diff options
author | smitsohu <smitsohu@gmail.com> | 2017-08-11 05:03:35 +0200 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-08-10 22:03:35 -0500 |
commit | e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf (patch) | |
tree | 2201a5db9bb463225b35e2b8104a0df78e99e50a /etc/tuxguitar.profile | |
parent | Enable syscall groups for non-internal use (diff) | |
download | firejail-e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf.tar.gz firejail-e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf.tar.zst firejail-e1fc59bb144e2c68b6349dbd0a3d147b8e8d1daf.zip |
Add TuxGuitar profile (#1453)
* add tuxguitar profile
tested for versions < 1.3
* blacklist tuxguitar
* add tuxguitar
* add tuxguitar
* add support for tuxguitar > 1.2
higher versions fail to launch without protocol=inet,inet6 and with noexec=~. Yet, net=none seems to be still tolerated, which comes handy to block talk with internet and dbus.
* unbreak tuxguitar Internet access
versions >= 1.3 actually run fine with net=none enabled, if the built-in internet dependent feature is not used
Diffstat (limited to 'etc/tuxguitar.profile')
-rw-r--r-- | etc/tuxguitar.profile | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile new file mode 100644 index 000000000..e3f4239f5 --- /dev/null +++ b/etc/tuxguitar.profile | |||
@@ -0,0 +1,30 @@ | |||
1 | # Firejail profile for tuxguitar | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/tuxguitar.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.java | ||
9 | noblacklist ~/.tuxguitar* | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | |||
16 | caps.drop all | ||
17 | # net none - breaks internet for tuxguitar versions 1.3 and higher | ||
18 | no3d | ||
19 | nonewprivs | ||
20 | noroot | ||
21 | novideo | ||
22 | protocol unix,inet,inet6 | ||
23 | seccomp | ||
24 | tracelog | ||
25 | |||
26 | private-dev | ||
27 | private-tmp | ||
28 | |||
29 | # noexec ${HOME} - tuxguitar versions 1.3 and higher might fail to launch | ||
30 | noexec /tmp | ||