From 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 7 Aug 2017 01:22:08 -0400
Subject: Unify all profiles

---
 etc/cyberfox.profile | 90 ++++++++++++++++++++++++----------------------------
 1 file changed, 42 insertions(+), 48 deletions(-)

(limited to 'etc/cyberfox.profile')

diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index 45fc00d6f..3c18ef002 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -1,75 +1,69 @@
-# Persistent global definitions go here
-include /etc/firejail/globals.local
-
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
+# Firejail profile for cyberfox
+# This file is overwritten after every install/update
+# Persistent local customizations
 include /etc/firejail/cyberfox.local
+# Persistent global definitions
+include /etc/firejail/globals.local
 
-# Firejail profile for Cyberfox (based on Mozilla Firefox)
 noblacklist ~/.8pecxstudios
 noblacklist ~/.cache/8pecxstudios
+noblacklist ~/.config/okularpartrc
+noblacklist ~/.config/okularrc
 noblacklist ~/.config/qpdfview
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.kde/share/apps/okular
+noblacklist ~/.kde4/share/apps/okular
 noblacklist ~/.local/share/okular
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
+noblacklist ~/.local/share/qpdfview
 noblacklist ~/.pki
 
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
 
-caps.drop all
-# ipc-namespace crashes cyberfox on some setups
-netfilter
-nogroups
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-tracelog
-
-whitelist ${DOWNLOADS}
 mkdir ~/.8pecxstudios
-whitelist ~/.8pecxstudios
 mkdir ~/.cache/8pecxstudios
+mkdir ~/.pki
+whitelist ${DOWNLOADS}
+whitelist ~/.8pecxstudios
 whitelist ~/.cache/8pecxstudios
-whitelist ~/dwhelper
-whitelist ~/.zotero
-whitelist ~/.vimperatorrc
-whitelist ~/.vimperator
-whitelist ~/.pentadactylrc
-whitelist ~/.pentadactyl
-whitelist ~/.keysnail.js
-whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
-mkdir ~/.pki
-whitelist ~/.pki
-whitelist ~/.lastpass
-whitelist ~/.config/qpdfview
-whitelist ~/.local/share/qpdfview
-whitelist ~/.config/okularrc
+whitelist ~/.config/gnome-mplayer
 whitelist ~/.config/okularpartrc
-whitelist ~/.kde4/share/apps/okular
+whitelist ~/.config/okularrc
+whitelist ~/.config/pipelight-silverlight5.1
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.config/qpdfview
 whitelist ~/.kde/share/apps/okular
+whitelist ~/.kde4/share/apps/okular
+whitelist ~/.keysnail.js
+whitelist ~/.lastpass
 whitelist ~/.local/share/okular
-
-# silverlight
+whitelist ~/.local/share/qpdfview
+whitelist ~/.pentadactyl
+whitelist ~/.pentadactylrc
+whitelist ~/.pki
+whitelist ~/.vimperator
+whitelist ~/.vimperatorrc
 whitelist ~/.wine-pipelight
 whitelist ~/.wine-pipelight64
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/pipelight-silverlight5.1
-
+whitelist ~/.zotero
+whitelist ~/dwhelper
 include /etc/firejail/whitelist-common.inc
 
-# experimental features
-#private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
-#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
-# private-dev might prevent video calls going out
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+
+# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
 private-dev
+# private-dev might prevent video calls going out
+# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
 private-tmp
 
 noexec ${HOME}
-- 
cgit v1.2.3-54-g00ecf