Unify all profiles

author: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
committer: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
commit: 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree: 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/tracker.profile
parent: various profile fixes (#1433) (diff)
download: firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
1 files changed, 12 insertions, 13 deletions
diff --git a/etc/tracker.profile b/etc/tracker.profile
index b87bebf43..98040133c 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -1,34 +1,33 @@
-# Persistent global definitions go here
+# Firejail profile for tracker
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/tracker.local
+# Persistent global definitions
+include /etc/firejail/globals.local
-# tracker profile
+blacklist /tmp/.X11-unix
-# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
-no3d
 protocol unix
 seccomp
 shell none
 tracelog
-blacklist /tmp/.X11-unix
 # private-bin tracker
-# private-tmp
 # private-dev
 # private-etc fonts
+# private-tmp
+# CLOBBERED COMMENTS
+# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
author	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
committer	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
commit	9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree	0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/tracker.profile
parent	various profile fixes (#1433) (diff)
download	firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip

diff --git a/etc/tracker.profile b/etc/tracker.profile index b87bebf43..98040133c 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile
@@ -1,34 +1,33 @@
1	# Persistent global definitions go here	1	# Firejail profile for tracker
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/tracker.local	4	include /etc/firejail/tracker.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	# tracker profile	8	blacklist /tmp/.X11-unix
9
10	# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
11		9
12	include /etc/firejail/disable-common.inc	10	include /etc/firejail/disable-common.inc
13	include /etc/firejail/disable-programs.inc
14	include /etc/firejail/disable-devel.inc	11	include /etc/firejail/disable-devel.inc
15	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
16		14
17	caps.drop all	15	caps.drop all
18	netfilter	16	netfilter
		17	no3d
19	nogroups	18	nogroups
20	nonewprivs	19	nonewprivs
21	noroot	20	noroot
22	nosound	21	nosound
23	no3d
24	protocol unix	22	protocol unix
25	seccomp	23	seccomp
26	shell none	24	shell none
27	tracelog	25	tracelog
28		26
29	blacklist /tmp/.X11-unix
30
31	# private-bin tracker	27	# private-bin tracker
32	# private-tmp
33	# private-dev	28	# private-dev
34	# private-etc fonts	29	# private-etc fonts
		30	# private-tmp
		31
		32	# CLOBBERED COMMENTS
		33	# Tracker is started by systemd on most systems. Therefore it is not firejailed by default