github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

Baseline firejail 0.9.28

Browse source
This commit is contained in:
netblue30 2015-08-08 19:12:30 -04:00
parent f104ebb698
commit 1379851360
246 changed files with 33999 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
etc/audacious.profile Normal file
View file

@ -0,0 +1,8 @@
# Audacious profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

3
etc/chromium-browser.profile Normal file
View file

@ -0,0 +1,3 @@
# Chromium browser profile
include /etc/firejail/chromium.profile

7
etc/chromium.profile Normal file
View file

@ -0,0 +1,7 @@
# Chromium browser profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc chromium
netfilter

7
etc/clementine.profile Normal file
View file

@ -0,0 +1,7 @@
# Clementine profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

8
etc/deadbeef.profile Normal file
View file

@ -0,0 +1,8 @@
# DeaDBeeF profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

9
etc/deluge.profile Normal file
View file

@ -0,0 +1,9 @@
# deluge profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot

10
etc/disable-common.inc Normal file
View file

@ -0,0 +1,10 @@
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.mozilla
blacklist ${HOME}/.icedove
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.config/midori
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/google-chrome
blacklist ${HOME}/.filezilla

12
etc/disable-mgmt.inc Normal file
View file

@ -0,0 +1,12 @@
# system directories
blacklist /sbin
blacklist /usr/sbin
# system management
blacklist ${PATH}/umount
blacklist ${PATH}/mount
blacklist ${PATH}/fusermount
blacklist ${PATH}/su
blacklist ${PATH}/sudo
blacklist ${PATH}/xinput
blacklist ${PATH}/strace

9
etc/disable-secret.inc Normal file
View file

@ -0,0 +1,9 @@
# HOME directory
blacklist ${HOME}/.ssh
tmpfs ${HOME}/.gnome2_private
blacklist ${HOME}/.gnome2/keyrings
blacklist ${HOME}/kde4/share/apps/kwallet
blacklist ${HOME}/kde/share/apps/kwallet
blacklist ${HOME}/.pki/nssdb
blacklist ${HOME}/.gnupg
blacklist ${HOME}/.local/share/recently-used.xbel

7
etc/dropbox.profile Normal file
View file

@ -0,0 +1,7 @@
# dropbox profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps
seccomp
noroot

6
etc/empathy.profile Normal file
View file

@ -0,0 +1,6 @@
# Empathy profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp

8
etc/evince.profile Normal file
View file

@ -0,0 +1,8 @@
# evince profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot

10
etc/filezilla.profile Normal file
View file

@ -0,0 +1,10 @@
# FileZilla profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc .filezilla
caps.drop all
seccomp
noroot
netfilter

9
etc/firefox.profile Normal file
View file

@ -0,0 +1,9 @@
# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc .mozilla
caps.drop all
seccomp
netfilter
noroot

86
etc/firejail.bash_completion Normal file
View file

@ -0,0 +1,86 @@
# bash completion for firejail -*- shell-script -*-
#********************************************************************
# Script based on completions/configure script in bash-completion package in
# Debian. The original package is release under GPL v2 license, the webpage is
# http://bash-completion.alioth.debian.org
#*******************************************************************
__interfaces(){
cut -f 1 -d ':' /proc/net/dev | tail -n +3 | grep -v lo | xargs
}
_firejail()
{
local cur prev words cword split
_init_completion -s || return
case $prev in
--help|--version|-debug-caps|--debug-syscalls|--list|--tree|--top|--join|--shutdown)
return 0
;;
--profile)
_filedir
return 0
;;
--chroot)
_filedir -d
return 0
;;
--cgroup)
_filedir -d
return 0
;;
--tmpfs)
_filedir
return 0
;;
--blacklist)
_filedir
return 0
;;
--read-only)
_filedir
return 0
;;
--bind)
_filedir
return 0
;;
--private)
_filedir
return 0
;;
--shell)
_filedir
return 0
;;
--net)
comps=$(__interfaces)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
;;
esac
$split && return 0
# if $COMP_CONFIGURE_HINTS is not null, then completions of the form
# --option=SETTING will include 'SETTING' as a contextual hint
[[ "$cur" != -* ]] && _filedir && return 0
if [[ -n $COMP_CONFIGURE_HINTS ]]; then
COMPREPLY=( $( compgen -W "$( $1 --help 2>&1 | \
awk '/^ --[A-Za-z]/ { print $1; \
if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,].*//g' )" \
-- "$cur" ) )
[[ $COMPREPLY == *=* ]] && compopt -o nospace
else
COMPREPLY=( $( compgen -W '$( _parse_help "$1" )' -- "$cur" ) )
[[ $COMPREPLY == *= ]] && compopt -o nospace
fi
} &&
complete -F _firejail firejail

39
etc/firemon.bash_completion Normal file
View file

@ -0,0 +1,39 @@
# bash completion for firemon -*- shell-script -*-
#********************************************************************
# Script based on completions/configure script in bash-completion package in
# Debian. The original package is release under GPL v2 license, the webpage is
# http://bash-completion.alioth.debian.org
#*******************************************************************
_firemon()
{
local cur prev words cword split
_init_completion -s || return
case $prev in
--help|--version)
return
;;
esac
$split && return 0
# if $COMP_CONFIGURE_HINTS is not null, then completions of the form
# --option=SETTING will include 'SETTING' as a contextual hint
[[ "$cur" != -* ]] && return 0
if [[ -n $COMP_CONFIGURE_HINTS ]]; then
COMPREPLY=( $( compgen -W "$( $1 --help 2>&1 | \
awk '/^ --[A-Za-z]/ { print $1; \
if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,].*//g' )" \
-- "$cur" ) )
[[ $COMPREPLY == *=* ]] && compopt -o nospace
else
COMPREPLY=( $( compgen -W '$( _parse_help "$1" )' -- "$cur" ) )
[[ $COMPREPLY == *= ]] && compopt -o nospace
fi
} &&
complete -F _firemon firemon

41
etc/generic.profile Normal file
View file

@ -0,0 +1,41 @@
################################
# Generic profile based on Firefox profile
################################
#include /etc/firejail/disable-mgmt.inc
# system directories
blacklist /sbin
blacklist /usr/sbin
# system management
blacklist ${PATH}/umount
blacklist ${PATH}/mount
blacklist ${PATH}/fusermount
blacklist ${PATH}/su
blacklist ${PATH}/sudo
blacklist ${PATH}/xinput
blacklist ${PATH}/strace
#include /etc/firejail/disable-secret.inc
# HOME directory
blacklist ${HOME}/.ssh
tmpfs ${HOME}/.gnome2_private
blacklist ${HOME}/.gnome2/keyrings
blacklist ${HOME}/kde4/share/apps/kwallet
blacklist ${HOME}/kde/share/apps/kwallet
blacklist ${HOME}/.pki/nssdb
blacklist ${HOME}/.gnupg
blacklist ${HOME}/.local/share/recently-used.xbel
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.mozilla
blacklist ${HOME}/.icedove
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/google-chrome
caps.drop all
seccomp
netfilter
noroot

7
etc/gnome-mplayer.profile Normal file
View file

@ -0,0 +1,7 @@
# GNOME MPlayer profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

2
etc/icecat.profile Normal file
View file

@ -0,0 +1,2 @@
# Firejail profile for GNU Icecat
include /etc/firejail/firefox.profile

3
etc/icedove.profile Normal file
View file

@ -0,0 +1,3 @@
# Firejail profile for Mozilla Thunderbird (Icedove in Debian)
include /etc/firejail/thunderbird.profile

2
etc/iceweasel.profile Normal file
View file

@ -0,0 +1,2 @@
# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
include /etc/firejail/firefox.profile

14
etc/login.users Normal file
View file

@ -0,0 +1,14 @@
# /etc/firejail/login.users - restricted user shell configuration
#
# Each user entry consists of a user name and firejail
# program arguments:
#
# user name: arguments
#
# For example:
#
# netblue:--debug --net=none
#
# The extra arguments are inserted into program command line if firejail
# was started as a login shell.

9
etc/midori.profile Normal file
View file

@ -0,0 +1,9 @@
# Midory browser profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc midori
caps.drop all
seccomp
netfilter
noroot

8
etc/opera.profile Normal file
View file

@ -0,0 +1,8 @@
# Chromium browser profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc opera
netfilter
noroot

7
etc/pidgin.profile Normal file
View file

@ -0,0 +1,7 @@
# Pidgin profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

9
etc/qbittorrent.profile Normal file
View file

@ -0,0 +1,9 @@
# abittorrent profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot

7
etc/quassel.profile Normal file
View file

@ -0,0 +1,7 @@
# Quassel IRC profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

7
etc/rhythmbox.profile Normal file
View file

@ -0,0 +1,7 @@
# Rhythmbox profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

6
etc/server.profile Normal file
View file

@ -0,0 +1,6 @@
# generic server profile
include /etc/firejail/disable-mgmt.inc sbin
private
private-dev
seccomp

9
etc/thunderbird.profile Normal file
View file

@ -0,0 +1,9 @@
# Firejail profile for Mozilla Thunderbird (Icedove in Debian)
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc thunderbird icedove
caps.drop all
seccomp
netfilter
noroot

7
etc/totem.profile Normal file
View file

@ -0,0 +1,7 @@
# Totem profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

9
etc/transmission-gtk.profile Normal file
View file

@ -0,0 +1,9 @@
# transmission-gtk profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot

9
etc/transmission-qt.profile Normal file
View file

@ -0,0 +1,9 @@
# transmission-qt profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot

7
etc/vlc.profile Normal file
View file

@ -0,0 +1,7 @@
# VLC profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot

7
etc/xchat.profile Normal file
View file

@ -0,0 +1,7 @@
# XChat profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot