etc/cryptocat.profile +++ b/etc/cryptocat.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/Cryptocat.profile +include Cryptocat.profile diff --git a/etc/curl.profile b/etc/curl.profile index e77b8bf4f..ab9c1e5bd 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -3,17 +3,17 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/curl.local +include curl.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist ${HOME}/.curlrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 81ccbc530..1070b602c 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile @@ -1,12 +1,12 @@ # Firejail profile for cvlc # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/cvlc.local +include cvlc.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # cvlc doesn't like private-bin ignore private-bin # Redirect -include /etc/firejail/vlc.profile +include vlc.profile diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index ce51906ba..fcb448b30 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -1,9 +1,9 @@ # Firejail profile for cyberfox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/cyberfox.local +include cyberfox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.8pecxstudios noblacklist ${HOME}/.cache/8pecxstudios @@ -18,4 +18,4 @@ whitelist ${HOME}/.cache/8pecxstudios #private-etc cyberfox # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/darktable.profile b/etc/darktable.profile index 74144e68e..a4898fd35 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile @@ -2,20 +2,20 @@ # Description: Virtual lighttable and darkroom for photographers # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/darktable.local +include darktable.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/darktable noblacklist ${HOME}/.config/darktable noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 8f5961647..3f818fd69 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -2,19 +2,19 @@ # Description: A GTK+ audio player for GNU/Linux # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/deadbeef.local +include deadbeef.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/deadbeef noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/default.profile b/etc/default.profile index f8e54c8d3..27feb7dd1 100644 --- a/etc/default.profile +++ b/etc/default.profile @@ -1,19 +1,19 @@ # Firejail profile for default # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/default.local +include default.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # generic gui profile # depending on your usage, you can enable some of the commands below: -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -#include /etc/firejail/disable-xdg.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +#include disable-xdg.inc caps.drop all # ipc-namespace diff --git a/etc/deluge.profile b/etc/deluge.profile index 27ca036ca..b2cb9bf22 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -2,9 +2,9 @@ # Description: BitTorrent client written in Python/PyGTK # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/deluge.local +include deluge.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/deluge @@ -14,17 +14,17 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/deluge whitelist ${DOWNLOADS} whitelist ${HOME}/.config/deluge -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/desktop.profile b/etc/desktop.profile index 8bfa885a3..bfb1618b2 100644 --- a/etc/desktop.profile +++ b/etc/desktop.profile @@ -2,20 +2,20 @@ # Description: Extend your GitHub workflow beyond your browser with GitHub Desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/github-desktop.local +include github-desktop.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local whitelist ${HOME}/.gitconfig whitelist ${HOME}/.config/GitHub Desktop -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-devel.inc +include disable-interpreters.inc -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/devilspie.profile b/etc/devilspie.profile index dbfb05798..b3558a038 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile @@ -2,17 +2,17 @@ # Description: Window matching daemon # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/devilspie.local +include devilspie.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.devilspie -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 3a9a9659a..4ab2634e8 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile @@ -2,17 +2,17 @@ # Description: Window matching daemon (Lua) # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/devilspie2.local +include devilspie2.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/devilspie2 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index da59fc71a..e8dbd00ec 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/dex2jar.local +include dex2jar.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Allow access to java noblacklist ${PATH}/java @@ -12,14 +12,14 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/dia.profile b/etc/dia.profile index fdc40980f..c6adc5a4c 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -2,19 +2,19 @@ # Description: Diagram editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dia.local +include dia.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.dia noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all net none diff --git a/etc/dig.profile b/etc/dig.profile index 4b6ab0975..4d4ce7a26 100644 --- a/etc/dig.profile +++ b/etc/dig.profile @@ -2,20 +2,20 @@ quiet # Firejail profile for dig # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dig.local +include dig.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -#include /etc/firejail/disable-xdg.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +#include disable-xdg.inc whitelist ~/.digrc -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all # ipc-namespace diff --git a/etc/digikam.profile b/etc/digikam.profile index 470f60779..ccc0a6544 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -2,9 +2,9 @@ # Description: Digital photo management application for KDE # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/digikam.local +include digikam.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/digikam noblacklist ${HOME}/.config/digikamrc @@ -12,14 +12,14 @@ noblacklist ${HOME}/.kde/share/apps/digikam noblacklist ${HOME}/.kde4/share/apps/digikam noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/dillo.profile b/etc/dillo.profile index 8c3da1b3e..ac68f48a3 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -2,25 +2,25 @@ # Description: Small and fast web browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dillo.local +include dillo.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.dillo -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.dillo mkdir ${HOME}/.fltk whitelist ${DOWNLOADS} whitelist ${HOME}/.dillo whitelist ${HOME}/.fltk -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/dino.profile b/etc/dino.profile index a39ec8931..84731a96f 100644 --- a/etc/dino.profile +++ b/etc/dino.profile @@ -1,22 +1,22 @@ # Firejail profile for dino # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dino.local +include dino.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/dino -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.local/share/dino whitelist ${HOME}/.local/share/dino whitelist ${HOME}/Downloads -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/disable-common.inc b/etc/disable-common.inc index ceca17826..e6ba99874 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/disable-common.local +include disable-common.local # History files in $HOME and clipboard managers blacklist-nolog ${HOME}/.*_history diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 627856803..5c41692da 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/disable-devel.local +include disable-devel.local # development tools diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc index 0e0caade1..0d5f5737e 100644 --- a/etc/disable-interpreters.inc +++ b/etc/disable-interpreters.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/disable-interpreters.local +include disable-interpreters.local # Lua blacklist ${PATH}/lua* diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc index 19fd871d3..72e1a66ee 100644 --- a/etc/disable-passwdmgr.inc +++ b/etc/disable-passwdmgr.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/disable-passwdmgr.local +include disable-passwdmgr.local blacklist ${HOME}/.config/Bitwarden blacklist ${HOME}/.config/KeePass diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0f48a320b..46e60b9f4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/disable-programs.local +include disable-programs.local blacklist ${HOME}/Monero/wallets blacklist ${HOME}/Standard Notes Backups diff --git a/etc/disable-xdg.inc b/etc/disable-xdg.inc index 519f00afb..22acf272d 100644 --- a/etc/disable-xdg.inc +++ b/etc/disable-xdg.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/disable-xdg.local +include disable-xdg.local blacklist ${DOCUMENTS} blacklist ${MUSIC} diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile index b6958cbd3..12b5433b2 100644 --- a/etc/discord-canary.profile +++ b/etc/discord-canary.profile @@ -1,9 +1,9 @@ # Firejail profile for discord-canary # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/discord-canary.local +include discord-canary.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/discordcanary @@ -15,4 +15,4 @@ private-bin discord-canary private-opt discord-canary #Redirect -include /etc/firejail/discord-common.profile +include discord-common.profile diff --git a/etc/discord-common.profile b/etc/discord-common.profile index babef37b1..765ad21e5 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile @@ -1,15 +1,15 @@ # Firejail profile for discord # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/discord-common.local +include discord-common.local # Persistent global definitions # already included by caller profile -#include /etc/firejail/globals.local +#include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} diff --git a/etc/discord.profile b/etc/discord.profile index 63aed5eca..62c4a5658 100644 --- a/etc/discord.profile +++ b/etc/discord.profile @@ -1,9 +1,9 @@ # Firejail profile for discord # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/discord.local +include discord.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/discord @@ -15,4 +15,4 @@ private-bin discord private-opt discord #Redirect -include /etc/firejail/discord-common.profile +include discord-common.profile diff --git a/etc/display.profile b/etc/display.profile index 41a426375..7e553398f 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -1,9 +1,9 @@ # Firejail profile for display # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/display.local +include display.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${PICTURES} @@ -13,14 +13,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/dnox.profile b/etc/dnox.profile index 505884ca6..e02395771 100644 --- a/etc/dnox.profile +++ b/etc/dnox.profile @@ -1,9 +1,9 @@ # Firejail profile for dnox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dnox.local +include dnox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/dnox noblacklist ${HOME}/.config/dnox @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/dnox whitelist ${HOME}/.config/dnox # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ce73d7e72..a14e502e5 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -2,21 +2,21 @@ # Description: Tool for securing communications between a client and a DNS resolver # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dnscrypt-proxy.local +include dnscrypt-proxy.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot no3d diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index d68806945..c1ee03bca 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -2,21 +2,21 @@ # Description: Small caching DNS proxy and DHCP/TFTP server # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dnsmasq.local +include dnsmasq.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.keep net_admin,net_bind_service,net_raw,setgid,setuid no3d diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 819998edf..936876ddf 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -2,9 +2,9 @@ # Description: File manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dolphin.local +include dolphin.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 @@ -13,12 +13,12 @@ noblacklist ${HOME}/.local/share/Trash # noblacklist ${HOME}/.config/dolphinrc # noblacklist ${HOME}/.local/share/dolphin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files -# include /etc/firejail/disable-programs.inc +# include disable-programs.inc caps.drop all netfilter diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile index 4e1227a0f..075a24c92 100644 --- a/etc/dooble-qt4.profile +++ b/etc/dooble-qt4.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/dooble.profile +include dooble.profile diff --git a/etc/dooble.profile b/etc/dooble.profile index df68a4aef..69765f119 100644 --- a/etc/dooble.profile +++ b/etc/dooble.profile @@ -1,23 +1,23 @@ # Firejail profile for dooble # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dooble-qt4.local +include dooble-qt4.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.dooble -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.dooble whitelist ${DOWNLOADS} whitelist ${HOME}/.dooble -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 319daf407..68a67380c 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile @@ -2,21 +2,21 @@ # Description: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dosbox.local +include dosbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.dosbox noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/dragon.profile b/etc/dragon.profile index 9f41bf87a..32cf0c09d 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -2,22 +2,22 @@ # Description: A multimedia player where the focus is on simplicity, instead of features # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dragon.local +include dragon.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/dragonplayerrc noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 24b69e118..8571479c1 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -1,19 +1,19 @@ # Firejail profile for dropbox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/dropbox.local +include dropbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/autostart noblacklist ${HOME}/.dropbox noblacklist ${HOME}/.dropbox-dist -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.dropbox mkdir ${HOME}/.dropbox-dist @@ -23,7 +23,7 @@ whitelist ${HOME}/.config/autostart/dropbox.desktop whitelist ${HOME}/.dropbox whitelist ${HOME}/.dropbox-dist whitelist ${HOME}/Dropbox -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 6fac08a5d..ddf967e55 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile @@ -2,17 +2,17 @@ # Description: Control your desktop using mouse gestures # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/easystroke.local +include easystroke.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.easystroke -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile index 1e28b854a..b2fd635b1 100644 --- a/etc/ebook-viewer.profile +++ b/etc/ebook-viewer.profile @@ -5,4 +5,4 @@ net none nodbus # Redirect -include /etc/firejail/calibre.profile +include calibre.profile diff --git a/etc/electron.profile b/etc/electron.profile index ccfde78bb..c24100f17 100644 --- a/etc/electron.profile +++ b/etc/electron.profile @@ -2,13 +2,13 @@ # Description: Build cross platform desktop apps with web technologies # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/electron.local +include electron.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} diff --git a/etc/electrum.profile b/etc/electrum.profile index b3e1ab36f..d14a88d0a 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile @@ -2,9 +2,9 @@ # Description: Lightweight Bitcoin wallet # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/electrum.local +include electrum.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.electrum @@ -14,17 +14,17 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.electrum whitelist ${HOME}/.electrum -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/elinks.profile b/etc/elinks.profile index bafc19e1a..92d5a13fa 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -2,20 +2,20 @@ # Description: Advanced text-mode WWW browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/elinks.local +include elinks.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist ${HOME}/.elinks -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/emacs.profile b/etc/emacs.profile index 90b25bfcf..c2057f6fb 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile @@ -2,16 +2,16 @@ # Description: GNU Emacs editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/emacs.local +include emacs.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.emacs noblacklist ${HOME}/.emacs.d -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/empathy.profile b/etc/empathy.profile index 007b51c35..5ca640d30 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -2,15 +2,15 @@ # Description: GNOME multi-protocol chat and call client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/empathy.local +include empathy.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/enchant-2.profile b/etc/enchant-2.profile index ba7573289..295d74a38 100644 --- a/etc/enchant-2.profile +++ b/etc/enchant-2.profile @@ -1,9 +1,9 @@ # Firejail profile for enchant-2 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/enchant-2.local +include enchant-2.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/enchant.profile +include enchant.profile diff --git a/etc/enchant-lsmod-2.profile b/etc/enchant-lsmod-2.profile index 1b646eef6..991ea63ef 100644 --- a/etc/enchant-lsmod-2.profile +++ b/etc/enchant-lsmod-2.profile @@ -1,9 +1,9 @@ # Firejail profile for enchant-lsmod-2 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/enchant-lsmod-2.local +include enchant-lsmod-2.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/enchant.profile +include enchant.profile diff --git a/etc/enchant-lsmod.profile b/etc/enchant-lsmod.profile index 3452b0421..d7bcae6a0 100644 --- a/etc/enchant-lsmod.profile +++ b/etc/enchant-lsmod.profile @@ -1,9 +1,9 @@ # Firejail profile for enchant-lsmod # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/enchant-lsmod.local +include enchant-lsmod.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/enchant.profile +include enchant.profile diff --git a/etc/enchant.profile b/etc/enchant.profile index cf7d76b4c..7ca7fdcea 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -2,18 +2,18 @@ # Description: Wrapper for various spell checker engines # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/enchant.local +include enchant.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/enchant -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/engrampa.profile b/etc/engrampa.profile index eaf246d3c..02919f271 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -2,17 +2,17 @@ # Description: Archive manager for MATE # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/engrampa.local +include engrampa.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/enox.profile b/etc/enox.profile index 46f409346..d8ac8b24a 100644 --- a/etc/enox.profile +++ b/etc/enox.profile @@ -1,9 +1,9 @@ # Firejail profile for enox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/enox.local +include enox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/Enox noblacklist ${HOME}/.config/Enox @@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/Enox whitelist ${HOME}/.config/Enox # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/enpass.profile b/etc/enpass.profile index 3a30f8b04..e3e146d5d 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile @@ -1,20 +1,20 @@ # This file is overwritten after every install/update. # Persistent local customisations -include /etc/firejail/enpass.local +include enpass.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Sinew Software Systems noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/eog.profile b/etc/eog.profile index 017fe5c75..fada8213f 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -2,22 +2,22 @@ # Description: Eye of GNOME graphics viewer program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/eog.local +include eog.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Steam noblacklist ${HOME}/.config/eog noblacklist ${HOME}/.local/share/Trash noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/eom.profile b/etc/eom.profile index a0ce712c8..1a248f4e8 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -2,22 +2,22 @@ # Description: Eye of MATE graphics viewer program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/eom.local +include eom.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Steam noblacklist ${HOME}/.config/mate/eom noblacklist ${HOME}/.local/share/Trash noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/epiphany.profile b/etc/epiphany.profile index b04cf72b4..6868ca391 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -2,18 +2,18 @@ # Description: Clone of Boulder Dash game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/epiphany.local +include epiphany.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/epiphany noblacklist ${HOME}/.config/epiphany noblacklist ${HOME}/.local/share/epiphany -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/epiphany mkdir ${HOME}/.config/epiphany @@ -22,7 +22,7 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/epiphany whitelist ${HOME}/.config/epiphany whitelist ${HOME}/.local/share/epiphany -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/etr.profile b/etc/etr.profile index 5c01636cc..5fc989de3 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -1,20 +1,20 @@ # Firejail profile for etr # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/etr.local +include etr.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.etr -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.etr whitelist ${HOME}/.etr -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile index d5bc6db33..e43bb2da8 100644 --- a/etc/evince-previewer.profile +++ b/etc/evince-previewer.profile @@ -1,10 +1,10 @@ # Firejail profile for evince-previewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/evince-previewer.local +include evince-previewer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/evince.profile +include evince.profile diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile index abc21632d..4036e1ecb 100644 --- a/etc/evince-thumbnailer.profile +++ b/etc/evince-thumbnailer.profile @@ -1,10 +1,10 @@ # Firejail profile for evince-thumbnailer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/evince-thumbnailer.local +include evince-thumbnailer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/evince.profile +include evince.profile diff --git a/etc/evince.profile b/etc/evince.profile index ea46ccc40..5b5d40077 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -2,21 +2,21 @@ # Description: Document (PostScript, PDF) viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/evince.local +include evince.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/evince noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/evolution.profile b/etc/evolution.profile index f691b3c3d..1c5347e04 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -2,9 +2,9 @@ # Description: Groupware suite with mail client and organizer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/evolution.local +include evolution.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist /var/mail noblacklist /var/spool/mail @@ -15,11 +15,11 @@ noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.local/share/evolution noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 2666397f4..8fc99037f 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/exiftool.local +include exiftool.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix @@ -13,11 +13,11 @@ noblacklist ${PATH}/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/falkon.profile b/etc/falkon.profile index 41e1386dd..140d40a00 100644 --- a/etc/falkon.profile +++ b/etc/falkon.profile @@ -2,24 +2,24 @@ # Description: Lightweight web browser based on Qt WebEngine # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/falkon.local +include falkon.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/falkon noblacklist ${HOME}/.config/falkon -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/falkon whitelist ${HOME}/.config/falkon -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c5afde9ec..c31ed5009 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -2,21 +2,21 @@ # Description: E-book reader # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/fbreader.local +include fbreader.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.FBReader noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/feh.profile b/etc/feh.profile index 197581ae7..8e6ae49de 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -2,15 +2,15 @@ # Description: imlib2 based image viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/feh.local +include feh.