From 1f45aa83bde6fa9fae955f6d25b366552bb1dcc4 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sun, 13 May 2018 12:10:25 -0500
Subject: Firefox profile fix for 0.9.38 (Ubuntu 16.04) in etc-fixes/

Seccomp filter lifted from 0.9.54 version. Cosmetic errors occur
for unrecognised options (such as @clock) but do not affect sandbox.
---
 etc-fixes/0.9.38/firefox.profile | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 etc-fixes/0.9.38/firefox.profile

(limited to 'etc-fixes/0.9.38')

diff --git a/etc-fixes/0.9.38/firefox.profile b/etc-fixes/0.9.38/firefox.profile
new file mode 100644
index 000000000..c5c47d1b5
--- /dev/null
+++ b/etc-fixes/0.9.38/firefox.profile
@@ -0,0 +1,29 @@
+# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
+noblacklist ${HOME}/.mozilla
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
+protocol unix,inet,inet6,netlink
+netfilter
+# tracelog
+noroot
+whitelist ${DOWNLOADS}
+whitelist ~/.mozilla
+whitelist ~/.cache/mozilla/firefox
+whitelist ~/dwhelper
+whitelist ~/.zotero
+whitelist ~/.lastpass
+whitelist ~/.vimperatorrc
+whitelist ~/.vimperator
+whitelist ~/.pentadactylrc
+whitelist ~/.pentadactyl
+whitelist ~/.keysnail.js
+whitelist ~/.config/gnome-mplayer
+whitelist ~/.cache/gnome-mplayer/plugin
+include /etc/firejail/whitelist-common.inc
+
+# experimental features
+#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
-- 
cgit v1.2.3-70-g09d2