diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
commit | 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch) | |
tree | f69b48e90708bfa3c2723d5a27ed3e024c827b43 /etc/generic.profile | |
parent | delete files (diff) | |
download | firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip |
Baseline firejail 0.9.28
Diffstat (limited to 'etc/generic.profile')
-rw-r--r-- | etc/generic.profile | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/etc/generic.profile b/etc/generic.profile new file mode 100644 index 000000000..83bf59e0a --- /dev/null +++ b/etc/generic.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | ################################ | ||
2 | # Generic profile based on Firefox profile | ||
3 | ################################ | ||
4 | #include /etc/firejail/disable-mgmt.inc | ||
5 | # system directories | ||
6 | blacklist /sbin | ||
7 | blacklist /usr/sbin | ||
8 | # system management | ||
9 | blacklist ${PATH}/umount | ||
10 | blacklist ${PATH}/mount | ||
11 | blacklist ${PATH}/fusermount | ||
12 | blacklist ${PATH}/su | ||
13 | blacklist ${PATH}/sudo | ||
14 | blacklist ${PATH}/xinput | ||
15 | blacklist ${PATH}/strace | ||
16 | |||
17 | #include /etc/firejail/disable-secret.inc | ||
18 | # HOME directory | ||
19 | blacklist ${HOME}/.ssh | ||
20 | tmpfs ${HOME}/.gnome2_private | ||
21 | blacklist ${HOME}/.gnome2/keyrings | ||
22 | blacklist ${HOME}/kde4/share/apps/kwallet | ||
23 | blacklist ${HOME}/kde/share/apps/kwallet | ||
24 | blacklist ${HOME}/.pki/nssdb | ||
25 | blacklist ${HOME}/.gnupg | ||
26 | blacklist ${HOME}/.local/share/recently-used.xbel | ||
27 | |||
28 | blacklist ${HOME}/.adobe | ||
29 | blacklist ${HOME}/.macromedia | ||
30 | blacklist ${HOME}/.mozilla | ||
31 | blacklist ${HOME}/.icedove | ||
32 | blacklist ${HOME}/.thunderbird | ||
33 | blacklist ${HOME}/.config/opera | ||
34 | blacklist ${HOME}/.config/chromium | ||
35 | blacklist ${HOME}/.config/google-chrome | ||
36 | |||
37 | caps.drop all | ||
38 | seccomp | ||
39 | netfilter | ||
40 | noroot | ||
41 | |||