diff options
| author |  Lockdis <45907176+Lockdis@users.noreply.github.com> | 2019-01-24 18:59:08 +0100 |
|---|---|---|
| committer | Lockdis <45907176+Lockdis@users.noreply.github.com> | 2019-01-24 18:59:08 +0100 |
| commit | 8c8a62f238feba0151f780d8a788b1f01aa33b42 (patch) | |
| tree | 53a9aebe33fe1404ab392f9d5628ad99b29e8e5b | |
| parent | add crow (diff) | |
| download | firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.tar.gz firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.tar.zst firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.zip | |
Update nyx.profile, crow.profile
| -rw-r--r-- | etc/crow.profile | 14 | ||||
| -rw-r--r-- | etc/nyx.profile | 18 |
2 files changed, 8 insertions, 24 deletions
diff --git a/etc/crow.profile b/etc/crow.profile index 14145ffea..a8a00f596 100644 --- a/etc/crow.profile +++ b/etc/crow.profile | |||
| @@ -1,16 +1,13 @@ | |||
| 1 | # Firejail profile for crow | 1 | # Firejail profile for crow |
| 2 | # Description: A translator that allows to translate and say selected text using Google, Yandex and Bing translate API | ||
| 2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 4 | # Persistent local customizations |
| 4 | include crow.local | 5 | include crow.local |
| 5 | # Persistent global definitions | 6 | # Persistent global definitions |
| 6 | include globals.local | 7 | include globals.local |
| 7 | 8 | ||
| 8 | noblacklist ${HOME}/.config/crow | ||
| 9 | noblacklist ${HOME}/.cache/gstreamer-1.0 | ||
| 10 | |||
| 11 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
| 12 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
| 13 | |||
| 14 | whitelist ${HOME}/.config/crow | 11 | whitelist ${HOME}/.config/crow |
| 15 | whitelist ${HOME}/.cache/gstreamer-1.0 | 12 | whitelist ${HOME}/.cache/gstreamer-1.0 |
| 16 | 13 | ||
| @@ -23,35 +20,28 @@ include disable-xdg.inc | |||
| 23 | 20 | ||
| 24 | include whitelist-common.inc | 21 | include whitelist-common.inc |
| 25 | 22 | ||
| 26 | # apparmor | ||
| 27 | caps.drop all | 23 | caps.drop all |
| 28 | # ipc-namespace | 24 | ipc-namespace |
| 29 | netfilter | 25 | netfilter |
| 30 | no3d | 26 | no3d |
| 31 | nodbus | ||
| 32 | nodvd | 27 | nodvd |
| 33 | nogroups | 28 | nogroups |
| 34 | nonewprivs | 29 | nonewprivs |
| 35 | noroot | 30 | noroot |
| 36 | # nosound | ||
| 37 | notv | 31 | notv |
| 38 | nou2f | 32 | nou2f |
| 39 | novideo | 33 | novideo |
| 40 | protocol unix,inet,inet6,netlink | 34 | protocol unix,inet,inet6,netlink |
| 41 | seccomp | 35 | seccomp |
| 42 | shell none | 36 | shell none |
| 43 | # tracelog | ||
| 44 | 37 | ||
| 45 | disable-mnt | 38 | disable-mnt |
| 46 | private-bin crow | 39 | private-bin crow |
| 47 | # private-cache | ||
| 48 | private-dev | 40 | private-dev |
| 49 | private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies | 41 | private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies |
| 50 | # private-lib | ||
| 51 | private-opt none | 42 | private-opt none |
| 52 | private-tmp | 43 | private-tmp |
| 53 | private-srv none | 44 | private-srv none |
| 54 | 45 | ||
| 55 | # memory-deny-write-execute | ||
| 56 | noexec ${HOME} | 46 | noexec ${HOME} |
| 57 | noexec /tmp | 47 | noexec /tmp |
diff --git a/etc/nyx.profile b/etc/nyx.profile index aa3275a00..d5e1e1f84 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
| @@ -1,20 +1,18 @@ | |||
| 1 | # Firejail profile for nyx | 1 | # Firejail profile for nyx |
| 2 | # Description: Command-line status monitor for tor | ||
| 2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 4 | # Persistent local customizations |
| 4 | include nyx.local | 5 | include nyx.local |
| 5 | # Persistent global definitions | 6 | # Persistent global definitions |
| 6 | include globals.local | 7 | include globals.local |
| 7 | 8 | ||
| 9 | noblacklist ${PATH}/python2* | ||
| 8 | noblacklist ${PATH}/python3* | 10 | noblacklist ${PATH}/python3* |
| 9 | noblacklist /usr/include/python3* | 11 | noblacklist /usr/lib/python2* |
| 10 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
| 11 | noblacklist /usr/local/lib/python3* | ||
| 12 | noblacklist /usr/share/python3* | ||
| 13 | 13 | ||
| 14 | noblacklist ${HOME}/.nyx | 14 | noblacklist ${HOME}/.nyx |
| 15 | |||
| 16 | mkdir ${HOME}/.nyx | 15 | mkdir ${HOME}/.nyx |
| 17 | |||
| 18 | whitelist ${HOME}/.nyx | 16 | whitelist ${HOME}/.nyx |
| 19 | 17 | ||
| 20 | include disable-common.inc | 18 | include disable-common.inc |
| @@ -24,9 +22,8 @@ include disable-passwdmgr.inc | |||
| 24 | include disable-programs.inc | 22 | include disable-programs.inc |
| 25 | include disable-xdg.inc | 23 | include disable-xdg.inc |
| 26 | 24 | ||
| 27 | # apparmor | ||
| 28 | caps.drop all | 25 | caps.drop all |
| 29 | # ipc-namespace | 26 | ipc-namespace |
| 30 | netfilter | 27 | netfilter |
| 31 | no3d | 28 | no3d |
| 32 | nodbus | 29 | nodbus |
| @@ -41,18 +38,15 @@ novideo | |||
| 41 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
| 42 | seccomp | 39 | seccomp |
| 43 | shell none | 40 | shell none |
| 44 | # tracelog | ||
| 45 | 41 | ||
| 46 | disable-mnt | 42 | disable-mnt |
| 47 | private-bin nyx,python | 43 | private-bin nyx,python* |
| 48 | private-cache | 44 | private-cache |
| 49 | private-dev | 45 | private-dev |
| 50 | private-etc passwd,tor | 46 | private-etc passwd,tor,fonts |
| 51 | # private-lib | ||
| 52 | private-opt none | 47 | private-opt none |
| 53 | private-srv none | 48 | private-srv none |
| 54 | private-tmp | 49 | private-tmp |
| 55 | 50 | ||
| 56 | # memory-deny-write-execute | ||
| 57 | noexec ${HOME} | 51 | noexec ${HOME} |
| 58 | noexec /tmp | 52 | noexec /tmp |