From 5929a2f3f99d939737046c68e917c10ff839e5f8 Mon Sep 17 00:00:00 2001 From: katherine Date: Thu, 9 Jun 2016 20:53:51 -0700 Subject: update firejail conf --- .config/firejail/firefox.profile | 45 +++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 14 deletions(-) (limited to '.config/firejail') diff --git a/.config/firejail/firefox.profile b/.config/firejail/firefox.profile index 77b708a..1bdb3da 100644 --- a/.config/firejail/firefox.profile +++ b/.config/firejail/firefox.profile @@ -1,29 +1,32 @@ # Firejail profile for Mozilla Firefox (Iceweasel in Debian) -noblacklist ${HOME}/.mozilla -noblacklist ${HOME}/desktop -noblacklist ${HOME}/downloads -noblacklist ${HOME}/images -noblacklist ${HOME}/videos/web -include /etc/firejail/disable-mgmt.inc -include /etc/firejail/disable-secret.inc + +noblacklist ~/.mozilla +noblacklist ~/.cache/mozilla include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc -blacklist ${PATH}/udevil + caps.drop all -seccomp -protocol unix,inet,inet6,netlink netfilter -tracelog +nonewprivs noroot +protocol unix,inet,inet6,netlink +seccomp +tracelog + whitelist ~/desktop whitelist ~/downloads whitelist ~/images whitelist ~/videos/web +whitelist ${DOWNLOADS} +mkdir ~/.mozilla whitelist ~/.mozilla +mkdir ~/.cache +mkdir ~/.cache/mozilla +mkdir ~/.cache/mozilla/firefox whitelist ~/.cache/mozilla/firefox whitelist ~/dwhelper whitelist ~/.zotero -whitelist ~/.lastpass whitelist ~/.vimperatorrc whitelist ~/.vimperator whitelist ~/.pentadactylrc @@ -31,9 +34,23 @@ whitelist ~/.pentadactyl whitelist ~/.keysnail.js whitelist ~/.config/gnome-mplayer whitelist ~/.cache/gnome-mplayer/plugin +whitelist ~/.pki + +# lastpass, keepassx +whitelist ~/.keepassx +whitelist ~/.config/keepassx +whitelist ~/keepassx.kdbx +whitelist ~/.lastpass +whitelist ~/.config/lastpass + + +#silverlight +whitelist ~/.wine-pipelight +whitelist ~/.wine-pipelight64 +whitelist ~/.config/pipelight-widevine +whitelist ~/.config/pipelight-silverlight5.1 + include /etc/firejail/whitelist-common.inc # experimental features #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse - - -- cgit v1.2.3