diff options
| author |  Tad <tad@spotco.us> | 2018-01-12 22:45:35 -0500 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2018-01-12 22:45:35 -0500 |
| commit | 4f72a60e1add916d36ea4f201a178c157882d7b5 (patch) | |
| tree | 487814a8f322894fc2a43a52618a45bc0949f76d | |
| parent | fs_lib: don't ldd directories, part 2 (diff) | |
| download | firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.gz firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.zst firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.zip | |
Add a profile for Pitivi
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/pitivi.profile | 33 | ||||
| -rw-r--r-- | src/firecfg/firecfg.config | 1 |
3 files changed, 35 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 74e7e45a7..e6d425df2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -162,6 +162,7 @@ blacklist ${HOME}/.config/org.kde.gwenviewrc | |||
| 162 | blacklist ${HOME}/.config/pcmanfm | 162 | blacklist ${HOME}/.config/pcmanfm |
| 163 | blacklist ${HOME}/.config/pdfmod | 163 | blacklist ${HOME}/.config/pdfmod |
| 164 | blacklist ${HOME}/.config/Pinta | 164 | blacklist ${HOME}/.config/Pinta |
| 165 | blacklist ${HOME}/.config/pitivi | ||
| 165 | blacklist ${HOME}/.config/pix | 166 | blacklist ${HOME}/.config/pix |
| 166 | blacklist ${HOME}/.config/pluma | 167 | blacklist ${HOME}/.config/pluma |
| 167 | blacklist ${HOME}/.config/psi+ | 168 | blacklist ${HOME}/.config/psi+ |
diff --git a/etc/pitivi.profile b/etc/pitivi.profile new file mode 100644 index 000000000..f2640ed66 --- /dev/null +++ b/etc/pitivi.profile | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | # Firejail profile for pitivi | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | # Persistent local customizations | ||
| 4 | include /etc/firejail/pitivi.local | ||
| 5 | # Persistent global definitions | ||
| 6 | include /etc/firejail/globals.local | ||
| 7 | |||
| 8 | |||
| 9 | noblacklist ${HOME}/.config/pitivi | ||
| 10 | |||
| 11 | include /etc/firejail/disable-common.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | ||
| 15 | |||
| 16 | caps.drop all | ||
| 17 | ipc-namespace | ||
| 18 | netfilter | ||
| 19 | nodvd | ||
| 20 | nogroups | ||
| 21 | nonewprivs | ||
| 22 | noroot | ||
| 23 | notv | ||
| 24 | novideo | ||
| 25 | protocol unix | ||
| 26 | seccomp | ||
| 27 | shell none | ||
| 28 | |||
| 29 | private-dev | ||
| 30 | private-tmp | ||
| 31 | |||
| 32 | noexec ${HOME} | ||
| 33 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2871ce5b8..6f6dd3f06 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
| @@ -268,6 +268,7 @@ ping | |||
| 268 | pingus | 268 | pingus |
| 269 | pinta | 269 | pinta |
| 270 | pithos | 270 | pithos |
| 271 | pitivi | ||
| 271 | pix | 272 | pix |
| 272 | pluma | 273 | pluma |
| 273 | polari | 274 | polari |