LWHP/firejail_profiles/icecat.profile

# Firejail profile for GNU Icecat

noblacklist ~/.mozilla
noblacklist ~/.cache/mozilla
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inc

caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

whitelist ${DOWNLOADS}
mkdir ~/.mozilla
whitelist ~/.mozilla
mkdir ~/.cache/mozilla/icecat
whitelist ~/.cache/mozilla/icecat
whitelist ~/dwhelper
whitelist ~/.zotero
whitelist ~/.vimperatorrc
whitelist ~/.vimperator
whitelist ~/.pentadactylrc
whitelist ~/.pentadactyl
whitelist ~/.keysnail.js
whitelist ~/.config/gnome-mplayer
whitelist ~/.cache/gnome-mplayer/plugin
whitelist ~/.pki

# lastpass, keepassx
whitelist ~/.keepassx
whitelist ~/.config/keepassx
whitelist ~/keepassx.kdbx
whitelist ~/.lastpass
whitelist ~/.config/lastpass


#silverlight
whitelist ~/.wine-pipelight
whitelist ~/.wine-pipelight64
whitelist ~/.config/pipelight-widevine
whitelist ~/.config/pipelight-silverlight5.1

include /etc/firejail/whitelist-common.inc

# experimental features
#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse
fj 2019-05-12 13:11:43 +00:00			`# Firejail profile for GNU Icecat`

			`noblacklist ~/.mozilla`
			`noblacklist ~/.cache/mozilla`
			`include /etc/firejail/disable-common.inc`
			`include /etc/firejail/disable-programs.inc`
			`include /etc/firejail/disable-devel.inc`

			`caps.drop all`
			`netfilter`
			`nonewprivs`
			`noroot`
			`protocol unix,inet,inet6,netlink`
			`seccomp`
			`tracelog`

			`whitelist ${DOWNLOADS}`
			`mkdir ~/.mozilla`
			`whitelist ~/.mozilla`
			`mkdir ~/.cache/mozilla/icecat`
			`whitelist ~/.cache/mozilla/icecat`
			`whitelist ~/dwhelper`
			`whitelist ~/.zotero`
			`whitelist ~/.vimperatorrc`
			`whitelist ~/.vimperator`
			`whitelist ~/.pentadactylrc`
			`whitelist ~/.pentadactyl`
			`whitelist ~/.keysnail.js`
			`whitelist ~/.config/gnome-mplayer`
			`whitelist ~/.cache/gnome-mplayer/plugin`
			`whitelist ~/.pki`

			`# lastpass, keepassx`
			`whitelist ~/.keepassx`
			`whitelist ~/.config/keepassx`
			`whitelist ~/keepassx.kdbx`
			`whitelist ~/.lastpass`
			`whitelist ~/.config/lastpass`


			`#silverlight`
			`whitelist ~/.wine-pipelight`
			`whitelist ~/.wine-pipelight64`
			`whitelist ~/.config/pipelight-widevine`
			`whitelist ~/.config/pipelight-silverlight5.1`

			`include /etc/firejail/whitelist-common.inc`

			`# experimental features`
			`#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse`