From eb4b505ac2537c320c044cf5fad595ecef41bbca Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Fri, 17 Nov 2017 12:29:11 -0600 Subject: Consistent home directory nomenclature --- etc/0ad.profile | 18 ++--- etc/2048-qt.profile | 4 +- etc/Mathematica.profile | 10 +-- etc/Thunar.profile | 4 +- etc/abrowser.profile | 44 +++++------ etc/ark.profile | 2 +- etc/atom.profile | 4 +- etc/atril.profile | 6 +- etc/audacious.profile | 4 +- etc/audacity.profile | 2 +- etc/aweather.profile | 6 +- etc/baloo_file.profile | 2 +- etc/bibletime.profile | 10 +-- etc/blender.profile | 2 +- etc/brasero.profile | 2 +- etc/brave.profile | 24 +++--- etc/caja.profile | 6 +- etc/calibre.profile | 4 +- etc/catfish.profile | 2 +- etc/chromium.profile | 22 +++--- etc/claws-mail.profile | 6 +- etc/clementine.profile | 2 +- etc/cliqz.profile | 94 +++++++++++------------ etc/conkeror.profile | 22 +++--- etc/corebird.profile | 2 +- etc/cower.profile | 8 +- etc/curl.profile | 2 +- etc/cyberfox.profile | 74 +++++++++--------- etc/darktable.profile | 4 +- etc/dia.profile | 2 +- etc/dillo.profile | 10 +-- etc/dolphin.profile | 4 +- etc/dosbox.profile | 2 +- etc/dragon.profile | 2 +- etc/dropbox.profile | 22 +++--- etc/elinks.profile | 2 +- etc/emacs.profile | 4 +- etc/enchant.profile | 2 +- etc/eog.profile | 8 +- etc/eom.profile | 8 +- etc/etr.profile | 6 +- etc/evince.profile | 2 +- etc/evolution.profile | 12 +-- etc/firefox.profile | 110 +++++++++++++-------------- etc/flashpeak-slimjet.profile | 18 ++--- etc/fossamail.profile | 18 ++--- etc/franz.profile | 18 ++--- etc/frozen-bubble.profile | 6 +- etc/galculator.profile | 6 +- etc/geary.profile | 14 ++-- etc/geeqie.profile | 6 +- etc/gimp.profile | 2 +- etc/git.profile | 14 ++-- etc/gitter.profile | 8 +- etc/gjs.profile | 8 +- etc/gnome-books.profile | 2 +- etc/gnome-chess.profile | 2 +- etc/gnome-documents.profile | 2 +- etc/gnome-mplayer.profile | 2 +- etc/gnome-music.profile | 2 +- etc/gnome-photos.profile | 2 +- etc/gnome-weather.profile | 2 +- etc/google-chrome-beta.profile | 18 ++--- etc/google-chrome-unstable.profile | 18 ++--- etc/google-chrome.profile | 18 ++--- etc/google-play-music-desktop-player.profile | 8 +- etc/gpa.profile | 2 +- etc/gpg-agent.profile | 2 +- etc/gpg.profile | 2 +- etc/gpicview.profile | 2 +- etc/gpredict.profile | 4 +- etc/gthumb.profile | 4 +- etc/gwenview.profile | 18 ++--- etc/handbrake.profile | 2 +- etc/hedgewars.profile | 4 +- etc/hexchat.profile | 4 +- etc/icecat.profile | 44 +++++------ etc/icedove.profile | 18 ++--- etc/inox.profile | 18 ++--- etc/iridium.profile | 16 ++-- etc/jitsi.profile | 2 +- etc/k3b.profile | 6 +- etc/kate.profile | 12 +-- etc/kget.profile | 8 +- etc/kino.profile | 4 +- etc/knotes.profile | 2 +- etc/kopete.profile | 8 +- etc/krunner.profile | 6 +- etc/ktorrent.profile | 36 ++++----- etc/kwin_x11.profile | 6 +- etc/kwrite.profile | 14 ++-- etc/less.profile | 2 +- etc/libreoffice.profile | 2 +- etc/liferea.profile | 18 ++--- etc/lximage-qt.profile | 2 +- etc/lxmusic.profile | 4 +- etc/makepkg.profile | 22 +++--- etc/mediathekview.profile | 20 ++--- etc/midori.profile | 40 +++++----- etc/mousepad.profile | 2 +- etc/musescore.profile | 8 +- etc/mutt.profile | 44 +++++------ etc/nautilus.profile | 8 +- etc/netsurf.profile | 12 +-- etc/nylas.profile | 8 +- etc/okular.profile | 18 ++--- etc/open-invaders.profile | 6 +- etc/opera-beta.profile | 16 ++-- etc/opera.profile | 24 +++--- etc/palemoon.profile | 42 +++++----- etc/pcmanfm.profile | 4 +- etc/pingus.profile | 6 +- etc/pix.profile | 4 +- etc/psi-plus.profile | 12 +-- etc/qbittorrent.profile | 24 +++--- etc/qemu-launcher.profile | 2 +- etc/qtox.profile | 4 +- etc/quiterss.profile | 8 +- etc/qupzilla.profile | 4 +- etc/qutebrowser.profile | 16 ++-- etc/rambox.profile | 12 +-- etc/ranger.profile | 2 +- etc/ristretto.profile | 4 +- etc/scribus.profile | 28 +++---- etc/seamonkey.profile | 44 +++++------ etc/signal-desktop.profile | 6 +- etc/simple-scan.profile | 2 +- etc/simutrans.profile | 6 +- etc/snap.profile | 2 +- etc/ssh-agent.profile | 2 +- etc/ssh.profile | 2 +- etc/stellarium.profile | 12 +-- etc/supertux2.profile | 6 +- etc/surf.profile | 4 +- etc/thunderbird.profile | 26 +++---- etc/torbrowser-launcher.profile | 12 +-- etc/totem.profile | 4 +- etc/transmission-gtk.profile | 8 +- etc/transmission-qt.profile | 8 +- etc/tuxguitar.profile | 4 +- etc/uget-gtk.profile | 4 +- etc/unknown-horizons.profile | 6 +- etc/uzbl-browser.profile | 20 ++--- etc/viewnior.profile | 10 +-- etc/vim.profile | 6 +- etc/virtualbox.profile | 8 +- etc/vivaldi.profile | 12 +-- etc/vym.profile | 2 +- etc/w3m.profile | 2 +- etc/warzone2100.profile | 10 +-- etc/waterfox.profile | 106 +++++++++++++------------- etc/wget.profile | 2 +- etc/whitelist-common.inc | 100 ++++++++++++------------ etc/wire.profile | 4 +- etc/xfburn.profile | 2 +- etc/xiphos.profile | 8 +- etc/xplayer.profile | 4 +- etc/xreader.profile | 6 +- etc/xviewer.profile | 8 +- etc/yandex-browser.profile | 30 ++++---- etc/zathura.profile | 8 +- etc/zoom.profile | 8 +- 162 files changed, 984 insertions(+), 984 deletions(-) diff --git a/etc/0ad.profile b/etc/0ad.profile index 9ca9834a8..057dcf49e 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -5,21 +5,21 @@ include /etc/firejail/0ad.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/0ad -noblacklist ~/.config/0ad -noblacklist ~/.local/share/0ad +noblacklist ${HOME}/.cache/0ad +noblacklist ${HOME}/.config/0ad +noblacklist ${HOME}/.local/share/0ad include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/0ad -mkdir ~/.config/0ad -mkdir ~/.local/share/0ad -whitelist ~/.cache/0ad -whitelist ~/.config/0ad -whitelist ~/.local/share/0ad +mkdir ${HOME}/.cache/0ad +mkdir ${HOME}/.config/0ad +mkdir ${HOME}/.local/share/0ad +whitelist ${HOME}/.cache/0ad +whitelist ${HOME}/.config/0ad +whitelist ${HOME}/.local/share/0ad include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 964a9e5fa..fa29925c4 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -5,8 +5,8 @@ include /etc/firejail/2048-qt.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/2048-qt -noblacklist ~/.config/xiaoyong +noblacklist ${HOME}/.config/2048-qt +noblacklist ${HOME}/.config/xiaoyong include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 924f74389..1ceaaf8dc 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.Mathematica -mkdir ~/.Wolfram Research -whitelist ~/.Mathematica -whitelist ~/.Wolfram Research -whitelist ~/Documents/Wolfram Mathematica +mkdir ${HOME}/.Mathematica +mkdir ${HOME}/.Wolfram Research +whitelist ${HOME}/.Mathematica +whitelist ${HOME}/.Wolfram Research +whitelist ${HOME}/Documents/Wolfram Mathematica include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/Thunar.profile b/etc/Thunar.profile index f4a5c9f54..29cfebe13 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile @@ -6,8 +6,8 @@ include /etc/firejail/Thunar.local include /etc/firejail/globals.local noblacklist ${HOME}/.local/share/Trash -noblacklist ~/.config/Thunar -noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml +noblacklist ${HOME}/.config/Thunar +noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 3251ef8aa..5c964bad1 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -5,34 +5,34 @@ include /etc/firejail/abrowser.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/mozilla -noblacklist ~/.mozilla -noblacklist ~/.pki +noblacklist ${HOME}/.cache/mozilla +noblacklist ${HOME}/.mozilla +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/mozilla/abrowser -mkdir ~/.mozilla +mkdir ${HOME}/.cache/mozilla/abrowser +mkdir ${HOME}/.mozilla whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/mozilla/abrowser -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.mozilla -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/mozilla/abrowser +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/ark.profile b/etc/ark.profile index 404206992..76b1d9394 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.config/arkrc +noblacklist ${HOME}/.config/arkrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/atom.profile b/etc/atom.profile index dc8db46dc..de09275cc 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -7,8 +7,8 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.atom -noblacklist ~/.config/Atom +noblacklist ${HOME}/.atom +noblacklist ${HOME}/.config/Atom include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/atril.profile b/etc/atril.profile index 50592ec3a..81d9e50d0 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -5,10 +5,10 @@ include /etc/firejail/atril.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/atril +noblacklist ${HOME}/.config/atril -#noblacklist ~/.local/share -# it seems to use only ~/.local/share/webkitgtk +#noblacklist ${HOME}/.local/share +# it seems to use only ${HOME}/.local/share/webkitgtk include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/audacious.profile b/etc/audacious.profile index 7e2b91773..9a11022e3 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -5,8 +5,8 @@ include /etc/firejail/audacious.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Audaciousrc -noblacklist ~/.config/audacious +noblacklist ${HOME}/.config/Audaciousrc +noblacklist ${HOME}/.config/audacious include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/audacity.profile b/etc/audacity.profile index 52e32badb..e173fa65a 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.audacity-data +noblacklist ${HOME}/.audacity-data include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/aweather.profile b/etc/aweather.profile index 62cebdbe5..2a4a9b591 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -5,15 +5,15 @@ include /etc/firejail/aweather.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/aweather +noblacklist ${HOME}/.config/aweather include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/aweather -whitelist ~/.config/aweather +mkdir ${HOME}/.config/aweather +whitelist ${HOME}/.config/aweather include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index a4fe05cf7..f6dbb480b 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -41,7 +41,7 @@ private-tmp noexec ${HOME} noexec /tmp -# Make home directory read-only and allow writing only to ~/.local/share +# Make home directory read-only and allow writing only to ${HOME}/.local/share # Note: Baloo will not be able to update the "first run" key in its configuration files. # read-only ${HOME} # read-write ${HOME}/.local/share diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 73d31c205..455a0e2a0 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile @@ -5,12 +5,12 @@ include /etc/firejail/bibletime.local # Persistent global definitions include /etc/firejail/globals.local -blacklist ~/.Xauthority -blacklist ~/.bashrc +blacklist ${HOME}/.Xauthority +blacklist ${HOME}/.bashrc -noblacklist ~/.bibletime -noblacklist ~/.config/qt5ct -noblacklist ~/.sword +noblacklist ${HOME}/.bibletime +noblacklist ${HOME}/.config/qt5ct +noblacklist ${HOME}/.sword include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/blender.profile b/etc/blender.profile index f7ecbce55..29df27759 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -5,7 +5,7 @@ include /etc/firejail/blender.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/blender +noblacklist ${HOME}/.config/blender include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/brasero.profile b/etc/brasero.profile index eff4cba43..f90d4688a 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile @@ -5,7 +5,7 @@ include /etc/firejail/brasero.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/brasero +noblacklist ${HOME}/.config/brasero include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/brave.profile b/etc/brave.profile index 4a908c884..476d1575a 100644 --- a/etc/brave.profile +++ b/etc/brave.profile @@ -5,25 +5,25 @@ include /etc/firejail/brave.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/brave +noblacklist ${HOME}/.config/brave # brave uses gpg for built-in password manager -noblacklist ~/.gnupg -noblacklist ~/.pki +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/brave -mkdir ~/.pki +mkdir ${HOME}/.config/brave +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.config/KeePass -whitelist ~/.config/brave -whitelist ~/.config/keepass -whitelist ~/.config/lastpass -whitelist ~/.keepass -whitelist ~/.lastpass -whitelist ~/.pki +whitelist ${HOME}/.config/KeePass +whitelist ${HOME}/.config/brave +whitelist ${HOME}/.config/keepass +whitelist ${HOME}/.config/lastpass +whitelist ${HOME}/.keepass +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc # caps.drop all diff --git a/etc/caja.profile b/etc/caja.profile index 83b6befa3..c3d5fa7c4 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -8,9 +8,9 @@ include /etc/firejail/globals.local # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there # is already a caja process running on MATE desktops firejail will have no effect. -# noblacklist ~/.config/caja - disable-programs.inc is disabled, see below -# noblacklist ~/.local/share/Trash -# noblacklist ~/.local/share/caja-python +# noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below +# noblacklist ${HOME}/.local/share/Trash +# noblacklist ${HOME}/.local/share/caja-python include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/calibre.profile b/etc/calibre.profile index 844231032..e4ed87753 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile @@ -5,8 +5,8 @@ include /etc/firejail/calibre.