create blink-common.profile

author: pirate486743186 <> 2023-03-16 02:30:52 +0100
committer: pirate486743186 <> 2023-03-16 15:00:37 +0100
commit: 47e3c82ab58b0d0c02066666aea3f7a04078c86b (patch)
tree: 10d06366bb00a50209ea0c24366e599061cff53a /etc/profile-a-l/blink-common.profile
parent: firejail.txt: remove extraneous endif (diff)
download: firejail-47e3c82ab58b0d0c02066666aea3f7a04078c86b.tar.gz
firejail-47e3c82ab58b0d0c02066666aea3f7a04078c86b.tar.zst
firejail-47e3c82ab58b0d0c02066666aea3f7a04078c86b.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/etc/profile-a-l/blink-common.profile b/etc/profile-a-l/blink-common.profile
new file mode 100644
index 000000000..ff17dc479
--- /dev/null
+++ b/etc/profile-a-l/blink-common.profile
@@ -0,0 +1,40 @@
+# Firejail profile for blink-common
+# Description: Common profile for Blink-based applications
+# This file is overwritten after every install/update
+# Persistent local customizations
+include blink-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+#include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+# If your kernel allows the creation of user namespaces by unprivileged users
+# (for example, if running `unshare -U echo enabled` prints "enabled"), you
+# can add the next line to your blink-common.local.
+#include blink-common-hardened.inc.profile
+apparmor
+caps.keep sys_admin,sys_chroot
+netfilter
+nodvd
+nogroups
+noinput
+notv
+disable-mnt
+private-cache
+dbus-system none
author	pirate486743186 <>	2023-03-16 02:30:52 +0100
committer	pirate486743186 <>	2023-03-16 15:00:37 +0100
commit	47e3c82ab58b0d0c02066666aea3f7a04078c86b (patch)
tree	10d06366bb00a50209ea0c24366e599061cff53a /etc/profile-a-l/blink-common.profile
parent	firejail.txt: remove extraneous endif (diff)
download	firejail-47e3c82ab58b0d0c02066666aea3f7a04078c86b.tar.gz firejail-47e3c82ab58b0d0c02066666aea3f7a04078c86b.tar.zst firejail-47e3c82ab58b0d0c02066666aea3f7a04078c86b.zip

diff --git a/etc/profile-a-l/blink-common.profile b/etc/profile-a-l/blink-common.profile new file mode 100644 index 000000000..ff17dc479 --- /dev/null +++ b/etc/profile-a-l/blink-common.profile
@@ -0,0 +1,40 @@
	1	# Firejail profile for blink-common
	2	# Description: Common profile for Blink-based applications
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include blink-common.local
	6	# Persistent global definitions
	7	# added by caller profile
	8	#include globals.local
	9
	10	include disable-common.inc
	11	include disable-devel.inc
	12	include disable-exec.inc
	13	include disable-interpreters.inc
	14	include disable-programs.inc
	15	include disable-xdg.inc
	16
	17	whitelist ${DOWNLOADS}
	18	include whitelist-common.inc
	19	#include whitelist-run-common.inc
	20	include whitelist-runuser-common.inc
	21	include whitelist-usr-share-common.inc
	22	include whitelist-var-common.inc
	23
	24	# If your kernel allows the creation of user namespaces by unprivileged users
	25	# (for example, if running `unshare -U echo enabled` prints "enabled"), you
	26	# can add the next line to your blink-common.local.
	27	#include blink-common-hardened.inc.profile
	28
	29	apparmor
	30	caps.keep sys_admin,sys_chroot
	31	netfilter
	32	nodvd
	33	nogroups
	34	noinput
	35	notv
	36
	37	disable-mnt
	38	private-cache
	39
	40	dbus-system none