diff options
author | avoidr <avoidr@users.noreply.github.com> | 2015-12-06 15:33:39 +0100 |
---|---|---|
committer | avoidr <avoidr@users.noreply.github.com> | 2015-12-06 15:33:39 +0100 |
commit | f332fe2614980e1d50e59e9429ff88ac49ec137c (patch) | |
tree | e04f45a524501e30ccde780f9e23260a7eb4cf22 | |
parent | malloc memory fix (diff) | |
download | firejail-f332fe2614980e1d50e59e9429ff88ac49ec137c.tar.gz firejail-f332fe2614980e1d50e59e9429ff88ac49ec137c.tar.zst firejail-f332fe2614980e1d50e59e9429ff88ac49ec137c.zip |
add parole.profile
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | etc/parole.profile | 17 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
3 files changed, 19 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in index 59fe34f60..8c1a21e9a 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -127,6 +127,7 @@ realinstall: | |||
127 | install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 127 | install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
128 | install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 128 | install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
129 | install -c -m 0644 .etc/rtorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 129 | install -c -m 0644 .etc/rtorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
130 | install -c -m 0644 .etc/parole.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
130 | bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 131 | bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
131 | rm -fr .etc | 132 | rm -fr .etc |
132 | # man pages | 133 | # man pages |
diff --git a/etc/parole.profile b/etc/parole.profile new file mode 100644 index 000000000..24181c8d6 --- /dev/null +++ b/etc/parole.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # Profile for Parole, the default XFCE4 media player | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | private-etc passwd,group,fonts | ||
7 | private-bin parole,dbus-launch | ||
8 | blacklist ${HOME}/.pki/nssdb | ||
9 | blacklist ${HOME}/.lastpass | ||
10 | blacklist ${HOME}/.keepassx | ||
11 | blacklist ${HOME}/.password-store | ||
12 | caps.drop all | ||
13 | seccomp | ||
14 | protocol unix,inet,inet6 | ||
15 | netfilter | ||
16 | noroot | ||
17 | shell none | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index bda064f60..47b84d207 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -53,3 +53,4 @@ | |||
53 | /etc/firejail/weechat-curses.profile | 53 | /etc/firejail/weechat-curses.profile |
54 | /etc/firejail/hexchat.profile | 54 | /etc/firejail/hexchat.profile |
55 | /etc/firejail/rtorrent.profile | 55 | /etc/firejail/rtorrent.profile |
56 | /etc/firejail/parole.profile | ||