New profile: reader (#5934)

* Create reader.profile * firecfg.config: add reader support * reader: integrate review suggestions - blacklist whole ${RUNUSER} - drop x11 none * reader: fix 'x11 none'
author: glitsj16 <glitsj16@users.noreply.github.com> 2023-08-02 19:54:29 +0000
committer: GitHub <noreply@github.com> 2023-08-02 19:54:29 +0000
commit: 61351c0d06fea90c0c699ca80ec30ec00a430988 (patch)
tree: fb2550db2b0dc198a874f7b329e735387daa6f27 /etc/profile-m-z
parent: New profile: daisy (#5935) (diff)
download: firejail-61351c0d06fea90c0c699ca80ec30ec00a430988.tar.gz
firejail-61351c0d06fea90c0c699ca80ec30ec00a430988.tar.zst
firejail-61351c0d06fea90c0c699ca80ec30ec00a430988.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/etc/profile-m-z/reader.profile b/etc/profile-m-z/reader.profile
new file mode 100644
index 000000000..050c46d53
--- /dev/null
+++ b/etc/profile-m-z/reader.profile
@@ -0,0 +1,63 @@
+# Firejail profile for reader
+# Description: Better readability of web pages on the CLI
+# This file is overwritten after every install/update
+# Persistent local customizations
+include reader.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet
+seccomp
+seccomp.block-secondary
+tracelog
+x11 none
+disable-mnt
+private
+private-bin reader
+private-cache
+private-dev
+private-etc @network,@tls-ca
+private-lib
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+restrict-namespaces
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-08-02 19:54:29 +0000
committer	GitHub <noreply@github.com>	2023-08-02 19:54:29 +0000
commit	61351c0d06fea90c0c699ca80ec30ec00a430988 (patch)
tree	fb2550db2b0dc198a874f7b329e735387daa6f27 /etc/profile-m-z
parent	New profile: daisy (#5935) (diff)
download	firejail-61351c0d06fea90c0c699ca80ec30ec00a430988.tar.gz firejail-61351c0d06fea90c0c699ca80ec30ec00a430988.tar.zst firejail-61351c0d06fea90c0c699ca80ec30ec00a430988.zip

diff --git a/etc/profile-m-z/reader.profile b/etc/profile-m-z/reader.profile new file mode 100644 index 000000000..050c46d53 --- /dev/null +++ b/etc/profile-m-z/reader.profile
@@ -0,0 +1,63 @@
	1	# Firejail profile for reader
	2	# Description: Better readability of web pages on the CLI
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include reader.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	blacklist ${RUNUSER}
	10
	11	include disable-common.inc
	12	include disable-devel.inc
	13	include disable-exec.inc
	14	include disable-interpreters.inc
	15	include disable-proc.inc
	16	include disable-programs.inc
	17	include disable-shell.inc
	18	include disable-xdg.inc
	19
	20	include whitelist-common.inc
	21	include whitelist-run-common.inc
	22	include whitelist-runuser-common.inc
	23	include whitelist-usr-share-common.inc
	24	include whitelist-var-common.inc
	25
	26	apparmor
	27	caps.drop all
	28	ipc-namespace
	29	machine-id
	30	netfilter
	31	no3d
	32	nodvd
	33	nogroups
	34	noinput
	35	nonewprivs
	36	noprinters
	37	noroot
	38	nosound
	39	notv
	40	nou2f
	41	novideo
	42	protocol inet
	43	seccomp
	44	seccomp.block-secondary
	45	tracelog
	46	x11 none
	47
	48	disable-mnt
	49	private
	50	private-bin reader
	51	private-cache
	52	private-dev
	53	private-etc @network,@tls-ca
	54	private-lib
	55	private-opt none
	56	private-tmp
	57
	58	dbus-user none
	59	dbus-system none
	60
	61	memory-deny-write-execute
	62	read-only ${HOME}
	63	restrict-namespaces