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/calibre -noblacklist ~/.config/calibre +noblacklist ${HOME}/.cache/calibre +noblacklist ${HOME}/.config/calibre include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc diff --git a/etc/catfish.profile b/etc/catfish.profile index 139951680..6d5ec1c52 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -10,7 +10,7 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.config/catfish +noblacklist ${HOME}/.config/catfish include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc diff --git a/etc/chromium.profile b/etc/chromium.profile index 0c7058a11..281d8bf76 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -5,23 +5,23 @@ include /etc/firejail/chromium.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/chromium -noblacklist ~/.config/chromium -noblacklist ~/.config/chromium-flags.conf -noblacklist ~/.pki +noblacklist ${HOME}/.cache/chromium +noblacklist ${HOME}/.config/chromium +noblacklist ${HOME}/.config/chromium-flags.conf +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/chromium -mkdir ~/.config/chromium -mkdir ~/.pki +mkdir ${HOME}/.cache/chromium +mkdir ${HOME}/.config/chromium +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/chromium -whitelist ~/.config/chromium -whitelist ~/.config/chromium-flags.conf -whitelist ~/.pki +whitelist ${HOME}/.cache/chromium +whitelist ${HOME}/.config/chromium +whitelist ${HOME}/.config/chromium-flags.conf +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index 4ab49163b..319515bde 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile @@ -5,9 +5,9 @@ include /etc/firejail/claws-mail.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.claws-mail -noblacklist ~/.gnupg -noblacklist ~/.signature +noblacklist ${HOME}/.claws-mail +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.signature include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/clementine.profile b/etc/clementine.profile index 619086437..f4a3301b6 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -5,7 +5,7 @@ include /etc/firejail/clementine.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Clementine +noblacklist ${HOME}/.config/Clementine include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/cliqz.profile b/etc/cliqz.profile index d61d46dca..086dfa233 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile @@ -5,60 +5,60 @@ include /etc/firejail/cliqz.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/cliqz -noblacklist ~/.config/cliqz -noblacklist ~/.config/okularpartrc -noblacklist ~/.config/okularrc -noblacklist ~/.config/qpdfview -noblacklist ~/.kde/share/apps/okular -noblacklist ~/.kde/share/config/okularpartrc -noblacklist ~/.kde/share/config/okularrc -noblacklist ~/.kde4/share/apps/okular -noblacklist ~/.kde4/share/config/okularpartrc -noblacklist ~/.kde4/share/config/okularrc -# noblacklist ~/.local/share/gnome-shell/extensions -noblacklist ~/.local/share/okular -noblacklist ~/.local/share/qpdfview +noblacklist ${HOME}/.cache/cliqz +noblacklist ${HOME}/.config/cliqz +noblacklist ${HOME}/.config/okularpartrc +noblacklist ${HOME}/.config/okularrc +noblacklist ${HOME}/.config/qpdfview +noblacklist ${HOME}/.kde/share/apps/okular +noblacklist ${HOME}/.kde/share/config/okularpartrc +noblacklist ${HOME}/.kde/share/config/okularrc +noblacklist ${HOME}/.kde4/share/apps/okular +noblacklist ${HOME}/.kde4/share/config/okularpartrc +noblacklist ${HOME}/.kde4/share/config/okularrc +# noblacklist ${HOME}/.local/share/gnome-shell/extensions +noblacklist ${HOME}/.local/share/okular +noblacklist ${HOME}/.local/share/qpdfview -noblacklist ~/.pki +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/mozilla/firefox -mkdir ~/.mozilla -mkdir ~/.pki +mkdir ${HOME}/.cache/mozilla/firefox +mkdir ${HOME}/.mozilla +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/mozilla/firefox -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/okularpartrc -whitelist ~/.config/okularrc -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.config/qpdfview -whitelist ~/.kde/share/apps/okular -whitelist ~/.kde/share/config/okularpartrc -whitelist ~/.kde/share/config/okularrc -whitelist ~/.kde4/share/apps/okular -whitelist ~/.kde4/share/config/okularpartrc -whitelist ~/.kde4/share/config/okularrc -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.local/share/gnome-shell/extensions -whitelist ~/.local/share/okular -whitelist ~/.local/share/qpdfview -whitelist ~/.mozilla -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/mozilla/firefox +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/okularpartrc +whitelist ${HOME}/.config/okularrc +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.config/qpdfview +whitelist ${HOME}/.kde/share/apps/okular +whitelist ${HOME}/.kde/share/config/okularpartrc +whitelist ${HOME}/.kde/share/config/okularrc +whitelist ${HOME}/.kde4/share/apps/okular +whitelist ${HOME}/.kde4/share/config/okularpartrc +whitelist ${HOME}/.kde4/share/config/okularrc +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.local/share/gnome-shell/extensions +whitelist ${HOME}/.local/share/okular +whitelist ${HOME}/.local/share/qpdfview +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/conkeror.profile b/etc/conkeror.profile index f6a9eefb6..38c4fdd68 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -10,17 +10,17 @@ noblacklist ${HOME}/.conkeror.mozdev.org include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc -whitelist ~/.conkeror.mozdev.org -whitelist ~/.conkerorrc -whitelist ~/.gtkrc-2.0 -whitelist ~/.lastpass -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.zotero -whitelist ~/Downloads -whitelist ~/dwhelper +whitelist ${HOME}/.conkeror.mozdev.org +whitelist ${HOME}/.conkerorrc +whitelist ${HOME}/.gtkrc-2.0 +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.zotero +whitelist ${HOME}/Downloads +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/corebird.profile b/etc/corebird.profile index 99a3335ef..3c9740cb7 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -5,7 +5,7 @@ include /etc/firejail/corebird.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/corebird +noblacklist ${HOME}/.config/corebird include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/cower.profile b/etc/cower.profile index 5e5c367c4..565c417ed 100644 --- a/etc/cower.profile +++ b/etc/cower.profile @@ -2,8 +2,8 @@ # This file is overwritten after every install/update # This profile could be significantly strengthened by adding the following to cower.local -# whitelist ~/ -# whitelist ~/.config/cower/ +# whitelist ${HOME}/ +# whitelist ${HOME}/.config/cower/ quiet @@ -12,8 +12,8 @@ include /etc/firejail/cower.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/cower/config -read-only ~/.config/cower/config +noblacklist ${HOME}/.config/cower/config +read-only ${HOME}/.config/cower/config noblacklist /var/lib/pacman diff --git a/etc/curl.profile b/etc/curl.profile index 972bbe9cc..521cd20cc 100644 --- a/etc/curl.profile +++ b/etc/curl.profile @@ -8,7 +8,7 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.curlrc +noblacklist ${HOME}/.curlrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 63f6ea845..a670f6aa3 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -5,49 +5,49 @@ include /etc/firejail/cyberfox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.8pecxstudios -noblacklist ~/.cache/8pecxstudios -noblacklist ~/.config/okularpartrc -noblacklist ~/.config/okularrc -noblacklist ~/.config/qpdfview -noblacklist ~/.kde/share/apps/okular -noblacklist ~/.kde4/share/apps/okular -noblacklist ~/.local/share/okular -noblacklist ~/.local/share/qpdfview -noblacklist ~/.pki +noblacklist ${HOME}/.8pecxstudios +noblacklist ${HOME}/.cache/8pecxstudios +noblacklist ${HOME}/.config/okularpartrc +noblacklist ${HOME}/.config/okularrc +noblacklist ${HOME}/.config/qpdfview +noblacklist ${HOME}/.kde/share/apps/okular +noblacklist ${HOME}/.kde4/share/apps/okular +noblacklist ${HOME}/.local/share/okular +noblacklist ${HOME}/.local/share/qpdfview +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.8pecxstudios -mkdir ~/.cache/8pecxstudios -mkdir ~/.pki +mkdir ${HOME}/.8pecxstudios +mkdir ${HOME}/.cache/8pecxstudios +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.8pecxstudios -whitelist ~/.cache/8pecxstudios -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/okularpartrc -whitelist ~/.config/okularrc -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.config/qpdfview -whitelist ~/.kde/share/apps/okular -whitelist ~/.kde4/share/apps/okular -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.local/share/okular -whitelist ~/.local/share/qpdfview -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.8pecxstudios +whitelist ${HOME}/.cache/8pecxstudios +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/okularpartrc +whitelist ${HOME}/.config/okularrc +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.config/qpdfview +whitelist ${HOME}/.kde/share/apps/okular +whitelist ${HOME}/.kde4/share/apps/okular +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.local/share/okular +whitelist ${HOME}/.local/share/qpdfview +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/darktable.profile b/etc/darktable.profile index c2dc0b42c..176ffaca1 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile @@ -5,8 +5,8 @@ include /etc/firejail/darktable.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/darktable -noblacklist ~/.config/darktable +noblacklist ${HOME}/.cache/darktable +noblacklist ${HOME}/.config/darktable include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/dia.profile b/etc/dia.profile index bf3c384ab..b1a723da0 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.dia +noblacklist ${HOME}/.dia include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/dillo.profile b/etc/dillo.profile index 840a568d8..6afb999e7 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -5,18 +5,18 @@ include /etc/firejail/dillo.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.dillo +noblacklist ${HOME}/.dillo include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.dillo -mkdir ~/.fltk +mkdir ${HOME}/.dillo +mkdir ${HOME}/.fltk whitelist ${DOWNLOADS} -whitelist ~/.dillo -whitelist ~/.fltk +whitelist ${HOME}/.dillo +whitelist ${HOME}/.fltk include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/dolphin.profile b/etc/dolphin.profile index fe72ee654..c1604826e 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -8,8 +8,8 @@ include /etc/firejail/globals.local # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5 noblacklist ${HOME}/.local/share/Trash -# noblacklist ~/.config/dolphinrc - diable-programs.inc is disabled, see below -# noblacklist ~/.local/share/dolphin +# noblacklist ${HOME}/.config/dolphinrc - diable-programs.inc is disabled, see below +# noblacklist ${HOME}/.local/share/dolphin include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/dosbox.profile b/etc/dosbox.profile index a64578e5c..736c7da2f 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile @@ -5,7 +5,7 @@ include /etc/firejail/dosbox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.dosbox +noblacklist ${HOME}/.dosbox include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/dragon.profile b/etc/dragon.profile index c37f81ac9..76544010f 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -5,7 +5,7 @@ include /etc/firejail/dragon.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/dragonplayerrc +noblacklist ${HOME}/.config/dragonplayerrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/dropbox.profile b/etc/dropbox.profile index ec268c09b..138b3912a 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -5,23 +5,23 @@ include /etc/firejail/dropbox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/autostart -noblacklist ~/.dropbox -noblacklist ~/.dropbox-dist +noblacklist ${HOME}/.config/autostart +noblacklist ${HOME}/.dropbox +noblacklist ${HOME}/.dropbox-dist include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.dropbox -mkdir ~/.dropbox-dist -mkdir ~/Dropbox -mkfile ~/.config/autostart/dropbox.desktop -whitelist ~/.config/autostart/dropbox.desktop -whitelist ~/.dropbox -whitelist ~/.dropbox-dist -whitelist ~/Dropbox +mkdir ${HOME}/.dropbox +mkdir ${HOME}/.dropbox-dist +mkdir ${HOME}/Dropbox +mkfile ${HOME}/.config/autostart/dropbox.desktop +whitelist ${HOME}/.config/autostart/dropbox.desktop +whitelist ${HOME}/.dropbox +whitelist ${HOME}/.dropbox-dist +whitelist ${HOME}/Dropbox include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/elinks.profile b/etc/elinks.profile index 10fd19f71..aca30c933 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.elinks +noblacklist ${HOME}/.elinks include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/emacs.profile b/etc/emacs.profile index 8351d6c42..8700bc8e6 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile @@ -5,8 +5,8 @@ include /etc/firejail/emacs.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.emacs -noblacklist ~/.emacs.d +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/enchant.profile b/etc/enchant.profile index b7034b937..8178bb2c8 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -5,7 +5,7 @@ include /etc/firejail/enchant.