Merge branch 'master' of https://github.com/Lockdis/firejail into lockdis_ipc_fixes

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2019-02-16 10:34:54 -0600
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2019-02-16 10:34:54 -0600
commit: 6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2 (patch)
tree: 69c136de5dd79c05c9704c8be381bd89c5418f5d /etc/nyx.profile
parent: Merge pull request #2402 from glitsj16/snap (diff)
parent: Update nyx.profile, crow.profile (diff)
download: firejail-6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2.tar.gz
firejail-6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2.tar.zst
firejail-6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2.zip
1 files changed, 52 insertions, 0 deletions
diff --git a/etc/nyx.profile b/etc/nyx.profile
new file mode 100644
index 000000000..d5e1e1f84
--- /dev/null
+++ b/etc/nyx.profile
@@ -0,0 +1,52 @@
+# Firejail profile for nyx
+# Description: Command-line status monitor for tor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nyx.local
+# Persistent global definitions
+include globals.local
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+noblacklist ${HOME}/.nyx
+mkdir ${HOME}/.nyx
+whitelist ${HOME}/.nyx
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin nyx,python*
+private-cache
+private-dev
+private-etc passwd,tor,fonts
+private-opt none
+private-srv none
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2019-02-16 10:34:54 -0600
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2019-02-16 10:34:54 -0600
commit	6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2 (patch)
tree	69c136de5dd79c05c9704c8be381bd89c5418f5d /etc/nyx.profile
parent	Merge pull request #2402 from glitsj16/snap (diff)
parent	Update nyx.profile, crow.profile (diff)
download	firejail-6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2.tar.gz firejail-6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2.tar.zst firejail-6ea7c5bc4fc6e44c475ea59fb76b79fa150407c2.zip

diff --git a/etc/nyx.profile b/etc/nyx.profile new file mode 100644 index 000000000..d5e1e1f84 --- /dev/null +++ b/etc/nyx.profile
@@ -0,0 +1,52 @@
	1	# Firejail profile for nyx
	2	# Description: Command-line status monitor for tor
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include nyx.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${PATH}/python2*
	10	noblacklist ${PATH}/python3*
	11	noblacklist /usr/lib/python2*
	12	noblacklist /usr/lib/python3*
	13
	14	noblacklist ${HOME}/.nyx
	15	mkdir ${HOME}/.nyx
	16	whitelist ${HOME}/.nyx
	17
	18	include disable-common.inc
	19	include disable-devel.inc
	20	include disable-interpreters.inc
	21	include disable-passwdmgr.inc
	22	include disable-programs.inc
	23	include disable-xdg.inc
	24
	25	caps.drop all
	26	ipc-namespace
	27	netfilter
	28	no3d
	29	nodbus
	30	nodvd
	31	nogroups
	32	nonewprivs
	33	noroot
	34	nosound
	35	notv
	36	nou2f
	37	novideo
	38	protocol unix,inet,inet6
	39	seccomp
	40	shell none
	41
	42	disable-mnt
	43	private-bin nyx,python*
	44	private-cache
	45	private-dev
	46	private-etc passwd,tor,fonts
	47	private-opt none
	48	private-srv none
	49	private-tmp
	50
	51	noexec ${HOME}
	52	noexec /tmp