From 55b200c440fe49e3a2dadb2634025587083f774b Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 30 Jul 2017 17:32:15 -0400 Subject: Partially synchronize Chromium-based profiles --- etc/google-chrome-beta.profile | 12 ++++++++++-- etc/google-chrome-unstable.profile | 12 ++++++++++-- etc/google-chrome.profile | 13 ++++++++++--- etc/vivaldi.profile | 11 ++++++++++- 4 files changed, 40 insertions(+), 8 deletions(-) diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index e527318c2..22a2e8f88 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -16,8 +16,6 @@ include /etc/firejail/disable-programs.inc # include /etc/firejail/disable-devel.inc # -netfilter - whitelist ${DOWNLOADS} mkdir ~/.config/google-chrome-beta whitelist ~/.config/google-chrome-beta @@ -27,5 +25,15 @@ mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc +caps.keep sys_chroot,sys_admin +#ipc-namespace +netfilter +nogroups +shell none + +private-dev +#private-tmp - problems with multiple browser sessions +#disable-mnt + noexec ${HOME} noexec /tmp diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 860e2488a..0675d7b49 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -16,8 +16,6 @@ include /etc/firejail/disable-programs.inc # include /etc/firejail/disable-devel.inc # -netfilter - whitelist ${DOWNLOADS} mkdir ~/.config/google-chrome-unstable whitelist ~/.config/google-chrome-unstable @@ -27,5 +25,15 @@ mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc +caps.keep sys_chroot,sys_admin +#ipc-namespace +netfilter +nogroups +shell none + +private-dev +#private-tmp - problems with multiple browser sessions +#disable-mnt + noexec ${HOME} noexec /tmp diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 7d27355d2..e6fceadec 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -16,9 +16,6 @@ include /etc/firejail/disable-programs.inc # include /etc/firejail/disable-devel.inc # -caps.keep sys_chroot,sys_admin -netfilter - whitelist ${DOWNLOADS} mkdir ~/.config/google-chrome whitelist ~/.config/google-chrome @@ -28,5 +25,15 @@ mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc +caps.keep sys_chroot,sys_admin +#ipc-namespace +netfilter +nogroups +shell none + +private-dev +#private-tmp - problems with multiple browser sessions +#disable-mnt + noexec ${HOME} noexec /tmp diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 7b9c4c9c6..fab620499 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -14,7 +14,6 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -netfilter whitelist ${DOWNLOADS} mkdir ~/.config/vivaldi @@ -23,5 +22,15 @@ mkdir ~/.cache/vivaldi whitelist ~/.cache/vivaldi include /etc/firejail/whitelist-common.inc +caps.keep sys_chroot,sys_admin +#ipc-namespace +netfilter +nogroups +shell none + +private-dev +#private-tmp - problems with multiple browser sessions +#disable-mnt + noexec ${HOME} noexec /tmp -- cgit v1.2.3-54-g00ecf