Add rambox profile from #1425

author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-08-02 12:02:28 -0500
committer: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-08-02 12:02:28 -0500
commit: 88d919ce9b9d0be693366b25eb1c4f3647c023d3 (patch)
tree: abfa2be0b75e0b7fbf7ae50413afd9a0b901df86 /etc/rambox.profile
parent: merges (diff)
download: firejail-88d919ce9b9d0be693366b25eb1c4f3647c023d3.tar.gz
firejail-88d919ce9b9d0be693366b25eb1c4f3647c023d3.tar.zst
firejail-88d919ce9b9d0be693366b25eb1c4f3647c023d3.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/etc/rambox.profile b/etc/rambox.profile
new file mode 100644
index 000000000..2c70fbd13
--- /dev/null
+++ b/etc/rambox.profile
@@ -0,0 +1,31 @@
+#Persistent global definitions go here
+include /etc/firejail/globals.local
+#This file is overwritten during software install.
+#Persistent customizations should go in a .local file.
+include /etc/firejail/rambox.local
+# Rambox profile for firejail
+noblacklist ~/.config/Rambox
+noblacklist ~/.pki
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+#tracelog
+whitelist ${DOWNLOADS}
+mkdir ~/.config/Rambox
+whitelist ~/.config/Rambox
+mkdir ~/.pki
+whitelist ~/.pki
+include /etc/firejail/whitelist-common.inc
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-08-02 12:02:28 -0500
committer	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-08-02 12:02:28 -0500
commit	88d919ce9b9d0be693366b25eb1c4f3647c023d3 (patch)
tree	abfa2be0b75e0b7fbf7ae50413afd9a0b901df86 /etc/rambox.profile
parent	merges (diff)
download	firejail-88d919ce9b9d0be693366b25eb1c4f3647c023d3.tar.gz firejail-88d919ce9b9d0be693366b25eb1c4f3647c023d3.tar.zst firejail-88d919ce9b9d0be693366b25eb1c4f3647c023d3.zip

diff --git a/etc/rambox.profile b/etc/rambox.profile new file mode 100644 index 000000000..2c70fbd13 --- /dev/null +++ b/etc/rambox.profile
@@ -0,0 +1,31 @@
	1	#Persistent global definitions go here
	2	include /etc/firejail/globals.local
	3
	4	#This file is overwritten during software install.
	5	#Persistent customizations should go in a .local file.
	6	include /etc/firejail/rambox.local
	7
	8	# Rambox profile for firejail
	9	noblacklist ~/.config/Rambox
	10	noblacklist ~/.pki
	11	include /etc/firejail/disable-common.inc
	12	include /etc/firejail/disable-programs.inc
	13	include /etc/firejail/disable-devel.inc
	14
	15	caps.drop all
	16	netfilter
	17	nogroups
	18	nonewprivs
	19	noroot
	20	protocol unix,inet,inet6,netlink
	21	seccomp
	22	#tracelog
	23
	24	whitelist ${DOWNLOADS}
	25	mkdir ~/.config/Rambox
	26	whitelist ~/.config/Rambox
	27	mkdir ~/.pki
	28	whitelist ~/.pki
	29
	30	include /etc/firejail/whitelist-common.inc
	31