diff options
| author |  netblue30 <netblue30@yahoo.com> | 2020-03-19 15:30:29 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2020-03-19 15:30:29 -0400 |
| commit | b3a5fa8025326fbff56fd27459b292e4062b6d65 (patch) | |
| tree | 76996b4511d8a6143ac231a226b69310a03fd258 | |
| parent | new profiles: ripperx, sound-juicer (diff) | |
| parent | extend default.profile (diff) | |
| download | firejail-b3a5fa8025326fbff56fd27459b292e4062b6d65.tar.gz firejail-b3a5fa8025326fbff56fd27459b292e4062b6d65.tar.zst firejail-b3a5fa8025326fbff56fd27459b292e4062b6d65.zip | |
Merge branch 'master' of https://github.com/netblue30/firejail
| -rw-r--r-- | etc/baobab.profile | 1 | ||||
| -rw-r--r-- | etc/default.profile | 10 | ||||
| -rw-r--r-- | etc/gitg.profile | 8 |
3 files changed, 18 insertions, 1 deletions
diff --git a/etc/baobab.profile b/etc/baobab.profile index 18c862a4d..d87de9d66 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
| @@ -29,6 +29,7 @@ novideo | |||
| 29 | protocol unix | 29 | protocol unix |
| 30 | seccomp | 30 | seccomp |
| 31 | shell none | 31 | shell none |
| 32 | tracelog | ||
| 32 | 33 | ||
| 33 | private-bin baobab | 34 | private-bin baobab |
| 34 | private-dev | 35 | private-dev |
diff --git a/etc/default.profile b/etc/default.profile index 95a6e8095..7731b6e00 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
| @@ -16,6 +16,11 @@ include disable-passwdmgr.inc | |||
| 16 | include disable-programs.inc | 16 | include disable-programs.inc |
| 17 | # include disable-xdg.inc | 17 | # include disable-xdg.inc |
| 18 | 18 | ||
| 19 | # include whitelist-common.inc | ||
| 20 | # include whitelist-usr-share-common.inc | ||
| 21 | # include whitelist-runuser-common.inc | ||
| 22 | # include whitelist-var-common.inc | ||
| 23 | |||
| 19 | # apparmor | 24 | # apparmor |
| 20 | caps.drop all | 25 | caps.drop all |
| 21 | # ipc-namespace | 26 | # ipc-namespace |
| @@ -42,8 +47,11 @@ seccomp | |||
| 42 | # private-bin program | 47 | # private-bin program |
| 43 | # private-cache | 48 | # private-cache |
| 44 | # private-dev | 49 | # private-dev |
| 45 | # private-etc alternatives | 50 | # see /usr/share/doc/firejail/profile.template for more common private-etc paths. |
| 51 | # private-etc alternatives,fonts,machine-id | ||
| 46 | # private-lib | 52 | # private-lib |
| 53 | # private-opt none | ||
| 47 | # private-tmp | 54 | # private-tmp |
| 48 | 55 | ||
| 49 | # memory-deny-write-execute | 56 | # memory-deny-write-execute |
| 57 | # read-only ${HOME} | ||
diff --git a/etc/gitg.profile b/etc/gitg.profile index 56f8e136f..3c6f9d72f 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
| @@ -19,6 +19,14 @@ include disable-interpreters.inc | |||
| 19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 20 | include disable-programs.inc | 20 | include disable-programs.inc |
| 21 | 21 | ||
| 22 | #whitelist ${HOME}/YOUR_GIT_PROJECTS_DIRECTORY | ||
| 23 | #whitelist ${HOME}/.config/git | ||
| 24 | #whitelist ${HOME}/.gitconfig | ||
| 25 | #whitelist ${HOME}/.git-credentials | ||
| 26 | #whitelist ${HOME}/.local/share/gitg | ||
| 27 | #whitelist ${HOME}/.ssh | ||
| 28 | #include whitelist-common.inc | ||
| 29 | |||
| 22 | whitelist /usr/share/gitg | 30 | whitelist /usr/share/gitg |
| 23 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
| 24 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |