mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
Unify all profiles
This commit is contained in:
Tad
parent
20fbc19e57
commit
9e3ba319be
332 changed files with 3230 additions and 3639 deletions
|
|
@ -1,28 +1,26 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for 0ad
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/0ad.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/0ad.local
|
||||
|
||||
# Firejail profile for 0ad.
|
||||
noblacklist ~/.cache/0ad
|
||||
noblacklist ~/.config/0ad
|
||||
noblacklist ~/.local/share/0ad
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
# Whitelists
|
||||
mkdir ~/.config/0ad
|
||||
whitelist ~/.config/0ad
|
||||
|
||||
mkdir ~/.local/share/0ad
|
||||
whitelist ~/.local/share/0ad
|
||||
|
||||
mkdir ~/.cache/0ad
|
||||
mkdir ~/.config/0ad
|
||||
mkdir ~/.local/share/0ad
|
||||
whitelist ~/.cache/0ad
|
||||
whitelist ~/.config/0ad
|
||||
whitelist ~/.local/share/0ad
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -35,9 +33,9 @@ seccomp
|
|||
shell none
|
||||
tracelog
|
||||
|
||||
disable-mnt
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,20 +1,19 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for 2048-qt
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/2048-qt.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/2048-qt.local
|
||||
|
||||
noblacklist ~/.config/xiaoyong
|
||||
noblacklist ~/.config/2048-qt
|
||||
noblacklist ~/.config/xiaoyong
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
|
|
@ -25,9 +24,9 @@ protocol unix
|
|||
seccomp
|
||||
shell none
|
||||
|
||||
disable-mnt
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,23 +1,22 @@
|
|||
# Firejail profile for 7z
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/7z.local
|
||||
|
||||
# 7zip crompression tool profile
|
||||
ignore noroot
|
||||
|
||||
include /etc/firejail/default.profile
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
tracelog
|
||||
ignore noroot
|
||||
net none
|
||||
no3d
|
||||
nosound
|
||||
nosound
|
||||
novideo
|
||||
shell none
|
||||
tracelog
|
||||
|
||||
private-dev
|
||||
nosound
|
||||
no3d
|
||||
|
||||
include /etc/firejail/default.profile
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for Cryptocat
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/Cryptocat.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/Cryptocat.local
|
||||
|
||||
# Firejail profile for Cryptocat
|
||||
noblacklist ${HOME}/.config/Cryptocat
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,10 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for cyberfox
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/Cyberfox.local
|
||||
|
||||
# Firejail profile for Cyberfox (based on Mozilla Firefox)
|
||||
|
||||
include /etc/firejail/cyberfox.profile
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for fossamail
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/FossaMail.local
|
||||
|
||||
# Firejail profile for FossaMail
|
||||
include /etc/firejail/fossamail.profile
|
||||
|
|
|
|||
|
|
@ -1,26 +1,25 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for Mathematica
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/Mathematica.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/Mathematica.local
|
||||
|
||||
# Mathematica profile
|
||||
noblacklist ${HOME}/.Mathematica
|
||||
noblacklist ${HOME}/.Wolfram Research
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.Mathematica
|
||||
whitelist ~/.Mathematica
|
||||
mkdir ~/.Wolfram Research
|
||||
whitelist ~/.Mathematica
|
||||
whitelist ~/.Wolfram Research
|
||||
whitelist ~/Documents/Wolfram Mathematica
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
||||
caps.drop all
|
||||
nonewprivs
|
||||
noroot
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for telegram
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/Telegram.local
|
||||
|
||||
# Telegram profile
|
||||
include /etc/firejail/telegram.profile
|
||||
|
|
|
|||
|
|
@ -1,19 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for Thunar
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/Thunar.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/Thunar.local
|
||||
|
||||
# Firejail profile for thunar
|
||||
noblacklist ${HOME}/.local/share/Trash
|
||||
noblacklist ~/.config/Thunar
|
||||
noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
|
||||
noblacklist ${HOME}/.local/share/Trash
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
#include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
# include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for virtualbox
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/VirtualBox.local
|
||||
|
||||
include /etc/firejail/virtualbox.profile
|
||||
|
|
|
|||
|
|
@ -1,10 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for wire
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/Wire.local
|
||||
|
||||
# wire messenger profile
|
||||
|
||||
include /etc/firejail/wire.profile
|
||||
|
|
|
|||
|
|
@ -1,17 +1,39 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for abrowser
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/abrowser.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/abrowser.local
|
||||
|
||||
# Firejail profile for Abrowser
|
||||
noblacklist ~/.mozilla
|
||||
noblacklist ~/.cache/mozilla
|
||||
noblacklist ~/.mozilla
|
||||
noblacklist ~/.pki
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.cache/mozilla/abrowser
|
||||
mkdir ~/.mozilla
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.cache/gnome-mplayer/plugin
|
||||
whitelist ~/.cache/mozilla/abrowser
|
||||
whitelist ~/.config/gnome-mplayer
|
||||
whitelist ~/.config/pipelight-silverlight5.1
|
||||
whitelist ~/.config/pipelight-widevine
|
||||
whitelist ~/.keysnail.js
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.mozilla
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pki
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.wine-pipelight
|
||||
whitelist ~/.wine-pipelight64
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/dwhelper
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -21,30 +43,4 @@ protocol unix,inet,inet6,netlink
|
|||
seccomp
|
||||
tracelog
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.mozilla
|
||||
whitelist ~/.mozilla
|
||||
mkdir ~/.cache/mozilla/abrowser
|
||||
whitelist ~/.cache/mozilla/abrowser
|
||||
whitelist ~/dwhelper
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.keysnail.js
|
||||
whitelist ~/.config/gnome-mplayer
|
||||
whitelist ~/.cache/gnome-mplayer/plugin
|
||||
whitelist ~/.pki
|
||||
whitelist ~/.lastpass
|
||||
|
||||
# silverlight
|
||||
whitelist ~/.wine-pipelight
|
||||
whitelist ~/.wine-pipelight64
|
||||
whitelist ~/.config/pipelight-widevine
|
||||
whitelist ~/.config/pipelight-silverlight5.1
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
# experimental features
|
||||
# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
|
||||
|
|
|
|||
|
|
@ -1,34 +1,35 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
# Firejail profile for akregator
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/akregator.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
noblacklist ${HOME}/.config/akregatorrc
|
||||
noblacklist ${HOME}/.local/share/akregator
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
#nosound
|
||||
novideo
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
shell none
|
||||
|
||||
disable-mnt
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# nosound
|
||||
|
|
|
|||
|
|
@ -1,26 +1,28 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for amarok
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/amarok.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/amarok.local
|
||||
|
||||
# amarok profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
shell none
|
||||
#seccomp
|
||||
protocol unix,inet,inet6
|
||||
shell none
|
||||
|
||||
# private-bin amarok
|
||||
private-dev
|
||||
private-tmp
|
||||
# private-etc none
|
||||
private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# seccomp
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
# Firejail profile for android-studio
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/android-studio.local
|
||||
|
||||
# Firejail profile for Android Studio
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
noblacklist ${HOME}/.AndroidStudio*
|
||||
noblacklist ${HOME}/.android
|
||||
|
|
@ -25,7 +23,6 @@ netfilter
|
|||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
#nosound
|
||||
novideo
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
|
@ -35,3 +32,6 @@ private-dev
|
|||
# private-tmp
|
||||
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# nosound
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
# Firejail profile for apktool
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/apktool.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/apktool.local
|
||||
|
||||
# Firejail profile for apktool
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
|
|
|||
|
|
@ -1,22 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for arduino
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/arduino.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/arduino.local
|
||||
|
||||
# Firejail profile for arduino
|
||||
noblacklist ${HOME}/.arduino15
|
||||
noblacklist ${HOME}/Arduino
|
||||
noblacklist ${HOME}/.java
|
||||
noblacklist ${HOME}/Arduino
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for ark
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/ark.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/ark.local
|
||||
|
||||
# ark profile
|
||||
noblacklist ~/.config/arkrc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -19,11 +18,11 @@ nogroups
|
|||
nonewprivs
|
||||
noroot
|
||||
nosound
|
||||
shell none
|
||||
seccomp
|
||||
protocol unix
|
||||
seccomp
|
||||
shell none
|
||||
|
||||
# private-bin
|
||||
private-dev
|
||||
private-tmp
|
||||
# private-etc
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/arm.local
|
||||
|
||||
# Firejail profile for arm
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/arm.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
noblacklist ${HOME}/.arm
|
||||
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for atom-beta
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/atom-beta.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/atom-beta.local
