From 5ab0edfe04711f55237a39e96f8a1ee8ebc701ba Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 12 Nov 2019 15:50:23 +0100
Subject: blacklist .fscrypt directories

---
 etc/disable-common.inc | 3 +++
 etc/firejail-default   | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'etc')

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 96957eeaf..b2837b443 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -315,6 +315,7 @@ blacklist ${HOME}/.config/keybase
 blacklist ${HOME}/.davfs2/secrets
 blacklist ${HOME}/.ecryptfs
 blacklist ${HOME}/.fetchmailrc
+blacklist ${HOME}/.fscrypt
 blacklist ${HOME}/.git-credential-cache
 blacklist ${HOME}/.git-credentials
 blacklist ${HOME}/.gnome2/keyrings
@@ -335,6 +336,7 @@ blacklist ${HOME}/.local/share/pki
 blacklist ${HOME}/.smbcredentials
 blacklist ${HOME}/.ssh
 blacklist ${HOME}/.vaults
+blacklist /.fscrypt
 blacklist /etc/davfs2/secrets
 blacklist /etc/group+
 blacklist /etc/group-
@@ -348,6 +350,7 @@ blacklist /etc/shadow+
 blacklist /etc/shadow-
 blacklist /etc/ssh
 blacklist /home/.ecryptfs
+blacklist /home/.fscrypt
 blacklist /var/backup
 
 # cloud provider configuration
diff --git a/etc/firejail-default b/etc/firejail-default
index e7831e145..56fce654c 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -97,6 +97,9 @@ deny /proc/@{PID}/oom_score_adj w,
 # Common backup directory
 deny /**/.snapshots/ rwx,
 
+# fscrypt
+deny /**/.fscrypt/ rwx,
+
 ##########
 # Allow all networking functionality, and control it from Firejail.
 ##########
-- 
cgit v1.2.3-54-g00ecf