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/fetchmail.profile b/etc/fetchmail.profile index d9b347d70..43c6894a3 100644 --- a/etc/fetchmail.profile +++ b/etc/fetchmail.profile @@ -2,18 +2,18 @@ # Description: SSL enabled POP3, APOP, IMAP mail gatherer/forwarder # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/fetchmail.local +include fetchmail.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.fetchmailrc noblacklist ${HOME}/.netrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 09574ffb7..5314eb04c 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile @@ -3,17 +3,17 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/ffmpeg.local +include ffmpeg.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 11883f03e..9ef26d08f 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -2,17 +2,17 @@ # Description: Archive manager for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/file-roller.local +include file-roller.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/file.profile b/etc/file.profile index fbeea83a8..2dc21dde4 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -3,15 +3,15 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/file.local +include file.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all hostname file diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 7a5ad4301..f4c25ed05 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -2,9 +2,9 @@ # Description: Full-featured graphical FTP/FTPS/SFTP client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/filezilla.local +include filezilla.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/filezilla noblacklist ${HOME}/.filezilla @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/firefox-beta.profile b/etc/firefox-beta.profile index f9924fee5..ee158703d 100644 --- a/etc/firefox-beta.profile +++ b/etc/firefox-beta.profile @@ -1,10 +1,10 @@ # Firejail profile for firefox-beta # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox-beta.local +include firefox-beta.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index f5fd4aa5b..7a0c3e99f 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc @@ -1,6 +1,6 @@ # This file is overwritten during software install. # Persistent customizations should go in a .local file. -include /etc/firejail/firefox-common-addons.local +include firefox-common-addons.local noblacklist ${HOME}/.config/kgetrc noblacklist ${HOME}/.config/okularpartrc diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 8ed26e22f..e02d3afd0 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile @@ -1,26 +1,26 @@ # Firejail profile for firefox-common # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox-common.local +include firefox-common.local # Persistent global definitions # already included by caller profile -#include /etc/firejail/globals.local +#include globals.local # uncomment the following line to allow access to common programs/addons/plugins -#include /etc/firejail/firefox-common-addons.inc +#include firefox-common-addons.inc noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.pki whitelist ${DOWNLOADS} whitelist ${HOME}/.pki -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile index 7458d9e10..56a0485cb 100644 --- a/etc/firefox-developer-edition.profile +++ b/etc/firefox-developer-edition.profile @@ -2,10 +2,10 @@ # Description: Developer Edition of the popular Firefox web browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox-developer-edition.local +include firefox-developer-edition.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/firefox-esr.profile b/etc/firefox-esr.profile index 9821c7150..0ba04d9c1 100644 --- a/etc/firefox-esr.profile +++ b/etc/firefox-esr.profile @@ -1,10 +1,10 @@ # Firejail profile for firefox-esr # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox-esr.local +include firefox-esr.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/firefox-nightly.profile b/etc/firefox-nightly.profile index 302f6eb24..6f3838e33 100644 --- a/etc/firefox-nightly.profile +++ b/etc/firefox-nightly.profile @@ -1,10 +1,10 @@ # Firejail profile for firefox-nightly # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox-nightly.local +include firefox-nightly.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/firefox-wayland.profile b/etc/firefox-wayland.profile index 806d50e31..e47ca32f9 100644 --- a/etc/firefox-wayland.profile +++ b/etc/firefox-wayland.profile @@ -1,10 +1,10 @@ # Firejail profile for firefox-wayland # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox-wayland.local +include firefox-wayland.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/firefox.profile b/etc/firefox.profile index c968e964e..830bbc6a7 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -2,9 +2,9 @@ # Description: Safe and easy web browser from Mozilla # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox.local +include firefox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla @@ -20,4 +20,4 @@ whitelist ${HOME}/.mozilla #private-etc firefox # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/flameshot.profile b/etc/flameshot.profile index e4987280a..7f626dce3 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile @@ -2,18 +2,18 @@ # Description: Powerful yet simple-to-use screenshot software # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/flameshot.local +include flameshot.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 63f9d19a9..b841bce75 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -1,9 +1,9 @@ # Firejail profile for flashpeak-slimjet # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/flashpeak-slimjet.local +include flashpeak-slimjet.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/slimjet noblacklist ${HOME}/.config/slimjet @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/slimjet whitelist ${HOME}/.config/slimjet # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/flowblade.profile b/etc/flowblade.profile index bc95a2b51..ecd50bcea 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -2,9 +2,9 @@ # Description: Non-linear video editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/flowblade.local +include flowblade.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/flowblade noblacklist ${HOME}/.flowblade @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/fluxbox.profile b/etc/fluxbox.profile index 5fafef95a..c296c0491 100644 --- a/etc/fluxbox.profile +++ b/etc/fluxbox.profile @@ -2,13 +2,13 @@ # Description: Standards-compliant, fast, light-weight and extensible window manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/fluxbox.local +include fluxbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # all applications started in awesome will run in this profile noblacklist ${HOME}/.fluxbox -include /etc/firejail/disable-common.inc +include disable-common.inc caps.drop all netfilter diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 2ae80964d..7fac6f01b 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -2,9 +2,9 @@ # Description: Font editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/fontforge.local +include fontforge.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.FontForge noblacklist ${DOCUMENTS} @@ -15,12 +15,12 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 4316c0988..e821f6f65 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile @@ -1,9 +1,9 @@ # Firejail profile for fossamail # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/fossamail.local +include fossamail.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/fossamail noblacklist ${HOME}/.fossamail @@ -15,8 +15,8 @@ mkdir ${HOME}/.gnupg whitelist ${HOME}/.cache/fossamail whitelist ${HOME}/.fossamail whitelist ${HOME}/.gnupg -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc # allow browsers # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/franz.profile b/etc/franz.profile index fbe1c0f65..751784bea 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -1,18 +1,18 @@ # Firejail profile for franz # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/franz.local +include franz.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/Franz noblacklist ${HOME}/.config/Franz noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/Franz mkdir ${HOME}/.config/Franz @@ -21,7 +21,7 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/Franz whitelist ${HOME}/.config/Franz whitelist ${HOME}/.pki -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/freecad.profile b/etc/freecad.profile index 934f1d0fb..7585b9786 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile @@ -2,19 +2,19 @@ # Description: Extensible Open Source CAx program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/freecad.local +include freecad.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/FreeCAD noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/freecadcmd.profile b/etc/freecadcmd.profile index f8bbff593..d98b05e65 100644 --- a/etc/freecadcmd.profile +++ b/etc/freecadcmd.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/freecad.profile +include freecad.profile diff --git a/etc/freshclam.profile b/etc/freshclam.profile index 4e224dd3e..f688ba47b 100644 --- a/etc/freshclam.profile +++ b/etc/freshclam.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/clamav.local +include clamav.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local caps.keep setgid,setuid diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 279e5d403..493d11da6 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -2,22 +2,22 @@ # Description: Cool game where you pop out the bubbles # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/frozen-bubble.local +include frozen-bubble.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.frozen-bubble -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.frozen-bubble whitelist ${HOME}/.frozen-bubble -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/gajim.profile b/etc/gajim.profile index 90ba59954..82ae53545 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -2,9 +2,9 @@ # Description: GTK+-based Jabber client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gajim.local +include gajim.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/gajim noblacklist ${HOME}/.config/gajim @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python3* noblacklist /usr/lib64/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/gajim mkdir ${HOME}/.config/gajim @@ -29,7 +29,7 @@ whitelist ${HOME}/.cache/gajim whitelist ${HOME}/.config/gajim whitelist ${HOME}/.local/share/gajim whitelist ${HOME}/Downloads -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/galculator.profile b/etc/galculator.profile index 699fb7d78..d000015b3 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -2,22 +2,22 @@ # Description: Scientific calculator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/galculator.local +include galculator.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/galculator -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/galculator whitelist ${HOME}/.config/galculator -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 195dc9302..d800932bb 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile @@ -1,17 +1,17 @@ # Firejail profile for gcloud # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gcloud.local +include gcloud.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.boto noblacklist ${HOME}/.config/gcloud noblacklist /var/run/docker.sock -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-programs.inc apparmor caps.drop all diff --git a/etc/geany.profile b/etc/geany.profile index d69bca1ad..7389f8e6c 100644 --- a/etc/geany.profile +++ b/etc/geany.profile @@ -2,15 +2,15 @@ # Description: Fast and lightweight IDE # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/geany.local +include geany.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/geany -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/geary.profile b/etc/geary.profile index 735206da2..a21eed9f1 100644 --- a/etc/geary.profile +++ b/etc/geary.profile @@ -2,9 +2,9 @@ # Description: Lightweight email client designed for the GNOME desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/geary.local +include geary.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Users have Geary set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories @@ -20,7 +20,7 @@ whitelist ${HOME}/.gnupg whitelist ${HOME}/.config/geary whitelist ${HOME}/.local/share/geary -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc ignore nodbus ignore private-tmp @@ -29,4 +29,4 @@ read-only ${HOME}/.config/mimeapps.list # allow browsers # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/gedit.profile b/etc/gedit.profile index 1a4d9634a..3d3ecfab2 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -2,21 +2,21 @@ # Description: Official text editor of the GNOME desktop environment # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gedit.local +include gedit.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/enchant noblacklist ${HOME}/.config/gedit noblacklist ${HOME}/.gitconfig -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 3fbe245d6..a54ed16a2 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -2,19 +2,19 @@ # Description: Image viewer using GTK+ # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/geeqie.local +include geeqie.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/geeqie noblacklist ${HOME}/.config/geeqie noblacklist ${HOME}/.local/share/geeqie -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all nodvd diff --git a/etc/ghb.profile b/etc/ghb.profile index de6244a32..1cb09ddde 100644 --- a/etc/ghb.profile +++ b/etc/ghb.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/handbrake.profile +include handbrake.profile diff --git a/etc/gimp-2.10.profile b/etc/gimp-2.10.profile index a4e04af20..d42307710 100644 --- a/etc/gimp-2.10.profile +++ b/etc/gimp-2.10.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/gimp.profile +include gimp.profile diff --git a/etc/gimp-2.8.profile b/etc/gimp-2.8.profile index a4e04af20..d42307710 100644 --- a/etc/gimp-2.8.profile +++ b/etc/gimp-2.8.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/gimp.profile +include gimp.profile diff --git a/etc/gimp.profile b/etc/gimp.profile index fa27d2cea..0e52f54eb 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -2,21 +2,21 @@ # Description: GNU Image Manipulation Program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gimp.local +include gimp.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/GIMP noblacklist ${HOME}/.gimp* noblacklist ${DOCUMENTS} noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/git.profile b/etc/git.profile index 9c8d22fd3..c3fd6fe94 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -3,9 +3,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/git.local +include git.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix @@ -17,9 +17,9 @@ noblacklist ${HOME}/.ssh noblacklist ${HOME}/.vim noblacklist ${HOME}/.viminfo -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/gitg.profile b/etc/gitg.profile index 87d8c0a1f..c0634c231 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile @@ -2,21 +2,21 @@ # Description: Git repository viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gitg.local +include gitg.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.gitconfig noblacklist ${HOME}/.local/share/gitg noblacklist ${HOME}/.ssh -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all no3d diff --git a/etc/gitter.profile b/etc/gitter.profile index b5bedb66d..5278f7a71 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -1,23 +1,23 @@ # Firejail profile for gitter # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gitter.local +include gitter.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/autostart noblacklist ${HOME}/.config/Gitter -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.config/autostart whitelist ${HOME}/.config/Gitter -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/gjs.profile b/etc/gjs.profile index a603ad695..5e3370066 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -2,9 +2,9 @@ # Description: Mozilla-based javascript bindings for the GNOME platform # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gjs.local +include gjs.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them @@ -13,11 +13,11 @@ noblacklist ${HOME}/.cache/org.gnome.Books noblacklist ${HOME}/.config/libreoffice noblacklist ${HOME}/.local/share/gnome-photos -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/globaltime.profile b/etc/globaltime.profile index e414abf8c..44b17eace 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile @@ -1,18 +1,18 @@ # Firejail profile for globaltime # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/globaltime.local +include globaltime.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/globaltime -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 62b67b942..166669a19 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -2,23 +2,23 @@ # Description: Sliding tile puzzle game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-2048.local +include gnome-2048.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/gnome-2048 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc mkdir ${HOME}/.local/share/gnome-2048 whitelist ${HOME}/.local/share/gnome-2048 -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 6fc2671d8..a55b3f574 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -1,23 +1,23 @@ # Firejail profile for gnome-books # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-books.local +include gnome-books.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them noblacklist ${HOME}/.cache/org.gnome.Books noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index 3b7e3d53a..70bbd53bd 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile @@ -2,14 +2,14 @@ # Description: IDE for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-builder.local +include gnome-builder.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 315564ee5..3a2aa5c1d 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile @@ -3,19 +3,19 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/gnome-calculator.local +include gnome-calculator.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 74194cb33..4dfbbba0c 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -2,20 +2,20 @@ # Description: Simple chess game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-chess.local +include gnome-chess.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/gnome-chess -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all no3d diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index a914c302f..a6514f44f 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -2,19 +2,19 @@ # Description: Simple GNOME app with stopwatch, timer, and world clock support # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-clocks.local +include gnome-clocks.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 91593c89b..22121fda8 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile @@ -2,21 +2,21 @@ # Description: Contacts manager for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-contacts.local +include gnome-contacts.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 44886d562..abb9c7304 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -2,21 +2,21 @@ # Description: Document manager for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-documents.local +include gnome-documents.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them noblacklist ${HOME}/.config/libreoffice noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index e11d6eb5d..a9793b7b3 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile @@ -2,19 +2,19 @@ # Description: Font viewer for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-font-viewer.local +include gnome-font-viewer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index edb895794..613a56350 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile @@ -2,19 +2,19 @@ # Description: Viewer for the systemd journal # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-logs.local +include gnome-logs.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc whitelist /var/log/journal -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index f8ff61d84..62a1241cc 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -2,22 +2,22 @@ # Description: Map application for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-maps.local +include gnome-maps.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them noblacklist ${HOME}/.cache/champlain -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 9ba4969e5..96adf7a5c 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -2,20 +2,20 @@ # Description: GTK/Gnome interface around MPlayer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-mplayer.local +include gnome-mplayer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/gnome-mplayer noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all nogroups diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index 84a70c4c5..3d04470b7 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile @@ -2,22 +2,22 @@ # Description: Simple GTK+ frontend for mpv # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-mpv.local +include gnome-mpv.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/gnome-mpv noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all nodbus diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 819c40c98..b902f51bc 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -2,9 +2,9 @@ # Description: GNOME music player # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-music.local +include gnome-music.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/gnome-music noblacklist ${MUSIC} @@ -15,14 +15,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 5a3ac53d8..8b982156b 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -2,21 +2,21 @@ # Description: Access, organize and share your photos with GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-photos.local +include gnome-photos.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them noblacklist ${HOME}/.local/share/gnome-photos -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index 41f6de346..cef741eb3 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile @@ -2,17 +2,17 @@ # Description: Alternative AppMenu # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-pie.local +include gnome-pie.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/gnome-pie -#include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -#include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -#include /etc/firejail/disable-programs.inc +#include disable-common.inc +include disable-devel.inc +#include disable-interpreters.inc +include disable-passwdmgr.inc +#include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index ed6d341eb..867ea8561 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -2,23 +2,23 @@ # Description: Recipe application for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-recipes.local +include gnome-recipes.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/gnome-recipes -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/gnome-recipes whitelist ${HOME}/.cache/gnome-recipes -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/gnome-ring.profile b/etc/gnome-ring.profile index cbc79320e..f660df690 100644 --- a/etc/gnome-ring.profile +++ b/etc/gnome-ring.profile @@ -1,19 +1,19 @@ # Firejail profile for gnome-ring # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-ring.local +include gnome-ring.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/gnome-ring -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index e670ba22f..2016f6c6e 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile @@ -2,24 +2,24 @@ # Description: GNOME Twitch app for watching Twitch.tv streams without a browser or flash # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-twitch.local +include gnome-twitch.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/gnome-twitch noblacklist ${HOME}/.local/share/gnome-twitch -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/gnome-twitch mkdir ${HOME}/.local/share/gnome-twitch whitelist ${HOME}/.cache/gnome-twitch whitelist ${HOME}/.local/share/gnome-twitch -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all nodvd diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 4d28278b1..f1035ce7e 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -2,22 +2,22 @@ # Description: Access current conditions and forecasts # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gnome-weather.local +include gnome-weather.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them noblacklist ${HOME}/.cache/libgweather -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/goobox.profile b/etc/goobox.profile index ba949f1c9..32cfc2f58 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -2,18 +2,18 @@ # Description: CD player and ripper with GNOME 3 integration # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/goobox.local +include goobox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index ab16558ea..73101f509 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -1,9 +1,9 @@ # Firejail profile for google-chrome-beta # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/google-chrome-beta.local +include google-chrome-beta.