diff options
| author |  Tad <tad@spotco.us> | 2017-08-07 01:22:08 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-08-07 01:22:08 -0400 |
| commit | 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch) | |
| tree | 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/geary.profile | |
| parent | various profile fixes (#1433) (diff) | |
| download | firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip | |
Unify all profiles
Diffstat (limited to 'etc/geary.profile')
| -rw-r--r-- | etc/geary.profile | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/etc/geary.profile b/etc/geary.profile index f655f0efe..5833e51cf 100644 --- a/etc/geary.profile +++ b/etc/geary.profile | |||
| @@ -1,28 +1,29 @@ | |||
| 1 | # Persistent global definitions go here | 1 | # Firejail profile for geary |
| 2 | include /etc/firejail/globals.local | 2 | # This file is overwritten after every install/update |
| 3 | 3 | # Persistent local customizations | |
| 4 | # This file is overwritten during software install. | ||
| 5 | # Persistent customizations should go in a .local file. | ||
| 6 | include /etc/firejail/geary.local | 4 | include /etc/firejail/geary.local |
| 7 | 5 | # Persistent global definitions | |
| 8 | # Firejail profile for Gnome Geary | 6 | include /etc/firejail/globals.local |
| 9 | # Users have Geary set to open a browser by clicking a link in an email | ||
| 10 | # We are not allowed to blacklist browser-specific directories | ||
| 11 | 7 | ||
| 12 | noblacklist ~/.gnupg | 8 | noblacklist ~/.gnupg |
| 13 | mkdir ~/.gnupg | ||
| 14 | whitelist ~/.gnupg | ||
| 15 | |||
| 16 | noblacklist ~/.local/share/geary | 9 | noblacklist ~/.local/share/geary |
| 10 | |||
| 11 | mkdir ~/.gnupg | ||
| 17 | mkdir ~/.local/share/geary | 12 | mkdir ~/.local/share/geary |
| 13 | whitelist ~/.config/mimeapps.list | ||
| 14 | whitelist ~/.gnupg | ||
| 15 | whitelist ~/.local/share/applications | ||
| 18 | whitelist ~/.local/share/geary | 16 | whitelist ~/.local/share/geary |
| 17 | include /etc/firejail/whitelist-common.inc | ||
| 18 | |||
| 19 | ignore private-tmp | ||
| 19 | 20 | ||
| 20 | whitelist ~/.config/mimeapps.list | ||
| 21 | read-only ~/.config/mimeapps.list | 21 | read-only ~/.config/mimeapps.list |
| 22 | whitelist ~/.local/share/applications | ||
| 23 | read-only ~/.local/share/applications | 22 | read-only ~/.local/share/applications |
| 24 | 23 | ||
| 25 | # allow browsers | ||
| 26 | ignore private-tmp | ||
| 27 | include /etc/firejail/firefox.profile | 24 | include /etc/firejail/firefox.profile |
| 28 | #include /etc/firejail/chromium.profile - chromium runs as suid! | 25 | |
| 26 | # CLOBBERED COMMENTS | ||
| 27 | # Users have Geary set to open a browser by clicking a link in an email | ||
| 28 | # We are not allowed to blacklist browser-specific directories | ||
| 29 | # allow browsers | ||