aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-a-l/exiftool.profile
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2020-04-21 08:24:28 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2020-04-21 08:24:28 -0400
commit018d75775eab4a0f045949a9d069c57686ca2686 (patch)
treeaac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-a-l/exiftool.profile
parentsmall fixes (diff)
downloadfirejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz
firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst
firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip
reorganize github etc directory
Diffstat (limited to 'etc/profile-a-l/exiftool.profile')
-rw-r--r--etc/profile-a-l/exiftool.profile57
1 files changed, 57 insertions, 0 deletions
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile
new file mode 100644
index 000000000..90d8a0fc2
--- /dev/null
+++ b/etc/profile-a-l/exiftool.profile
@@ -0,0 +1,57 @@
1# Firejail profile for exiftool
2# This file is overwritten after every install/update
3quiet
4# Persistent local customizations
5include exiftool.local
6# Persistent global definitions
7include globals.local
8
9blacklist ${RUNUSER}/wayland-*
10
11# Allow perl (blacklisted by disable-interpreters.inc)
12include allow-perl.inc
13
14include disable-common.inc
15include disable-devel.inc
16include disable-exec.inc
17include disable-interpreters.inc
18include disable-passwdmgr.inc
19include disable-programs.inc
20
21whitelist /usr/share/perl5
22whitelist /usr/share/perl-image-exiftool
23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc
25
26apparmor
27caps.drop all
28ipc-namespace
29machine-id
30net none
31no3d
32nodvd
33nogroups
34nonewprivs
35noroot
36nosound
37notv
38nou2f
39novideo
40protocol unix
41seccomp
42shell none
43tracelog
44x11 none
45
46# To support exiftool in private-bin on Arch Linux (and derivatives), symlink /usr/bin/vendor_perl/exiftool to /usr/bin/exiftool and uncomment the below.
47# Users on non-Arch Linux distributions can safely uncomment (or put in exiftool.local) the line below to enable extra hardening.
48#private-bin exiftool,perl
49private-cache
50private-dev
51private-etc alternatives
52private-tmp
53
54dbus-user none
55dbus-system none
56
57memory-deny-write-execute