2 files changed, 62 insertions, 0 deletions

diff --git a/firejail/.config/firejail/chromium.profile b/firejail/.config/firejail/chromium.profile
new file mode 100644
index 0000000..3adf2a1
--- /dev/null
+++ b/firejail/.config/firejail/chromium.profile
@@ -0,0 +1,32 @@
+# Chromium browser profile
+noblacklist ~/.config/chromium
+noblacklist ~/.cache/chromium
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+
+netfilter
+
+whitelist ${DOWNLOADS}
+mkdir ~/.config/chromium
+whitelist ~/.config/chromium
+mkdir ~/.cache/chromium
+whitelist ~/.cache/chromium
+mkdir ~/.pki
+whitelist ~/.pki
+
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+
+# allowed _payload_ home directories
+whitelist ~/downloads
+whitelist ~/webarchive
+whitelist ~/share
+
+# specific to Arch
+whitelist ~/.config/chromium-flags.conf
+
+include /etc/firejail/whitelist-common.inc
diff --git a/firejail/.config/firejail/firefox.profile b/firejail/.config/firejail/firefox.profile
new file mode 100644
index 0000000..c7a964f
--- /dev/null
+++ b/firejail/.config/firejail/firefox.profile
@@ -0,0 +1,30 @@
+noblacklist ~/.mozilla
+noblacklist ~/.cache/mozilla
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+
+mkdir ~/.mozilla
+whitelist ~/.mozilla
+mkdir ~/.cache/mozilla/firefox
+whitelist ~/.cache/mozilla/firefox
+whitelist ~/dwhelper
+whitelist ~/.pentadactylrc
+whitelist ~/.pentadactyl
+whitelist ~/.pki
+
+# allowed _payload_ home directories
+whitelist ~/downloads
+whitelist ~/webarchive
+whitelist ~/share
+
+include /etc/firejail/whitelist-common.inc