|
||||
|
||||
# Firejail profile for Atom Beta.
|
||||
noblacklist ~/.atom
|
||||
noblacklist ~/.config/Atom
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for atom
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/atom.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/atom.local
|
||||
|
||||
# Firejail profile for Atom.
|
||||
noblacklist ~/.atom
|
||||
noblacklist ~/.config/Atom
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,18 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for atool
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/atool.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/atool.local
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# atool profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
|
|
@ -20,13 +22,10 @@ nosound
|
|||
novideo
|
||||
protocol unix
|
||||
seccomp
|
||||
no3d
|
||||
shell none
|
||||
tracelog
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# private-bin atool
|
||||
private-tmp
|
||||
private-dev
|
||||
private-etc none
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,17 +1,17 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for atril
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/atril.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/atril.local
|
||||
|
||||
# Atril profile
|
||||
noblacklist ~/.config/atril
|
||||
noblacklist ~/.local/share
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,17 +1,17 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for audacious
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/audacious.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/audacious.local
|
||||
|
||||
# Audacious media player profile
|
||||
noblacklist ~/.config/audacious
|
||||
noblacklist ~/.config/Audaciousrc
|
||||
noblacklist ~/.config/audacious
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for audacity
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/audacity.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/audacity.local
|
||||
|
||||
# Audacity profile
|
||||
noblacklist ~/.audacity-data
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
|
|
@ -14,7 +13,6 @@ include /etc/firejail/disable-passwdmgr.inc
|
|||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,20 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for aweather
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/aweather.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/aweather.local
|
||||
|
||||
# Firejail profile for aweather.
|
||||
noblacklist ~/.config/aweather
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
# Whitelist
|
||||
mkdir ~/.config/aweather
|
||||
whitelist ~/.config/aweather
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for baobab
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/baobab.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/baobab.local
|
||||
|
||||
# Firejail profile for Baobab
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for bibletime
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/bibletime.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/bibletime.local
|
||||
blacklist ~/.Xauthority
|
||||
blacklist ~/.bashrc
|
||||
|
||||
# Firejail profile for BibleTime
|
||||
noblacklist ~/.bibletime
|
||||
noblacklist ~/.config/qt5ct
|
||||
noblacklist ~/.sword
|
||||
|
|
@ -15,13 +17,10 @@ include /etc/firejail/disable-devel.inc
|
|||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
blacklist ~/.bashrc
|
||||
blacklist ~/.Xauthority
|
||||
|
||||
whitelist ${HOME}/.bibletime
|
||||
whitelist ${HOME}/.config/qt5ct
|
||||
whitelist ${HOME}/.sword
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -36,6 +35,6 @@ shell none
|
|||
tracelog
|
||||
|
||||
# private-bin bibletime,qt5ct
|
||||
private-etc fonts,resolv.conf,sword,sword.conf,passwd
|
||||
private-dev
|
||||
private-etc fonts,resolv.conf,sword,sword.conf,passwd
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for bitlbee
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/bitlbee.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/bitlbee.local
|
||||
|
||||
# BitlBee instant messaging profile
|
||||
noblacklist /sbin
|
||||
noblacklist /usr/sbin
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
|
@ -16,16 +16,16 @@ include /etc/firejail/disable-programs.inc
|
|||
netfilter
|
||||
no3d
|
||||
nonewprivs
|
||||
private
|
||||
private-dev
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
nosound
|
||||
novideo
|
||||
read-write /var/lib/bitlbee
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
||||
disable-mnt
|
||||
private
|
||||
private-dev
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
read-write /var/lib/bitlbee
|
||||
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,18 +1,17 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for bleachbit
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/bleachbit.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/bleachbit.local
|
||||
|
||||
# bleachbit profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
# include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
# include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -26,8 +25,8 @@ shell none
|
|||
|
||||
# private-bin
|
||||
# private-dev
|
||||
# private-tmp
|
||||
# private-etc
|
||||
# private-tmp
|
||||
|
||||
memory-deny-write-execute
|
||||
noexec ${HOME}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for blender
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/blender.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/blender.local
|
||||
|
||||
noblacklist ~/.config/blender
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,26 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for bless
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/bless.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/bless.local
|
||||
|
||||
#
|
||||
#Profile for bless
|
||||
#
|
||||
|
||||
#No Blacklist Paths
|
||||
noblacklist ${HOME}/.config/bless
|
||||
|
||||
#Blacklist Paths
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
#Options
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,20 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for brasero
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/brasero.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/brasero.local
|
||||
|
||||
# brasero profile
|
||||
noblacklist ~/.config/brasero
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
|
|
|
|||
|
|
@ -1,24 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for caja
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/caja.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/caja.local
