diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-05-30 17:31:25 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-05-30 17:31:25 +0200 |
commit | cb98aea61bf97c8125c2d2df6cb08b9f05355e3a (patch) | |
tree | 493a2a6c030f323a1966cb04d406df7b140d9593 /etc/templates/profile.template | |
parent | profile housekeeping (diff) | |
download | firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.tar.gz firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.tar.zst firejail-cb98aea61bf97c8125c2d2df6cb08b9f05355e3a.zip |
Add profile templates
Create etc/templates
* profile.template
* redirect_alias-profile.template
* syscalls.txt
* Notes
Diffstat (limited to 'etc/templates/profile.template')
-rw-r--r-- | etc/templates/profile.template | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template new file mode 100644 index 000000000..d7da0ed20 --- /dev/null +++ b/etc/templates/profile.template | |||
@@ -0,0 +1,82 @@ | |||
1 | # Firejail profile for PROGRAM_NAME | ||
2 | # Description: DESCRIPTION | ||
3 | # This file is overwritten after every install/update | ||
4 | ##quiet | ||
5 | # Persistent local customizations | ||
6 | #include PROFILE.local | ||
7 | # Persistent global definitions | ||
8 | #include globals.local | ||
9 | |||
10 | ##ignore noexec ${HOME} | ||
11 | |||
12 | ##blacklist PATH | ||
13 | |||
14 | #noblacklist PATH | ||
15 | |||
16 | # Allow python (blacklisted by disable-interpreters.inc) | ||
17 | #noblacklist ${PATH}/python2* | ||
18 | #noblacklist ${PATH}/python3* | ||
19 | #noblacklist /usr/lib/python2* | ||
20 | #noblacklist /usr/lib/python3* | ||
21 | #noblacklist /usr/local/lib/python2* | ||
22 | #noblacklist /usr/local/lib/python3* | ||
23 | |||
24 | #include disable-common.inc | ||
25 | #include disable-devel.inc | ||
26 | #include disable-exec.inc | ||
27 | #include disable-interpreters.inc | ||
28 | #include disable-passwdmgr.inc | ||
29 | #include disable-programs.inc | ||
30 | #include disable-xdg.inc | ||
31 | |||
32 | #mkdir PATH | ||
33 | #mkfile PATH | ||
34 | #whitelist PATH | ||
35 | #include whitelist-common.inc | ||
36 | #include whitelist-var-common.inc | ||
37 | |||
38 | #apparmor | ||
39 | #caps.drop all | ||
40 | # CLI only | ||
41 | ##ipc-namespace | ||
42 | #machine-id | ||
43 | # 'net none' or 'netfilter' | ||
44 | #net none | ||
45 | #netfilter | ||
46 | #no3d | ||
47 | #nodbus | ||
48 | #nodvd | ||
49 | #nogroups | ||
50 | #nonewprivs | ||
51 | #noroot | ||
52 | #nosound | ||
53 | #notv | ||
54 | #nou2f | ||
55 | #novideo | ||
56 | #protocol unix,inet,inet6,netlink | ||
57 | #seccomp | ||
58 | ##seccomp.drop SYSCALLS | ||
59 | #shell none | ||
60 | #tracelog | ||
61 | |||
62 | #disable-mnt | ||
63 | ##private | ||
64 | #private-bin PROGRAMS | ||
65 | #private-cache | ||
66 | #private-dev | ||
67 | #private-etc FILES | ||
68 | # private-etc templates (see also #1734) | ||
69 | # Internet: ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | ||
70 | # Sound: alsa,asound.conf,machine-id,openal,pulse | ||
71 | # GTK: dconf,fonts,gtk-2.0,gtk-3.0,pango,xdg | ||
72 | # KDE/QT: fonts,kde4rc,kde5rc,ld.so.cache,machine-id,Trolltech.conf,xdg | ||
73 | # GUIs: fonts | ||
74 | # Alternatives: alternatives | ||
75 | ##private-lib LIBS | ||
76 | ##private-opt NAME | ||
77 | #private-tmp | ||
78 | |||
79 | ##env VAR=VALUE | ||
80 | #memory-deny-write-execute | ||
81 | ##read-only ${HOME} | ||
82 | ##join-or-start NAME | ||