Amend Wire profiles

author: Jean Lucas <jean@4ray.co> 2018-06-14 04:30:58 -0400
committer: Jean Lucas <jean@4ray.co> 2018-06-14 04:32:51 -0400
commit: f57bacc8c72c3f120b33b1516da965431dc543a4 (patch)
tree: e1f50484d8d0e64eeeb360456c9f71076e10298c /etc/wire-desktop.profile
parent: Add --keep-dev-shm (undocumented for now). (diff)
download: firejail-f57bacc8c72c3f120b33b1516da965431dc543a4.tar.gz
firejail-f57bacc8c72c3f120b33b1516da965431dc543a4.tar.zst
firejail-f57bacc8c72c3f120b33b1516da965431dc543a4.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
new file mode 100644
index 000000000..c0e0b3c4b
--- /dev/null
+++ b/etc/wire-desktop.profile
@@ -0,0 +1,33 @@
+# Firejail profile for wire-desktop
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/wire-desktop.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/Wire
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+# Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore
+# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
+private-bin wire-desktop
+disable-mnt
+private-dev
+private-tmp
author	Jean Lucas <jean@4ray.co>	2018-06-14 04:30:58 -0400
committer	Jean Lucas <jean@4ray.co>	2018-06-14 04:32:51 -0400
commit	f57bacc8c72c3f120b33b1516da965431dc543a4 (patch)
tree	e1f50484d8d0e64eeeb360456c9f71076e10298c /etc/wire-desktop.profile
parent	Add --keep-dev-shm (undocumented for now). (diff)
download	firejail-f57bacc8c72c3f120b33b1516da965431dc543a4.tar.gz firejail-f57bacc8c72c3f120b33b1516da965431dc543a4.tar.zst firejail-f57bacc8c72c3f120b33b1516da965431dc543a4.zip

diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile new file mode 100644 index 000000000..c0e0b3c4b --- /dev/null +++ b/etc/wire-desktop.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for wire-desktop
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/wire-desktop.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ${HOME}/.config/Wire
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-interpreters.inc
	13	include /etc/firejail/disable-passwdmgr.inc
	14	include /etc/firejail/disable-programs.inc
	15
	16	caps.drop all
	17	netfilter
	18	nodvd
	19	nogroups
	20	nonewprivs
	21	noroot
	22	notv
	23	protocol unix,inet,inet6,netlink
	24	seccomp
	25	shell none
	26
	27	# Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore
	28	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
	29
	30	private-bin wire-desktop
	31	disable-mnt
	32	private-dev
	33	private-tmp