firefox.profile
von RobertDebiannutzer- SNIPPET_TEXT:
-
- # Firejail profile for firefox
- # This file is overwritten after every install/update
- # Persistent local customizations
- include /etc/firejail/firefox.local
- # Persistent global definitions
- include /etc/firejail/globals.local
- noblacklist ${HOME}/.cache/mozilla
- noblacklist ${HOME}/.config/okularpartrc
- noblacklist ${HOME}/.config/okularrc
- noblacklist ${HOME}/.config/qpdfview
- noblacklist ${HOME}/.kde/share/apps/kget
- noblacklist ${HOME}/.kde/share/apps/okular
- noblacklist ${HOME}/.kde/share/config/kgetrc
- noblacklist ${HOME}/.kde/share/config/okularpartrc
- noblacklist ${HOME}/.kde/share/config/okularrc
- noblacklist ${HOME}/.kde4/share/apps/kget
- noblacklist ${HOME}/.kde4/share/apps/okular
- noblacklist ${HOME}/.kde4/share/config/kgetrc
- noblacklist ${HOME}/.kde4/share/config/okularpartrc
- noblacklist ${HOME}/.kde4/share/config/okularrc
- # noblacklist ${HOME}/.local/share/gnome-shell/extensions
- noblacklist ${HOME}/.local/share/okular
- noblacklist ${HOME}/.local/share/qpdfview
- noblacklist ${HOME}/.mozilla
- noblacklist ${HOME}/.pki
- include /etc/firejail/disable-common.inc
- include /etc/firejail/disable-devel.inc
- include /etc/firejail/disable-programs.inc
- mkdir ${HOME}/.cache/mozilla/firefox
- mkdir ${HOME}/.mozilla
- mkdir ${HOME}/.pki
- whitelist ${DOWNLOADS}
- whitelist ${HOME}/.cache/gnome-mplayer/plugin
- whitelist ${HOME}/.cache/mozilla/firefox
- whitelist ${HOME}/.config/gnome-mplayer
- whitelist ${HOME}/.config/okularpartrc
- whitelist ${HOME}/.config/okularrc
- whitelist ${HOME}/.config/pipelight-silverlight5.1
- whitelist ${HOME}/.config/pipelight-widevine
- whitelist ${HOME}/.config/qpdfview
- whitelist ${HOME}/.kde/share/apps/kget
- whitelist ${HOME}/.kde/share/apps/okular
- whitelist ${HOME}/.kde/share/config/kgetrc
- whitelist ${HOME}/.kde/share/config/okularpartrc
- whitelist ${HOME}/.kde/share/config/okularrc
- whitelist ${HOME}/.kde4/share/apps/kget
- whitelist ${HOME}/.kde4/share/apps/okular
- whitelist ${HOME}/.kde4/share/config/kgetrc
- whitelist ${HOME}/.kde4/share/config/okularpartrc
- whitelist ${HOME}/.kde4/share/config/okularrc
- whitelist ${HOME}/.keysnail.js
- whitelist ${HOME}/.lastpass
- whitelist ${HOME}/.local/share/gnome-shell/extensions
- whitelist ${HOME}/.local/share/okular
- whitelist ${HOME}/.local/share/qpdfview
- whitelist ${HOME}/.mozilla
- whitelist ${HOME}/.pentadactyl
- whitelist ${HOME}/.pentadactylrc
- whitelist ${HOME}/.pki
- whitelist ${HOME}/.vimperator
- whitelist ${HOME}/.vimperatorrc
- whitelist ${HOME}/.wine-pipelight
- whitelist ${HOME}/.wine-pipelight64
- whitelist ${HOME}/.zotero
- whitelist ${HOME}/dwhelper
- include /etc/firejail/whitelist-common.inc
- include /etc/firejail/whitelist-var-common.inc
- caps.drop all
- # machine-id breaks pulse audio; it should work fine in setups where sound is not required
- #machine-id
- netfilter
- nodvd
- nogroups
- nonewprivs
- noroot
- notv
- protocol unix,inet,inet6,netlink
- seccomp
- shell none
- tracelog
- disable-mnt
- # firefox requires a shell to launch on Arch.
- # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
- private-dev
- # private-etc below works fine on most distributions. There are some problems on CentOS.
- # private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
- private-tmp
- noexec ${HOME}
- noexec /tmp
Quellcode
Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN