github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-16 14:16:16 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

Merge branch 'master' of github.com:netblue30/firejail

Browse source
This commit is contained in:
rusty-snake 2019-04-24 13:15:07 +02:00
commit 0d42e12f11
No known key found for this signature in database
GPG key ID: CE890C49EE1373C1
16 changed files with 16 additions and 1401 deletions
Download patch file Download diff file Expand all files Collapse all files

44
etc/android-studio.profile
View file

@ -1,43 +1 @@
# Firejail profile for android-studio
# This file is overwritten after every install/update
# Persistent local customizations
include android-studio.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.AndroidStudio*
noblacklist ${HOME}/.android
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.gradle
noblacklist ${HOME}/.jack-server
noblacklist ${HOME}/.jack-settings
noblacklist ${HOME}/.java
noblacklist ${HOME}/.local/share/JetBrains
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.tooling
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
include whitelist-var-common.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
# private-tmp
# noexec /tmp breaks 'Android Profiler'
#noexec /tmp
]0;firejail /usr/bin/meld ./etc/android-studio_LOCAL_29017.profile ./etc/android-studio_BASE_29017.profile ./etc/android-studio_REMOTE_29017.profile 

46
etc/aosp.profile
View file

@ -1,45 +1 @@
# Firejail profile for aosp
# This file is overwritten after every install/update
# Persistent local customizations
include aosp.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.android
noblacklist ${HOME}/.bash_history
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.gradle
noblacklist ${HOME}/.jack-server
noblacklist ${HOME}/.jack-settings
noblacklist ${HOME}/.java
noblacklist ${HOME}/.repo_.gitconfig.json
noblacklist ${HOME}/.repoconfig
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.tooling
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
include whitelist-var-common.inc
caps.drop all
ipc-namespace
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
#seccomp
shell none
private-tmp
]0;firejail /usr/bin/meld ./etc/aosp_LOCAL_29017.profile ./etc/aosp_BASE_29017.profile ./etc/aosp_REMOTE_29017.profile 

42
etc/atom.profile
View file

@ -1,41 +1 @@
# Firejail profile for atom
# Description: A hackable text editor for the 21st Century
# This file is overwritten after every install/update
# Persistent local customizations
include atom.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.atom
noblacklist ${HOME}/.config/Atom
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.cargo/config
noblacklist ${HOME}/.cargo/registry
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.pythonrc.py
include disable-common.inc
include disable-exec.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
# net none
netfilter
nodbus
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
shell none
private-cache
private-dev
private-tmp
]0;firejail /usr/bin/meld ./etc/atom_LOCAL_29017.profile ./etc/atom_BASE_29017.profile ./etc/atom_REMOTE_29017.profile 

39
etc/brackets.profile
View file

@ -1,38 +1 @@
# Firejail profile for brackets
# This file is overwritten after every install/update
# Persistent local customizations
include brackets.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/Brackets
#noblacklist /opt/brackets/
#noblacklist /opt/google/
# Uncomment the the next two lines if you are developing rust.
# or put it in your brackets.local
#noblacklist ${HOME}/.cargo/config
#noblacklist ${HOME}/.cargo/registry
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
shell none
private-cache
private-dev
]0;firejail /usr/bin/meld ./etc/brackets_LOCAL_29017.profile ./etc/brackets_BASE_29017.profile ./etc/brackets_REMOTE_29017.profile 

39
etc/clion.profile
View file

@ -1,38 +1 @@
# Firejail profile for CLion
# This file is overwritten after every install/update
# Persistent local customizations
include clion.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.CLion*
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.java
noblacklist ${HOME}/.local/share/JetBrains
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.tooling
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
private-dev
# private-tmp
noexec /tmp
]0;firejail /usr/bin/meld ./etc/clion_LOCAL_29017.profile ./etc/clion_BASE_29017.profile ./etc/clion_REMOTE_29017.profile 

47
etc/code.profile
View file

@ -1,46 +1 @@
# Firejail profile for Visual Studio Code
# This file is overwritten after every install/update
# Persistent local customizations
include code.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.cargo/config
noblacklist ${HOME}/.cargo/registry
noblacklist ${HOME}/.config/Code
noblacklist ${HOME}/.config/Code - OSS
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.pythonrc.py
noblacklist ${HOME}/.vscode
noblacklist ${HOME}/.vscode-oss
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
net none
netfilter
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
shell none
private-cache
private-dev
private-tmp
# Disabling noexec ${HOME} for now since it will
# probably interfere with running some programmes
# in VS Code
# noexec ${HOME}
noexec /tmp
]0;firejail /usr/bin/meld ./etc/code_LOCAL_29017.profile ./etc/code_BASE_29017.profile ./etc/code_REMOTE_29017.profile 

