Updated for firejail 0.9.68

21 files changed, 1 insertions, 314 deletions

diff --git a/profiles/abook.profile b/profiles/abook.profile
index 5ebcd86..5e697aa 100644
--- a/profiles/abook.profile
+++ b/profiles/abook.profile
@@ -13,7 +13,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
diff --git a/profiles/amfora.profile b/profiles/amfora.profile
deleted file mode 100644
index 65da794..0000000
--- a/profiles/amfora.profile
+++ /dev/null
@@ -1,63 +0,0 @@
-# Firejail profile for amfora
-# This file is overwritten after every install/update
-quiet
-# Persistent local customizations
-include amfora.local
-# Persistent global definitions
-include globals.local
-
-
-noblacklist ${HOME}/.config/amfora
-noblacklist ${HOME}/.local/share/amfora
-
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
-
-include disable-common.inc
-include disable-devel.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-write-mnt.inc
-include disable-xdg.inc
-
-mkdir ${HOME}/.config/amfora
-mkdir ${HOME}/.local/share/amfora
-
-whitelist ${HOME}/.config/amfora
-whitelist ${HOME}/.local/share/amfora
-include whitelist-runuser-common.inc
-
-caps.drop all
-machine-id
-netfilter
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-
-disable-mnt
-private-bin amfora
-private-cache
-private-dev
-private-etc ca-certificates,resolv.conf,ssl
-private-tmp
-
-dbus-user none
-dbus-system none
-
-noexec ${HOME}
-noexec /tmp
-
-# # Use with hardened-malloc package
-env LD_PRELOAD=/usr/lib/libhardened_malloc.so
diff --git a/profiles/calcurse.profile b/profiles/calcurse.profile
index 250f153..5f4504e 100644
--- a/profiles/calcurse.profile
+++ b/profiles/calcurse.profile
@@ -8,7 +8,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
diff --git a/profiles/firefox-common.local b/profiles/firefox-common.local
index e6fdada..fe08e8d 100644
--- a/profiles/firefox-common.local
+++ b/profiles/firefox-common.local
@@ -1,4 +1,3 @@
-include disable-passwdmgr.inc
 include disable-shell.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
diff --git a/profiles/generic-game.inc b/profiles/generic-game.inc
index 43e72a0..554f910 100644
--- a/profiles/generic-game.inc
+++ b/profiles/generic-game.inc
@@ -6,7 +6,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 include disable-write-mnt.inc
diff --git a/profiles/generic-wine-game.inc b/profiles/generic-wine-game.inc
index 27dc93a..fe72355 100644
--- a/profiles/generic-wine-game.inc
+++ b/profiles/generic-wine-game.inc
@@ -14,7 +14,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
diff --git a/profiles/git.local b/profiles/git.local
index 0d64d0d..21fa3b5 100644
--- a/profiles/git.local
+++ b/profiles/git.local
@@ -21,4 +21,4 @@ whitelist ${HOME}/workspace
 
