Add OpenStego profile

author: Jan Sonntag <jaso35@googlemail.com> 2021-11-12 16:14:25 +0100
committer: Jan Sonntag <jaso35@googlemail.com> 2021-11-12 16:14:25 +0100
commit: b645afec54661da5afe7ffe9ff3de1b664753427 (patch)
tree: ad75750a5165ad35071e038352a701fdc4651a37 /etc/profile-m-z
parent: readme update (diff)
download: firejail-b645afec54661da5afe7ffe9ff3de1b664753427.tar.gz
firejail-b645afec54661da5afe7ffe9ff3de1b664753427.tar.zst
firejail-b645afec54661da5afe7ffe9ff3de1b664753427.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile
new file mode 100644
index 000000000..1f1ae406d
--- /dev/null
+++ b/etc/profile-m-z/openstego.profile
@@ -0,0 +1,63 @@
+# Firejail profile for OpenStego
+# Description: Steganography application that provides data hiding and watermarking functionality
+# This file is overwritten after every install/update
+# Persistent local customizations
+include openstego.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/openstego.ini
+# Allow java (blacklisted by disable-devel.inc)
+include allow-java.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+mkfile ${HOME}/openstego.ini
+whitelist ${HOME}/openstego.ini
+whitelist ${HOME}/.java
+whitelist ${PICTURES}
+whitelist ${DOCUMENTS}
+whitelist ${DESKTOP}
+include whitelist-common.inc
+whitelist /usr/share/java
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+# AppArmor breaks Java interpreter
+ignore apparmor
+caps.drop all
+# Makes fonts look grainy
+#ipc-namespace
+machine-id
+net none
+no3d
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin openstego,readlink,dirname,bash,sh
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
author	Jan Sonntag <jaso35@googlemail.com>	2021-11-12 16:14:25 +0100
committer	Jan Sonntag <jaso35@googlemail.com>	2021-11-12 16:14:25 +0100
commit	b645afec54661da5afe7ffe9ff3de1b664753427 (patch)
tree	ad75750a5165ad35071e038352a701fdc4651a37 /etc/profile-m-z
parent	readme update (diff)
download	firejail-b645afec54661da5afe7ffe9ff3de1b664753427.tar.gz firejail-b645afec54661da5afe7ffe9ff3de1b664753427.tar.zst firejail-b645afec54661da5afe7ffe9ff3de1b664753427.zip

diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile new file mode 100644 index 000000000..1f1ae406d --- /dev/null +++ b/etc/profile-m-z/openstego.profile
@@ -0,0 +1,63 @@
	1	# Firejail profile for OpenStego
	2	# Description: Steganography application that provides data hiding and watermarking functionality
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include openstego.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/openstego.ini
	10
	11	# Allow java (blacklisted by disable-devel.inc)
	12	include allow-java.inc
	13
	14	include disable-common.inc
	15	include disable-devel.inc
	16	include disable-exec.inc
	17	include disable-interpreters.inc
	18	include disable-programs.inc
	19	include disable-passwdmgr.inc
	20
	21	mkfile ${HOME}/openstego.ini
	22	whitelist ${HOME}/openstego.ini
	23	whitelist ${HOME}/.java
	24	whitelist ${PICTURES}
	25	whitelist ${DOCUMENTS}
	26	whitelist ${DESKTOP}
	27	include whitelist-common.inc
	28
	29	whitelist /usr/share/java
	30	include whitelist-usr-share-common.inc
	31	include whitelist-var-common.inc
	32
	33	# AppArmor breaks Java interpreter
	34	ignore apparmor
	35
	36	caps.drop all
	37
	38	# Makes fonts look grainy
	39	#ipc-namespace
	40
	41	machine-id
	42	net none
	43	no3d
	44	nogroups
	45	noinput
	46	nonewprivs
	47	noroot
	48	nosound
	49	notv
	50	nou2f
	51	novideo
	52	seccomp
	53	shell none
	54	tracelog
	55
	56	disable-mnt
	57	private-bin openstego,readlink,dirname,bash,sh
	58	private-cache
	59	private-dev
	60	private-tmp
	61
	62	dbus-user none
	63	dbus-system none