added lxterminal profile

author: netblue30 <netblue30@yahoo.com> 2016-02-12 17:55:26 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-12 17:55:26 -0500
commit: 5dd4748076b6016b0faf0a99485e99a2134b5b06 (patch)
tree: 11ada466619363823b8bfb1588f48f71f632c473 /etc/lxterminal.profile
parent: split out terminal blacklisting in disable-terminals.inc (diff)
download: firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.gz
firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.zst
firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
new file mode 100644
index 000000000..a614a8dbf
--- /dev/null
+++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
+# lxterminal (LXDE) profile
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.password-store
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+#noroot - somehow this breaks on Debian Jessie!
+# lxterminal is a single-instence program
+# blacklist any existing lxterminal socket in order to force a second process instance
+blacklist /tmp/.lxterminal-socket*
author	netblue30 <netblue30@yahoo.com>	2016-02-12 17:55:26 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-12 17:55:26 -0500
commit	5dd4748076b6016b0faf0a99485e99a2134b5b06 (patch)
tree	11ada466619363823b8bfb1588f48f71f632c473 /etc/lxterminal.profile
parent	split out terminal blacklisting in disable-terminals.inc (diff)
download	firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.gz firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.tar.zst firejail-5dd4748076b6016b0faf0a99485e99a2134b5b06.zip

diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile new file mode 100644 index 000000000..a614a8dbf --- /dev/null +++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
	1	# lxterminal (LXDE) profile
	2
	3	include /etc/firejail/disable-mgmt.inc
	4	include /etc/firejail/disable-secret.inc
	5	include /etc/firejail/disable-common.inc
	6	blacklist ${HOME}/.pki/nssdb
	7	blacklist ${HOME}/.lastpass
	8	blacklist ${HOME}/.keepassx
	9	blacklist ${HOME}/.password-store
	10	caps.drop all
	11	seccomp
	12	protocol unix,inet,inet6
	13	netfilter
	14
	15	#noroot - somehow this breaks on Debian Jessie!
	16
	17	# lxterminal is a single-instence program
	18	# blacklist any existing lxterminal socket in order to force a second process instance
	19	blacklist /tmp/.lxterminal-socket*