many new profiles

author: valoq <valoq@mailbox.org> 2016-11-19 21:57:42 +0100
committer: valoq <valoq@mailbox.org> 2016-11-19 21:57:42 +0100
commit: fa10ab0e093a4224b16491273b0162b0e0a77a3a (patch)
tree: b04a3501e2a119ede58b2bc58aedbd8d0d9cc772 /etc/gjs.profile
parent: various fixes (diff)
download: firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.tar.gz
firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.tar.zst
firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/gjs.profile b/etc/gjs.profile
new file mode 100644
index 000000000..8d71728a2
--- /dev/null
+++ b/etc/gjs.profile
@@ -0,0 +1,28 @@
+# gjs (gnome javascript bindings) profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/org.gnome.Books
+noblacklist ~/.config/libreoffice
+noblacklist ~/.local/share/gnome-photos
+noblacklist ~/.cache/libgweather
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
+private-tmp
+private-dev
+# private-etc fonts
author	valoq <valoq@mailbox.org>	2016-11-19 21:57:42 +0100
committer	valoq <valoq@mailbox.org>	2016-11-19 21:57:42 +0100
commit	fa10ab0e093a4224b16491273b0162b0e0a77a3a (patch)
tree	b04a3501e2a119ede58b2bc58aedbd8d0d9cc772 /etc/gjs.profile
parent	various fixes (diff)
download	firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.tar.gz firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.tar.zst firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.zip

diff --git a/etc/gjs.profile b/etc/gjs.profile new file mode 100644 index 000000000..8d71728a2 --- /dev/null +++ b/etc/gjs.profile
@@ -0,0 +1,28 @@
	1	# gjs (gnome javascript bindings) profile
	2
	3	# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
	4
	5	noblacklist ~/.cache/org.gnome.Books
	6	noblacklist ~/.config/libreoffice
	7	noblacklist ~/.local/share/gnome-photos
	8	noblacklist ~/.cache/libgweather
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-programs.inc
	12	include /etc/firejail/disable-devel.inc
	13	include /etc/firejail/disable-passwdmgr.inc
	14
	15	caps.drop all
	16	nogroups
	17	nonewprivs
	18	noroot
	19	protocol unix,inet,inet6
	20	seccomp
	21	netfilter
	22	shell none
	23	tracelog
	24
	25	# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
	26	private-tmp
	27	private-dev
	28	# private-etc fonts