diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-09-23 01:42:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-23 01:42:08 +0000 |
commit | dd55390120efe17550ddcec1b336d8c1c44806a4 (patch) | |
tree | 1ca7630e03685f334e0d35b0d26bc132aca23997 /etc/profile-m-z | |
parent | Merge pull request #5993 from kmk3/modif-keep-pipewire-group (diff) | |
download | firejail-dd5539012.tar.gz firejail-dd5539012.tar.zst firejail-dd5539012.zip |
profiles: refactor log viewers (#5996)
* profiles: refactor log viewers
Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.
* system-log-common: enable no3d
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile b/etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile new file mode 100644 index 000000000..dda8bdc47 --- /dev/null +++ b/etc/profile-m-z/profile-m-z/profile-m-z/system-log-common.profile | |||
@@ -0,0 +1,60 @@ | |||
1 | # Firejail profile for system-log-common | ||
2 | # Description: Common profile for GUI system log viewers | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include system-log-common.local | ||
6 | # Persistent global definitions | ||
7 | # added by caller profile | ||
8 | #include globals.local | ||
9 | |||
10 | include disable-common.inc | ||
11 | include disable-devel.inc | ||
12 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | ||
14 | include disable-proc.inc | ||
15 | include disable-programs.inc | ||
16 | include disable-shell.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | whitelist /run/log/journal | ||
20 | whitelist /var/log/journal | ||
21 | include whitelist-common.inc | ||
22 | include whitelist-run-common.inc | ||
23 | include whitelist-runuser-common.inc | ||
24 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | |||
27 | apparmor | ||
28 | caps.drop all | ||
29 | ipc-namespace | ||
30 | net none | ||
31 | no3d | ||
32 | nodvd | ||
33 | #nogroups | ||
34 | noinput | ||
35 | nonewprivs | ||
36 | noprinters | ||
37 | #noroot | ||
38 | nosound | ||
39 | notv | ||
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix | ||
43 | seccomp | ||
44 | seccomp.block-secondary | ||
45 | tracelog | ||
46 | |||
47 | disable-mnt | ||
48 | private-cache | ||
49 | private-dev | ||
50 | private-etc machine-id | ||
51 | private-tmp | ||
52 | |||
53 | dbus-user none | ||
54 | dbus-system none | ||
55 | |||
56 | restrict-namespaces | ||
57 | # Add 'ignore read-only ${HOME}' to your system-log-common.local | ||
58 | # if you export logs to a file under your ${HOME}. | ||
59 | read-only ${HOME} | ||
60 | writable-var-log | ||