From 88972056f4eb7919f41ca9412853725e80967240 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sun, 23 Oct 2016 23:23:09 -0500 Subject: squash attempt 2 --- etc/atom-beta.profile | 2 +- etc/atom.profile | 2 +- etc/atril.profile | 2 +- etc/audacity.profile | 2 +- etc/aweather.profile | 2 +- etc/cherrytree.profile | 3 +-- etc/eog.profile | 3 +-- etc/evolution.profile | 2 +- etc/feh.profile | 6 +++--- etc/file.profile | 17 +++++++++-------- etc/filezilla.profile | 5 ++--- etc/flowblade.profile | 2 +- etc/franz.profile | 6 +++--- etc/gajim.profile | 2 +- etc/gimp.profile | 10 ++++++---- etc/git.profile | 4 ++-- etc/gpredict.profile | 2 +- etc/gwenview.profile | 5 +++-- etc/gzip.profile | 14 ++++++++------ etc/inkscape.profile | 10 ++++++---- etc/jitsi.profile | 2 +- etc/kmail.profile | 2 +- etc/less.profile | 6 ++++-- etc/luminance-hdr.profile | 14 ++++++++------ etc/okular.profile | 5 +++-- etc/pidgin.profile | 2 +- etc/pix.profile | 3 +-- etc/psi-plus.profile | 4 ++-- etc/qbittorrent.profile | 4 ++-- etc/qpdfview.profile | 2 +- etc/qtox.profile | 2 +- etc/quiterss.profile | 9 +++++---- etc/ranger.profile | 3 +-- etc/rhythmbox.profile | 2 +- etc/rtorrent.profile | 1 - etc/server.profile | 11 ++++++----- etc/slack.profile | 29 +++++++++++++++-------------- etc/strings.profile | 9 +++++---- etc/synfigstudio.profile | 6 ++++-- etc/tar.profile | 14 +++++++------- etc/telegram.profile | 1 - etc/transmission-gtk.profile | 2 +- etc/transmission-qt.profile | 5 +++-- etc/uget-gtk.profile | 13 ++++++------- etc/unrar.profile | 15 ++++++++------- etc/unzip.profile | 16 ++++++++-------- etc/uudeview.profile | 14 +++++++------- etc/vim.profile | 3 +-- etc/xpdf.profile | 9 +++------ etc/xplayer.profile | 2 +- etc/xzdec.profile | 14 ++++++++------ etc/zathura.profile | 6 +++--- 52 files changed, 171 insertions(+), 160 deletions(-) (limited to 'etc') diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 9a8d93875..fa0b316bb 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile @@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot nosound protocol unix,inet,inet6,netlink diff --git a/etc/atom.profile b/etc/atom.profile index 3cb86847e..61930d5c1 100644 --- a/etc/atom.profile +++ b/etc/atom.profile @@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot nosound protocol unix,inet,inet6,netlink diff --git a/etc/atril.profile b/etc/atril.profile index d9e10b072..fbcca0c1b 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -nonewprivs nogroups +nonewprivs noroot nosound protocol unix diff --git a/etc/audacity.profile b/etc/audacity.profile index be3fac9be..827fa4301 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -8,8 +8,8 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix seccomp diff --git a/etc/aweather.profile b/etc/aweather.profile index 4e5c36f50..fa8654f1e 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -11,8 +11,8 @@ whitelist ~/.config/aweather caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot nosound protocol unix,inet,inet6 diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index ec6d0d69d..139dec8ec 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -9,11 +9,10 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot nosound seccomp protocol unix,inet,inet6,netlink tracelog - - diff --git a/etc/eog.profile b/etc/eog.profile index 32b54a042..7eb7fd127 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -9,9 +9,9 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot -nogroups protocol unix seccomp shell none @@ -20,4 +20,3 @@ private-bin eog private-dev private-etc fonts private-tmp - diff --git a/etc/evolution.profile b/etc/evolution.profile index cf581643d..d097c0f34 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -14,9 +14,9 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot -nogroups protocol unix,inet,inet6 seccomp shell none diff --git a/etc/feh.profile b/etc/feh.profile index 5fcb6bf25..e3b1ec528 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -5,14 +5,14 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -seccomp -protocol unix netfilter net none +nogroups nonewprivs noroot -nogroups nosound +protocol unix +seccomp shell none private-bin feh diff --git a/etc/file.profile b/etc/file.profile index 2e54030b1..199a97fad 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -1,16 +1,17 @@ # file profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog +blacklist /tmp/.X11-unix + +hostname file net none +no3d +nosound +quiet shell none +tracelog + +private-dev private-bin file private-etc magic.mgc,magic,localtime -hostname file -private-dev -nosound -no3d -blacklist /tmp/.X11-unix - diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 551c17a78..fe1d9d20d 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -13,10 +13,9 @@ noroot nosound protocol unix,inet,inet6 seccomp - shell none + private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp -whitelist /tmp/.X11-unix private-dev -nosound +whitelist /tmp/.X11-unix diff --git a/etc/flowblade.profile b/etc/flowblade.profile index e1ec291bd..12afdb0aa 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -1,4 +1,4 @@ -# OpenShot profile +# FlowBlade profile noblacklist ${HOME}/.flowblade noblacklist ${HOME}/.config/flowblade include /etc/firejail/disable-common.inc diff --git a/etc/franz.profile b/etc/franz.profile index 3cb7942ab..0b3be551b 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -6,12 +6,12 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc caps.drop all -seccomp -protocol unix,inet,inet6,netlink netfilter -#tracelog nonewprivs noroot +protocol unix,inet,inet6,netlink +seccomp +#tracelog whitelist ${DOWNLOADS} mkdir ~/.config/Franz diff --git a/etc/gajim.profile b/etc/gajim.profile index 04902a734..809378ef9 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -22,8 +22,8 @@ include /etc/firejail/disable-devel.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6 seccomp diff --git a/etc/gimp.profile b/etc/gimp.profile index 23361b771..cb441fc9d 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -6,13 +6,15 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot +nosound protocol unix seccomp -private-dev -private-tmp + noexec ${HOME} noexec /tmp -nogroups -nosound + +private-dev +private-tmp diff --git a/etc/git.profile b/etc/git.profile index 2fb55377d..73122d347 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -12,15 +12,15 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc -quiet caps.drop all netfilter +nogroups nonewprivs noroot -nogroups nosound protocol unix,inet,inet6 +quiet seccomp shell none diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 353ecceae..0cc6c416b 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -11,8 +11,8 @@ whitelist ~/.config/Gpredict caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot nosound protocol unix,inet,inet6 diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 67f10c4e1..c866c9e63 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -7,14 +7,15 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +nogroups nonewprivs noroot -nogroups -private-dev protocol unix seccomp nosound +private-dev + #Experimental: #shell none #private-bin gwenview diff --git a/etc/gzip.profile b/etc/gzip.profile index 5e73969c4..d51b9a951 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -1,12 +1,14 @@ # gzip profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog -net none -shell none + blacklist /tmp/.X11-unix -private-dev -nosound + +net none no3d +nosound +quiet +shell none +tracelog +private-dev diff --git a/etc/inkscape.profile b/etc/inkscape.profile index cf885fba2..a0e86b6c9 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -6,13 +6,15 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot +nosound protocol unix seccomp -private-dev -private-tmp + noexec ${HOME} noexec /tmp -nogroups -nosound + +private-dev +private-tmp diff --git a/etc/jitsi.profile b/etc/jitsi.profile index c61158f8b..046499abe 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -6,8 +6,8 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6 seccomp diff --git a/etc/kmail.profile b/etc/kmail.profile index 8c8fd18c4..bc21ba604 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -8,8 +8,8 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6,netlink seccomp diff --git a/etc/less.profile b/etc/less.profile index 6dfae027e..08758aead 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -2,8 +2,10 @@ quiet ignore noroot include /etc/firejail/default.profile -tracelog + net none +nosound shell none +tracelog + private-dev -nosound diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 6e059ea52..76e864e0c 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -5,17 +5,19 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +ipc-namespace netfilter -protocol unix +nogroups nonewprivs noroot +nosound +protocol unix seccomp shell none tracelog -private-tmp -private-dev + noexec ${HOME} noexec /tmp -nogroups -nosound -ipc-namespace + +private-tmp +private-dev diff --git a/etc/okular.profile b/etc/okular.profile index df142ccfc..b43a5fbea 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -9,14 +9,15 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -nonewprivs nogroups +nonewprivs noroot -private-dev protocol unix seccomp nosound +private-dev + #Experimental: #net none #shell none diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 47be2b6ea..850706145 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -8,8 +8,8 @@ include /etc/firejail/disable-programs.