Further fixup #1565 and add a profile for uefitool

author: Tad <tad@spotco.us> 2017-09-22 08:42:52 -0400
committer: Tad <tad@spotco.us> 2017-09-22 08:42:52 -0400
commit: 04adc450151cc5107098ef2f555ad526ac9f632e (patch)
tree: ce43807c66368539ffba1630ccedb0819cbc12dc /etc/uefitool.profile
parent: Fixup merge of #1565 (diff)
download: firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.gz
firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.zst
firejail-04adc450151cc5107098ef2f555ad526ac9f632e.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
new file mode 100644
index 000000000..138f69aa8
--- /dev/null
+++ b/etc/uefitool.profile
@@ -0,0 +1,33 @@
+# Firejail profile for uefitool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/uefitool.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-09-22 08:42:52 -0400
committer	Tad <tad@spotco.us>	2017-09-22 08:42:52 -0400
commit	04adc450151cc5107098ef2f555ad526ac9f632e (patch)
tree	ce43807c66368539ffba1630ccedb0819cbc12dc /etc/uefitool.profile
parent	Fixup merge of #1565 (diff)
download	firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.gz firejail-04adc450151cc5107098ef2f555ad526ac9f632e.tar.zst firejail-04adc450151cc5107098ef2f555ad526ac9f632e.zip

diff --git a/etc/uefitool.profile b/etc/uefitool.profile new file mode 100644 index 000000000..138f69aa8 --- /dev/null +++ b/etc/uefitool.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for uefitool
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/uefitool.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8
	9	include /etc/firejail/disable-common.inc
	10	include /etc/firejail/disable-devel.inc
	11	include /etc/firejail/disable-passwdmgr.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	caps.drop all
	15	ipc-namespace
	16	net none
	17	no3d
	18	nodvd
	19	nogroups
	20	nonewprivs
	21	noroot
	22	nosound
	23	notv
	24	novideo
	25	protocol unix
	26	seccomp
	27	shell none
	28
	29	private-dev
	30	private-tmp
	31
	32	noexec ${HOME}
	33	noexec /tmp