|
||||
|
||||
# Caja profile for Firejail
|
||||
|
||||
# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
|
||||
# is already a caja process running on MATE desktops firejail will have no effect.
|
||||
|
||||
noblacklist ~/.config/caja
|
||||
noblacklist ~/.local/share/caja-python
|
||||
noblacklist ~/.local/share/Trash
|
||||
noblacklist ~/.local/share/caja-python
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
# caja needs to be able to start arbitrary applications so we cannot blacklist their files
|
||||
#include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
# include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -31,6 +25,11 @@ shell none
|
|||
tracelog
|
||||
|
||||
# private-bin caja
|
||||
# private-tmp
|
||||
# private-dev
|
||||
# private-etc fonts
|
||||
# private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
|
||||
# caja needs to be able to start arbitrary applications so we cannot blacklist their files
|
||||
# is already a caja process running on MATE desktops firejail will have no effect.
|
||||
|
|
|
|||
|
|
@ -1,20 +1,19 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for calibre
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/calibre.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/calibre.local
|
||||
|
||||
noblacklist ~/.config/calibre
|
||||
noblacklist ~/.cache/calibre
|
||||
noblacklist ~/.config/calibre
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,15 +1,12 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for catfish
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/catfish.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/catfish.local
|
||||
|
||||
# Firejail profile for catfish
|
||||
noblacklist ~/.config/catfish
|
||||
|
||||
# We can't blacklist much since catfish
|
||||
# is for finding files/content
|
||||
include /etc/firejail/disable-devel.inc
|
||||
|
||||
caps.drop all
|
||||
|
|
@ -25,8 +22,12 @@ seccomp
|
|||
shell none
|
||||
tracelog
|
||||
|
||||
# These options work but are disabled in case
|
||||
# a users wants to search in these directories.
|
||||
# private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m
|
||||
# private-dev
|
||||
# private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# These options work but are disabled in case
|
||||
# We can't blacklist much since catfish
|
||||
# a users wants to search in these directories.
|
||||
# is for finding files/content
|
||||
|
|
|
|||
|
|
@ -1,22 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for cherrytree
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/cherrytree.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/cherrytree.local
|
||||
|
||||
# cherrytree note taking application
|
||||
noblacklist ${HOME}/.config/cherrytree
|
||||
noblacklist /usr/bin/python2*
|
||||
noblacklist /usr/lib/python3*
|
||||
noblacklist ${HOME}/.config/cherrytree
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -34,3 +32,6 @@ private-tmp
|
|||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# cherrytree note taking application
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for chromium
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/chromium-browser.local
|
||||
|
||||
# Chromium browser profile
|
||||
include /etc/firejail/chromium.profile
|
||||
|
|
|
|||
|
|
@ -1,41 +1,41 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for chromium
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/chromium.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/chromium.local
|
||||
|
||||
# Chromium browser profile
|
||||
noblacklist ~/.config/chromium
|
||||
noblacklist ~/.cache/chromium
|
||||
noblacklist ~/.pki
|
||||
# specific to Arch
|
||||
noblacklist ~/.config/chromium
|
||||
noblacklist ~/.config/chromium-flags.conf
|
||||
noblacklist ~/.pki
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
# chromium is distributed with a perl script on Arch
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.config/chromium
|
||||
whitelist ~/.config/chromium
|
||||
mkdir ~/.cache/chromium
|
||||
whitelist ~/.cache/chromium
|
||||
mkdir ~/.config/chromium
|
||||
mkdir ~/.pki
|
||||
whitelist ~/.pki
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.cache/chromium
|
||||
whitelist ~/.config/chromium
|
||||
whitelist ~/.config/chromium-flags.conf
|
||||
|
||||
whitelist ~/.pki
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.keep sys_chroot,sys_admin
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
nogroups
|
||||
shell none
|
||||
|
||||
private-dev
|
||||
# private-tmp - problems with multiple browser sessions
|
||||
#disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# chromium is distributed with a perl script on Arch
|
||||
# disable-mnt
|
||||
# specific to Arch
|
||||
|
|
|
|||
|
|
@ -1,25 +1,24 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for claws-mail
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/claws-mail.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/claws-mail.local
|
||||
|
||||
# claws-mail profile
|
||||
noblacklist ~/.claws-mail
|
||||
noblacklist ~/.signature
|
||||
noblacklist ~/.gnupg
|
||||
noblacklist ~/.signature
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
nogroups
|
||||
nosound
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
|
|
|||
|
|
@ -1,20 +1,22 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for clementine
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/clementine.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/clementine.local
|
||||
|
||||
# Clementine media player profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
nonewprivs
|
||||
noroot
|
||||
novideo
|
||||
protocol unix,inet,inet6
|
||||
# Clementine makes ioprio_set system calls, which are blacklisted by default.
|
||||
seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# Clementine makes ioprio_set system calls, which are blacklisted by default.
|
||||
|
|
|
|||
|
|
@ -1,16 +1,17 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for clipit
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/clipit.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/clipit.local
|
||||
|
||||
noblacklist ${HOME}/.local/share/clipit
|
||||
noblacklist ${HOME}/.config/clipit
|
||||
noblacklist ${HOME}/.local/share/clipit
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -24,9 +25,9 @@ protocol unix
|
|||
seccomp
|
||||
shell none
|
||||
|
||||
disable-mnt
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for cmus
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/cmus.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/cmus.local
|
||||
|
||||
# cmus profile
|
||||
noblacklist ${HOME}/.config/cmus
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -19,7 +18,7 @@ nonewprivs
|
|||
noroot
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
shell none
|
||||
|
||||
private-bin cmus
|
||||
private-etc group
|
||||
shell none
|
||||
|
|
|
|||
|
|
@ -1,31 +1,31 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for conkeror
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/conkeror.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/conkeror.local
|
||||
|
||||
# Firejail profile for Conkeror web browser profile
|
||||
noblacklist ${HOME}/.conkeror.mozdev.org
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
whitelist ~/.conkeror.mozdev.org
|
||||
whitelist ~/.conkerorrc
|
||||
whitelist ~/.gtkrc-2.0
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/Downloads
|
||||
whitelist ~/dwhelper
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nonewprivs
|
||||
noroot
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
||||
whitelist ~/.conkeror.mozdev.org
|
||||
whitelist ~/Downloads
|
||||
whitelist ~/dwhelper
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.gtkrc-2.0
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.conkerorrc
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for corebird
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/corebird.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/corebird.local
|
||||
|
||||
# Firejail corebird profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,28 +1,31 @@
|
|||
