Various profiles (#3561)

* Various profiles Initial * Various fixes # 1 Removed blacklist,no3d; added icon flatpak paths;sorting;added space
author: kortewegdevries <kortewegdevries@protonmail.ch> 2020-09-02 10:34:14 +0000
committer: GitHub <noreply@github.com> 2020-09-02 10:34:14 +0000
commit: a5e2b31c6263665854a449552649f6538f35a9fc (patch)
tree: f3e678f5137906f226a7f1b0d5002fa80e8d93b2 /etc/profile-m-z
parent: Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download: firejail-a5e2b31c6263665854a449552649f6538f35a9fc.tar.gz
firejail-a5e2b31c6263665854a449552649f6538f35a9fc.tar.zst
firejail-a5e2b31c6263665854a449552649f6538f35a9fc.zip
3 files changed, 177 insertions, 0 deletions
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
new file mode 100644
index 000000000..f029e4696
--- /dev/null
+++ b/etc/profile-m-z/menulibre.profile
@@ -0,0 +1,65 @@
+# Firejail profile for menulibre
+# Description: Create desktop and menu launchers easily
+# This file is overwritten after every install/update
+# Persistent local customizations
+include menulibre.local
+# Persistent global definitions
+include globals.local
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc 
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+include disable-xdg.inc
+# Whitelist your system icon directory,varies by distro
+whitelist /usr/share/app-info
+whitelist /usr/share/desktop-directories
+whitelist /usr/share/icons
+whitelist /usr/share/menulibre
+whitelist /var/lib/app-info/icons
+# Flatpak desktop directory
+whitelist /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/icons
+# Snap desktop directory
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gtk-3.0,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
+read-write ${HOME}/.config/menus
+read-write ${HOME}/.gnome/apps
+read-write ${HOME}/.local/share/applications
+read-write ${HOME}/.local/share/flatpak/exports
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
new file mode 100644
index 000000000..955df698d
--- /dev/null
+++ b/etc/profile-m-z/musictube.profile
@@ -0,0 +1,57 @@
+# Firejail profile for musictube
+# Description: Stream music 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include musictube.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/Flavio Tordini
+noblacklist ${HOME}/.config/Flavio Tordini
+noblacklist ${HOME}/.local/share/Flavio Tordini
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc 
+include disable-xdg.inc
+mkdir ${HOME}/.cache/Flavio Tordini
+mkdir ${HOME}/.config/Flavio Tordini
+mkdir ${HOME}/.local/share/Flavio Tordini
+whitelist ${HOME}/.cache/Flavio Tordini
+whitelist ${HOME}/.config/Flavio Tordini
+whitelist ${HOME}/.local/share/Flavio Tordini
+whitelist /usr/share/musictube
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin musictube
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
new file mode 100644
index 000000000..3a235a677
--- /dev/null
+++ b/etc/profile-m-z/onboard.profile
@@ -0,0 +1,55 @@
+# Firejail profile for onboard
+# Description: On-screen keyboard
+# This file is overwritten after every install/update
+# Persistent local customizations
+include onboard.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/onboard
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc 
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/onboard
+whitelist ${HOME}/.config/onboard
+whitelist /usr/share/onboard
+include whitelist-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+no3d
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-bin onboard,python*,tput
+private-dev
+private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg
+private-tmp
+dbus-system none
author	kortewegdevries <kortewegdevries@protonmail.ch>	2020-09-02 10:34:14 +0000
committer	GitHub <noreply@github.com>	2020-09-02 10:34:14 +0000
commit	a5e2b31c6263665854a449552649f6538f35a9fc (patch)
tree	f3e678f5137906f226a7f1b0d5002fa80e8d93b2 /etc/profile-m-z
parent	Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download	firejail-a5e2b31c6263665854a449552649f6538f35a9fc.tar.gz firejail-a5e2b31c6263665854a449552649f6538f35a9fc.tar.zst firejail-a5e2b31c6263665854a449552649f6538f35a9fc.zip

diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile new file mode 100644 index 000000000..f029e4696 --- /dev/null +++ b/etc/profile-m-z/menulibre.profile
@@ -0,0 +1,65 @@
	1	# Firejail profile for menulibre
	2	# Description: Create desktop and menu launchers easily
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include menulibre.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	include allow-python2.inc
	10	include allow-python3.inc
	11
	12	include disable-common.inc
	13	include disable-devel.inc
	14	include disable-exec.inc
	15	include disable-interpreters.inc
	16	include disable-programs.inc
	17	include disable-passwdmgr.inc
	18	include disable-xdg.inc
	19
	20	# Whitelist your system icon directory,varies by distro
	21	whitelist /usr/share/app-info
	22	whitelist /usr/share/desktop-directories
	23	whitelist /usr/share/icons
	24	whitelist /usr/share/menulibre
	25	whitelist /var/lib/app-info/icons
	26	# Flatpak desktop directory
	27	whitelist /var/lib/flatpak/exports/share/applications
	28	whitelist /var/lib/flatpak/exports/share/icons
	29	# Snap desktop directory
	30
	31	include whitelist-runuser-common.inc
	32	include whitelist-usr-share-common.inc
	33	include whitelist-var-common.inc
	34
	35	apparmor
	36	caps.drop all
	37	machine-id
	38	net none
	39	nodvd
	40	no3d
	41	nogroups
	42	nonewprivs
	43	noroot
	44	nosound
	45	notv
	46	nou2f
	47	novideo
	48	protocol unix
	49	seccomp
	50	shell none
	51	tracelog
	52
	53	disable-mnt
	54	private-cache
	55	private-dev
	56	private-etc alternatives,dconf,fonts,gtk-3.0,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg
	57	private-tmp
	58
	59	dbus-user none
	60	dbus-system none
	61
	62	read-write ${HOME}/.config/menus
	63	read-write ${HOME}/.gnome/apps
	64	read-write ${HOME}/.local/share/applications
	65	read-write ${HOME}/.local/share/flatpak/exports


diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile new file mode 100644 index 000000000..955df698d --- /dev/null +++ b/etc/profile-m-z/musictube.profile
@@ -0,0 +1,57 @@
	1	# Firejail profile for musictube
	2	# Description: Stream music
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include musictube.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/Flavio Tordini
	10	noblacklist ${HOME}/.config/Flavio Tordini
	11	noblacklist ${HOME}/.local/share/Flavio Tordini
	12
	13	include disable-common.inc
	14	include disable-devel.inc
	15	include disable-exec.inc
	16	include disable-interpreters.inc
	17	include disable-passwdmgr.inc
	18	include disable-programs.inc
	19	include disable-shell.inc
	20	include disable-xdg.inc
	21
	22	mkdir ${HOME}/.cache/Flavio Tordini
	23	mkdir ${HOME}/.config/Flavio Tordini
	24	mkdir ${HOME}/.local/share/Flavio Tordini
	25	whitelist ${HOME}/.cache/Flavio Tordini
	26	whitelist ${HOME}/.config/Flavio Tordini
	27	whitelist ${HOME}/.local/share/Flavio Tordini
	28	whitelist /usr/share/musictube
	29	include whitelist-common.inc
	30	include whitelist-runuser-common.inc
	31	include whitelist-usr-share-common.inc
	32	include whitelist-var-common.inc
	33
	34	apparmor
	35	caps.drop all
	36	netfilter
	37	nodvd
	38	nogroups
	39	nonewprivs
	40	noroot
	41	notv
	42	nou2f
	43	novideo
	44	protocol unix,inet,inet6,netlink
	45	seccomp
	46	shell none
	47	tracelog
	48
	49	disable-mnt
	50	private-bin musictube
	51	private-cache
	52	private-dev
	53	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
	54	private-tmp
	55
	56	dbus-user none
	57	dbus-system none


diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile new file mode 100644 index 000000000..3a235a677 --- /dev/null +++ b/etc/profile-m-z/onboard.profile
@@ -0,0 +1,55 @@
	1	# Firejail profile for onboard
	2	# Description: On-screen keyboard
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include onboard.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/onboard
	10
	11	include allow-python2.inc
	12	include allow-python3.inc
	13
	14	include disable-common.inc
	15	include disable-devel.inc
	16	include disable-exec.inc
	17	include disable-interpreters.inc
	18	include disable-programs.inc
	19	include disable-passwdmgr.inc
	20	include disable-shell.inc
	21	include disable-xdg.inc
	22
	23	mkdir ${HOME}/.config/onboard
	24	whitelist ${HOME}/.config/onboard
	25	whitelist /usr/share/onboard
	26	include whitelist-common.inc
	27	include whitelist-usr-share-common.inc
	28	include whitelist-runuser-common.inc
	29	include whitelist-var-common.inc
	30
	31	apparmor
	32	caps.drop all
	33	machine-id
	34	net none
	35	nodvd
	36	no3d
	37	nogroups
	38	nonewprivs
	39	noroot
	40	notv
	41	nou2f
	42	novideo
	43	protocol unix
	44	seccomp
	45	shell none
	46	tracelog
	47
	48	disable-mnt
	49	private-cache
	50	private-bin onboard,python*,tput
	51	private-dev
	52	private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg
	53	private-tmp
	54
	55	dbus-system none