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/enchant +noblacklist ${HOME}/.config/enchant include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/eog.profile b/etc/eog.profile index c07268e14..cf6b1c1c6 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -7,10 +7,10 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus - makes settings immutable -noblacklist ~/.Steam -noblacklist ~/.config/eog -noblacklist ~/.local/share/Trash -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.config/eog +noblacklist ${HOME}/.local/share/Trash +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/eom.profile b/etc/eom.profile index 5e0008ab3..4edd8fafe 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -7,10 +7,10 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus - makes settings immutable -noblacklist ~/.Steam -noblacklist ~/.config/mate/eom -noblacklist ~/.local/share/Trash -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.config/mate/eom +noblacklist ${HOME}/.local/share/Trash +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/etr.profile b/etc/etr.profile index 579aa570a..ad2e5be5d 100644 --- a/etc/etr.profile +++ b/etc/etr.profile @@ -7,14 +7,14 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.etr +noblacklist ${HOME}/.etr include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.etr -whitelist ~/.etr +mkdir ${HOME}/.etr +whitelist ${HOME}/.etr include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/evince.profile b/etc/evince.profile index b68d272df..7118d3c08 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.config/evince +noblacklist ${HOME}/.config/evince include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/evolution.profile b/etc/evolution.profile index e74c68f63..90a0c4ec4 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -7,12 +7,12 @@ include /etc/firejail/globals.local noblacklist /var/mail noblacklist /var/spool/mail -# noblacklist ~/.bogofilter -noblacklist ~/.cache/evolution -noblacklist ~/.config/evolution -noblacklist ~/.gnupg -noblacklist ~/.local/share/evolution -noblacklist ~/.pki +# noblacklist ${HOME}/.bogofilter +noblacklist ${HOME}/.cache/evolution +noblacklist ${HOME}/.config/evolution +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.local/share/evolution +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/firefox.profile b/etc/firefox.profile index 2423b149c..b76c16385 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -5,67 +5,67 @@ include /etc/firejail/firefox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/mozilla -noblacklist ~/.config/okularpartrc -noblacklist ~/.config/okularrc -noblacklist ~/.config/qpdfview -noblacklist ~/.kde/share/apps/kget -noblacklist ~/.kde/share/apps/okular -noblacklist ~/.kde/share/config/kgetrc -noblacklist ~/.kde/share/config/okularpartrc -noblacklist ~/.kde/share/config/okularrc -noblacklist ~/.kde4/share/apps/kget -noblacklist ~/.kde4/share/apps/okular -noblacklist ~/.kde4/share/config/kgetrc -noblacklist ~/.kde4/share/config/okularpartrc -noblacklist ~/.kde4/share/config/okularrc -# noblacklist ~/.local/share/gnome-shell/extensions -noblacklist ~/.local/share/okular -noblacklist ~/.local/share/qpdfview -noblacklist ~/.mozilla -noblacklist ~/.pki +noblacklist ${HOME}/.cache/mozilla +noblacklist ${HOME}/.config/okularpartrc +noblacklist ${HOME}/.config/okularrc +noblacklist ${HOME}/.config/qpdfview +noblacklist ${HOME}/.kde/share/apps/kget +noblacklist ${HOME}/.kde/share/apps/okular +noblacklist ${HOME}/.kde/share/config/kgetrc +noblacklist ${HOME}/.kde/share/config/okularpartrc +noblacklist ${HOME}/.kde/share/config/okularrc +noblacklist ${HOME}/.kde4/share/apps/kget +noblacklist ${HOME}/.kde4/share/apps/okular +noblacklist ${HOME}/.kde4/share/config/kgetrc +noblacklist ${HOME}/.kde4/share/config/okularpartrc +noblacklist ${HOME}/.kde4/share/config/okularrc +# noblacklist ${HOME}/.local/share/gnome-shell/extensions +noblacklist ${HOME}/.local/share/okular +noblacklist ${HOME}/.local/share/qpdfview +noblacklist ${HOME}/.mozilla +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/mozilla/firefox -mkdir ~/.mozilla -mkdir ~/.pki +mkdir ${HOME}/.cache/mozilla/firefox +mkdir ${HOME}/.mozilla +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/mozilla/firefox -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/okularpartrc -whitelist ~/.config/okularrc -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.config/qpdfview -whitelist ~/.kde/share/apps/kget -whitelist ~/.kde/share/apps/okular -whitelist ~/.kde/share/config/kgetrc -whitelist ~/.kde/share/config/okularpartrc -whitelist ~/.kde/share/config/okularrc -whitelist ~/.kde4/share/apps/kget -whitelist ~/.kde4/share/apps/okular -whitelist ~/.kde4/share/config/kgetrc -whitelist ~/.kde4/share/config/okularpartrc -whitelist ~/.kde4/share/config/okularrc -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.local/share/gnome-shell/extensions -whitelist ~/.local/share/okular -whitelist ~/.local/share/qpdfview -whitelist ~/.mozilla -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/mozilla/firefox +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/okularpartrc +whitelist ${HOME}/.config/okularrc +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.config/qpdfview +whitelist ${HOME}/.kde/share/apps/kget +whitelist ${HOME}/.kde/share/apps/okular +whitelist ${HOME}/.kde/share/config/kgetrc +whitelist ${HOME}/.kde/share/config/okularpartrc +whitelist ${HOME}/.kde/share/config/okularrc +whitelist ${HOME}/.kde4/share/apps/kget +whitelist ${HOME}/.kde4/share/apps/okular +whitelist ${HOME}/.kde4/share/config/kgetrc +whitelist ${HOME}/.kde4/share/config/okularpartrc +whitelist ${HOME}/.kde4/share/config/okularrc +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.local/share/gnome-shell/extensions +whitelist ${HOME}/.local/share/okular +whitelist ${HOME}/.local/share/qpdfview +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 18db4c597..feb4087f4 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -10,21 +10,21 @@ include /etc/firejail/globals.local # to run it is as follows: # firejail flashpeak-slimjet --no-sandbox -noblacklist ~/.cache/slimjet -noblacklist ~/.config/slimjet -noblacklist ~/.pki +noblacklist ${HOME}/.cache/slimjet +noblacklist ${HOME}/.config/slimjet +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/slimjet -mkdir ~/.config/slimjet -mkdir ~/.pki +mkdir ${HOME}/.cache/slimjet +mkdir ${HOME}/.config/slimjet +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/slimjet -whitelist ~/.config/slimjet -whitelist ~/.pki +whitelist ${HOME}/.cache/slimjet +whitelist ${HOME}/.config/slimjet +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/fossamail.profile b/etc/fossamail.profile index cef522c53..4316c0988 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile @@ -5,16 +5,16 @@ include /etc/firejail/fossamail.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/fossamail -noblacklist ~/.fossamail -noblacklist ~/.gnupg +noblacklist ${HOME}/.cache/fossamail +noblacklist ${HOME}/.fossamail +noblacklist ${HOME}/.gnupg -mkdir ~/.cache/fossamail -mkdir ~/.fossamail -mkdir ~/.gnupg -whitelist ~/.cache/fossamail -whitelist ~/.fossamail -whitelist ~/.gnupg +mkdir ${HOME}/.cache/fossamail +mkdir ${HOME}/.fossamail +mkdir ${HOME}/.gnupg +whitelist ${HOME}/.cache/fossamail +whitelist ${HOME}/.fossamail +whitelist ${HOME}/.gnupg include /etc/firejail/whitelist-common.inc # allow browsers diff --git a/etc/franz.profile b/etc/franz.profile index bceeaf3b4..42b14fa2f 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -5,21 +5,21 @@ include /etc/firejail/franz.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/Franz -noblacklist ~/.config/Franz -noblacklist ~/.pki +noblacklist ${HOME}/.cache/Franz +noblacklist ${HOME}/.config/Franz +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/Franz -mkdir ~/.config/Franz -mkdir ~/.pki +mkdir ${HOME}/.cache/Franz +mkdir ${HOME}/.config/Franz +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/Franz -whitelist ~/.config/Franz -whitelist ~/.pki +whitelist ${HOME}/.cache/Franz +whitelist ${HOME}/.config/Franz +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 0480faf6f..0660137e0 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -7,14 +7,14 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.frozen-bubble +noblacklist ${HOME}/.frozen-bubble include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.frozen-bubble -whitelist ~/.frozen-bubble +mkdir ${HOME}/.frozen-bubble +whitelist ${HOME}/.frozen-bubble include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/galculator.profile b/etc/galculator.profile index fdb9e3f1d..0923d7e55 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -7,15 +7,15 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.config/galculator +noblacklist ${HOME}/.config/galculator include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/galculator -whitelist ~/.config/galculator +mkdir ${HOME}/.config/galculator +whitelist ${HOME}/.config/galculator include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/geary.profile b/etc/geary.profile index 3ab4a21d8..36c00efa0 100644 --- a/etc/geary.profile +++ b/etc/geary.profile @@ -8,18 +8,18 @@ include /etc/firejail/globals.local # Users have Geary set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories -noblacklist ~/.gnupg -noblacklist ~/.local/share/geary +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.local/share/geary -mkdir ~/.gnupg -mkdir ~/.local/share/geary -whitelist ~/.gnupg -whitelist ~/.local/share/geary +mkdir ${HOME}/.gnupg +mkdir ${HOME}/.local/share/geary +whitelist ${HOME}/.gnupg +whitelist ${HOME}/.local/share/geary include /etc/firejail/whitelist-common.inc ignore private-tmp -read-only ~/.config/mimeapps.list +read-only ${HOME}/.config/mimeapps.list # allow browsers # Redirect diff --git a/etc/geeqie.profile b/etc/geeqie.profile index a50fd4370..27ee343af 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -5,9 +5,9 @@ include /etc/firejail/geeqie.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/geeqie -noblacklist ~/.config/geeqie -noblacklist ~/.local/share/geeqie +noblacklist ${HOME}/.cache/geeqie +noblacklist ${HOME}/.config/geeqie +noblacklist ${HOME}/.local/share/geeqie include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gimp.profile b/etc/gimp.profile index b398813f6..2a0698cc3 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -30,7 +30,7 @@ shell none private-dev private-tmp -# gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory +# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory # if you are not using external plugins, you can enable noexec statement below # noexec ${HOME} noexec /tmp diff --git a/etc/git.profile b/etc/git.profile index 14fb55118..7dac03b1b 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -8,13 +8,13 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.emacs -noblacklist ~/.emacs.d -noblacklist ~/.gitconfig -noblacklist ~/.gnupg -noblacklist ~/.ssh -noblacklist ~/.vim -noblacklist ~/.viminfo +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.gitconfig +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.ssh +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/gitter.profile b/etc/gitter.profile index 3e84455f1..a3bbabd10 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -5,8 +5,8 @@ include /etc/firejail/gitter.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/autostart -noblacklist ~/.config/Gitter +noblacklist ${HOME}/.config/autostart +noblacklist ${HOME}/.config/Gitter include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc @@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc whitelist ${DOWNLOADS} -whitelist ~/.config/autostart -whitelist ~/.config/Gitter +whitelist ${HOME}/.config/autostart +whitelist ${HOME}/.config/Gitter include /etc/firejail/whitelist-var-common.inc caps.drop all diff --git a/etc/gjs.profile b/etc/gjs.profile index a856d35b5..32faeb8df 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -7,10 +7,10 @@ include /etc/firejail/globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.cache/libgweather -noblacklist ~/.cache/org.gnome.Books -noblacklist ~/.config/libreoffice -noblacklist ~/.local/share/gnome-photos +noblacklist ${HOME}/.cache/libgweather +noblacklist ${HOME}/.cache/org.gnome.Books +noblacklist ${HOME}/.config/libreoffice +noblacklist ${HOME}/.local/share/gnome-photos include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 6998a3a42..bd21cd39f 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.cache/org.gnome.Books +noblacklist ${HOME}/.cache/org.gnome.Books include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 4caf971dd..f1f04d889 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -5,7 +5,7 @@ include /etc/firejail/gnome-chess.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.local/share/gnome-chess +noblacklist ${HOME}/.local/share/gnome-chess include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 3254f3fbc..40bb63538 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.config/libreoffice +noblacklist ${HOME}/.config/libreoffice include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 166994374..c9626950e 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -5,7 +5,7 @@ include /etc/firejail/gnome-mplayer.