profiles: add profile for surf browser

author: Reiner Herrmann <reiner@reiner-h.de> 2017-09-18 15:38:07 +0200
committer: Reiner Herrmann <reiner@reiner-h.de> 2017-09-18 15:38:07 +0200
commit: b8c47f080215c3b12baed438944d40b11878f7d8 (patch)
tree: 6414fa0198ae733e217dad18f4f04b857621bf7d /etc/surf.profile
parent: electron profile whitelisting (diff)
download: firejail-b8c47f080215c3b12baed438944d40b11878f7d8.tar.gz
firejail-b8c47f080215c3b12baed438944d40b11878f7d8.tar.zst
firejail-b8c47f080215c3b12baed438944d40b11878f7d8.zip
1 files changed, 35 insertions, 0 deletions
diff --git a/etc/surf.profile b/etc/surf.profile
new file mode 100644
index 000000000..251331902
--- /dev/null
+++ b/etc/surf.profile
@@ -0,0 +1,35 @@
+# Firejail profile for surf
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/surf.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.surf
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.surf
+whitelist ${DOWNLOADS}
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nodvd
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+private-bin ls,surf,sh,dash,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
+private-dev
+private-etc passwd,group,hosts,resolv.conf,fonts,ssl
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Reiner Herrmann <reiner@reiner-h.de>	2017-09-18 15:38:07 +0200
committer	Reiner Herrmann <reiner@reiner-h.de>	2017-09-18 15:38:07 +0200
commit	b8c47f080215c3b12baed438944d40b11878f7d8 (patch)
tree	6414fa0198ae733e217dad18f4f04b857621bf7d /etc/surf.profile
parent	electron profile whitelisting (diff)
download	firejail-b8c47f080215c3b12baed438944d40b11878f7d8.tar.gz firejail-b8c47f080215c3b12baed438944d40b11878f7d8.tar.zst firejail-b8c47f080215c3b12baed438944d40b11878f7d8.zip

diff --git a/etc/surf.profile b/etc/surf.profile new file mode 100644 index 000000000..251331902 --- /dev/null +++ b/etc/surf.profile
@@ -0,0 +1,35 @@
	1	# Firejail profile for surf
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/surf.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ~/.surf
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	mkdir ~/.surf
	15	whitelist ${DOWNLOADS}
	16	include /etc/firejail/whitelist-common.inc
	17
	18	caps.drop all
	19	netfilter
	20	nodvd
	21	nonewprivs
	22	noroot
	23	notv
	24	protocol unix,inet,inet6,netlink
	25	seccomp
	26	shell none
	27	tracelog
	28
	29	private-bin ls,surf,sh,dash,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
	30	private-dev
	31	private-etc passwd,group,hosts,resolv.conf,fonts,ssl
	32	private-tmp
	33
	34	noexec ${HOME}
	35	noexec /tmp