From c0bb67f66a9b39b77441d21def5a28361ae9aa4e Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 4 Oct 2017 08:30:02 -0400 Subject: whitelist /var --- etc/gedit.profile | 2 ++ etc/gnome-2048.profile | 2 ++ etc/gnome-books.profile | 2 ++ etc/gnome-chess.profile | 2 ++ etc/gnome-clocks.profile | 2 ++ etc/gnome-contacts.profile | 4 +++- etc/gnome-font-viewer.profile | 2 ++ etc/gnome-maps.profile | 2 ++ etc/gnome-music.profile | 2 ++ etc/gnome-photos.profile | 2 ++ etc/gnome-weather.profile | 2 ++ etc/rhythmbox.profile | 2 ++ etc/totem.profile | 2 ++ 13 files changed, 27 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/gedit.profile b/etc/gedit.profile index e17d94da0..928006d08 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -15,6 +15,8 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all # net none - makes settings immutable no3d diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index b07015173..a292633c3 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + mkdir ${HOME}/.local/share/gnome-2048 whitelist ${HOME}/.local/share/gnome-2048 include /etc/firejail/whitelist-common.inc diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 5c1d5f137..6998a3a42 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -14,6 +14,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter no3d diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 688df6dfe..4caf971dd 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all no3d nodvd diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index d9bac48eb..be294ae9a 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter no3d diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 90c2c2628..3a3808e56 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile @@ -12,6 +12,8 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc include /etc/firejail/whitelist-common.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter no3d @@ -21,7 +23,7 @@ noroot nosound notv novideo -protocol unix,inet,inet6 +protocol unix,inet,inet6,netlink seccomp disable-mnt diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index 5ccb28840..cca0313cc 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile @@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter no3d diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index cdbf5cbe0..b1030597c 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile @@ -14,6 +14,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter nodvd diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index d3c61d9b4..d1ef20e6b 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter no3d diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 0e150f525..f9be4c4de 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -14,6 +14,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter nodvd diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 4ddbbbde2..e5804687c 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -14,6 +14,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter no3d diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index bcd72be9a..9401f6681 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter # no3d diff --git a/etc/totem.profile b/etc/totem.profile index a364e4c02..ccf292da0 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter nogroups -- cgit v1.2.3-70-g09d2