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/gnome-mplayer +noblacklist ${HOME}/.config/gnome-mplayer include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 17288d500..f052563be 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -5,7 +5,7 @@ include /etc/firejail/gnome-music.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.local/share/gnome-music +noblacklist ${HOME}/.local/share/gnome-music include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index f9be4c4de..f3b00a868 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.local/share/gnome-photos +noblacklist ${HOME}/.local/share/gnome-photos include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index e5804687c..0423b06dd 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.cache/libgweather +noblacklist ${HOME}/.cache/libgweather include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index ac457b92f..9c7306b85 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-beta.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/google-chrome-beta -noblacklist ~/.config/google-chrome-beta -noblacklist ~/.pki +noblacklist ${HOME}/.cache/google-chrome-beta +noblacklist ${HOME}/.config/google-chrome-beta +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/google-chrome-beta -mkdir ~/.config/google-chrome-beta -mkdir ~/.pki +mkdir ${HOME}/.cache/google-chrome-beta +mkdir ${HOME}/.config/google-chrome-beta +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/google-chrome-beta -whitelist ~/.config/google-chrome-beta -whitelist ~/.pki +whitelist ${HOME}/.cache/google-chrome-beta +whitelist ${HOME}/.config/google-chrome-beta +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 3d7a9a715..bb05b3e99 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-unstable.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/google-chrome-unstable -noblacklist ~/.config/google-chrome-unstable -noblacklist ~/.pki +noblacklist ${HOME}/.cache/google-chrome-unstable +noblacklist ${HOME}/.config/google-chrome-unstable +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/google-chrome-unstable -mkdir ~/.config/google-chrome-unstable -mkdir ~/.pki +mkdir ${HOME}/.cache/google-chrome-unstable +mkdir ${HOME}/.config/google-chrome-unstable +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/google-chrome-unstable -whitelist ~/.config/google-chrome-unstable -whitelist ~/.pki +whitelist ${HOME}/.cache/google-chrome-unstable +whitelist ${HOME}/.config/google-chrome-unstable +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6e5175989..2e9524e16 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -5,21 +5,21 @@ include /etc/firejail/google-chrome.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/google-chrome -noblacklist ~/.config/google-chrome -noblacklist ~/.pki +noblacklist ${HOME}/.cache/google-chrome +noblacklist ${HOME}/.config/google-chrome +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/google-chrome -mkdir ~/.config/google-chrome -mkdir ~/.pki +mkdir ${HOME}/.cache/google-chrome +mkdir ${HOME}/.config/google-chrome +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/google-chrome -whitelist ~/.config/google-chrome -whitelist ~/.pki +whitelist ${HOME}/.cache/google-chrome +whitelist ${HOME}/.config/google-chrome +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 11ca13090..58473d5c8 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -5,16 +5,16 @@ include /etc/firejail/google-play-music-desktop-player.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Google Play Music Desktop Player +noblacklist ${HOME}/.config/Google Play Music Desktop Player include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -# whitelist ~/.config/pulse -# whitelist ~/.pulse -whitelist ~/.config/Google Play Music Desktop Player +# whitelist ${HOME}/.config/pulse +# whitelist ${HOME}/.pulse +whitelist ${HOME}/.config/Google Play Music Desktop Player include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/gpa.profile b/etc/gpa.profile index 8d721e2c0..725c744ed 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile @@ -5,7 +5,7 @@ include /etc/firejail/gpa.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.gnupg +noblacklist ${HOME}/.gnupg include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 8fd2ce232..c59c624fc 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.gnupg +noblacklist ${HOME}/.gnupg include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gpg.profile b/etc/gpg.profile index 8c39f85e3..cd2b30e9e 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.gnupg +noblacklist ${HOME}/.gnupg include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 5ed447ac4..8d47d9c31 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.config/gpicview +noblacklist ${HOME}/.config/gpicview include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gpredict.profile b/etc/gpredict.profile index f204366c5..029c37290 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -5,14 +5,14 @@ include /etc/firejail/gpredict.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Gpredict +noblacklist ${HOME}/.config/Gpredict include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -whitelist ~/.config/Gpredict +whitelist ${HOME}/.config/Gpredict include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 287e214e1..5d066c141 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile @@ -6,8 +6,8 @@ include /etc/firejail/gthumb.local include /etc/firejail/globals.local noblacklist ${HOME}/.config/gthumb -noblacklist ~/.Steam -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 891c9865e..efaf94f4c 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -7,15 +7,15 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.config/gwenviewrc -noblacklist ~/.config/org.kde.gwenviewrc -noblacklist ~/.gimp* -noblacklist ~/.kde/share/apps/gwenview -noblacklist ~/.kde/share/config/gwenviewrc -noblacklist ~/.kde4/share/apps/gwenview -noblacklist ~/.kde4/share/config/gwenviewrc -noblacklist ~/.local/share/gwenview -noblacklist ~/.local/share/org.kde.gwenview +noblacklist ${HOME}/.config/gwenviewrc +noblacklist ${HOME}/.config/org.kde.gwenviewrc +noblacklist ${HOME}/.gimp* +noblacklist ${HOME}/.kde/share/apps/gwenview +noblacklist ${HOME}/.kde/share/config/gwenviewrc +noblacklist ${HOME}/.kde4/share/apps/gwenview +noblacklist ${HOME}/.kde4/share/config/gwenviewrc +noblacklist ${HOME}/.local/share/gwenview +noblacklist ${HOME}/.local/share/org.kde.gwenview include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 5235e91f2..f8554d50c 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile @@ -5,7 +5,7 @@ include /etc/firejail/handbrake.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/ghb +noblacklist ${HOME}/.config/ghb include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index e2775ffce..6f9117fae 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -12,8 +12,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.hedgewars -whitelist ~/.hedgewars +mkdir ${HOME}/.hedgewars +whitelist ${HOME}/.hedgewars include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 5945665cc..634ced575 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -13,8 +13,8 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/hexchat -whitelist ~/.config/hexchat +mkdir ${HOME}/.config/hexchat +whitelist ${HOME}/.config/hexchat include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/icecat.profile b/etc/icecat.profile index ab7e62180..74c51926a 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -5,34 +5,34 @@ include /etc/firejail/icecat.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/mozilla -noblacklist ~/.mozilla -noblacklist ~/.pki +noblacklist ${HOME}/.cache/mozilla +noblacklist ${HOME}/.mozilla +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/mozilla/icecat -mkdir ~/.mozilla +mkdir ${HOME}/.cache/mozilla/icecat +mkdir ${HOME}/.mozilla whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/mozilla/icecat -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.mozilla -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/mozilla/icecat +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/icedove.profile b/etc/icedove.profile index 46861d9f2..80cff3878 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile @@ -8,16 +8,16 @@ include /etc/firejail/globals.local # Users have icedove set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories -noblacklist ~/.cache/icedove -noblacklist ~/.gnupg -noblacklist ~/.icedove +noblacklist ${HOME}/.cache/icedove +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.icedove -mkdir ~/.cache/icedove -mkdir ~/.gnupg -mkdir ~/.icedove -whitelist ~/.cache/icedove -whitelist ~/.gnupg -whitelist ~/.icedove +mkdir ${HOME}/.cache/icedove +mkdir ${HOME}/.gnupg +mkdir ${HOME}/.icedove +whitelist ${HOME}/.cache/icedove +whitelist ${HOME}/.gnupg +whitelist ${HOME}/.icedove include /etc/firejail/whitelist-common.inc ignore private-tmp diff --git a/etc/inox.profile b/etc/inox.profile index 221acd309..fbc654434 100644 --- a/etc/inox.profile +++ b/etc/inox.profile @@ -5,20 +5,20 @@ include /etc/firejail/inox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/inox -noblacklist ~/.config/inox -noblacklist ~/.pki +noblacklist ${HOME}/.cache/inox +noblacklist ${HOME}/.config/inox +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/inox -mkdir ~/.config/inox -mkdir ~/.pki +mkdir ${HOME}/.cache/inox +mkdir ${HOME}/.config/inox +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/inox -whitelist ~/.config/inox -whitelist ~/.pki +whitelist ${HOME}/.cache/inox +whitelist ${HOME}/.config/inox +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/iridium.profile b/etc/iridium.profile index 5b1268f4e..76026722f 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile @@ -5,21 +5,21 @@ include /etc/firejail/iridium.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/iridium -noblacklist ~/.config/iridium +noblacklist ${HOME}/.cache/iridium +noblacklist ${HOME}/.config/iridium include /etc/firejail/disable-common.inc # chromium/iridium is distributed with a perl script on Arch # include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/iridium -mkdir ~/.config/iridium -mkdir ~/.pki +mkdir ${HOME}/.cache/iridium +mkdir ${HOME}/.config/iridium +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/iridium -whitelist ~/.config/iridium -whitelist ~/.pki +whitelist ${HOME}/.cache/iridium +whitelist ${HOME}/.config/iridium +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 78a57ff46..bfccdf281 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -5,7 +5,7 @@ include /etc/firejail/jitsi.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.jitsi +noblacklist ${HOME}/.jitsi include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/k3b.profile b/etc/k3b.profile index 58623d823..a9555bccc 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile @@ -5,9 +5,9 @@ include /etc/firejail/k3b.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/k3brc -noblacklist ~/.kde/share/config/k3brc -noblacklist ~/.kde4/share/config/k3brc +noblacklist ${HOME}/.config/k3brc +noblacklist ${HOME}/.kde/share/config/k3brc +noblacklist ${HOME}/.kde4/share/config/k3brc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/kate.profile b/etc/kate.profile index 85a98d67f..711833d5c 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -7,12 +7,12 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.config/katepartrc -noblacklist ~/.config/katerc -noblacklist ~/.config/kateschemarc -noblacklist ~/.config/katesyntaxhighlightingrc -noblacklist ~/.config/katevirc -noblacklist ~/.local/share/kate +noblacklist ${HOME}/.config/katepartrc +noblacklist ${HOME}/.config/katerc +noblacklist ${HOME}/.config/kateschemarc +noblacklist ${HOME}/.config/katesyntaxhighlightingrc +noblacklist ${HOME}/.config/katevirc +noblacklist ${HOME}/.local/share/kate include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc diff --git a/etc/kget.profile b/etc/kget.profile index f6d7352c1..25c66e044 100644 --- a/etc/kget.profile +++ b/etc/kget.profile @@ -5,10 +5,10 @@ include /etc/firejail/kget.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.kde/share/apps/kget -noblacklist ~/.kde/share/config/kgetrc -noblacklist ~/.kde4/share/apps/kget -noblacklist ~/.kde4/share/config/kgetrc +noblacklist ${HOME}/.kde/share/apps/kget +noblacklist ${HOME}/.kde/share/config/kgetrc +noblacklist ${HOME}/.kde4/share/apps/kget +noblacklist ${HOME}/.kde4/share/config/kgetrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/kino.profile b/etc/kino.profile index 240dab8ef..be51786f5 100644 --- a/etc/kino.profile +++ b/etc/kino.profile @@ -5,8 +5,8 @@ include /etc/firejail/kino.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.kino-history -noblacklist ~/.kinorc +noblacklist ${HOME}/.kino-history +noblacklist ${HOME}/.kinorc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/knotes.profile b/etc/knotes.profile index 039f1b057..94ada7855 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile @@ -5,7 +5,7 @@ include /etc/firejail/knotes.