Further unify private-etc in Firefox-based browsers

2026-05-15 14:16:14 -06:00 · 2018-02-11 19:19:43 -05:00 · 2018-02-11 19:19:43 -05:00 · d9a524ca72
commit d9a524ca72
parent 397f0d3a16
9 changed files with 22 additions and 12 deletions
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@ -13,7 +13,8 @@ mkdir ${HOME}/.mozilla
 whitelist ${HOME}/.cache/mozilla/abrowser
 whitelist ${HOME}/.mozilla

-# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,abrowser,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
+# private-etc must first be enabled in firefox-common.profile
+#private-etc abrowser


 # Redirect
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@ -13,7 +13,8 @@ mkdir ${HOME}/.config/cliqz
 whitelist ${HOME}/.cache/cliqz
 whitelist ${HOME}/.config/cliqz

-# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,cliqz,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
+# private-etc must first be enabled in firefox-common.profile
+#private-etc cliqz

 # Redirect
 include /etc/firejail/firefox-common.profile
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@ -14,7 +14,8 @@ whitelist ${HOME}/.8pecxstudios
 whitelist ${HOME}/.cache/8pecxstudios

 # private-bin cyberfox,which,sh,dbus-launch,dbus-send,env
-# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,cyberfox,mime.types,mailcap,asound.conf,pulse
+# private-etc must first be enabled in firefox-common.profile
+#private-etc cyberfox

 # Redirect
 include /etc/firejail/firefox-common.profile
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@ -36,6 +36,8 @@ tracelog

 disable-mnt
 private-dev
+# private-etc below works fine on most distributions. There are some problems on CentOS.
+#private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
 private-tmp

 noexec ${HOME}
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@ -14,9 +14,9 @@ whitelist ${HOME}/.cache/mozilla/firefox
 whitelist ${HOME}/.mozilla

 # firefox requires a shell to launch on Arch.
-# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
-# private-etc below works fine on most distributions. There are some problems on CentOS.
-# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
+#private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
+# private-etc must first be enabled in firefox-common.profile
+#private-etc firefox

 # Redirect
 include /etc/firejail/firefox-common.profile
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@ -13,7 +13,8 @@ mkdir ${HOME}/.mozilla
 whitelist ${HOME}/.cache/mozilla/icecat
 whitelist ${HOME}/.mozilla

-# private-etc icecat,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
+# private-etc must first be enabled in firefox-common.profile
+#private-etc icecat

 # Redirect
 include /etc/firejail/firefox-common.profile
--- a/etc/iceweasel.profile
+++ b/etc/iceweasel.profile
@ -5,6 +5,8 @@ include /etc/firejail/iceweasel.local
 # Persistent global definitions
 include /etc/firejail/globals.local

+# private-etc must first be enabled in firefox-common.profile
+#private-etc iceweasel

 # Redirect
 include /etc/firejail/firefox.profile
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@ -13,9 +13,10 @@ mkdir ${HOME}/.moonchild productions
 whitelist ${HOME}/.cache/moonchild productions/pale moon
 whitelist ${HOME}/.moonchild productions

-# private-bin palemoon
-# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,palemoon,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
-# private-opt palemoon
+#private-bin palemoon
+# private-etc must first be enabled in firefox-common.profile
+#private-etc palemoon
+#private-opt palemoon

 # Redirect
 include /etc/firejail/firefox-common.profile
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@ -20,8 +20,9 @@ whitelist ${HOME}/.mozilla
 whitelist ${HOME}/.waterfox

 # waterfox requires a shell to launch on Arch. We can possibly remove sh though.
-# private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash
-# private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,waterfox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
+#private-bin waterfox,which,sh,dbus-launch,dbus-send,env,bash
+# private-etc must first be enabled in firefox-common.profile
+#private-etc waterfox

 # Redirect
 include /etc/firejail/firefox-common.profile