Add new profile for d-feet (#2492)

* Create d-feet.profile * Add d-feet config to disable-programs.inc * Add d-feet to firecfg
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-03-01 04:43:32 +0000
committer: GitHub <noreply@github.com> 2019-03-01 04:43:32 +0000
commit: cf5f2bce410be2b944211e0a4567ccd03adc702f (patch)
tree: 1c47bedce000279c44abb964bdd7d7ea63a08aa3 /etc/d-feet.profile
parent: Add new profile for seahorse (#2491) (diff)
download: firejail-cf5f2bce410be2b944211e0a4567ccd03adc702f.tar.gz
firejail-cf5f2bce410be2b944211e0a4567ccd03adc702f.tar.zst
firejail-cf5f2bce410be2b944211e0a4567ccd03adc702f.zip
1 files changed, 55 insertions, 0 deletions
diff --git a/etc/d-feet.profile b/etc/d-feet.profile
new file mode 100644
index 000000000..8526f1b0b
--- /dev/null
+++ b/etc/d-feet.profile
@@ -0,0 +1,55 @@
+# Firejail profile for d-feet
+# Description: D-Bus debugger for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include d-feet.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/d-feet
+# Allow python (disabled by disable-interpreters.inc)
+#noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+#noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+# nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+disable-mnt
+private-bin d-feet,python*
+private-cache
+private-dev
+private-etc alternatives,dbus-1,fonts
+private-tmp
+# memory-deny-write-execute - Breaks on Arch
+noexec ${HOME}
+noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-03-01 04:43:32 +0000
committer	GitHub <noreply@github.com>	2019-03-01 04:43:32 +0000
commit	cf5f2bce410be2b944211e0a4567ccd03adc702f (patch)
tree	1c47bedce000279c44abb964bdd7d7ea63a08aa3 /etc/d-feet.profile
parent	Add new profile for seahorse (#2491) (diff)
download	firejail-cf5f2bce410be2b944211e0a4567ccd03adc702f.tar.gz firejail-cf5f2bce410be2b944211e0a4567ccd03adc702f.tar.zst firejail-cf5f2bce410be2b944211e0a4567ccd03adc702f.zip

diff --git a/etc/d-feet.profile b/etc/d-feet.profile new file mode 100644 index 000000000..8526f1b0b --- /dev/null +++ b/etc/d-feet.profile
@@ -0,0 +1,55 @@
	1	# Firejail profile for d-feet
	2	# Description: D-Bus debugger for GNOME
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include d-feet.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/d-feet
	10
	11	# Allow python (disabled by disable-interpreters.inc)
	12	#noblacklist ${PATH}/python2*
	13	noblacklist ${PATH}/python3*
	14	#noblacklist /usr/lib/python2*
	15	noblacklist /usr/lib/python3*
	16
	17	include disable-common.inc
	18	include disable-devel.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	include whitelist-common.inc
	25	include whitelist-var-common.inc
	26
	27	apparmor
	28	caps.drop all
	29	ipc-namespace
	30	machine-id
	31	net none
	32	no3d
	33	# nodbus
	34	nodvd
	35	nogroups
	36	nonewprivs
	37	noroot
	38	nosound
	39	notv
	40	nou2f
	41	novideo
	42	protocol unix
	43	seccomp
	44	shell none
	45
	46	disable-mnt
	47	private-bin d-feet,python*
	48	private-cache
	49	private-dev
	50	private-etc alternatives,dbus-1,fonts
	51	private-tmp
	52
	53	# memory-deny-write-execute - Breaks on Arch
	54	noexec ${HOME}
	55	noexec /tmp