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/knotesrc +noblacklist ${HOME}/.config/knotesrc include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc diff --git a/etc/kopete.profile b/etc/kopete.profile index 3e943c162..6d7c22373 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile @@ -5,10 +5,10 @@ include /etc/firejail/kopete.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.kde/share/apps/kopete -noblacklist ~/.kde/share/config/kopeterc -noblacklist ~/.kde4/share/apps/kopete -noblacklist ~/.kde4/share/config/kopeterc +noblacklist ${HOME}/.kde/share/apps/kopete +noblacklist ${HOME}/.kde/share/config/kopeterc +noblacklist ${HOME}/.kde4/share/apps/kopete +noblacklist ${HOME}/.kde4/share/config/kopeterc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/krunner.profile b/etc/krunner.profile index c3a4c73aa..606b67677 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile @@ -8,9 +8,9 @@ include /etc/firejail/globals.local # start a program in krunner: program will run with this generic profile # open a file in krunner: file viewer will run with its own profile (if firejailed automatically) -noblacklist ~/.config/krunnerrc -noblacklist ~/.kde/share/config/krunnerrc -noblacklist ~/.kde4/share/config/krunnerrc +noblacklist ${HOME}/.config/krunnerrc +noblacklist ${HOME}/.kde/share/config/krunnerrc +noblacklist ${HOME}/.kde4/share/config/krunnerrc include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 99e185ce3..5ea09f925 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -5,31 +5,31 @@ include /etc/firejail/ktorrent.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/ktorrentrc -noblacklist ~/.kde/share/apps/ktorrent -noblacklist ~/.kde/share/config/ktorrentrc -noblacklist ~/.kde4/share/apps/ktorrent -noblacklist ~/.kde4/share/config/ktorrentrc -noblacklist ~/.local/share/ktorrent +noblacklist ${HOME}/.config/ktorrentrc +noblacklist ${HOME}/.kde/share/apps/ktorrent +noblacklist ${HOME}/.kde/share/config/ktorrentrc +noblacklist ${HOME}/.kde4/share/apps/ktorrent +noblacklist ${HOME}/.kde4/share/config/ktorrentrc +noblacklist ${HOME}/.local/share/ktorrent include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.kde/share/apps/ktorrent -mkdir ~/.kde4/share/apps/ktorrent -mkdir ~/.local/share/ktorrent -mkfile ~/.config/ktorrentrc -mkfile ~/.kde/share/config/ktorrentrc -mkfile ~/.kde4/share/config/ktorrentrc +mkdir ${HOME}/.kde/share/apps/ktorrent +mkdir ${HOME}/.kde4/share/apps/ktorrent +mkdir ${HOME}/.local/share/ktorrent +mkfile ${HOME}/.config/ktorrentrc +mkfile ${HOME}/.kde/share/config/ktorrentrc +mkfile ${HOME}/.kde4/share/config/ktorrentrc whitelist ${DOWNLOADS} -whitelist ~/.config/ktorrentrc -whitelist ~/.kde/share/apps/ktorrent -whitelist ~/.kde/share/config/ktorrentrc -whitelist ~/.kde4/share/apps/ktorrent -whitelist ~/.kde4/share/config/ktorrentrc -whitelist ~/.local/share/ktorrent +whitelist ${HOME}/.config/ktorrentrc +whitelist ${HOME}/.kde/share/apps/ktorrent +whitelist ${HOME}/.kde/share/config/ktorrentrc +whitelist ${HOME}/.kde4/share/apps/ktorrent +whitelist ${HOME}/.kde4/share/config/ktorrentrc +whitelist ${HOME}/.local/share/ktorrent include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 0004da72d..8a578f3f3 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile @@ -5,9 +5,9 @@ include /etc/firejail/kwin_x11.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/kwinrc -noblacklist ~/.config/kwinrulesrc -noblacklist ~/.local/share/kwin +noblacklist ${HOME}/.config/kwinrc +noblacklist ${HOME}/.config/kwinrulesrc +noblacklist ${HOME}/.local/share/kwin include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 5d6eba094..807ecf62b 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -7,13 +7,13 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.config/katepartrc -noblacklist ~/.config/katerc -noblacklist ~/.config/kateschemarc -noblacklist ~/.config/katesyntaxhighlightingrc -noblacklist ~/.config/katevirc -noblacklist ~/.config/kwriterc -noblacklist ~/.local/share/kwrite +noblacklist ${HOME}/.config/katepartrc +noblacklist ${HOME}/.config/katerc +noblacklist ${HOME}/.config/kateschemarc +noblacklist ${HOME}/.config/katesyntaxhighlightingrc +noblacklist ${HOME}/.config/katevirc +noblacklist ${HOME}/.config/kwriterc +noblacklist ${HOME}/.local/share/kwrite include /etc/firejail/disable-common.inc # include /etc/firejail/disable-devel.inc diff --git a/etc/less.profile b/etc/less.profile index 3546649af..3b1c5d6bf 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -20,7 +20,7 @@ shell none tracelog writable-var-log -# The user can have a custom coloring scritps configured in ~/.lessfilter. +# The user can have a custom coloring scritps configured in ${HOME}/.lessfilter. # Enable private-bin and private-lib if you are not using any filter. # private-bin less # private-lib diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 214b49c65..3548a75ad 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local noblacklist ${HOME}/.java noblacklist /usr/local/sbin -noblacklist ~/.config/libreoffice +noblacklist ${HOME}/.config/libreoffice include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/liferea.profile b/etc/liferea.profile index afd5fed6b..552a45bbb 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -5,21 +5,21 @@ include /etc/firejail/liferea.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/liferea -noblacklist ~/.config/liferea -noblacklist ~/.local/share/liferea +noblacklist ${HOME}/.cache/liferea +noblacklist ${HOME}/.config/liferea +noblacklist ${HOME}/.local/share/liferea include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/liferea -mkdir ~/.config/liferea -mkdir ~/.local/share/liferea -whitelist ~/.cache/liferea -whitelist ~/.config/liferea -whitelist ~/.local/share/liferea +mkdir ${HOME}/.cache/liferea +mkdir ${HOME}/.config/liferea +mkdir ${HOME}/.local/share/liferea +whitelist ${HOME}/.cache/liferea +whitelist ${HOME}/.config/liferea +whitelist ${HOME}/.local/share/liferea include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 1a3b26c10..d4bb1b0e8 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -5,7 +5,7 @@ include /etc/firejail/lximage-qt.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/lximage-qt +noblacklist ${HOME}/.config/lximage-qt include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 0161ffb63..71d7a056f 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -5,8 +5,8 @@ include /etc/firejail/lxmusic.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/xmms2 -noblacklist ~/.config/xmms2 +noblacklist ${HOME}/.cache/xmms2 +noblacklist ${HOME}/.config/xmms2 include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 96846592d..6d2e6b0ce 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile @@ -5,8 +5,8 @@ # for potential issues and their solutions when Firejailing makepkg # This profile could be significantly strengthened by adding the following to makepkg.local -# whitelist ~/ -# whitelist ~/.gnupg +# whitelist ${HOME}/ +# whitelist ${HOME}/.gnupg quiet # Persistent local customizations @@ -16,15 +16,15 @@ include /etc/firejail/globals.local # Enable severely restricted access to ${HOME}/.gnupg -noblacklist ~/.gnupg -read-only ~/.gnupg/gpg.conf -read-only ~/.gnupg/trustdb.gpg -read-only ~/.gnupg/pubring.kbx -blacklist ~/.gnupg/random_seed -blacklist ~/.gnupg/pubring.kbx~ -blacklist ~/.gnupg/private-keys-v1.d -blacklist ~/.gnupg/crls.d -blacklist ~/.gnupg/openpgp-revocs.d +noblacklist ${HOME}/.gnupg +read-only ${HOME}/.gnupg/gpg.conf +read-only ${HOME}/.gnupg/trustdb.gpg +read-only ${HOME}/.gnupg/pubring.kbx +blacklist ${HOME}/.gnupg/random_seed +blacklist ${HOME}/.gnupg/pubring.kbx~ +blacklist ${HOME}/.gnupg/private-keys-v1.d +blacklist ${HOME}/.gnupg/crls.d +blacklist ${HOME}/.gnupg/openpgp-revocs.d # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index dc9946794..9eae27765 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -5,16 +5,16 @@ include /etc/firejail/mediathekview.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/mpv -noblacklist ~/.config/smplayer -noblacklist ~/.config/totem -noblacklist ~/.config/vlc -noblacklist ~/.config/xplayer -noblacklist ~/.java -noblacklist ~/.local/share/totem -noblacklist ~/.local/share/xplayer -noblacklist ~/.mediathek3 -noblacklist ~/.mplayer +noblacklist ${HOME}/.config/mpv +noblacklist ${HOME}/.config/smplayer +noblacklist ${HOME}/.config/totem +noblacklist ${HOME}/.config/vlc +noblacklist ${HOME}/.config/xplayer +noblacklist ${HOME}/.java +noblacklist ${HOME}/.local/share/totem +noblacklist ${HOME}/.local/share/xplayer +noblacklist ${HOME}/.mediathek3 +noblacklist ${HOME}/.mplayer include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/midori.profile b/etc/midori.profile index e8373b042..7cb5326fb 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -5,32 +5,32 @@ include /etc/firejail/midori.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/midori -noblacklist ~/.local/share/midori -# noblacklist ~/.local/share/webkit -# noblacklist ~/.local/share/webkitgtk -noblacklist ~/.pki +noblacklist ${HOME}/.config/midori +noblacklist ${HOME}/.local/share/midori +# noblacklist ${HOME}/.local/share/webkit +# noblacklist ${HOME}/.local/share/webkitgtk +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/midori -mkdir ~/.config/midori -mkdir ~/.local/share/midori -mkdir ~/.local/share/webkit -mkdir ~/.local/share/webkitgtk -mkdir ~/.pki +mkdir ${HOME}/.cache/midori +mkdir ${HOME}/.config/midori +mkdir ${HOME}/.local/share/midori +mkdir ${HOME}/.local/share/webkit +mkdir ${HOME}/.local/share/webkitgtk +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/midori -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/midori -whitelist ~/.lastpass -whitelist ~/.local/share/midori -whitelist ~/.local/share/webkit -whitelist ~/.local/share/webkitgtk -whitelist ~/.pki +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/midori +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/midori +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.local/share/midori +whitelist ${HOME}/.local/share/webkit +whitelist ${HOME}/.local/share/webkitgtk +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/mousepad.profile b/etc/mousepad.profile index e44750f99..0f0051c0a 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -5,7 +5,7 @@ include /etc/firejail/mousepad.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Mousepad +noblacklist ${HOME}/.config/Mousepad include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/musescore.profile b/etc/musescore.profile index b3d04c08f..75f86c842 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile @@ -5,10 +5,10 @@ include /etc/firejail/musescore.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/MusE -noblacklist ~/.config/MuseScore -noblacklist ~/.local/share/data/MusE -noblacklist ~/.local/share/data/MuseScore +noblacklist ${HOME}/.config/MusE +noblacklist ${HOME}/.config/MuseScore +noblacklist ${HOME}/.local/share/data/MusE +noblacklist ${HOME}/.local/share/data/MuseScore include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/mutt.profile b/etc/mutt.profile index bdd629773..bca72f386 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -9,28 +9,28 @@ blacklist /tmp/.X11-unix noblacklist /var/mail noblacklist /var/spool/mail -noblacklist ~/.Mail -noblacklist ~/.bogofilter -noblacklist ~/.cache/mutt -noblacklist ~/.elinks -noblacklist ~/.emacs -noblacklist ~/.emacs.d -noblacklist ~/.gnupg -noblacklist ~/.mail -noblacklist ~/.mailcap -noblacklist ~/.msmtprc -noblacklist ~/.mutt -noblacklist ~/.mutt/muttrc -noblacklist ~/.muttrc -noblacklist ~/.signature -noblacklist ~/.vim -noblacklist ~/.viminfo -noblacklist ~/.vimrc -noblacklist ~/.w3m -noblacklist ~/Mail -noblacklist ~/mail -noblacklist ~/postponed -noblacklist ~/sent +noblacklist ${HOME}/.Mail +noblacklist ${HOME}/.bogofilter +noblacklist ${HOME}/.cache/mutt +noblacklist ${HOME}/.elinks +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.mail +noblacklist ${HOME}/.mailcap +noblacklist ${HOME}/.msmtprc +noblacklist ${HOME}/.mutt +noblacklist ${HOME}/.mutt/muttrc +noblacklist ${HOME}/.muttrc +noblacklist ${HOME}/.signature +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo +noblacklist ${HOME}/.vimrc +noblacklist ${HOME}/.w3m +noblacklist ${HOME}/Mail +noblacklist ${HOME}/mail +noblacklist ${HOME}/postponed +noblacklist ${HOME}/sent include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 45d23cae6..5ba0850fc 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -8,10 +8,10 @@ include /etc/firejail/globals.local # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there # is already a nautilus process running on gnome desktops firejail will have no effect. -noblacklist ~/.config/nautilus -noblacklist ~/.local/share/Trash -noblacklist ~/.local/share/nautilus -noblacklist ~/.local/share/nautilus-python +noblacklist ${HOME}/.config/nautilus +noblacklist ${HOME}/.local/share/Trash +noblacklist ${HOME}/.local/share/nautilus +noblacklist ${HOME}/.local/share/nautilus-python include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 64aa068b1..02b35757a 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -5,18 +5,18 @@ include /etc/firejail/netsurf.