738
etc/disable-programs.inc
View file

@ -1,737 +1 @@
# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include disable-programs.local
blacklist ${HOME}/Arduino
blacklist ${HOME}/Monero/wallets
blacklist ${HOME}/Nextcloud/Notes
blacklist ${HOME}/SoftMaker
blacklist ${HOME}/Standard Notes Backups
blacklist ${HOME}/wallet.dat
blacklist ${HOME}/.*coin
blacklist ${HOME}/.8pecxstudios
blacklist ${HOME}/.AndroidStudio*
blacklist ${HOME}/.Atom
blacklist ${HOME}/.CLion*
blacklist ${HOME}/.FBReader
blacklist ${HOME}/.FontForge
blacklist ${HOME}/.IdeaIC*
blacklist ${HOME}/.LuminanceHDR
blacklist ${HOME}/.Mathematica
blacklist ${HOME}/.Natron
blacklist ${HOME}/.PlayOnLinux
blacklist ${HOME}/.PyCharm*
blacklist ${HOME}/.Sayonara
blacklist ${HOME}/.Skype
blacklist ${HOME}/.Steam
blacklist ${HOME}/.Steampath
blacklist ${HOME}/.Steampid
blacklist ${HOME}/.TelegramDesktop
blacklist ${HOME}/.ViberPC
blacklist ${HOME}/.VirtualBox
blacklist ${HOME}/.VSCodium
blacklist ${HOME}/.WebStorm*
blacklist ${HOME}/.Wolfram Research
blacklist ${HOME}/.ZAP
blacklist ${HOME}/.aMule
blacklist ${HOME}/.android
blacklist ${HOME}/.anydesk
blacklist ${HOME}/.arduino15
blacklist ${HOME}/.aria2
blacklist ${HOME}/.arm
blacklist ${HOME}/.asunder_album_artist
blacklist ${HOME}/.asunder_album_genre
blacklist ${HOME}/.asunder_album_title
blacklist ${HOME}/.atom
blacklist ${HOME}/.attic
blacklist ${HOME}/.audacity-data
blacklist ${HOME}/.bcast5
blacklist ${HOME}/.bibletime
blacklist ${HOME}/.bitcoin
blacklist ${HOME}/.bogofilter
blacklist ${HOME}/.bzf
blacklist ${HOME}/.claws-mail
blacklist ${HOME}/.cliqz
blacklist ${HOME}/.clonk
blacklist ${HOME}/.config/0ad
blacklist ${HOME}/.config/2048-qt
blacklist ${HOME}/.config/Atom
blacklist ${HOME}/.config/Audaciousrc
blacklist ${HOME}/.config/Authenticator
blacklist ${HOME}/.config/Beaker Browser
blacklist ${HOME}/.config/Bitcoin
blacklist ${HOME}/.config/Brackets
blacklist ${HOME}/.config/BraveSoftware
blacklist ${HOME}/.config/Clementine
blacklist ${HOME}/.config/Code
blacklist ${HOME}/.config/Code - OSS
blacklist ${HOME}/.config/Code Industry
blacklist ${HOME}/.config/Cryptocat
blacklist ${HOME}/.config/Enox
blacklist ${HOME}/.config/Franz
blacklist ${HOME}/.config/FreeCAD
blacklist ${HOME}/.config/Fritzing
blacklist ${HOME}/.config/GIMP
blacklist ${HOME}/.config/GitHub Desktop
blacklist ${HOME}/.config/Gitter
blacklist ${HOME}/.config/Google
blacklist ${HOME}/.config/Google Play Music Desktop Player
blacklist ${HOME}/.config/Gpredict
blacklist ${HOME}/.config/INRIA
blacklist ${HOME}/.config/InSilmaril
blacklist ${HOME}/.config/Kid3
blacklist ${HOME}/.config/Luminance
blacklist ${HOME}/.config/Meltytech
blacklist ${HOME}/.config/Mendeley Ltd.
blacklist ${HOME}/.config/Min
blacklist ${HOME}/.config/Mousepad
blacklist ${HOME}/.config/Mumble
blacklist ${HOME}/.config/MusE
blacklist ${HOME}/.config/MuseScore
blacklist ${HOME}/.config/MusicBrainz
blacklist ${HOME}/.config/Nathan Osman
blacklist ${HOME}/.config/Nylas Mail
blacklist ${HOME}/.config/PBE
blacklist ${HOME}/.config/Qlipper
blacklist ${HOME}/.config/QMediathekView
blacklist ${HOME}/.config/QuiteRss
blacklist ${HOME}/.config/QuiteRssrc
blacklist ${HOME}/.config/Rambox
blacklist ${HOME}/.config/Riot
blacklist ${HOME}/.config/Rocket.Chat
blacklist ${HOME}/.config/Signal
blacklist ${HOME}/.config/Slack
blacklist ${HOME}/.config/Standard Notes
blacklist ${HOME}/.config/SubDownloader
blacklist ${HOME}/.config/Thunar
blacklist ${HOME}/.config/VirtualBox
blacklist ${HOME}/.config/Wire
blacklist ${HOME}/.config/akonadi*
blacklist ${HOME}/.config/akregatorrc
blacklist ${HOME}/.config/ardour4
blacklist ${HOME}/.config/ardour5
blacklist ${HOME}/.config/arkrc
blacklist ${HOME}/.config/artha.conf
blacklist ${HOME}/.config/asunder
blacklist ${HOME}/.config/atril
blacklist ${HOME}/.config/audacious
blacklist ${HOME}/.config/aweather
blacklist ${HOME}/.config/baloofilerc
blacklist ${HOME}/.config/baloorc
blacklist ${HOME}/.config/blender
blacklist ${HOME}/.config/bless
blacklist ${HOME}/.config/bnox
blacklist ${HOME}/.config/borg
blacklist ${HOME}/.config/brasero
blacklist ${HOME}/.config/brave
blacklist ${HOME}/.config/caja
blacklist ${HOME}/.config/calibre
blacklist ${HOME}/.config/catfish
blacklist ${HOME}/.config/celluloid
blacklist ${HOME}/.config/cherrytree
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/chromium-dev
blacklist ${HOME}/.config/chromium-flags.conf
blacklist ${HOME}/.config/clipit
blacklist ${HOME}/.config/cliqz
blacklist ${HOME}/.config/cmus
blacklist ${HOME}/.config/corebird
blacklist ${HOME}/.config/darktable
blacklist ${HOME}/.config/deadbeef
blacklist ${HOME}/.config/deluge
blacklist ${HOME}/.config/devilspie2
blacklist ${HOME}/.config/digikam
blacklist ${HOME}/.config/digikamrc
blacklist ${HOME}/.config/discord
blacklist ${HOME}/.config/discordcanary
blacklist ${HOME}/.config/dnox
blacklist ${HOME}/.config/dolphinrc
blacklist ${HOME}/.config/dragonplayerrc
blacklist ${HOME}/.config/d-feet
blacklist ${HOME}/.config/emaildefaults
blacklist ${HOME}/.config/emailidentities
blacklist ${HOME}/.config/enchant
blacklist ${HOME}/.config/eog
blacklist ${HOME}/.config/epiphany
blacklist ${HOME}/.config/evince
blacklist ${HOME}/.config/evolution