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6 seccomp diff --git a/etc/pix.profile b/etc/pix.profile index 80c05fd09..e21ddadc6 100644 --- a/etc/pix.profile +++ b/etc/pix.profile @@ -8,8 +8,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -nonewprivs nogroups +nonewprivs noroot nosound protocol unix @@ -20,4 +20,3 @@ tracelog private-bin pix whitelist /tmp/.X11-unix private-dev - diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 22c5bafc5..a9323448b 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -14,10 +14,10 @@ whitelist ~/.local/share/psi+ mkdir ~/.cache/psi+ whitelist ~/.cache/psi+ -include /etc/firejail/whitelist-common.inc - caps.drop all netfilter noroot protocol unix,inet,inet6 seccomp + +include /etc/firejail/whitelist-common.inc diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 138b6db55..67829c9ca 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -15,6 +15,6 @@ seccomp # there are some problems with "Open destination folder", see bug #536 #shell none #private-bin qbittorrent -whitelist /tmp/.X11-unix private-dev -nosound + +whitelist /tmp/.X11-unix diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 07ea173e6..06c0db206 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile @@ -18,5 +18,5 @@ shell none tracelog private-bin qpdfview -private-tmp private-dev +private-tmp diff --git a/etc/qtox.profile b/etc/qtox.profile index 927487037..81d8aa10e 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -11,8 +11,8 @@ whitelist ${DOWNLOADS} caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6 seccomp diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 2ab5d8a8e..2b28fce73 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -14,16 +14,17 @@ whitelist ${HOME}/.cache/QuiteRss caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot -private-bin quiterss -private-dev nosound -#private-etc X11,ssl protocol unix,inet,inet6 seccomp shell none tracelog +private-bin quiterss +private-dev +#private-etc X11,ssl + include /etc/firejail/whitelist-common.inc diff --git a/etc/ranger.profile b/etc/ranger.profile index a040cd6bc..323e64dee 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -12,13 +12,12 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter net none +nogroups nonewprivs noroot -nogroups protocol unix seccomp nosound private-tmp private-dev - diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 0e8527ae7..e5e192486 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -5,8 +5,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -nogroups netfilter +nogroups nonewprivs noroot protocol unix,inet,inet6 diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 15df2c374..1226a51cd 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -16,4 +16,3 @@ shell none private-bin rtorrent whitelist /tmp/.X11-unix private-dev -nosound diff --git a/etc/server.profile b/etc/server.profile index 22cef0a3c..b8a34feb2 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -6,11 +6,12 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc -private -private-dev -nosound -no3d -private-tmp blacklist /tmp/.X11-unix + +no3d +nosound seccomp +private +private-dev +private-tmp diff --git a/etc/slack.profile b/etc/slack.profile index 1009f7ee0..a85a28f03 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -1,3 +1,4 @@ +# Firejail profile for Slack noblacklist ${HOME}/.config/Slack noblacklist ${HOME}/Downloads @@ -6,25 +7,25 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -mkdir ${HOME}/.config -mkdir ${HOME}/.config/Slack -whitelist ${HOME}/.config/Slack -whitelist ${HOME}/Downloads - -protocol unix,inet,inet6,netlink -private-dev -private-tmp -private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime -name slack blacklist /var -include /etc/firejail/whitelist-common.inc - caps.drop all -seccomp +name slack netfilter -nonewprivs nogroups +nonewprivs noroot +protocol unix,inet,inet6,netlink +seccomp shell none + private-bin slack +private-dev +private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime +private-tmp + +mkdir ${HOME}/.config +mkdir ${HOME}/.config/Slack +whitelist ${HOME}/.config/Slack +whitelist ${HOME}/Downloads +include /etc/firejail/whitelist-common.inc diff --git a/etc/strings.profile b/etc/strings.profile index f99a65009..7c464bf88 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -1,10 +1,11 @@ # strings profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog + net none -shell none -private-dev nosound +quiet +shell none +tracelog +private-dev diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index d46467b99..69b2a0db2 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -11,7 +11,9 @@ nonewprivs noroot protocol unix seccomp -private-dev -private-tmp + noexec ${HOME} noexec /tmp + +private-dev +private-tmp diff --git a/etc/tar.profile b/etc/tar.profile