New profiles: apostrophe & quadrapassel

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-06-10 21:56:36 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-06-11 22:11:35 +0200
commit: 91a2bedaf42abcb947ef9370919b9d5503e84e47 (patch)
tree: 32bba6492b249d8afe8ab4c0d812c010699b52b2 /etc/profile-a-l
parent: Add strawberry profile (#3459) (diff)
download: firejail-91a2bedaf42abcb947ef9370919b9d5503e84e47.tar.gz
firejail-91a2bedaf42abcb947ef9370919b9d5503e84e47.tar.zst
firejail-91a2bedaf42abcb947ef9370919b9d5503e84e47.zip
3 files changed, 74 insertions, 4 deletions
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile
new file mode 100644
index 000000000..5dfe034e0
--- /dev/null
+++ b/etc/profile-a-l/apostrophe.profile
@@ -0,0 +1,69 @@
+# Firejail profile for apostrophe
+# Description: Distraction free Markdown editor for GNU/Linux made with GTK+
+# This file is overwritten after every install/update
+# Persistent local customizations
+include apostrophe.local
+# Persistent global definitions
+include globals.local
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist /usr/share/apostrophe
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin apostrophe,python3*
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+# private-etc templates (see also #1734, #2093)
+#  Common: alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg
+#    Extra: magic,magic.mgc,passwd,group
+#  Networking: ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf,hosts,host.conf,hostname,protocols,services,rpc
+#    Extra: proxychains.conf,gai.conf
+#  Sound: alsa,asound.conf,pulse,machine-id
+#  GUI: fonts,pango,X11
+#  GTK: dconf,gconf,gtk-2.0,gtk-3.0
+#  Qt: Trolltech.conf
+#  KDE: kde4rc,kde5rc
+#  3D: drirc,glvnd,bumblebee,nvidia
+#  D-Bus: dbus-1,machine-id
+private-tmp
+dbus-user filter
+dbus-user.own org.gnome.gitlab.somas.Apostrophe
+dbus-user.talk ca.desrt.dconf
+dbus-system none
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile
index de4ea97a4..226237b5b 100644
--- a/etc/profile-a-l/emacs.profile
+++ b/etc/profile-a-l/emacs.profile
@@ -19,10 +19,6 @@ include disable-common.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-# Comment out if you want an immutable configuration
-read-write ${HOME}/.emacs
-read-write ${HOME}/.emacs.d
 caps.drop all
 netfilter
 nodvd
@@ -33,3 +29,6 @@ notv
 novideo
 protocol unix,inet,inet6
 seccomp
+read-write ${HOME}/.emacs
+read-write ${HOME}/.emacs.d
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile
index 70dd030ee..745b8b8e9 100644
--- a/etc/profile-a-l/file-roller.profile
+++ b/etc/profile-a-l/file-roller.profile
@@ -42,3 +42,5 @@ private-cache
 private-dev
 private-etc dconf,fonts,gtk-3.0,xdg
 # private-tmp
+dbus-system none
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-06-10 21:56:36 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-06-11 22:11:35 +0200
commit	91a2bedaf42abcb947ef9370919b9d5503e84e47 (patch)
tree	32bba6492b249d8afe8ab4c0d812c010699b52b2 /etc/profile-a-l
parent	Add strawberry profile (#3459) (diff)
download	firejail-91a2bedaf42abcb947ef9370919b9d5503e84e47.tar.gz firejail-91a2bedaf42abcb947ef9370919b9d5503e84e47.tar.zst firejail-91a2bedaf42abcb947ef9370919b9d5503e84e47.zip

diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile new file mode 100644 index 000000000..5dfe034e0 --- /dev/null +++ b/etc/profile-a-l/apostrophe.profile
@@ -0,0 +1,69 @@
		1	# Firejail profile for apostrophe
		2	# Description: Distraction free Markdown editor for GNU/Linux made with GTK+
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include apostrophe.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${DOCUMENTS}
		10	noblacklist ${PICTURES}
		11
		12	# Allow python (blacklisted by disable-interpreters.inc)
		13	include allow-python3.inc
		14
		15	include disable-common.inc
		16	include disable-devel.inc
		17	include disable-exec.inc
		18	include disable-interpreters.inc
		19	include disable-passwdmgr.inc
		20	include disable-programs.inc
		21	include disable-shell.inc
		22	include disable-xdg.inc
		23
		24	whitelist /usr/share/apostrophe
		25	include whitelist-runuser-common.inc
		26	include whitelist-usr-share-common.inc
		27	include whitelist-var-common.inc
		28
		29	apparmor
		30	caps.drop all
		31	machine-id
		32	net none
		33	no3d
		34	nodvd
		35	nogroups
		36	nonewprivs
		37	noroot
		38	nosound
		39	notv
		40	nou2f
		41	novideo
		42	protocol unix
		43	seccomp
		44	shell none
		45	tracelog
		46
		47	disable-mnt
		48	private-bin apostrophe,python3*
		49	private-cache
		50	private-dev
		51	private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
		52	# private-etc templates (see also #1734, #2093)
		53	# Common: alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg
		54	# Extra: magic,magic.mgc,passwd,group
		55	# Networking: ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf,hosts,host.conf,hostname,protocols,services,rpc
		56	# Extra: proxychains.conf,gai.conf
		57	# Sound: alsa,asound.conf,pulse,machine-id
		58	# GUI: fonts,pango,X11
		59	# GTK: dconf,gconf,gtk-2.0,gtk-3.0
		60	# Qt: Trolltech.conf
		61	# KDE: kde4rc,kde5rc
		62	# 3D: drirc,glvnd,bumblebee,nvidia
		63	# D-Bus: dbus-1,machine-id
		64	private-tmp
		65
		66	dbus-user filter
		67	dbus-user.own org.gnome.gitlab.somas.Apostrophe
		68	dbus-user.talk ca.desrt.dconf
		69	dbus-system none


diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index de4ea97a4..226237b5b 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile
@@ -19,10 +19,6 @@ include disable-common.inc
19	include disable-passwdmgr.inc	19	include disable-passwdmgr.inc
20	include disable-programs.inc	20	include disable-programs.inc
21		21
22	# Comment out if you want an immutable configuration
23	read-write ${HOME}/.emacs
24	read-write ${HOME}/.emacs.d
25
26	caps.drop all	22	caps.drop all
27	netfilter	23	netfilter
28	nodvd	24	nodvd
@@ -33,3 +29,6 @@ notv
33	novideo	29	novideo
34	protocol unix,inet,inet6	30	protocol unix,inet,inet6
35	seccomp	31	seccomp
		32
		33	read-write ${HOME}/.emacs
		34	read-write ${HOME}/.emacs.d


diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 70dd030ee..745b8b8e9 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile
@@ -42,3 +42,5 @@ private-cache
42	private-dev	42	private-dev
43	private-etc dconf,fonts,gtk-3.0,xdg	43	private-etc dconf,fonts,gtk-3.0,xdg
44	# private-tmp	44	# private-tmp
		45
		46	dbus-system none