# Firejail profile for cpio
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/cpio.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/cpio.local
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# cpio profile
|
||||
# /sbin and /usr/sbin are visible inside the sandbox
|
||||
# /boot is not visible and /var is heavily modified
|
||||
noblacklist /sbin
|
||||
noblacklist /usr/sbin
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
||||
private-dev
|
||||
seccomp
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
net none
|
||||
no3d
|
||||
nosound
|
||||
seccomp
|
||||
shell none
|
||||
tracelog
|
||||
net none
|
||||
nosound
|
||||
no3d
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
private-dev
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# /boot is not visible and /var is heavily modified
|
||||
# /sbin and /usr/sbin are visible inside the sandbox
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for Cryptocat
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/cryptocat.local
|
||||
|
||||
include /etc/Cryptocat.profile
|
||||
|
|
|
|||
|
|
@ -1,19 +1,20 @@
|
|||
# Firejail profile for curl
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/curl.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/curl.local
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# curl profile
|
||||
noblacklist ~/.curlrc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -24,8 +25,6 @@ protocol unix,inet,inet6
|
|||
seccomp
|
||||
shell none
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# private-bin curl
|
||||
private-dev
|
||||
# private-etc resolv.conf
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for cvlc
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/cvlc.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/vlc.local
|
||||
|
||||
# Firejail profile for CVLC
|
||||
noblacklist ${HOME}/.config/vlc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -23,9 +22,11 @@ seccomp
|
|||
shell none
|
||||
tracelog
|
||||
|
||||
# clvc doesn't like private-bin
|
||||
# private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
|
||||
private-dev
|
||||
private-tmp
|
||||
|
||||
memory-deny-write-execute
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# clvc doesn't like private-bin
|
||||
|
|
|
|||
|
|
@ -1,28 +1,56 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for cyberfox
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/cyberfox.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/cyberfox.local
|
||||
|
||||
# Firejail profile for Cyberfox (based on Mozilla Firefox)
|
||||
noblacklist ~/.8pecxstudios
|
||||
noblacklist ~/.cache/8pecxstudios
|
||||
noblacklist ~/.config/qpdfview
|
||||
noblacklist ~/.local/share/qpdfview
|
||||
noblacklist ~/.kde4/share/apps/okular
|
||||
noblacklist ~/.kde/share/apps/okular
|
||||
noblacklist ~/.local/share/okular
|
||||
noblacklist ~/.config/okularpartrc
|
||||
noblacklist ~/.config/okularrc
|
||||
noblacklist ~/.config/qpdfview
|
||||
noblacklist ~/.kde/share/apps/okular
|
||||
noblacklist ~/.kde4/share/apps/okular
|
||||
noblacklist ~/.local/share/okular
|
||||
noblacklist ~/.local/share/qpdfview
|
||||
noblacklist ~/.pki
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.8pecxstudios
|
||||
mkdir ~/.cache/8pecxstudios
|
||||
mkdir ~/.pki
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.8pecxstudios
|
||||
whitelist ~/.cache/8pecxstudios
|
||||
whitelist ~/.cache/gnome-mplayer/plugin
|
||||
whitelist ~/.config/gnome-mplayer
|
||||
whitelist ~/.config/okularpartrc
|
||||
whitelist ~/.config/okularrc
|
||||
whitelist ~/.config/pipelight-silverlight5.1
|
||||
whitelist ~/.config/pipelight-widevine
|
||||
whitelist ~/.config/qpdfview
|
||||
whitelist ~/.kde/share/apps/okular
|
||||
whitelist ~/.kde4/share/apps/okular
|
||||
whitelist ~/.keysnail.js
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.local/share/okular
|
||||
whitelist ~/.local/share/qpdfview
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pki
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.wine-pipelight
|
||||
whitelist ~/.wine-pipelight64
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/dwhelper
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
# ipc-namespace crashes cyberfox on some setups
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
|
|
@ -32,44 +60,10 @@ seccomp
|
|||
shell none
|
||||
tracelog
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.8pecxstudios
|
||||
whitelist ~/.8pecxstudios
|
||||
mkdir ~/.cache/8pecxstudios
|
||||
whitelist ~/.cache/8pecxstudios
|
||||
whitelist ~/dwhelper
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.keysnail.js
|
||||
whitelist ~/.config/gnome-mplayer
|
||||
whitelist ~/.cache/gnome-mplayer/plugin
|
||||
mkdir ~/.pki
|
||||
whitelist ~/.pki
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.config/qpdfview
|
||||
whitelist ~/.local/share/qpdfview
|
||||
whitelist ~/.config/okularrc
|
||||
whitelist ~/.config/okularpartrc
|
||||
whitelist ~/.kde4/share/apps/okular
|
||||
whitelist ~/.kde/share/apps/okular
|
||||
whitelist ~/.local/share/okular
|
||||
|
||||
# silverlight
|
||||
whitelist ~/.wine-pipelight
|
||||
whitelist ~/.wine-pipelight64
|
||||
whitelist ~/.config/pipelight-widevine
|
||||
whitelist ~/.config/pipelight-silverlight5.1
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
# experimental features
|
||||
# private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
|
||||
#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
|
||||
# private-dev might prevent video calls going out
|
||||
private-dev
|
||||
# private-dev might prevent video calls going out
|
||||
# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
|
||||
private-tmp
|
||||
|
||||
noexec ${HOME}
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
# Firejail profile for darktable
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/darktable.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
noblacklist ~/.cache/darktable
|
||||
noblacklist ~/.config/darktable
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
|
|
|
|||
|
|
@ -1,20 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for deadbeef
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/deadbeef.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/deadbeef.local
|
||||
|
||||
# DeaDBeeF media player profile
|
||||
noblacklist ${HOME}/.config/deadbeef
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,22 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for deluge
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/deluge.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/deluge.local
|
||||
|
||||
# deluge bittorrent client profile
|
||||
noblacklist ${HOME}/.config/deluge
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
# deluge is using python on Debian
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ${HOME}/.config/deluge
|
||||
whitelist ${HOME}/.config/deluge
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ${HOME}/.config/deluge
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
|
|
@ -27,8 +25,11 @@ nosound
|
|||
novideo
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
||||
shell none
|
||||
|
||||
# private-bin deluge,sh,python,uname
|
||||
private-dev
|
||||
private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# deluge is using python on Debian
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
# Firejail profile for dex2jar
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dex2jar.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dex2jar.local
|
||||
|
||||
# Firejail profile for dex2jar
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
|
|
|||
|
|
@ -1,15 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dia
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dia.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dia.local
|
||||
|
||||
noblacklist ~/.dia
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -23,9 +24,9 @@ protocol unix
|
|||
seccomp
|
||||
shell none
|
||||
|
||||
disable-mnt
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,36 +1,35 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for digikam
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/digikam.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/digikam.local
