fix

author: Your Name <you@example.com> 2018-03-24 19:59:50 -0400
committer: Your Name <you@example.com> 2018-03-24 19:59:50 -0400
commit: 5ae3e801d91f386ab36dbe8fc3d8b50cd30004db (patch)
tree: 2379164b209d33056b4ae0aadfe9fa72ba25e7fc
parent: fix akonadi_control, enable it in firecfg for a better default (diff)
download: firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.tar.gz
firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.tar.zst
firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.zip
2 files changed, 65 insertions, 0 deletions
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile
new file mode 100644
index 000000000..29df27759
--- /dev/null
+++ b/etc/blender-2.8.profile
@@ -0,0 +1,30 @@
+# Firejail profile for blender
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/blender.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/blender
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile
new file mode 100644
index 000000000..fb1ee46e2
--- /dev/null
+++ b/etc/thunderbird-beta.profile
@@ -0,0 +1,35 @@
+# Firejail profile for thunderbird
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/thunderbird.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+# Users have thunderbird set to open a browser by clicking a link in an email
+# We are not allowed to blacklist browser-specific directories
+whitelist /opt/thunderbird-beta
+noblacklist ${HOME}/.cache/thunderbird
+noblacklist ${HOME}/.gnupg
+# noblacklist ${HOME}/.icedove
+noblacklist ${HOME}/.thunderbird
+mkdir ${HOME}/.cache/thunderbird
+mkdir ${HOME}/.gnupg
+# mkdir ${HOME}/.icedove
+mkdir ${HOME}/.thunderbird
+whitelist ${HOME}/.cache/thunderbird
+whitelist ${HOME}/.gnupg
+# whitelist ${HOME}/.icedove
+whitelist ${HOME}/.thunderbird
+# We need the real /tmp for data exchange when xdg-open handles email attachments on KDE
+ignore private-tmp
+# machine-id breaks audio in browsers; enable it when sound is not required
+# machine-id
+read-only ${HOME}/.config/mimeapps.list
+# writable-run-user is needed for signing and encrypting emails
+writable-run-user
+# allow browsers
+# Redirect
+include /etc/firejail/firefox.profile
author	Your Name <you@example.com>	2018-03-24 19:59:50 -0400
committer	Your Name <you@example.com>	2018-03-24 19:59:50 -0400
commit	5ae3e801d91f386ab36dbe8fc3d8b50cd30004db (patch)
tree	2379164b209d33056b4ae0aadfe9fa72ba25e7fc
parent	fix akonadi_control, enable it in firecfg for a better default (diff)
download	firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.tar.gz firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.tar.zst firejail-5ae3e801d91f386ab36dbe8fc3d8b50cd30004db.zip

diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile new file mode 100644 index 000000000..29df27759 --- /dev/null +++ b/etc/blender-2.8.profile
@@ -0,0 +1,30 @@
	1	# Firejail profile for blender
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/blender.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ${HOME}/.config/blender
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-passwdmgr.inc
	13	include /etc/firejail/disable-programs.inc
	14
	15	caps.drop all
	16	netfilter
	17	nodvd
	18	nogroups
	19	nonewprivs
	20	noroot
	21	notv
	22	protocol unix,inet,inet6,netlink
	23	seccomp
	24	shell none
	25
	26	private-dev
	27	private-tmp
	28
	29	noexec ${HOME}
	30	noexec /tmp


diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile new file mode 100644 index 000000000..fb1ee46e2 --- /dev/null +++ b/etc/thunderbird-beta.profile
@@ -0,0 +1,35 @@
	1	# Firejail profile for thunderbird
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/thunderbird.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	# Users have thunderbird set to open a browser by clicking a link in an email
	9	# We are not allowed to blacklist browser-specific directories
	10	whitelist /opt/thunderbird-beta
	11	noblacklist ${HOME}/.cache/thunderbird
	12	noblacklist ${HOME}/.gnupg
	13	# noblacklist ${HOME}/.icedove
	14	noblacklist ${HOME}/.thunderbird
	15
	16	mkdir ${HOME}/.cache/thunderbird
	17	mkdir ${HOME}/.gnupg
	18	# mkdir ${HOME}/.icedove
	19	mkdir ${HOME}/.thunderbird
	20	whitelist ${HOME}/.cache/thunderbird
	21	whitelist ${HOME}/.gnupg
	22	# whitelist ${HOME}/.icedove
	23	whitelist ${HOME}/.thunderbird
	24
	25	# We need the real /tmp for data exchange when xdg-open handles email attachments on KDE
	26	ignore private-tmp
	27	# machine-id breaks audio in browsers; enable it when sound is not required
	28	# machine-id
	29	read-only ${HOME}/.config/mimeapps.list
	30	# writable-run-user is needed for signing and encrypting emails
	31	writable-run-user
	32
	33	# allow browsers
	34	# Redirect
	35	include /etc/firejail/firefox.profile