from my overrides

- add seccomp.block-secondary to a lot profiles - add wruc to firefox-common and ignore it in TB and firefox-common-addons - harden dia, gnome-keyring, libreoffice, megaglest, pngquant, ghostwriter, rhythmbox, sqlitebrowser
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-11-16 11:41:35 +0100
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-11-16 11:41:35 +0100
commit: 096d0de5f8bb253d0c1035796464bc5982f06f81 (patch)
tree: d9634d1c26afca63ada52f66dd55eb09a46647dd /etc/profile-a-l/dia.profile
parent: Add XAUTHORITY file of sddm from openSUSE Tumblew… (diff)
download: firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.tar.gz
firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.tar.zst
firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.zip
1 files changed, 11 insertions, 2 deletions
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile
index 52bf1c7f8..e409eb044 100644
--- a/etc/profile-a-l/dia.profile
+++ b/etc/profile-a-l/dia.profile
@@ -9,16 +9,24 @@ include globals.local
 noblacklist ${HOME}/.dia
 noblacklist ${DOCUMENTS}
+include allow-python2.inc
+include allow-python3.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
-include allow-python2.inc
-include allow-python3.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+#mkdir ${HOME}/.dia
+#whitelist ${HOME}/.dia
+#whitelist ${DOCUMENTS}
+#include whitelist-common.inc
+whitelist /usr/share/dia
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
@@ -36,6 +44,7 @@ novideo
 protocol unix
 seccomp
 shell none
+tracelog
 disable-mnt
 #private-bin dia
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-11-16 11:41:35 +0100
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-11-16 11:41:35 +0100
commit	096d0de5f8bb253d0c1035796464bc5982f06f81 (patch)
tree	d9634d1c26afca63ada52f66dd55eb09a46647dd /etc/profile-a-l/dia.profile
parent	Add XAUTHORITY file of sddm from openSUSE Tumblew… (diff)
download	firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.tar.gz firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.tar.zst firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.zip

diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 52bf1c7f8..e409eb044 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile
@@ -9,16 +9,24 @@ include globals.local
9	noblacklist ${HOME}/.dia	9	noblacklist ${HOME}/.dia
10	noblacklist ${DOCUMENTS}	10	noblacklist ${DOCUMENTS}
11		11
		12	include allow-python2.inc
		13	include allow-python3.inc
		14
12	include disable-common.inc	15	include disable-common.inc
13	include disable-devel.inc	16	include disable-devel.inc
14	include disable-exec.inc	17	include disable-exec.inc
15	include allow-python2.inc
16	include allow-python3.inc
17	include disable-interpreters.inc	18	include disable-interpreters.inc
18	include disable-passwdmgr.inc	19	include disable-passwdmgr.inc
19	include disable-programs.inc	20	include disable-programs.inc
20	include disable-xdg.inc	21	include disable-xdg.inc
21		22
		23	#mkdir ${HOME}/.dia
		24	#whitelist ${HOME}/.dia
		25	#whitelist ${DOCUMENTS}
		26	#include whitelist-common.inc
		27	whitelist /usr/share/dia
		28	include whitelist-runuser-common.inc
		29	include whitelist-usr-share-common.inc
22	include whitelist-var-common.inc	30	include whitelist-var-common.inc
23		31
24	apparmor	32	apparmor
@@ -36,6 +44,7 @@ novideo
36	protocol unix	44	protocol unix
37	seccomp	45	seccomp
38	shell none	46	shell none
		47	tracelog
39		48
40	disable-mnt	49	disable-mnt
41	#private-bin dia	50	#private-bin dia