|
||||
|
||||
noblacklist ${HOME}/.kde4/share/apps/digikam
|
||||
noblacklist ${HOME}/.kde/share/apps/digikam
|
||||
noblacklist ${HOME}/.config/digikamrc
|
||||
noblacklist ${HOME}/.kde/share/apps/digikam
|
||||
noblacklist ${HOME}/.kde4/share/apps/digikam
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
protocol unix,inet,inet6,netlink
|
||||
|
||||
# This is a seccomp whitelist profile for Debian jessie, Kubuntu 17.04.
|
||||
# Uncomment seccomp.keep line and try it out. By default only the regular seccomp blacklist profile is enabled.
|
||||
#seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group
|
||||
seccomp
|
||||
|
||||
nogroups
|
||||
shell none
|
||||
|
||||
# private-bin program
|
||||
# private-etc none
|
||||
# private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device
|
||||
# private-etc none
|
||||
private-tmp
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group
|
||||
|
|
|
|||
|
|
@ -1,16 +1,23 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dillo
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dillo.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dillo.local
|
||||
|
||||
# Firejail profile for Dillo web browser
|
||||
noblacklist ~/.dillo
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.dillo
|
||||
mkdir ~/.fltk
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.dillo
|
||||
whitelist ~/.fltk
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -19,11 +26,3 @@ noroot
|
|||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
tracelog
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.dillo
|
||||
whitelist ~/.dillo
|
||||
mkdir ~/.fltk
|
||||
whitelist ~/.fltk
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dino
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dino.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dino.local
|
||||
|
||||
# Firejail profile for Dino
|
||||
noblacklist ${HOME}/.local/share/dino
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
|
|
@ -13,13 +12,12 @@ include /etc/firejail/disable-devel.inc
|
|||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
whitelist ${HOME}/Downloads
|
||||
mkdir ${HOME}/.local/share/dino
|
||||
whitelist ${HOME}/.local/share/dino
|
||||
whitelist ${HOME}/Downloads
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -31,11 +29,11 @@ protocol unix,inet,inet6
|
|||
seccomp
|
||||
shell none
|
||||
|
||||
private-bin dino
|
||||
#private-etc fonts #breaks server connection
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
private-bin dino
|
||||
private-dev
|
||||
# private-etc fonts # breaks server connection
|
||||
private-tmp
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,20 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for display
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/display.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/display.local
|
||||
|
||||
# display (ImageMagick tool) image viewer profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
nonewprivs
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
nosound
|
||||
protocol unix
|
||||
|
|
@ -23,6 +23,6 @@ shell none
|
|||
x11 xorg
|
||||
|
||||
private-bin display
|
||||
private-tmp
|
||||
private-dev
|
||||
private-etc none
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,20 +1,21 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dnscrypt-proxy
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dnscrypt-proxy.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dnscrypt-proxy.local
|
||||
|
||||
# security profile for dnscrypt-proxy
|
||||
noblacklist /sbin
|
||||
noblacklist /usr/sbin
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
no3d
|
||||
nosound
|
||||
seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
|
||||
|
||||
private
|
||||
private-dev
|
||||
nosound
|
||||
no3d
|
||||
seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
|
||||
|
|
|
|||
|
|
@ -1,26 +1,26 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dnsmasq
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dnsmasq.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dnsmasq.local
|
||||
|
||||
# dnsmasq profile
|
||||
noblacklist /sbin
|
||||
noblacklist /usr/sbin
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps
|
||||
netfilter
|
||||
nonewprivs
|
||||
private
|
||||
private-dev
|
||||
nosound
|
||||
no3d
|
||||
nonewprivs
|
||||
nosound
|
||||
protocol unix,inet,inet6,netlink
|
||||
seccomp
|
||||
|
||||
disable-mnt
|
||||
private
|
||||
private-dev
|
||||
|
|
|
|||
|
|
@ -1,34 +1,33 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dolphin
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dolphin.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dolphin.local
|
||||
|
||||
# dolphin profile
|
||||
|
||||
# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
|
||||
|
||||
noblacklist ${HOME}/.local/share/Trash
|
||||
noblacklist ~/.config/dolphinrc
|
||||
noblacklist ~/.local/share/dolphin
|
||||
noblacklist ${HOME}/.local/share/Trash
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
|
||||
#include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
# include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
shell none
|
||||
seccomp
|
||||
protocol unix
|
||||
seccomp
|
||||
shell none
|
||||
|
||||
# private-bin
|
||||
# private-dev
|
||||
# private-tmp
|
||||
# private-etc
|
||||
# private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
|
||||
# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dosbox
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dosbox.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dosbox.local
|
||||
|
||||
# Firejail profile for dosbox
|
||||
noblacklist ~/.dosbox
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dragon
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dragon.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dragon.local
|
||||
|
||||
# dragon player profile
|
||||
noblacklist ~/.config/dragonplayerrc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -19,14 +18,14 @@ nogroups
|
|||
nonewprivs
|
||||
noroot
|
||||
novideo
|
||||
shell none
|
||||
seccomp
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
shell none
|
||||
|
||||
private-bin dragon
|
||||
private-dev
|
||||
private-tmp
|
||||
# private-etc
|
||||
private-tmp
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
|
|
@ -1,27 +1,27 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for dropbox
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/dropbox.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/dropbox.local
|
||||
|
||||
# dropbox profile
|
||||
noblacklist ~/.config/autostart
|
||||
noblacklist ~/.dropbox-dist
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/Dropbox
|
||||
whitelist ~/Dropbox
|
||||
mkdir ~/.dropbox
|
||||
whitelist ~/.dropbox
|
||||
mkdir ~/.dropbox-dist
|
||||
whitelist ~/.dropbox-dist
|
||||
|
||||
mkdir ~/Dropbox
|
||||
mkfile ~/.config/autostart/dropbox.desktop
|
||||
whitelist ~/.config/autostart/dropbox.desktop
|
||||
whitelist ~/.dropbox
|
||||
whitelist ~/.dropbox-dist
|
||||
whitelist ~/Dropbox
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,10 +1,7 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for calibre
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/ebook-viewer.local
|
||||
|
||||
# Firejail profile for ebook-viewer (Calibre)
|
||||
include /etc/firejail/calibre.profile
|
||||
net none
|
||||
|
||||
include /etc/firejail/calibre.profile
|
||||
|
|
|
|||
|
|
@ -1,7 +1,14 @@
|
|||
# Generic Firejail profile for Electron applications.
|
||||
# Firejail profile for electron
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/electron.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,19 +1,21 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for elinks
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/elinks.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/elinks.local
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# elinks profile
|
||||
noblacklist ~/.elinks
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
nonewprivs
|
||||
|
|
@ -22,13 +24,10 @@ nosound
|
|||
novideo
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
netfilter
|
||||
shell none
|
||||
tracelog
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# private-bin elinks
|
||||
private-tmp
|
||||
private-dev
|
||||
# private-etc none
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,23 +1,21 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for emacs
