Add profile templates

Create etc/templates * profile.template * redirect_alias-profile.template * syscalls.txt * Notes
author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-05-30 17:31:25 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-05-30 17:31:25 +0200
commit: cb98aea61bf97c8125c2d2df6cb08b9f05355e3a (patch)
tree: 493a2a6c030f323a1966cb04d406df7b140d9593 /etc/templates/profile.template
parent: profile housekeeping (diff)
download: firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.tar.gz
firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.tar.zst
firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.zip
1 files changed, 82 insertions, 0 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
new file mode 100644
index 000000000..d7da0ed20
--- /dev/null
+++ b/etc/templates/profile.template
@@ -0,0 +1,82 @@
+# Firejail profile for PROGRAM_NAME
+# Description: DESCRIPTION
+# This file is overwritten after every install/update
+##quiet
+# Persistent local customizations
+#include PROFILE.local
+# Persistent global definitions
+#include globals.local
+##ignore noexec ${HOME}
+##blacklist PATH
+#noblacklist PATH
+# Allow python (blacklisted by disable-interpreters.inc)
+#noblacklist ${PATH}/python2*
+#noblacklist ${PATH}/python3*
+#noblacklist /usr/lib/python2*
+#noblacklist /usr/lib/python3*
+#noblacklist /usr/local/lib/python2*
+#noblacklist /usr/local/lib/python3*
+#include disable-common.inc
+#include disable-devel.inc
+#include disable-exec.inc
+#include disable-interpreters.inc
+#include disable-passwdmgr.inc
+#include disable-programs.inc
+#include disable-xdg.inc
+#mkdir PATH
+#mkfile PATH
+#whitelist PATH
+#include whitelist-common.inc
+#include whitelist-var-common.inc
+#apparmor
+#caps.drop all
+# CLI only
+##ipc-namespace
+#machine-id
+# 'net none' or 'netfilter'
+#net none
+#netfilter
+#no3d
+#nodbus
+#nodvd
+#nogroups
+#nonewprivs
+#noroot
+#nosound
+#notv
+#nou2f
+#novideo
+#protocol unix,inet,inet6,netlink
+#seccomp
+##seccomp.drop SYSCALLS
+#shell none
+#tracelog
+#disable-mnt
+##private
+#private-bin PROGRAMS
+#private-cache
+#private-dev
+#private-etc FILES
+# private-etc templates (see also #1734)
+#  Internet: ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
+#  Sound: alsa,asound.conf,machine-id,openal,pulse
+#  GTK: dconf,fonts,gtk-2.0,gtk-3.0,pango,xdg
+#  KDE/QT: fonts,kde4rc,kde5rc,ld.so.cache,machine-id,Trolltech.conf,xdg
+#  GUIs: fonts
+#  Alternatives: alternatives
+##private-lib LIBS
+##private-opt NAME
+#private-tmp
+##env VAR=VALUE
+#memory-deny-write-execute
+##read-only ${HOME}
+##join-or-start NAME
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-05-30 17:31:25 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-05-30 17:31:25 +0200
commit	cb98aea61bf97c8125c2d2df6cb08b9f05355e3a (patch)
tree	493a2a6c030f323a1966cb04d406df7b140d9593 /etc/templates/profile.template
parent	profile housekeeping (diff)
download	firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.tar.gz firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.tar.zst firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.zip

diff --git a/etc/templates/profile.template b/etc/templates/profile.template new file mode 100644 index 000000000..d7da0ed20 --- /dev/null +++ b/etc/templates/profile.template
@@ -0,0 +1,82 @@
	1	# Firejail profile for PROGRAM_NAME
	2	# Description: DESCRIPTION
	3	# This file is overwritten after every install/update
	4	##quiet
	5	# Persistent local customizations
	6	#include PROFILE.local
	7	# Persistent global definitions
	8	#include globals.local
	9
	10	##ignore noexec ${HOME}
	11
	12	##blacklist PATH
	13
	14	#noblacklist PATH
	15
	16	# Allow python (blacklisted by disable-interpreters.inc)
	17	#noblacklist ${PATH}/python2*
	18	#noblacklist ${PATH}/python3*
	19	#noblacklist /usr/lib/python2*
	20	#noblacklist /usr/lib/python3*
	21	#noblacklist /usr/local/lib/python2*
	22	#noblacklist /usr/local/lib/python3*
	23
	24	#include disable-common.inc
	25	#include disable-devel.inc
	26	#include disable-exec.inc
	27	#include disable-interpreters.inc
	28	#include disable-passwdmgr.inc
	29	#include disable-programs.inc
	30	#include disable-xdg.inc
	31
	32	#mkdir PATH
	33	#mkfile PATH
	34	#whitelist PATH
	35	#include whitelist-common.inc
	36	#include whitelist-var-common.inc
	37
	38	#apparmor
	39	#caps.drop all
	40	# CLI only
	41	##ipc-namespace
	42	#machine-id
	43	# 'net none' or 'netfilter'
	44	#net none
	45	#netfilter
	46	#no3d
	47	#nodbus
	48	#nodvd
	49	#nogroups
	50	#nonewprivs
	51	#noroot
	52	#nosound
	53	#notv
	54	#nou2f
	55	#novideo
	56	#protocol unix,inet,inet6,netlink
	57	#seccomp
	58	##seccomp.drop SYSCALLS
	59	#shell none
	60	#tracelog
	61
	62	#disable-mnt
	63	##private
	64	#private-bin PROGRAMS
	65	#private-cache
	66	#private-dev
	67	#private-etc FILES
	68	# private-etc templates (see also #1734)
	69	# Internet: ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
	70	# Sound: alsa,asound.conf,machine-id,openal,pulse
	71	# GTK: dconf,fonts,gtk-2.0,gtk-3.0,pango,xdg
	72	# KDE/QT: fonts,kde4rc,kde5rc,ld.so.cache,machine-id,Trolltech.conf,xdg
	73	# GUIs: fonts
	74	# Alternatives: alternatives
	75	##private-lib LIBS
	76	##private-opt NAME
	77	#private-tmp
	78
	79	##env VAR=VALUE
	80	#memory-deny-write-execute
	81	##read-only ${HOME}
	82	##join-or-start NAME