diff options
author | Lockdis <45907176+Lockdis@users.noreply.github.com> | 2019-01-24 18:59:08 +0100 |
---|---|---|
committer | Lockdis <45907176+Lockdis@users.noreply.github.com> | 2019-01-24 18:59:08 +0100 |
commit | 8c8a62f238feba0151f780d8a788b1f01aa33b42 (patch) | |
tree | 53a9aebe33fe1404ab392f9d5628ad99b29e8e5b | |
parent | add crow (diff) | |
download | firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.tar.gz firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.tar.zst firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.zip |
Update nyx.profile, crow.profile
-rw-r--r-- | etc/crow.profile | 14 | ||||
-rw-r--r-- | etc/nyx.profile | 18 |
2 files changed, 8 insertions, 24 deletions
diff --git a/etc/crow.profile b/etc/crow.profile index 14145ffea..a8a00f596 100644 --- a/etc/crow.profile +++ b/etc/crow.profile | |||
@@ -1,16 +1,13 @@ | |||
1 | # Firejail profile for crow | 1 | # Firejail profile for crow |
2 | # Description: A translator that allows to translate and say selected text using Google, Yandex and Bing translate API | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include crow.local | 5 | include crow.local |
5 | # Persistent global definitions | 6 | # Persistent global definitions |
6 | include globals.local | 7 | include globals.local |
7 | 8 | ||
8 | noblacklist ${HOME}/.config/crow | ||
9 | noblacklist ${HOME}/.cache/gstreamer-1.0 | ||
10 | |||
11 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
12 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
13 | |||
14 | whitelist ${HOME}/.config/crow | 11 | whitelist ${HOME}/.config/crow |
15 | whitelist ${HOME}/.cache/gstreamer-1.0 | 12 | whitelist ${HOME}/.cache/gstreamer-1.0 |
16 | 13 | ||
@@ -23,35 +20,28 @@ include disable-xdg.inc | |||
23 | 20 | ||
24 | include whitelist-common.inc | 21 | include whitelist-common.inc |
25 | 22 | ||
26 | # apparmor | ||
27 | caps.drop all | 23 | caps.drop all |
28 | # ipc-namespace | 24 | ipc-namespace |
29 | netfilter | 25 | netfilter |
30 | no3d | 26 | no3d |
31 | nodbus | ||
32 | nodvd | 27 | nodvd |
33 | nogroups | 28 | nogroups |
34 | nonewprivs | 29 | nonewprivs |
35 | noroot | 30 | noroot |
36 | # nosound | ||
37 | notv | 31 | notv |
38 | nou2f | 32 | nou2f |
39 | novideo | 33 | novideo |
40 | protocol unix,inet,inet6,netlink | 34 | protocol unix,inet,inet6,netlink |
41 | seccomp | 35 | seccomp |
42 | shell none | 36 | shell none |
43 | # tracelog | ||
44 | 37 | ||
45 | disable-mnt | 38 | disable-mnt |
46 | private-bin crow | 39 | private-bin crow |
47 | # private-cache | ||
48 | private-dev | 40 | private-dev |
49 | private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies | 41 | private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies |
50 | # private-lib | ||
51 | private-opt none | 42 | private-opt none |
52 | private-tmp | 43 | private-tmp |
53 | private-srv none | 44 | private-srv none |
54 | 45 | ||
55 | # memory-deny-write-execute | ||
56 | noexec ${HOME} | 46 | noexec ${HOME} |
57 | noexec /tmp | 47 | noexec /tmp |
diff --git a/etc/nyx.profile b/etc/nyx.profile index aa3275a00..d5e1e1f84 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
@@ -1,20 +1,18 @@ | |||
1 | # Firejail profile for nyx | 1 | # Firejail profile for nyx |
2 | # Description: Command-line status monitor for tor | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include nyx.local | 5 | include nyx.local |
5 | # Persistent global definitions | 6 | # Persistent global definitions |
6 | include globals.local | 7 | include globals.local |
7 | 8 | ||
9 | noblacklist ${PATH}/python2* | ||
8 | noblacklist ${PATH}/python3* | 10 | noblacklist ${PATH}/python3* |
9 | noblacklist /usr/include/python3* | 11 | noblacklist /usr/lib/python2* |
10 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
11 | noblacklist /usr/local/lib/python3* | ||
12 | noblacklist /usr/share/python3* | ||
13 | 13 | ||
14 | noblacklist ${HOME}/.nyx | 14 | noblacklist ${HOME}/.nyx |
15 | |||
16 | mkdir ${HOME}/.nyx | 15 | mkdir ${HOME}/.nyx |
17 | |||
18 | whitelist ${HOME}/.nyx | 16 | whitelist ${HOME}/.nyx |
19 | 17 | ||
20 | include disable-common.inc | 18 | include disable-common.inc |
@@ -24,9 +22,8 @@ include disable-passwdmgr.inc | |||
24 | include disable-programs.inc | 22 | include disable-programs.inc |
25 | include disable-xdg.inc | 23 | include disable-xdg.inc |
26 | 24 | ||
27 | # apparmor | ||
28 | caps.drop all | 25 | caps.drop all |
29 | # ipc-namespace | 26 | ipc-namespace |
30 | netfilter | 27 | netfilter |
31 | no3d | 28 | no3d |
32 | nodbus | 29 | nodbus |
@@ -41,18 +38,15 @@ novideo | |||
41 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
42 | seccomp | 39 | seccomp |
43 | shell none | 40 | shell none |
44 | # tracelog | ||
45 | 41 | ||
46 | disable-mnt | 42 | disable-mnt |
47 | private-bin nyx,python | 43 | private-bin nyx,python* |
48 | private-cache | 44 | private-cache |
49 | private-dev | 45 | private-dev |
50 | private-etc passwd,tor | 46 | private-etc passwd,tor,fonts |
51 | # private-lib | ||
52 | private-opt none | 47 | private-opt none |
53 | private-srv none | 48 | private-srv none |
54 | private-tmp | 49 | private-tmp |
55 | 50 | ||
56 | # memory-deny-write-execute | ||
57 | noexec ${HOME} | 51 | noexec ${HOME} |
58 | noexec /tmp | 52 | noexec /tmp |