Merge pull request #1223 from SpotComms/arduino

Add a profile for Arduino IDE
author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-04-17 02:37:02 +0000
committer: GitHub <noreply@github.com> 2017-04-17 02:37:02 +0000
commit: 9eb8c8463642e1d595968132bfbb969c3d64e978 (patch)
tree: 21cc1369415a452148089b5d0b502a9d752e2607
parent: Cleanup for .config/qt5ct blacklist (part 2) and tightening (diff)
parent: Add a profile for Arduino IDE (diff)
download: firejail-9eb8c8463642e1d595968132bfbb969c3d64e978.tar.gz
firejail-9eb8c8463642e1d595968132bfbb969c3d64e978.tar.zst
firejail-9eb8c8463642e1d595968132bfbb969c3d64e978.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/arduino.profile b/etc/arduino.profile
new file mode 100644
index 000000000..e80222bb6
--- /dev/null
+++ b/etc/arduino.profile
@@ -0,0 +1,28 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/arduino.local
+# Firejail profile for arduino
+noblacklist ${HOME}/.arduino15
+noblacklist ${HOME}/Arduino
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-04-17 02:37:02 +0000
committer	GitHub <noreply@github.com>	2017-04-17 02:37:02 +0000
commit	9eb8c8463642e1d595968132bfbb969c3d64e978 (patch)
tree	21cc1369415a452148089b5d0b502a9d752e2607
parent	Cleanup for .config/qt5ct blacklist (part 2) and tightening (diff)
parent	Add a profile for Arduino IDE (diff)
download	firejail-9eb8c8463642e1d595968132bfbb969c3d64e978.tar.gz firejail-9eb8c8463642e1d595968132bfbb969c3d64e978.tar.zst firejail-9eb8c8463642e1d595968132bfbb969c3d64e978.zip

diff --git a/etc/arduino.profile b/etc/arduino.profile new file mode 100644 index 000000000..e80222bb6 --- /dev/null +++ b/etc/arduino.profile
@@ -0,0 +1,28 @@
	1	# This file is overwritten during software install.
	2	# Persistent customizations should go in a .local file.
	3	include /etc/firejail/arduino.local
	4
	5	# Firejail profile for arduino
	6	noblacklist ${HOME}/.arduino15
	7	noblacklist ${HOME}/Arduino
	8
	9	include /etc/firejail/disable-common.inc
	10	include /etc/firejail/disable-programs.inc
	11	include /etc/firejail/disable-passwdmgr.inc
	12	include /etc/firejail/disable-devel.inc
	13
	14	caps.drop all
	15	netfilter
	16	no3d
	17	nogroups
	18	nonewprivs
	19	noroot
	20	nosound
	21	protocol unix,inet,inet6
	22	seccomp
	23	shell none
	24
	25	private-tmp
	26
	27	noexec ${HOME}
	28	noexec /tmp