Add falkon profile - see #1794

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2018-03-05 13:04:03 -0600
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2018-03-05 13:04:03 -0600
commit: 45e044c275aab65c3f9c97a479733ab1db8f4ed2 (patch)
tree: 8cd354b714292636c84c15efd323d8d2bf7a266c /etc/falkon.profile
parent: Fix #1797 - Brave doesn't open with noexec /tmp (diff)
download: firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.tar.gz
firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.tar.zst
firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.zip
1 files changed, 37 insertions, 0 deletions
diff --git a/etc/falkon.profile b/etc/falkon.profile
new file mode 100644
index 000000000..03484382a
--- /dev/null
+++ b/etc/falkon.profile
@@ -0,0 +1,37 @@
+# Firejail profile for falkon
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/falkon.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.cache/falkon
+noblacklist ${HOME}/.config/falkon
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/falkon
+whitelist ~/.config/falkon
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2018-03-05 13:04:03 -0600
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2018-03-05 13:04:03 -0600
commit	45e044c275aab65c3f9c97a479733ab1db8f4ed2 (patch)
tree	8cd354b714292636c84c15efd323d8d2bf7a266c /etc/falkon.profile
parent	Fix #1797 - Brave doesn't open with noexec /tmp (diff)
download	firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.tar.gz firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.tar.zst firejail-45e044c275aab65c3f9c97a479733ab1db8f4ed2.zip

diff --git a/etc/falkon.profile b/etc/falkon.profile new file mode 100644 index 000000000..03484382a --- /dev/null +++ b/etc/falkon.profile
@@ -0,0 +1,37 @@
	1	# Firejail profile for falkon
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/falkon.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ${HOME}/.cache/falkon
	9	noblacklist ${HOME}/.config/falkon
	10
	11	include /etc/firejail/disable-common.inc
	12	include /etc/firejail/disable-devel.inc
	13	include /etc/firejail/disable-passwdmgr.inc
	14	include /etc/firejail/disable-programs.inc
	15
	16	whitelist ${DOWNLOADS}
	17	whitelist ~/.cache/falkon
	18	whitelist ~/.config/falkon
	19	include /etc/firejail/whitelist-common.inc
	20	include /etc/firejail/whitelist-var-common.inc
	21
	22	caps.drop all
	23	netfilter
	24	nodvd
	25	nogroups
	26	nonewprivs
	27	noroot
	28	notv
	29	protocol unix,inet,inet6,netlink
	30	seccomp
	31	tracelog
	32
	33	private-dev
	34	private-tmp
	35
	36	noexec ${HOME}
	37	noexec /tmp