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/google-chrome-beta noblacklist ${HOME}/.config/google-chrome-beta @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-beta whitelist ${HOME}/.config/google-chrome-beta # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/google-chrome-stable.profile b/etc/google-chrome-stable.profile index 6ade19021..55868e0b7 100644 --- a/etc/google-chrome-stable.profile +++ b/etc/google-chrome-stable.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/google-chrome.profile +include google-chrome.profile diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index b7d0eccf3..50e9923aa 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -1,9 +1,9 @@ # Firejail profile for google-chrome-unstable # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/google-chrome-unstable.local +include google-chrome-unstable.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/google-chrome-unstable noblacklist ${HOME}/.config/google-chrome-unstable @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome-unstable whitelist ${HOME}/.config/google-chrome-unstable # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6e44190ae..c69e98271 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -1,9 +1,9 @@ # Firejail profile for google-chrome # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/google-chrome.local +include google-chrome.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/google-chrome noblacklist ${HOME}/.config/google-chrome @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/google-chrome whitelist ${HOME}/.config/google-chrome # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/google-earth.profile b/etc/google-earth.profile index bafa716d1..7e261ecc7 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile @@ -1,9 +1,9 @@ # Firejail profile for google-earth # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/google-earth.local +include google-earth.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Google noblacklist ${HOME}/.googleearth/Cache/ @@ -11,11 +11,11 @@ noblacklist ${HOME}/.googleearth/Temp/ noblacklist ${HOME}/.googleearth/myplaces.backup.kml noblacklist ${HOME}/.googleearth/myplaces.kml -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/Google mkdir ${HOME}/.googleearth/Cache/ @@ -27,7 +27,7 @@ whitelist ${HOME}/.googleearth/Cache/ whitelist ${HOME}/.googleearth/Temp/ whitelist ${HOME}/.googleearth/myplaces.backup.kml whitelist ${HOME}/.googleearth/myplaces.kml -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 7a19cc676..73041bada 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -1,22 +1,22 @@ # Firejail profile for google-play-music-desktop-player # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/google-play-music-desktop-player.local +include google-play-music-desktop-player.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Google Play Music Desktop Player -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc # whitelist ${HOME}/.config/pulse # whitelist ${HOME}/.pulse whitelist ${HOME}/.config/Google Play Music Desktop Player -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/gpa.profile b/etc/gpa.profile index c890beb2e..d8083fc96 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile @@ -2,17 +2,17 @@ # Description: GNU Privacy Assistant (GPA) # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gpa.local +include gpa.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.gnupg -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 0cc17b366..73a587136 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -2,19 +2,19 @@ # Description: GNU privacy guard - cryptographic agent # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gpg-agent.local +include gpg-agent.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist ${HOME}/.gnupg -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/gpg.profile b/etc/gpg.profile index 259a95807..a801d7d09 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -2,19 +2,19 @@ # Description: GNU Privacy Guard -- minimalist public key operations # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gpg.local +include gpg.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist ${HOME}/.gnupg -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 04aecc782..8f4b64cfc 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -2,19 +2,19 @@ # Description: Lightweight image viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gpicview.local +include gpicview.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/gpicview -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/gpredict.profile b/etc/gpredict.profile index ea60e7287..760a647ba 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -2,20 +2,20 @@ # Description: Satellite tracking program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gpredict.local +include gpredict.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Gpredict -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${HOME}/.config/Gpredict -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/gradio.profile b/etc/gradio.profile index bba92a0bc..e7f415090 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile @@ -1,25 +1,25 @@ # Firejail profile for gradio # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gradio.local +include gradio.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/gradio noblacklist ${HOME}/.local/share/gradio -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/gradio mkdir ${HOME}/.local/share/gradio whitelist ${HOME}/.cache/gradio whitelist ${HOME}/.local/share/gradio -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/gtar.profile b/etc/gtar.profile index d4bf18f95..12acb8356 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/tar.profile +include tar.profile diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 6c4de8bf0..e08ebcdcd 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -2,19 +2,19 @@ # Description: Image viewer and browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gthumb.local +include gthumb.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/gthumb noblacklist ${HOME}/.Steam noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all nodvd diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 775c79521..0b83ea250 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile @@ -1,19 +1,19 @@ # Firejail profile for guayadeque # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/guayadeque.local +include guayadeque.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.guayadeque noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 88e441b14..978757612 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile @@ -2,17 +2,17 @@ # Description: Unicode character picker and font browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gucharmap.local +include gucharmap.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/gunzip.profile b/etc/gunzip.profile index 8ea523df7..fe35f8fe7 100644 --- a/etc/gunzip.profile +++ b/etc/gunzip.profile @@ -1,9 +1,9 @@ # Firejail profile for gunzip # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gunzip.local +include gunzip.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/gzip.profile +include gzip.profile diff --git a/etc/gwenview.profile b/etc/gwenview.profile index cf9b27e0f..f2bf94209 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -2,9 +2,9 @@ # Description: Image viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/gwenview.local +include gwenview.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/GIMP noblacklist ${HOME}/.config/gwenviewrc @@ -17,13 +17,13 @@ noblacklist ${HOME}/.kde4/share/config/gwenviewrc noblacklist ${HOME}/.local/share/gwenview noblacklist ${HOME}/.local/share/org.kde.gwenview -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/gzip.profile b/etc/gzip.profile index 9157d398a..4a24736a7 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/gzip.local +include gzip.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -23,4 +23,4 @@ tracelog private-dev -include /etc/firejail/default.profile +include default.profile diff --git a/etc/handbrake-gtk.profile b/etc/handbrake-gtk.profile index de6244a32..1cb09ddde 100644 --- a/etc/handbrake-gtk.profile +++ b/etc/handbrake-gtk.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/handbrake.profile +include handbrake.profile diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 32da097ce..57f706d72 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile @@ -2,22 +2,22 @@ # Description: Versatile DVD ripper and video transcoder (GTK+ GUI) # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/handbrake.local +include handbrake.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/ghb noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 8bc861dde..353f9e638 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile @@ -3,20 +3,20 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/hashcat.local +include hashcat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.hashcat noblacklist /usr/include noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all net none diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 542771639..39309f482 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -2,21 +2,21 @@ # Description: Funny turn-based artillery game, featuring fighting hedgehogs # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/hedgewars.local +include hedgewars.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.hedgewars -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.hedgewars whitelist ${HOME}/.hedgewars -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/hexchat.profile b/etc/hexchat.profile index a2c163e6a..ffe7909c2 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -2,9 +2,9 @@ # Description: IRC client for X based on X-Chat 2 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/hexchat.local +include hexchat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/hexchat noblacklist /usr/share/perl* @@ -15,16 +15,16 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/hexchat whitelist ${HOME}/.config/hexchat -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/highlight.profile b/etc/highlight.profile index d313f2769..2dc8ac470 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -2,17 +2,17 @@ # Description: Universal source code to formatted text converter # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/highlight.local +include highlight.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/hugin.profile b/etc/hugin.profile index 35505c698..1b345fdc2 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -2,20 +2,20 @@ # Description: Panorama photo stitcher # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/hugin.local +include hugin.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.hugin noblacklist ${DOCUMENTS} noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all net none diff --git a/etc/i3.profile b/etc/i3.profile index efbc1f6e7..c1ca0e413 100644 --- a/etc/i3.profile +++ b/etc/i3.profile @@ -2,13 +2,13 @@ # Description: Standards-compliant, fast, light-weight and extensible window manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/i3.local +include i3.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # all applications started in awesome will run in this profile noblacklist ${HOME}/.config/i3 -include /etc/firejail/disable-common.inc +include disable-common.inc caps.drop all netfilter diff --git a/etc/icecat.profile b/etc/icecat.profile index 42e762c21..660343a29 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -1,9 +1,9 @@ # Firejail profile for icecat # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/icecat.local +include icecat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla @@ -17,4 +17,4 @@ whitelist ${HOME}/.mozilla #private-etc icecat # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/icedove.profile b/etc/icedove.profile index 80cff3878..a66309bf1 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile @@ -1,9 +1,9 @@ # Firejail profile for icedove # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/icedove.local +include icedove.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Users have icedove set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories @@ -18,10 +18,10 @@ mkdir ${HOME}/.icedove whitelist ${HOME}/.cache/icedove whitelist ${HOME}/.gnupg whitelist ${HOME}/.icedove -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc ignore private-tmp # allow browsers # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index 51f15aa1b..24a2f4cc3 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile @@ -1,12 +1,12 @@ # Firejail profile for iceweasel # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/iceweasel.local +include iceweasel.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # private-etc must first be enabled in firefox-common.profile #private-etc iceweasel # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/idea.profile b/etc/idea.profile index 623d71734..d56dceb71 100644 --- a/etc/idea.profile +++ b/etc/idea.profile @@ -1,10 +1,10 @@ # Firejail profile for idea # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/idea.local +include idea.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/idea.sh.profile +include idea.sh.profile diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 06328ccbf..1c1158707 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile @@ -1,9 +1,9 @@ # Firejail profile for idea.sh # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/idea.sh.local +include idea.sh.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.IdeaIC* noblacklist ${HOME}/.android @@ -16,9 +16,9 @@ noblacklist ${HOME}/.local/share/JetBrains noblacklist ${HOME}/.ssh noblacklist ${HOME}/.tooling -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile index f7a69fa94..b960b08e5 100644 --- a/etc/ideaIC.profile +++ b/etc/ideaIC.profile @@ -1,10 +1,10 @@ # Firejail profile for ideaIC # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ideaIC.local +include ideaIC.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/idea.sh.profile +include idea.sh.profile diff --git a/etc/imagej.profile b/etc/imagej.profile index 4de064390..9fff11d31 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile @@ -2,9 +2,9 @@ # Description: Image processing program with a focus on microscopy images # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/imagej.local +include imagej.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.imagej @@ -14,11 +14,11 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/img2txt.profile b/etc/img2txt.profile index c9ee18f80..63ce645a5 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -1,19 +1,19 @@ # Firejail profile for img2txt # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/img2txt.local +include img2txt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all net none diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 56fdfd081..afd979327 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -2,9 +2,9 @@ # Description: Vector-based drawing program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/inkscape.local +include inkscape.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/inkscape noblacklist ${HOME}/.config/inkscape @@ -12,14 +12,14 @@ noblacklist ${HOME}/.inkscape noblacklist ${DOCUMENTS} noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/inox.profile b/etc/inox.profile index 652761c54..1b3db73b4 100644 --- a/etc/inox.profile +++ b/etc/inox.profile @@ -1,9 +1,9 @@ # Firejail profile for inox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/inox.local +include inox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/inox noblacklist ${HOME}/.config/inox @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/inox whitelist ${HOME}/.config/inox # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/iridium-browser.profile b/etc/iridium-browser.profile index 1baa07cb7..0a6418d5c 100644 --- a/etc/iridium-browser.profile +++ b/etc/iridium-browser.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/iridium.profile +include iridium.profile diff --git a/etc/iridium.profile b/etc/iridium.profile index 2869c3070..ebb39b0a3 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile @@ -1,9 +1,9 @@ # Firejail profile for iridium # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/iridium.local +include iridium.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/iridium noblacklist ${HOME}/.config/iridium @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/iridium whitelist ${HOME}/.config/iridium # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/itch.profile b/etc/itch.profile index 2ad669952..83ee20f23 100644 --- a/etc/itch.profile +++ b/etc/itch.profile @@ -1,24 +1,24 @@ # Firejail profile for itch # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/itch.local +include itch.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # itch.io has native firejail/sandboxing support bundled in # See https://itch.io/docs/itch/using/sandbox/linux.html noblacklist ${HOME}/.config/itch -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/itch whitelist ${HOME}/.config/itch -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 3a280dab7..65b6e3c5b 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -1,9 +1,9 @@ # Firejail profile for jd-gui # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/jd-gui.local +include jd-gui.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/jd-gui.cfg noblacklist ${HOME}/.java @@ -14,14 +14,14 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/jdownloader.profile b/etc/jdownloader.profile index dbcc85e8d..037d92338 100644 --- a/etc/jdownloader.profile +++ b/etc/jdownloader.profile @@ -1,10 +1,10 @@ # Firejail profile for jdownloader # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/jdownloader.local +include jdownloader.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/JDownloader.profile +include JDownloader.profile diff --git a/etc/jitsi.profile b/etc/jitsi.profile index b3b09f4b1..5a575bb71 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -1,9 +1,9 @@ # Firejail profile for jitsi # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/jitsi.local +include jitsi.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.jitsi @@ -13,11 +13,11 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all nodvd diff --git a/etc/k3b.profile b/etc/k3b.profile index 6b4c15560..8c599d0ca 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile @@ -2,23 +2,23 @@ # Description: Sophisticated CD/DVD burning application # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/k3b.local +include k3b.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/k3brc noblacklist ${HOME}/.kde/share/config/k3brc noblacklist ${HOME}/.kde4/share/config/k3brc noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all no3d diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile index 204c20501..3e9456ba0 100644 --- a/etc/kaffeine.profile +++ b/etc/kaffeine.profile @@ -2,9 +2,9 @@ # Description: Versatile media player for KDE # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kaffeine.local +include kaffeine.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/kaffeinerc noblacklist ${HOME}/.kde/share/apps/kaffeine @@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/kaffeine noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/karbon.profile b/etc/karbon.profile index 3525a3e06..e9e3c2a69 100644 --- a/etc/karbon.profile +++ b/etc/karbon.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/krita.profile +include krita.profile diff --git a/etc/kate.profile b/etc/kate.profile index 8a53a56a8..e0aa78b26 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -2,9 +2,9 @@ # Description: Powerful text editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kate.local +include kate.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/katemetainfos noblacklist ${HOME}/.config/katepartrc @@ -14,13 +14,13 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc noblacklist ${HOME}/.config/katevirc noblacklist ${HOME}/.local/share/kate -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor caps.drop all diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 20ad8f23a..03df23ec1 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile @@ -2,16 +2,16 @@ # Description: Simple and scientific calculator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kcalc.local +include kcalc.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkfile ${HOME}/.config/kcalcrc mkfile ${HOME}/.kde/share/config/kcalcrc @@ -19,8 +19,8 @@ mkfile ${HOME}/.kde4/share/config/kcalcrc whitelist ${HOME}/.config/kcalcrc whitelist ${HOME}/.kde/share/config/kcalcrc whitelist ${HOME}/.kde4/share/config/kcalcrc -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index 76de15ccf..f853b1812 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile @@ -1,19 +1,19 @@ # Firejail profile for kdeinit4 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kdeinit4.local +include kdeinit4.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # use outside KDE Plasma 4 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 4aca10995..1d7b2ff53 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile @@ -2,19 +2,19 @@ # Description: Non-linear video editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kdenlive.local +include kdenlive.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/kdenlive noblacklist ${HOME}/.config/kdenliverc noblacklist ${HOME}/.local/share/kdenlive -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc apparmor caps.drop all diff --git a/etc/keepass.profile b/etc/keepass.profile index e27248357..96b522f17 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile @@ -2,9 +2,9 @@ # Description: An easy-to-use password manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/keepass.local +include keepass.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx @@ -15,12 +15,12 @@ noblacklist ${HOME}/.local/share/KeePass noblacklist ${HOME}/.local/share/keepass noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/keepass2.profile b/etc/keepass2.profile index d29fc6abc..9e33e08db 100644 --- a/etc/keepass2.profile +++ b/etc/keepass2.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/keepass.profile +include keepass.profile diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 94aaa5597..eb8d2e235 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -2,9 +2,9 @@ # Description: Cross Platform Password Manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/keepassx.local +include keepassx.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx @@ -12,14 +12,14 @@ noblacklist ${HOME}/.config/keepassx noblacklist ${HOME}/.keepassx noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index 4e74c2cea..fdd27e9f9 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile @@ -3,4 +3,4 @@ # This file is overwritten after every install/update # Redirects -include /etc/firejail/keepassx.profile +include keepassx.profile diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index a00d17878..bb0ec602f 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -2,9 +2,9 @@ # Description: Cross Platform Password Manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/keepassxc.local +include keepassxc.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/*.kdb noblacklist ${HOME}/*.kdbx @@ -14,14 +14,14 @@ noblacklist ${HOME}/.keepassxc noblacklist ${HOME}/.mozilla noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/kget.profile b/etc/kget.profile index a32b51626..582b297f9 100644 --- a/etc/kget.profile +++ b/etc/kget.profile @@ -2,9 +2,9 @@ # Description: Download manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kget.local +include kget.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/kgetrc noblacklist ${HOME}/.kde/share/apps/kget @@ -13,13 +13,13 @@ noblacklist ${HOME}/.kde4/share/apps/kget noblacklist ${HOME}/.kde4/share/config/kgetrc noblacklist ${HOME}/.local/share/kget -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/kino.profile b/etc/kino.profile index cda86ddc6..31613259c 100644 --- a/etc/kino.profile +++ b/etc/kino.profile @@ -2,18 +2,18 @@ # Description: Non-linear editor for Digital Video data # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kino.local +include kino.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.kino-history noblacklist ${HOME}/.kinorc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/kmail.profile b/etc/kmail.profile index 308a981f7..89c591280 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -2,9 +2,9 @@ # Description: Full featured graphical email client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kmail.local +include kmail.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # kmail has problems launching akonadi in debian and ubuntu. # one solution is to have akonadi already running when kmail is started @@ -29,13 +29,13 @@ noblacklist ${HOME}/.local/share/local-mail noblacklist ${HOME}/.local/share/notes noblacklist /tmp/akonadi-* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor caps.drop all diff --git a/etc/knotes.profile b/etc/knotes.profile index 147d2d831..e7ea04873 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile @@ -2,9 +2,9 @@ # Description: Sticky notes application # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/knotes.local +include knotes.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # knotes has problems launching akonadi in debian and ubuntu. # one solution is to have akonadi already running when knotes is started @@ -14,4 +14,4 @@ noblacklist ${HOME}/.local/share/knotes # Redirect -include /etc/firejail/kmail.profile +include kmail.profile diff --git a/etc/kodi.profile b/etc/kodi.profile index 9dd7770ad..f02dec787 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile @@ -2,9 +2,9 @@ # Description: Open Source Home Theatre # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kodi.local +include kodi.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.kodi noblacklist ${MUSIC} @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/konversation.profile b/etc/konversation.profile index b66f40600..dff8bbab4 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -2,21 +2,21 @@ # Description: User friendly Internet Relay Chat (IRC) client for KDE # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/konversation.local +include konversation.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/konversationrc noblacklist ${HOME}/.kde/share/config/konversationrc noblacklist ${HOME}/.kde4/share/config/konversationrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/kopete.profile b/etc/kopete.profile index d7829113d..0ac7c7e97 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile @@ -2,23 +2,23 @@ # Description: Instant messaging and chat application # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kopete.local +include kopete.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.kde/share/apps/kopete noblacklist ${HOME}/.kde/share/config/kopeterc noblacklist ${HOME}/.kde4/share/apps/kopete noblacklist ${HOME}/.kde4/share/config/kopeterc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist /var/lib/winpopup -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/krita.profile b/etc/krita.profile index 5a1f3d031..ba3bb820f 100644 --- a/etc/krita.profile +++ b/etc/krita.profile @@ -2,9 +2,9 @@ # Description: Pixel-based image manipulation program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/krita.local +include krita.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/kritarc noblacklist ${HOME}/.local/share/krita @@ -17,12 +17,12 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc apparmor caps.drop all diff --git a/etc/krunner.profile b/etc/krunner.profile index 0b1b9e5de..c64113c15 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile @@ -2,9 +2,9 @@ # Description: Framework for providing different actions given a string query # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/krunner.local +include krunner.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # - programs started in krunner run with this generic profile. # - when a file is opened in krunner, the file viewer runs in its own sandbox @@ -19,13 +19,13 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc # noblacklist ${HOME}/.local/share/baloo # noblacklist ${HOME}/.mozilla -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -# include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +# include disable-passwdmgr.inc +# include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 14ee3322c..344d1f932 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -2,9 +2,9 @@ # Description: BitTorrent client based on the KDE platform # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ktorrent.local +include ktorrent.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/ktorrentrc noblacklist ${HOME}/.kde/share/apps/ktorrent @@ -13,11 +13,11 @@ noblacklist ${HOME}/.kde4/share/apps/ktorrent noblacklist ${HOME}/.kde4/share/config/ktorrentrc noblacklist ${HOME}/.local/share/ktorrent -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.kde/share/apps/ktorrent mkdir ${HOME}/.kde4/share/apps/ktorrent @@ -32,8 +32,8 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc whitelist ${HOME}/.kde4/share/apps/ktorrent whitelist ${HOME}/.kde4/share/config/ktorrentrc whitelist ${HOME}/.local/share/ktorrent -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index ca7c5042d..a7a42d5ad 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile @@ -1,22 +1,22 @@ # Firejail profile for kwin_x11 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kwin_x11.local +include kwin_x11.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/kwin noblacklist ${HOME}/.config/kwinrc noblacklist ${HOME}/.config/kwinrulesrc noblacklist ${HOME}/.local/share/kwin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/kwrite.profile b/etc/kwrite.profile index f080b3ffc..bde981737 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -2,9 +2,9 @@ # Description: Simple text editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/kwrite.local +include kwrite.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/katepartrc noblacklist ${HOME}/.config/katerc @@ -15,14 +15,14 @@ noblacklist ${HOME}/.config/kwriterc noblacklist ${HOME}/.local/share/kwrite noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/lbunzip2.profile b/etc/lbunzip2.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbunzip2.profile +++ b/etc/lbunzip2.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/gzip.profile +include gzip.profile diff --git a/etc/lbzcat.profile b/etc/lbzcat.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbzcat.profile +++ b/etc/lbzcat.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/gzip.profile +include gzip.profile diff --git a/etc/lbzip2.profile b/etc/lbzip2.profile index 180eea2c8..ec9a8f546 100644 --- a/etc/lbzip2.profile +++ b/etc/lbzip2.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/gzip.profile +include gzip.profile diff --git a/etc/leafpad.profile b/etc/leafpad.profile index d3335893f..f4e04bf0c 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -2,19 +2,19 @@ # Description: GTK+ based simple text editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/leafpad.local +include leafpad.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/leafpad -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/less.profile b/etc/less.profile index a08d2c547..b083c3809 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/less.local +include less.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -33,4 +33,4 @@ memory-deny-write-execute noexec ${HOME} noexec /tmp -include /etc/firejail/default.profile +include default.profile diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 905dd22b9..fb582508e 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -2,9 +2,9 @@ # Description: Office productivity suite # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/libreoffice.local +include libreoffice.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist /usr/local/sbin @@ -17,12 +17,12 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # Ubuntu 18.04 uses its own apparmor profile # uncomment the next line if you are not on Ubuntu diff --git a/etc/liferea.profile b/etc/liferea.profile index 04c649121..3d83ffd22 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -2,9 +2,9 @@ # Description: Feed/news/podcast client with plugin support # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/liferea.local +include liferea.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/liferea noblacklist ${HOME}/.config/liferea @@ -16,11 +16,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/liferea mkdir ${HOME}/.config/liferea @@ -28,8 +28,8 @@ mkdir ${HOME}/.local/share/liferea whitelist ${HOME}/.cache/liferea whitelist ${HOME}/.config/liferea whitelist ${HOME}/.local/share/liferea -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/linphone.profile b/etc/linphone.profile index b469b9711..a3e072509 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile @@ -2,25 +2,25 @@ # Description: SIP softphone - graphical client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/linphone.local +include linphone.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.linphone-history.db noblacklist ${HOME}/.linphonerc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkfile ${HOME}/.linphone-history.db mkfile ${HOME}/.linphonerc whitelist ${HOME}/.linphone-history.db whitelist ${HOME}/.linphonerc whitelist ${HOME}/Downloads -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/lmms.profile b/etc/lmms.profile index d3ef1b40e..1534b57a0 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile @@ -2,20 +2,20 @@ # Description: Linux Multimedia Studio # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/lmms.local +include lmms.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.lmmsrc.xml noblacklist ${DOCUMENTS} noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/lobase.profile b/etc/lobase.profile index c702a4ece..ea0f84631 100644 --- a/etc/lobase.profile +++ b/etc/lobase.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/localc.profile b/etc/localc.profile index c702a4ece..ea0f84631 100644 --- a/etc/localc.profile +++ b/etc/localc.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/lodraw.profile b/etc/lodraw.profile index c702a4ece..ea0f84631 100644 --- a/etc/lodraw.profile +++ b/etc/lodraw.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/loffice.profile b/etc/loffice.profile index c702a4ece..ea0f84631 100644 --- a/etc/loffice.profile +++ b/etc/loffice.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/lofromtemplate.profile b/etc/lofromtemplate.profile index c702a4ece..ea0f84631 100644 --- a/etc/lofromtemplate.profile +++ b/etc/lofromtemplate.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/loimpress.profile b/etc/loimpress.profile index c702a4ece..ea0f84631 100644 --- a/etc/loimpress.profile +++ b/etc/loimpress.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/lollypop.profile b/etc/lollypop.profile index efd40e899..b279602ef 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -2,9 +2,9 @@ # Description: Music player for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/lollypop.local +include lollypop.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/lollypop noblacklist ${MUSIC} @@ -15,14 +15,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/lomath.profile b/etc/lomath.profile index c702a4ece..ea0f84631 100644 --- a/etc/lomath.profile +++ b/etc/lomath.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/loweb.profile b/etc/loweb.profile index c702a4ece..ea0f84631 100644 --- a/etc/loweb.profile +++ b/etc/loweb.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/lowriter.profile b/etc/lowriter.profile index c702a4ece..ea0f84631 100644 --- a/etc/lowriter.profile +++ b/etc/lowriter.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index a4ccefb6d..0b43a0b71 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -2,19 +2,19 @@ # Description: Graphical user interface providing a workflow for HDR imaging # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/luminance-hdr.local +include luminance-hdr.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Luminance noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 4b3c457f6..6e310c509 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -2,17 +2,17 @@ # Description: Image viewer for LXQt # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/lximage-qt.local +include lximage-qt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/lximage-qt -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 7c3334075..219f312e5 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -2,22 +2,22 @@ # Description: LXDE music player # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/lxmusic.local +include lxmusic.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/xmms2 noblacklist ${HOME}/.config/xmms2 noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/lynx.profile b/etc/lynx.profile index f5ec44fda..6fcd026dc 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -2,18 +2,18 @@ # Description: Classic non-graphical (text-mode) web browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/lynx.local +include lynx.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/lzcat.profile b/etc/lzcat.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzcat.profile +++ b/etc/lzcat.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzcmp.profile b/etc/lzcmp.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzcmp.profile +++ b/etc/lzcmp.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzdiff.profile b/etc/lzdiff.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzdiff.profile +++ b/etc/lzdiff.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzegrep.profile b/etc/lzegrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzegrep.profile +++ b/etc/lzegrep.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzfgrep.profile b/etc/lzfgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzfgrep.profile +++ b/etc/lzfgrep.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzgrep.profile b/etc/lzgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzgrep.profile +++ b/etc/lzgrep.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzip.profile b/etc/lzip.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzip.profile +++ b/etc/lzip.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzless.profile b/etc/lzless.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzless.profile +++ b/etc/lzless.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzma.profile b/etc/lzma.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzma.profile +++ b/etc/lzma.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzmadec.profile b/etc/lzmadec.profile index 7c26620dd..9ba22601b 100644 --- a/etc/lzmadec.profile +++ b/etc/lzmadec.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/xzdec.profile +include xzdec.profile diff --git a/etc/lzmainfo.profile b/etc/lzmainfo.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzmainfo.profile +++ b/etc/lzmainfo.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/lzmore.profile b/etc/lzmore.profile index cd79eebc6..748dad2e3 100644 --- a/etc/lzmore.profile +++ b/etc/lzmore.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 4107d91ad..e1d940425 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile @@ -1,9 +1,9 @@ # Firejail profile for macrofusion # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/macrofusion.local +include macrofusion.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mfusion noblacklist ${PICTURES} @@ -14,12 +14,12 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/makepkg.profile b/etc/makepkg.profile index ac337b9a1..317a3dd78 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile @@ -10,9 +10,9 @@ quiet # Persistent local customizations -include /etc/firejail/makepkg.local +include makepkg.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Enable severely restricted access to ${HOME}/.gnupg @@ -30,9 +30,9 @@ blacklist ${HOME}/.gnupg/openpgp-revocs.d # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} noblacklist /var/lib/pacman -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index cc80679fc..e35ddd2a7 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile @@ -2,20 +2,20 @@ # Description: A complete solution for creating and editing PDF files # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/masterpdfeditor.local +include masterpdfeditor.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Code Industry noblacklist ${HOME}/.masterpdfeditor -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/masterpdfeditor4.profile b/etc/masterpdfeditor4.profile index 7ab9c9421..5612fdaa4 100644 --- a/etc/masterpdfeditor4.profile +++ b/etc/masterpdfeditor4.profile @@ -2,11 +2,11 @@ # Description: A complete solution for creating and editing PDF files # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/masterpdfeditor4.local +include masterpdfeditor4.local # Persistent global definitions # added by included profile -#include /etc/firejail/globals.local +#include globals.local # Redirect -include /etc/firejail/masterpdfeditor.profile +include masterpdfeditor.profile diff --git a/etc/masterpdfeditor5.profile b/etc/masterpdfeditor5.profile index 86faf5da0..8669ceb11 100644 --- a/etc/masterpdfeditor5.profile +++ b/etc/masterpdfeditor5.profile @@ -2,11 +2,11 @@ # Description: A complete solution for creating and editing PDF files # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/masterpdfeditor5.local +include masterpdfeditor5.local # Persistent global definitions # added by included profile -#include /etc/firejail/globals.local +#include globals.local # Redirect -include /etc/firejail/masterpdfeditor.profile +include masterpdfeditor.profile diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 874fcf8cb..46bd7aa2e 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -2,17 +2,17 @@ # Description: MATE desktop calculator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mate-calc.local +include mate-calc.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mate-calc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${HOME}/.cache/mate-calc whitelist ${HOME}/.config/caja diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 43bb3ebb4..442acf8ff 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/mate-calc.profile +include mate-calc.profile diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index c3a3ee446..b4cf0b38a 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -1,16 +1,16 @@ # Firejail profile for mate-color-select # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mate-color-select.local +include mate-color-select.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${HOME}/.config/gtk-3.0 whitelist ${HOME}/.fonts diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index b0bd99519..10978df20 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -1,17 +1,17 @@ # Firejail profile for mate-dictionary # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mate-dictionary.local +include mate-dictionary.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mate/mate-dictionary -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${HOME}/.config/mate/mate-dictionary whitelist ${HOME}/.config/gtk-3.0 diff --git a/etc/mathematica.profile b/etc/mathematica.profile index 984ea9e97..5f29181cd 100644 --- a/etc/mathematica.profile +++ b/etc/mathematica.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/Mathematica.profile +include Mathematica.profile diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 0ed8952e5..1a1c255e7 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -2,18 +2,18 @@ # Description: Small Jabber (XMPP) console client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mcabber.local +include mcabber.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.mcabber noblacklist ${HOME}/.mcabberrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 7556098a7..5e636c107 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -2,17 +2,17 @@ # Description: Command-line utility for reading information from audio/video files # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mediainfo.local +include mediainfo.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index e53ced860..b9a6416bb 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -2,9 +2,9 @@ # Description: View streams from German public television stations # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mediathekview.local +include mediathekview.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mpv noblacklist ${HOME}/.config/smplayer @@ -23,13 +23,13 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/meld.profile b/etc/meld.profile index 1a7935800..3c028e064 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -2,18 +2,18 @@ # Description: Graphical tool to diff and merge files # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/meld.local +include meld.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/meld -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/mencoder.profile b/etc/mencoder.profile index 9306d268e..136412d11 100644 --- a/etc/mencoder.profile +++ b/etc/mencoder.profile @@ -2,16 +2,16 @@ # Description: Free command line video decoding, encoding and filtering tool # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mencoder.local +include mencoder.local # Persistent global definitions # added by included profile -#include /etc/firejail/globals.local +#include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc net none no3d @@ -25,4 +25,4 @@ shell none private-bin mencoder -include /etc/firejail/mplayer.profile +include mplayer.profile diff --git a/etc/midori.profile b/etc/midori.profile index 7c56910a7..6a69f2282 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -2,9 +2,9 @@ # Description: Lightweight web browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/midori.local +include midori.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/midori noblacklist ${HOME}/.local/share/midori @@ -12,10 +12,10 @@ noblacklist ${HOME}/.local/share/midori # noblacklist ${HOME}/.local/share/webkitgtk noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/midori mkdir ${HOME}/.config/midori @@ -33,7 +33,7 @@ whitelist ${HOME}/.local/share/midori whitelist ${HOME}/.local/share/webkit whitelist ${HOME}/.local/share/webkitgtk whitelist ${HOME}/.pki -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/min.profile b/etc/min.profile index 91c6fce3c..9cef737a8 100644 --- a/etc/min.profile +++ b/etc/min.profile @@ -2,24 +2,24 @@ # Description: A faster, smarter web browser. # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/min.local +include min.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Min noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.pki whitelist ${DOWNLOADS} whitelist ${HOME}/.pki -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all # ipc-namespace diff --git a/etc/minetest.profile b/etc/minetest.profile index 3e06b6d30..c1aef8aa6 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile @@ -2,22 +2,22 @@ # Description: Multiplayer infinite-world block sandbox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/minetest.local +include minetest.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.minetest -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.minetest whitelist ${HOME}/.minetest -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 421637509..8e789f112 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -2,19 +2,19 @@ # Description: Simple Xfce oriented text editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mousepad.local +include mousepad.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Mousepad -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/mpd.profile b/etc/mpd.profile index 709f2ef89..70a438fb7 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile @@ -2,21 +2,21 @@ # Description: Music Player Daemon # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mpd.local +include mpd.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mpd noblacklist ${HOME}/.mpd noblacklist ${HOME}/.mpdconf noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 29ef21b9d..fbe6200fa 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile @@ -2,22 +2,22 @@ # Description: Movie player for Unix-like systems # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mplayer.local +include mplayer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.mplayer noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/mpv.profile b/etc/mpv.profile index 5747cd3fa..b521e58b9 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile @@ -2,9 +2,9 @@ # Description: Video player based on MPlayer/mplayer2 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mpv.local +include mpv.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mpv noblacklist ${HOME}/.netrc @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/ms-excel.profile b/etc/ms-excel.profile index 4fb8c6fc1..e103baf19 100644 --- a/etc/ms-excel.profile +++ b/etc/ms-excel.profile @@ -1,12 +1,12 @@ # Firejail profile for Microsoft Office Online - Excel # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-excel.local +include ms-excel.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-excel-online private-bin ms-excel # Redirect -include /etc/firejail/ms-office.profile +include ms-office.profile diff --git a/etc/ms-office.profile b/etc/ms-office.profile index cedc5eff4..61478fd07 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile @@ -1,9 +1,9 @@ # Firejail profile for Microsoft Office Online # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-office.local +include ms-office.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-office-online noblacklist ${HOME}/.jak @@ -14,11 +14,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/ms-onenote.profile b/etc/ms-onenote.profile index 520544ab4..1259d55c8 100644 --- a/etc/ms-onenote.profile +++ b/etc/ms-onenote.profile @@ -1,12 +1,12 @@ # Firejail profile for Microsoft Office Online - Onenote # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-onenote.local +include ms-onenote.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-onenote-online private-bin ms-onenote # Redirect -include /etc/firejail/ms-office.profile +include ms-office.profile diff --git a/etc/ms-outlook.profile b/etc/ms-outlook.profile index e438bbdfc..a9fadc2c1 100644 --- a/etc/ms-outlook.profile +++ b/etc/ms-outlook.profile @@ -1,12 +1,12 @@ # Firejail profile for Microsoft Office Online - Outlook # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-outlook.local +include ms-outlook.