blacklist ${HOME}/.config/falkon
blacklist ${HOME}/.config/filezilla
blacklist ${HOME}/.config/flowblade
blacklist ${HOME}/.config/font-manager
blacklist ${HOME}/.config/freecol
blacklist ${HOME}/.config/gajim
blacklist ${HOME}/.config/galculator
blacklist ${HOME}/.config/gconf
blacklist ${HOME}/.config/geany
blacklist ${HOME}/.config/gedit
blacklist ${HOME}/.config/geeqie
blacklist ${HOME}/.config/ghb
blacklist ${HOME}/.config/ghostwriter
blacklist ${HOME}/.config/git
blacklist ${HOME}/.config/globaltime
blacklist ${HOME}/.config/gnome-mplayer
blacklist ${HOME}/.config/gnome-mpv
blacklist ${HOME}/.config/gnome-pie
blacklist ${HOME}/.config/google-chrome
blacklist ${HOME}/.config/google-chrome-beta
blacklist ${HOME}/.config/google-chrome-unstable
blacklist ${HOME}/.config/gpicview
blacklist ${HOME}/.config/gthumb
blacklist ${HOME}/.config/gwenviewrc
blacklist ${HOME}/.config/hexchat
blacklist ${HOME}/.config/inkscape
blacklist ${HOME}/.config/inox
blacklist ${HOME}/.config/iridium
blacklist ${HOME}/.config/itch
blacklist ${HOME}/.config/jd-gui.cfg
blacklist ${HOME}/.config/k3brc
blacklist ${HOME}/.config/kaffeinerc
blacklist ${HOME}/.config/katemetainfos
blacklist ${HOME}/.config/katepartrc
blacklist ${HOME}/.config/katerc
blacklist ${HOME}/.config/kateschemarc
blacklist ${HOME}/.config/katesyntaxhighlightingrc
blacklist ${HOME}/.config/katevirc
blacklist ${HOME}/.config/kdenliverc
blacklist ${HOME}/.config/kgetrc
blacklist ${HOME}/.config/kid3rc
blacklist ${HOME}/.config/klavaro
blacklist ${HOME}/.config/klipperrc
blacklist ${HOME}/.config/kmail2rc
blacklist ${HOME}/.config/kmailsearchindexingrc
blacklist ${HOME}/.config/kritarc
blacklist ${HOME}/.config/kwriterc
blacklist ${HOME}/.config/kdeconnect
blacklist ${HOME}/.config/knotesrc
blacklist ${HOME}/.config/konversationrc
blacklist ${HOME}/.config/ktorrentrc
blacklist ${HOME}/.config/leafpad
blacklist ${HOME}/.config/libreoffice
blacklist ${HOME}/.config/liferea
blacklist ${HOME}/.config/lugaru
blacklist ${HOME}/.config/lximage-qt
blacklist ${HOME}/.config/mailtransports
blacklist ${HOME}/.config/mana
blacklist ${HOME}/.config/mate-calc
blacklist ${HOME}/.config/mate/eom
blacklist ${HOME}/.config/mate/mate-dictionary
blacklist ${HOME}/.config/mfusion
blacklist ${HOME}/.config/midori
blacklist ${HOME}/.config/mono
blacklist ${HOME}/.config/mpd
blacklist ${HOME}/.config/mpDris2
blacklist ${HOME}/.config/mps-youtube
blacklist ${HOME}/.config/mpv
blacklist ${HOME}/.config/mupen64plus
blacklist ${HOME}/.config/mypaint
blacklist ${HOME}/.config/nano
blacklist ${HOME}/.config/nautilus
blacklist ${HOME}/.config/nemo
blacklist ${HOME}/.config/netsurf
blacklist ${HOME}/.config/nheko
blacklist ${HOME}/.config/NitroShare
blacklist ${HOME}/.config/nomacs
blacklist ${HOME}/.config/obs-studio
blacklist ${HOME}/.config/okularpartrc
blacklist ${HOME}/.config/okularrc
blacklist ${HOME}/.config/onionshare
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/opera-beta
blacklist ${HOME}/.config/orage
blacklist ${HOME}/.config/org.kde.gwenviewrc
blacklist ${HOME}/.config/pavucontrol.ini
blacklist ${HOME}/.config/pcmanfm
blacklist ${HOME}/.config/pdfmod
blacklist ${HOME}/.config/Pinta
blacklist ${HOME}/.config/pitivi
blacklist ${HOME}/.config/pix
blacklist ${HOME}/.config/pluma
blacklist ${HOME}/.config/ppsspp
blacklist ${HOME}/.config/pragha
blacklist ${HOME}/.config/psi+
blacklist ${HOME}/.config/qBittorrent
blacklist ${HOME}/.config/qBittorrentrc
blacklist ${HOME}/.config/qpdfview
blacklist ${HOME}/.config/qupzilla
blacklist ${HOME}/.config/qutebrowser
blacklist ${HOME}/.config/ranger
blacklist ${HOME}/.config/redshift
blacklist ${HOME}/.config/redshift.conf
blacklist ${HOME}/.config/remmina
blacklist ${HOME}/.config/ristretto
blacklist ${HOME}/.config/scribus
blacklist ${HOME}/.config/skypeforlinux
blacklist ${HOME}/.config/slimjet
blacklist ${HOME}/.config/smplayer
blacklist ${HOME}/.config/smtube
blacklist ${HOME}/.config/snox
blacklist ${HOME}/.config/specialmailcollectionsrc
blacklist ${HOME}/.config/spotify
blacklist ${HOME}/.config/supertuxkart
blacklist ${HOME}/.config/sqlitebrowser
blacklist ${HOME}/.config/stellarium
blacklist ${HOME}/.config/synfig
blacklist ${HOME}/.config/telepathy-account-widgets
blacklist ${HOME}/.config/torbrowser
blacklist ${HOME}/.config/totem
blacklist ${HOME}/.config/tox
blacklist ${HOME}/.config/transgui
blacklist ${HOME}/.config/truecraft
blacklist ${HOME}/.config/transmission
blacklist ${HOME}/.config/uGet
blacklist ${HOME}/.config/uzbl
blacklist ${HOME}/.config/viewnior
blacklist ${HOME}/.config/vivaldi
blacklist ${HOME}/.config/vivaldi-snapshot
blacklist ${HOME}/.config/vlc
blacklist ${HOME}/.config/wesnoth
blacklist ${HOME}/.config/wireshark
blacklist ${HOME}/.config/xchat
blacklist ${HOME}/.config/xed
blacklist ${HOME}/.config/xfburn
blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
blacklist ${HOME}/.config/xfce4-dict
blacklist ${HOME}/.config/xiaoyong
blacklist ${HOME}/.config/xmms2
blacklist ${HOME}/.config/xplayer
blacklist ${HOME}/.config/xreader
blacklist ${HOME}/.config/xviewer
blacklist ${HOME}/.config/yandex-browser
blacklist ${HOME}/.config/yandex-browser-beta
blacklist ${HOME}/.config/zathura
