Create nitroshare.profile

author: glitsj16 <glitsj16@users.noreply.github.com> 2018-10-13 03:50:31 +0000
committer: GitHub <noreply@github.com> 2018-10-13 03:50:31 +0000
commit: 51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b (patch)
tree: 7c46c4428d5ec4df33bfc70c7127a6eb64074ef0
parent: fs_whitelist: no warning if macro resolution fails because of missing homedir (diff)
download: firejail-51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b.tar.gz
firejail-51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b.tar.zst
firejail-51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile
new file mode 100644
index 000000000..f02599ac6
--- /dev/null
+++ b/etc/nitroshare.profile
@@ -0,0 +1,50 @@
+# Firejail profile for nitroshare
+# Description: Network File Transfer Application
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/nitroshare.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/Nathan Osman
+noblacklist ${HOME}/.config/NitroShare
+# Allow python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+no3d
+# nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+disable-mnt
+private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui
+private-cache
+private-dev
+private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl
+# private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare
+private-tmp
+# memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2018-10-13 03:50:31 +0000
committer	GitHub <noreply@github.com>	2018-10-13 03:50:31 +0000
commit	51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b (patch)
tree	7c46c4428d5ec4df33bfc70c7127a6eb64074ef0
parent	fs_whitelist: no warning if macro resolution fails because of missing homedir (diff)
download	firejail-51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b.tar.gz firejail-51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b.tar.zst firejail-51a2fcf36e89f7ca401cf3df7ae86ed49eb6158b.zip

diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile new file mode 100644 index 000000000..f02599ac6 --- /dev/null +++ b/etc/nitroshare.profile
@@ -0,0 +1,50 @@
	1	# Firejail profile for nitroshare
	2	# Description: Network File Transfer Application
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include /etc/firejail/nitroshare.local
	6	# Persistent global definitions
	7	include /etc/firejail/globals.local
	8
	9	noblacklist ${HOME}/.config/Nathan Osman
	10	noblacklist ${HOME}/.config/NitroShare
	11
	12	# Allow python (blacklisted by disable-interpreters.inc)
	13	noblacklist ${PATH}/python2*
	14	noblacklist ${PATH}/python3*
	15	noblacklist /usr/lib/python2*
	16	noblacklist /usr/lib/python3*
	17
	18	include /etc/firejail/disable-common.inc
	19	include /etc/firejail/disable-devel.inc
	20	include /etc/firejail/disable-interpreters.inc
	21	include /etc/firejail/disable-passwdmgr.inc
	22	include /etc/firejail/disable-programs.inc
	23
	24	caps.drop all
	25	netfilter
	26	no3d
	27	# nodbus
	28	nodvd
	29	nogroups
	30	nonewprivs
	31	noroot
	32	nosound
	33	notv
	34	nou2f
	35	novideo
	36	protocol unix,inet,inet6,netlink
	37	seccomp
	38	shell none
	39
	40	disable-mnt
	41	private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui
	42	private-cache
	43	private-dev
	44	private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl
	45	# private-lib libnitroshare.so.,libqhttpengine.so.,libqmdnsengine.so.*,nitroshare
	46	private-tmp
	47
	48	# memory-deny-write-execute
	49	noexec ${HOME}
	50	noexec /tmp