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-outlook-online private-bin ms-outlook # Redirect -include /etc/firejail/ms-office.profile +include ms-office.profile diff --git a/etc/ms-powerpoint.profile b/etc/ms-powerpoint.profile index 82be095d0..4c096de4e 100644 --- a/etc/ms-powerpoint.profile +++ b/etc/ms-powerpoint.profile @@ -1,12 +1,12 @@ # Firejail profile for Microsoft Office Online - Powerpoint # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-powerpoint.local +include ms-powerpoint.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-powerpoint-online private-bin ms-powerpoint # Redirect -include /etc/firejail/ms-office.profile +include ms-office.profile diff --git a/etc/ms-skype.profile b/etc/ms-skype.profile index fa3c4a314..02084d923 100644 --- a/etc/ms-skype.profile +++ b/etc/ms-skype.profile @@ -1,13 +1,13 @@ # Firejail profile for Microsoft Office Online - Skype # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-skype.local +include ms-skype.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-skype-online ignore novideo private-bin ms-skype # Redirect -include /etc/firejail/ms-office.profile +include ms-office.profile diff --git a/etc/ms-word.profile b/etc/ms-word.profile index fdcab27a7..f21e987d4 100644 --- a/etc/ms-word.profile +++ b/etc/ms-word.profile @@ -1,12 +1,12 @@ # Firejail profile for Microsoft Office Online - Word # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ms-word.local +include ms-word.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/ms-word-online private-bin ms-word # Redirect -include /etc/firejail/ms-office.profile +include ms-office.profile diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 2b63c2032..b73857826 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile @@ -1,9 +1,9 @@ # Firejail profile for multimc5 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/multimc5.local +include multimc5.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.local/share/multimc @@ -16,17 +16,17 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.local/share/multimc whitelist ${HOME}/.local/share/multimc whitelist ${HOME}/.local/share/multimc5 whitelist ${HOME}/.multimc5 -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/mumble.profile b/etc/mumble.profile index c5af9aa42..276e77c68 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile @@ -2,25 +2,25 @@ # Description: Low latency encrypted VoIP client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mumble.local +include mumble.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Mumble noblacklist ${HOME}/.local/share/data/Mumble -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/Mumble mkdir ${HOME}/.local/share/data/Mumble whitelist ${HOME}/.config/Mumble whitelist ${HOME}/.local/share/data/Mumble -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/mupdf.profile b/etc/mupdf.profile index b49597e00..17658e2ef 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -2,20 +2,20 @@ # Description: Lightweight PDF viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mupdf.local +include mupdf.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index a235c44c8..3798609d2 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -2,25 +2,25 @@ # Description: Nintendo64 Emulator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mupen64plus.local +include mupen64plus.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mupen64plus noblacklist ${HOME}/.local/share/mupen64plus -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-passwdmgr.inc +include disable-programs.inc # you'll need to manually whitelist ROM files mkdir ${HOME}/.config/mupen64plus mkdir ${HOME}/.local/share/mupen64plus whitelist ${HOME}/.config/mupen64plus/ whitelist ${HOME}/.local/share/mupen64plus/ -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all net none diff --git a/etc/musescore.profile b/etc/musescore.profile index 3eb929bd1..5f009c681 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile @@ -2,9 +2,9 @@ # Description: Free music composition and notation software # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/musescore.local +include musescore.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/MusE noblacklist ${HOME}/.config/MuseScore @@ -13,14 +13,14 @@ noblacklist ${HOME}/.local/share/data/MuseScore noblacklist ${DOCUMENTS} noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index ba010d6a3..2b8e5b256 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile @@ -1,17 +1,17 @@ # Firejail profile for Musixmatch # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/musixmatch.local +include musixmatch.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/mutt.profile b/etc/mutt.profile index 6cb09ec78..a05227125 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -2,9 +2,9 @@ # Description: Text-based mailreader supporting MIME, GPG, PGP and threading # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/mutt.local +include mutt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix @@ -32,11 +32,11 @@ noblacklist ${HOME}/mail noblacklist ${HOME}/postponed noblacklist ${HOME}/sent -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/natron.profile b/etc/natron.profile index 76e909f83..790fe437d 100644 --- a/etc/natron.profile +++ b/etc/natron.profile @@ -1,9 +1,9 @@ # Firejail profile for natron # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/natron.local +include natron.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Allow access to python noblacklist ${PATH}/python2* @@ -16,11 +16,11 @@ noblacklist ${HOME}/.cache/INRIA/Natron noblacklist ${HOME}/.config/INRIA noblacklist /opt/natron -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 1809a6b3c..13fe9a9e1 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -2,9 +2,9 @@ # Description: File manager and graphical shell for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/nautilus.local +include nautilus.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there # is already a nautilus process running on gnome desktops firejail will have no effect. @@ -20,11 +20,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc caps.drop all netfilter diff --git a/etc/ncdu.profile b/etc/ncdu.profile index fa566b9fd..d8f9f62ff 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile @@ -2,9 +2,9 @@ # Description: Ncurses disk usage viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ncdu.local +include ncdu.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local caps.drop all ipc-namespace diff --git a/etc/nemo.profile b/etc/nemo.profile index 98e4ba1bd..8da094015 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -2,9 +2,9 @@ # Description: File manager and graphical shell for Cinnamon # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/nemo.local +include nemo.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/nemo noblacklist ${HOME}/.local/share/Trash @@ -17,10 +17,10 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc caps.drop all netfilter diff --git a/etc/netsurf.profile b/etc/netsurf.profile index cb38d9de0..0ddb7bbbe 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -2,24 +2,24 @@ # Description: Lightweight and fast web browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/netsurf.local +include netsurf.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/netsurf noblacklist ${HOME}/.config/netsurf -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/netsurf mkdir ${HOME}/.config/netsurf whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/netsurf whitelist ${HOME}/.config/netsurf -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/neverball.profile b/etc/neverball.profile index 5e6032ae5..207774ed0 100644 --- a/etc/neverball.profile +++ b/etc/neverball.profile @@ -2,21 +2,21 @@ # Description: 3D floor-tilting game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/neverball.local +include neverball.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.neverball -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.neverball whitelist ${HOME}/.neverball -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/nheko.profile b/etc/nheko.profile index f216a9fa5..ea99b2f5a 100644 --- a/etc/nheko.profile +++ b/etc/nheko.profile @@ -2,18 +2,18 @@ # Description: Desktop IM client for the Matrix protocol # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/nheko.local +include nheko.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/nheko noblacklist ${HOME}/.cache/nheko/nheko -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/nheko mkdir ${HOME}/.cache/nheko/nheko @@ -22,7 +22,7 @@ whitelist ${HOME}/.config/nheko whitelist ${HOME}/.cache/nheko/nheko whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/nitroshare-cli.profile b/etc/nitroshare-cli.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-cli.profile +++ b/etc/nitroshare-cli.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/nitroshare.profile +include nitroshare.profile diff --git a/etc/nitroshare-nmh.profile b/etc/nitroshare-nmh.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-nmh.profile +++ b/etc/nitroshare-nmh.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/nitroshare.profile +include nitroshare.profile diff --git a/etc/nitroshare-send.profile b/etc/nitroshare-send.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-send.profile +++ b/etc/nitroshare-send.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/nitroshare.profile +include nitroshare.profile diff --git a/etc/nitroshare-ui.profile b/etc/nitroshare-ui.profile index a9ad197e9..5ee683711 100644 --- a/etc/nitroshare-ui.profile +++ b/etc/nitroshare-ui.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/nitroshare.profile +include nitroshare.profile diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index f02599ac6..67c651429 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile @@ -2,9 +2,9 @@ # Description: Network File Transfer Application # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/nitroshare.local +include nitroshare.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Nathan Osman noblacklist ${HOME}/.config/NitroShare @@ -15,11 +15,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/nylas.profile b/etc/nylas.profile index 28305a203..935ab8f8a 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile @@ -1,23 +1,23 @@ # Firejail profile for nylas # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/nylas.local +include nylas.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Nylas Mail noblacklist ${HOME}/.nylas-mail -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.config/Nylas Mail whitelist ${HOME}/.nylas-mail -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/obs.profile b/etc/obs.profile index 611ecdd67..3e228365d 100644 --- a/etc/obs.profile +++ b/etc/obs.profile @@ -1,9 +1,9 @@ # Firejail profile for obs # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/obs.local +include obs.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/obs-studio noblacklist ${MUSIC} @@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all nodvd diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 59470f3bb..b9c525f0c 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -2,20 +2,20 @@ # Description: Simple converter from OpenDocument Text to plain text # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/odt2txt.local +include odt2txt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all net none diff --git a/etc/okular.profile b/etc/okular.profile index 0f15500af..80407ac3a 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -2,9 +2,9 @@ # Description: Universal document viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/okular.local +include okular.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/okular noblacklist ${HOME}/.config/okularpartrc @@ -18,14 +18,14 @@ noblacklist ${HOME}/.kde4/share/config/okularrc noblacklist ${HOME}/.local/share/okular noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 1c93ef9b9..6db776f6a 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile @@ -1,9 +1,9 @@ # Firejail profile for onionshare-gui # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/onionshare-gui.local +include onionshare-gui.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/onionshare @@ -11,13 +11,13 @@ noblacklist ${HOME}/.config/onionshare noblacklist ${PATH}/python3* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 1cd9e9537..dc00e47a1 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -2,21 +2,21 @@ # Description: Space Invaders clone # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/open-invaders.local +include open-invaders.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.openinvaders -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.openinvaders whitelist ${HOME}/.openinvaders -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all net none diff --git a/etc/openbox.profile b/etc/openbox.profile index 1540b71bd..1fb93c79c 100644 --- a/etc/openbox.profile +++ b/etc/openbox.profile @@ -2,13 +2,13 @@ # Description: Standards-compliant, fast, light-weight and extensible window manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/openbox.local +include openbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # all applications started in OpenBox will run in this profile noblacklist ${HOME}/.config/openbox -include /etc/firejail/disable-common.inc +include disable-common.inc caps.drop all netfilter diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile index cbd1f8fe8..b86073b41 100644 --- a/etc/openshot-qt.profile +++ b/etc/openshot-qt.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/openshot.profile +include openshot.profile diff --git a/etc/openshot.profile b/etc/openshot.profile index 242511243..fd69b8dbf 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile @@ -2,9 +2,9 @@ # Description: Create and edit videos and movies # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/openshot.local +include openshot.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.openshot noblacklist ${HOME}/.openshot_qt @@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 38a3152d2..8658d30c6 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -1,9 +1,9 @@ # Firejail profile for opera-beta # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/opera-beta.local +include opera-beta.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/opera noblacklist ${HOME}/.config/opera-beta @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/opera whitelist ${HOME}/.config/opera-beta # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/opera.profile b/etc/opera.profile index 294041c24..b342b3961 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -2,9 +2,9 @@ # Description: A fast and secure web browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/opera.local +include opera.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/opera noblacklist ${HOME}/.config/opera @@ -18,4 +18,4 @@ whitelist ${HOME}/.config/opera whitelist ${HOME}/.opera # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/orage.profile b/etc/orage.profile index 8fc6330d9..17a40a173 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -2,19 +2,19 @@ # Description: Calendar for Xfce Desktop Environment # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/orage.local +include orage.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/orage noblacklist ${HOME}/.local/share/orage -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/p7zip.profile b/etc/p7zip.profile index f8b2d6f1a..644292f2b 100644 --- a/etc/p7zip.profile +++ b/etc/p7zip.profile @@ -2,10 +2,10 @@ # Description: 7zr file archiver with high compression ratio # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/p7zip.local +include p7zip.local # Persistent global definitions # added by included profile -#include /etc/firejail/globals.local +#include globals.local # Redirect -include /etc/firejail/7z.profile +include 7z.profile diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 1104acff4..11464e6cf 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -1,9 +1,9 @@ # Firejail profile for palemoon # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/palemoon.local +include palemoon.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/moonchild productions/pale moon noblacklist ${HOME}/.moonchild productions/pale moon @@ -23,4 +23,4 @@ seccomp #private-opt palemoon # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/parole.profile b/etc/parole.profile index 00e1466b4..9ad59d2e6 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -2,19 +2,19 @@ # Description: Media player based on GStreamer framework # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/parole.local +include parole.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/patch.profile b/etc/patch.profile index 8fa6ac966..44b3cd677 100644 --- a/etc/patch.profile +++ b/etc/patch.profile @@ -3,19 +3,19 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/patch.local +include patch.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index c7e449166..0c1e95e63 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile @@ -2,19 +2,19 @@ # Description: Extremely fast and lightweight file manager # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pcmanfm.local +include pcmanfm.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/Trash # noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below # noblacklist ${HOME}/.config/pcmanfm -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -# include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# include disable-programs.inc caps.drop all # net none - see issue #1467, computer:/// location broken diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index f6a615632..6fe76360b 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile @@ -1,20 +1,20 @@ # Firejail profile for pdfchain # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pdfchain.local +include pdfchain.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 34cf5e44f..6853efd24 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile @@ -2,22 +2,22 @@ # Description: Simple tool for modifying PDF documents # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pdfmod.local +include pdfmod.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/pdfmod noblacklist ${HOME}/.config/pdfmod noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index a09ab0a8a..8ba0e6a10 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -2,9 +2,9 @@ # Description: PDF Split and Merge # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pdfsam.local +include pdfsam.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist ${DOCUMENTS} @@ -15,12 +15,12 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all machine-id diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index d162f45b5..8e7951e81 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -1,22 +1,22 @@ # Firejail profile for pdftotext # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pdftotext.local +include pdftotext.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/peek.profile b/etc/peek.profile index edc43d006..a3c64e1b4 100644 --- a/etc/peek.profile +++ b/etc/peek.profile @@ -1,20 +1,20 @@ # Firejail profile for peek # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/peek.local +include peek.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/peek noblacklist ${PICTURES} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all net none diff --git a/etc/picard.profile b/etc/picard.profile index 8474eeda6..b4d4fd597 100644 --- a/etc/picard.profile +++ b/etc/picard.profile @@ -2,9 +2,9 @@ # Description: Next-Generation MusicBrainz audio files tagger # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/picard.local +include picard.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/MusicBrainz noblacklist ${HOME}/.config/MusicBrainz @@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all no3d diff --git a/etc/pidgin.profile b/etc/pidgin.profile index e891f5fd8..0d4aebc50 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -2,17 +2,17 @@ # Description: Graphical multi-protocol instant messaging client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pidgin.local +include pidgin.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.purple -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/ping.profile b/etc/ping.profile index 2b20bf8c9..259b86a26 100644 --- a/etc/ping.profile +++ b/etc/ping.profile @@ -2,17 +2,17 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/ping.local +include ping.local # Persistent global definitions -include /etc/firejail/globals.local - -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc -include /etc/firejail/whitelist-common.inc +include globals.local + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc +include whitelist-common.inc caps.keep net_raw ipc-namespace diff --git a/etc/pingus.profile b/etc/pingus.profile index 4ce584d1e..56b6036d9 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -2,21 +2,21 @@ # Description: Free Lemmings(TM) clone # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pingus.local +include pingus.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.pingus -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.pingus whitelist ${HOME}/.pingus -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all net none diff --git a/etc/pinta.profile b/etc/pinta.profile index 506918b92..1e0611516 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile @@ -2,20 +2,20 @@ # Description: Simple drawing/painting program # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pinta.local +include pinta.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Pinta noblacklist ${DOCUMENTS} noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/pithos.profile b/etc/pithos.profile index cbe7ac9c6..9309ffdcc 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -2,9 +2,9 @@ # Description: Pandora Radio client for the GNOME desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pithos.local +include pithos.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Allow python (blacklisted by disable-interpreters.inc) noblacklist ${PATH}/python2* @@ -12,15 +12,15 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 6f6aed117..bce2f795f 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile @@ -2,9 +2,9 @@ # Description: Non-linear audio/video editor using GStreamer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pitivi.local +include pitivi.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/pitivi @@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/pix.profile b/etc/pix.profile index dfc6d780e..5734effde 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -1,20 +1,20 @@ # Firejail profile for pix # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pix.local +include pix.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/pix noblacklist ${HOME}/.local/share/pix noblacklist ${HOME}/.Steam noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all nodvd diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile index 119baf6b5..707c75cec 100644 --- a/etc/playonlinux.profile +++ b/etc/playonlinux.profile @@ -2,9 +2,9 @@ # Description: Front-end for Wine # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/playonlinux.local +include playonlinux.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Steam noblacklist ${HOME}/.local/share/Steam @@ -22,11 +22,11 @@ noblacklist ${PATH}/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -include /etc/firejail/disable-common.inc +include disable-common.inc # playonlinux uses perl -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/pluma.profile b/etc/pluma.profile index 832e7a3f4..4e0dc3505 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile @@ -2,19 +2,19 @@ # Description: Official text editor of the MATE desktop environment # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pluma.local +include pluma.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/pluma -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/polari.profile b/etc/polari.profile index cb6b0f73c..5aa1f6a46 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -2,15 +2,15 @@ # Description: Internet Relay Chat (IRC) client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/polari.local +include polari.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/telepathy mkdir ${HOME}/.config/telepathy-account-widgets @@ -24,7 +24,7 @@ whitelist ${HOME}/.local/share/Empathy whitelist ${HOME}/.local/share/TpLogger whitelist ${HOME}/.local/share/telepathy whitelist ${HOME}/.purple -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 8fcc19e65..fc37e6fd2 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile @@ -2,23 +2,23 @@ # Description: A PSP emulator written in C++ # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ppsspp.local +include ppsspp.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/ppsspp noblacklist ${DOCUMENTS} # with >=llvm-4 mesa drivers need llvm stuff noblacklist /usr/lib/llvm* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index d2612c95c..d04690cf9 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -2,18 +2,18 @@ # Description: Qt-based XMPP/Jabber client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/psi-plus.local +include psi-plus.