blacklist ${HOME}/.config/zoomus.conf
blacklist ${HOME}/.conkeror.mozdev.org
blacklist ${HOME}/.crawl
blacklist ${HOME}/.curlrc
blacklist ${HOME}/.dashcore
blacklist ${HOME}/.devilspie
blacklist ${HOME}/.dia
blacklist ${HOME}/.digrc
blacklist ${HOME}/.dillo
blacklist ${HOME}/.dooble
blacklist ${HOME}/.dosbox
blacklist ${HOME}/.dropbox*
blacklist ${HOME}/.easystroke
blacklist ${HOME}/.electron-cache
blacklist ${HOME}/.electrum*
blacklist ${HOME}/.elinks
blacklist ${HOME}/.emacs
blacklist ${HOME}/.emacs
blacklist ${HOME}/.emacs.d
blacklist ${HOME}/.ethereum
blacklist ${HOME}/.etr
blacklist ${HOME}/.filezilla
blacklist ${HOME}/.flowblade
blacklist ${HOME}/.fltk
blacklist ${HOME}/.fossamail
blacklist ${HOME}/.freeciv
blacklist ${HOME}/.freecol
blacklist ${HOME}/.freemind
blacklist ${HOME}/.frozen-bubble
blacklist ${HOME}/.gimp*
blacklist ${HOME}/.git-credentials
blacklist ${HOME}/.git-credential-cache
blacklist ${HOME}/.gitconfig
blacklist ${HOME}/.gnome/gnome-schedule
blacklist ${HOME}/.googleearth/Cache/
blacklist ${HOME}/.googleearth/Temp/
blacklist ${HOME}/.googleearth/myplaces.backup.kml
blacklist ${HOME}/.googleearth/myplaces.kml
blacklist ${HOME}/.gradle
blacklist ${HOME}/.gramps
blacklist ${HOME}/.guayadeque
blacklist ${HOME}/.hashcat
blacklist ${HOME}/.hedgewars
blacklist ${HOME}/.hugin
blacklist ${HOME}/.icedove
blacklist ${HOME}/.imagej
blacklist ${HOME}/.inkscape
blacklist ${HOME}/.jack-server
blacklist ${HOME}/.jack-settings
blacklist ${HOME}/.jak
blacklist ${HOME}/.java
blacklist ${HOME}/.jd
blacklist ${HOME}/.jitsi
blacklist ${HOME}/.kde/share/apps/digikam
blacklist ${HOME}/.kde/share/apps/gwenview
blacklist ${HOME}/.kde/share/apps/kaffeine
blacklist ${HOME}/.kde/share/apps/kcookiejar
blacklist ${HOME}/.kde/share/apps/kget
blacklist ${HOME}/.kde/share/apps/khtml
blacklist ${HOME}/.kde/share/apps/konqsidebartng
blacklist ${HOME}/.kde/share/apps/konqueror
blacklist ${HOME}/.kde/share/apps/kopete
blacklist ${HOME}/.kde/share/apps/khtml
blacklist ${HOME}/.kde/share/apps/ktorrent
blacklist ${HOME}/.kde/share/apps/okular
blacklist ${HOME}/.kde/share/config/baloofilerc
blacklist ${HOME}/.kde/share/config/baloorc
blacklist ${HOME}/.kde/share/config/digikam
blacklist ${HOME}/.kde/share/config/gwenviewrc
blacklist ${HOME}/.kde/share/config/k3brc
blacklist ${HOME}/.kde/share/config/kaffeinerc
blacklist ${HOME}/.kde/share/config/kcookiejarrc
blacklist ${HOME}/.kde/share/config/kgetrc
blacklist ${HOME}/.kde/share/config/khtmlrc
blacklist ${HOME}/.kde/share/config/klipperrc
blacklist ${HOME}/.kde/share/config/konq_history
blacklist ${HOME}/.kde/share/config/konqsidebartngrc
blacklist ${HOME}/.kde/share/config/konquerorrc
blacklist ${HOME}/.kde/share/config/konversationrc
blacklist ${HOME}/.kde/share/config/kopeterc
blacklist ${HOME}/.kde/share/config/ktorrentrc
blacklist ${HOME}/.kde/share/config/okularpartrc
blacklist ${HOME}/.kde/share/config/okularrc
blacklist ${HOME}/.kde4/share/apps/digikam
blacklist ${HOME}/.kde4/share/apps/gwenview
blacklist ${HOME}/.kde4/share/apps/kaffeine
blacklist ${HOME}/.kde4/share/apps/kcookiejar
blacklist ${HOME}/.kde4/share/apps/kget
blacklist ${HOME}/.kde4/share/apps/khtml
blacklist ${HOME}/.kde4/share/apps/konqueror
blacklist ${HOME}/.kde4/share/apps/konqsidebartng
blacklist ${HOME}/.kde4/share/apps/kopete
blacklist ${HOME}/.kde4/share/apps/ktorrent
blacklist ${HOME}/.kde4/share/apps/okular
blacklist ${HOME}/.kde4/share/config/baloorc
blacklist ${HOME}/.kde4/share/config/baloofilerc
blacklist ${HOME}/.kde4/share/config/digikam
blacklist ${HOME}/.kde4/share/config/gwenviewrc
blacklist ${HOME}/.kde4/share/config/k3brc
blacklist ${HOME}/.kde4/share/config/kaffeinerc
blacklist ${HOME}/.kde4/share/config/kcookiejarrc
blacklist ${HOME}/.kde4/share/config/kgetrc
blacklist ${HOME}/.kde4/share/config/khtmlrc
blacklist ${HOME}/.kde4/share/config/klipperrc
blacklist ${HOME}/.kde4/share/config/konq_history
blacklist ${HOME}/.kde4/share/config/konqsidebartngrc
blacklist ${HOME}/.kde4/share/config/konquerorrc
blacklist ${HOME}/.kde4/share/config/konversationrc
blacklist ${HOME}/.kde4/share/config/kopeterc
blacklist ${HOME}/.kde4/share/config/ktorrentrc
blacklist ${HOME}/.kde4/share/config/okularpartrc
blacklist ${HOME}/.kde4/share/config/okularrc
blacklist ${HOME}/.killingfloor
blacklist ${HOME}/.kino-history
blacklist ${HOME}/.kinorc
blacklist ${HOME}/.kodi
blacklist ${HOME}/.lincity-ng
blacklist ${HOME}/.linphone-history.db
blacklist ${HOME}/.linphonerc
blacklist ${HOME}/.lmmsrc.xml
blacklist ${HOME}/.local/lib/vivaldi
blacklist ${HOME}/.local/share/0ad
blacklist ${HOME}/.local/share/3909/PapersPlease
blacklist ${HOME}/.local/share/Anki2
blacklist ${HOME}/.local/share/Empathy
blacklist ${HOME}/.local/share/JetBrains
blacklist ${HOME}/.local/share/Mendeley Ltd.
blacklist ${HOME}/.local/share/Mumble
blacklist ${HOME}/.local/share/PBE
blacklist ${HOME}/.local/share/QMediathekView
blacklist ${HOME}/.local/share/QuiteRss
blacklist ${HOME}/.local/share/Ricochet
blacklist ${HOME}/.local/share/Steam
blacklist ${HOME}/.local/share/SuperHexagon
blacklist ${HOME}/.local/share/TelegramDesktop
blacklist ${HOME}/.local/share/Terraria
blacklist ${HOME}/.local/share/TpLogger
blacklist ${HOME}/.local/share/akonadi*
