Add barrier profile (#3115)

* Add barrier.profile * Add newline before special options * Modify description * Add disable mount to barrier.profile * Address feedback from rusty-snake * Remove stray carriage return * Add noexec for /home/user and /tmp * Don't blacklist openssl * Remove redundant rules
author: Adrian L. Shaw <adrianlshaw@gmail.com> 2020-01-04 12:13:20 +0000
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2020-01-04 12:13:20 +0000
commit: 108eea75093e8a9fe8c9bd30027bf35e3d7559a1 (patch)
tree: 2163fe47a83e7241b3893c378b05eb26f5158d20 /etc/barrier.profile
parent: Gentoo fixes (#3120) (diff)
download: firejail-108eea75093e8a9fe8c9bd30027bf35e3d7559a1.tar.gz
firejail-108eea75093e8a9fe8c9bd30027bf35e3d7559a1.tar.zst
firejail-108eea75093e8a9fe8c9bd30027bf35e3d7559a1.zip
1 files changed, 45 insertions, 0 deletions
diff --git a/etc/barrier.profile b/etc/barrier.profile
new file mode 100644
index 000000000..a35bb1e09
--- /dev/null
+++ b/etc/barrier.profile
@@ -0,0 +1,45 @@
+# Firejail profile for barrier
+# Description: Keyboard and mouse sharing application
+# This file is overwritten after every install/update
+# Persistent local customizations
+include barrier.local
+# Persistent global definitions
+include globals.local 
+noblacklist ${HOME}/.config/Debauchee/Barrier.conf
+noblacklist ${HOME}/.local/share/barrier
+noblacklist ${PATH}/openssl
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-dev
+private-cache
+private-tmp
+memory-deny-write-execute
author	Adrian L. Shaw <adrianlshaw@gmail.com>	2020-01-04 12:13:20 +0000
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2020-01-04 12:13:20 +0000
commit	108eea75093e8a9fe8c9bd30027bf35e3d7559a1 (patch)
tree	2163fe47a83e7241b3893c378b05eb26f5158d20 /etc/barrier.profile
parent	Gentoo fixes (#3120) (diff)
download	firejail-108eea75093e8a9fe8c9bd30027bf35e3d7559a1.tar.gz firejail-108eea75093e8a9fe8c9bd30027bf35e3d7559a1.tar.zst firejail-108eea75093e8a9fe8c9bd30027bf35e3d7559a1.zip

diff --git a/etc/barrier.profile b/etc/barrier.profile new file mode 100644 index 000000000..a35bb1e09 --- /dev/null +++ b/etc/barrier.profile
@@ -0,0 +1,45 @@
	1	# Firejail profile for barrier
	2	# Description: Keyboard and mouse sharing application
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include barrier.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/Debauchee/Barrier.conf
	10	noblacklist ${HOME}/.local/share/barrier
	11	noblacklist ${PATH}/openssl
	12
	13	include disable-common.inc
	14	include disable-devel.inc
	15	include disable-exec.inc
	16	include disable-interpreters.inc
	17	include disable-passwdmgr.inc
	18	include disable-programs.inc
	19	include disable-xdg.inc
	20
	21	include whitelist-var-common.inc
	22
	23	caps.drop all
	24	machine-id
	25	netfilter
	26	no3d
	27	nodvd
	28	nogroups
	29	nonewprivs
	30	noroot
	31	nosound
	32	notv
	33	nou2f
	34	novideo
	35	protocol unix,inet,inet6,netlink
	36	seccomp
	37	shell none
	38	tracelog
	39
	40	disable-mnt
	41	private-dev
	42	private-cache
	43	private-tmp
	44
	45	memory-deny-write-execute