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/psi+ noblacklist ${HOME}/.local/share/psi+ -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/psi+ mkdir ${HOME}/.config/psi+ @@ -22,7 +22,7 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/psi+ whitelist ${HOME}/.config/psi+ whitelist ${HOME}/.local/share/psi+ -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 02c35b104..94abe0a5c 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile @@ -1,9 +1,9 @@ # Firejail profile for pybitmessage # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pybitmessage.local +include pybitmessage.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist /sbin noblacklist /usr/local/sbin @@ -15,13 +15,13 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-interpreters.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-interpreters.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 89bb9dadf..aa145498c 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile @@ -1,9 +1,9 @@ # Firejail profile for pycharm-community # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/pycharm-community.local +include pycharm-community.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/snap noblacklist ${HOME}/.PyCharmCE* @@ -15,10 +15,10 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all machine-id diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile index b28082dc4..a14d0268b 100644 --- a/etc/pycharm-professional.profile +++ b/etc/pycharm-professional.profile @@ -4,4 +4,4 @@ noblacklist ${HOME}/.PyCharm* # Redirect -include /etc/firejail/pycharm-community.profile +include pycharm-community.profile diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 4ba5d3871..e5568a2fa 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -2,9 +2,9 @@ # Description: BitTorrent client based on libtorrent-rasterbar with a Qt5 GUI # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qbittorrent.local +include qbittorrent.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/qBittorrent noblacklist ${HOME}/.config/qBittorrent @@ -17,11 +17,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/qBittorrent mkdir ${HOME}/.config/qBittorrent @@ -31,8 +31,8 @@ whitelist ${HOME}/.cache/qBittorrent whitelist ${HOME}/.config/qBittorrent whitelist ${HOME}/.config/qBittorrentrc whitelist ${HOME}/.local/share/data/qBittorrent -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 263c71535..ac60384fd 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile @@ -1,15 +1,15 @@ # Firejail profile for qemu-launcher # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qemu-launcher.local +include qemu-launcher.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.qemu-launcher -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 3ab25e92e..1399328d3 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile @@ -1,14 +1,14 @@ # Firejail profile for qemu-system-x86_64 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qemu-system-x86_64.local +include qemu-system-x86_64.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 1293fa30d..3aa6c1a59 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile @@ -2,18 +2,18 @@ # Description: Lightweight and cross-platform clipboard history applet # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qlipper.local +include qlipper.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Qlipper -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/qmmp.profile b/etc/qmmp.profile index 9d127731f..fccd6b1f8 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile @@ -2,18 +2,18 @@ # Description: Feature-rich audio player with support of many formats # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qmmp.local +include qmmp.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.qmmp noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 3063010cc..851cad4ae 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile @@ -2,22 +2,22 @@ # Description: Tabbed document viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qpdfview.local +include qpdfview.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/qpdfview noblacklist ${HOME}/.local/share/qpdfview noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/qtox.profile b/etc/qtox.profile index 3c1697085..0cd434b08 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -2,23 +2,23 @@ # Description: Powerful Tox client written in C++/Qt that follows the Tox design guidelines # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qtox.local +include qtox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/tox -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/tox whitelist ${DOWNLOADS} whitelist ${HOME}/.config/tox -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/quassel.profile b/etc/quassel.profile index 69c6aa61b..a78d1edcd 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -2,15 +2,15 @@ # Description: Distributed IRC client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/quassel.local +include quassel.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 368a3d996..3d979a5b2 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -2,20 +2,20 @@ # Description: RSS/Atom news feeds reader # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/quiterss.local +include quiterss.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/QuiteRss noblacklist ${HOME}/.config/QuiteRss noblacklist ${HOME}/.config/QuiteRssrc noblacklist ${HOME}/.local/share/QuiteRss -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/QuiteRss mkdir ${HOME}/.config/QuiteRss @@ -27,7 +27,7 @@ whitelist ${HOME}/.config/QuiteRssrc whitelist ${HOME}/.local/share/data/QuiteRss whitelist ${HOME}/.local/share/QuiteRss whitelist ${HOME}/quiterssfeeds.opml -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index e73e8a5e1..ad04b892d 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -1,24 +1,24 @@ # Firejail profile for qupzilla # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qupzilla.local +include qupzilla.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/qupzilla noblacklist ${HOME}/.config/qupzilla -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/qupzilla whitelist ${HOME}/.config/qupzilla -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index d4d8e3b97..ac9f9bfd9 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -2,9 +2,9 @@ # Description: Keyboard-driven, vim-like browser based on PyQt5 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/qutebrowser.local +include qutebrowser.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/qutebrowser noblacklist ${HOME}/.config/qutebrowser @@ -19,10 +19,10 @@ noblacklist /usr/lib/python3* # with >=llvm-4 mesa drivers need llvm stuff noblacklist /usr/lib/llvm* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/qutebrowser mkdir ${HOME}/.config/qutebrowser @@ -31,7 +31,7 @@ whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/qutebrowser whitelist ${HOME}/.config/qutebrowser whitelist ${HOME}/.local/share/qutebrowser -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/rambox.profile b/etc/rambox.profile index afe9b41e7..6c65f869b 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile @@ -1,24 +1,24 @@ # Firejail profile for rambox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/rambox.local +include rambox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Rambox noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.config/Rambox mkdir ${HOME}/.pki whitelist ${DOWNLOADS} whitelist ${HOME}/.config/Rambox whitelist ${HOME}/.pki -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/ranger.profile b/etc/ranger.profile index fe4131e88..ea3137512 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -2,9 +2,9 @@ # Description: File manager with an ncurses frontend written in Python # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ranger.local +include ranger.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/ranger @@ -20,11 +20,11 @@ noblacklist ${PATH}/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile index 7271ac2f4..100ee57e3 100644 --- a/etc/redeclipse.profile +++ b/etc/redeclipse.profile @@ -2,22 +2,22 @@ # Description: Free, casual arena shooter # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/redeclipse.local +include redeclipse.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.redeclipse -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.redeclipse whitelist ${HOME}/.redeclipse -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/remmina.profile b/etc/remmina.profile index 51c0f2d17..d23c1dc6d 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile @@ -2,23 +2,23 @@ # Description: GTK+ Remote Desktop Client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/remmina.local +include remmina.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.remmina noblacklist ${HOME}/.config/remmina noblacklist ${HOME}/.local/share/remmina noblacklist ${HOME}/.ssh -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all nodvd diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 7dc6470f9..39330b4d1 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -2,21 +2,21 @@ # Description: Music player and organizer for GNOME # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/rhythmbox.local +include rhythmbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc +include disable-common.inc +include disable-devel.inc # rhythmbox is using Python -#include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +#include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/ricochet.profile b/etc/ricochet.profile index 2e2143a54..715642185 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile @@ -1,22 +1,22 @@ # Firejail profile for ricochet # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ricochet.local +include ricochet.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/Ricochet -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/.local/share/Ricochet -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile index cc8b68ebb..fececd850 100644 --- a/etc/riot-desktop.profile +++ b/etc/riot-desktop.profile @@ -2,9 +2,9 @@ # Description: A glossy Matrix collaboration client for the desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/riot-desktop.local +include riot-desktop.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/riot-web.profile +include riot-web.profile diff --git a/etc/riot-web.profile b/etc/riot-web.profile index 5379223c5..c9f597626 100644 --- a/etc/riot-web.profile +++ b/etc/riot-web.profile @@ -2,15 +2,15 @@ # Description: A glossy Matrix collaboration client for the web # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/riot-web.local +include riot-web.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Riot mkdir ${HOME}/.config/Riot whitelist ${HOME}/.config/Riot -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc # Redirect -include /etc/firejail/electron.profile +include electron.profile diff --git a/etc/ristretto.profile b/etc/ristretto.profile index bb2a7e95b..42493db98 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -2,19 +2,19 @@ # Description: Lightweight picture-viewer for the Xfce desktop environment # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/ristretto.local +include ristretto.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/ristretto noblacklist ${HOME}/.Steam noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/rocketchat.profile b/etc/rocketchat.profile index da92cd938..c95bc3c3d 100644 --- a/etc/rocketchat.profile +++ b/etc/rocketchat.profile @@ -1,14 +1,14 @@ # Firejail profile for rocketchat # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/rocketchat.local +include rocketchat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Rocket.Chat whitelist ${HOME}/.config/Rocket.Chat -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc # Redirect -include /etc/firejail/electron.profile +include electron.profile diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index bdc5b9232..2ce3e9640 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -2,16 +2,16 @@ # Description: Ncurses BitTorrent client based on LibTorrent from rakshasa # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/rtorrent.local +include rtorrent.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all machine-id diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile index 05ffbfe20..794c38d6e 100644 --- a/etc/runenpass.sh.profile +++ b/etc/runenpass.sh.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/enpass.profile +include enpass.profile diff --git a/etc/rview.profile b/etc/rview.profile index 90481b019..b3a6bfbdc 100644 --- a/etc/rview.profile +++ b/etc/rview.profile @@ -1,10 +1,10 @@ # Firejail profile for rview # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/rview.local +include rview.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/rvim.profile b/etc/rvim.profile index 1070e9376..5481dfe43 100644 --- a/etc/rvim.profile +++ b/etc/rvim.profile @@ -1,10 +1,10 @@ # Firejail profile for rvim # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/rvim.local +include rvim.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/sayonara.profile b/etc/sayonara.profile index 8a369be7e..d978f722a 100644 --- a/etc/sayonara.profile +++ b/etc/sayonara.profile @@ -1,18 +1,18 @@ # Firejail profile for sayonara player # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/sayonara.local +include sayonara.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Sayonara noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/scallion.profile b/etc/scallion.profile index 35cd04f8f..1c2157d80 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/scallion.local +include scallion.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${PATH}/llvm* noblacklist /usr/lib/llvm* @@ -12,13 +12,13 @@ noblacklist ${PATH}/openssl noblacklist ${PATH}/openssl-1.0 noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/scribus.profile b/etc/scribus.profile index 375983667..0d718be1d 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -2,9 +2,9 @@ # Description: Open Source Desktop Page Layout # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/scribus.local +include scribus.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Support for PDF readers comes with Scribus 1.5 and higher noblacklist ${HOME}/.cache/okular @@ -32,14 +32,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index a2a54f838..d3124c257 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/sdat2img.local +include sdat2img.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Allow python (blacklisted by disable-interpreters.inc) noblacklist ${PATH}/python2* @@ -12,14 +12,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile index 1ceed99fd..e420d8124 100644 --- a/etc/seamonkey-bin.profile +++ b/etc/seamonkey-bin.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/seamonkey.profile +include seamonkey.profile diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index b702d8b23..9c38414bb 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -2,18 +2,18 @@ # Description: SeaMonkey internet suite # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/seamonkey.local +include seamonkey.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla noblacklist ${HOME}/.pki -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.cache/mozilla mkdir ${HOME}/.mozilla @@ -35,7 +35,7 @@ whitelist ${HOME}/.wine-pipelight whitelist ${HOME}/.wine-pipelight64 whitelist ${HOME}/.zotero whitelist ${HOME}/dwhelper -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/server.profile b/etc/server.profile index 8d3382dee..a544a6284 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -1,9 +1,9 @@ # Firejail profile for server # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/server.local +include server.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # generic server profile # it allows /sbin and /usr/sbin directories - this is where servers are installed @@ -15,12 +15,12 @@ noblacklist /sbin noblacklist /usr/sbin # noblacklist /var/opt -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -#include /etc/firejail/disable-xdg.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +#include disable-xdg.inc caps # ipc-namespace diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index 90fc9cb8c..7bc3febe0 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile @@ -3,20 +3,20 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/shellcheck.local +include shellcheck.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/shotcut.profile b/etc/shotcut.profile index e5a8ce4df..9167dda25 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile @@ -1,17 +1,17 @@ # Firejail profile for shotcut # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/shotcut.local +include shotcut.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Meltytech -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index c52f45f31..250f9d3a5 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile @@ -1,23 +1,23 @@ # Firejail profile for signal-desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/signal-desktop.local +include signal-desktop.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Signal -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-passwdmgr.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-passwdmgr.inc mkdir ${HOME}/.config/Signal whitelist ${DOWNLOADS} whitelist ${HOME}/.config/Signal -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 0fa19e610..67b54dd74 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile @@ -1,19 +1,19 @@ # Firejail profile for silentarmy # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/silentarmy.local +include silentarmy.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +# include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 30d2203de..85cb00ef1 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -2,19 +2,19 @@ # Description: Simple Scanning Utility # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/simple-scan.local +include simple-scan.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/simple-scan noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 3722d9414..5afa8e52e 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -2,21 +2,21 @@ # Description: Transportation simulator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/simutrans.local +include simutrans.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.simutrans -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.simutrans whitelist ${HOME}/.simutrans -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all net none diff --git a/etc/skanlite.profile b/etc/skanlite.profile index f8bca415d..76b050d18 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile @@ -2,18 +2,18 @@ # Description: Image scanner based on the KSane backend # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/skanlite.local +include skanlite.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all # net none diff --git a/etc/skype.profile b/etc/skype.profile index 04f15b454..c8d09c585 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -1,17 +1,17 @@ # Firejail profile for skype # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/skype.local +include skype.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Skype -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-devel.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index c675f0345..bccef9705 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile @@ -1,17 +1,17 @@ # Firejail profile for skypeforlinux # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/skypeforlinux.local +include skypeforlinux.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/skypeforlinux -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/slack.profile b/etc/slack.profile index ba77a16b9..3b60e7379 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -1,25 +1,25 @@ # Firejail profile for slack # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/slack.local +include slack.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Slack noblacklist ${HOME}/Downloads -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config mkdir ${HOME}/.config/Slack whitelist ${HOME}/.config/Slack whitelist ${HOME}/Downloads -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all name slack diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 6d8355e6f..c2628aa4d 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -2,23 +2,23 @@ # Description: Complete front-end for MPlayer and mpv # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/smplayer.local +include smplayer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/smplayer noblacklist ${HOME}/.mplayer noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/smtube.profile b/etc/smtube.profile index 430b4e5cf..3134aeaf3 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile @@ -2,9 +2,9 @@ # Description: YouTube videos browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/smtube.local +include smtube.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/smplayer noblacklist ${HOME}/.config/smtube @@ -15,14 +15,14 @@ noblacklist ${HOME}/.local/share/vlc noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/snap.profile b/etc/snap.profile index bcfdc8911..1c6d750e4 100644 --- a/etc/snap.profile +++ b/etc/snap.profile @@ -2,16 +2,16 @@ # Description: Location of genes from DNA sequence with hidden markov model # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/snap.local +include snap.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Generic Ubuntu snap application profile -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${DOWNLOADS} whitelist ${HOME}/snap -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc diff --git a/etc/snox.profile b/etc/snox.profile index 22bb0cdb0..3b3fd1ae1 100644 --- a/etc/snox.profile +++ b/etc/snox.profile @@ -1,9 +1,9 @@ # Firejail profile for snox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/snox.local +include snox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/snox noblacklist ${HOME}/.config/snox @@ -16,4 +16,4 @@ whitelist ${HOME}/.cache/snox whitelist ${HOME}/.config/snox # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/soffice.profile b/etc/soffice.profile index c702a4ece..ea0f84631 100644 --- a/etc/soffice.profile +++ b/etc/soffice.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/libreoffice.profile +include libreoffice.profile diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 69efe5244..6c1894dc4 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile @@ -2,9 +2,9 @@ # Description: GNOME application to convert audio files into other formats # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/soundconverter.local +include soundconverter.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${MUSIC} @@ -14,14 +14,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index 18d3a0575..350f10632 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/spectre-meltdown-checker.local +include spectre-meltdown-checker.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # sudo firejail --allow-debuggers spectre-meltdown-checker @@ -18,14 +18,14 @@ noblacklist ${PATH}/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.keep sys_rawio ipc-namespace diff --git a/etc/spotify.profile b/etc/spotify.profile index 3adf3183c..cd42b781d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -1,9 +1,9 @@ # Firejail profile for spotify # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/spotify.local +include spotify.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist ${HOME}/.bashrc blacklist /lost+found @@ -14,11 +14,11 @@ noblacklist ${HOME}/.cache/spotify noblacklist ${HOME}/.config/spotify noblacklist ${HOME}/.local/share/spotify -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/spotify mkdir ${HOME}/.config/spotify @@ -26,8 +26,8 @@ mkdir ${HOME}/.local/share/spotify whitelist ${HOME}/.cache/spotify whitelist ${HOME}/.config/spotify whitelist ${HOME}/.local/share/spotify -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 0f030d559..6e9c0022e 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile @@ -2,21 +2,21 @@ # Description: GUI editor for SQLite databases # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/sqlitebrowser.local +include sqlitebrowser.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/sqlitebrowser noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index b71c20231..02b66955f 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -2,9 +2,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/ssh-agent.local +include ssh-agent.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix @@ -12,9 +12,9 @@ noblacklist /etc/ssh noblacklist /tmp/ssh-* noblacklist ${HOME}/.ssh -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc shell none caps.drop all diff --git a/etc/ssh.profile b/etc/ssh.profile index 584294f05..cc94793f3 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -3,17 +3,17 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/ssh.local +include ssh.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist /etc/ssh noblacklist /tmp/ssh-* noblacklist ${HOME}/.ssh -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all ipc-namespace diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 9f62b42c5..d6dd2404d 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile @@ -1,24 +1,24 @@ # Firejail profile for standardnotes-desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/standardnotes-desktop.local +include standardnotes-desktop.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/Standard Notes Backups noblacklist ${HOME}/.config/Standard Notes -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/Standard Notes Backups mkdir ${HOME}/.config/Standard Notes whitelist ${HOME}/Standard Notes Backups whitelist ${HOME}/.config/Standard Notes -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile index c17815969..2b01eca88 100644 --- a/etc/start-tor-browser.desktop.profile +++ b/etc/start-tor-browser.desktop.profile @@ -63,4 +63,4 @@ mkdir ${HOME}/.tor-browser-zh-cn: whitelist ${HOME}/.tor-browser-zh-cn: # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 4d9ebcb2e..a7e99a7fb 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -1,19 +1,19 @@ # Firejail profile for start-tor-browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/start-tor-browser.local +include start-tor-browser.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/steam-native.profile b/etc/steam-native.profile index b85b1659b..47608ad28 100644 --- a/etc/steam-native.profile +++ b/etc/steam-native.profile @@ -2,4 +2,4 @@ # This file is overwritten after every install/update # Redirect -include /etc/firejail/steam.profile +include steam.profile diff --git a/etc/steam.profile b/etc/steam.profile index 903384ecf..7ea9d7abf 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -2,9 +2,9 @@ # Description: Valve's Steam digital software delivery system # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/steam.local +include steam.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.killingfloor @@ -37,13 +37,13 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all #ipc-namespace diff --git a/etc/stellarium.profile b/etc/stellarium.profile index cddbd99d6..229f871c6 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -2,25 +2,25 @@ # Description: Real-time photo-realistic sky generator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/stellarium.local +include stellarium.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/stellarium noblacklist ${HOME}/.stellarium -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/stellarium mkdir ${HOME}/.stellarium whitelist ${HOME}/.config/stellarium whitelist ${HOME}/.stellarium -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/strings.profile b/etc/strings.profile index ae2fbf18f..3791486c5 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -2,10 +2,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/strings.local +include strings.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -30,4 +30,4 @@ memory-deny-write-execute noexec ${HOME} noexec /tmp -include /etc/firejail/default.profile +include default.profile diff --git a/etc/studio.sh.profile b/etc/studio.sh.profile index b4eee28df..d556521e1 100644 --- a/etc/studio.sh.profile +++ b/etc/studio.sh.profile @@ -1,4 +1,4 @@ # Firejail profile alias for Android Studio # Redirect -include /etc/firejail/android-studio.profile +include android-studio.profile diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 84083e9aa..789a75ad0 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -1,22 +1,22 @@ # Firejail profile for supertux2 # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/supertux2.local +include supertux2.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.local/share/supertux2 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.local/share/supertux2 whitelist ${HOME}/.local/share/supertux2 -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/surf.profile b/etc/surf.profile index 3d40ea49b..d98946cc8 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -2,20 +2,20 @@ # Description: Simple web browser by suckless community # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/surf.local +include surf.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.surf -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.surf whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/sylpheed.profile b/etc/sylpheed.profile index 5f30c95ba..ec29b38e3 100644 --- a/etc/sylpheed.profile +++ b/etc/sylpheed.profile @@ -2,17 +2,17 @@ # Description: Light weight e-mail client with GTK+ # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/sylpheed.local +include sylpheed.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.sylpheed-2.0 -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 0fc59fd17..ca0969a3b 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -2,18 +2,18 @@ # Description: Vector-based 2D animation package # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/synfigstudio.local +include synfigstudio.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/synfig noblacklist ${HOME}/.synfig -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/tar.profile b/etc/tar.profile index 7409393c6..ff49fba47 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/tar.local +include tar.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -28,4 +28,4 @@ private-dev private-etc passwd,group,localtime private-lib -include /etc/firejail/default.profile +include default.profile diff --git a/etc/teamspeak3.profile b/etc/teamspeak3.profile index 55a95157d..196ec7437 100644 --- a/etc/teamspeak3.profile +++ b/etc/teamspeak3.profile @@ -2,23 +2,23 @@ # Description: TeamSpeak is software for quality voice communication via the Internet # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/teamspeak3.local +include teamspeak3.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.ts3client noblacklist ${PATH}/openssl -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.ts3client whitelist ${DOWNLOADS} whitelist ${HOME}/.ts3client -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/telegram-desktop.profile b/etc/telegram-desktop.profile index 9e4855247..ef60bdc8c 100644 --- a/etc/telegram-desktop.profile +++ b/etc/telegram-desktop.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/telegram.profile +include telegram.profile diff --git a/etc/telegram.profile b/etc/telegram.profile index 9ffb9f287..fb2c06a27 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -1,17 +1,17 @@ # Firejail profile for telegram # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/telegram.local +include telegram.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.TelegramDesktop noblacklist ${HOME}/.local/share/TelegramDesktop -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/terasology.profile b/etc/terasology.profile index fa45eb880..dff5391f7 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -1,9 +1,9 @@ # Firejail profile for terasology # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/terasology.local +include terasology.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.local/share/terasology @@ -14,17 +14,17 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.java mkdir ${HOME}/.local/share/terasology whitelist ${HOME}/.java whitelist ${HOME}/.local/share/terasology -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all ipc-namespace diff --git a/etc/thunar.profile b/etc/thunar.profile index 37d10ae0d..0c7a048c4 100644 --- a/etc/thunar.profile +++ b/etc/thunar.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/Thunar.profile +include Thunar.profile diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile index 73d2419da..2bd06cb14 100644 --- a/etc/thunderbird-beta.profile +++ b/etc/thunderbird-beta.profile @@ -5,4 +5,4 @@ whitelist /opt/thunderbird-beta # Redirect -include /etc/firejail/thunderbird.profile +include thunderbird.profile diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 86671d1be..5f1af91be 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile @@ -2,9 +2,9 @@ # Description: Email, RSS and newsgroup client with integrated spam filter # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/thunderbird.local +include thunderbird.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Users have thunderbird set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories @@ -38,4 +38,4 @@ writable-run-user # allow browsers # Redirect -include /etc/firejail/firefox.profile +include firefox.profile diff --git a/etc/tilp.profile b/etc/tilp.profile index 7d63df630..ecacd1deb 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile @@ -1,17 +1,17 @@ # Firejail profile for tilp # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/tilp.local +include tilp.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.tilp -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/tor-browser-ar.profile b/etc/tor-browser-ar.profile index a668a05d4..612b2d01b 100644 --- a/etc/tor-browser-ar.profile +++ b/etc/tor-browser-ar.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ar whitelist ${HOME}/.tor-browser-ar # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-en-us.profile b/etc/tor-browser-en-us.profile index 195377f0f..db56dda1b 100644 --- a/etc/tor-browser-en-us.profile +++ b/etc/tor-browser-en-us.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en-us whitelist ${HOME}/.tor-browser-en-us # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-en.profile b/etc/tor-browser-en.profile index 75aad1a09..ad4110c0e 100644 --- a/etc/tor-browser-en.profile +++ b/etc/tor-browser-en.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-en whitelist ${HOME}/.tor-browser-en # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-es-es.profile b/etc/tor-browser-es-es.profile index b6e5dedbc..1aa586658 100644 --- a/etc/tor-browser-es-es.profile +++ b/etc/tor-browser-es-es.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es-es whitelist ${HOME}/.tor-browser-es-es # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-es.profile b/etc/tor-browser-es.profile index c607c93e3..a386e3387 100644 --- a/etc/tor-browser-es.profile +++ b/etc/tor-browser-es.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-es whitelist ${HOME}/.tor-browser-es # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-fa.profile b/etc/tor-browser-fa.profile index 3ce689c21..7f847a7c2 100644 --- a/etc/tor-browser-fa.profile +++ b/etc/tor-browser-fa.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fa whitelist ${HOME}/.tor-browser-fa # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-fr.profile b/etc/tor-browser-fr.profile index 369184aba..bce470ec8 100644 --- a/etc/tor-browser-fr.profile +++ b/etc/tor-browser-fr.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-fr whitelist ${HOME}/.tor-browser-fr # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-it.profile b/etc/tor-browser-it.profile index e5d54617d..3c239ca29 100644 --- a/etc/tor-browser-it.profile +++ b/etc/tor-browser-it.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-it whitelist ${HOME}/.tor-browser-it # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-ja.profile b/etc/tor-browser-ja.profile index a3cfa1987..c52e0f64e 100644 --- a/etc/tor-browser-ja.profile +++ b/etc/tor-browser-ja.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ja whitelist ${HOME}/.tor-browser-ja # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-ko.profile b/etc/tor-browser-ko.profile index 6a7fe905c..8faa5afa1 100644 --- a/etc/tor-browser-ko.profile +++ b/etc/tor-browser-ko.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ko whitelist ${HOME}/.tor-browser-ko # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-pl.profile b/etc/tor-browser-pl.profile index e72d64a3e..08ddd4ae7 100644 --- a/etc/tor-browser-pl.profile +++ b/etc/tor-browser-pl.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pl whitelist ${HOME}/.tor-browser-pl # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-pt-br.profile b/etc/tor-browser-pt-br.profile index d3a5d1b79..9942a3fe8 100644 --- a/etc/tor-browser-pt-br.profile +++ b/etc/tor-browser-pt-br.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-pt-br whitelist ${HOME}/.tor-browser-pt-br # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-ru.profile b/etc/tor-browser-ru.profile index 22b772b28..6294f8ca0 100644 --- a/etc/tor-browser-ru.profile +++ b/etc/tor-browser-ru.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-ru whitelist ${HOME}/.tor-browser-ru # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-vi.profile b/etc/tor-browser-vi.profile index cd1c5b0b3..734c38698 100644 --- a/etc/tor-browser-vi.profile +++ b/etc/tor-browser-vi.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-vi whitelist ${HOME}/.tor-browser-vi # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor-browser-zh-cn.profile b/etc/tor-browser-zh-cn.profile index bf1bc75d6..21e813e45 100644 --- a/etc/tor-browser-zh-cn.profile +++ b/etc/tor-browser-zh-cn.profile @@ -7,4 +7,4 @@ mkdir ${HOME}/.tor-browser-zh-cn whitelist ${HOME}/.tor-browser-zh-cn # Redirect -include /etc/firejail/torbrowser-launcher.profile +include torbrowser-launcher.profile diff --git a/etc/tor.profile b/etc/tor.profile index ddaa9806c..c455f1864 100644 --- a/etc/tor.profile +++ b/etc/tor.profile @@ -2,9 +2,9 @@ # Description: Anonymizing overlay network for TCP # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/tor.local +include tor.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # How to use: # Create a script called anything (e.g. mytor) @@ -17,12 +17,12 @@ include /etc/firejail/globals.local # You'll also likely want to disable the system service (if it exists) # Run mytor (or whatever you called the script above) whenever you want to start tor -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.keep setuid,setgid,net_bind_service,dac_read_search ipc-namespace diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 307377acc..617518eeb 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -2,9 +2,9 @@ # Description: Helps download and run the Tor Browser Bundle # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/torbrowser-launcher.local +include torbrowser-launcher.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/torbrowser noblacklist ${HOME}/.local/share/torbrowser @@ -15,20 +15,20 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.config/torbrowser mkdir ${HOME}/.local/share/torbrowser whitelist ${DOWNLOADS} whitelist ${HOME}/.config/torbrowser whitelist ${HOME}/.local/share/torbrowser -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/totem.profile b/etc/totem.profile index bfa5883e2..e5be49084 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -2,23 +2,23 @@ # Description: Simple media player for the GNOME desktop based on GStreamer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/totem.local +include totem.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/totem noblacklist ${HOME}/.local/share/totem noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/tracker.profile b/etc/tracker.profile index 142089c34..6d86b2951 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -2,19 +2,19 @@ # Description: Metadata database, indexer and search tool # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/tracker.local +include tracker.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Tracker is started by systemd on most systems. Therefore it is not firejailed by default blacklist /tmp/.X11-unix -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 1a22a713c..bcd1bacb0 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile @@ -2,18 +2,18 @@ # Description: Lightweight BitTorrent client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/transmission-cli.local +include transmission-cli.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/transmission noblacklist ${HOME}/.config/transmission -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all machine-id diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 758205ccf..134232460 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -2,26 +2,26 @@ # Description: Lightweight BitTorrent client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/transmission-gtk.local +include transmission-gtk.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/transmission noblacklist ${HOME}/.config/transmission -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/transmission mkdir ${HOME}/.config/transmission whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/transmission whitelist ${HOME}/.config/transmission -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index c8eb9e326..5679229e9 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -2,26 +2,26 @@ # Description: Lightweight BitTorrent client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/transmission-qt.local +include transmission-qt.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/transmission noblacklist ${HOME}/.config/transmission -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/transmission mkdir ${HOME}/.config/transmission whitelist ${DOWNLOADS} whitelist ${HOME}/.cache/transmission whitelist ${HOME}/.config/transmission -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc apparmor caps.drop all diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 06b79effd..e0bc9e309 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -1,18 +1,18 @@ # Firejail profile for transmission-show # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/transmission-show.local +include transmission-show.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/transmission noblacklist ${HOME}/.config/transmission -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all machine-id diff --git a/etc/truecraft.profile b/etc/truecraft.profile index 1eb7b65ba..7151e62f8 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile @@ -1,24 +1,24 @@ # Firejail profile for truecraft # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/truecraft.local +include truecraft.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/mono noblacklist ${HOME}/.config/truecraft -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/mono mkdir ${HOME}/.config/truecraft whitelist ${HOME}/.config/mono whitelist ${HOME}/.config/truecraft -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all nodvd diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index d467e1a83..d6243720a 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -2,9 +2,9 @@ # Description: Multitrack guitar tablature editor and player (gp3 to gp5) # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/tuxguitar.local +include tuxguitar.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.tuxguitar* @@ -17,14 +17,14 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/uefitool.profile b/etc/uefitool.profile index d4016d061..ec0adef3a 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile @@ -1,18 +1,18 @@ # Firejail profile for uefitool # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/uefitool.local +include uefitool.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 3c3c685e0..7e718d4e5 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -1,21 +1,21 @@ # Firejail profile for uget-gtk # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/uget-gtk.local +include uget-gtk.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/uGet -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.config/uGet whitelist ${DOWNLOADS} whitelist ${HOME}/.config/uGet -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/unbound.profile b/etc/unbound.profile index 5bc350e8d..05f24ea99 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -2,21 +2,21 @@ # Description: Validating, recursive, caching DNS resolver # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/unbound.local +include unbound.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist /sbin noblacklist /usr/sbin -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc whitelist /var/lib/unbound whitelist /var/run diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 5b2944a88..3f2f395c4 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -2,19 +2,19 @@ # Description: 2D realtime strategy simulation # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/unknown-horizons.local +include unknown-horizons.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.unknown-horizons -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.unknown-horizons whitelist ${HOME}/.unknown-horizons -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all nodvd diff --git a/etc/unlzma.profile b/etc/unlzma.profile index cd79eebc6..748dad2e3 100644 --- a/etc/unlzma.profile +++ b/etc/unlzma.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/unrar.profile b/etc/unrar.profile index c8c72f1f3..7a2a73cd8 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/unrar.local +include unrar.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -27,4 +27,4 @@ private-dev private-etc passwd,group,localtime private-tmp -include /etc/firejail/default.profile +include default.profile diff --git a/etc/unxz.profile b/etc/unxz.profile index cd79eebc6..748dad2e3 100644 --- a/etc/unxz.profile +++ b/etc/unxz.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/unzip.profile b/etc/unzip.profile index 0b8b0cc50..549a239d0 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/unzip.local +include unzip.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -29,4 +29,4 @@ private-etc passwd,group,localtime # GNOME Shell integration (chrome-gnome-shell) noblacklist ${HOME}/.local/share/gnome-shell -include /etc/firejail/default.profile +include default.profile diff --git a/etc/uudeview.profile b/etc/uudeview.profile index d1130960d..ec123a3f6 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/uudeview.local +include uudeview.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local hostname uudeview ignore noroot @@ -24,4 +24,4 @@ private-cache private-dev private-etc ld.so.preload -include /etc/firejail/default.profile +include default.profile diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index b8a3fa497..7e6b35d13 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile @@ -1,9 +1,9 @@ # Firejail profile for uzbl-browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/uzbl-browser.local +include uzbl-browser.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/uzbl noblacklist ${HOME}/.gnupg @@ -15,10 +15,10 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.config/uzbl mkdir ${HOME}/.gnupg @@ -29,7 +29,7 @@ whitelist ${HOME}/.config/uzbl whitelist ${HOME}/.gnupg whitelist ${HOME}/.local/share/uzbl whitelist ${HOME}/.password-store -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 08f9fd309..d459d5b88 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -2,9 +2,9 @@ # Description: Simple, fast and elegant image viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/viewnior.local +include viewnior.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist ${HOME}/.bashrc @@ -12,11 +12,11 @@ noblacklist ${HOME}/.Steam noblacklist ${HOME}/.config/viewnior noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all net none diff --git a/etc/viking.profile b/etc/viking.profile index 624cb962b..2f3ac8edb 100644 --- a/etc/viking.profile +++ b/etc/viking.profile @@ -2,20 +2,20 @@ # Description: GPS data editor, analyzer and viewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/viking.local +include viking.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.viking noblacklist ${HOME}/.viking-maps noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/vim.profile b/etc/vim.profile index 1f98a018a..623aa39ff 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -2,17 +2,17 @@ # Description: Vi IMproved - enhanced vi editor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vim.local +include vim.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.vim noblacklist ${HOME}/.viminfo noblacklist ${HOME}/.vimrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/vimcat.profile b/etc/vimcat.profile index 5067c2fd1..a8f7758e0 100644 --- a/etc/vimcat.profile +++ b/etc/vimcat.profile @@ -1,10 +1,10 @@ # Firejail profile for vimcat # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vimcat.local +include vimcat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/vimdiff.profile b/etc/vimdiff.profile index f89a2c112..53a5c6224 100644 --- a/etc/vimdiff.profile +++ b/etc/vimdiff.profile @@ -1,10 +1,10 @@ # Firejail profile for vimdiff # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vimdiff.local +include vimdiff.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/vimpager.profile b/etc/vimpager.profile index 9c59cb82f..ef2c20ef1 100644 --- a/etc/vimpager.profile +++ b/etc/vimpager.profile @@ -2,10 +2,10 @@ # Description: A vim-based script to use as a PAGER # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vimpager.local +include vimpager.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/vimtutor.profile b/etc/vimtutor.profile index 83851d37e..7330d6da2 100644 --- a/etc/vimtutor.profile +++ b/etc/vimtutor.profile @@ -1,10 +1,10 @@ # Firejail profile for vimtutor # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vimtutor.local +include vimtutor.