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/emacs.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/emacs.local
|
||||
|
||||
# emacs profile
|
||||
noblacklist ~/.emacs
|
||||
noblacklist ~/.emacs.d
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
nogroups
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for empathy
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/empathy.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/empathy.local
|
||||
|
||||
# Empathy instant messaging profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
nonewprivs
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for enchant
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/enchant.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/enchant.local
|
||||
|
||||
# enchant profile
|
||||
noblacklist ~/.config/enchant
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -25,6 +24,6 @@ shell none
|
|||
tracelog
|
||||
|
||||
# private-bin enchant
|
||||
# private-tmp
|
||||
# private-dev
|
||||
# private-etc fonts
|
||||
# private-tmp
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for engrampa
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/engrampa.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/engrampa.local
|
||||
|
||||
# engrampa profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -24,6 +24,6 @@ shell none
|
|||
tracelog
|
||||
|
||||
# private-bin engrampa
|
||||
# private-tmp
|
||||
private-dev
|
||||
# private-etc fonts
|
||||
# private-tmp
|
||||
|
|
|
|||
|
|
@ -1,23 +1,21 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for eog
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/eog.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/eog.local
|
||||
|
||||
# eog (gnome image viewer) profile
|
||||
noblacklist ~/.config/eog
|
||||
noblacklist ~/.Steam
|
||||
noblacklist ~/.steam
|
||||
noblacklist ~/.config/eog
|
||||
noblacklist ~/.local/share/Trash
|
||||
noblacklist ~/.steam
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,20 +1,19 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for eom
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/eom.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/eom.local
|
||||
|
||||
# Firejail profile for Eye of Mate (eom)
|
||||
noblacklist ~/.config/mate/eom
|
||||
noblacklist ~/.Steam
|
||||
noblacklist ~/.steam
|
||||
noblacklist ~/.config/mate/eom
|
||||
noblacklist ~/.local/share/Trash
|
||||
noblacklist ~/.steam
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,26 +1,25 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for epiphany
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/epiphany.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/epiphany.local
|
||||
|
||||
# Epiphany browser profile
|
||||
noblacklist ${HOME}/.cache/epiphany
|
||||
noblacklist ${HOME}/.config/epiphany
|
||||
noblacklist ${HOME}/.local/share/epiphany
|
||||
noblacklist ${HOME}/.cache/epiphany
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ${HOME}/.local/share/epiphany
|
||||
whitelist ${HOME}/.local/share/epiphany
|
||||
mkdir ${HOME}/.config/epiphany
|
||||
whitelist ${HOME}/.config/epiphany
|
||||
mkdir ${HOME}/.cache/epiphany
|
||||
mkdir ${HOME}/.config/epiphany
|
||||
mkdir ${HOME}/.local/share/epiphany
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ${HOME}/.cache/epiphany
|
||||
whitelist ${HOME}/.config/epiphany
|
||||
whitelist ${HOME}/.local/share/epiphany
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
|
|
|
|||
|
|
@ -1,41 +1,34 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for etr
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/etr.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/etr.local
|
||||
|
||||
################################
|
||||
# Extreme Tux Racer profile
|
||||
################################
|
||||
|
||||
noblacklist ~/.etr
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.etr
|
||||
whitelist ~/.etr
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
protocol unix,netlink
|
||||
seccomp
|
||||
|
||||
#
|
||||
# depending on your usage, you can enable some of the commands below:
|
||||
#
|
||||
net none
|
||||
nogroups
|
||||
shell none
|
||||
|
||||
# private-bin etr
|
||||
# private-etc none
|
||||
private-dev
|
||||
# private-etc none
|
||||
private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# depending on your usage, you can enable some of the commands below:
|
||||
# nosound
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,20 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for evince
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/evince.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/evince.local
|
||||
|
||||
# evince pdf reader profile
|
||||
noblacklist ~/.config/evince
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -30,9 +28,11 @@ tracelog
|
|||
private-bin evince,evince-previewer,evince-thumbnailer
|
||||
private-dev
|
||||
private-etc fonts
|
||||
# evince needs access to /tmp/mozilla* to work in firefox
|
||||
# private-tmp
|
||||
|
||||
memory-deny-write-execute
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# evince needs access to /tmp/mozilla* to work in firefox
|
||||
|
|
|
|||
|
|
@ -1,29 +1,26 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for evolution
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/evolution.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/evolution.local
|
||||
|
||||
# evolution profile
|
||||
noblacklist ~/.config/evolution
|
||||
noblacklist ~/.local/share/evolution
|
||||
noblacklist /var/mail
|
||||
noblacklist /var/spool/mail
|
||||
noblacklist ~/.bogofilter
|
||||
noblacklist ~/.cache/evolution
|
||||
noblacklist ~/.config/evolution
|
||||
noblacklist ~/.gnupg
|
||||
noblacklist ~/.local/share/evolution
|
||||
noblacklist ~/.pki
|
||||
noblacklist ~/.pki/nssdb
|
||||
noblacklist ~/.gnupg
|
||||
noblacklist ~/.bogofilter
|
||||
|
||||
noblacklist /var/spool/mail
|
||||
noblacklist /var/mail
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
no3d
|
||||
nogroups
|
||||
|
|
|
|||
|
|
@ -1,36 +1,35 @@
|
|||
# Firejail profile for exiftool
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/exiftool.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/exiftool.local
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# exiftool profile
|
||||
noblacklist /usr/bin/perl
|
||||
noblacklist /usr/share/perl*
|
||||
noblacklist /usr/lib/perl*
|
||||
noblacklist /usr/share/perl*
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
nosound
|
||||
protocol unix
|
||||
seccomp
|
||||
no3d
|
||||
shell none
|
||||
tracelog
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# private-bin exiftool,perl
|
||||
private-tmp
|
||||
private-dev
|
||||
private-etc none
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for fbreader
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/fbreader.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/fbreader.local
|
||||
|
||||
# fbreader ebook reader profile
|
||||
noblacklist ${HOME}/.FBReader
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -20,8 +19,8 @@ noroot
|
|||
nosound
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
||||
shell none
|
||||
|
||||
private-bin fbreader,FBReader
|
||||
private-dev
|
||||
private-tmp
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for feh
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/feh.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/feh.local
|
||||
|
||||
# feh image viewer profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
|
|
|
|||
|
|
@ -1,18 +1,17 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for file-roller
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/file-roller.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/file-roller.local
|
||||
|
||||
# file-roller profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -26,9 +25,9 @@ shell none
|
|||
tracelog
|
||||
|
||||
# private-bin file-roller
|
||||
# private-tmp
|
||||
private-dev
|
||||
# private-etc fonts
|
||||
# private-tmp
|
||||
|
||||
memory-deny-write-execute
|
||||
noexec ${HOME}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,16 @@
|
|||
# Firejail profile for file
|
||||
# This file is overwritten after every install/update
|
||||
quiet
|
||||
# Persistent global definitions go here
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/file.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/file.local
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
# file profile
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