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/netsurf -noblacklist ~/.config/netsurf +noblacklist ${HOME}/.cache/netsurf +noblacklist ${HOME}/.config/netsurf include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/netsurf -mkdir ~/.config/netsurf +mkdir ${HOME}/.cache/netsurf +mkdir ${HOME}/.config/netsurf whitelist ${DOWNLOADS} -whitelist ~/.cache/netsurf -whitelist ~/.config/netsurf +whitelist ${HOME}/.cache/netsurf +whitelist ${HOME}/.config/netsurf include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/nylas.profile b/etc/nylas.profile index d96c6b0d4..c2e1e1fdb 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile @@ -5,8 +5,8 @@ include /etc/firejail/nylas.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Nylas Mail -noblacklist ~/.nylas-mail +noblacklist ${HOME}/.config/Nylas Mail +noblacklist ${HOME}/.nylas-mail include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc @@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc whitelist ${DOWNLOADS} -whitelist ~/.config/Nylas Mail -whitelist ~/.nylas-mail +whitelist ${HOME}/.config/Nylas Mail +whitelist ${HOME}/.nylas-mail include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/okular.profile b/etc/okular.profile index 4171a28f8..2c2d395c8 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -7,15 +7,15 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus -noblacklist ~/.config/okularpartrc -noblacklist ~/.config/okularrc -noblacklist ~/.kde/share/apps/okular -noblacklist ~/.kde/share/config/okularpartrc -noblacklist ~/.kde/share/config/okularrc -noblacklist ~/.kde4/share/apps/okular -noblacklist ~/.kde4/share/config/okularpartrc -noblacklist ~/.kde4/share/config/okularrc -noblacklist ~/.local/share/okular +noblacklist ${HOME}/.config/okularpartrc +noblacklist ${HOME}/.config/okularrc +noblacklist ${HOME}/.kde/share/apps/okular +noblacklist ${HOME}/.kde/share/config/okularpartrc +noblacklist ${HOME}/.kde/share/config/okularrc +noblacklist ${HOME}/.kde4/share/apps/okular +noblacklist ${HOME}/.kde4/share/config/okularpartrc +noblacklist ${HOME}/.kde4/share/config/okularrc +noblacklist ${HOME}/.local/share/okular include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 20a9b2227..331bfa939 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile @@ -7,14 +7,14 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.openinvaders +noblacklist ${HOME}/.openinvaders include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.openinvaders -whitelist ~/.openinvaders +mkdir ${HOME}/.openinvaders +whitelist ${HOME}/.openinvaders include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index c295a2082..6079ac7d5 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -5,20 +5,20 @@ include /etc/firejail/opera-beta.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/opera-beta -noblacklist ~/.pki +noblacklist ${HOME}/.config/opera-beta +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/opera -mkdir ~/.config/opera-beta -mkdir ~/.pki +mkdir ${HOME}/.cache/opera +mkdir ${HOME}/.config/opera-beta +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/opera -whitelist ~/.config/opera-beta -whitelist ~/.pki +whitelist ${HOME}/.cache/opera +whitelist ${HOME}/.config/opera-beta +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc netfilter diff --git a/etc/opera.profile b/etc/opera.profile index 553ea6790..2b9b903ac 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -5,24 +5,24 @@ include /etc/firejail/opera.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/opera -noblacklist ~/.config/opera -noblacklist ~/.opera -noblacklist ~/.pki +noblacklist ${HOME}/.cache/opera +noblacklist ${HOME}/.config/opera +noblacklist ${HOME}/.opera +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/opera -mkdir ~/.config/opera -mkdir ~/.opera -mkdir ~/.pki +mkdir ${HOME}/.cache/opera +mkdir ${HOME}/.config/opera +mkdir ${HOME}/.opera +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/opera -whitelist ~/.config/opera -whitelist ~/.opera -whitelist ~/.pki +whitelist ${HOME}/.cache/opera +whitelist ${HOME}/.config/opera +whitelist ${HOME}/.opera +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc netfilter diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 054e876c5..8bdcb7334 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -5,8 +5,8 @@ include /etc/firejail/palemoon.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/moonchild productions/pale moon -noblacklist ~/.moonchild productions/pale moon +noblacklist ${HOME}/.cache/moonchild productions/pale moon +noblacklist ${HOME}/.moonchild productions/pale moon include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc @@ -14,29 +14,29 @@ include /etc/firejail/disable-programs.inc # These are uncommented in the Firefox profile. If you run into trouble you may # want to uncomment (some of) them. -#whitelist ~/dwhelper -#whitelist ~/.zotero -#whitelist ~/.vimperatorrc -#whitelist ~/.vimperator -#whitelist ~/.pentadactylrc -#whitelist ~/.pentadactyl -#whitelist ~/.keysnail.js -#whitelist ~/.config/gnome-mplayer -#whitelist ~/.cache/gnome-mplayer/plugin -#whitelist ~/.pki -#whitelist ~/.lastpass +#whitelist ${HOME}/dwhelper +#whitelist ${HOME}/.zotero +#whitelist ${HOME}/.vimperatorrc +#whitelist ${HOME}/.vimperator +#whitelist ${HOME}/.pentadactylrc +#whitelist ${HOME}/.pentadactyl +#whitelist ${HOME}/.keysnail.js +#whitelist ${HOME}/.config/gnome-mplayer +#whitelist ${HOME}/.cache/gnome-mplayer/plugin +#whitelist ${HOME}/.pki +#whitelist ${HOME}/.lastpass # For silverlight -#whitelist ~/.wine-pipelight -#whitelist ~/.wine-pipelight64 -#whitelist ~/.config/pipelight-widevine -#whitelist ~/.config/pipelight-silverlight5.1 +#whitelist ${HOME}/.wine-pipelight +#whitelist ${HOME}/.wine-pipelight64 +#whitelist ${HOME}/.config/pipelight-widevine +#whitelist ${HOME}/.config/pipelight-silverlight5.1 -mkdir ~/.cache/moonchild productions/pale moon -mkdir ~/.moonchild productions +mkdir ${HOME}/.cache/moonchild productions/pale moon +mkdir ${HOME}/.moonchild productions whitelist ${DOWNLOADS} -whitelist ~/.cache/moonchild productions/pale moon -whitelist ~/.moonchild productions +whitelist ${HOME}/.cache/moonchild productions/pale moon +whitelist ${HOME}/.moonchild productions include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 03e7e450f..08c607020 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile @@ -8,8 +8,8 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus noblacklist ${HOME}/.local/share/Trash -# noblacklist ~/.config/libfm - disable-programs.inc is disabled, see below -# noblacklist ~/.config/pcmanfm +# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below +# noblacklist ${HOME}/.config/pcmanfm include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/pingus.profile b/etc/pingus.profile index c491a2669..65aeedd86 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile @@ -7,14 +7,14 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.pingus +noblacklist ${HOME}/.pingus include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.pingus -whitelist ~/.pingus +mkdir ${HOME}/.pingus +whitelist ${HOME}/.pingus include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/pix.profile b/etc/pix.profile index 5440e4634..9eca6f87e 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -7,8 +7,8 @@ include /etc/firejail/globals.local noblacklist ${HOME}/.config/pix noblacklist ${HOME}/.local/share/pix -noblacklist ~/.Steam -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 72c52d967..8d2ace96a 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -13,13 +13,13 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/psi+ -mkdir ~/.config/psi+ -mkdir ~/.local/share/psi+ +mkdir ${HOME}/.cache/psi+ +mkdir ${HOME}/.config/psi+ +mkdir ${HOME}/.local/share/psi+ whitelist ${DOWNLOADS} -whitelist ~/.cache/psi+ -whitelist ~/.config/psi+ -whitelist ~/.local/share/psi+ +whitelist ${HOME}/.cache/psi+ +whitelist ${HOME}/.config/psi+ +whitelist ${HOME}/.local/share/psi+ include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 32eb7de5b..9c4e6e356 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -5,25 +5,25 @@ include /etc/firejail/qbittorrent.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/qBittorrent -noblacklist ~/.config/qBittorrent -noblacklist ~/.config/qBittorrentrc -noblacklist ~/.config/qt5ct +noblacklist ${HOME}/.cache/qBittorrent +noblacklist ${HOME}/.config/qBittorrent +noblacklist ${HOME}/.config/qBittorrentrc +noblacklist ${HOME}/.config/qt5ct include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/qBittorrent -mkdir ~/.config/qBittorrent -mkdir ~/.local/share/data/qBittorrent +mkdir ${HOME}/.cache/qBittorrent +mkdir ${HOME}/.config/qBittorrent +mkdir ${HOME}/.local/share/data/qBittorrent whitelist ${DOWNLOADS} -whitelist ~/.cache/qBittorrent -whitelist ~/.config/qBittorrent -whitelist ~/.config/qBittorrentrc -whitelist ~/.config/qt5ct -whitelist ~/.local/share/data/qBittorrent +whitelist ${HOME}/.cache/qBittorrent +whitelist ${HOME}/.config/qBittorrent +whitelist ${HOME}/.config/qBittorrentrc +whitelist ${HOME}/.config/qt5ct +whitelist ${HOME}/.local/share/data/qBittorrent include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 2738e04bb..20b14c0ca 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile @@ -5,7 +5,7 @@ include /etc/firejail/qemu-launcher.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.qemu-launcher +noblacklist ${HOME}/.qemu-launcher include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/qtox.profile b/etc/qtox.profile index 226d516ad..917e2cde8 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -5,8 +5,8 @@ include /etc/firejail/qtox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/qt5ct -noblacklist ~/.config/tox +noblacklist ${HOME}/.config/qt5ct +noblacklist ${HOME}/.config/tox include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/quiterss.profile b/etc/quiterss.profile index f820b590e..0d02cacae 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -15,10 +15,10 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/QuiteRss -mkdir ~/.config/QuiteRss -mkdir ~/.local/share/data -mkdir ~/.local/share/data/QuiteRss +mkdir ${HOME}/.cache/QuiteRss +mkdir ${HOME}/.config/QuiteRss +mkdir ${HOME}/.local/share/data +mkdir ${HOME}/.local/share/data/QuiteRss whitelist ${HOME}/.cache/QuiteRss whitelist ${HOME}/.config/QuiteRss/ whitelist ${HOME}/.config/QuiteRssrc diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 7b7086bde..74c7355b6 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc whitelist ${DOWNLOADS} -whitelist ~/.cache/qupzilla -whitelist ~/.config/qupzilla +whitelist ${HOME}/.cache/qupzilla +whitelist ${HOME}/.config/qupzilla include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 31721617f..b6834aaad 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -5,20 +5,20 @@ include /etc/firejail/qutebrowser.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/qutebrowser -noblacklist ~/.config/qutebrowser +noblacklist ${HOME}/.cache/qutebrowser +noblacklist ${HOME}/.config/qutebrowser include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/qutebrowser -mkdir ~/.config/qutebrowser -mkdir ~/.local/share/qutebrowser +mkdir ${HOME}/.cache/qutebrowser +mkdir ${HOME}/.config/qutebrowser +mkdir ${HOME}/.local/share/qutebrowser whitelist ${DOWNLOADS} -whitelist ~/.cache/qutebrowser -whitelist ~/.config/qutebrowser -whitelist ~/.local/share/qutebrowser +whitelist ${HOME}/.cache/qutebrowser +whitelist ${HOME}/.config/qutebrowser +whitelist ${HOME}/.local/share/qutebrowser include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/rambox.profile b/etc/rambox.profile index 2696df86b..f17f1d202 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile @@ -5,18 +5,18 @@ include /etc/firejail/rambox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Rambox -noblacklist ~/.pki +noblacklist ${HOME}/.config/Rambox +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/Rambox -mkdir ~/.pki +mkdir ${HOME}/.config/Rambox +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.config/Rambox -whitelist ~/.pki +whitelist ${HOME}/.config/Rambox +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/ranger.profile b/etc/ranger.profile index 0dac16424..211a1b2d5 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -11,7 +11,7 @@ blacklist /run/user/*/bus noblacklist /usr/bin/perl noblacklist /usr/lib/perl* noblacklist /usr/share/perl* -noblacklist ~/.config/ranger +noblacklist ${HOME}/.config/ranger include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 3de5de34a..114bb30f4 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -6,8 +6,8 @@ include /etc/firejail/ristretto.local include /etc/firejail/globals.local noblacklist ${HOME}/.config/ristretto -noblacklist ~/.Steam -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/scribus.profile b/etc/scribus.profile index e49d484ed..001b91387 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -8,20 +8,20 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus # Support for PDF readers comes with Scribus 1.5 and higher -noblacklist ~/.config/okularpartrc -noblacklist ~/.config/okularrc -noblacklist ~/.config/scribus -noblacklist ~/.config/scribusrc -noblacklist ~/.gimp* -noblacklist ~/.kde/share/apps/okular -noblacklist ~/.kde/share/config/okularpartrc -noblacklist ~/.kde/share/config/okularrc -noblacklist ~/.kde4/share/apps/okular -noblacklist ~/.kde4/share/config/okularpartrc -noblacklist ~/.kde4/share/config/okularrc -noblacklist ~/.local/share/okular -noblacklist ~/.local/share/scribus -noblacklist ~/.scribus +noblacklist ${HOME}/.config/okularpartrc +noblacklist ${HOME}/.config/okularrc +noblacklist ${HOME}/.config/scribus +noblacklist ${HOME}/.config/scribusrc +noblacklist ${HOME}/.gimp* +noblacklist ${HOME}/.kde/share/apps/okular +noblacklist ${HOME}/.kde/share/config/okularpartrc +noblacklist ${HOME}/.kde/share/config/okularrc +noblacklist ${HOME}/.kde4/share/apps/okular +noblacklist ${HOME}/.kde4/share/config/okularpartrc +noblacklist ${HOME}/.kde4/share/config/okularrc +noblacklist ${HOME}/.local/share/okular +noblacklist ${HOME}/.local/share/scribus +noblacklist ${HOME}/.scribus include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 36dde66b0..cfd03300a 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -5,34 +5,34 @@ include /etc/firejail/seamonkey.