diff options
author | Adrian L. Shaw <adrianlshaw@gmail.com> | 2019-11-24 16:06:27 +0000 |
---|---|---|
committer | Adrian L. Shaw <adrianlshaw@gmail.com> | 2019-11-24 16:06:27 +0000 |
commit | 6041ee719a9496959ef820347ef5db0854efee50 (patch) | |
tree | e86bea0701502a5b1b72ca2e41209cb94872e901 /etc/profanity.profile | |
parent | Add profile for the Profanity chat client (diff) | |
download | firejail-6041ee719a9496959ef820347ef5db0854efee50.tar.gz firejail-6041ee719a9496959ef820347ef5db0854efee50.tar.zst firejail-6041ee719a9496959ef820347ef5db0854efee50.zip |
Sort and harden profanity profile
Diffstat (limited to 'etc/profanity.profile')
-rw-r--r-- | etc/profanity.profile | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/etc/profanity.profile b/etc/profanity.profile index 9ad7d9f92..b6c5f8102 100644 --- a/etc/profanity.profile +++ b/etc/profanity.profile | |||
@@ -1,33 +1,36 @@ | |||
1 | # Firejail profile for profanity | 1 | # Firejail profile for profanity |
2 | # Description: profanity is an XMPP-OTR chat client for the terminal | 2 | # Description: profanity is an XMPP chat client for the terminal |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include unzip.local | 6 | include profanity.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | ignore net none | ||
11 | |||
12 | include disable-common.inc | 10 | include disable-common.inc |
13 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | ||
14 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | include whitelist-usr-share-common.inc | ||
17 | include whitelist-var-common.inc | ||
17 | 18 | ||
18 | mkdir ${HOME}/.config/profanity | ||
19 | mkdir ${HOME}/.local/share/profanity | ||
20 | noblacklist ${HOME}/.config/profanity | 19 | noblacklist ${HOME}/.config/profanity |
21 | noblacklist ${HOME}/.local/share/profanity | 20 | noblacklist ${HOME}/.local/share/profanity |
22 | 21 | ||
23 | caps.drop all | 22 | caps.drop all |
24 | netfilter | 23 | netfilter |
24 | no3d | ||
25 | nodbus | ||
25 | nodvd | 26 | nodvd |
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
28 | noroot | 29 | noroot |
30 | nosound | ||
29 | notv | 31 | notv |
30 | nou2f | 32 | nou2f |
33 | novideo | ||
31 | protocol unix,inet,inet6 | 34 | protocol unix,inet,inet6 |
32 | seccomp | 35 | seccomp |
33 | shell none | 36 | shell none |
@@ -35,10 +38,7 @@ shell none | |||
35 | private-bin profanity | 38 | private-bin profanity |
36 | private-cache | 39 | private-cache |
37 | private-dev | 40 | private-dev |
38 | private-tmp | ||
39 | private-etc alternatives,localtime,mime.types,resolv.conf,ssl | 41 | private-etc alternatives,localtime,mime.types,resolv.conf,ssl |
42 | private-tmp | ||
40 | 43 | ||
41 | memory-deny-write-execute | 44 | memory-deny-write-execute |
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
44 | |||