Fix comments

chiraag-nataraj · Sep 15, 2017 · 544d7e6 · 544d7e6
1 parent 53e0875
commit 544d7e6
Show file tree

Hide file tree

Showing 17 changed files with 42 additions and 89 deletions.
diff --git a/akregator.profile b/akregator.profile
@@ -15,6 +15,7 @@ blacklist /usr/local/sbin
 whitelist ${HOME}/.config/
 whitelist ${HOME}/.local/share/akregator/
 whitelist /tmp/.X11-unix
+# DBus is forced to use an ordinary unix socket
 whitelist /tmp/dbus_session_socket
 include /etc/firejail/whitelist-common.inc
 
@@ -29,6 +30,3 @@ shell none
 private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
 private-dev
 private-etc fonts,alternatives,X11,passwd
-
-# CLOBBERED COMMENTS
-# I have forced DBus to use an ordinary unix socket
diff --git a/brackets.profile b/brackets.profile
@@ -20,14 +20,12 @@ whitelist /tmp/.X11-unix
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
+# Comment out or use --ignore=net if you want to install extensions or themes
 net none
+# Disable these if you use live preview (until I figure out a workaround)
+# Doing so should be relatively safe since there is no network access
 noroot
 seccomp
 
 private-bin bash,brackets,readlink,dirname,google-chrome,cat
 private-dev
-
-# CLOBBERED COMMENTS
-# Comment out or use --ignore=net if you want to install extensions or themes
-# Disable these if you use live preview (until I figure out a workaround)
-# Doing so should be relatively safe since there is no network access
diff --git a/calligra.profile b/calligra.profile
@@ -17,6 +17,7 @@ whitelist ${HOME}/.kde
 whitelist ${HOME}/.themes
 whitelist ${HOME}/Documents
 whitelist /tmp/.X11-unix
+# DBus is forced to use an ordinary unix socket
 whitelist /tmp/dbus_session_socket
 include /etc/firejail/whitelist-common.inc
 
@@ -34,6 +35,3 @@ private-etc fonts,passwd,alternatives,X11
 
 noexec /home
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# I have forced DBus to use an ordinary unix socket
diff --git a/fetchmail.profile b/fetchmail.profile
@@ -10,6 +10,8 @@ blacklist /media
 blacklist /mnt
 blacklist /opt
 
+# Location of your fetchmailrc - I decrypt it into /tmp/fetchmailrc
+# whitelist ${HOME}/.fetchmailrc.gpg
 whitelist ${HOME}/.procmailrc.brown
 whitelist ${HOME}/.procmailrc.gmail
 whitelist ${HOME}/Mail
@@ -27,7 +29,3 @@ x11 none
 # private-bin fetchmail,procmail,bash,chmod
 private-dev
 # private-etc passwd,hosts,resolv.conf
-
-# CLOBBERED COMMENTS
-# # Location of your fetchmailrc - I decrypt it into /tmp/fetchmailrc
-# whitelist ${HOME}/.fetchmailrc.gpg
diff --git a/firefox.profile b/firefox.profile
@@ -44,6 +44,7 @@ include /etc/firejail/whitelist-common.inc
 
 caps.drop all
 noroot
+# protocol unix,inet,inet6
 seccomp
 shell none
 
@@ -52,9 +53,3 @@ private-etc hosts,passwd,mime.types,fonts/,mailcap,iceweasel/,xdg/,gtk-3.0/,reso
 
 noexec ${HOME}
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# Blacklist/Whitelist
-# Miscellaneous options
-# Private directories
-# protocol unix,inet,inet6
diff --git a/google-earth.profile b/google-earth.profile
@@ -30,7 +30,3 @@ private-etc fonts,resolv.conf,X11,alternatives,pulse
 
 noexec /home
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# Config file directory
-# Hack to automatically discard the lock file
diff --git a/hugin.profile b/hugin.profile
@@ -12,7 +12,14 @@ blacklist /opt
 blacklist /usr/local/bin
 blacklist /usr/local/sbin
 
+# whitelist ${DOWNLOADS}
+# whitelist ${HOME}/.gtkrc-2.0
+# whitelist ${HOME}/.gtkrc.mine
+# whitelist ${HOME}/.hugin
+# whitelist ${HOME}/.themes
+# whitelist ${HOME}/Pictures
 whitelist /tmp/.X11-unix
+# DBus is forced to use an ordinary unix socket
 whitelist /tmp/dbus_session_socket
 include /etc/firejail/whitelist-common.inc
 
@@ -28,12 +35,3 @@ shell none
 private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
 private-dev
 private-etc fonts
-
-# CLOBBERED COMMENTS
-# I have forced DBus to use an ordinary unix socket
-# whitelist ${DOWNLOADS}
-# whitelist ${HOME}/.gtkrc-2.0
-# whitelist ${HOME}/.gtkrc.mine
-# whitelist ${HOME}/.hugin
-# whitelist ${HOME}/.themes
-# whitelist ${HOME}/Pictures
diff --git a/kdenlive.profile b/kdenlive.profile
@@ -10,7 +10,13 @@ blacklist /media
 blacklist /mnt
 blacklist /opt
 
+# Apparently these break kdenlive for some people - they work for me though?
+# whitelist ${DOWNLOADS}
+# whitelist ${HOME}/.config/
+# whitelist ${HOME}/Videos
+# whitelist ${HOME}/kdenlive
 whitelist /tmp/.X11-unix
+# DBus is forced to use an ordinary unix socket
 whitelist /tmp/dbus_session_socket
 include /etc/firejail/whitelist-common.inc
 
@@ -24,11 +30,3 @@ shell none
 private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
 private-dev
 private-etc fonts,alternatives,X11,pulse,passwd
-
-# CLOBBERED COMMENTS
-# Apparently these break kdenlive for some people - they work for me though?
-# I have forced DBus to use an ordinary unix socket
-# whitelist ${DOWNLOADS}
-# whitelist ${HOME}/.config/
-# whitelist ${HOME}/Videos
-# whitelist ${HOME}/kdenlive
diff --git a/libreoffice.profile b/libreoffice.profile
@@ -23,6 +23,7 @@ whitelist /tmp/.X11-unix
 whitelist /tmp/dbus_session_socket
 whitelist /tmp/fcitx-socket-:0
 whitelist /tmp/fcitx_dbus_socket
+# Enable document recovery
 whitelist /tmp/user/1000
 include /etc/firejail/whitelist-common.inc
 
@@ -42,6 +43,3 @@ private-etc libreoffice,fonts,passwd,alternatives,X11
 
 noexec ${HOME}
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# Enable document recovery
diff --git a/mutt.profile b/mutt.profile
@@ -22,6 +22,11 @@ whitelist ${HOME}/.signatures
 whitelist ${HOME}/Downloads
 whitelist ${HOME}/Mail
 whitelist ${HOME}/sent
+# whitelist /dev/random
+# whitelist /dev/stderr
+# whitelist /dev/stdin 
+# whitelist /dev/stdout
+# whitelist /dev/urandom
 whitelist /tmp/user/1000/emacs1000/
 whitelist /tmp/user/1000/mutt1000/
 include /etc/firejail/whitelist-common.inc
@@ -38,13 +43,3 @@ private-etc Muttrc.d/,Muttrc,alternatives/,resolv.conf,ssl/,mime.types,proxychai
 
 noexec ${HOME}
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# Enhance security
-# Necessary to get Mutt working
-# To store files
-# whitelist /dev/random
-# whitelist /dev/stderr
-# whitelist /dev/stdin
-# whitelist /dev/stdout
-# whitelist /dev/urandom
diff --git a/natron.profile b/natron.profile
@@ -5,6 +5,8 @@ include /etc/firejail/natron.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+# Contributed by triceratops1 (https://github.com/triceratops1)
+
 blacklist /boot
 blacklist /media
 blacklist /mnt
@@ -30,6 +32,3 @@ private-etc fonts,X11,pulse
 
 noexec ${HOME}
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# # Contributed by triceratops1 (https://github.com/triceratops1)
diff --git a/openshot.profile b/openshot.profile
@@ -28,8 +28,3 @@ shell none
 
 private-bin openshot,python
 private-dev
-
-# CLOBBERED COMMENTS
-# Blacklist/Whitelist
-# Config files
-# I use Downloads as my data transfer directory
diff --git a/qpdfview.profile b/qpdfview.profile
@@ -31,7 +31,3 @@ private-etc fonts,X11,alternatives
 
 noexec ${HOME}
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# #
-# # Add other whitelisted directories here if desired
diff --git a/scribus.profile b/scribus.profile
@@ -29,8 +29,3 @@ shell none
 
 private-bin scribus,gs
 private-dev
-
-# CLOBBERED COMMENTS
-# Blacklist/Whitelist
-# Config files
-# I use Downloads as my data transfer directory
diff --git a/tor-browser-en.profile b/tor-browser-en.profile
@@ -33,12 +33,9 @@ seccomp
 shell none
 
 private-bin bash,grep,sed,tail,tor-browser-en,env,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,file,expr
+# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
+# https://github.com/netblue30/firejail/issues/955
 private-etc X11,pulse,machine-id
 private-tmp
 
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# FIXME: Spoof D-Bus machine id (tor-browser segfaults when it is missing!)
-# https://aur.archlinux.org/packages/tor-browser-en/
-# https://github.com/netblue30/firejail/issues/955
diff --git a/tor.profile b/tor.profile
@@ -5,6 +5,16 @@ include /etc/firejail/tor.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+# How to use:
+# Create a script called anything (e.g. mytor)
+# with the following contents:
+# #!/bin/bash
+# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
+# sudo -b daemon -f -d -- firejail --profile=/home/<username>/.config/firejail/tor.profile $TORCMD
+
+# You'll also likely want to disable the system service (if it exists)
+# Run mytor (or whatever you called the script above) whenever you want to start tor
+
 blacklist /boot
 blacklist /media
 blacklist /mnt
@@ -26,12 +36,3 @@ private-bin tor,bash
 private-dev
 private-etc tor,passwd
 private-tmp
-
-# CLOBBERED COMMENTS
-# # !/bin/bash
-# Create a script called anything (e.g. mytor)
-# How to use:
-# Run mytor (or whatever you called the script above) whenever you want to start tor
-# TORCMD="tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 1"
-# You'll also likely want to disable the system service (if it exists)
-# with the following contents:
diff --git a/zart.profile b/zart.profile
@@ -5,6 +5,7 @@ include /etc/firejail/zart.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
+# Contributed by triceratops1 (https://github.com/triceratops1)
 
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/Videos
@@ -24,6 +25,3 @@ private-etc fonts,X11
 
 noexec ${HOME}
 noexec /tmp
-
-# CLOBBERED COMMENTS
-# # Contributed by triceratops1 (https://github.com/triceratops1)