github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 22:01:33 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

Restrict /usr/libexec

Browse source
This commit is contained in:
rusty-snake 2021-05-19 12:00:23 +02:00
parent 0fd1534952
commit 459a186b22
24 changed files with 40 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/profile-a-l/0ad.profile
View file

@ -10,6 +10,8 @@ noblacklist ${HOME}/.cache/0ad
noblacklist ${HOME}/.config/0ad
noblacklist ${HOME}/.local/share/0ad
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

1
etc/profile-a-l/apostrophe.profile
View file

@ -31,6 +31,7 @@ include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
whitelist /usr/libexec/webkit2gtk-4.0
whitelist /usr/share/apostrophe
whitelist /usr/share/texlive
whitelist /usr/share/texmf

1
etc/profile-a-l/bijiben.profile
View file

@ -20,6 +20,7 @@ include disable-xdg.inc
mkdir ${HOME}/.local/share/bijiben
whitelist ${HOME}/.local/share/bijiben
whitelist ${HOME}/.cache/tracker
whitelist /usr/libexec/webkit2gtk-4.0
whitelist /usr/share/bijiben
whitelist /usr/share/tracker
whitelist /usr/share/tracker3

2
etc/profile-a-l/celluloid.profile
View file

@ -17,6 +17,8 @@ include allow-lua.inc
include allow-python2.inc
include allow-python3.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-a-l/chromium-browser-privacy.profile
View file

@ -6,6 +6,8 @@ include chromium-browser-privacy.local
noblacklist ${HOME}/.cache/ungoogled-chromium
noblacklist ${HOME}/.config/ungoogled-chromium
blacklist /usr/libexec
mkdir ${HOME}/.cache/ungoogled-chromium
mkdir ${HOME}/.config/ungoogled-chromium
whitelist ${HOME}/.cache/ungoogled-chromium

2
etc/profile-a-l/eo-common.profile
View file

@ -11,6 +11,8 @@ noblacklist ${HOME}/.local/share/Trash
noblacklist ${HOME}/.Steam
noblacklist ${HOME}/.steam
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-a-l/etr.profile
View file

@ -8,6 +8,8 @@ include globals.local
noblacklist ${HOME}/.etr
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-a-l/evince.profile
View file

@ -13,6 +13,8 @@ include globals.local
noblacklist ${HOME}/.config/evince
noblacklist ${DOCUMENTS}
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

1
etc/profile-a-l/file-roller.profile
View file

@ -13,6 +13,7 @@ include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
whitelist /usr/libexec/file-roller
whitelist /usr/share/file-roller
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc

2
etc/profile-a-l/firefox.profile
View file

@ -17,6 +17,8 @@ include globals.local
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla
blacklist /usr/libexec
mkdir ${HOME}/.cache/mozilla/firefox
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.cache/mozilla/firefox

1
etc/profile-a-l/frogatto.profile
View file

@ -18,6 +18,7 @@ include disable-xdg.inc
mkdir ${HOME}/.frogatto
whitelist ${HOME}/.frogatto
whitelist /usr/libexec/frogatto
whitelist /usr/share/frogatto
include whitelist-common.inc
include whitelist-runuser-common.inc

1
etc/profile-a-l/gapplication.profile
View file

@ -7,6 +7,7 @@ include gapplication.local
include globals.local
blacklist ${RUNUSER}/wayland-*
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc

1
etc/profile-a-l/gfeeds.profile
View file

@ -31,6 +31,7 @@ whitelist ${HOME}/.cache/gfeeds
whitelist ${HOME}/.cache/org.gabmus.gfeeds
whitelist ${HOME}/.config/org.gabmus.gfeeds.json
whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles
whitelist /usr/libexec/webkit2gtk-4.0
whitelist /usr/share/gfeeds
include whitelist-common.inc
include whitelist-runuser-common.inc

2
etc/profile-a-l/gnome-maps.profile
View file

@ -18,6 +18,8 @@ noblacklist ${HOME}/.local/share/maps-places.json
# Allow gjs (blacklisted by disable-interpreters.inc)
include allow-gjs.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-a-l/gnome-passwordsafe.profile
View file

@ -13,6 +13,8 @@ noblacklist ${HOME}/*.kdbx
# Allow python (blacklisted by disable-interpreters.inc)
include allow-python3.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-a-l/keepassxc.profile
View file

@ -22,6 +22,8 @@ noblacklist ${HOME}/.config/vivaldi
noblacklist ${HOME}/.local/share/torbrowser
noblacklist ${HOME}/.mozilla
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-a-l/libreoffice.profile
View file

@ -14,6 +14,8 @@ noblacklist ${HOME}/.config/libreoffice
# Allow java (blacklisted by disable-devel.inc)
include allow-java.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

1
etc/profile-m-z/marker.profile
View file

@ -25,6 +25,7 @@ include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
whitelist /usr/libexec/webkit2gtk-4.0
whitelist /usr/share/com.github.fabiocolacio.marker
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc

2
etc/profile-m-z/meld.profile
View file

@ -29,6 +29,8 @@ include allow-python3.inc
# Allow ssh (blacklisted by disable-common.inc)
include allow-ssh.inc
blacklist /usr/libexec
# Add the next line to your meld.local if you don't need to compare files in disable-common.inc.
#include disable-common.inc
include disable-devel.inc

2
etc/profile-m-z/mpv.profile
View file

@ -35,6 +35,8 @@ include allow-lua.inc
include allow-python2.inc
include allow-python3.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-m-z/mrrescue.profile
View file

@ -14,6 +14,8 @@ include allow-bin-sh.inc
# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-m-z/pingus.profile
View file

@ -11,6 +11,8 @@ noblacklist ${HOME}/.pingus
# Allow /bin/sh (blacklisted by disable-shell.inc)
include allow-bin-sh.inc
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

2
etc/profile-m-z/supertuxkart.profile
View file

@ -10,6 +10,8 @@ noblacklist ${HOME}/.config/supertuxkart
noblacklist ${HOME}/.cache/supertuxkart
noblacklist ${HOME}/.local/share/supertuxkart
blacklist /usr/libexec
include disable-common.inc
include disable-devel.inc
include disable-exec.inc

1
etc/profile-m-z/yelp.profile
View file

@ -19,6 +19,7 @@ include disable-xdg.inc
mkdir ${HOME}/.config/yelp
whitelist ${HOME}/.config/yelp
whitelist /usr/libexec/webkit2gtk-4.0
whitelist /usr/share/doc
whitelist /usr/share/groff
whitelist /usr/share/help