github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

added mkdir in all whitelisted profiles

Browse source
This commit is contained in:
netblue30 2016-02-18 09:16:18 -05:00
parent f9483efe92
commit 3a71eb2af9
16 changed files with 77 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/Mathematica.profile
View file

@ -1,5 +1,7 @@
# Mathematica profile
mkdir ~/.Mathematica
whitelist ~/.Mathematica
mkdir ~/.Wolfram Research
whitelist ~/.Wolfram Research
whitelist ~/Documents/Wolfram Mathematica
include /etc/firejail/whitelist-common.inc

4
etc/cherrytree.profile
View file

@ -1,5 +1,9 @@
whitelist ${HOME}/cherrytree
mkdir ~/.config
mkdir ~/.config/cherrytree
whitelist ${HOME}/.config/cherrytree/
mkdir ~/.local
mkdir ~/.local/share
whitelist ${HOME}/.local/share/
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc

5
etc/chromium.profile
View file

@ -11,7 +11,12 @@ include /etc/firejail/disable-terminals.inc
netfilter
whitelist ${DOWNLOADS}
mkdir ~/.config
mkdir ~/.config/chromium
whitelist ~/.config/chromium
mkdir ~/.cache
mkdir ~/.cache/chromium
whitelist ~/.cache/chromium
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

7
etc/epiphany.profile
View file

@ -5,8 +5,15 @@ include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-terminals.inc
whitelist ${DOWNLOADS}
mkdir ${HOME}/.local
mkdir ${HOME}/.local/share
mkdir ${HOME}/.local/share/epiphany
whitelist ${HOME}/.local/share/epiphany
mkdir ${HOME}/.config
mkdir ${HOME}/.config/epiphany
whitelist ${HOME}/.config/epiphany
mkdir ${HOME}/.cache
mkdir ${HOME}/.cache/epiphany
whitelist ${HOME}/.cache/epiphany
include /etc/firejail/whitelist-common.inc
caps.drop all

5
etc/google-chrome-beta.profile
View file

@ -11,8 +11,13 @@ include /etc/firejail/disable-terminals.inc
netfilter
whitelist ${DOWNLOADS}
mkdir ~/.config
mkdir ~/.config/google-chrome-beta
whitelist ~/.config/google-chrome-beta
mkdir ~/.cache
mkdir ~/.cache/google-chrome-beta
whitelist ~/.cache/google-chrome-beta
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

5
etc/google-chrome-unstable.profile
View file

@ -11,8 +11,13 @@ include /etc/firejail/disable-terminals.inc
netfilter
whitelist ${DOWNLOADS}
mkdir ~/.config
mkdir ~/.config/google-chrome-unstable
whitelist ~/.config/google-chrome-unstable
mkdir ~/.cache
mkdir ~/.cache/google-chrome-unstable
whitelist ~/.cache/google-chrome-unstable
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

5
etc/google-chrome.profile
View file

@ -11,7 +11,12 @@ include /etc/firejail/disable-terminals.inc
netfilter
whitelist ${DOWNLOADS}
mkdir ~/.config
mkdir ~/.config/google-chrome
whitelist ~/.config/google-chrome
mkdir ~/.cache
mkdir ~/.cache/google-chrome
whitelist ~/.cache/google-chrome
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

5
etc/mupen64plus.profile
View file

@ -5,7 +5,12 @@ include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-terminals.inc
mkdir ${HOME}/.local
mkdir ${HOME}/.local/share
mkdir ${HOME}/.local/share/mupen64plus
whitelist ${HOME}/.local/share/mupen64plus/
mkdir ${HOME}/.config
mkdir ${HOME}/.config/mupen64plus
whitelist ${HOME}/.config/mupen64plus/
noroot
caps.drop all

5
etc/opera-beta.profile
View file

@ -6,9 +6,14 @@ include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-terminals.inc
netfilter
mkdir ~/.config
mkdir ~/.config/opera-beta
whitelist ~/.config/opera-beta
whitelist ${DOWNLOADS}
mkdir ~/.cache
mkdir ~/.cache/opera-beta
whitelist ~/.cache/opera-beta
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