blacklist ${HOME}/.local/share/akregator
blacklist ${HOME}/.local/share/apps/korganizer
blacklist ${HOME}/.local/share/aspyr-media
blacklist ${HOME}/.local/share/baloo
blacklist ${HOME}/.local/share/bibletime
blacklist ${HOME}/.local/share/caja-python
blacklist ${HOME}/.local/share/cdprojektred
blacklist ${HOME}/.local/share/clipit
blacklist ${HOME}/.local/share/contacts
blacklist ${HOME}/.local/share/data/Mendeley Ltd.
blacklist ${HOME}/.local/share/data/Mumble
blacklist ${HOME}/.local/share/data/MusE
blacklist ${HOME}/.local/share/data/MuseScore
blacklist ${HOME}/.local/share/data/nomacs
blacklist ${HOME}/.local/share/data/qBittorrent
blacklist ${HOME}/.local/share/dino
blacklist ${HOME}/.local/share/dolphin
blacklist ${HOME}/.local/share/emailidentities
blacklist ${HOME}/.local/share/epiphany
blacklist ${HOME}/.local/share/evolution
blacklist ${HOME}/.local/share/feedreader
blacklist ${HOME}/.local/share/feral-interactive
blacklist ${HOME}/.local/share/freecol
blacklist ${HOME}/.local/share/gajim
blacklist ${HOME}/.local/share/geary
blacklist ${HOME}/.local/share/geeqie
blacklist ${HOME}/.local/share/gitg
blacklist ${HOME}/.local/share/gnome-2048
blacklist ${HOME}/.local/share/gnome-chess
blacklist ${HOME}/.local/share/gnome-music
blacklist ${HOME}/.local/share/gnome-photos
blacklist ${HOME}/.local/share/gnome-recipes
blacklist ${HOME}/.local/share/gnome-ring
blacklist ${HOME}/.local/share/gnome-twitch
blacklist ${HOME}/.local/share/gradio
blacklist ${HOME}/.local/share/gwenview
blacklist ${HOME}/.local/share/kaffeine
blacklist ${HOME}/.local/share/kate
blacklist ${HOME}/.local/share/kdenlive
blacklist ${HOME}/.local/share/kget
blacklist ${HOME}/.local/share/klavaro
blacklist ${HOME}/.local/share/kmail2
blacklist ${HOME}/.local/share/knotes
blacklist ${HOME}/.local/share/krita
blacklist ${HOME}/.local/share/ktorrentrc
blacklist ${HOME}/.local/share/ktorrent
blacklist ${HOME}/.local/share/kwrite
blacklist ${HOME}/.local/share/liferea
blacklist ${HOME}/.local/share/local-mail
blacklist ${HOME}/.local/share/lollypop
blacklist ${HOME}/.local/share/lugaru
blacklist ${HOME}/.local/share/mana
blacklist ${HOME}/.local/share/maps-places.json
blacklist ${HOME}/.local/share/meld
blacklist ${HOME}/.local/share/midori
blacklist ${HOME}/.local/share/multimc
blacklist ${HOME}/.local/share/multimc5
blacklist ${HOME}/.local/share/mupen64plus
blacklist ${HOME}/.local/share/mypaint
blacklist ${HOME}/.local/share/nautilus
blacklist ${HOME}/.local/share/nautilus-python
blacklist ${HOME}/.local/share/nemo
blacklist ${HOME}/.local/share/nemo-python
blacklist ${HOME}/.local/share/nomacs
blacklist ${HOME}/.local/share/notes
blacklist ${HOME}/.local/share/ocenaudio
blacklist ${HOME}/.local/share/okular
blacklist ${HOME}/.local/share/orage
blacklist ${HOME}/.local/share/org.kde.gwenview
blacklist ${HOME}/.local/share/rhythmbox
blacklist ${HOME}/.local/share/pix
blacklist ${HOME}/.local/share/plasma_notes
blacklist ${HOME}/.local/share/psi+
blacklist ${HOME}/.local/share/qpdfview
blacklist ${HOME}/.local/share/qutebrowser
blacklist ${HOME}/.local/share/remmina
blacklist ${HOME}/.local/share/scribus
blacklist ${HOME}/.local/share/spotify
blacklist ${HOME}/.local/share/steam
blacklist ${HOME}/.local/share/supertux2
blacklist ${HOME}/.local/share/supertuxkart
blacklist ${HOME}/.local/share/telepathy
blacklist ${HOME}/.local/share/terasology
blacklist ${HOME}/.local/share/torbrowser
blacklist ${HOME}/.local/share/totem
blacklist ${HOME}/.local/share/uzbl
blacklist ${HOME}/.local/share/vlc
blacklist ${HOME}/.local/share/vpltd
blacklist ${HOME}/.local/share/vulkan
blacklist ${HOME}/.local/share/warsow-2.1
blacklist ${HOME}/.local/share/wesnoth
blacklist ${HOME}/.local/share/xplayer
blacklist ${HOME}/.local/share/xreader
blacklist ${HOME}/.local/share/zathura
blacklist ${HOME}/.lv2
blacklist ${HOME}/.masterpdfeditor
blacklist ${HOME}/.mcabber
blacklist ${HOME}/.mcabberrc
blacklist ${HOME}/.mediathek3
blacklist ${HOME}/.megaglest
blacklist ${HOME}/.minetest
blacklist ${HOME}/.moonchild productions/basilisk
blacklist ${HOME}/.moonchild productions/pale moon
blacklist ${HOME}/.mozilla
blacklist ${HOME}/.mpd
blacklist ${HOME}/.mpdconf
blacklist ${HOME}/.mplayer
blacklist ${HOME}/.msmtprc
blacklist ${HOME}/.multimc5
blacklist ${HOME}/.nanorc
blacklist ${HOME}/.netactview
blacklist ${HOME}/.neverball
blacklist ${HOME}/.newsboat
blacklist ${HOME}/.nv
blacklist ${HOME}/.nylas-mail
blacklist ${HOME}/.opencity
blacklist ${HOME}/.openinvaders
blacklist ${HOME}/.openshot
blacklist ${HOME}/.openshot_qt
blacklist ${HOME}/.openttd
blacklist ${HOME}/.opera
blacklist ${HOME}/.opera-beta
blacklist ${HOME}/.ostrichriders
blacklist ${HOME}/.pingus
blacklist ${HOME}/.pioneer
blacklist ${HOME}/.purple
blacklist ${HOME}/.qemu-launcher
blacklist ${HOME}/.qmmp
blacklist ${HOME}/.quodlibet
blacklist ${HOME}/.redeclipse
blacklist ${HOME}/.remmina
blacklist ${HOME}/.repo_.gitconfig.json
blacklist ${HOME}/.repoconfig
blacklist ${HOME}/.retroshare
blacklist ${HOME}/.scorched3d
blacklist ${HOME}/.scribus
blacklist ${HOME}/.scribusrc
blacklist ${HOME}/.simutrans
blacklist ${HOME}/.smartgit/*/passwords
blacklist ${HOME}/.steam
blacklist ${HOME}/.steampath
blacklist ${HOME}/.steampid
blacklist ${HOME}/.stellarium
blacklist ${HOME}/.subversion
blacklist ${HOME}/.surf
blacklist ${HOME}/.sword
blacklist ${HOME}/.sylpheed-2.0
blacklist ${HOME}/.synfig
blacklist ${HOME}/.tconn
blacklist ${HOME}/.teeworlds
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.tilp
blacklist ${HOME}/.tooling
blacklist ${HOME}/.tor-browser-*
blacklist ${HOME}/.tor-browser_*
blacklist ${HOME}/.torcs
blacklist ${HOME}/.tremulous
blacklist ${HOME}/.ts3client
blacklist ${HOME}/.tuxguitar*
blacklist ${HOME}/.unknown-horizons
blacklist ${HOME}/.viking
blacklist ${HOME}/.viking-maps
blacklist ${HOME}/.vscode
blacklist ${HOME}/.vscode-oss
blacklist ${HOME}/.vst
blacklist ${HOME}/.vultures
blacklist ${HOME}/.w3m
blacklist ${HOME}/.warzone2100-3.*
blacklist ${HOME}/.waterfox
blacklist ${HOME}/.weechat
blacklist ${HOME}/.wget-hsts
blacklist ${HOME}/.wgetrc
blacklist ${HOME}/.widelands
blacklist ${HOME}/.wine
blacklist ${HOME}/.wireshark
blacklist ${HOME}/.wine64
blacklist ${HOME}/.xiphos
blacklist ${HOME}/.xmind
blacklist ${HOME}/.xmms
blacklist ${HOME}/.xmr-stak
blacklist ${HOME}/.xonotic
blacklist ${HOME}/.xpdfrc
blacklist ${HOME}/.zoom
blacklist /tmp/akonadi-*
blacklist /tmp/ssh-*
# ${HOME}/.cache directory
blacklist ${HOME}/.cache/0ad
blacklist ${HOME}/.cache/8pecxstudios
blacklist ${HOME}/.cache/Authenticator
blacklist ${HOME}/.cache/Clementine
blacklist ${HOME}/.cache/Enox
blacklist ${HOME}/.cache/Franz
blacklist ${HOME}/.cache/INRIA
blacklist ${HOME}/.cache/MusicBrainz
blacklist ${HOME}/.cache/QuiteRss
blacklist ${HOME}/.cache/akonadi*
blacklist ${HOME}/.cache/atril
blacklist ${HOME}/.cache/attic
blacklist ${HOME}/.cache/bnox
blacklist ${HOME}/.cache/borg
blacklist ${HOME}/.cache/calibre
blacklist ${HOME}/.cache/champlain
blacklist ${HOME}/.cache/chromium
blacklist ${HOME}/.cache/chromium-dev
blacklist ${HOME}/.cache/cliqz
blacklist ${HOME}/.cache/darktable
blacklist ${HOME}/.cache/discover
blacklist ${HOME}/.cache/dnox
blacklist ${HOME}/.cache/dolphin
blacklist ${HOME}/.cache/epiphany
blacklist ${HOME}/.cache/evolution
blacklist ${HOME}/.cache/falkon
blacklist ${HOME}/.cache/feedreader
blacklist ${HOME}/.cache/font-manager
blacklist ${HOME}/.cache/fossamail
blacklist ${HOME}/.cache/freecol
blacklist ${HOME}/.cache/gajim
blacklist ${HOME}/.cache/geeqie
blacklist ${HOME}/.cache/google-chrome
blacklist ${HOME}/.cache/google-chrome-beta
blacklist ${HOME}/.cache/google-chrome-unstable
blacklist ${HOME}/.cache/gnome-recipes
blacklist ${HOME}/.cache/gnome-twitch
blacklist ${HOME}/.cache/gradio
blacklist ${HOME}/.cache/icedove
blacklist ${HOME}/.cache/INRIA/Natron
blacklist ${HOME}/.cache/inkscape
blacklist ${HOME}/.cache/inox
blacklist ${HOME}/.cache/iridium
blacklist ${HOME}/.cache/kdenlive
blacklist ${HOME}/.cache/kinfocenter
blacklist ${HOME}/.cache/kmail2
blacklist ${HOME}/.cache/krunner
blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
blacklist ${HOME}/.cache/kscreenlocker_greet
blacklist ${HOME}/.cache/ksmserver-logout-greeter
blacklist ${HOME}/.cache/ksplashqml
blacklist ${HOME}/.cache/kwin
blacklist ${HOME}/.cache/libgweather
blacklist ${HOME}/.cache/liferea
blacklist ${HOME}/.cache/Mendeley Ltd.
blacklist ${HOME}/.cache/midori
blacklist ${HOME}/.cache/moonchild productions/basilisk
blacklist ${HOME}/.cache/moonchild productions/pale moon
blacklist ${HOME}/.cache/mozilla
blacklist ${HOME}/.cache/ms-excel-online
blacklist ${HOME}/.cache/ms-office-online
blacklist ${HOME}/.cache/ms-onenote-online
blacklist ${HOME}/.cache/ms-outlook-online
blacklist ${HOME}/.cache/ms-powerpoint-online
blacklist ${HOME}/.cache/ms-skype-online
blacklist ${HOME}/.cache/ms-word-online
blacklist ${HOME}/.cache/mutt
blacklist ${HOME}/.cache/mypaint
blacklist ${HOME}/.cache/nheko/nheko
blacklist ${HOME}/.cache/netsurf
blacklist ${HOME}/.cache/okular
blacklist ${HOME}/.cache/opera
blacklist ${HOME}/.cache/opera-beta
blacklist ${HOME}/.cache/org.gnome.Books
blacklist ${HOME}/.cache/pdfmod
blacklist ${HOME}/.cache/peek
blacklist ${HOME}/.cache/plasmashell
blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
blacklist ${HOME}/.cache/qBittorrent
blacklist ${HOME}/.cache/qupzilla
blacklist ${HOME}/.cache/qutebrowser
blacklist ${HOME}/.cache/simple-scan
blacklist ${HOME}/.cache/slimjet
blacklist ${HOME}/.cache/snox
blacklist ${HOME}/.cache/spotify
blacklist ${HOME}/.cache/supertuxkart
blacklist ${HOME}/.cache/systemsettings
blacklist ${HOME}/.cache/telepathy
blacklist ${HOME}/.cache/thunderbird
blacklist ${HOME}/.cache/torbrowser
blacklist ${HOME}/.cache/transmission
blacklist ${HOME}/.cache/vivaldi
blacklist ${HOME}/.cache/vivaldi-snapshot
blacklist ${HOME}/.cache/vlc
blacklist ${HOME}/.cache/warsow-2.1
blacklist ${HOME}/.cache/waterfox
blacklist ${HOME}/.cache/wesnoth
blacklist ${HOME}/.cache/xmms2
blacklist ${HOME}/.cache/xreader
blacklist ${HOME}/.cache/yandex-browser
blacklist ${HOME}/.cache/yandex-browser-beta
blacklist /var/games/nethack
blacklist /var/games/slashem
blacklist /var/games/vulturesclaw
blacklist /var/games/vultureseye
blacklist /var/lib/games/Maelstrom-Scores
]0;firejail /usr/bin/meld ./etc/disable-programs_LOCAL_29017.inc ./etc/disable-programs_BASE_29017.inc ./etc/disable-programs_REMOTE_29017.inc 

38
etc/geany.profile
View file

@ -1,37 +1 @@
# Firejail profile for geany
# Description: Fast and lightweight IDE
# This file is overwritten after every install/update
# Persistent local customizations
include geany.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/geany
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.python-history
noblacklist ${HOME}/.pythonrc.py
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
private-dev
private-tmp
]0;firejail /usr/bin/meld ./etc/geany_LOCAL_29017.profile ./etc/geany_BASE_29017.profile ./etc/geany_REMOTE_29017.profile 

51
etc/gedit.profile
View file

@ -1,50 +1 @@
# Firejail profile for gedit
# Description: Official text editor of the GNOME desktop environment
# This file is overwritten after every install/update
# Persistent local customizations
include gedit.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/enchant
noblacklist ${HOME}/.config/gedit
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.python-history
noblacklist ${HOME}/.pythonrc.py
include disable-common.inc
# include disable-devel.inc
include disable-exec.inc
# include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include whitelist-var-common.inc
# apparmor - makes settings immutable
caps.drop all
machine-id
# net none - makes settings immutable
no3d
# nodbus - makes settings immutable
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix
seccomp
shell none
tracelog
# private-bin gedit
private-dev
# private-etc alternatives,fonts
private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell
private-tmp
]0;firejail /usr/bin/meld ./etc/gedit_LOCAL_29017.profile ./etc/gedit_BASE_29017.profile ./etc/gedit_REMOTE_29017.profile 