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/mozilla -noblacklist ~/.mozilla -noblacklist ~/.pki +noblacklist ${HOME}/.cache/mozilla +noblacklist ${HOME}/.mozilla +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/mozilla -mkdir ~/.mozilla +mkdir ${HOME}/.cache/mozilla +mkdir ${HOME}/.mozilla whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/mozilla -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.mozilla -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/mozilla +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index 88e3eef20..b9f7a6c33 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile @@ -5,16 +5,16 @@ include /etc/firejail/signal-desktop.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/Signal +noblacklist ${HOME}/.config/Signal include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc -mkdir ~/.config/Signal +mkdir ${HOME}/.config/Signal whitelist ${DOWNLOADS} -whitelist ~/.config/Signal +whitelist ${HOME}/.config/Signal include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index edd4db861..b7dc3c57c 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -5,7 +5,7 @@ include /etc/firejail/simple-scan.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/simple-scan +noblacklist ${HOME}/.cache/simple-scan include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 1cbd9756c..89d1f2925 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile @@ -7,14 +7,14 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.simutrans +noblacklist ${HOME}/.simutrans include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.simutrans -whitelist ~/.simutrans +mkdir ${HOME}/.simutrans +whitelist ${HOME}/.simutrans include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/snap.profile b/etc/snap.profile index 38aef7c23..345525c9a 100644 --- a/etc/snap.profile +++ b/etc/snap.profile @@ -12,5 +12,5 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc whitelist ${DOWNLOADS} -whitelist ~/snap +whitelist ${HOME}/snap include /etc/firejail/whitelist-common.inc diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index fa5728d9b..b71c20231 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -10,7 +10,7 @@ blacklist /tmp/.X11-unix noblacklist /etc/ssh noblacklist /tmp/ssh-* -noblacklist ~/.ssh +noblacklist ${HOME}/.ssh include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/ssh.profile b/etc/ssh.profile index 7ac0b8417..df86a276e 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -8,7 +8,7 @@ include /etc/firejail/globals.local noblacklist /etc/ssh noblacklist /tmp/ssh-* -noblacklist ~/.ssh +noblacklist ${HOME}/.ssh include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 360b9f881..889a21a60 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -5,18 +5,18 @@ include /etc/firejail/stellarium.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/stellarium -noblacklist ~/.stellarium +noblacklist ${HOME}/.config/stellarium +noblacklist ${HOME}/.stellarium include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/stellarium -mkdir ~/.stellarium -whitelist ~/.config/stellarium -whitelist ~/.stellarium +mkdir ${HOME}/.config/stellarium +mkdir ${HOME}/.stellarium +whitelist ${HOME}/.config/stellarium +whitelist ${HOME}/.stellarium include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 120f0a043..2b5bb07c3 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile @@ -7,14 +7,14 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.local/share/supertux2 +noblacklist ${HOME}/.local/share/supertux2 include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.local/share/supertux2 -whitelist ~/.local/share/supertux2 +mkdir ${HOME}/.local/share/supertux2 +whitelist ${HOME}/.local/share/supertux2 include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/surf.profile b/etc/surf.profile index a12212f16..6f7bd16f6 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -5,13 +5,13 @@ include /etc/firejail/surf.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.surf +noblacklist ${HOME}/.surf include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.surf +mkdir ${HOME}/.surf whitelist ${DOWNLOADS} include /etc/firejail/whitelist-common.inc diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 52965cf90..8af981d70 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile @@ -8,19 +8,19 @@ include /etc/firejail/globals.local # Users have thunderbird set to open a browser by clicking a link in an email # We are not allowed to blacklist browser-specific directories -noblacklist ~/.cache/thunderbird -noblacklist ~/.gnupg -noblacklist ~/.icedove -noblacklist ~/.thunderbird +noblacklist ${HOME}/.cache/thunderbird +noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.icedove +noblacklist ${HOME}/.thunderbird -mkdir ~/.cache/thunderbird -mkdir ~/.gnupg -mkdir ~/.icedove -mkdir ~/.thunderbird -whitelist ~/.cache/thunderbird -whitelist ~/.gnupg -whitelist ~/.icedove -whitelist ~/.thunderbird +mkdir ${HOME}/.cache/thunderbird +mkdir ${HOME}/.gnupg +mkdir ${HOME}/.icedove +mkdir ${HOME}/.thunderbird +whitelist ${HOME}/.cache/thunderbird +whitelist ${HOME}/.gnupg +whitelist ${HOME}/.icedove +whitelist ${HOME}/.thunderbird include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc @@ -28,7 +28,7 @@ include /etc/firejail/whitelist-var-common.inc ignore private-tmp machine-id disable-mnt -read-only ~/.config/mimeapps.list +read-only ${HOME}/.config/mimeapps.list # allow browsers # Redirect diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 85af86068..c2e182cea 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -5,18 +5,18 @@ include /etc/firejail/torbrowser-launcher.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.tor-browser-en -noblacklist ~/.config/torbrowser -noblacklist ~/.local/share/torbrowser +noblacklist ${HOME}/.tor-browser-en +noblacklist ${HOME}/.config/torbrowser +noblacklist ${HOME}/.local/share/torbrowser include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -whitelist ~/.tor-browser-en -whitelist ~/.config/torbrowser -whitelist ~/.local/share/torbrowser +whitelist ${HOME}/.tor-browser-en +whitelist ${HOME}/.config/torbrowser +whitelist ${HOME}/.local/share/torbrowser include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/totem.profile b/etc/totem.profile index ccf292da0..be0617024 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -5,8 +5,8 @@ include /etc/firejail/totem.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/totem -noblacklist ~/.local/share/totem +noblacklist ${HOME}/.config/totem +noblacklist ${HOME}/.local/share/totem include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0dad515d0..dac1c07b1 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/transmission -mkdir ~/.config/transmission +mkdir ${HOME}/.cache/transmission +mkdir ${HOME}/.config/transmission whitelist ${DOWNLOADS} -whitelist ~/.cache/transmission -whitelist ~/.config/transmission +whitelist ${HOME}/.cache/transmission +whitelist ${HOME}/.config/transmission include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 1da9afb5a..2d3ad0c7a 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/transmission -mkdir ~/.config/transmission +mkdir ${HOME}/.cache/transmission +mkdir ${HOME}/.config/transmission whitelist ${DOWNLOADS} -whitelist ~/.cache/transmission -whitelist ~/.config/transmission +whitelist ${HOME}/.cache/transmission +whitelist ${HOME}/.config/transmission include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index 30e2a619d..1a426cbf6 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -5,8 +5,8 @@ include /etc/firejail/tuxguitar.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.java -noblacklist ~/.tuxguitar* +noblacklist ${HOME}/.java +noblacklist ${HOME}/.tuxguitar* include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 56ff4f886..8fbc3b7e6 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -11,9 +11,9 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/uGet +mkdir ${HOME}/.config/uGet whitelist ${DOWNLOADS} -whitelist ~/.config/uGet +whitelist ${HOME}/.config/uGet include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 5f70843d6..34c148ee9 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile @@ -5,14 +5,14 @@ include /etc/firejail/unknown-horizons.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.unknown-horizons +noblacklist ${HOME}/.unknown-horizons include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.unknown-horizons -whitelist ~/.unknown-horizons +mkdir ${HOME}/.unknown-horizons +whitelist ${HOME}/.unknown-horizons include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index e7c931f30..1070a6c2c 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile @@ -5,22 +5,22 @@ include /etc/firejail/uzbl-browser.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/uzbl -noblacklist ~/.gnupg +noblacklist ${HOME}/.config/uzbl +noblacklist ${HOME}/.gnupg include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/uzbl -mkdir ~/.gnupg -mkdir ~/.local/share/uzbl -mkdir ~/.password-store +mkdir ${HOME}/.config/uzbl +mkdir ${HOME}/.gnupg +mkdir ${HOME}/.local/share/uzbl +mkdir ${HOME}/.password-store whitelist ${DOWNLOADS} -whitelist ~/.config/uzbl -whitelist ~/.gnupg -whitelist ~/.local/share/uzbl -whitelist ~/.password-store +whitelist ${HOME}/.config/uzbl +whitelist ${HOME}/.gnupg +whitelist ${HOME}/.local/share/uzbl +whitelist ${HOME}/.password-store include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 92d59e732..25e5956ba 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -6,12 +6,12 @@ include /etc/firejail/viewnior.local include /etc/firejail/globals.local blacklist /run/user/*/bus -blacklist ~/.Xauthority -blacklist ~/.bashrc +blacklist ${HOME}/.Xauthority +blacklist ${HOME}/.bashrc -noblacklist ~/.Steam -noblacklist ~/.config/viewnior -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.config/viewnior +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/vim.profile b/etc/vim.profile index e1d5da9e3..7fe16e628 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -5,9 +5,9 @@ include /etc/firejail/vim.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.vim -noblacklist ~/.viminfo -noblacklist ~/.vimrc +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo +noblacklist ${HOME}/.vimrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index b01e6d144..61177698a 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile @@ -16,10 +16,10 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -mkdir ~/.config/VirtualBox -mkdir ~/VirtualBox VMs -whitelist ~/.config/VirtualBox -whitelist ~/VirtualBox VMs +mkdir ${HOME}/.config/VirtualBox +mkdir ${HOME}/VirtualBox VMs +whitelist ${HOME}/.config/VirtualBox +whitelist ${HOME}/VirtualBox VMs whitelist ${DOWNLOADS} include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 3cbc5b45c..039c8ed58 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -5,18 +5,18 @@ include /etc/firejail/vivaldi.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/vivaldi -noblacklist ~/.config/vivaldi +noblacklist ${HOME}/.cache/vivaldi +noblacklist ${HOME}/.config/vivaldi include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/vivaldi -mkdir ~/.config/vivaldi +mkdir ${HOME}/.cache/vivaldi +mkdir ${HOME}/.config/vivaldi whitelist ${DOWNLOADS} -whitelist ~/.cache/vivaldi -whitelist ~/.config/vivaldi +whitelist ${HOME}/.cache/vivaldi +whitelist ${HOME}/.config/vivaldi include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/vym.profile b/etc/vym.profile index b38d87fde..b73916b0f 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -5,7 +5,7 @@ include /etc/firejail/vym.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/InSilmaril +noblacklist ${HOME}/.config/InSilmaril include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/w3m.profile b/etc/w3m.profile index eddedd37a..2d56aa660 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -7,7 +7,7 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.w3m +noblacklist ${HOME}/.w3m include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 43eacdafc..d8d68da64 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -5,17 +5,17 @@ include /etc/firejail/warzone2100.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.warzone2100-3.* +noblacklist ${HOME}/.warzone2100-3.* include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc -# mkdir ~/.warzone2100-3.1 -# mkdir ~/.warzone2100-3.2 -whitelist ~/.warzone2100-3.1 -whitelist ~/.warzone2100-3.2 +# mkdir ${HOME}/.warzone2100-3.1 +# mkdir ${HOME}/.warzone2100-3.2 +whitelist ${HOME}/.warzone2100-3.1 +whitelist ${HOME}/.warzone2100-3.2 include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 53543e97e..b2abb3a5f 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -5,65 +5,65 @@ include /etc/firejail/waterfox.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/mozilla -noblacklist ~/.cache/waterfox -noblacklist ~/.config/okularpartrc -noblacklist ~/.config/okularrc -noblacklist ~/.config/qpdfview -noblacklist ~/.kde/share/apps/okular -noblacklist ~/.kde/share/config/okularpartrc -noblacklist ~/.kde/share/config/okularrc -noblacklist ~/.kde4/share/apps/okular -noblacklist ~/.kde4/share/config/okularpartrc -noblacklist ~/.kde4/share/config/okularrc -# noblacklist ~/.local/share/gnome-shell/extensions -noblacklist ~/.local/share/okular -noblacklist ~/.local/share/qpdfview -noblacklist ~/.mozilla -noblacklist ~/.waterfox -noblacklist ~/.pki +noblacklist ${HOME}/.cache/mozilla +noblacklist ${HOME}/.cache/waterfox +noblacklist ${HOME}/.config/okularpartrc +noblacklist ${HOME}/.config/okularrc +noblacklist ${HOME}/.config/qpdfview +noblacklist ${HOME}/.kde/share/apps/okular +noblacklist ${HOME}/.kde/share/config/okularpartrc +noblacklist ${HOME}/.kde/share/config/okularrc +noblacklist ${HOME}/.kde4/share/apps/okular +noblacklist ${HOME}/.kde4/share/config/okularpartrc +noblacklist ${HOME}/.kde4/share/config/okularrc +# noblacklist ${HOME}/.local/share/gnome-shell/extensions +noblacklist ${HOME}/.local/share/okular +noblacklist ${HOME}/.local/share/qpdfview +noblacklist ${HOME}/.mozilla +noblacklist ${HOME}/.waterfox +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/mozilla/firefox -mkdir ~/.mozilla -mkdir ~/.cache/waterfox -mkdir ~/.waterfox -mkdir ~/.pki +mkdir ${HOME}/.cache/mozilla/firefox +mkdir ${HOME}/.mozilla +mkdir ${HOME}/.cache/waterfox +mkdir ${HOME}/.waterfox +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/gnome-mplayer/plugin -whitelist ~/.cache/mozilla/firefox -whitelist ~/.cache/waterfox -whitelist ~/.config/gnome-mplayer -whitelist ~/.config/okularpartrc -whitelist ~/.config/okularrc -whitelist ~/.config/pipelight-silverlight5.1 -whitelist ~/.config/pipelight-widevine -whitelist ~/.config/qpdfview -whitelist ~/.kde/share/apps/okular -whitelist ~/.kde/share/config/okularpartrc -whitelist ~/.kde/share/config/okularrc -whitelist ~/.kde4/share/apps/okular -whitelist ~/.kde4/share/config/okularpartrc -whitelist ~/.kde4/share/config/okularrc -whitelist ~/.keysnail.js -whitelist ~/.lastpass -whitelist ~/.local/share/gnome-shell/extensions -whitelist ~/.local/share/okular -whitelist ~/.local/share/qpdfview -whitelist ~/.mozilla -whitelist ~/.waterfox -whitelist ~/.pentadactyl -whitelist ~/.pentadactylrc -whitelist ~/.pki -whitelist ~/.vimperator -whitelist ~/.vimperatorrc -whitelist ~/.wine-pipelight -whitelist ~/.wine-pipelight64 -whitelist ~/.zotero -whitelist ~/dwhelper +whitelist ${HOME}/.cache/gnome-mplayer/plugin +whitelist ${HOME}/.cache/mozilla/firefox +whitelist ${HOME}/.cache/waterfox +whitelist ${HOME}/.config/gnome-mplayer +whitelist ${HOME}/.config/okularpartrc +whitelist ${HOME}/.config/okularrc +whitelist ${HOME}/.config/pipelight-silverlight5.1 +whitelist ${HOME}/.config/pipelight-widevine +whitelist ${HOME}/.config/qpdfview +whitelist ${HOME}/.kde/share/apps/okular +whitelist ${HOME}/.kde/share/config/okularpartrc +whitelist ${HOME}/.kde/share/config/okularrc +whitelist ${HOME}/.kde4/share/apps/okular +whitelist ${HOME}/.kde4/share/config/okularpartrc +whitelist ${HOME}/.kde4/share/config/okularrc +whitelist ${HOME}/.keysnail.js +whitelist ${HOME}/.lastpass +whitelist ${HOME}/.local/share/gnome-shell/extensions +whitelist ${HOME}/.local/share/okular +whitelist ${HOME}/.local/share/qpdfview +whitelist ${HOME}/.mozilla +whitelist ${HOME}/.waterfox +whitelist ${HOME}/.pentadactyl +whitelist ${HOME}/.pentadactylrc +whitelist ${HOME}/.pki +whitelist ${HOME}/.vimperator +whitelist ${HOME}/.vimperatorrc +whitelist ${HOME}/.wine-pipelight +whitelist ${HOME}/.wine-pipelight64 +whitelist ${HOME}/.zotero +whitelist ${HOME}/dwhelper include /etc/firejail/whitelist-common.inc include /etc/firejail/whitelist-var-common.inc diff --git a/etc/wget.profile b/etc/wget.profile index 510ef18f3..a16d770f2 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -8,7 +8,7 @@ include /etc/firejail/globals.local blacklist /tmp/.X11-unix -noblacklist ~/.wgetrc +noblacklist ${HOME}/.wgetrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 0a8bc4685..638f1d7fc 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc @@ -3,61 +3,61 @@ include /etc/firejail/whitelist-common.local # common whitelist for all profiles -whitelist ~/.XCompose -whitelist ~/.config/mimeapps.list -whitelist ~/.icons -whitelist ~/.local/share/icons -whitelist ~/.config/user-dirs.dirs -read-only ~/.config/user-dirs.dirs -whitelist ~/.asoundrc -whitelist ~/.config/Trolltech.conf -whitelist ~/.local/share/mime -whitelist ~/.drirc -whitelist ~/.mime.types -whitelist ~/.local/share/applications -read-only ~/.local/share/applications -whitelist ~/.config/ibus +whitelist ${HOME}/.XCompose +whitelist ${HOME}/.config/mimeapps.list +whitelist ${HOME}/.icons +whitelist ${HOME}/.local/share/icons +whitelist ${HOME}/.config/user-dirs.dirs +read-only ${HOME}/.config/user-dirs.dirs +whitelist ${HOME}/.asoundrc +whitelist ${HOME}/.config/Trolltech.conf +whitelist ${HOME}/.local/share/mime +whitelist ${HOME}/.drirc +whitelist ${HOME}/.mime.types +whitelist ${HOME}/.local/share/applications +read-only ${HOME}/.local/share/applications +whitelist ${HOME}/.config/ibus # fonts -whitelist ~/.fonts -whitelist ~/.fonts.d -whitelist ~/.fontconfig -whitelist ~/.fonts.conf -whitelist ~/.fonts.conf.d -whitelist ~/.local/share/fonts -whitelist ~/.config/fontconfig -whitelist ~/.cache/fontconfig -whitelist ~/.pangorc +whitelist ${HOME}/.fonts +whitelist ${HOME}/.fonts.d +whitelist ${HOME}/.fontconfig +whitelist ${HOME}/.fonts.conf +whitelist ${HOME}/.fonts.conf.d +whitelist ${HOME}/.local/share/fonts +whitelist ${HOME}/.config/fontconfig +whitelist ${HOME}/.cache/fontconfig +whitelist ${HOME}/.pangorc # gtk -whitelist ~/.gtkrc -whitelist ~/.gtkrc-2.0 -whitelist ~/.gtk-2.0 -whitelist ~/.config/gtk-2.0 -whitelist ~/.config/gtk-3.0 -whitelist ~/.config/gtkrc -whitelist ~/.config/gtkrc-2.0 -whitelist ~/.themes -whitelist ~/.local/share/themes -whitelist ~/.kde/share/config/gtkrc -whitelist ~/.kde/share/config/gtkrc-2.0 -whitelist ~/.kde4/share/config/gtkrc -whitelist ~/.kde4/share/config/gtkrc-2.0 -whitelist ~/.gnome2 -whitelist ~/.gnome2-private +whitelist ${HOME}/.gtkrc +whitelist ${HOME}/.gtkrc-2.0 +whitelist ${HOME}/.gtk-2.0 +whitelist ${HOME}/.config/gtk-2.0 +whitelist ${HOME}/.config/gtk-3.0 +whitelist ${HOME}/.config/gtkrc +whitelist ${HOME}/.config/gtkrc-2.0 +whitelist ${HOME}/.themes +whitelist ${HOME}/.local/share/themes +whitelist ${HOME}/.kde/share/config/gtkrc +whitelist ${HOME}/.kde/share/config/gtkrc-2.0 +whitelist ${HOME}/.kde4/share/config/gtkrc +whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 +whitelist ${HOME}/.gnome2 +whitelist ${HOME}/.gnome2-private # dconf -mkdir ~/.config/dconf -whitelist ~/.config/dconf +mkdir ${HOME}/.config/dconf +whitelist ${HOME}/.config/dconf # qt/kde -whitelist ~/.config/kdeglobals -whitelist ~/.config/kioslaverc -whitelist ~/.kde/share/config/oxygenrc -whitelist ~/.kde/share/config/kdeglobals -whitelist ~/.kde/share/config/kioslaverc -whitelist ~/.kde/share/icons -whitelist ~/.kde4/share/config/oxygenrc -whitelist ~/.kde4/share/config/kdeglobals -whitelist ~/.kde4/share/config/kioslaverc -whitelist ~/.kde4/share/icons +whitelist ${HOME}/.config/kdeglobals +whitelist ${HOME}/.config/kioslaverc +whitelist ${HOME}/.kde/share/config/oxygenrc +whitelist ${HOME}/.kde/share/config/kdeglobals +whitelist ${HOME}/.kde/share/config/kioslaverc +whitelist ${HOME}/.kde/share/icons +whitelist ${HOME}/.kde4/share/config/oxygenrc +whitelist ${HOME}/.kde4/share/config/kdeglobals +whitelist ${HOME}/.kde4/share/config/kioslaverc +whitelist ${HOME}/.kde4/share/icons diff --git a/etc/wire.profile b/etc/wire.profile index af14f686f..fc25cbc1e 100644 --- a/etc/wire.profile +++ b/etc/wire.profile @@ -8,8 +8,8 @@ include /etc/firejail/globals.local # Note: the current beta version of wire is located in /opt/Wire/wire and therefore not in PATH. # To use wire with firejail run "firejail /opt/Wire/wire" -noblacklist ~/.config/Wire -noblacklist ~/.config/wire +noblacklist ${HOME}/.config/Wire +noblacklist ${HOME}/.config/wire include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xfburn.profile b/etc/xfburn.profile index ec1aca75f..fc90f67e2 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -5,7 +5,7 @@ include /etc/firejail/xfburn.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/xfburn +noblacklist ${HOME}/.config/xfburn include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 5a07d4b74..91b782473 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -5,11 +5,11 @@ include /etc/firejail/xiphos.local # Persistent global definitions include /etc/firejail/globals.local -blacklist ~/.Xauthority -blacklist ~/.bashrc +blacklist ${HOME}/.Xauthority +blacklist ${HOME}/.bashrc -noblacklist ~/.sword -noblacklist ~/.xiphos +noblacklist ${HOME}/.sword +noblacklist ${HOME}/.xiphos include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xplayer.profile b/etc/xplayer.profile index d4a2fa846..8ea361d79 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -5,8 +5,8 @@ include /etc/firejail/xplayer.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/xplayer -noblacklist ~/.local/share/xplayer +noblacklist ${HOME}/.config/xplayer +noblacklist ${HOME}/.local/share/xplayer include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xreader.profile b/etc/xreader.profile index 76fae9fed..00bd1ee2f 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -5,9 +5,9 @@ include /etc/firejail/xreader.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/xreader -noblacklist ~/.config/xreader -# noblacklist ~/.local/share +noblacklist ${HOME}/.cache/xreader +noblacklist ${HOME}/.config/xreader +# noblacklist ${HOME}/.local/share include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 5c624c384..7c4ede111 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -7,10 +7,10 @@ include /etc/firejail/globals.local # blacklist /run/user/*/bus - makes settings immutable -noblacklist ~/.Steam -noblacklist ~/.config/xviewer -noblacklist ~/.local/share/Trash -noblacklist ~/.steam +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.config/xviewer +noblacklist ${HOME}/.local/share/Trash +noblacklist ${HOME}/.steam include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile index bfb7b9d87..605ce3413 100644 --- a/etc/yandex-browser.profile +++ b/etc/yandex-browser.profile @@ -5,27 +5,27 @@ include /etc/firejail/yandex-browser.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.cache/yandex-browser -noblacklist ~/.cache/yandex-browser-beta -noblacklist ~/.config/yandex-browser -noblacklist ~/.config/yandex-browser-beta -noblacklist ~/.pki +noblacklist ${HOME}/.cache/yandex-browser +noblacklist ${HOME}/.cache/yandex-browser-beta +noblacklist ${HOME}/.config/yandex-browser +noblacklist ${HOME}/.config/yandex-browser-beta +noblacklist ${HOME}/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.cache/yandex-browser -mkdir ~/.cache/yandex-browser-beta -mkdir ~/.config/yandex-browser -mkdir ~/.config/yandex-browser-beta -mkdir ~/.pki +mkdir ${HOME}/.cache/yandex-browser +mkdir ${HOME}/.cache/yandex-browser-beta +mkdir ${HOME}/.config/yandex-browser +mkdir ${HOME}/.config/yandex-browser-beta +mkdir ${HOME}/.pki whitelist ${DOWNLOADS} -whitelist ~/.cache/yandex-browser -whitelist ~/.cache/yandex-browser-beta -whitelist ~/.config/yandex-browser -whitelist ~/.config/yandex-browser-beta -whitelist ~/.pki +whitelist ${HOME}/.cache/yandex-browser +whitelist ${HOME}/.cache/yandex-browser-beta +whitelist ${HOME}/.config/yandex-browser +whitelist ${HOME}/.config/yandex-browser-beta +whitelist ${HOME}/.pki include /etc/firejail/whitelist-common.inc caps.keep sys_chroot,sys_admin diff --git a/etc/zathura.profile b/etc/zathura.profile index ad64371e8..636d89bef 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -7,8 +7,8 @@ include /etc/firejail/globals.local blacklist /run/user/*/bus -noblacklist ~/.config/zathura -noblacklist ~/.local/share/zathura +noblacklist ${HOME}/.config/zathura +noblacklist ${HOME}/.local/share/zathura include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc @@ -31,5 +31,5 @@ private-bin zathura private-dev private-etc fonts private-tmp -read-only ~/ -read-write ~/.local/share/zathura/ +read-only ${HOME}/ +read-write ${HOME}/.local/share/zathura/ diff --git a/etc/zoom.profile b/etc/zoom.profile index 381df9ab5..061efb44d 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile @@ -5,15 +5,15 @@ include /etc/firejail/zoom.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ~/.config/zoomus.conf +noblacklist ${HOME}/.config/zoomus.conf include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-programs.inc -mkdir ~/.zoom -whitelist ~/.cache/zoom -whitelist ~/.zoom +mkdir ${HOME}/.zoom +whitelist ${HOME}/.cache/zoom +whitelist ${HOME}/.zoom include /etc/firejail/whitelist-common.inc caps.drop all -- cgit v1.2.3-70-g09d2