diff options
author | Tad <tad@spotco.us> | 2017-08-07 14:24:51 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-08-07 14:29:40 -0400 |
commit | 39dc3c893b5d895ed9db9071dd47b3de7b28f2fd (patch) | |
tree | b76dbe39efe41bded67e3fe95d030b277d4a0236 /etc/baloo_file.profile | |
parent | Fix comments in 88 profiles (diff) | |
download | firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.tar.gz firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.tar.zst firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.zip |
Unify last 8 profiles
Diffstat (limited to 'etc/baloo_file.profile')
-rw-r--r-- | etc/baloo_file.profile | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 2fe6d1927..9c2909b0f 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -1,21 +1,21 @@ | |||
1 | # Persistent global definitions go here | 1 | # Firejail profile for baloo_file |
2 | include /etc/firejail/globals.local | 2 | # This file is overwritten after every install/update |
3 | 3 | # Persistent local customizations | |
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/baloo_file.local | 4 | include /etc/firejail/baloo_file.local |
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 7 | ||
8 | # KDE Baloo file daemon profile | 8 | noblacklist ${HOME}/.config/baloofilerc |
9 | noblacklist ${HOME}/.kde4/share/config/baloofilerc | ||
10 | noblacklist ${HOME}/.kde4/share/config/baloorc | ||
11 | noblacklist ${HOME}/.kde/share/config/baloofilerc | 9 | noblacklist ${HOME}/.kde/share/config/baloofilerc |
12 | noblacklist ${HOME}/.kde/share/config/baloorc | 10 | noblacklist ${HOME}/.kde/share/config/baloorc |
13 | noblacklist ${HOME}/.config/baloofilerc | 11 | noblacklist ${HOME}/.kde4/share/config/baloofilerc |
12 | noblacklist ${HOME}/.kde4/share/config/baloorc | ||
14 | noblacklist ${HOME}/.local/share/baloo | 13 | noblacklist ${HOME}/.local/share/baloo |
14 | |||
15 | include /etc/firejail/disable-common.inc | 15 | include /etc/firejail/disable-common.inc |
16 | include /etc/firejail/disable-programs.inc | ||
17 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
18 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | ||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | nogroups | 21 | nogroups |
@@ -26,7 +26,6 @@ novideo | |||
26 | protocol unix | 26 | protocol unix |
27 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 27 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
28 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old | 28 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old |
29 | |||
30 | x11 xorg | 29 | x11 xorg |
31 | 30 | ||
32 | private-dev | 31 | private-dev |
@@ -37,6 +36,6 @@ noexec /tmp | |||
37 | 36 | ||
38 | # Make home directory read-only and allow writing only to ~/.local/share | 37 | # Make home directory read-only and allow writing only to ~/.local/share |
39 | # Note: Baloo will not be able to update the "first run" key in its configuration files. | 38 | # Note: Baloo will not be able to update the "first run" key in its configuration files. |
40 | #read-only ${HOME} | 39 | # noexec ${HOME}/.local/share |
41 | #read-write ${HOME}/.local/share | 40 | # read-only ${HOME} |
42 | #noexec ${HOME}/.local/share | 41 | # read-write ${HOME}/.local/share |