Unify all profiles

author: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
committer: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
commit: 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree: 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/dino.profile
parent: various profile fixes (#1433) (diff)
download: firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
1 files changed, 8 insertions, 10 deletions
diff --git a/etc/dino.profile b/etc/dino.profile
index 94563fa1d..0501cd408 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -1,11 +1,10 @@
-# Persistent global definitions go here
+# Firejail profile for dino
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/dino.local
+# Persistent global definitions
+include /etc/firejail/globals.local
-# Firejail profile for Dino
 noblacklist ${HOME}/.local/share/dino
 include /etc/firejail/disable-common.inc
@@ -13,13 +12,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-whitelist ${HOME}/Downloads
 mkdir ${HOME}/.local/share/dino
 whitelist ${HOME}/.local/share/dino
+whitelist ${HOME}/Downloads
 include /etc/firejail/whitelist-common.inc
 caps.drop all
-#ipc-namespace
 netfilter
 no3d
 nogroups
@@ -31,11 +29,11 @@ protocol unix,inet,inet6
 seccomp
 shell none
+disable-mnt
 private-bin dino
-#private-etc fonts #breaks server connection
 private-dev
+# private-etc fonts # breaks server connection
 private-tmp
-disable-mnt
 noexec ${HOME}
 noexec /tmp
author	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
committer	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
commit	9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree	0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/dino.profile
parent	various profile fixes (#1433) (diff)
download	firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip

diff --git a/etc/dino.profile b/etc/dino.profile index 94563fa1d..0501cd408 100644 --- a/etc/dino.profile +++ b/etc/dino.profile
@@ -1,11 +1,10 @@
1	# Persistent global definitions go here	1	# Firejail profile for dino
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/dino.local	4	include /etc/firejail/dino.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	# Firejail profile for Dino
9	noblacklist ${HOME}/.local/share/dino	8	noblacklist ${HOME}/.local/share/dino
10		9
11	include /etc/firejail/disable-common.inc	10	include /etc/firejail/disable-common.inc
@@ -13,13 +12,12 @@ include /etc/firejail/disable-devel.inc
13	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
14	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
15		14
16	whitelist ${HOME}/Downloads
17	mkdir ${HOME}/.local/share/dino	15	mkdir ${HOME}/.local/share/dino
18	whitelist ${HOME}/.local/share/dino	16	whitelist ${HOME}/.local/share/dino
		17	whitelist ${HOME}/Downloads
19	include /etc/firejail/whitelist-common.inc	18	include /etc/firejail/whitelist-common.inc
20		19
21	caps.drop all	20	caps.drop all
22	#ipc-namespace
23	netfilter	21	netfilter
24	no3d	22	no3d
25	nogroups	23	nogroups
@@ -31,11 +29,11 @@ protocol unix,inet,inet6
31	seccomp	29	seccomp
32	shell none	30	shell none
33		31
		32	disable-mnt
34	private-bin dino	33	private-bin dino
35	#private-etc fonts #breaks server connection
36	private-dev	34	private-dev
		35	# private-etc fonts # breaks server connection
37	private-tmp	36	private-tmp
38	disable-mnt
39		37
40	noexec ${HOME}	38	noexec ${HOME}
41	noexec /tmp	39	noexec /tmp