Rename chromium-common-hardened and feh-network …

…again I am still not really happy about the rename from #4028, #4029, #4030 and #4031. I've no problem with moving away .inc but I don't like the result. So here's a proposal to make this better: | NAME | DESCRIPTION | | ------------------------- | ------------------------------------------------------------ | | `*-addons.profile` | (include) Allow external addons | | `*-common.profile` | (include) Common parts across multiple profiles | | `*-hardened.inc.profile` | Further hardening which can not be made default | | `*-network.inc.profile` | Allow optional network access | | `*-whitelist.inc.profile` | Enabled whitelisting (which can not be made default) ¹ | | `*.inc.profile` | Other profile specific includes | | `*.profile` | A profile for a program | | `allow-*.inc` | Multiple `noblacklist`s that should always be used together | | `disable-*.inc` | `blacklist`ing | | `whitelist-*-common.inc` | common `whitelist`s | | `*.inc` | Other generic includes | | `globals.local` | User overrides for all profiles | | `*.local` | Per profile user overrides | ¹ can be used for programs like KeePassXC or editors.
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-03-21 21:02:36 +0100
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-03-21 21:02:36 +0100
commit: 71e36997587dfb45b6b688cf1bb9673ab34159cc (patch)
tree: b5b074e097f471003a19d4894ff9235389660da3 /etc/profile-a-l/chromium-common-hardened.inc.profile
parent: Merge pull request #4125 from glitsj16/gnome-logs (diff)
download: firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.tar.gz
firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.tar.zst
firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile
new file mode 100644
index 000000000..19addd285
--- /dev/null
+++ b/etc/profile-a-l/chromium-common-hardened.inc.profile
@@ -0,0 +1,9 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include chromium-common-hardened.inc.local
+caps.drop all
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp !chroot
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-03-21 21:02:36 +0100
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-03-21 21:02:36 +0100
commit	71e36997587dfb45b6b688cf1bb9673ab34159cc (patch)
tree	b5b074e097f471003a19d4894ff9235389660da3 /etc/profile-a-l/chromium-common-hardened.inc.profile
parent	Merge pull request #4125 from glitsj16/gnome-logs (diff)
download	firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.tar.gz firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.tar.zst firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.zip

diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile new file mode 100644 index 000000000..19addd285 --- /dev/null +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile
@@ -0,0 +1,9 @@
	1	# This file is overwritten during software install.
	2	# Persistent customizations should go in a .local file.
	3	include chromium-common-hardened.inc.local
	4
	5	caps.drop all
	6	nonewprivs
	7	noroot
	8	protocol unix,inet,inet6,netlink
	9	seccomp !chroot