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index c634348c7..1ef44dd5c 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile @@ -2,9 +2,9 @@ # Description: x86 virtualization solution # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/virtualbox.local +include virtualbox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.VirtualBox noblacklist ${HOME}/.config/VirtualBox @@ -13,17 +13,17 @@ noblacklist ${HOME}/VirtualBox VMs noblacklist /usr/lib/virtualbox noblacklist /usr/lib64/virtualbox -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/VirtualBox mkdir ${HOME}/VirtualBox VMs whitelist ${HOME}/.config/VirtualBox whitelist ${HOME}/VirtualBox VMs whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/vivaldi-beta.profile b/etc/vivaldi-beta.profile index d1ceb74f4..bee5d6be6 100644 --- a/etc/vivaldi-beta.profile +++ b/etc/vivaldi-beta.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/vivaldi.profile +include vivaldi.profile diff --git a/etc/vivaldi-snapshot.profile b/etc/vivaldi-snapshot.profile index f8691025f..ea4a4009f 100644 --- a/etc/vivaldi-snapshot.profile +++ b/etc/vivaldi-snapshot.profile @@ -1,9 +1,9 @@ # Firejail profile for vivaldi-snapshot # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vivaldi-snapshot.local +include vivaldi-snapshot.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/vivaldi-snapshot noblacklist ${HOME}/.config/vivaldi-snapshot @@ -14,4 +14,4 @@ whitelist ${HOME}/.cache/vivaldi-snapshot whitelist ${HOME}/.config/vivaldi-snapshot # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/vivaldi-stable.profile b/etc/vivaldi-stable.profile index d1ceb74f4..bee5d6be6 100644 --- a/etc/vivaldi-stable.profile +++ b/etc/vivaldi-stable.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/vivaldi.profile +include vivaldi.profile diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 8b37ca40b..96f1bd99d 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -1,9 +1,9 @@ # Firejail profile for vivaldi # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vivaldi.local +include vivaldi.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/vivaldi noblacklist ${HOME}/.config/vivaldi @@ -17,4 +17,4 @@ whitelist ${HOME}/.config/vivaldi ignore nodbus # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/vlc.profile b/etc/vlc.profile index 594a5944b..d9e8dc338 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -2,9 +2,9 @@ # Description: Multimedia player and streamer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vlc.local +include vlc.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/vlc noblacklist ${HOME}/.config/vlc @@ -12,14 +12,14 @@ noblacklist ${HOME}/.local/share/vlc noblacklist ${MUSIC} noblacklist ${VIDEOS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc #apparmor - on Ubuntu 18.04 it refuses to start without dbus access caps.drop all diff --git a/etc/vym.profile b/etc/vym.profile index bb044069d..a7b86e355 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -2,17 +2,17 @@ # Description: Mindmapping tool # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/vym.local +include vym.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/InSilmaril -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/w3m.profile b/etc/w3m.profile index 858b30a5f..af39afd89 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -2,20 +2,20 @@ # Description: WWW browsable pager with excellent tables/frames support # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/w3m.local +include w3m.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist ${HOME}/.w3m -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 632a56074..a5f1f27b2 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -2,24 +2,24 @@ # Description: 3D real time strategy game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/warzone2100.local +include warzone2100.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.warzone2100-3.* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc # mkdir ${HOME}/.warzone2100-3.1 # mkdir ${HOME}/.warzone2100-3.2 whitelist ${HOME}/.warzone2100-3.1 whitelist ${HOME}/.warzone2100-3.2 -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/waterfox.profile b/etc/waterfox.profile index fdd299bbf..3dc21958d 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -1,9 +1,9 @@ # Firejail profile for waterfox # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/waterfox.local +include waterfox.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.cache/waterfox @@ -25,4 +25,4 @@ whitelist ${HOME}/.waterfox #private-etc waterfox # Redirect -include /etc/firejail/firefox-common.profile +include firefox-common.profile diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 1a77fd833..ef582808b 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile @@ -1,9 +1,9 @@ # Firejail profile for WebStorm # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/webstorm.local +include webstorm.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.WebStorm* noblacklist ${HOME}/.android @@ -17,11 +17,11 @@ noblacklist ${HOME}/.tooling noblacklist ${PATH}/node noblacklist ${HOME}/.nvm -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-devel.inc +include disable-interpreters.inc caps.drop all netfilter diff --git a/etc/weechat-curses.profile b/etc/weechat-curses.profile index 0da7d45d6..4e9d6826c 100644 --- a/etc/weechat-curses.profile +++ b/etc/weechat-curses.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/weechat.profile +include weechat.profile diff --git a/etc/weechat.profile b/etc/weechat.profile index 213271367..99b34048f 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -2,14 +2,14 @@ # Description: Fast, light and extensible chat client # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/weechat.local +include weechat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.weechat -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 215d2e72d..1261ea2c2 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -2,19 +2,19 @@ # Description: Fantasy turn-based strategy game # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/wesnoth.local +include wesnoth.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/wesnoth noblacklist ${HOME}/.config/wesnoth noblacklist ${HOME}/.local/share/wesnoth -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.cache/wesnoth mkdir ${HOME}/.config/wesnoth @@ -22,7 +22,7 @@ mkdir ${HOME}/.local/share/wesnoth whitelist ${HOME}/.cache/wesnoth whitelist ${HOME}/.config/wesnoth whitelist ${HOME}/.local/share/wesnoth -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all nodvd diff --git a/etc/wget.profile b/etc/wget.profile index abe2436d7..9ecae527e 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -3,19 +3,19 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/wget.local +include wget.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist /tmp/.X11-unix noblacklist ${HOME}/.wgetrc -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 92ee288dc..38ec5d85d 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc @@ -1,5 +1,5 @@ # Local customizations come here -include /etc/firejail/whitelist-common.local +include whitelist-common.local # common whitelist for all profiles diff --git a/etc/whitelist-var-common.inc b/etc/whitelist-var-common.inc index 024995f20..e2210057b 100644 --- a/etc/whitelist-var-common.inc +++ b/etc/whitelist-var-common.inc @@ -1,5 +1,5 @@ # Local customizations come here -include /etc/firejail/whitelist-var-common.local +include whitelist-var-common.local # common /var whitelist for all profiles diff --git a/etc/whois.profile b/etc/whois.profile index 3ef2e1476..ee95dda39 100644 --- a/etc/whois.profile +++ b/etc/whois.profile @@ -2,18 +2,18 @@ quiet # Firejail profile for whois # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/whois.local +include whois.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -# include /etc/firejail/disable-devel.inc -# include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -#include /etc/firejail/disable-xdg.inc +include disable-common.inc +# include disable-devel.inc +# include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +#include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all # ipc-namespace diff --git a/etc/wine.profile b/etc/wine.profile index 88cdd2ffc..34c695cf1 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -2,9 +2,9 @@ # Description: A compatibility layer for running Windows programs # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/wine.local +include wine.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Steam noblacklist ${HOME}/.local/share/Steam @@ -14,10 +14,10 @@ noblacklist ${HOME}/.wine # with >=llvm-4 mesa drivers need llvm stuff noblacklist /usr/lib/llvm* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 64d2cefd5..e6c77ae15 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile @@ -1,23 +1,23 @@ # Firejail profile for wire-desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/wire-desktop.local +include wire-desktop.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/Wire -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.config/Wire whitelist ${HOME}/.config/Wire whitelist ${DOWNLOADS} -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/wireshark-gtk.profile b/etc/wireshark-gtk.profile index 26747379a..14978013d 100644 --- a/etc/wireshark-gtk.profile +++ b/etc/wireshark-gtk.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/wireshark.profile +include wireshark.profile diff --git a/etc/wireshark-qt.profile b/etc/wireshark-qt.profile index 26747379a..14978013d 100644 --- a/etc/wireshark-qt.profile +++ b/etc/wireshark-qt.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/wireshark.profile +include wireshark.profile diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 330f0140e..cbfe9af48 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -2,9 +2,9 @@ # Description: Network traffic analyzer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/wireshark.local +include wireshark.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/wireshark noblacklist ${HOME}/.wireshark @@ -16,14 +16,14 @@ noblacklist /usr/lib/lua noblacklist /usr/include/lua* noblacklist /usr/share/lua -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc apparmor # caps.drop all diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index ac8f0fe2a..497a8b87c 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile @@ -1,9 +1,9 @@ # Firejail profile for x-terminal-emulator # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/x-terminal-emulator.local +include x-terminal-emulator.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local caps.drop all ipc-namespace diff --git a/etc/xcalc.profile b/etc/xcalc.profile index dd7c66523..038e006d0 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile @@ -1,18 +1,18 @@ # Firejail profile for xcalc # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xcalc.local +include xcalc.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all net none diff --git a/etc/xchat.profile b/etc/xchat.profile index af6da1ac5..a94444aab 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -2,15 +2,15 @@ # Description: IRC client for X similar to AmIRC # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xchat.local +include xchat.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/xchat -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-programs.inc caps.drop all nodvd diff --git a/etc/xed.profile b/etc/xed.profile index f65b52658..b949f4549 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -1,9 +1,9 @@ # Firejail profile for xed # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xed.local +include xed.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/xed @@ -13,13 +13,13 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 207e62232..3dc525755 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -2,17 +2,17 @@ # Description: CD-burner application for Xfce Desktop Environment # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xfburn.local +include xfburn.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/xfburn -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index e84c78b24..104249be4 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile @@ -2,17 +2,17 @@ # Description: Dictionary plugin for Xfce4 panel # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xfce4-dict.local +include xfce4-dict.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/xfce4-dict -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 99aeebb7f..73e7d0625 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile @@ -2,19 +2,19 @@ # Description: Notes application for the Xfce4 desktop # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xfce4-notes.local +include xfce4-notes.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc noblacklist ${HOME}/.local/share/notes -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc caps.drop all netfilter diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 703579562..4cdf39af3 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -2,24 +2,24 @@ # Description: Environment for Bible reading, study, and research # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xiphos.local +include xiphos.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local blacklist ${HOME}/.bashrc noblacklist ${HOME}/.sword noblacklist ${HOME}/.xiphos -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist ${HOME}/.sword whitelist ${HOME}/.xiphos -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter diff --git a/etc/xmms.profile b/etc/xmms.profile index d016e0c23..e6fe72e94 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile @@ -1,19 +1,19 @@ # Firejail profile for xmms # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xmms.local +include xmms.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.xmms noblacklist ${MUSIC} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all netfilter diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 7a445f6a5..df4252578 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile @@ -1,22 +1,22 @@ # Firejail profile for xmr-stak # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xmr-stak.local +include xmr-stak.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.xmr-stak noblacklist /usr/lib/llvm* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.xmr-stak -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/xonotic-glx.profile b/etc/xonotic-glx.profile index 041a063bb..8a44fb587 100644 --- a/etc/xonotic-glx.profile +++ b/etc/xonotic-glx.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/xonotic.profile +include xonotic.profile diff --git a/etc/xonotic-sdl.profile b/etc/xonotic-sdl.profile index 041a063bb..8a44fb587 100644 --- a/etc/xonotic-sdl.profile +++ b/etc/xonotic-sdl.profile @@ -3,4 +3,4 @@ # Redirect -include /etc/firejail/xonotic.profile +include xonotic.profile diff --git a/etc/xonotic.profile b/etc/xonotic.profile index a7e8edc0f..4987d9ba7 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -2,22 +2,22 @@ # Description: A free, fast-paced crossplatform first-person shooter # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xonotic.local +include xonotic.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.xonotic -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.xonotic whitelist ${HOME}/.xonotic -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all netfilter diff --git a/etc/xpdf.profile b/etc/xpdf.profile index c12a3437c..ec76060fa 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -2,21 +2,21 @@ # Description: Portable Document Format (PDF) reader # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xpdf.local +include xpdf.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.xpdfrc noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all machine-id diff --git a/etc/xplayer-audio-preview.profile b/etc/xplayer-audio-preview.profile index a422b9989..78252c134 100644 --- a/etc/xplayer-audio-preview.profile +++ b/etc/xplayer-audio-preview.profile @@ -1,10 +1,10 @@ # Firejail profile for xplayer-audio-preview # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xplayer-audio-preview.local +include xplayer-audio-preview.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/xplayer.profile +include xplayer.profile diff --git a/etc/xplayer-video-thumbnailer.profile b/etc/xplayer-video-thumbnailer.profile index 1ec5250bf..ac8986c69 100644 --- a/etc/xplayer-video-thumbnailer.profile +++ b/etc/xplayer-video-thumbnailer.profile @@ -1,10 +1,10 @@ # Firejail profile for xplayer-video-thumbnailer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xplayer-video-thumbnailer.local +include xplayer-video-thumbnailer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/xplayer.profile +include xplayer.profile diff --git a/etc/xplayer.profile b/etc/xplayer.profile index f51362b6b..8d4dcf1e3 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -1,9 +1,9 @@ # Firejail profile for xplayer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xplayer.local +include xplayer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/xplayer noblacklist ${HOME}/.local/share/xplayer @@ -16,14 +16,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/xpra.profile b/etc/xpra.profile index 960c493b9..241b64497 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -2,9 +2,9 @@ # Description: Tool to detach/reattach running X programs # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xpra.local +include xpra.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. @@ -22,11 +22,11 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc whitelist /var/lib/xkb # whitelisting home directory, or including whitelist-common.inc diff --git a/etc/xreader-previewer.profile b/etc/xreader-previewer.profile index 4c42c147c..2d7e7644c 100644 --- a/etc/xreader-previewer.profile +++ b/etc/xreader-previewer.profile @@ -1,10 +1,10 @@ # Firejail profile for xreader-previewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xreader-previewer.local +include xreader-previewer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/xreader.profile +include xreader.profile diff --git a/etc/xreader-thumbnailer.profile b/etc/xreader-thumbnailer.profile index bc0bcbb67..d463787e6 100644 --- a/etc/xreader-thumbnailer.profile +++ b/etc/xreader-thumbnailer.profile @@ -1,10 +1,10 @@ # Firejail profile for xreader-thumbnailer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xreader-thumbnailer.local +include xreader-thumbnailer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/xreader.profile +include xreader.profile diff --git a/etc/xreader.profile b/etc/xreader.profile index 25e790fe0..6120ac19b 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -2,23 +2,23 @@ # Description: Document viewer for files like PDF and Postscript. X-Apps Project. # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xreader.local +include xreader.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/xreader noblacklist ${HOME}/.config/xreader noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc # Breaks xreader on Mint 18.3 -# include /etc/firejail/whitelist-var-common.inc +# include whitelist-var-common.inc # apparmor caps.drop all diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7ecc1ca0b..2ead137d4 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -1,22 +1,22 @@ # Firejail profile for xviewer # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xviewer.local +include xviewer.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.Steam noblacklist ${HOME}/.config/xviewer noblacklist ${HOME}/.local/share/Trash noblacklist ${HOME}/.steam -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc # apparmor - makes settings immutable caps.drop all diff --git a/etc/xxd.profile b/etc/xxd.profile index baee905b7..f5072da75 100644 --- a/etc/xxd.profile +++ b/etc/xxd.profile @@ -2,10 +2,10 @@ # Description: Tool to make (or reverse) a hex dump # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/xxd.local +include xxd.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local # Redirect -include /etc/firejail/vim.profile +include vim.profile diff --git a/etc/xz.profile b/etc/xz.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xz.profile +++ b/etc/xz.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzcat.profile b/etc/xzcat.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzcat.profile +++ b/etc/xzcat.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzcmp.profile b/etc/xzcmp.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzcmp.profile +++ b/etc/xzcmp.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 796c1d642..85d84f215 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -3,10 +3,10 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/xzdec.local +include xzdec.local # Persistent global definitions # added by included default.profile -#include /etc/firejail/globals.local +#include globals.local blacklist /tmp/.X11-unix @@ -23,4 +23,4 @@ tracelog private-dev -include /etc/firejail/default.profile +include default.profile diff --git a/etc/xzdiff.profile b/etc/xzdiff.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzdiff.profile +++ b/etc/xzdiff.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzegrep.profile b/etc/xzegrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzegrep.profile +++ b/etc/xzegrep.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzfgrep.profile b/etc/xzfgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzfgrep.profile +++ b/etc/xzfgrep.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzgrep.profile b/etc/xzgrep.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzgrep.profile +++ b/etc/xzgrep.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzless.profile b/etc/xzless.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzless.profile +++ b/etc/xzless.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/xzmore.profile b/etc/xzmore.profile index cd79eebc6..748dad2e3 100644 --- a/etc/xzmore.profile +++ b/etc/xzmore.profile @@ -4,4 +4,4 @@ # Redirect -include /etc/firejail/cpio.profile +include cpio.profile diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile index fdb7694a5..680bef677 100644 --- a/etc/yandex-browser.profile +++ b/etc/yandex-browser.profile @@ -1,9 +1,9 @@ # Firejail profile for yandex-browser # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/yandex-browser.local +include yandex-browser.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.cache/yandex-browser noblacklist ${HOME}/.cache/yandex-browser-beta @@ -20,4 +20,4 @@ whitelist ${HOME}/.config/yandex-browser whitelist ${HOME}/.config/yandex-browser-beta # Redirect -include /etc/firejail/chromium-common.profile +include chromium-common.profile diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 75d4514b6..4eb5349b0 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -3,9 +3,9 @@ # This file is overwritten after every install/update quiet # Persistent local customizations -include /etc/firejail/youtube-dl.local +include youtube-dl.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.netrc noblacklist ${MUSIC} @@ -17,14 +17,14 @@ noblacklist ${PATH}/python3* noblacklist /usr/lib/python2* noblacklist /usr/lib/python3* -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index 872719ebc..daa0d9e52 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile @@ -2,9 +2,9 @@ # Description: Integrated penetration testing tool for finding vulnerabilities in web applications # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/zaproxy.local +include zaproxy.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.ZAP @@ -15,17 +15,17 @@ noblacklist /usr/lib/java noblacklist /etc/java noblacklist /usr/share/java -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc mkdir ${HOME}/.ZAP whitelist ${HOME}/.java whitelist ${HOME}/.ZAP -include /etc/firejail/whitelist-common.inc -include /etc/firejail/whitelist-var-common.inc +include whitelist-common.inc +include whitelist-var-common.inc caps.drop all ipc-namespace diff --git a/etc/zart.profile b/etc/zart.profile index a4b22ed5d..eb9e4d671 100644 --- a/etc/zart.profile +++ b/etc/zart.profile @@ -2,19 +2,19 @@ # Description: A GUI for G'MIC real-time manipulations on the output of a webcam # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/zart.local +include zart.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${DOCUMENTS} noblacklist ${PICTURES} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all ipc-namespace diff --git a/etc/zathura.profile b/etc/zathura.profile index c1785e332..6f86310d7 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -2,20 +2,20 @@ # Description: Document viewer with a minimalistic interface # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/zathura.local +include zathura.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/zathura noblacklist ${HOME}/.local/share/zathura noblacklist ${DOCUMENTS} -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-xdg.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc caps.drop all machine-id diff --git a/etc/zoom.profile b/etc/zoom.profile index 419c25f18..4fbf7ca01 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile @@ -1,21 +1,21 @@ # Firejail profile for zoom # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/zoom.local +include zoom.local # Persistent global definitions -include /etc/firejail/globals.local +include globals.local noblacklist ${HOME}/.config/zoomus.conf -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-programs.inc +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-programs.inc mkdir ${HOME}/.zoom whitelist ${HOME}/.cache/zoom whitelist ${HOME}/.zoom -include /etc/firejail/whitelist-common.inc +include whitelist-common.inc caps.drop all netfilter -- cgit v1.2.3-54-g00ecf