diff options
| author |  netblue30 <netblue30@yahoo.com> | 2020-04-21 08:24:28 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2020-04-21 08:24:28 -0400 |
| commit | 018d75775eab4a0f045949a9d069c57686ca2686 (patch) | |
| tree | aac3a1a65cca0d4875795c55109a5c3e35efdefb /etc/profile-a-l/i2prouter.profile | |
| parent | small fixes (diff) | |
| download | firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.gz firejail-018d75775eab4a0f045949a9d069c57686ca2686.tar.zst firejail-018d75775eab4a0f045949a9d069c57686ca2686.zip | |
reorganize github etc directory
Diffstat (limited to 'etc/profile-a-l/i2prouter.profile')
| -rw-r--r-- | etc/profile-a-l/i2prouter.profile | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile new file mode 100644 index 000000000..9ffdb9e9b --- /dev/null +++ b/etc/profile-a-l/i2prouter.profile | |||
| @@ -0,0 +1,71 @@ | |||
| 1 | # Firejail profile for I2P | ||
| 2 | # Description: A distributed anonymous network | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include i2prouter.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | # Notice: default browser will most likely not be able to automatically open, due to sandbox. | ||
| 10 | # Auto-opening default browser can be disabled in the I2P router console. | ||
| 11 | # This profile will not currently work with any Arch User Repository I2P packages, | ||
| 12 | # use the distro-independent official I2P java installer instead | ||
| 13 | |||
| 14 | # Only needed if i2prouter binary is in home directory, official I2P java installer does this | ||
| 15 | ignore noexec ${HOME} | ||
| 16 | |||
| 17 | noblacklist ${HOME}/.config/i2p | ||
| 18 | noblacklist ${HOME}/.i2p | ||
| 19 | noblacklist ${HOME}/.local/share/i2p | ||
| 20 | noblacklist ${HOME}/i2p | ||
| 21 | # Only needed if wrapper is placed in /usr/sbin/, ubuntu official I2P ppa package does this | ||
| 22 | noblacklist /usr/sbin | ||
| 23 | |||
| 24 | # Allow java (blacklisted by disable-devel.inc) | ||
| 25 | include allow-java.inc | ||
| 26 | |||
| 27 | include disable-common.inc | ||
| 28 | include disable-devel.inc | ||
| 29 | include disable-exec.inc | ||
| 30 | include disable-interpreters.inc | ||
| 31 | include disable-passwdmgr.inc | ||
| 32 | include disable-programs.inc | ||
| 33 | include disable-xdg.inc | ||
| 34 | |||
| 35 | mkdir ${HOME}/.config/i2p | ||
| 36 | mkdir ${HOME}/.i2p | ||
| 37 | mkdir ${HOME}/.local/share/i2p | ||
| 38 | mkdir ${HOME}/i2p | ||
| 39 | whitelist ${HOME}/.config/i2p | ||
| 40 | whitelist ${HOME}/.i2p | ||
| 41 | whitelist ${HOME}/.local/share/i2p | ||
| 42 | whitelist ${HOME}/i2p | ||
| 43 | # Only needed if wrapper is placed in /usr/sbin/, ubuntu official I2P ppa package does this | ||
| 44 | whitelist /usr/sbin/wrapper* | ||
| 45 | |||
| 46 | include whitelist-common.inc | ||
| 47 | |||
| 48 | # May break I2P if wrapper is placed in the home directory; official I2P java installer does this | ||
| 49 | # If using ubuntu official I2P ppa, this should be fine to uncomment, as it puts wrapper in /usr/sbin/ | ||
| 50 | #apparmor | ||
| 51 | caps.drop all | ||
| 52 | ipc-namespace | ||
| 53 | machine-id | ||
| 54 | netfilter | ||
| 55 | no3d | ||
| 56 | nodvd | ||
| 57 | nogroups | ||
| 58 | nonewprivs | ||
| 59 | nosound | ||
| 60 | notv | ||
| 61 | nou2f | ||
| 62 | novideo | ||
| 63 | protocol unix,inet,inet6 | ||
| 64 | seccomp | ||
| 65 | shell none | ||
| 66 | |||
| 67 | disable-mnt | ||
| 68 | private-cache | ||
| 69 | private-dev | ||
| 70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | ||
| 71 | private-tmp | ||