diff options
| author |  valoq <valoq@mailbox.org> | 2016-11-19 21:57:42 +0100 |
|---|---|---|
| committer | valoq <valoq@mailbox.org> | 2016-11-19 21:57:42 +0100 |
| commit | fa10ab0e093a4224b16491273b0162b0e0a77a3a (patch) | |
| tree | b04a3501e2a119ede58b2bc58aedbd8d0d9cc772 /etc/gnome-books.profile | |
| parent | various fixes (diff) | |
| download | firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.tar.gz firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.tar.zst firejail-fa10ab0e093a4224b16491273b0162b0e0a77a3a.zip | |
many new profiles
Diffstat (limited to 'etc/gnome-books.profile')
| -rw-r--r-- | etc/gnome-books.profile | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile new file mode 100644 index 000000000..10b06e173 --- /dev/null +++ b/etc/gnome-books.profile | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | # gnome-books profile | ||
| 2 | |||
| 3 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | ||
| 4 | |||
| 5 | noblacklist ~/.cache/org.gnome.Books | ||
| 6 | |||
| 7 | include /etc/firejail/disable-common.inc | ||
| 8 | include /etc/firejail/disable-programs.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | ||
| 11 | |||
| 12 | caps.drop all | ||
| 13 | nogroups | ||
| 14 | nonewprivs | ||
| 15 | noroot | ||
| 16 | nosound | ||
| 17 | protocol unix | ||
| 18 | seccomp | ||
| 19 | netfilter | ||
| 20 | shell none | ||
| 21 | tracelog | ||
| 22 | |||
| 23 | # private-bin gjs gnome-books | ||
| 24 | private-tmp | ||
| 25 | private-dev | ||
| 26 | private-etc fonts | ||