diff --git a/etc/0ad.profile b/etc/0ad.profile index 84addc229..d4f06f732 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -3,7 +3,6 @@ include /etc/firejail/0ad.local # Firejail profile for 0ad. -noblacklist ~/.cache/0ad noblacklist ~/.config/0ad noblacklist ~/.local/share/0ad include /etc/firejail/disable-common.inc @@ -12,9 +11,6 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc # Whitelists -mkdir ~/.cache/0ad -whitelist ~/.cache/0ad - mkdir ~/.config/0ad whitelist ~/.config/0ad diff --git a/etc/abrowser.profile b/etc/abrowser.profile index b9a30d6bf..3b60750d5 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -4,7 +4,6 @@ include /etc/firejail/abrowser.local # Firejail profile for Abrowser noblacklist ~/.mozilla -noblacklist ~/.cache/mozilla noblacklist ~/.pki noblacklist ~/.lastpass include /etc/firejail/disable-common.inc @@ -22,8 +21,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.mozilla whitelist ~/.mozilla -mkdir ~/.cache/mozilla/abrowser -whitelist ~/.cache/mozilla/abrowser whitelist ~/dwhelper whitelist ~/.zotero whitelist ~/.vimperatorrc @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer -whitelist ~/.cache/gnome-mplayer/plugin whitelist ~/.pki whitelist ~/.lastpass diff --git a/etc/chromium.profile b/etc/chromium.profile index 995c0001b..ce823e0db 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile @@ -4,7 +4,6 @@ include /etc/firejail/chromium.local # Chromium browser profile noblacklist ~/.config/chromium -noblacklist ~/.cache/chromium noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -18,8 +17,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/chromium whitelist ~/.config/chromium -mkdir ~/.cache/chromium -whitelist ~/.cache/chromium mkdir ~/.pki whitelist ~/.pki diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index a79303f77..d9896e4a7 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -4,7 +4,6 @@ include /etc/firejail/cyberfox.local # Firejail profile for Cyberfox (based on Mozilla Firefox) noblacklist ~/.8pecxstudios -noblacklist ~/.cache/8pecxstudios noblacklist ~/.pki noblacklist ~/.lastpass include /etc/firejail/disable-common.inc @@ -22,8 +21,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.8pecxstudios whitelist ~/.8pecxstudios -mkdir ~/.cache/8pecxstudios -whitelist ~/.cache/8pecxstudios whitelist ~/dwhelper whitelist ~/.zotero whitelist ~/.vimperatorrc @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer -whitelist ~/.cache/gnome-mplayer/plugin whitelist ~/.pki whitelist ~/.lastpass diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 06a519e9a..12f8a1755 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -17,44 +17,6 @@ blacklist ${HOME}/.arduino15 blacklist ${HOME}/.atom blacklist ${HOME}/.audacity-data blacklist ${HOME}/.bcast5 -blacklist ${HOME}/.cache/0ad -blacklist ${HOME}/.cache/8pecxstudios -blacklist ${HOME}/.cache/Franz -blacklist ${HOME}/.cache/INRIA -blacklist ${HOME}/.cache/QuiteRss -blacklist ${HOME}/.cache/champlain -blacklist ${HOME}/.cache/chromium -blacklist ${HOME}/.cache/qupzilla -blacklist ${HOME}/.cache/chromium-dev -blacklist ${HOME}/.cache/darktable -blacklist ${HOME}/.cache/epiphany -blacklist ${HOME}/.cache/evolution -blacklist ${HOME}/.cache/gajim -blacklist ${HOME}/.cache/geeqie -blacklist ${HOME}/.cache/google-chrome -blacklist ${HOME}/.cache/google-chrome-beta -blacklist ${HOME}/.cache/google-chrome-unstable -blacklist ${HOME}/.cache/icedove -blacklist ${HOME}/.cache/inox -blacklist ${HOME}/.cache/libgweather -blacklist ${HOME}/.cache/midori -blacklist ${HOME}/.cache/mozilla -blacklist ${HOME}/.cache/mutt -blacklist ${HOME}/.cache/netsurf -blacklist ${HOME}/.cache/opera -blacklist ${HOME}/.cache/opera-beta -blacklist ${HOME}/.cache/org.gnome.Books -blacklist ${HOME}/.cache/qutebrowser -blacklist ${HOME}/.cache/simple-scan -blacklist ${HOME}/.cache/slimjet -blacklist ${HOME}/.cache/spotify -blacklist ${HOME}/.cache/telepathy -blacklist ${HOME}/.cache/thunderbird -blacklist ${HOME}/.cache/torbrowser -blacklist ${HOME}/.cache/transmission -blacklist ${HOME}/.cache/vivaldi -blacklist ${HOME}/.cache/wesnoth -blacklist ${HOME}/.cache/xreader blacklist ${HOME}/.claws-mail blacklist ${HOME}/.config/0ad blacklist ${HOME}/.config/Atom diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 1bf259440..0b281c448 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -4,7 +4,6 @@ include /etc/firejail/epiphany.local # Epiphany browser profile noblacklist ${HOME}/.config/epiphany -noblacklist ${HOME}/.cache/epiphany noblacklist ${HOME}/.local/share/epiphany include /etc/firejail/disable-common.inc @@ -16,8 +15,6 @@ mkdir ${HOME}/.local/share/epiphany whitelist ${HOME}/.local/share/epiphany mkdir ${HOME}/.config/epiphany whitelist ${HOME}/.config/epiphany -mkdir ${HOME}/.cache/epiphany -whitelist ${HOME}/.cache/epiphany include /etc/firejail/whitelist-common.inc caps.drop all diff --git a/etc/evolution.profile b/etc/evolution.profile index cb6615716..637ac334a 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile @@ -5,7 +5,6 @@ include /etc/firejail/evolution.local # evolution profile noblacklist ~/.config/evolution noblacklist ~/.local/share/evolution -noblacklist ~/.cache/evolution noblacklist ~/.pki noblacklist ~/.pki/nssdb noblacklist ~/.gnupg diff --git a/etc/firefox.profile b/etc/firefox.profile index e2cfb9138..dec44ca67 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -4,7 +4,6 @@ include /etc/firejail/firefox.local # Firejail profile for Mozilla Firefox (Iceweasel in Debian) noblacklist ~/.mozilla -noblacklist ~/.cache/mozilla noblacklist ~/.config/qpdfview noblacklist ~/.local/share/qpdfview noblacklist ~/.kde/share/apps/okular @@ -25,8 +24,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.mozilla whitelist ~/.mozilla -mkdir ~/.cache/mozilla/firefox -whitelist ~/.cache/mozilla/firefox whitelist ~/dwhelper whitelist ~/.zotero whitelist ~/.vimperatorrc @@ -35,7 +32,6 @@ whitelist ~/.pentadactylrc whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer -whitelist ~/.cache/gnome-mplayer/plugin mkdir ~/.pki whitelist ~/.pki whitelist ~/.lastpass diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 4dc5b5cfc..a35aa7a33 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -10,7 +10,6 @@ include /etc/firejail/flashpeak-slimjet.local # firejail flashpeak-slimjet --no-sandbox # noblacklist ~/.config/slimjet -noblacklist ~/.cache/slimjet noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -29,8 +28,6 @@ seccomp whitelist ${DOWNLOADS} mkdir ~/.config/slimjet whitelist ~/.config/slimjet -mkdir ~/.cache/slimjet -whitelist ~/.cache/slimjet mkdir ~/.pki whitelist ~/.pki diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 3caaad71c..a33514c88 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile @@ -12,8 +12,5 @@ noblacklist ~/.fossamail mkdir ~/.fossamail whitelist ~/.fossamail -noblacklist ~/.cache/fossamail -mkdir ~/.cache/fossamail -whitelist ~/.cache/fossamail include /etc/firejail/firefox.profile diff --git a/etc/franz.profile b/etc/franz.profile index 05ff72a47..1692f4516 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -4,7 +4,6 @@ include /etc/firejail/franz.local # Franz profile noblacklist ~/.config/Franz -noblacklist ~/.cache/Franz noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -21,8 +20,6 @@ seccomp whitelist ${DOWNLOADS} mkdir ~/.config/Franz whitelist ~/.config/Franz -mkdir ~/.cache/Franz -whitelist ~/.cache/Franz mkdir ~/.pki whitelist ~/.pki diff --git a/etc/gajim.profile b/etc/gajim.profile index bac6cc466..f64d9241a 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -3,11 +3,9 @@ include /etc/firejail/gajim.local # Firejail profile for Gajim -noblacklist ${HOME}/.cache/gajim noblacklist ${HOME}/.local/share/gajim noblacklist ${HOME}/.config/gajim -mkdir ${HOME}/.cache/gajim mkdir ${HOME}/.local/share/gajim mkdir ${HOME}/.config/gajim mkdir ${HOME}/Downloads @@ -17,7 +15,6 @@ mkdir ${HOME}/.local/lib/python2.7/site-packages/ whitelist ${HOME}/.local/lib/python2.7/site-packages/ read-only ${HOME}/.local/lib/python2.7/site-packages/ -whitelist ${HOME}/.cache/gajim whitelist ${HOME}/.local/share/gajim whitelist ${HOME}/.config/gajim whitelist ${HOME}/Downloads diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 57f942a50..9f79e15b8 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile @@ -3,7 +3,6 @@ include /etc/firejail/geeqie.local # Firejail profile for Geeqie -noblacklist ~/.cache/geeqie noblacklist ~/.config/geeqie noblacklist ~/.local/share/geeqie include /etc/firejail/disable-common.inc diff --git a/etc/gjs.profile b/etc/gjs.profile index 24ec70e86..03dd7893c 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -6,10 +6,8 @@ include /etc/firejail/gjs.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.cache/org.gnome.Books noblacklist ~/.config/libreoffice noblacklist ~/.local/share/gnome-photos -noblacklist ~/.cache/libgweather include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 692e32896..bf2a9f36f 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -6,8 +6,6 @@ include /etc/firejail/gnome-books.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.cache/org.gnome.Books - include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 925420a5a..3b6bdd130 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile @@ -6,8 +6,6 @@ include /etc/firejail/gnome-weather.local # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -noblacklist ~/.cache/libgweather - include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 3bd16de4a..65bc42648 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -4,7 +4,6 @@ include /etc/firejail/google-chrome-beta.local # Google Chrome beta browser profile noblacklist ~/.config/google-chrome-beta -noblacklist ~/.cache/google-chrome-beta noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -18,8 +17,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/google-chrome-beta whitelist ~/.config/google-chrome-beta -mkdir ~/.cache/google-chrome-beta -whitelist ~/.cache/google-chrome-beta mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index d2def4f96..6f6fa1bf2 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -4,7 +4,6 @@ include /etc/firejail/google-chrome-unstable.local # Google Chrome unstable browser profile noblacklist ~/.config/google-chrome-unstable -noblacklist ~/.cache/google-chrome-unstable noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -18,8 +17,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/google-chrome-unstable whitelist ~/.config/google-chrome-unstable -mkdir ~/.cache/google-chrome-unstable -whitelist ~/.cache/google-chrome-unstable mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 38feb12a5..131538dd9 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -4,7 +4,6 @@ include /etc/firejail/google-chrome.local # Google Chrome browser profile noblacklist ~/.config/google-chrome -noblacklist ~/.cache/google-chrome noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -18,8 +17,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/google-chrome whitelist ~/.config/google-chrome -mkdir ~/.cache/google-chrome -whitelist ~/.cache/google-chrome mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc diff --git a/etc/icecat.profile b/etc/icecat.profile index 64401efe8..4bd3f3047 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -4,7 +4,6 @@ include /etc/firejail/icecat.local # Firejail profile for GNU Icecat noblacklist ~/.mozilla -noblacklist ~/.cache/mozilla noblacklist ~/.pki noblacklist ~/.lastpass include /etc/firejail/disable-common.inc @@ -22,8 +21,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.mozilla whitelist ~/.mozilla -mkdir ~/.cache/mozilla/icecat -whitelist ~/.cache/mozilla/icecat whitelist ~/dwhelper whitelist ~/.zotero whitelist ~/.vimperatorrc @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer -whitelist ~/.cache/gnome-mplayer/plugin whitelist ~/.pki whitelist ~/.lastpass diff --git a/etc/icedove.profile b/etc/icedove.profile index b5265e992..aae0e3bf5 100644 --- a/etc/icedove.profile +++ b/etc/icedove.profile @@ -14,10 +14,6 @@ noblacklist ~/.icedove mkdir ~/.icedove whitelist ~/.icedove -noblacklist ~/.cache/icedove -mkdir ~/.cache/icedove -whitelist ~/.cache/icedove - # allow browsers ignore private-tmp include /etc/firejail/firefox.profile diff --git a/etc/inox.profile b/etc/inox.profile index 0b2e4ee5e..6043ded8a 100644 --- a/etc/inox.profile +++ b/etc/inox.profile @@ -4,7 +4,6 @@ include /etc/firejail/inox.local # Inox browser profile noblacklist ~/.config/inox -noblacklist ~/.cache/inox noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -14,8 +13,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/inox whitelist ~/.config/inox -mkdir ~/.cache/inox -whitelist ~/.cache/inox mkdir ~/.pki whitelist ~/.pki diff --git a/etc/iridium.profile b/etc/iridium.profile index 2d79a3935..dcbd0b84b 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile @@ -4,7 +4,6 @@ include /etc/firejail/iridium.local # Iridium browser profile noblacklist ~/.config/iridium -noblacklist ~/.cache/iridium include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -17,8 +16,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/iridium whitelist ~/.config/iridium -mkdir ~/.cache/iridium -whitelist ~/.cache/iridium mkdir ~/.pki whitelist ~/.pki diff --git a/etc/mutt.profile b/etc/mutt.profile index 2f0809f02..f9d537779 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -14,7 +14,6 @@ noblacklist ~/mail noblacklist ~/Mail noblacklist ~/sent noblacklist ~/postponed -noblacklist ~/.cache/mutt noblacklist ~/.w3m noblacklist ~/.elinks noblacklist ~/.vim diff --git a/etc/netsurf.profile b/etc/netsurf.profile index c217346de..a3c360c1e 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -4,7 +4,6 @@ include /etc/firejail/netsurf.local # Firejail profile for Mozilla Firefox (Iceweasel in Debian) noblacklist ~/.config/netsurf -noblacklist ~/.cache/netsurf include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc @@ -20,7 +19,5 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.config/netsurf whitelist ~/.config/netsurf -mkdir ~/.cache/netsurf -whitelist ~/.cache/netsurf include /etc/firejail/whitelist-common.inc diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index 92624f334..5a0d54744 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile @@ -4,7 +4,6 @@ include /etc/firejail/opera-beta.local # Opera-beta browser profile noblacklist ~/.config/opera-beta -noblacklist ~/.cache/opera-beta noblacklist ~/.pki include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -15,8 +14,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/opera-beta whitelist ~/.config/opera-beta -mkdir ~/.cache/opera-beta -whitelist ~/.cache/opera-beta mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc diff --git a/etc/opera.profile b/etc/opera.profile index 57835f2f2..4af502060 100644 --- a/etc/opera.profile +++ b/etc/opera.profile @@ -4,7 +4,6 @@ include /etc/firejail/opera.local # Opera browser profile noblacklist ~/.config/opera -noblacklist ~/.cache/opera noblacklist ~/.opera noblacklist ~/.pki include /etc/firejail/disable-common.inc @@ -16,8 +15,6 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/opera whitelist ~/.config/opera -mkdir ~/.cache/opera -whitelist ~/.cache/opera mkdir ~/.opera whitelist ~/.opera mkdir ~/.pki diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 8cac00e03..472d58cee 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -4,7 +4,6 @@ include /etc/firejail/palemoon.local # Firejail profile for Pale Moon noblacklist ~/.moonchild productions/pale moon -noblacklist ~/.cache/moonchild productions/pale moon include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc @@ -13,8 +12,6 @@ include /etc/firejail/whitelist-common.inc whitelist ${DOWNLOADS} mkdir ~/.moonchild productions whitelist ~/.moonchild productions -mkdir ~/.cache/moonchild productions/pale moon -whitelist ~/.cache/moonchild productions/pale moon caps.drop all netfilter @@ -40,7 +37,6 @@ private-tmp #whitelist ~/.pentadactyl #whitelist ~/.keysnail.js #whitelist ~/.config/gnome-mplayer -#whitelist ~/.cache/gnome-mplayer/plugin #whitelist ~/.pki #whitelist ~/.lastpass diff --git a/etc/polari.profile b/etc/polari.profile index 834a8b3d6..52a58322e 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -15,8 +15,6 @@ mkdir ${HOME}/.local/share/TpLogger whitelist ${HOME}/.local/share/TpLogger mkdir ${HOME}/.config/telepathy-account-widgets whitelist ${HOME}/.config/telepathy-account-widgets -mkdir ${HOME}/.cache/telepathy -whitelist ${HOME}/.cache/telepathy mkdir ${HOME}/.purple whitelist ${HOME}/.purple include /etc/firejail/whitelist-common.inc diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 45cb22ee4..5106fccb2 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile @@ -14,8 +14,6 @@ mkdir ~/.config/psi+ whitelist ~/.config/psi+ mkdir ~/.local/share/psi+ whitelist ~/.local/share/psi+ -mkdir ~/.cache/psi+ -whitelist ~/.cache/psi+ caps.drop all netfilter diff --git a/etc/quiterss.profile b/etc/quiterss.profile index f4e4f96d3..158425e18 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -2,7 +2,6 @@ # Persistent customizations should go in a .local file. include /etc/firejail/quiterss.local -noblacklist ${HOME}/.cache/QuiteRss noblacklist ${HOME}/.config/QuiteRss noblacklist ${HOME}/.config/QuiteRssrc noblacklist ${HOME}/.local/share/QuiteRss @@ -19,8 +18,6 @@ whitelist ${HOME}/.config/QuiteRssrc mkdir ~/.local/share/data mkdir ~/.local/share/data/QuiteRss whitelist ${HOME}/.local/share/data/QuiteRss -mkdir ~/.cache/QuiteRss -whitelist ${HOME}/.cache/QuiteRss caps.drop all netfilter diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 3f5cb60c0..783bc516d 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile @@ -4,7 +4,6 @@ include /etc/firejail/qupzilla.local # Firejail profile for Qupzilla web browser noblacklist ${HOME}/.config/qupzilla -noblacklist ${HOME}/.cache/qupzilla include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc @@ -17,7 +16,6 @@ tracelog noroot whitelist ${DOWNLOADS} whitelist ~/.config/qupzilla -whitelist ~/.cache/qupzilla include /etc/firejail/whitelist-common.inc # experimental features diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index f43307ef9..53be1178c 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -4,7 +4,6 @@ include /etc/firejail/qutebrowser.local # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser noblacklist ~/.config/qutebrowser -noblacklist ~/.cache/qutebrowser include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc @@ -20,8 +19,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.config/qutebrowser whitelist ~/.config/qutebrowser -mkdir ~/.cache/qutebrowser -whitelist ~/.cache/qutebrowser mkdir ~/.local/share/qutebrowser whitelist ~/.local/share/qutebrowser include /etc/firejail/whitelist-common.inc diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index df1910469..756700c2f 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -4,7 +4,6 @@ include /etc/firejail/seamonkey.local # Firejail profile for Seamoneky based off Mozilla Firefox noblacklist ~/.mozilla -noblacklist ~/.cache/mozilla noblacklist ~/.pki noblacklist ~/.lastpass include /etc/firejail/disable-common.inc @@ -22,8 +21,6 @@ tracelog whitelist ${DOWNLOADS} mkdir ~/.mozilla/seamonkey whitelist ~/.mozilla/seamonkey -mkdir ~/.cache/mozilla/seamonkey -whitelist ~/.cache/mozilla/seamonkey whitelist ~/dwhelper whitelist ~/.zotero whitelist ~/.vimperatorrc @@ -32,7 +29,6 @@ whitelist ~/.pentadactylrc whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer -whitelist ~/.cache/gnome-mplayer/plugin whitelist ~/.pki whitelist ~/.lastpass include /etc/firejail/whitelist-common.inc diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index ee7e50ba7..0f6d626a5 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile @@ -3,8 +3,6 @@ include /etc/firejail/simple-scan.local # simple-scan profile -noblacklist ~/.cache/simple-scan - include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc diff --git a/etc/spotify.profile b/etc/spotify.profile index 843038a2b..23ef75b71 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -4,7 +4,6 @@ include /etc/firejail/spotify.local # Spotify media player profile noblacklist ${HOME}/.config/spotify -noblacklist ${HOME}/.cache/spotify noblacklist ${HOME}/.local/share/spotify include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc @@ -16,8 +15,6 @@ mkdir ${HOME}/.config/spotify whitelist ${HOME}/.config/spotify mkdir ${HOME}/.local/share/spotify whitelist ${HOME}/.local/share/spotify -mkdir ${HOME}/.cache/spotify -whitelist ${HOME}/.cache/spotify caps.drop all netfilter diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 88ab7501e..1dc8b15c7 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile @@ -14,10 +14,6 @@ noblacklist ~/.thunderbird mkdir ~/.thunderbird whitelist ~/.thunderbird -noblacklist ~/.cache/thunderbird -mkdir ~/.cache/thunderbird -whitelist ~/.cache/thunderbird - # allow browsers ignore private-tmp include /etc/firejail/firefox.profile diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index dbcc8d041..5b6bec4c1 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile @@ -4,7 +4,6 @@ include /etc/firejail/transmission-cli.local # transmission-cli bittorrent profile noblacklist ${HOME}/.config/transmission -noblacklist ${HOME}/.cache/transmission include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index dcd3317ef..78ce5fba2 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -4,7 +4,6 @@ include /etc/firejail/transmission-gtk.local # transmission-gtk bittorrent profile noblacklist ${HOME}/.config/transmission -noblacklist ${HOME}/.cache/transmission include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index ed63f7cff..2f7fe0714 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -4,7 +4,6 @@ include /etc/firejail/transmission-qt.local # transmission-qt bittorrent profile noblacklist ${HOME}/.config/transmission -noblacklist ${HOME}/.cache/transmission include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 0b88789b1..052843882 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -4,7 +4,6 @@ include /etc/firejail/transmission-show.local # transmission-show profile noblacklist ${HOME}/.config/transmission -noblacklist ${HOME}/.cache/transmission include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 2c2fbd9f0..bf6af3926 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -4,7 +4,6 @@ include /etc/firejail/vivaldi.local # Vivaldi browser profile noblacklist ~/.config/vivaldi -noblacklist ~/.cache/vivaldi include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc @@ -14,6 +13,4 @@ netfilter whitelist ${DOWNLOADS} mkdir ~/.config/vivaldi whitelist ~/.config/vivaldi -mkdir ~/.cache/vivaldi -whitelist ~/.cache/vivaldi include /etc/firejail/whitelist-common.inc diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 212466f5a..fbb381a86 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -4,7 +4,6 @@ include /etc/firejail/wesnoth.local # Whitelist-based profile for "Battle for Wesnoth" (game). noblacklist ${HOME}/.config/wesnoth -noblacklist ${HOME}/.cache/wesnoth noblacklist ${HOME}/.local/share/wesnoth include /etc/firejail/disable-common.inc @@ -23,8 +22,6 @@ private-tmp mkdir ${HOME}/.local/share/wesnoth mkdir ${HOME}/.config/wesnoth -mkdir ${HOME}/.cache/wesnoth whitelist ${HOME}/.local/share/wesnoth whitelist ${HOME}/.config/wesnoth -whitelist ${HOME}/.cache/wesnoth include /etc/firejail/whitelist-common.inc diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index cf7797100..516f47041 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc @@ -19,7 +19,6 @@ whitelist ~/.fonts.conf whitelist ~/.fonts.conf.d whitelist ~/.local/share/fonts whitelist ~/.config/fontconfig -whitelist ~/.cache/fontconfig # gtk whitelist ~/.gtkrc diff --git a/etc/xreader.profile b/etc/xreader.profile index 2e6015aef..51dbcad51 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -4,7 +4,6 @@ include /etc/firejail/xreader.local # Xreader profile noblacklist ~/.config/xreader -noblacklist ~/.cache/xreader noblacklist ~/.local/share include /etc/firejail/disable-common.inc