From d9a524ca72eda49c7993b39bec565aac2dbe9fab Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 11 Feb 2018 19:19:43 -0500 Subject: Further unify private-etc in Firefox-based browsers --- etc/abrowser.profile | 3 ++- etc/cliqz.profile | 3 ++- etc/cyberfox.profile | 3 ++- etc/firefox-common.profile | 2 ++ etc/firefox.profile | 6 +++--- etc/icecat.profile | 3 ++- etc/iceweasel.profile | 2 ++ etc/palemoon.profile | 7 ++++--- etc/waterfox.profile | 5 +++-- 9 files changed, 22 insertions(+), 12 deletions(-) (limited to 'etc') diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 01f60b559..d757d6f49 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -13,7 +13,8 @@ mkdir ${HOME}/.mozilla whitelist ${HOME}/.cache/mozilla/abrowser whitelist ${HOME}/.mozilla -# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,abrowser,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies +# private-etc must first be enabled in firefox-common.profile +#private-etc abrowser # Redirect diff --git a/etc/cliqz.profile b/etc/cliqz.profile index b4e299337..4ff96311d 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile @@ -13,7 +13,8 @@ mkdir ${HOME}/.config/cliqz whitelist ${HOME}/.cache/cliqz whitelist ${HOME}/.config/cliqz -# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,cliqz,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies +# private-etc must first be enabled in firefox-common.profile +#private-etc cliqz # Redirect include /etc/firejail/firefox-common.profile diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index be9e62123..ce51906ba 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -14,7 +14,8 @@ whitelist ${HOME}/.8pecxstudios whitelist ${HOME}/.cache/8pecxstudios # private-bin cyberfox,which,sh,dbus-launch,dbus-send,env -# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse +# private-etc must first be enabled in firefox-common.profile +#private-etc cyberfox # Redirect include /etc/firejail/firefox-common.profile diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 33d522353..0c4271edc 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile @@ -36,6 +36,8 @@ tracelog disable-mnt private-dev +# private-etc below works fine on most distributions. There are some problems on CentOS. +#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/firefox.profile b/etc/firefox.profile index 15ca094f1..0ab6a6141 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -14,9 +14,9 @@ whitelist ${HOME}/.cache/mozilla/firefox whitelist ${HOME}/.mozilla # firefox requires a shell to launch on Arch. -# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash -# private-etc below works fine on most distributions. There are some problems on CentOS. -# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies +#private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash +# private-etc must first be enabled in firefox-common.profile +#private-etc firefox # Redirect include /etc/firejail/firefox-common.profile diff --git a/etc/icecat.profile b/etc/icecat.profile index 1470d4b12..42e762c21 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -13,7 +13,8 @@ mkdir ${HOME}/.mozilla whitelist ${HOME}/.cache/mozilla/icecat whitelist ${HOME}/.mozilla -# private-etc icecat,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies +# private-etc must first be enabled in firefox-common.profile +#private-etc icecat # Redirect include /etc/firejail/firefox-common.profile diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile index f6b57dde0..51f15aa1b 100644 --- a/etc/iceweasel.profile +++ b/etc/iceweasel.profile @@ -5,6 +5,8 @@ include /etc/firejail/iceweasel.local # Persistent global definitions include /etc/firejail/globals.local +# private-etc must first be enabled in firefox-common.profile +#private-etc iceweasel # Redirect include /etc/firejail/firefox.profile diff --git a/etc/palemoon.profile b/etc/palemoon.profile index e59f20e9d..ff7087e55 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -13,9 +13,10 @@ mkdir ${HOME}/.moonchild productions whitelist ${HOME}/.cache/moonchild productions/pale moon whitelist ${HOME}/.moonchild productions -# private-bin palemoon -# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,palemoon,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies -# private-opt palemoon +#private-bin palemoon +# private-etc must first be enabled in firefox-common.profile +#private-etc palemoon +#private-opt palemoon # Redirect include /etc/firejail/firefox-common.profile diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 521295dfa..fdd299bbf 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile @@ -20,8 +20,9 @@ whitelist ${HOME}/.mozilla whitelist ${HOME}/.waterfox # waterfox requires a shell to launch on Arch. We can possibly remove sh though. -# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash -# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies +#private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash +# private-etc must first be enabled in firefox-common.profile +#private-etc waterfox # Redirect include /etc/firejail/firefox-common.profile -- cgit v1.2.3-70-g09d2