diff options
author | Tad <tad@spotco.us> | 2018-01-12 22:45:35 -0500 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-01-12 22:45:35 -0500 |
commit | 4f72a60e1add916d36ea4f201a178c157882d7b5 (patch) | |
tree | 487814a8f322894fc2a43a52618a45bc0949f76d | |
parent | fs_lib: don't ldd directories, part 2 (diff) | |
download | firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.gz firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.zst firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.zip |
Add a profile for Pitivi
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/pitivi.profile | 33 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
3 files changed, 35 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 74e7e45a7..e6d425df2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -162,6 +162,7 @@ blacklist ${HOME}/.config/org.kde.gwenviewrc | |||
162 | blacklist ${HOME}/.config/pcmanfm | 162 | blacklist ${HOME}/.config/pcmanfm |
163 | blacklist ${HOME}/.config/pdfmod | 163 | blacklist ${HOME}/.config/pdfmod |
164 | blacklist ${HOME}/.config/Pinta | 164 | blacklist ${HOME}/.config/Pinta |
165 | blacklist ${HOME}/.config/pitivi | ||
165 | blacklist ${HOME}/.config/pix | 166 | blacklist ${HOME}/.config/pix |
166 | blacklist ${HOME}/.config/pluma | 167 | blacklist ${HOME}/.config/pluma |
167 | blacklist ${HOME}/.config/psi+ | 168 | blacklist ${HOME}/.config/psi+ |
diff --git a/etc/pitivi.profile b/etc/pitivi.profile new file mode 100644 index 000000000..f2640ed66 --- /dev/null +++ b/etc/pitivi.profile | |||
@@ -0,0 +1,33 @@ | |||
1 | # Firejail profile for pitivi | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/pitivi.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | |||
9 | noblacklist ${HOME}/.config/pitivi | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | |||
16 | caps.drop all | ||
17 | ipc-namespace | ||
18 | netfilter | ||
19 | nodvd | ||
20 | nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | notv | ||
24 | novideo | ||
25 | protocol unix | ||
26 | seccomp | ||
27 | shell none | ||
28 | |||
29 | private-dev | ||
30 | private-tmp | ||
31 | |||
32 | noexec ${HOME} | ||
33 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2871ce5b8..6f6dd3f06 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -268,6 +268,7 @@ ping | |||
268 | pingus | 268 | pingus |
269 | pinta | 269 | pinta |
270 | pithos | 270 | pithos |
271 | pitivi | ||
271 | pix | 272 | pix |
272 | pluma | 273 | pluma |
273 | polari | 274 | polari |