diff options
| author | katherine <shmibs@shmibbles.me> | 2016-06-09 20:53:51 -0700 |
|---|---|---|
| committer | katherine <shmibs@shmibbles.me> | 2016-06-09 20:53:51 -0700 |
| commit | 5929a2f3f99d939737046c68e917c10ff839e5f8 (patch) | |
| tree | 78f6f67b5330ff12d834e0dd1e84b36ac47d1659 /.config/firejail | |
| parent | 8f5f918b00037b5e340d0c01c80b17008e6764ba (diff) | |
| download | dotfiles-5929a2f3f99d939737046c68e917c10ff839e5f8.tar.gz | |
update firejail conf
Diffstat (limited to '.config/firejail')
| -rw-r--r-- | .config/firejail/firefox.profile | 45 |
1 files changed, 31 insertions, 14 deletions
diff --git a/.config/firejail/firefox.profile b/.config/firejail/firefox.profile index 77b708a..1bdb3da 100644 --- a/.config/firejail/firefox.profile +++ b/.config/firejail/firefox.profile @@ -1,29 +1,32 @@ # Firejail profile for Mozilla Firefox (Iceweasel in Debian) -noblacklist ${HOME}/.mozilla -noblacklist ${HOME}/desktop -noblacklist ${HOME}/downloads -noblacklist ${HOME}/images -noblacklist ${HOME}/videos/web -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc + +noblacklist ~/.mozilla +noblacklist ~/.cache/mozilla include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${PATH}/udevil + caps.drop all -seccomp -protocol unix,inet,inet6,netlink netfilter -tracelog +nonewprivs noroot +protocol unix,inet,inet6,netlink +seccomp +tracelog + whitelist ~/desktop whitelist ~/downloads whitelist ~/images whitelist ~/videos/web +whitelist ${DOWNLOADS} +mkdir ~/.mozilla whitelist ~/.mozilla +mkdir ~/.cache +mkdir ~/.cache/mozilla +mkdir ~/.cache/mozilla/firefox whitelist ~/.cache/mozilla/firefox whitelist ~/dwhelper whitelist ~/.zotero -whitelist ~/.lastpass whitelist ~/.vimperatorrc whitelist ~/.vimperator whitelist ~/.pentadactylrc @@ -31,9 +34,23 @@ whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer whitelist ~/.cache/gnome-mplayer/plugin +whitelist ~/.pki + +# lastpass, keepassx +whitelist ~/.keepassx +whitelist ~/.config/keepassx +whitelist ~/keepassx.kdbx +whitelist ~/.lastpass +whitelist ~/.config/lastpass + + +#silverlight +whitelist ~/.wine-pipelight +whitelist ~/.wine-pipelight64 +whitelist ~/.config/pipelight-widevine +whitelist ~/.config/pipelight-silverlight5.1 + include /etc/firejail/whitelist-common.inc # experimental features #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse - - |