Unify all profiles

author: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
committer: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
commit: 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree: 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/git.profile
parent: various profile fixes (#1433) (diff)
download: firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
1 files changed, 12 insertions, 13 deletions
diff --git a/etc/git.profile b/etc/git.profile
index 5fa3ef95e..a565f3b5a 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -1,35 +1,34 @@
+# Firejail profile for git
+# This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
+include /etc/firejail/git.local
+# Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
-# Persistent customizations should go in a .local file.
-include /etc/firejail/git.local
-# git profile
-noblacklist ~/.gitconfig
-noblacklist ~/.ssh
-noblacklist ~/.gnupg
 noblacklist ~/.emacs
 noblacklist ~/.emacs.d
-noblacklist ~/.viminfo
+noblacklist ~/.gitconfig
+noblacklist ~/.gnupg
+noblacklist ~/.ssh
 noblacklist ~/.vim
+noblacklist ~/.viminfo
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
-no3d
 protocol unix,inet,inet6
 seccomp
 shell none
-blacklist /tmp/.X11-unix
 private-dev
author	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
committer	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
commit	9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree	0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/git.profile
parent	various profile fixes (#1433) (diff)
download	firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip

diff --git a/etc/git.profile b/etc/git.profile index 5fa3ef95e..a565f3b5a 100644 --- a/etc/git.profile +++ b/etc/git.profile
@@ -1,35 +1,34 @@
		1	# Firejail profile for git
		2	# This file is overwritten after every install/update
1	quiet	3	quiet
2	# Persistent global definitions go here	4	# Persistent local customizations
		5	include /etc/firejail/git.local
		6	# Persistent global definitions
3	include /etc/firejail/globals.local	7	include /etc/firejail/globals.local
4		8
5	# This file is overwritten during software install.	9	blacklist /tmp/.X11-unix
6	# Persistent customizations should go in a .local file.
7	include /etc/firejail/git.local
8		10
9	# git profile
10	noblacklist ~/.gitconfig
11	noblacklist ~/.ssh
12	noblacklist ~/.gnupg
13	noblacklist ~/.emacs	11	noblacklist ~/.emacs
14	noblacklist ~/.emacs.d	12	noblacklist ~/.emacs.d
15	noblacklist ~/.viminfo	13	noblacklist ~/.gitconfig
		14	noblacklist ~/.gnupg
		15	noblacklist ~/.ssh
16	noblacklist ~/.vim	16	noblacklist ~/.vim
		17	noblacklist ~/.viminfo
17		18
18	include /etc/firejail/disable-common.inc	19	include /etc/firejail/disable-common.inc
19	include /etc/firejail/disable-programs.inc
20	include /etc/firejail/disable-passwdmgr.inc	20	include /etc/firejail/disable-passwdmgr.inc
		21	include /etc/firejail/disable-programs.inc
21		22
22	caps.drop all	23	caps.drop all
23	netfilter	24	netfilter
		25	no3d
24	nogroups	26	nogroups
25	nonewprivs	27	nonewprivs
26	noroot	28	noroot
27	nosound	29	nosound
28	no3d
29	protocol unix,inet,inet6	30	protocol unix,inet,inet6
30	seccomp	31	seccomp
31	shell none	32	shell none
32		33
33	blacklist /tmp/.X11-unix
34
35	private-dev	34	private-dev