Add profiles for imv, retroarch, and torbrowser

imv, retroarch, and torbrowser are also added to firecfg.config
author: crocket <748856+crocket@users.noreply.github.com> 2021-10-09 22:43:30 +0900
committer: crocket <748856+crocket@users.noreply.github.com> 2021-10-17 22:09:24 +0900
commit: b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9 (patch)
tree: 661607a7fa8ba918ccec9761c6d3e970c972b77c /etc/profile-a-l
parent: Update README.md RELNOTES (diff)
download: firejail-b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9.tar.gz
firejail-b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9.tar.zst
firejail-b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9.zip
1 files changed, 57 insertions, 0 deletions
diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile
new file mode 100644
index 000000000..65e7537bf
--- /dev/null
+++ b/etc/profile-a-l/imv.profile
@@ -0,0 +1,57 @@
+# Firejail profile for imv
+# Description: imv is an image viewer.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include imv.local
+# Persistent global definitions
+include globals.local
+include allow-bin-sh.inc
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+# Users may want to view images in ${HOME}
+#include disable-xdg.inc
+# Users may want to view images in ${HOME}
+#include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+# Users may want to view images in /usr/share
+#include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+private-bin imv,imv-wayland,imv-x11,sh
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
author	crocket <748856+crocket@users.noreply.github.com>	2021-10-09 22:43:30 +0900
committer	crocket <748856+crocket@users.noreply.github.com>	2021-10-17 22:09:24 +0900
commit	b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9 (patch)
tree	661607a7fa8ba918ccec9761c6d3e970c972b77c /etc/profile-a-l
parent	Update README.md RELNOTES (diff)
download	firejail-b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9.tar.gz firejail-b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9.tar.zst firejail-b6c1230e3b2d019b1d1803791ce0698cdb3c5ab9.zip

diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile new file mode 100644 index 000000000..65e7537bf --- /dev/null +++ b/etc/profile-a-l/imv.profile
@@ -0,0 +1,57 @@
	1	# Firejail profile for imv
	2	# Description: imv is an image viewer.
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include imv.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	include allow-bin-sh.inc
	10
	11	blacklist /usr/libexec
	12
	13	include disable-common.inc
	14	include disable-devel.inc
	15	include disable-exec.inc
	16	include disable-interpreters.inc
	17	include disable-programs.inc
	18	include disable-shell.inc
	19	include disable-write-mnt.inc
	20	# Users may want to view images in ${HOME}
	21	#include disable-xdg.inc
	22
	23	# Users may want to view images in ${HOME}
	24	#include whitelist-common.inc
	25	include whitelist-run-common.inc
	26	include whitelist-runuser-common.inc
	27	# Users may want to view images in /usr/share
	28	#include whitelist-usr-share-common.inc
	29	include whitelist-var-common.inc
	30
	31	apparmor
	32	caps.drop all
	33	net none
	34	nodvd
	35	nogroups
	36	noinput
	37	nonewprivs
	38	noroot
	39	nosound
	40	notv
	41	nou2f
	42	novideo
	43	protocol unix
	44	seccomp
	45	seccomp.block-secondary
	46	shell none
	47	tracelog
	48
	49	private-bin imv,imv-wayland,imv-x11,sh
	50	private-cache
	51	private-dev
	52	private-tmp
	53
	54	dbus-user none
	55	dbus-system none
	56
	57	read-only ${HOME}