Add Zulip profile

author: Jean Lucas <jean@4ray.co> 2019-07-31 03:23:02 -0400
committer: Jean Lucas <jean@4ray.co> 2019-07-31 13:58:06 -0400
commit: b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef (patch)
tree: ae31c11497ab5749ad4fd444c5c37e18cdc9a796 /etc/zulip.profile
parent: Add tb-starter-wrapper.profile (#2863) (diff)
download: firejail-b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef.tar.gz
firejail-b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef.tar.zst
firejail-b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef.zip
1 files changed, 46 insertions, 0 deletions
diff --git a/etc/zulip.profile b/etc/zulip.profile
new file mode 100644
index 000000000..d3f9a2240
--- /dev/null
+++ b/etc/zulip.profile
@@ -0,0 +1,46 @@
+# Firejail profile for zulip
+# Description: Real-time team chat based on the email threading model
+# This file is overwritten after every install/update
+# Persistent local customizations
+include zulip.local
+# Persistent global definitions
+include globals.local
+ignore noexec /tmp
+noblacklist ${HOME}/.config/Zulip
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.config/Zulip
+whitelist ${HOME}/.config/Zulip
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin locale,zulip
+private-cache
+private-dev
+private-etc asound.conf,fonts,machine-id
+private-tmp
author	Jean Lucas <jean@4ray.co>	2019-07-31 03:23:02 -0400
committer	Jean Lucas <jean@4ray.co>	2019-07-31 13:58:06 -0400
commit	b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef (patch)
tree	ae31c11497ab5749ad4fd444c5c37e18cdc9a796 /etc/zulip.profile
parent	Add tb-starter-wrapper.profile (#2863) (diff)
download	firejail-b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef.tar.gz firejail-b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef.tar.zst firejail-b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef.zip

diff --git a/etc/zulip.profile b/etc/zulip.profile new file mode 100644 index 000000000..d3f9a2240 --- /dev/null +++ b/etc/zulip.profile
@@ -0,0 +1,46 @@
	1	# Firejail profile for zulip
	2	# Description: Real-time team chat based on the email threading model
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include zulip.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	ignore noexec /tmp
	10
	11	noblacklist ${HOME}/.config/Zulip
	12
	13	include disable-common.inc
	14	include disable-devel.inc
	15	include disable-exec.inc
	16	include disable-interpreters.inc
	17	include disable-passwdmgr.inc
	18	include disable-programs.inc
	19
	20	mkdir ${HOME}/.config/Zulip
	21	whitelist ${HOME}/.config/Zulip
	22	whitelist ${DOWNLOADS}
	23	include whitelist-common.inc
	24	include whitelist-var-common.inc
	25
	26	apparmor
	27	caps.drop all
	28	netfilter
	29	no3d
	30	nodvd
	31	nogroups
	32	nonewprivs
	33	noroot
	34	notv
	35	nou2f
	36	novideo
	37	protocol unix,inet,inet6
	38	seccomp
	39	shell none
	40
	41	disable-mnt
	42	private-bin locale,zulip
	43	private-cache
	44	private-dev
	45	private-etc asound.conf,fonts,machine-id
	46	private-tmp