diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-02 21:01:08 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-02 21:01:08 +0200 |
commit | 109b1865669ac1038454023762fb83cd0ebf6cca (patch) | |
tree | efd9bc13c2c6e7f583709e3d46f2e9fe120de9bf /etc/cower.profile | |
parent | many profile cleanups (2) (diff) | |
download | firejail-109b1865669ac1038454023762fb83cd0ebf6cca.tar.gz firejail-109b1865669ac1038454023762fb83cd0ebf6cca.tar.zst firejail-109b1865669ac1038454023762fb83cd0ebf6cca.zip |
many profile cleanups (3)
Diffstat (limited to 'etc/cower.profile')
-rw-r--r-- | etc/cower.profile | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/etc/cower.profile b/etc/cower.profile index bc1eeedc0..69575cea4 100644 --- a/etc/cower.profile +++ b/etc/cower.profile | |||
@@ -1,20 +1,13 @@ | |||
1 | # Firejail profile for cower | 1 | # Firejail profile for cower |
2 | # Description: a simple AUR agent with a pretentious name | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | |||
4 | # This profile could be significantly strengthened by adding the following to cower.local | ||
5 | # whitelist ${HOME}/<Your Build Folder> | ||
6 | # whitelist ${HOME}/.config/cower/ | ||
7 | |||
8 | quiet | 4 | quiet |
9 | |||
10 | # Persistent local customizations | 5 | # Persistent local customizations |
11 | include cower.local | 6 | include cower.local |
12 | # Persistent global definitions | 7 | # Persistent global definitions |
13 | include globals.local | 8 | include globals.local |
14 | 9 | ||
15 | noblacklist ${HOME}/.config/cower/config | 10 | noblacklist ${HOME}/.config/cower |
16 | read-only ${HOME}/.config/cower/config | ||
17 | |||
18 | noblacklist /var/lib/pacman | 11 | noblacklist /var/lib/pacman |
19 | 12 | ||
20 | include disable-common.inc | 13 | include disable-common.inc |
@@ -23,6 +16,11 @@ include disable-exec.inc | |||
23 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
24 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
25 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | ||
20 | |||
21 | # This profile could be significantly strengthened by adding the following to cower.local | ||
22 | # whitelist ${HOME}/<Your Build Folder> | ||
23 | # whitelist ${HOME}/.config/cower | ||
26 | 24 | ||
27 | caps.drop all | 25 | caps.drop all |
28 | ipc-namespace | 26 | ipc-namespace |
@@ -42,7 +40,9 @@ shell none | |||
42 | 40 | ||
43 | disable-mnt | 41 | disable-mnt |
44 | private-bin cower | 42 | private-bin cower |
43 | private-cache | ||
45 | private-dev | 44 | private-dev |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
48 | memory-deny-write-execute | 47 | memory-deny-write-execute |
48 | read-only ${HOME}/.config/cower/config | ||