diff options
author | netblue30 <netblue30@yahoo.com> | 2020-04-21 08:24:28 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-04-21 08:24:28 -0400 |
commit | 018d75775eab4a0f045949a9d069c57686ca2686 (patch) | |
tree | aac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-a-l/firefox-common.profile | |
parent | small fixes (diff) | |
download | firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip |
reorganize github etc directory
Diffstat (limited to 'etc/profile-a-l/firefox-common.profile')
-rw-r--r-- | etc/profile-a-l/firefox-common.profile | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile new file mode 100644 index 000000000..7c343c26d --- /dev/null +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -0,0 +1,60 @@ | |||
1 | # Firejail profile for firefox-common | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include firefox-common.local | ||
5 | # Persistent global definitions | ||
6 | # added by caller profile | ||
7 | #include globals.local | ||
8 | |||
9 | # noexec ${HOME} breaks DRM binaries. | ||
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | ||
11 | |||
12 | # Uncomment the following line (or put it in your firefox-common.local) to allow access to common programs/addons/plugins. | ||
13 | #include firefox-common-addons.inc | ||
14 | |||
15 | noblacklist ${HOME}/.pki | ||
16 | noblacklist ${HOME}/.local/share/pki | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | ||
22 | include disable-programs.inc | ||
23 | |||
24 | mkdir ${HOME}/.pki | ||
25 | mkdir ${HOME}/.local/share/pki | ||
26 | whitelist ${DOWNLOADS} | ||
27 | whitelist ${HOME}/.pki | ||
28 | whitelist ${HOME}/.local/share/pki | ||
29 | include whitelist-common.inc | ||
30 | include whitelist-var-common.inc | ||
31 | |||
32 | apparmor | ||
33 | caps.drop all | ||
34 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required. | ||
35 | #machine-id | ||
36 | netfilter | ||
37 | nodvd | ||
38 | nogroups | ||
39 | nonewprivs | ||
40 | # noroot breaks GTK_USE_PORTAL=1 usage, see https://github.com/netblue30/firejail/issues/2506. | ||
41 | noroot | ||
42 | notv | ||
43 | ?BROWSER_DISABLE_U2F: nou2f | ||
44 | protocol unix,inet,inet6,netlink | ||
45 | # The below seccomp configuration still permits chroot syscall. See https://github.com/netblue30/firejail/issues/2506 for possible workarounds. | ||
46 | seccomp !chroot | ||
47 | shell none | ||
48 | # Disable tracelog, it breaks or causes major issues with many firefox based browsers, see https://github.com/netblue30/firejail/issues/1930. | ||
49 | #tracelog | ||
50 | |||
51 | disable-mnt | ||
52 | ?BROWSER_DISABLE_U2F: private-dev | ||
53 | # private-etc below works fine on most distributions. There are some problems on CentOS. | ||
54 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
55 | private-tmp | ||
56 | |||
57 | # breaks various desktop integration features | ||
58 | # among other things global menus, native notifications, Gnome connector, KDE connect and power management on KDE Plasma | ||
59 | dbus-user none | ||
60 | dbus-system none | ||