Add VS Code profile - see request in #1139

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2018-03-03 23:24:50 -0600
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2018-03-03 23:24:50 -0600
commit: f6502ebf237a54a9914c80f386f321772f0e8063 (patch)
tree: 695b98fd0f9ae82b37be083ccf89ef60c0b6c7c9 /etc/code.profile
parent: Add netlink to protocol list and drop chroot from seccomp filter - should fix... (diff)
download: firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.gz
firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.zst
firejail-f6502ebf237a54a9914c80f386f321772f0e8063.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/etc/code.profile b/etc/code.profile
new file mode 100644
index 000000000..af7d379ed
--- /dev/null
+++ b/etc/code.profile
@@ -0,0 +1,36 @@
+# Firejail profile for Visual Studio Code
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/code.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.vscode
+noblacklist ${HOME}/.config/Code
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+private-dev
+private-tmp
+# Disabling noexec ${HOME} for now since it will
+# probably interfere with running some programmes
+# in VS Code
+# noexec ${HOME}
+noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2018-03-03 23:24:50 -0600
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2018-03-03 23:24:50 -0600
commit	f6502ebf237a54a9914c80f386f321772f0e8063 (patch)
tree	695b98fd0f9ae82b37be083ccf89ef60c0b6c7c9 /etc/code.profile
parent	Add netlink to protocol list and drop chroot from seccomp filter - should fix... (diff)
download	firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.gz firejail-f6502ebf237a54a9914c80f386f321772f0e8063.tar.zst firejail-f6502ebf237a54a9914c80f386f321772f0e8063.zip

diff --git a/etc/code.profile b/etc/code.profile new file mode 100644 index 000000000..af7d379ed --- /dev/null +++ b/etc/code.profile
@@ -0,0 +1,36 @@
	1	# Firejail profile for Visual Studio Code
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/code.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ${HOME}/.vscode
	9	noblacklist ${HOME}/.config/Code
	10
	11	include /etc/firejail/disable-common.inc
	12	include /etc/firejail/disable-passwdmgr.inc
	13	include /etc/firejail/disable-programs.inc
	14
	15	caps.drop all
	16	net none
	17	netfilter
	18	nodvd
	19	nogroups
	20	nonewprivs
	21	noroot
	22	nosound
	23	notv
	24	novideo
	25	protocol unix,inet,inet6,netlink
	26	seccomp
	27	shell none
	28
	29	private-dev
	30	private-tmp
	31
	32	# Disabling noexec ${HOME} for now since it will
	33	# probably interfere with running some programmes
	34	# in VS Code
	35	# noexec ${HOME}
	36	noexec /tmp