From d88a941d52456e4cc9e3b84d08e4c85bd48a1c2d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 12 Feb 2016 17:29:07 -0500 Subject: split out terminal blacklisting in disable-terminals.inc --- etc/Mathematica.profile | 1 + etc/audacious.profile | 1 + etc/bitlbee.profile | 1 + etc/chromium.profile | 1 + etc/clementine.profile | 2 ++ etc/conkeror.profile | 1 + etc/deadbeef.profile | 1 + etc/deluge.profile | 1 + etc/disable-common.inc | 7 ------- etc/disable-terminals.inc | 7 +++++++ etc/dnscrypt-proxy.profile | 1 + etc/dropbox.profile | 1 + etc/empathy.profile | 1 + etc/evince.profile | 1 + etc/fbreader.profile | 1 + etc/filezilla.profile | 1 + etc/firefox.profile | 1 + etc/generic.profile | 1 + etc/gnome-mplayer.profile | 1 + etc/google-chrome-beta.profile | 1 + etc/google-chrome-unstable.profile | 1 + etc/google-chrome.profile | 1 + etc/hexchat.profile | 1 + etc/kmail.profile | 1 + etc/midori.profile | 1 + etc/mupen64plus.profile | 1 + etc/opera-beta.profile | 1 + etc/opera.profile | 1 + etc/parole.profile | 1 + etc/pidgin.profile | 1 + etc/qbittorrent.profile | 1 + etc/quassel.profile | 1 + etc/rhythmbox.profile | 1 + etc/rtorrent.profile | 1 + etc/seamonkey-bin.profile | 1 + etc/seamonkey.profile | 1 + etc/skype.profile | 1 + etc/steam.profile | 1 + etc/telegram.profile | 1 + etc/totem.profile | 1 + etc/transmission-gtk.profile | 1 + etc/transmission-qt.profile | 1 + etc/uget-gtk.profile | 1 + etc/unbound.profile | 2 +- etc/vlc.profile | 1 + etc/weechat.profile | 1 + etc/wine.profile | 1 + etc/xchat.profile | 1 + 48 files changed, 54 insertions(+), 8 deletions(-) create mode 100644 etc/disable-terminals.inc (limited to 'etc') diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 3b76afa0d..d1f4b1de1 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -7,6 +7,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp noroot diff --git a/etc/audacious.profile b/etc/audacious.profile index fa9cbbc52..f9a48f33c 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 4cd24fd0a..5eeddb815 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -3,6 +3,7 @@ noblacklist /sbin noblacklist /usr/sbin include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc protocol unix,inet,inet6 private private-dev diff --git a/etc/chromium.profile b/etc/chromium.profile index 35bdaa801..af2c740a8 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/chromium include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc # chromium is distributed with a perl script on Arch # include /etc/firejail/disable-devel.inc diff --git a/etc/clementine.profile b/etc/clementine.profile index e84d8f19a..c9c0ca724 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -2,7 +2,9 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/conkeror.profile b/etc/conkeror.profile index e2e55a045..09f491c61 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -3,6 +3,7 @@ noblacklist ${HOME}/.conkeror.mozdev.org include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 0d6e70a4a..35760bf13 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/deluge.profile b/etc/deluge.profile index 4f76f3666..30e9f91ad 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 46dd04bcd..d97740860 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -125,10 +125,3 @@ read-only ${HOME}/.xscreensaver # The user ~/bin directory can override commands such as ls read-only ${HOME}/bin -# disable terminals running as server -blacklist ${PATH}/lxterminal -blacklist ${PATH}/gnome-terminal -blacklist ${PATH}/gnome-terminal.wrapper -blacklist ${PATH}/xfce4-terminal -blacklist ${PATH}/xfce4-terminal.wrapper -blacklist ${PATH}/konsole diff --git a/etc/disable-terminals.inc b/etc/disable-terminals.inc new file mode 100644 index 000000000..b5ff07a61 --- /dev/null +++ b/etc/disable-terminals.inc @@ -0,0 +1,7 @@ +# disable terminals running as server +blacklist ${PATH}/lxterminal +blacklist ${PATH}/gnome-terminal +blacklist ${PATH}/gnome-terminal.wrapper +blacklist ${PATH}/xfce4-terminal +blacklist ${PATH}/xfce4-terminal.wrapper +blacklist ${PATH}/konsole diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index d13bab06b..0bc7ac78e 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -5,6 +5,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-secret.inc +include /etc/firejail/disable-terminals.inc private private-dev seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 248e3ac9e..9d2c612de 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -2,6 +2,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/empathy.profile b/etc/empathy.profile index 984bbc58e..7c96dc6fa 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.wine caps.drop all seccomp diff --git a/etc/evince.profile b/etc/evince.profile index 34d8162b3..070dc7be7 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/fbreader.profile b/etc/fbreader.profile index f94fc28df..a79f36398 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/filezilla.profile b/etc/filezilla.profile index ba8649067..1462d134e 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -5,6 +5,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.wine caps.drop all seccomp diff --git a/etc/firefox.profile b/etc/firefox.profile index fa753e028..0946ebfbe 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6,netlink diff --git a/etc/generic.profile b/etc/generic.profile index cc40ad27e..5618a555e 100644 --- a/etc/generic.profile +++ b/etc/generic.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 0a495b0b0..8062c859a 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index a50afa1cd..f6b96575e 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/google-chrome-beta include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc # chromium is distributed with a perl script on Arch # include /etc/firejail/disable-devel.inc diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index c3871905d..3054a63db 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/google-chrome-unstable include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc # chromium is distributed with a perl script on Arch # include /etc/firejail/disable-devel.inc diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 6b110593e..3d5a6ebbd 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/google-chrome include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc +include /etc/firejail/disable-terminals.inc # chromium is distributed with a perl script on Arch # include /etc/firejail/disable-devel.inc diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 61c9ac5bb..35b98fde6 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/kmail.profile b/etc/kmail.profile index 05713755e..ca29675a0 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/midori.profile b/etc/midori.profile index 77a6fb984..e46a6baa2 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index f21c35609..830531c04 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc whitelist ${HOME}/.local/share/mupen64plus/ whitelist ${HOME}/.config/mupen64plus/ noroot diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 10141615c..783e8b0ef 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc netfilter whitelist ~/.config/opera-beta whitelist ${DOWNLOADS} diff --git a/etc/opera.profile b/etc/opera.profile index 72205d7fb..dd710a8fe 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc netfilter whitelist ~/.config/opera whitelist ${DOWNLOADS} diff --git a/etc/parole.profile b/etc/parole.profile index 24181c8d6..fd49bcf07 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc private-etc passwd,group,fonts private-bin parole,dbus-launch blacklist ${HOME}/.pki/nssdb diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 3dd57b623..54bedccc8 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.wine caps.drop all seccomp diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index dd50c779e..c68eb716b 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/quassel.profile b/etc/quassel.profile index cb97d0752..e8db77973 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.wine caps.drop all seccomp diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 9fc1fcb80..3326a34ed 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index c2c0356d9..7ba5677e9 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/seamonkey-bin.profile b/etc/seamonkey-bin.profile index 6458d073f..d585c719b 100644 --- a/etc/seamonkey-bin.profile +++ b/etc/seamonkey-bin.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6,netlink diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 6458d073f..d585c719b 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6,netlink diff --git a/etc/skype.profile b/etc/skype.profile index 4d2d042cc..a33cc339d 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all netfilter noroot diff --git a/etc/steam.profile b/etc/steam.profile index 5b9244567..dc17c7a0f 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -5,6 +5,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all netfilter noroot diff --git a/etc/telegram.profile b/etc/telegram.profile index 0312a7a09..261da6397 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp diff --git a/etc/totem.profile b/etc/totem.profile index 52b9450c3..65c62695e 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index a66ab0d63..290de9445 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index ad23c62dc..6ff49e476 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 6d0c5becb..0430f12b4 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/unbound.profile b/etc/unbound.profile index aba5a9ba1..c4f009159 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -5,7 +5,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-secret.inc -private +include /etc/firejail/disable-terminals.inc private private-dev seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open diff --git a/etc/vlc.profile b/etc/vlc.profile index 37ff29308..028de0ad1 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.pki/nssdb blacklist ${HOME}/.lastpass blacklist ${HOME}/.keepassx diff --git a/etc/weechat.profile b/etc/weechat.profile index 79e3ae774..218df3b33 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -3,6 +3,7 @@ noblacklist ${HOME}/.weechat include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-secret.inc +include /etc/firejail/disable-terminals.inc caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/wine.profile b/etc/wine.profile index 8a7f66773..ae1f5d1b6 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -6,6 +6,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc caps.drop all netfilter noroot diff --git a/etc/xchat.profile b/etc/xchat.profile index 37e1371e6..be68e0add 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -4,6 +4,7 @@ include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-terminals.inc blacklist ${HOME}/.wine caps.drop all seccomp -- cgit v1.2.3-54-g00ecf