new profile: servo

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-12-21 16:37:19 +0100
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-12-21 16:37:19 +0100
commit: e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794 (patch)
tree: 63a86571e33aa76461df873fb454fe44e16d9039 /etc/profile-m-z/servo.profile
parent: Merge pull request #3839 from rusty-snake/fix-3838 (diff)
download: firejail-e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794.tar.gz
firejail-e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794.tar.zst
firejail-e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794.zip
1 files changed, 48 insertions, 0 deletions
diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile
new file mode 100644
index 000000000..65da5d0de
--- /dev/null
+++ b/etc/profile-m-z/servo.profile
@@ -0,0 +1,48 @@
+# Firejail profile for servo
+# Description: The Servo Browser Engine
+# This file is overwritten after every install/update
+# Persistent local customizations
+include servo.local
+# Persistent global definitions
+include globals.local
+# Servo is usually installed inside $HOME
+ignore noexec ${HOME}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+# Add a whitelist for the directory where servo is installed and uncomment the lines below.
+#whitelist ${DOWNLOADS}
+#include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin servo,sh
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-12-21 16:37:19 +0100
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-12-21 16:37:19 +0100
commit	e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794 (patch)
tree	63a86571e33aa76461df873fb454fe44e16d9039 /etc/profile-m-z/servo.profile
parent	Merge pull request #3839 from rusty-snake/fix-3838 (diff)
download	firejail-e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794.tar.gz firejail-e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794.tar.zst firejail-e3d27760c4ec7dfc834a9ab48e0cc7f11a0c7794.zip

diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile new file mode 100644 index 000000000..65da5d0de --- /dev/null +++ b/etc/profile-m-z/servo.profile
@@ -0,0 +1,48 @@
	1	# Firejail profile for servo
	2	# Description: The Servo Browser Engine
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include servo.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Servo is usually installed inside $HOME
	10	ignore noexec ${HOME}
	11
	12	include disable-common.inc
	13	include disable-devel.inc
	14	include disable-exec.inc
	15	include disable-interpreters.inc
	16	include disable-passwdmgr.inc
	17	include disable-programs.inc
	18	include disable-xdg.inc
	19
	20	# Add a whitelist for the directory where servo is installed and uncomment the lines below.
	21	#whitelist ${DOWNLOADS}
	22	#include whitelist-common.inc
	23	include whitelist-runuser-common.inc
	24	include whitelist-usr-share-common.inc
	25	include whitelist-var-common.inc
	26
	27	caps.drop all
	28	netfilter
	29	nodvd
	30	nogroups
	31	nonewprivs
	32	noroot
	33	notv
	34	nou2f
	35	novideo
	36	protocol unix,inet,inet6
	37	seccomp
	38	shell none
	39	tracelog
	40
	41	disable-mnt
	42	private-bin servo,sh
	43	private-cache
	44	private-dev
	45	private-tmp
	46
	47	dbus-user none
	48	dbus-system none