hostname file
|
||||
|
|
@ -17,7 +18,6 @@ net none
|
|||
no3d
|
||||
nogroups
|
||||
nonewprivs
|
||||
#noroot
|
||||
nosound
|
||||
protocol unix
|
||||
seccomp
|
||||
|
|
@ -25,8 +25,9 @@ shell none
|
|||
tracelog
|
||||
x11 none
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
private-dev
|
||||
private-bin file
|
||||
private-dev
|
||||
private-etc magic.mgc,magic,localtime
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# noroot
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for filezilla
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/filezilla.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/filezilla.local
|
||||
|
||||
# FileZilla ftp profile
|
||||
noblacklist ${HOME}/.filezilla
|
||||
noblacklist ${HOME}/.config/filezilla
|
||||
noblacklist ${HOME}/.filezilla
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for firefox-esr
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/firefox-esr.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/firefox-esr.local
|
||||
|
||||
# Firejail profile for Mozilla Firefox ESR
|
||||
include /etc/firejail/firefox.profile
|
||||
|
|
|
|||
|
|
@ -1,28 +1,56 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for firefox
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/firefox.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/firefox.local
|
||||
|
||||
# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
|
||||
noblacklist ~/.mozilla
|
||||
noblacklist ~/.cache/mozilla
|
||||
noblacklist ~/.config/qpdfview
|
||||
noblacklist ~/.local/share/qpdfview
|
||||
noblacklist ~/.kde4/share/apps/okular
|
||||
noblacklist ~/.kde/share/apps/okular
|
||||
noblacklist ~/.local/share/okular
|
||||
noblacklist ~/.config/okularpartrc
|
||||
noblacklist ~/.config/okularrc
|
||||
noblacklist ~/.config/qpdfview
|
||||
noblacklist ~/.kde/share/apps/okular
|
||||
noblacklist ~/.kde4/share/apps/okular
|
||||
noblacklist ~/.local/share/okular
|
||||
noblacklist ~/.local/share/qpdfview
|
||||
noblacklist ~/.mozilla
|
||||
noblacklist ~/.pki
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.cache/mozilla/firefox
|
||||
mkdir ~/.mozilla
|
||||
mkdir ~/.pki
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.cache/gnome-mplayer/plugin
|
||||
whitelist ~/.cache/mozilla/firefox
|
||||
whitelist ~/.config/gnome-mplayer
|
||||
whitelist ~/.config/okularpartrc
|
||||
whitelist ~/.config/okularrc
|
||||
whitelist ~/.config/pipelight-silverlight5.1
|
||||
whitelist ~/.config/pipelight-widevine
|
||||
whitelist ~/.config/qpdfview
|
||||
whitelist ~/.kde/share/apps/okular
|
||||
whitelist ~/.kde4/share/apps/okular
|
||||
whitelist ~/.keysnail.js
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.local/share/okular
|
||||
whitelist ~/.local/share/qpdfview
|
||||
whitelist ~/.mozilla
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pki
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.wine-pipelight
|
||||
whitelist ~/.wine-pipelight64
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/dwhelper
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
# ipc-namespace crashes firefox on some setups
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
|
|
@ -32,46 +60,14 @@ seccomp
|
|||
shell none
|
||||
tracelog
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.mozilla
|
||||
whitelist ~/.mozilla
|
||||
mkdir ~/.cache/mozilla/firefox
|
||||
whitelist ~/.cache/mozilla/firefox
|
||||
whitelist ~/dwhelper
|
||||
whitelist ~/.zotero
|
||||
whitelist ~/.vimperatorrc
|
||||
whitelist ~/.vimperator
|
||||
whitelist ~/.pentadactylrc
|
||||
whitelist ~/.pentadactyl
|
||||
whitelist ~/.keysnail.js
|
||||
whitelist ~/.config/gnome-mplayer
|
||||
whitelist ~/.cache/gnome-mplayer/plugin
|
||||
mkdir ~/.pki
|
||||
whitelist ~/.pki
|
||||
whitelist ~/.lastpass
|
||||
whitelist ~/.config/qpdfview
|
||||
whitelist ~/.local/share/qpdfview
|
||||
whitelist ~/.config/okularrc
|
||||
whitelist ~/.config/okularpartrc
|
||||
whitelist ~/.kde4/share/apps/okular
|
||||
whitelist ~/.kde/share/apps/okular
|
||||
whitelist ~/.local/share/okular
|
||||
|
||||
# silverlight
|
||||
whitelist ~/.wine-pipelight
|
||||
whitelist ~/.wine-pipelight64
|
||||
whitelist ~/.config/pipelight-widevine
|
||||
whitelist ~/.config/pipelight-silverlight5.1
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
# experimental features
|
||||
# private-bin firefox,which,sh,dbus-launch,dbus-send,env
|
||||
#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
|
||||
# private-dev might prevent video calls going out
|
||||
private-dev
|
||||
# private-dev might prevent video calls going out
|
||||
# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
|
||||
private-tmp
|
||||
#disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# disable-mnt
|
||||
|
|
|
|||
|
|
@ -1,26 +1,26 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for flashpeak-slimjet
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/flashpeak-slimjet.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/flashpeak-slimjet.local
|
||||
|
||||
# SlimJet browser profile
|
||||
# This is a whitelisted profile, the internal browser sandbox
|
||||
# is disabled because it requires sudo password. The command
|
||||
# to run it is as follows:
|
||||
#
|
||||
# firejail flashpeak-slimjet --no-sandbox
|
||||
#
|
||||
noblacklist ~/.config/slimjet
|
||||
noblacklist ~/.cache/slimjet
|
||||
noblacklist ~/.config/slimjet
|
||||
noblacklist ~/.pki
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
# chromium is distributed with a perl script on Arch
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
#
|
||||
mkdir ~/.cache/slimjet
|
||||
mkdir ~/.config/slimjet
|
||||
mkdir ~/.pki
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.cache/slimjet
|
||||
whitelist ~/.config/slimjet
|
||||
whitelist ~/.pki
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -29,12 +29,8 @@ noroot
|
|||
protocol unix,inet,inet6,netlink
|
||||
seccomp
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.config/slimjet
|
||||
whitelist ~/.config/slimjet
|
||||
mkdir ~/.cache/slimjet
|
||||
whitelist ~/.cache/slimjet
|
||||
mkdir ~/.pki
|
||||
whitelist ~/.pki
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
# CLOBBERED COMMENTS
|
||||
# firejail flashpeak-slimjet --no-sandbox
|
||||
# chromium is distributed with a perl script on Arch
|
||||
# is disabled because it requires sudo password. The command
|
||||
# to run it is as follows:
|
||||
|
|
|
|||
|
|
@ -1,18 +1,17 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for flowblade
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/flowblade.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/flowblade.local
|
||||
|
||||
# FlowBlade profile
|
||||
noblacklist ${HOME}/.flowblade
|
||||
noblacklist ${HOME}/.config/flowblade
|
||||
noblacklist ${HOME}/.flowblade
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,16 +1,16 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
# Firejail profile for fontforge
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/fontforge.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
noblacklist ${HOME}/.FontForge
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,22 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for fossamail
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/fossamail.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/fossamail.local
|
||||
|
||||
# Firejail profile for FossaMail
|
||||
|
||||
noblacklist ~/.gnupg
|
||||
mkdir ~/.gnupg
|
||||
whitelist ~/.gnupg
|
||||
|
||||
noblacklist ~/.fossamail
|
||||
mkdir ~/.fossamail
|
||||
whitelist ~/.fossamail
|
||||
|
||||
noblacklist ~/.cache/fossamail
|
||||
noblacklist ~/.fossamail
|
||||
noblacklist ~/.gnupg
|
||||
|
||||
mkdir ~/.cache/fossamail
|
||||
mkdir ~/.fossamail
|
||||
mkdir ~/.gnupg
|
||||
whitelist ~/.cache/fossamail
|
||||
whitelist ~/.fossamail
|
||||
whitelist ~/.gnupg
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
include /etc/firejail/firefox.profile
|
||||
|
|
|
|||
|
|
@ -1,30 +1,28 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for franz
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/franz.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/franz.local
|
||||
|
||||
# Franz profile
|
||||
noblacklist ~/.config/Franz
|
||||
noblacklist ~/.cache/Franz
|
||||
noblacklist ~/.config/Franz
|
||||
noblacklist ~/.pki
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
mkdir ~/.config/Franz
|
||||
whitelist ~/.config/Franz
|
||||
mkdir ~/.cache/Franz
|
||||
whitelist ~/.cache/Franz
|
||||
mkdir ~/.config/Franz
|
||||
mkdir ~/.pki
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ~/.cache/Franz
|
||||
whitelist ~/.config/Franz
|
||||
whitelist ~/.pki
|
||||
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
netfilter
|
||||
nogroups
|
||||
nonewprivs
|
||||
|
|
@ -32,11 +30,13 @@ noroot
|
|||
protocol unix,inet,inet6,netlink
|
||||
seccomp
|
||||
shell none
|
||||
#tracelog
|
||||
|
||||
disable-mnt
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# tracelog
|
||||
|
|
|
|||
|
|
@ -1,38 +1,34 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for frozen-bubble
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/frozen-bubble.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/frozen-bubble.local
|
||||
|
||||
################################
|
||||
# Frozen Bubble profile
|
||||
################################
|
||||
|
||||
noblacklist ~/.frozen-bubble
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.frozen-bubble
|
||||
whitelist ~/.frozen-bubble
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
protocol unix,netlink
|
||||
seccomp
|
||||
|
||||
#
|
||||
# depending on your usage, you can enable some of the commands below:
|
||||
#
|
||||
net none
|
||||
nogroups
|
||||
shell none
|
||||
#private-bin frozen-bubble
|
||||
# private-etc none
|
||||
private-dev
|
||||
private-tmp
|
||||
# nosound
|
||||
|
||||
# private-bin frozen-bubble
|
||||
private-dev
|
||||
# private-etc none
|
||||
private-tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# depending on your usage, you can enable some of the commands below:
|
||||
# nosound
|
||||
|
|
|
|||
|
|
@ -1,34 +1,30 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for gajim
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/gajim.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/gajim.local
|
||||
|
||||
# Firejail profile for Gajim
|
||||
noblacklist ${HOME}/.local/share/gajim
|
||||
noblacklist ${HOME}/.config/gajim
|
||||
noblacklist ${HOME}/.cache/gajim
|
||||
|
||||
mkdir ${HOME}/.cache/gajim
|
||||
mkdir ${HOME}/.local/share/gajim
|
||||
mkdir ${HOME}/.config/gajim
|
||||
mkdir ${HOME}/Downloads
|
||||
|
||||
# Allow the local python 2.7 site packages, in case any plugins are using these
|
||||
mkdir ${HOME}/.local/lib/python2.7/site-packages/
|
||||
whitelist ${HOME}/.local/lib/python2.7/site-packages/
|
||||
read-only ${HOME}/.local/lib/python2.7/site-packages/
|
||||
|
||||
whitelist ${HOME}/.cache/gajim
|
||||
whitelist ${HOME}/.local/share/gajim
|
||||
whitelist ${HOME}/.config/gajim
|
||||
whitelist ${HOME}/Downloads
|
||||
noblacklist ${HOME}/.config/gajim
|
||||
noblacklist ${HOME}/.local/share/gajim
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
|
||||
mkdir ${HOME}/.cache/gajim
|
||||
mkdir ${HOME}/.config/gajim
|
||||
mkdir ${HOME}/.local/lib/python2.7/site-packages/
|
||||
mkdir ${HOME}/.local/share/gajim
|
||||
mkdir ${HOME}/Downloads
|
||||
whitelist ${HOME}/.cache/gajim
|
||||
whitelist ${HOME}/.config/gajim
|
||||
whitelist ${HOME}/.local/lib/python2.7/site-packages/
|
||||
whitelist ${HOME}/.local/share/gajim
|
||||
whitelist ${HOME}/Downloads
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
@ -39,8 +35,12 @@ protocol unix,inet,inet6
|
|||
seccomp
|
||||
shell none
|
||||
|
||||
#private-bin python2.7 gajim
|
||||
#private-etc fonts
|
||||
private-dev
|
||||
#private-tmp
|
||||
disable-mnt
|
||||
# private-bin python2.7 gajim
|
||||
private-dev
|
||||
# private-etc fonts
|
||||
# private-tmp
|
||||
read-only ${HOME}/.local/lib/python2.7/site-packages/
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# Allow the local python 2.7 site packages, in case any plugins are using these
|
||||
|
|
|
|||
|
|
@ -1,20 +1,20 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for galculator
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/galculator.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/firejail.local
|
||||
|
||||
# Firejail profile for XYZ
|
||||
noblacklist ~/.config/galculator
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
mkdir ~/.config/galculator
|
||||
whitelist ~/.config/galculator
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
caps.drop all
|
||||
net none
|
||||
|
|
|
|||
|
|
@ -1,14 +1,15 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for geany
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/geany.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/geany.local
|
||||
|
||||
noblacklist ${HOME}/.config/geany
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
netfilter
|
||||
|
|
|
|||
|
|
@ -1,28 +1,29 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for geary
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/geary.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/geary.local
|
||||
|
||||
# Firejail profile for Gnome Geary
|
||||
# Users have Geary set to open a browser by clicking a link in an email
|
||||
# We are not allowed to blacklist browser-specific directories
|
||||
|
||||
noblacklist ~/.gnupg
|
||||
mkdir ~/.gnupg
|
||||
whitelist ~/.gnupg
|
||||
|
||||
noblacklist ~/.local/share/geary
|
||||
mkdir ~/.local/share/geary
|
||||
whitelist ~/.local/share/geary
|
||||
|
||||
mkdir ~/.gnupg
|
||||
mkdir ~/.local/share/geary
|
||||
whitelist ~/.config/mimeapps.list
|
||||
read-only ~/.config/mimeapps.list
|
||||
whitelist ~/.gnupg
|
||||
whitelist ~/.local/share/applications
|
||||
whitelist ~/.local/share/geary
|
||||
include /etc/firejail/whitelist-common.inc
|
||||
|
||||
ignore private-tmp
|
||||
|
||||
read-only ~/.config/mimeapps.list
|
||||
read-only ~/.local/share/applications
|
||||
|
||||
# allow browsers
|
||||
ignore private-tmp
|
||||
include /etc/firejail/firefox.profile
|
||||
#include /etc/firejail/chromium.profile - chromium runs as suid!
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# Users have Geary set to open a browser by clicking a link in an email
|
||||
# We are not allowed to blacklist browser-specific directories
|
||||
# allow browsers
|
||||
|
|
|
|||
|
|
@ -1,23 +1,18 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
# Firejail profile for gedit
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/gedit.local
|
||||
|
||||
# gedit profile
|
||||
|
||||
# when gedit is started via gnome-shell, firejail is not applied because systemd will start it
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
noblacklist ~/.config/gedit
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
# include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
#ipc-namespace
|
||||
net none
|
||||
no3d
|
||||
nogroups
|
||||
|
|
@ -36,3 +31,6 @@ private-tmp
|
|||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# when gedit is started via gnome-shell, firejail is not applied because systemd will start it
|
||||
|
|
|
|||
|
|
@ -1,30 +1,31 @@
|
|||
# Persistent global definitions go here
|
||||
# Firejail profile for geeqie
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include /etc/firejail/geeqie.local
|
||||
# Persistent global definitions
|
||||
include /etc/firejail/globals.local
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/geeqie.local
|
||||
|
||||
# Firejail profile for Geeqie
|
||||
noblacklist ~/.cache/geeqie
|
||||
noblacklist ~/.config/geeqie
|
||||
noblacklist ~/.local/share/geeqie
|
||||
noblacklist ~/.cache/geeqie
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
|
||||
caps.drop all
|
||||
nogroups
|
||||
nonewprivs
|
||||
noroot
|
||||
nosound
|
||||
protocol unix
|
||||
seccomp
|
||||
nosound
|
||||
|
||||
private-dev
|
||||
|
||||
#Experimental:
|
||||
shell none
|
||||
|
||||
# private-bin geeqie
|
||||
private-dev
|
||||
# private-etc X11
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# Experimental:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,8 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for handbrake
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/ghb.local
|
||||
|
||||
# HandBrake
|
||||
include /etc/firejail/handbrake.profile
|
||||
|
||||
# CLOBBERED COMMENTS
|
||||
# HandBrake
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
# Persistent global definitions go here
|
||||
include /etc/firejail/globals.local
|
||||
# Firejail profile alias for gimp
|
||||
# This file is overwritten after every install/update
|
||||
|
||||
# This file is overwritten during software install.
|
||||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/gimp-2.8.local
|
||||
|
||||
include /etc/firejail/gimp.profile
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue