Baseline firejail 0.9.28

author: netblue30 <netblue30@yahoo.com> 2015-08-08 19:12:30 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-08-08 19:12:30 -0400
commit: 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch)
tree: f69b48e90708bfa3c2723d5a27ed3e024c827b43 /etc/generic.profile
parent: delete files (diff)
download: firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz
firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst
firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip
1 files changed, 41 insertions, 0 deletions
diff --git a/etc/generic.profile b/etc/generic.profile
new file mode 100644
index 000000000..83bf59e0a
--- /dev/null
+++ b/etc/generic.profile
@@ -0,0 +1,41 @@
+################################
+# Generic profile based on Firefox profile
+################################
+#include /etc/firejail/disable-mgmt.inc
+# system directories    
+blacklist /sbin
+blacklist /usr/sbin
+# system management
+blacklist ${PATH}/umount
+blacklist ${PATH}/mount
+blacklist ${PATH}/fusermount
+blacklist ${PATH}/su
+blacklist ${PATH}/sudo
+blacklist ${PATH}/xinput
+blacklist ${PATH}/strace
+#include /etc/firejail/disable-secret.inc
+# HOME directory
+blacklist ${HOME}/.ssh
+tmpfs ${HOME}/.gnome2_private
+blacklist ${HOME}/.gnome2/keyrings
+blacklist ${HOME}/kde4/share/apps/kwallet
+blacklist ${HOME}/kde/share/apps/kwallet
+blacklist ${HOME}/.pki/nssdb
+blacklist ${HOME}/.gnupg
+blacklist ${HOME}/.local/share/recently-used.xbel
+blacklist ${HOME}/.adobe
+blacklist ${HOME}/.macromedia
+blacklist ${HOME}/.mozilla
+blacklist ${HOME}/.icedove
+blacklist ${HOME}/.thunderbird
+blacklist ${HOME}/.config/opera
+blacklist ${HOME}/.config/chromium
+blacklist ${HOME}/.config/google-chrome
+caps.drop all
+seccomp
+netfilter
+noroot
author	netblue30 <netblue30@yahoo.com>	2015-08-08 19:12:30 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-08-08 19:12:30 -0400
commit	1379851360349d6617ad32944a25ee5e2bb74fc2 (patch)
tree	f69b48e90708bfa3c2723d5a27ed3e024c827b43 /etc/generic.profile
parent	delete files (diff)
download	firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip

diff --git a/etc/generic.profile b/etc/generic.profile new file mode 100644 index 000000000..83bf59e0a --- /dev/null +++ b/etc/generic.profile
@@ -0,0 +1,41 @@
	1	################################
	2	# Generic profile based on Firefox profile
	3	################################
	4	#include /etc/firejail/disable-mgmt.inc
	5	# system directories
	6	blacklist /sbin
	7	blacklist /usr/sbin
	8	# system management
	9	blacklist ${PATH}/umount
	10	blacklist ${PATH}/mount
	11	blacklist ${PATH}/fusermount
	12	blacklist ${PATH}/su
	13	blacklist ${PATH}/sudo
	14	blacklist ${PATH}/xinput
	15	blacklist ${PATH}/strace
	16
	17	#include /etc/firejail/disable-secret.inc
	18	# HOME directory
	19	blacklist ${HOME}/.ssh
	20	tmpfs ${HOME}/.gnome2_private
	21	blacklist ${HOME}/.gnome2/keyrings
	22	blacklist ${HOME}/kde4/share/apps/kwallet
	23	blacklist ${HOME}/kde/share/apps/kwallet
	24	blacklist ${HOME}/.pki/nssdb
	25	blacklist ${HOME}/.gnupg
	26	blacklist ${HOME}/.local/share/recently-used.xbel
	27
	28	blacklist ${HOME}/.adobe
	29	blacklist ${HOME}/.macromedia
	30	blacklist ${HOME}/.mozilla
	31	blacklist ${HOME}/.icedove
	32	blacklist ${HOME}/.thunderbird
	33	blacklist ${HOME}/.config/opera
	34	blacklist ${HOME}/.config/chromium
	35	blacklist ${HOME}/.config/google-chrome
	36
	37	caps.drop all
	38	seccomp
	39	netfilter
	40	noroot
	41