From 7fd9fa0cf4e1d2fc997bef23caea883850da6693 Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 2 Sep 2017 10:32:45 -0400 Subject: Add a profile for Yandex browser Thanks to @larkvirtual for the paths and testing --- etc/disable-programs.inc | 4 ++++ etc/yandex-browser.profile | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 etc/yandex-browser.profile diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 736ac1e89..b833a3f68 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -178,6 +178,8 @@ blacklist ${HOME}/.config/xmms2 blacklist ${HOME}/.config/xplayer blacklist ${HOME}/.config/xreader blacklist ${HOME}/.config/xviewer +blacklist ${HOME}/.config/yandex-browser +blacklist ${HOME}/.config/yandex-browser-beta blacklist ${HOME}/.config/zathura blacklist ${HOME}/.config/zoomus.conf blacklist ${HOME}/.conkeror.mozdev.org @@ -427,3 +429,5 @@ blacklist ${HOME}/.cache/vivaldi blacklist ${HOME}/.cache/wesnoth blacklist ${HOME}/.cache/xmms2 blacklist ${HOME}/.cache/xreader +blacklist ${HOME}/.cache/yandex-browser +blacklist ${HOME}/.cache/yandex-browser-beta diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile new file mode 100644 index 000000000..bfb7b9d87 --- /dev/null +++ b/etc/yandex-browser.profile @@ -0,0 +1,42 @@ +# Firejail profile for yandex-browser +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/yandex-browser.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ~/.cache/yandex-browser +noblacklist ~/.cache/yandex-browser-beta +noblacklist ~/.config/yandex-browser +noblacklist ~/.config/yandex-browser-beta +noblacklist ~/.pki + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-programs.inc + +mkdir ~/.cache/yandex-browser +mkdir ~/.cache/yandex-browser-beta +mkdir ~/.config/yandex-browser +mkdir ~/.config/yandex-browser-beta +mkdir ~/.pki +whitelist ${DOWNLOADS} +whitelist ~/.cache/yandex-browser +whitelist ~/.cache/yandex-browser-beta +whitelist ~/.config/yandex-browser +whitelist ~/.config/yandex-browser-beta +whitelist ~/.pki +include /etc/firejail/whitelist-common.inc + +caps.keep sys_chroot,sys_admin +netfilter +nodvd +nogroups +notv +shell none + +private-dev +# private-tmp - problems with multiple browser sessions + +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf