diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 52fd62ada..05131df43 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -1,4 +1,7 @@ # Mathematica profile +noblacklist ${HOME}/.Mathematica +noblacklist ${HOME}/.Wolfram Research + mkdir ~/.Mathematica whitelist ~/.Mathematica mkdir ~/.Wolfram Research diff --git a/etc/atril.profile b/etc/atril.profile index f142f50bc..e078c1d20 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -4,12 +4,9 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 netfilter noroot tracelog - diff --git a/etc/audacious.profile b/etc/audacious.profile index 0c79d02ac..290faa260 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -4,10 +4,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 noroot - diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 3cc384b37..7bcc61e98 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - whitelist ${HOME}/cherrytree mkdir ~/.config mkdir ~/.config/cherrytree diff --git a/etc/clementine.profile b/etc/clementine.profile index a02e05f9c..c6271e6e3 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index dbf4531c4..2810e5323 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -1,13 +1,12 @@ # DeaDBeeF media player profile +noblacklist ${HOME}/.config/deadbeef + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 noroot - diff --git a/etc/deluge.profile b/etc/deluge.profile index 9b2c65656..d8ffc8ec5 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -4,13 +4,9 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 netfilter noroot nosound - - diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0cd1ed123..7faf75638 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -1,10 +1,19 @@ # various programs -blacklist ${HOME}/.config/vlc blacklist ${HOME}/.remmina blacklist ${HOME}/.tconn blacklist ${HOME}/.FBReader blacklist ${HOME}/.wine +blacklist ${HOME}/.Mathematica +blacklist ${HOME}/.Wolfram Research +blacklist ${HOME}/.config/mupen64plus +blacklist ${HOME}/.config/transmission +blacklist ${HOME}/.config/uGet + +# Media players blacklist ${HOME}/.config/cmus +blacklist ${HOME}/.config/deadbeef +blacklist ${HOME}/.config/spotify +blacklist ${HOME}/.config/vlc # HTTP / FTP / Mail blacklist ${HOME}/.icedove @@ -19,20 +28,14 @@ blacklist ${HOME}/.config/google-chrome-unstable blacklist ${HOME}/.config/opera blacklist ${HOME}/.config/opera-beta blacklist ${HOME}/.opera -blacklist ~/.config/vivaldi +blacklist ${HOME}/.config/vivaldi blacklist ${HOME}/.filezilla blacklist ${HOME}/.config/filezilla -blacklist ~/.dillo - -# cache -blacklist ~/.cache/mozilla -blacklist ~/.cache/chromium -blacklist ~/.cache/google-chrome -blacklist ~/.cache/google-chrome-beta -blacklist ~/.cache/google-chrome-unstable -blacklist ~/.cache/opera -blacklist ~/.cache/opera-beta -blacklist ~/.cache/vivaldi +blacklist ${HOME}/.dillo +blacklist ${HOME}/.conkeror.mozdev.org +blacklist ${HOME}/.config/epiphany +blacklist ${HOME}/.config/slimjet +blacklist ${HOME}/.config/qutebrowser # Instant Messaging blacklist ${HOME}/.config/hexchat @@ -44,6 +47,12 @@ blacklist ${HOME}/.weechat blacklist ${HOME}/.config/xchat blacklist ${HOME}/.Skype blacklist ${HOME}/.config/tox +blacklist ${HOME}/.TelegramDesktop + +# Games +blacklist ${HOME}/.hedgewars +blacklist ${HOME}/.steam +blacklist ${HOME}/.config/wesnoth # Cryptocoins blacklist ${HOME}/.*coin @@ -55,3 +64,27 @@ blacklist ${HOME}/.subversion blacklist ${HOME}/.gitconfig blacklist ${HOME}/.git-credential-cache +# cache +blacklist ${HOME}/.cache/mozilla +blacklist ${HOME}/.cache/chromium +blacklist ${HOME}/.cache/google-chrome +blacklist ${HOME}/.cache/google-chrome-beta +blacklist ${HOME}/.cache/google-chrome-unstable +blacklist ${HOME}/.cache/opera +blacklist ${HOME}/.cache/opera-beta +blacklist ${HOME}/.cache/vivaldi +blacklist ${HOME}/.cache/epiphany +blacklist ${HOME}/.cache/slimjet +blacklist ${HOME}/.cache/qutebrowser +blacklist ${HOME}/.cache/spotify +blacklist ${HOME}/.cache/thunderbird +blacklist ${HOME}/.cache/icedove +blacklist ${HOME}/.cache/transmission +blacklist ${HOME}/.cache/wesnoth + +# share +blacklist ${HOME}/.local/share/epiphany +blacklist ${HOME}/.local/share/mupen64plus +blacklist ${HOME}/.local/share/spotify +blacklist ${HOME}/.local/share/steam +blacklist ${HOME}/.local/share/wesnoth diff --git a/etc/dropbox.profile b/etc/dropbox.profile index ea0dc1fcb..a0a944dce 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -3,10 +3,7 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps seccomp protocol unix,inet,inet6 noroot - diff --git a/etc/empathy.profile b/etc/empathy.profile index 37277e3d1..789bdda08 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -3,10 +3,7 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 netfilter - diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 319d2b177..95a673bf9 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -1,4 +1,8 @@ # Epiphany browser profile +noblacklist ${HOME}/.config/epiphany +noblacklist ${HOME}/.cache/epiphany +noblacklist ${HOME}/.local/share/epiphany + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/evince.profile b/etc/evince.profile index 693593713..c390dcaf3 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -4,11 +4,8 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 noroot nosound - diff --git a/etc/fbreader.profile b/etc/fbreader.profile index c45acc901..cfbae1c74 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -1,16 +1,14 @@ # fbreader ebook reader profile noblacklist ${HOME}/.FBReader + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 netfilter noroot nosound - diff --git a/etc/filezilla.profile b/etc/filezilla.profile index dc677542f..8542de284 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -1,18 +1,14 @@ # FileZilla ftp profile noblacklist ${HOME}/.filezilla noblacklist ${HOME}/.config/filezilla + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 noroot netfilter nosound - - - diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index a96b19ec3..ec3698ac8 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 53d0c2eaf..5ab7cfe72 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -1,4 +1,5 @@ # whitelist profile for Hedgewars (game) +noblacklist ${HOME}/.hedgewars include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc diff --git a/etc/kmail.profile b/etc/kmail.profile index 67a7b4eb1..a7079661b 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -1,17 +1,14 @@ # kmail profile noblacklist ${HOME}/.gnupg + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6,netlink netfilter noroot tracelog - - diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 101074c24..7b38b411a 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -1,5 +1,8 @@ # mupen64plus profile # manually whitelist ROM files +noblacklist ${HOME}/.config/mupen64plus +noblacklist ${HOME}/.local/share/mupen64plus + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/pidgin.profile b/etc/pidgin.profile index ea5d82103..fd497f082 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -1,11 +1,10 @@ # Pidgin profile noblacklist ${HOME}/.purple + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 121d08a13..8bdc745fb 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -4,13 +4,9 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 netfilter noroot nosound - - diff --git a/etc/quassel.profile b/etc/quassel.profile index 1fba23784..72004da7f 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -3,11 +3,8 @@ include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 noroot netfilter - diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index a3204c5f9..782cd3832 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -4,11 +4,8 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 noroot netfilter - diff --git a/etc/spotify.profile b/etc/spotify.profile index dfe298e1d..fd4586dd5 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -1,4 +1,7 @@ # Spotify media player profile +noblacklist ${HOME}/.config/spotify +noblacklist ${HOME}/.cache/spotify +noblacklist ${HOME}/.local/share/spotify include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/ssh.profile b/etc/ssh.profile index 7e105724e..7b282bde6 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -1,14 +1,12 @@ # ssh client noblacklist ~/.ssh + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 netfilter noroot - diff --git a/etc/totem.profile b/etc/totem.profile index 5eeeb4402..4d87cbb85 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -4,8 +4,6 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 9e64c6d59..d61d36a8c 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -1,11 +1,12 @@ # transmission-gtk profile +noblacklist ${HOME}/.config/transmission +noblacklist ${HOME}/.cache/transmission + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 @@ -13,7 +14,3 @@ netfilter noroot tracelog nosound - - - - diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 1059ad3ee..3db7a5452 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -1,11 +1,12 @@ # transmission-qt profile +noblacklist ${HOME}/.config/transmission +noblacklist ${HOME}/.cache/transmission + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 @@ -13,5 +14,3 @@ netfilter noroot tracelog nosound - - diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 6593075c8..ef5aa7d4a 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -1,4 +1,6 @@ # uGet profile +noblacklist ${HOME}/.config/uGet + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/vlc.profile b/etc/vlc.profile index 0a7469339..061ae6f78 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -1,12 +1,11 @@ # VLC media player profile noblacklist ${HOME}/.config/vlc + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6 diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 24b245b6c..340ba0db5 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -1,4 +1,8 @@ # Whitelist-based profile for "Battle for Wesnoth" (game). +noblacklist ${HOME}/.config/wesnoth +noblacklist ${HOME}/.cache/wesnoth +noblacklist ${HOME}/.local/share/wesnoth + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/wine.profile b/etc/wine.profile index f93fa6dc2..ea6db8511 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -2,6 +2,7 @@ noblacklist ${HOME}/.steam noblacklist ${HOME}/.local/share/steam noblacklist ${HOME}/.wine + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/xchat.profile b/etc/xchat.profile index 7c11ba76c..fcea4245e 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -1,11 +1,10 @@ # XChat IRC profile noblacklist ${HOME}/.config/xchat + include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${HOME}/.wine - caps.drop all seccomp protocol unix,inet,inet6