 protocol inet,inet6
 
-private-bin git,less
+private-bin git,less,grep
diff --git a/profiles/hg.profile b/profiles/hg.profile
deleted file mode 100644
index c72365f..0000000
--- a/profiles/hg.profile
+++ /dev/null
@@ -1,71 +0,0 @@
-# Firejail profile for hg
-# This file is overwritten after every install/update
-quiet
-# Persistent local customizations
-include hg.local
-# Persistent global definitions
-include globals.local
-
-noblacklist ${HOME}/.config/nano
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
-noblacklist ${HOME}/.hgrc
-#noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.nanorc
-noblacklist ${HOME}/.oh-my-zsh
-#noblacklist ${HOME}/.ssh
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
-
-# Allow ssh (blacklisted by disable-common.inc)
-include allow-ssh.inc
-
-blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
-
-include disable-common.inc
-include disable-exec.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-whitelist ${HOME}/.config/nano
-whitelist ${HOME}/.emacs
-whitelist ${HOME}/.emacs.d
-whitelist ${HOME}/.hgrc
-#whitelist ${HOME}/.gnupg
-#read-only ${HOME}/.gnupg
-whitelist ${HOME}/.nanorc
-read-only ${HOME}/.nanorc
-whitelist ${HOME}/.oh-my-zsh
-#whitelist ${HOME}/.ssh
-#read-only ${HOME}/.ssh
-whitelist ${HOME}/.vim
-whitelist ${HOME}/.viminfo
-whitelist ${HOME}/build
-whitelist ${HOME}/workspace
-
-caps.drop all
-ipc-namespace
-machine-id
-netfilter
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-#protocol unix,inet,inet6
-seccomp
-shell none
-
-private-bin hg,python2
-private-cache
-private-dev
-
-memory-deny-write-execute
-
diff --git a/profiles/kmymoney.profile b/profiles/kmymoney.profile
index 05c75ce..257e574 100644
--- a/profiles/kmymoney.profile
+++ b/profiles/kmymoney.profile
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.local/share/kmymoney
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 include disable-write-mnt.inc
diff --git a/profiles/konqueror.profile b/profiles/konqueror.profile
index 0c3cb07..d6081ce 100644
--- a/profiles/konqueror.profile
+++ b/profiles/konqueror.profile
@@ -20,7 +20,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-shell.inc
 include disable-write-mnt.inc
diff --git a/profiles/kristall.profile b/profiles/kristall.profile
index b7e3691..6a8d565 100644
--- a/profiles/kristall.profile
+++ b/profiles/kristall.profile
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.config/xqTechnologies
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
-include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-shell.inc
 include /etc/firejail/disable-write-mnt.inc
diff --git a/profiles/legend-of-grimrock.profile b/profiles/legend-of-grimrock.profile
deleted file mode 100644
index 7921296..0000000
--- a/profiles/legend-of-grimrock.profile
+++ /dev/null
@@ -1,18 +0,0 @@
-# This file is overwritten after every install/update
-# Persistent local customizations
-include legend-of-grimrock.local
-# Persistent global definitions
-include globals.local
-
-noblacklist ${HOME}/.local/share/Almost Human
-noblacklist ${HOME}/.local/share/Almost Human/Legend of Grimrock
-
-mkdir ${HOME}/.local/share/Almost Human
-mkdir ${HOME}/.local/share/Almost Human/Legend of Grimrock
-whitelist ${HOME}/.local/share/Almost Human/Legend of Grimrock
-whitelist ${HOME}/games/Legend of Grimrock
-read-only ${HOME}/games/Legend of Grimrock
-
-ignore memory-deny-write-execute
-
-include generic-game.inc
diff --git a/profiles/lgogdownloader.profile b/profiles/lgogdownloader.profile
index e78e347..b06497d 100644
--- a/profiles/lgogdownloader.profile
+++ b/profiles/lgogdownloader.profile
@@ -15,7 +15,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 
diff --git a/profiles/nyamp.profile b/profiles/nyamp.profile
deleted file mode 100644
index a0fd602..0000000
--- a/profiles/nyamp.profile
+++ /dev/null
@@ -1,57 +0,0 @@
-# This file is overwritten after every install/update
-# Persistent local customizations
-include nyamp.local
-# Persistent global definitions
-include globals.local
-
-noblacklist ${HOME}/.config/iserlohn-fortress.net/nyamp
-noblacklist ${MUSIC}
