Add a profile for Pitivi

author: Tad <tad@spotco.us> 2018-01-12 22:45:35 -0500
committer: Tad <tad@spotco.us> 2018-01-12 22:45:35 -0500
commit: 4f72a60e1add916d36ea4f201a178c157882d7b5 (patch)
tree: 487814a8f322894fc2a43a52618a45bc0949f76d /etc/pitivi.profile
parent: fs_lib: don't ldd directories, part 2 (diff)
download: firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.gz
firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.zst
firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/etc/pitivi.profile b/etc/pitivi.profile
new file mode 100644
index 000000000..f2640ed66
--- /dev/null
+++ b/etc/pitivi.profile
@@ -0,0 +1,33 @@
+# Firejail profile for pitivi
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/pitivi.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/pitivi
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2018-01-12 22:45:35 -0500
committer	Tad <tad@spotco.us>	2018-01-12 22:45:35 -0500
commit	4f72a60e1add916d36ea4f201a178c157882d7b5 (patch)
tree	487814a8f322894fc2a43a52618a45bc0949f76d /etc/pitivi.profile
parent	fs_lib: don't ldd directories, part 2 (diff)
download	firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.gz firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.tar.zst firejail-4f72a60e1add916d36ea4f201a178c157882d7b5.zip

diff --git a/etc/pitivi.profile b/etc/pitivi.profile new file mode 100644 index 000000000..f2640ed66 --- /dev/null +++ b/etc/pitivi.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for pitivi
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/pitivi.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8
	9	noblacklist ${HOME}/.config/pitivi
	10
	11	include /etc/firejail/disable-common.inc
	12	include /etc/firejail/disable-devel.inc
	13	include /etc/firejail/disable-passwdmgr.inc
	14	include /etc/firejail/disable-programs.inc
	15
	16	caps.drop all
	17	ipc-namespace
	18	netfilter
	19	nodvd
	20	nogroups
	21	nonewprivs
	22	noroot
	23	notv
	24	novideo
	25	protocol unix
	26	seccomp
	27	shell none
	28
	29	private-dev
	30	private-tmp
	31
	32	noexec ${HOME}
	33	noexec /tmp