From 5929a2f3f99d939737046c68e917c10ff839e5f8 Mon Sep 17 00:00:00 2001
From: katherine <shmibs@shmibbles.me>
Date: Thu, 9 Jun 2016 20:53:51 -0700
Subject: update firejail conf

---
 .config/firejail/firefox.profile | 45 +++++++++++++++++++++++++++-------------
 1 file changed, 31 insertions(+), 14 deletions(-)

(limited to '.config/firejail')

diff --git a/.config/firejail/firefox.profile b/.config/firejail/firefox.profile
index 77b708a..1bdb3da 100644
--- a/.config/firejail/firefox.profile
+++ b/.config/firejail/firefox.profile
@@ -1,29 +1,32 @@
 # Firejail profile for Mozilla Firefox (Iceweasel in Debian)
-noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/desktop
-noblacklist ${HOME}/downloads
-noblacklist ${HOME}/images
-noblacklist ${HOME}/videos/web
-include /etc/firejail/disable-mgmt.inc
-include /etc/firejail/disable-secret.inc
+
+noblacklist ~/.mozilla
+noblacklist ~/.cache/mozilla
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
-blacklist ${PATH}/udevil
+
 caps.drop all
-seccomp
-protocol unix,inet,inet6,netlink
 netfilter
-tracelog
+nonewprivs
 noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
 whitelist ~/desktop
 whitelist ~/downloads
 whitelist ~/images
 whitelist ~/videos/web
+whitelist ${DOWNLOADS}
+mkdir ~/.mozilla
 whitelist ~/.mozilla
+mkdir ~/.cache
+mkdir ~/.cache/mozilla
+mkdir ~/.cache/mozilla/firefox
 whitelist ~/.cache/mozilla/firefox
 whitelist ~/dwhelper
 whitelist ~/.zotero
-whitelist ~/.lastpass
 whitelist ~/.vimperatorrc
 whitelist ~/.vimperator
 whitelist ~/.pentadactylrc
@@ -31,9 +34,23 @@ whitelist ~/.pentadactyl
 whitelist ~/.keysnail.js
 whitelist ~/.config/gnome-mplayer
 whitelist ~/.cache/gnome-mplayer/plugin
+whitelist ~/.pki
+
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+
+
+#silverlight
+whitelist ~/.wine-pipelight
+whitelist ~/.wine-pipelight64
+whitelist ~/.config/pipelight-widevine
+whitelist ~/.config/pipelight-silverlight5.1
+
 include /etc/firejail/whitelist-common.inc
 
 # experimental features
 #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
-
-
-- 
cgit v1.2.3