52
etc/git.profile
View file

@ -1,51 +1 @@
# Firejail profile for git
# Description: Fast, scalable, distributed revision control system
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include git.local
# Persistent global definitions
include globals.local
blacklist /tmp/.X11-unix
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.config/nano
noblacklist ${HOME}/.emacs
noblacklist ${HOME}/.emacs.d
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.nanorc
noblacklist ${HOME}/.oh-my-zsh
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.vim
noblacklist ${HOME}/.viminfo
include disable-common.inc
include disable-exec.inc
include disable-passwdmgr.inc
include disable-programs.inc
apparmor
caps.drop all
ipc-namespace
machine-id
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
private-dev
memory-deny-write-execute
]0;firejail /usr/bin/meld ./etc/git_LOCAL_29017.profile ./etc/git_BASE_29017.profile ./etc/git_REMOTE_29017.profile 

45
etc/gitg.profile
View file

@ -1,44 +1 @@
# Firejail profile for gitg
# Description: Git repository viewer
# This file is overwritten after every install/update
# Persistent local customizations
include gitg.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.local/share/gitg
noblacklist ${HOME}/.ssh
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include whitelist-var-common.inc
caps.drop all
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-bin gitg,git,ssh
private-cache
private-dev
private-tmp
# mdwe breaks diff in older versions
#memory-deny-write-execute
]0;firejail /usr/bin/meld ./etc/gitg_LOCAL_29017.profile ./etc/gitg_BASE_29017.profile ./etc/gitg_REMOTE_29017.profile 

50
etc/github-desktop.profile
View file

@ -1,49 +1 @@
# Firejail profile for github-desktop
# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
# This file is overwritten after every install/update
# Persistent local customizations
include github-desktop.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.config/GitHub Desktop
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
caps.drop all
netfilter
# no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
seccomp
# Note: On debian-based distributions the binary might be located in
# /opt/GitHub Desktop/github-desktop, and therefore not be in PATH.
# If that's the case you can start GitHub Desktop with firejail via
# `firejail "/opt/GitHub Desktop/github-desktop"`.
disable-mnt
# private-bin github-desktop
private-cache
?HAS_APPIMAGE: ignore private-dev
private-dev
# private-etc alternatives
# private-lib
private-tmp
# memory-deny-write-execute
]0;firejail /usr/bin/meld ./etc/github-desktop_LOCAL_29017.profile ./etc/github-desktop_BASE_29017.profile ./etc/github-desktop_REMOTE_29017.profile 

37
etc/gnome-builder.profile
View file

@ -1,36 +1 @@
# Firejail profile for gnome-builder
# Description: IDE for GNOME
# This file is overwritten after every install/update
# Persistent local customizations
include gnome-builder.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.cargo/config
noblacklist ${HOME}/.cargo/registry
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.python-history
noblacklist ${HOME}/.pythonrc.py
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
ipc-namespace
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
private-dev
]0;firejail /usr/bin/meld ./etc/gnome-builder_LOCAL_29017.profile ./etc/gnome-builder_BASE_29017.profile ./etc/gnome-builder_REMOTE_29017.profile 

43
etc/idea.sh.profile
View file

@ -1,42 +1 @@
# Firejail profile for idea.sh
# This file is overwritten after every install/update
# Persistent local customizations
include idea.sh.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.IdeaIC*
noblacklist ${HOME}/.android
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.gradle
noblacklist ${HOME}/.jack-server
noblacklist ${HOME}/.jack-settings
noblacklist ${HOME}/.java
noblacklist ${HOME}/.local/share/JetBrains
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.tooling
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
private-dev
# private-tmp
noexec /tmp
]0;firejail /usr/bin/meld ./etc/idea.sh_LOCAL_29017.profile ./etc/idea.sh_BASE_29017.profile ./etc/idea.sh_REMOTE_29017.profile 

62
etc/meld.profile
View file

@ -1,61 +1 @@
# Firejail profile for meld
# Description: Graphical tool to diff and merge files
# This file is overwritten after every install/update
# Persistent local customizations
include meld.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.local/share/meld
# Allow python (blacklisted by disable-interpreters.inc)
noblacklist ${PATH}/python2*
noblacklist ${PATH}/python3*
noblacklist /usr/lib/python2*
noblacklist /usr/lib/python3*
noblacklist /usr/local/lib/python2*
noblacklist /usr/local/lib/python3*
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.subversion
# Uncomment the next line if you don't need to compare files in disable-common.inc.
#include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
# Uncomment the next line if you don't need to compare files in disable-programs.inc.
#include disable-programs.inc
include whitelist-var-common.inc
apparmor
caps.drop all
ipc-namespace
machine-id
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
tracelog
private-bin bzr,cvs,git,hg,meld,python*,svn
private-cache
private-dev
# Uncomment the next line if you don't need to compare in /etc.
#private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion
private-tmp
]0;firejail /usr/bin/meld ./etc/meld_LOCAL_29017.profile ./etc/meld_BASE_29017.profile ./etc/meld_REMOTE_29017.profile 

44
etc/webstorm.profile
View file

@ -1,43 +1 @@
# Firejail profile for WebStorm
# This file is overwritten after every install/update
# Persistent local customizations
include webstorm.local
# Persistent global definitions
include globals.local
noblacklist ${HOME}/.WebStorm*
noblacklist ${HOME}/.android
noblacklist ${HOME}/.config/git
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.git-credentials
noblacklist ${HOME}/.gradle
noblacklist ${HOME}/.java
noblacklist ${HOME}/.local/share/JetBrains
noblacklist ${HOME}/.ssh
noblacklist ${HOME}/.tooling
noblacklist ${PATH}/node
noblacklist ${HOME}/.nvm
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
private-cache
private-dev
private-tmp
]0;firejail /usr/bin/meld ./etc/webstorm_LOCAL_29017.profile ./etc/webstorm_BASE_29017.profile ./etc/webstorm_REMOTE_29017.profile