diff options
author | Tad <tad@spotco.us> | 2017-09-21 08:04:49 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-09-21 08:04:49 -0400 |
commit | 17a2edf9be3d1144db1a262c5358bf190c9b272b (patch) | |
tree | c6eb1fdf9e1a0b0326493f63f55b6dcff22e415d | |
parent | Merge branch 'master' of http://github.com/netblue30/firejail (diff) | |
download | firejail-17a2edf9be3d1144db1a262c5358bf190c9b272b.tar.gz firejail-17a2edf9be3d1144db1a262c5358bf190c9b272b.tar.zst firejail-17a2edf9be3d1144db1a262c5358bf190c9b272b.zip |
Add a profile for arch-audit
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | arch-audit.profile | 40 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
3 files changed, 42 insertions, 1 deletions
@@ -180,4 +180,4 @@ calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, | |||
180 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, | 180 | calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, |
181 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, | 181 | imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, |
182 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, | 182 | ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, |
183 | conky | 183 | conky, arch-audit |
diff --git a/arch-audit.profile b/arch-audit.profile new file mode 100644 index 000000000..d8ed64811 --- /dev/null +++ b/arch-audit.profile | |||
@@ -0,0 +1,40 @@ | |||
1 | # Firejail profile for arch-audit | ||
2 | # This file is overwritten after every install/update | ||
3 | quiet | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/arch-audit.local | ||
6 | # Persistent global definitions | ||
7 | include /etc/firejail/globals.local | ||
8 | |||
9 | |||
10 | noblacklist /var/lib/pacman | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | include /etc/firejail/disable-programs.inc | ||
16 | |||
17 | caps.drop all | ||
18 | ipc-namespace | ||
19 | netfilter | ||
20 | no3d | ||
21 | nodvd | ||
22 | nogroups | ||
23 | nonewprivs | ||
24 | noroot | ||
25 | nosound | ||
26 | notv | ||
27 | novideo | ||
28 | protocol unix,inet,inet6 | ||
29 | seccomp | ||
30 | shell none | ||
31 | |||
32 | disable-mnt | ||
33 | private | ||
34 | private-bin arch-audit | ||
35 | private-dev | ||
36 | private-tmp | ||
37 | |||
38 | memory-deny-write-execute | ||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 95fc14d04..e4e3e4972 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -20,6 +20,7 @@ amarok | |||
20 | amule | 20 | amule |
21 | android-studio | 21 | android-studio |
22 | apktool | 22 | apktool |
23 | arch-audit | ||
23 | ardour4 | 24 | ardour4 |
24 | ardour5 | 25 | ardour5 |
25 | arduino | 26 | arduino |