diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-30 16:01:49 -0400 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2016-10-30 16:01:49 -0400 |
| commit | 8ad201fe9dd40c7743c2362065166a959c660edf (patch) | |
| tree | 7e8e51daa0ae54b6a38454165d8ca4123866ee15 | |
| parent | major cleanup (diff) | |
| parent | Merge remote-tracking branch 'upstream/master' (diff) | |
| download | firejail-8ad201fe9dd40c7743c2362065166a959c660edf.tar.gz firejail-8ad201fe9dd40c7743c2362065166a959c660edf.tar.zst firejail-8ad201fe9dd40c7743c2362065166a959c660edf.zip | |
Merge pull request #881 from valoq/master
Added profiles for display (imagemagick) and wire
| -rw-r--r-- | etc/Wire.profile | 22 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/display.profile | 23 |
3 files changed, 46 insertions, 0 deletions
diff --git a/etc/Wire.profile b/etc/Wire.profile new file mode 100644 index 000000000..b488d75e4 --- /dev/null +++ b/etc/Wire.profile | |||
| @@ -0,0 +1,22 @@ | |||
| 1 | # wire messenger profile | ||
| 2 | |||
| 3 | noblacklist ~/.config/Wire | ||
| 4 | |||
| 5 | include /etc/firejail/disable-common.inc | ||
| 6 | include /etc/firejail/disable-programs.inc | ||
| 7 | include /etc/firejail/disable-devel.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | |||
| 10 | caps.drop all | ||
| 11 | netfilter | ||
| 12 | nonewprivs | ||
| 13 | nogroups | ||
| 14 | noroot | ||
| 15 | protocol unix,inet,inet6,netlink | ||
| 16 | seccomp | ||
| 17 | shell none | ||
| 18 | |||
| 19 | private-tmp | ||
| 20 | private-dev | ||
| 21 | |||
| 22 | # please note: the wire binary is currently identified with a capital W. This might change in future versions | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6e22fe04d..0d9bd1bb4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -106,6 +106,7 @@ blacklist ${HOME}/.config/Slack | |||
| 106 | blacklist ${HOME}/.cache/gajim | 106 | blacklist ${HOME}/.cache/gajim |
| 107 | blacklist ${HOME}/.local/share/gajim | 107 | blacklist ${HOME}/.local/share/gajim |
| 108 | blacklist ${HOME}/.config/gajim | 108 | blacklist ${HOME}/.config/gajim |
| 109 | blacklist ${HOME}/.config/Wire | ||
| 109 | 110 | ||
| 110 | # Games | 111 | # Games |
| 111 | blacklist ${HOME}/.hedgewars | 112 | blacklist ${HOME}/.hedgewars |
diff --git a/etc/display.profile b/etc/display.profile new file mode 100644 index 000000000..ec041bff7 --- /dev/null +++ b/etc/display.profile | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | # display (ImageMagick tool) image viewer profile | ||
| 2 | include /etc/firejail/disable-common.inc | ||
| 3 | include /etc/firejail/disable-programs.inc | ||
| 4 | include /etc/firejail/disable-devel.inc | ||
| 5 | include /etc/firejail/disable-passwdmgr.inc | ||
| 6 | |||
| 7 | caps.drop all | ||
| 8 | seccomp | ||
| 9 | protocol unix | ||
| 10 | netfilter | ||
| 11 | net none | ||
| 12 | nonewprivs | ||
| 13 | noroot | ||
| 14 | nogroups | ||
| 15 | nosound | ||
| 16 | shell none | ||
| 17 | x11 xorg | ||
| 18 | |||
| 19 | private-bin display | ||
| 20 | private-tmp | ||
| 21 | private-dev | ||
| 22 | private-etc none | ||
| 23 | |||