Add a profile for arm

author: Tad <tad@spotco.us> 2017-07-29 10:08:56 -0400
committer: Tad <tad@spotco.us> 2017-07-29 10:08:56 -0400
commit: b553272fac9b205bf5a3192b799a4d79e6fedcee (patch)
tree: 0fb7a9e99fe9cb9d83d945bbfd6942dea032fe13 /etc/arm.profile
parent: merges (diff)
download: firejail-b553272fac9b205bf5a3192b799a4d79e6fedcee.tar.gz
firejail-b553272fac9b205bf5a3192b799a4d79e6fedcee.tar.zst
firejail-b553272fac9b205bf5a3192b799a4d79e6fedcee.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/etc/arm.profile b/etc/arm.profile
new file mode 100644
index 000000000..3000c35d7
--- /dev/null
+++ b/etc/arm.profile
@@ -0,0 +1,42 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/arm.local
+# Firejail profile for arm
+noblacklist ${HOME}/.arm
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.arm
+whitelist ${HOME}/.arm
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+#private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig
+private-dev
+private-etc tor,passwd
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-07-29 10:08:56 -0400
committer	Tad <tad@spotco.us>	2017-07-29 10:08:56 -0400
commit	b553272fac9b205bf5a3192b799a4d79e6fedcee (patch)
tree	0fb7a9e99fe9cb9d83d945bbfd6942dea032fe13 /etc/arm.profile
parent	merges (diff)
download	firejail-b553272fac9b205bf5a3192b799a4d79e6fedcee.tar.gz firejail-b553272fac9b205bf5a3192b799a4d79e6fedcee.tar.zst firejail-b553272fac9b205bf5a3192b799a4d79e6fedcee.zip

diff --git a/etc/arm.profile b/etc/arm.profile new file mode 100644 index 000000000..3000c35d7 --- /dev/null +++ b/etc/arm.profile
@@ -0,0 +1,42 @@
	1	# Persistent global definitions go here
	2	include /etc/firejail/globals.local
	3
	4	# This file is overwritten during software install.
	5	# Persistent customizations should go in a .local file.
	6	include /etc/firejail/arm.local
	7
	8	# Firejail profile for arm
	9
	10	noblacklist ${HOME}/.arm
	11
	12	include /etc/firejail/disable-common.inc
	13	include /etc/firejail/disable-devel.inc
	14	include /etc/firejail/disable-passwdmgr.inc
	15	include /etc/firejail/disable-programs.inc
	16
	17	mkdir ${HOME}/.arm
	18	whitelist ${HOME}/.arm
	19	include /etc/firejail/whitelist-common.inc
	20
	21	caps.drop all
	22	ipc-namespace
	23	netfilter
	24	no3d
	25	nogroups
	26	nonewprivs
	27	noroot
	28	nosound
	29	novideo
	30	protocol unix,inet,inet6
	31	seccomp
	32	shell none
	33	tracelog
	34
	35	disable-mnt
	36	#private-bin arm,tor,sh,python2,python2.7,ps,lsof,ldconfig
	37	private-dev
	38	private-etc tor,passwd
	39	private-tmp
	40
	41	noexec ${HOME}
	42	noexec /tmp