Add a profile for Yandex browser

Thanks to @larkvirtual for the paths and testing
author: Tad <tad@spotco.us> 2017-09-02 10:32:45 -0400
committer: Tad <tad@spotco.us> 2017-09-02 10:42:06 -0400
commit: 7fd9fa0cf4e1d2fc997bef23caea883850da6693 (patch)
tree: 2839a7865d0c4696e0e2ad4f39f40ef92953be5f /etc/yandex-browser.profile
parent: Improve seccomp support for non-x86 architectures (diff)
download: firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.gz
firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.zst
firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
new file mode 100644
index 000000000..bfb7b9d87
--- /dev/null
+++ b/etc/yandex-browser.profile
@@ -0,0 +1,42 @@
+# Firejail profile for yandex-browser
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/yandex-browser.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.cache/yandex-browser
+noblacklist ~/.cache/yandex-browser-beta
+noblacklist ~/.config/yandex-browser
+noblacklist ~/.config/yandex-browser-beta
+noblacklist ~/.pki
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.cache/yandex-browser
+mkdir ~/.cache/yandex-browser-beta
+mkdir ~/.config/yandex-browser
+mkdir ~/.config/yandex-browser-beta
+mkdir ~/.pki
+whitelist ${DOWNLOADS}
+whitelist ~/.cache/yandex-browser
+whitelist ~/.cache/yandex-browser-beta
+whitelist ~/.config/yandex-browser
+whitelist ~/.config/yandex-browser-beta
+whitelist ~/.pki
+include /etc/firejail/whitelist-common.inc
+caps.keep sys_chroot,sys_admin
+netfilter
+nodvd
+nogroups
+notv
+shell none
+private-dev
+# private-tmp - problems with multiple browser sessions
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-09-02 10:32:45 -0400
committer	Tad <tad@spotco.us>	2017-09-02 10:42:06 -0400
commit	7fd9fa0cf4e1d2fc997bef23caea883850da6693 (patch)
tree	2839a7865d0c4696e0e2ad4f39f40ef92953be5f /etc/yandex-browser.profile
parent	Improve seccomp support for non-x86 architectures (diff)
download	firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.gz firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.tar.zst firejail-7fd9fa0cf4e1d2fc997bef23caea883850da6693.zip

diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile new file mode 100644 index 000000000..bfb7b9d87 --- /dev/null +++ b/etc/yandex-browser.profile
@@ -0,0 +1,42 @@
	1	# Firejail profile for yandex-browser
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/yandex-browser.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ~/.cache/yandex-browser
	9	noblacklist ~/.cache/yandex-browser-beta
	10	noblacklist ~/.config/yandex-browser
	11	noblacklist ~/.config/yandex-browser-beta
	12	noblacklist ~/.pki
	13
	14	include /etc/firejail/disable-common.inc
	15	include /etc/firejail/disable-devel.inc
	16	include /etc/firejail/disable-programs.inc
	17
	18	mkdir ~/.cache/yandex-browser
	19	mkdir ~/.cache/yandex-browser-beta
	20	mkdir ~/.config/yandex-browser
	21	mkdir ~/.config/yandex-browser-beta
	22	mkdir ~/.pki
	23	whitelist ${DOWNLOADS}
	24	whitelist ~/.cache/yandex-browser
	25	whitelist ~/.cache/yandex-browser-beta
	26	whitelist ~/.config/yandex-browser
	27	whitelist ~/.config/yandex-browser-beta
	28	whitelist ~/.pki
	29	include /etc/firejail/whitelist-common.inc
	30
	31	caps.keep sys_chroot,sys_admin
	32	netfilter
	33	nodvd
	34	nogroups
	35	notv
	36	shell none
	37
	38	private-dev
	39	# private-tmp - problems with multiple browser sessions
	40
	41	noexec ${HOME}
	42	noexec /tmp