index 663ac3805..91fdaf48d 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -1,18 +1,18 @@ # tar profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog +blacklist /tmp/.X11-unix + +hostname tar net none +no3d +nosound +quiet shell none +tracelog # support compressed archives private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop private-dev -nosound -no3d private-etc passwd,group,localtime -hostname tar -blacklist /tmp/.X11-unix - diff --git a/etc/telegram.profile b/etc/telegram.profile index 8e91e426b..7615c8eef 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -10,4 +10,3 @@ nonewprivs noroot protocol unix,inet,inet6 seccomp - diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0cfa4fcfc..316cdfec6 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -18,6 +18,6 @@ shell none tracelog private-bin transmission-gtk -whitelist /tmp/.X11-unix private-dev +whitelist /tmp/.X11-unix diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 754211a63..51c58e224 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -14,9 +14,10 @@ noroot nosound protocol unix,inet,inet6 seccomp +shell none tracelog -shell none private-bin transmission-qt -whitelist /tmp/.X11-unix private-dev + +whitelist /tmp/.X11-unix diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 522b4bd1e..f42e6c69a 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -9,17 +9,16 @@ caps.drop all netfilter nonewprivs noroot +nosound protocol unix,inet,inet6 seccomp +shell none +private-bin uget-gtk +private-dev + +whitelist /tmp/.X11-unix whitelist ${DOWNLOADS} mkdir ~/.config/uGet whitelist ~/.config/uGet include /etc/firejail/whitelist-common.inc - -shell none -private-bin uget-gtk -whitelist /tmp/.X11-unix -private-dev -nosound - diff --git a/etc/unrar.profile b/etc/unrar.profile index f29d1b51b..0700cafe9 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -1,17 +1,18 @@ # unrar profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog +blacklist /tmp/.X11-unix + +hostname unrar net none +no3d +nosound +quiet shell none +tracelog + private-bin unrar private-dev -nosound -no3d private-etc passwd,group,localtime -hostname unrar private-tmp -blacklist /tmp/.X11-unix - diff --git a/etc/unzip.profile b/etc/unzip.profile index 07224855f..a43785795 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -1,16 +1,16 @@ # unzip profile -quiet ignore noroot include /etc/firejail/default.profile +blacklist /tmp/.X11-unix -tracelog +hostname unzip net none +no3d +nosound +quiet shell none +tracelog + private-bin unzip -private-etc passwd,group,localtime -hostname unzip private-dev -nosound -no3d -blacklist /tmp/.X11-unix - +private-etc passwd,group,localtime diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 8ea9d5163..5ba0896ab 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -1,15 +1,15 @@ # uudeview profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog +blacklist /etc + +hostname uudeview net none +nosound +quiet shell none +tracelog + private-bin uudeview private-dev -private-etc nonexisting_fakefile_for_empty_etc -hostname uudeview -nosound -uudeview - diff --git a/etc/vim.profile b/etc/vim.profile index 3c1fefe41..b161fcbb0 100644 --- a/etc/vim.profile +++ b/etc/vim.profile @@ -1,5 +1,4 @@ # vim profile - noblacklist ~/.vim noblacklist ~/.vimrc noblacklist ~/.viminfo @@ -10,8 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nogroups nonewprivs noroot -nogroups protocol unix,inet,inet6 seccomp diff --git a/etc/xpdf.profile b/etc/xpdf.profile index e036fba21..7ea368bbe 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -7,15 +7,12 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -shell none +net none nonewprivs noroot protocol unix +shell none seccomp + private-dev private-tmp -net none - - - - diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 54d5ed89b..191d2f67f 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -9,8 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter -nonewprivs nogroups +nonewprivs noroot protocol unix,inet,inet6 seccomp diff --git a/etc/xzdec.profile b/etc/xzdec.profile index a9d027c38..04f98cef6 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -1,12 +1,14 @@ # xzdec profile -quiet ignore noroot include /etc/firejail/default.profile -tracelog -net none -shell none + blacklist /tmp/.X11-unix -private-dev -nosound + +net none no3d +nosound +quiet +shell none +tracelog +private-dev diff --git a/etc/zathura.profile b/etc/zathura.profile index 7093c52b2..ab2e99dbc 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -7,14 +7,14 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -seccomp -protocol unix netfilter +nogroups nonewprivs noroot -nogroups nosound shell none +seccomp +protocol unix private-bin zathura private-dev -- cgit v1.2.3-54-g00ecf