From ae4de575327be1f8ba8bc668622932c0c0fdfe0c Mon Sep 17 00:00:00 2001 From: hawkeye116477 Date: Tue, 30 May 2017 21:31:39 +0200 Subject: Update profile for Cyberfox --- etc/cyberfox.profile | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'etc/cyberfox.profile') diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 068131d25..c237e33ff 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -8,17 +8,25 @@ include /etc/firejail/cyberfox.local # Firejail profile for Cyberfox (based on Mozilla Firefox) noblacklist ~/.8pecxstudios noblacklist ~/.cache/8pecxstudios +noblacklist ~/.config/qpdfview +noblacklist ~/.local/share/qpdfview +noblacklist ~/.kde4/share/apps/okular +noblacklist ~/.kde/share/apps/okular +noblacklist ~/.local/share/okular noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc caps.drop all +# ipc-namespace crashes cyberfox on some setups netfilter +nogroups nonewprivs noroot protocol unix,inet,inet6,netlink seccomp +shell none tracelog whitelist ${DOWNLOADS} @@ -35,8 +43,14 @@ whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer whitelist ~/.cache/gnome-mplayer/plugin +mkdir ~/.pki whitelist ~/.pki whitelist ~/.lastpass +whitelist ~/.config/qpdfview +whitelist ~/.local/share/qpdfview +whitelist ~/.kde4/share/apps/okular +whitelist ~/.kde/share/apps/okular +whitelist ~/.local/share/okular # silverlight whitelist ~/.wine-pipelight @@ -47,4 +61,11 @@ whitelist ~/.config/pipelight-silverlight5.1 include /etc/firejail/whitelist-common.inc # experimental features -#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse +#private-bin cyberfox,which,sh,dbus-launch,dbus-send,env +#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse +# private-dev might prevent video calls going out +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf