diff options
author | 2017-01-20 09:20:11 -0500 | |
---|---|---|
committer | 2017-01-20 09:20:11 -0500 | |
commit | 4a1d906e89c0d0f8ebe6dce16b8b7c05f2c6084f (patch) | |
tree | 7eb2799926f69b94a0fc302194654e624a050c3a | |
parent | profile merges (diff) | |
download | firejail-4a1d906e89c0d0f8ebe6dce16b8b7c05f2c6084f.tar.gz firejail-4a1d906e89c0d0f8ebe6dce16b8b7c05f2c6084f.tar.zst firejail-4a1d906e89c0d0f8ebe6dce16b8b7c05f2c6084f.zip |
profile merges
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 5 | ||||
-rw-r--r-- | etc/vlc.profile | 2 | ||||
-rw-r--r-- | etc/xmms.profile | 11 | ||||
-rw-r--r-- | platform/debian/conffiles | 2 |
5 files changed, 15 insertions, 7 deletions
@@ -98,5 +98,5 @@ gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome- | |||
98 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, | 98 | goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, |
99 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 99 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
100 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 100 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
101 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser | 101 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms |
102 | 102 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 6a3586e81..de8a9bfe7 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -75,12 +75,9 @@ blacklist /etc/profile.d | |||
75 | blacklist /etc/rc.local | 75 | blacklist /etc/rc.local |
76 | blacklist /etc/anacrontab | 76 | blacklist /etc/anacrontab |
77 | 77 | ||
78 | # General startup files | 78 | # Startup files |
79 | read-only ${HOME}/.xinitrc | 79 | read-only ${HOME}/.xinitrc |
80 | read-only ${HOME}/.xserverrc | 80 | read-only ${HOME}/.xserverrc |
81 | read-only ${HOME}/.profile | ||
82 | |||
83 | # Shell startup files | ||
84 | read-only ${HOME}/.antigen | 81 | read-only ${HOME}/.antigen |
85 | read-only ${HOME}/.bash_login | 82 | read-only ${HOME}/.bash_login |
86 | read-only ${HOME}/.bashrc | 83 | read-only ${HOME}/.bashrc |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 2fd763f25..df9fcab03 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -8,7 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | 8 | ||
9 | caps.drop all | 9 | caps.drop all |
10 | netfilter | 10 | netfilter |
11 | nogroups | 11 | # nogroups |
12 | nonewprivs | 12 | nonewprivs |
13 | noroot | 13 | noroot |
14 | protocol unix,inet,inet6,netlink | 14 | protocol unix,inet,inet6,netlink |
diff --git a/etc/xmms.profile b/etc/xmms.profile new file mode 100644 index 000000000..4a482f49e --- /dev/null +++ b/etc/xmms.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # xmms media player profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nonewprivs | ||
9 | noroot | ||
10 | protocol unix,inet,inet6 | ||
11 | seccomp | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 6b07f72f8..61e72583e 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -243,4 +243,4 @@ | |||
243 | /etc/firejail/FossaMail.profile | 243 | /etc/firejail/FossaMail.profile |
244 | /etc/firejail/fossamail.profile | 244 | /etc/firejail/fossamail.profile |
245 | /etc/firejail/uzbl-browser.profile | 245 | /etc/firejail/uzbl-browser.profile |
246 | 246 | /etc/firejail/xmms.profile | |