Refactor min as chromium redirect profile (#2676)

author: glitsj16 <glitsj16@users.noreply.github.com> 2019-05-02 06:17:33 +0000
committer: GitHub <noreply@github.com> 2019-05-02 06:17:33 +0000
commit: ad31bb726b8a0c7934563c8abe99865a50d1946c (patch)
tree: db5003ac3bd2d3718df7f0ebd1c56565c9197186
parent: Add Bitwarden profile (#2673) (diff)
download: firejail-ad31bb726b8a0c7934563c8abe99865a50d1946c.tar.gz
firejail-ad31bb726b8a0c7934563c8abe99865a50d1946c.tar.zst
firejail-ad31bb726b8a0c7934563c8abe99865a50d1946c.zip
1 files changed, 2 insertions, 41 deletions
diff --git a/etc/min.profile b/etc/min.profile
index c89df0a95..7f3aeab44 100644
--- a/etc/min.profile
+++ b/etc/min.profile
@@ -8,47 +8,8 @@ include globals.local
 noblacklist ${HOME}/.config/Min
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
-# noexec ${HOME} breaks DRM binaries.
-?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.config/Min
-mkdir ${HOME}/.local/share/pki
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.config/Min
-whitelist ${HOME}/.local/share/pki
-include whitelist-common.inc
-include whitelist-var-common.inc
-caps.drop all
-netfilter
-nodbus
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-nou2f
-protocol unix,inet,inet6
-seccomp
-shell none
-disable-mnt
-# private-bin min
-private-cache
-private-dev
-# private-etc below works fine on most distributions. There are some problems on CentOS.
-private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
-private-tmp
-# memory-deny-write-execute
+# Redirect
+include chromium-common.profile
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-05-02 06:17:33 +0000
committer	GitHub <noreply@github.com>	2019-05-02 06:17:33 +0000
commit	ad31bb726b8a0c7934563c8abe99865a50d1946c (patch)
tree	db5003ac3bd2d3718df7f0ebd1c56565c9197186
parent	Add Bitwarden profile (#2673) (diff)
download	firejail-ad31bb726b8a0c7934563c8abe99865a50d1946c.tar.gz firejail-ad31bb726b8a0c7934563c8abe99865a50d1946c.tar.zst firejail-ad31bb726b8a0c7934563c8abe99865a50d1946c.zip

diff --git a/etc/min.profile b/etc/min.profile index c89df0a95..7f3aeab44 100644 --- a/etc/min.profile +++ b/etc/min.profile
@@ -8,47 +8,8 @@ include globals.local
8		8
9	noblacklist ${HOME}/.config/Min	9	noblacklist ${HOME}/.config/Min
10		10
11	noblacklist ${HOME}/.pki
12	noblacklist ${HOME}/.local/share/pki
13
14	# noexec ${HOME} breaks DRM binaries.
15	?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
16
17	include disable-common.inc
18	include disable-devel.inc
19	include disable-exec.inc
20	include disable-interpreters.inc
21	include disable-programs.inc
22
23	mkdir ${HOME}/.pki
24	mkdir ${HOME}/.config/Min	11	mkdir ${HOME}/.config/Min
25	mkdir ${HOME}/.local/share/pki
26	whitelist ${DOWNLOADS}
27	whitelist ${HOME}/.pki
28	whitelist ${HOME}/.config/Min	12	whitelist ${HOME}/.config/Min
29	whitelist ${HOME}/.local/share/pki
30	include whitelist-common.inc
31	include whitelist-var-common.inc
32
33	caps.drop all
34	netfilter
35	nodbus
36	nodvd
37	nogroups
38	nonewprivs
39	noroot
40	notv
41	nou2f
42	protocol unix,inet,inet6
43	seccomp
44	shell none
45
46	disable-mnt
47	# private-bin min
48	private-cache
49	private-dev
50	# private-etc below works fine on most distributions. There are some problems on CentOS.
51	private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
52	private-tmp
53		13
54	# memory-deny-write-execute	14	# Redirect
		15	include chromium-common.profile