5
etc/opera.profile
View file

@ -6,9 +6,14 @@ include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-terminals.inc
netfilter
mkdir ~/.config
mkdir ~/.config/opera
whitelist ~/.config/opera
whitelist ${DOWNLOADS}
mkdir ~/.cache
mkdir ~/.cache/opera
whitelist ~/.cache/opera
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

12
etc/polari.profile
View file

@ -4,12 +4,24 @@ include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-terminals.inc
mkdir ${HOME}/.local
mkdir ${HOME}/.local/share/
mkdir ${HOME}/.local/share/Empathy
whitelist ${HOME}/.local/share/Empathy
mkdir ${HOME}/.local/share/telepathy
whitelist ${HOME}/.local/share/telepathy
mkdir ${HOME}/.local/share/TpLogger
whitelist ${HOME}/.local/share/TpLogger
mkdir ${HOME}/.config
mkdir ${HOME}/.config/dconf
whitelist ${HOME}/.config/dconf
mkdir ${HOME}/.config
mkdir ${HOME}/.config/telepathy-account-widgets
whitelist ${HOME}/.config/telepathy-account-widgets
mkdir ${HOME}/.cache
mkdir ${HOME}/.cache/telepathy
whitelist ${HOME}/.cache/telepathy
mkdir ${HOME}/.purple
whitelist ${HOME}/.purple
include /etc/firejail/whitelist-common.inc
caps.drop all

6
etc/seamonkey-bin.profile
View file

@ -12,7 +12,12 @@ netfilter
tracelog
noroot
whitelist ${DOWNLOADS}
mkdir ~/.mozilla
mkdir ~/.mozilla/seamonkey
whitelist ~/.mozilla/seamonkey
mkdir ~/.cache
mkdir ~/.cache/mozilla
mkdir ~/.cache/mozilla/seamonkey
whitelist ~/.cache/mozilla/seamonkey
whitelist ~/dwhelper
whitelist ~/.zotero
@ -24,6 +29,7 @@ whitelist ~/.pentadactyl
whitelist ~/.keysnail.js
whitelist ~/.config/gnome-mplayer
whitelist ~/.cache/gnome-mplayer/plugin
mkdir ~/.pki
whitelist ~/.pki
include /etc/firejail/whitelist-common.inc

7
etc/spotify.profile
View file

@ -7,8 +7,15 @@ include /etc/firejail/disable-devel.inc
# Whitelist the folders needed by Spotify - This is more restrictive
# than a blacklist though, but this is all spotify requires for
# streaming audio
mkdir ${HOME}/.config
mkdir ${HOME}/.config/spotify
whitelist ${HOME}/.config/spotify
mkdir ${HOME}/.local
mkdir ${HOME}/.local/share
mkdir ${HOME}/.local/share/spotify
whitelist ${HOME}/.local/share/spotify
mkdir ${HOME}/.cache
mkdir ${HOME}/.cache/spotify
whitelist ${HOME}/.cache/spotify
include /etc/firejail/whitelist-common.inc

1
etc/telegram.profile
View file

@ -12,4 +12,5 @@ protocol unix,inet,inet6
noroot
whitelist ~/Downloads/Telegram Desktop
mkdir ${HOME}/.TelegramDesktop
whitelist ~/.TelegramDesktop

2
etc/uget-gtk.profile
View file

@ -10,5 +10,7 @@ protocol unix,inet,inet6
netfilter
noroot
whitelist ${DOWNLOADS}
mkdir ~/.config
mkdir ~/.config/uGet
whitelist ~/.config/uGet
include /etc/firejail/whitelist-common.inc

2
src/firejail/fs_mkdir.c
View file

@ -57,7 +57,7 @@ void fs_mkdir(const char *name) {
errExit("setuid/getuid");
// create directory
if (mkdir(expanded, 0755) == -1)
if (mkdir(expanded, 0700) == -1)
fprintf(stderr, "Warning: cannot create %s directory\n", expanded);
exit(0);
}