From c26be70b30582400dc88a4bb213368a6d7250302 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Thu, 1 Sep 2016 03:42:44 +1000 Subject: tested and stable --- etc/0ad.profile | 4 ++-- etc/atom-beta.profile | 7 ++++--- etc/atom.profile | 6 ++++-- etc/atril.profile | 1 + etc/audacity.profile | 2 ++ etc/aweather.profile | 3 ++- etc/dosbox.profile | 21 +++++++++++++++++++++ etc/eom.profile | 1 + etc/gitter.profile | 4 +++- etc/gthumb.profile | 1 - etc/libreoffice.profile | 3 +-- etc/palemoon.profile | 1 + etc/pidgin.profile | 1 + etc/qtox.profile | 1 + etc/rhythmbox.profile | 1 + etc/stellarium.profile | 2 +- etc/transmission-gtk.profile | 2 +- etc/vlc.profile | 2 ++ etc/warzone2100.profile | 1 + etc/xplayer.profile | 1 + etc/xreader.profile | 1 + etc/xviewer.profile | 3 ++- 22 files changed, 54 insertions(+), 15 deletions(-) create mode 100644 etc/dosbox.profile diff --git a/etc/0ad.profile b/etc/0ad.profile index 217cdeee0..1e7c06879 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -19,8 +19,8 @@ whitelist ~/.local/share/0ad caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6 seccomp @@ -28,4 +28,4 @@ shell none tracelog private-dev - +private-tmp diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 3c753e86c..9a8d93875 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile @@ -1,4 +1,4 @@ -# Firjail profile for Atom Beta. +# Firejail profile for Atom Beta. noblacklist ~/.atom noblacklist ~/.config/Atom @@ -11,9 +11,10 @@ netfilter nonewprivs nogroups noroot +nosound +protocol unix,inet,inet6,netlink seccomp shell none private-dev -nosound - +private-tmp diff --git a/etc/atom.profile b/etc/atom.profile index 8304cd379..3cb86847e 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -1,4 +1,4 @@ -# Firjail profile for Atom. +# Firejail profile for Atom. noblacklist ~/.atom noblacklist ~/.config/Atom @@ -11,8 +11,10 @@ netfilter nonewprivs nogroups noroot +nosound +protocol unix,inet,inet6,netlink seccomp shell none private-dev -nosound +private-tmp diff --git a/etc/atril.profile b/etc/atril.profile index bfe731bec..d9e10b072 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -18,3 +18,4 @@ tracelog private-bin atril, atril-previewer, atril-thumbnailer private-dev +private-tmp diff --git a/etc/audacity.profile b/etc/audacity.profile index 162201cb8..be3fac9be 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter nonewprivs nogroups noroot @@ -17,3 +18,4 @@ tracelog private-bin audacity private-dev +private-tmp diff --git a/etc/aweather.profile b/etc/aweather.profile index da93e8ba3..4e5c36f50 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -15,10 +15,11 @@ nonewprivs nogroups noroot nosound -protocol unix,inet,inet6,netlink +protocol unix,inet,inet6 seccomp shell none tracelog private-bin aweather private-dev +private-tmp diff --git a/etc/dosbox.profile b/etc/dosbox.profile new file mode 100644 index 000000000..45fbb712a --- /dev/null +++ b/etc/dosbox.profile @@ -0,0 +1,21 @@ +# Firejail profile for dosbox +noblacklist ~/.dosbox + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-bin dosbox +private-dev +private-tmp diff --git a/etc/eom.profile b/etc/eom.profile index 81d993e96..dfcea82c1 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -18,3 +18,4 @@ tracelog private-bin eom private-dev +private-tmp diff --git a/etc/gitter.profile b/etc/gitter.profile index 2882c59a6..f43f5f199 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -7,12 +7,14 @@ include /etc/firejail/disable-devel.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot +nosound protocol unix,inet,inet6,netlink seccomp shell none private-bin gitter private-dev +private-tmp diff --git a/etc/gthumb.profile b/etc/gthumb.profile index e043c7229..3ffd10add 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -19,4 +19,3 @@ tracelog private-bin gthumb whitelist /tmp/.X11-unix private-dev -private-tmp diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 77a00ebef..75a52e9ff 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot protocol unix,inet,inet6,netlink @@ -15,5 +16,3 @@ tracelog private-dev whitelist /tmp/.X11-unix/ -nosound - diff --git a/etc/palemoon.profile b/etc/palemoon.profile index acedaebb7..71deec6bc 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -23,6 +23,7 @@ shell none tracelog private-bin palemoon +private-tmp # These are uncommented in the Firefox profile. If you run into trouble you may # want to uncomment (some of) them. diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 3df2cafa6..47be2b6ea 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -18,3 +18,4 @@ tracelog private-bin pidgin private-dev +private-tmp diff --git a/etc/qtox.profile b/etc/qtox.profile index 0cac18573..927487037 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -20,3 +20,4 @@ shell none tracelog private-bin qtox +private-tmp diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 9f087ea1d..0e8527ae7 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -16,3 +16,4 @@ tracelog private-bin rhythmbox private-dev +private-tmp diff --git a/etc/stellarium.profile b/etc/stellarium.profile index adefa75ff..d57c9e5f7 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -25,4 +25,4 @@ tracelog private-bin stellarium private-dev - +private-tmp diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index fa5c3b22b..0cfa4fcfc 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -14,9 +14,9 @@ noroot nosound protocol unix,inet,inet6 seccomp +shell none tracelog -shell none private-bin transmission-gtk whitelist /tmp/.X11-unix private-dev diff --git a/etc/vlc.profile b/etc/vlc.profile index c82247dd2..cdd098dd5 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -17,3 +17,5 @@ shell none tracelog private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc +private-dev +private-tmp diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index ff37e2800..7c7efade8 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -23,3 +23,4 @@ tracelog private-bin warzone2100 private-dev +private-tmp diff --git a/etc/xplayer.profile b/etc/xplayer.profile index a46b2fa06..54d5ed89b 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -19,3 +19,4 @@ tracelog private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer private-dev +private-tmp diff --git a/etc/xreader.profile b/etc/xreader.profile index ac7d34022..d2a000bd0 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -20,3 +20,4 @@ tracelog private-bin xreader, xreader-previewer, xreader-thumbnailer private-dev +private-tmp diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7a4ae4858..cbb59d16e 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -6,8 +6,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -nonewprivs nogroups +nonewprivs noroot nosound protocol unix @@ -17,3 +17,4 @@ tracelog private-dev private-bin xviewer +private-tmp -- cgit v1.2.3-54-g00ecf