Merge branch 'master' of https://github.com/netblue30/firejail

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-09-19 23:26:22 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-09-19 23:26:22 -0500
commit: 88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2 (patch)
tree: ff4ab558330f8c566ddf7e9909a57e71913a232a /etc/ricochet.profile
parent: Fix private-bit filter for firefox on Arch (diff)
parent: add nogroups (diff)
download: firejail-88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2.tar.gz
firejail-88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2.tar.zst
firejail-88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/etc/ricochet.profile b/etc/ricochet.profile
new file mode 100644
index 000000000..6da0e21d5
--- /dev/null
+++ b/etc/ricochet.profile
@@ -0,0 +1,40 @@
+# Firejail profile for ricochet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ricochet.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.local/share/Ricochet
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.local/share/Ricochet
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin ricochet,tor
+private-dev
+#private-etc fonts,tor,X11,alternatives
+noexec ${HOME}
+noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-09-19 23:26:22 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-09-19 23:26:22 -0500
commit	88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2 (patch)
tree	ff4ab558330f8c566ddf7e9909a57e71913a232a /etc/ricochet.profile
parent	Fix private-bit filter for firefox on Arch (diff)
parent	add nogroups (diff)
download	firejail-88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2.tar.gz firejail-88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2.tar.zst firejail-88c3a266eaaab9a41fe56c7c012ced5d6c33c6d2.zip

diff --git a/etc/ricochet.profile b/etc/ricochet.profile new file mode 100644 index 000000000..6da0e21d5 --- /dev/null +++ b/etc/ricochet.profile
@@ -0,0 +1,40 @@
	1	# Firejail profile for ricochet
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/ricochet.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8
	9	noblacklist ${HOME}/.local/share/Ricochet
	10
	11	include /etc/firejail/disable-common.inc
	12	include /etc/firejail/disable-devel.inc
	13	include /etc/firejail/disable-passwdmgr.inc
	14	include /etc/firejail/disable-programs.inc
	15
	16	whitelist ${DOWNLOADS}
	17	whitelist ${HOME}/.local/share/Ricochet
	18	include /etc/firejail/whitelist-common.inc
	19
	20	caps.drop all
	21	ipc-namespace
	22	netfilter
	23	no3d
	24	nodvd
	25	nogroups
	26	nonewprivs
	27	noroot
	28	notv
	29	novideo
	30	protocol unix,inet,inet6
	31	seccomp
	32	shell none
	33
	34	disable-mnt
	35	private-bin ricochet,tor
	36	private-dev
	37	#private-etc fonts,tor,X11,alternatives
	38
	39	noexec ${HOME}
	40	noexec /tmp