NoPaste

firefox.profile

von RobertDebiannutzer

SNIPPET_TEXT:
  1. # Firejail profile for firefox
  2. # This file is overwritten after every install/update
  3. # Persistent local customizations
  4. include /etc/firejail/firefox.local
  5. # Persistent global definitions
  6. include /etc/firejail/globals.local
  7.  
  8. noblacklist ${HOME}/.cache/mozilla
  9. noblacklist ${HOME}/.config/okularpartrc
  10. noblacklist ${HOME}/.config/okularrc
  11. noblacklist ${HOME}/.config/qpdfview
  12. noblacklist ${HOME}/.kde/share/apps/kget
  13. noblacklist ${HOME}/.kde/share/apps/okular
  14. noblacklist ${HOME}/.kde/share/config/kgetrc
  15. noblacklist ${HOME}/.kde/share/config/okularpartrc
  16. noblacklist ${HOME}/.kde/share/config/okularrc
  17. noblacklist ${HOME}/.kde4/share/apps/kget
  18. noblacklist ${HOME}/.kde4/share/apps/okular
  19. noblacklist ${HOME}/.kde4/share/config/kgetrc
  20. noblacklist ${HOME}/.kde4/share/config/okularpartrc
  21. noblacklist ${HOME}/.kde4/share/config/okularrc
  22. # noblacklist ${HOME}/.local/share/gnome-shell/extensions
  23. noblacklist ${HOME}/.local/share/okular
  24. noblacklist ${HOME}/.local/share/qpdfview
  25. noblacklist ${HOME}/.mozilla
  26. noblacklist ${HOME}/.pki
  27.  
  28. include /etc/firejail/disable-common.inc
  29. include /etc/firejail/disable-devel.inc
  30. include /etc/firejail/disable-programs.inc
  31.  
  32. mkdir ${HOME}/.cache/mozilla/firefox
  33. mkdir ${HOME}/.mozilla
  34. mkdir ${HOME}/.pki
  35. whitelist ${DOWNLOADS}
  36. whitelist ${HOME}/.cache/gnome-mplayer/plugin
  37. whitelist ${HOME}/.cache/mozilla/firefox
  38. whitelist ${HOME}/.config/gnome-mplayer
  39. whitelist ${HOME}/.config/okularpartrc
  40. whitelist ${HOME}/.config/okularrc
  41. whitelist ${HOME}/.config/pipelight-silverlight5.1
  42. whitelist ${HOME}/.config/pipelight-widevine
  43. whitelist ${HOME}/.config/qpdfview
  44. whitelist ${HOME}/.kde/share/apps/kget
  45. whitelist ${HOME}/.kde/share/apps/okular
  46. whitelist ${HOME}/.kde/share/config/kgetrc
  47. whitelist ${HOME}/.kde/share/config/okularpartrc
  48. whitelist ${HOME}/.kde/share/config/okularrc
  49. whitelist ${HOME}/.kde4/share/apps/kget
  50. whitelist ${HOME}/.kde4/share/apps/okular
  51. whitelist ${HOME}/.kde4/share/config/kgetrc
  52. whitelist ${HOME}/.kde4/share/config/okularpartrc
  53. whitelist ${HOME}/.kde4/share/config/okularrc
  54. whitelist ${HOME}/.keysnail.js
  55. whitelist ${HOME}/.lastpass
  56. whitelist ${HOME}/.local/share/gnome-shell/extensions
  57. whitelist ${HOME}/.local/share/okular
  58. whitelist ${HOME}/.local/share/qpdfview
  59. whitelist ${HOME}/.mozilla
  60. whitelist ${HOME}/.pentadactyl
  61. whitelist ${HOME}/.pentadactylrc
  62. whitelist ${HOME}/.pki
  63. whitelist ${HOME}/.vimperator
  64. whitelist ${HOME}/.vimperatorrc
  65. whitelist ${HOME}/.wine-pipelight
  66. whitelist ${HOME}/.wine-pipelight64
  67. whitelist ${HOME}/.zotero
  68. whitelist ${HOME}/dwhelper
  69. include /etc/firejail/whitelist-common.inc
  70. include /etc/firejail/whitelist-var-common.inc
  71.  
  72. caps.drop all
  73. # machine-id breaks pulse audio; it should work fine in setups where sound is not required
  74. #machine-id
  75. netfilter
  76. nodvd
  77. nogroups
  78. nonewprivs
  79. noroot
  80. notv
  81. protocol unix,inet,inet6,netlink
  82. seccomp
  83. shell none
  84. tracelog
  85.  
  86. disable-mnt
  87. # firefox requires a shell to launch on Arch.
  88. # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
  89. private-dev
  90. # private-etc below works fine on most distributions. There are some problems on CentOS.
  91. # private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
  92. private-tmp
  93.  
  94. noexec ${HOME}
  95. noexec /tmp

Quellcode

Hier kannst du den Code kopieren und ihn in deinen bevorzugten Editor einfügen. PASTEBIN_DOWNLOAD_SNIPPET_EXPLAIN