reorganize github etc directory

author: netblue30 <netblue30@yahoo.com> 2020-04-21 08:24:28 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-04-21 08:24:28 -0400
commit: 018d75775eab4a0f045949a9d069c57686ca2686 (patch)
tree: aac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-a-l/artha.profile
parent: small fixes (diff)
download: firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz
firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst
firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip
1 files changed, 65 insertions, 0 deletions
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
new file mode 100644
index 000000000..19a4771aa
--- /dev/null
+++ b/etc/profile-a-l/artha.profile
@@ -0,0 +1,65 @@
+# Firejail profile for artha
+# Description: A free cross-platform English thesaurus based on WordNet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include artha.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/artha.conf
+noblacklist ${HOME}/.config/artha.log
+noblacklist ${HOME}/.config/enchant
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+# whitelisting in ${HOME} makes settings immutable, see #3112
+#mkfile ${HOME}/.config/artha.conf
+#mkdir ${HOME}/.config/enchant
+#whitelist ${HOME}/.config/artha.conf
+#whitelist ${HOME}/.config/artha.log
+#whitelist ${HOME}/.config/enchant
+whitelist /usr/share/artha
+whitelist /usr/share/wordnet
+#include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+# net none - breaks on Ubuntu
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin artha,enchant,notify-send
+private-cache
+private-dev
+private-etc alternatives,fonts,machine-id
+private-lib libnotify.so.*
+private-tmp
+# dbus-user none
+# dbus-system none
+memory-deny-write-execute
author	netblue30 <netblue30@yahoo.com>	2020-04-21 08:24:28 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-04-21 08:24:28 -0400
commit	018d75775eab4a0f045949a9d069c57686ca2686 (patch)
tree	aac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-a-l/artha.profile
parent	small fixes (diff)
download	firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip

diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile new file mode 100644 index 000000000..19a4771aa --- /dev/null +++ b/etc/profile-a-l/artha.profile
@@ -0,0 +1,65 @@
	1	# Firejail profile for artha
	2	# Description: A free cross-platform English thesaurus based on WordNet
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include artha.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/artha.conf
	10	noblacklist ${HOME}/.config/artha.log
	11	noblacklist ${HOME}/.config/enchant
	12
	13	blacklist /tmp/.X11-unix
	14	blacklist ${RUNUSER}/wayland-*
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-exec.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	# whitelisting in ${HOME} makes settings immutable, see #3112
	25	#mkfile ${HOME}/.config/artha.conf
	26	#mkdir ${HOME}/.config/enchant
	27	#whitelist ${HOME}/.config/artha.conf
	28	#whitelist ${HOME}/.config/artha.log
	29	#whitelist ${HOME}/.config/enchant
	30	whitelist /usr/share/artha
	31	whitelist /usr/share/wordnet
	32	#include whitelist-common.inc
	33	include whitelist-usr-share-common.inc
	34	include whitelist-var-common.inc
	35
	36	apparmor
	37	caps.drop all
	38	ipc-namespace
	39	# net none - breaks on Ubuntu
	40	no3d
	41	nodvd
	42	nogroups
	43	nonewprivs
	44	noroot
	45	nosound
	46	notv
	47	nou2f
	48	novideo
	49	protocol unix
	50	seccomp
	51	shell none
	52	tracelog
	53
	54	disable-mnt
	55	private-bin artha,enchant,notify-send
	56	private-cache
	57	private-dev
	58	private-etc alternatives,fonts,machine-id
	59	private-lib libnotify.so.*
	60	private-tmp
	61
	62	# dbus-user none
	63	# dbus-system none
	64
	65	memory-deny-write-execute