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-write-mnt.inc
-include disable-xdg.inc
-
-mkdir ${HOME}/.config/iserlohn-fortress.net
-mkdir ${HOME}/.config/iserlohn-fortress.net/nyamp
-
-whitelist ${HOME}/.config/iserlohn-fortress.net/nyamp
-whitelist ${MUSIC}
-read-only ${MUSIC}
-include whitelist-common.inc
-
-
-caps.drop all
-# machine-id
-net none
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-
-disable-mnt
-private-bin bash,nyamp
-private-cache
-private-dev
-private-etc fonts,machine-id
-# private-etc asound.conf,fonts,machine-id,pulse
-private-tmp
-
-memory-deny-write-execute
-
-dbus-user none
-dbus-system none
diff --git a/profiles/objects-in-space.profile b/profiles/objects-in-space.profile
deleted file mode 100644
index c8d89ef..0000000
--- a/profiles/objects-in-space.profile
+++ /dev/null
@@ -1,22 +0,0 @@
-# This file is overwritten after every install/update
-# Persistent local customizations
-include objects-in-space.local
-# Persistent global definitions
-include globals.local
-
-noblacklist ${HOME}/Documents
-noblacklist ${HOME}/Documents/ObjectsInSpace
-
-mkdir ${HOME}/Documents
-mkdir ${HOME}/Documents/ObjectsInSpace
-whitelist ${HOME}/Documents/ObjectsInSpace
-whitelist ${HOME}/games/Objects In Space
-read-only ${HOME}/games/Objects In Space
-
-private-etc asound.conf,group,localtime,machine-id,passwd,pulse
-
-ignore memory-deny-write-execute
-
-ignore noexec ${HOME}
-
-include generic-game.inc
diff --git a/profiles/poi.profile b/profiles/poi.profile
index 6b133ae..84038e8 100644
--- a/profiles/poi.profile
+++ b/profiles/poi.profile
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.local/share/smolbote
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-interpreters.inc
-include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-shell.inc
 include /etc/firejail/disable-write-mnt.inc
diff --git a/profiles/qimv.profile b/profiles/qimv.profile
deleted file mode 100644
index f243b20..0000000
--- a/profiles/qimv.profile
+++ /dev/null
@@ -1,54 +0,0 @@
-# Firejail profile for qimv
-# Description: Image viewer
-# This file is overwritten after every install/update
-# Persistent local customizations
-include qimv.local
-# Persistent global definitions
-include globals.local
-
-# Comment in these two lines to enable testing the binary from ${HOME}
-#ignore noexec ${HOME}
-#ignore private-bin qimv,imv
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-write-mnt.inc
-
-#include whitelist-common.inc
-#include whitelist-var-common.inc
-
-apparmor
-caps.drop all
-machine-id
-net none
-# no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-
-# disable-mnt
-private-bin qimv,imv
-private-cache
-private-dev
-private-etc fonts,machine-id,localtime,passwd
-private-tmp
-
-memory-deny-write-execute
-
-dbus-user none
-dbus-system none
diff --git a/profiles/strawberry.local b/profiles/strawberry.local
deleted file mode 100644
index a605392..0000000
--- a/profiles/strawberry.local
+++ /dev/null
@@ -1,14 +0,0 @@
-whitelist ${HOME}/.cache/strawberry
-whitelist ${HOME}/.config/strawberry
-whitelist ${HOME}/.local/share/strawberry
-whitelist ${MUSIC}
-
-include disable-shell.inc
-include disable-write-mnt.inc
-
-include whitelist-common.inc
-
-#net none
-protocol unix,inet,inet6
-
-private-etc asound.conf,group,localtime,machine-id,pulse,resolv.conf
diff --git a/profiles/toxic.profile b/profiles/toxic.profile
index 33d0cde..f6e862e 100644
--- a/profiles/toxic.profile
+++ b/profiles/toxic.profile
@@ -11,7 +11,6 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
diff --git a/profiles/weechat.local b/profiles/weechat.local
index 38d8565..ac3d428 100644
--- a/profiles/weechat.local
+++ b/profiles/weechat.local
@@ -11,7 +11,6 @@ noblacklist /usr/share/python3*
 
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
diff --git a/profiles/wine.local b/profiles/wine.local
index ebad424..3f2be46 100644
--- a/profiles/wine.local
+++ b/profiles/wine.local
@@ -1,8 +1,6 @@
 noblacklist ${HOME}/.config/q4wine
 noblacklist ${HOME}/.local/share/wineprefixes
 
-include disable-passwdmgr.inc
-
 mkdir ${HOME}/.wine
 mkdir ${HOME}/.config/q4wine
 mkdir ${HOME}/.local/share/wineprefixes