diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-01-02 23:04:28 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-02 23:04:28 +0000 |
commit | 3f94dd1d4769f413d5390198b2bba14e821f03bb (patch) | |
tree | c36a2a7ee9757eed31f53ccf4b44422c7fa443e8 /etc/artha.profile | |
parent | Extra hardening for wget (diff) | |
download | firejail-3f94dd1d4769f413d5390198b2bba14e821f03bb.tar.gz firejail-3f94dd1d4769f413d5390198b2bba14e821f03bb.tar.zst firejail-3f94dd1d4769f413d5390198b2bba14e821f03bb.zip |
Fix artha
I intentionally wanted to have this as a 'whitelist' profile. The only snag is that artha seems to generate ${HOME}/.config/artha.config.XXXXXX that I cannot whitelist upfront. Added notes to highlight this behaviour.
Diffstat (limited to 'etc/artha.profile')
-rw-r--r-- | etc/artha.profile | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/artha.profile b/etc/artha.profile index 5bbba354e..f8d0f2aa1 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -7,6 +7,7 @@ include artha.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/artha.conf | 9 | noblacklist ${HOME}/.config/artha.conf |
10 | noblacklist ${HOME}/.config/artha.log | ||
10 | noblacklist ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
11 | 12 | ||
12 | blacklist /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
@@ -19,9 +20,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 20 | include disable-programs.inc |
20 | include disable-xdg.inc | 21 | include disable-xdg.inc |
21 | 22 | ||
23 | # this 'whitelist' profile could make settings immutable | ||
24 | # either turn it into a 'blacklist' profile by commenting the lines below | ||
25 | # or set your preferences by running artha without firejail once | ||
22 | mkfile ${HOME}/.config/artha.conf | 26 | mkfile ${HOME}/.config/artha.conf |
23 | mkdir ${HOME}/.config/enchant | 27 | mkdir ${HOME}/.config/enchant |
24 | whitelist ${HOME}/.config/artha.conf | 28 | whitelist ${HOME}/.config/artha.conf |
29 | whitelist ${HOME}/.config/artha.log | ||
25 | whitelist ${HOME}/.config/enchant | 30 | whitelist ${HOME}/.config/enchant |
26 | whitelist /usr/share/artha | 31 | whitelist /usr/share/artha |
27 | whitelist /usr/share/wordnet | 32 | whitelist /usr/share/wordnet |
@@ -46,6 +51,7 @@ novideo | |||
46 | protocol unix | 51 | protocol unix |
47 | seccomp | 52 | seccomp |
48 | shell none | 53 | shell none |
54 | tracelog | ||
49 | 55 | ||
50 | disable-mnt | 56 | disable-mnt |
51 | private-bin artha,enchant,notify-send | 57 | private-bin artha,enchant,notify-send |