summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Tad <tad@spotco.us>2017-08-03 21:56:03 -0400
committerLibravatar Tad <tad@spotco.us>2017-08-03 22:42:38 -0400
commit0f1b7e5ebf3092cc0de52fc84cc5d3c512913093 (patch)
treefab9a934d6b45fd6ca6cf8526baa4b53b747c5d2 /etc
parentMerge pull request #1430 from VladimirSchowalter20/master (diff)
downloadfirejail-0f1b7e5ebf3092cc0de52fc84cc5d3c512913093.tar.gz
firejail-0f1b7e5ebf3092cc0de52fc84cc5d3c512913093.tar.zst
firejail-0f1b7e5ebf3092cc0de52fc84cc5d3c512913093.zip
Add 12 new profiles
apktool, Baobab, dex2jar, gitg, Hashcat, MusicBrainz Picard, OBS Studio, Remmina, sdat2img, Sound Converter, SQLiteBrowser, Truecraft
Diffstat (limited to 'etc')
-rw-r--r--etc/apktool.profile29
-rw-r--r--etc/baobab.profile31
-rw-r--r--etc/dex2jar.profile30
-rw-r--r--etc/gitg.profile34
-rw-r--r--etc/hashcat.profile32
-rw-r--r--etc/obs.profile29
-rw-r--r--etc/picard.profile32
-rw-r--r--etc/remmina.profile31
-rw-r--r--etc/sdat2img.profile30
-rw-r--r--etc/soundconverter.profile30
-rw-r--r--etc/sqlitebrowser.profile34
-rw-r--r--etc/truecraft.profile37
12 files changed, 379 insertions, 0 deletions
diff --git a/etc/apktool.profile b/etc/apktool.profile
new file mode 100644
index 000000000..d0905e253
--- /dev/null
+++ b/etc/apktool.profile
@@ -0,0 +1,29 @@
1quiet
2# Persistent global definitions go here
3include /etc/firejail/globals.local
4
5# This file is overwritten during software install.
6# Persistent customizations should go in a .local file.
7include /etc/firejail/apktool.local
8
9# Firejail profile for apktool
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc
13
14caps.drop all
15net none
16no3d
17nogroups
18nonewprivs
19noroot
20nosound
21novideo
22protocol unix
23seccomp
24shell none
25
26private-dev
27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/baobab.profile b/etc/baobab.profile
new file mode 100644
index 000000000..887e271e3
--- /dev/null
+++ b/etc/baobab.profile
@@ -0,0 +1,31 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/baobab.local
7
8# Firejail profile for Baobab
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12#include /etc/firejail/disable-programs.inc
13
14caps.drop all
15net none
16no3d
17nogroups
18nonewprivs
19noroot
20nosound
21novideo
22protocol unix
23seccomp
24shell none
25
26private-dev
27private-tmp
28
29memory-deny-write-execute
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
new file mode 100644
index 000000000..6d3aaa224
--- /dev/null
+++ b/etc/dex2jar.profile
@@ -0,0 +1,30 @@
1quiet
2# Persistent global definitions go here
3include /etc/firejail/globals.local
4
5# This file is overwritten during software install.
6# Persistent customizations should go in a .local file.
7include /etc/firejail/dex2jar.local
8
9# Firejail profile for dex2jar
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15caps.drop all
16net none
17no3d
18nogroups
19nonewprivs
20noroot
21nosound
22novideo
23protocol unix
24seccomp
25shell none
26
27private-dev
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/gitg.profile b/etc/gitg.profile
new file mode 100644
index 000000000..427cbe92c
--- /dev/null
+++ b/etc/gitg.profile
@@ -0,0 +1,34 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/gitg.local
7
8# Firejail profile for gitg
9noblacklist ${HOME}/.gitconfig
10noblacklist ${HOME}/.ssh
11noblacklist ${HOME}/.local/share/gitg
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
17
18caps.drop all
19no3d
20nogroups
21nonewprivs
22noroot
23nosound
24novideo
25protocol unix,inet,inet6
26seccomp
27shell none
28
29private-dev
30private-tmp
31
32memory-deny-write-execute
33noexec ${HOME}
34noexec /tmp
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
new file mode 100644
index 000000000..1e9540f87
--- /dev/null
+++ b/etc/hashcat.profile
@@ -0,0 +1,32 @@
1quiet
2# Persistent global definitions go here
3include /etc/firejail/globals.local
4
5# This file is overwritten during software install.
6# Persistent customizations should go in a .local file.
7include /etc/firejail/hashcat.local
8
9# Firejail profile for Hashcat
10noblacklist ${HOME}/.hashcat
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17net none
18nogroups
19nonewprivs
20noroot
21nosound
22novideo
23protocol unix
24seccomp
25shell none
26
27disable-mnt
28private-dev
29private-tmp
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/obs.profile b/etc/obs.profile
new file mode 100644
index 000000000..8316551f9
--- /dev/null
+++ b/etc/obs.profile
@@ -0,0 +1,29 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/obs.local
7
8# Firejail profile for OBS Studio
9noblacklist ${HOME}/.config/obs-studio
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17nogroups
18nonewprivs
19noroot
20protocol unix,inet,inet6
21seccomp
22shell none
23tracelog
24
25private-dev
26private-tmp
27
28noexec ${HOME}
29noexec /tmp
diff --git a/etc/picard.profile b/etc/picard.profile
new file mode 100644
index 000000000..0c99e6b3e
--- /dev/null
+++ b/etc/picard.profile
@@ -0,0 +1,32 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/picard.local
7
8# Firejail profile for MusicBrainz Picard
9noblacklist ${HOME}/.cache/MusicBrainz
10noblacklist ${HOME}/.config/MusicBrainz
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16
17caps.drop all
18no3d
19nogroups
20nonewprivs
21noroot
22nosound
23novideo
24protocol unix,inet,inet6
25seccomp
26shell none
27
28private-dev
29private-tmp
30
31noexec ${HOME}
32noexec /tmp
diff --git a/etc/remmina.profile b/etc/remmina.profile
new file mode 100644
index 000000000..5aff10fe3
--- /dev/null
+++ b/etc/remmina.profile
@@ -0,0 +1,31 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/remmina.local
7
8# Firejail profile for Remmina
9noblacklist ${HOME}/.ssh
10noblacklist ${HOME}/.config/remmina
11noblacklist ${HOME}/.local/share/remmina
12
13include /etc/firejail/disable-common.inc
14include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc
17
18caps.drop all
19nogroups
20nonewprivs
21noroot
22novideo
23protocol unix,inet,inet6
24seccomp
25shell none
26
27private-dev
28private-tmp
29
30noexec ${HOME}
31noexec /tmp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
new file mode 100644
index 000000000..855eae5b1
--- /dev/null
+++ b/etc/sdat2img.profile
@@ -0,0 +1,30 @@
1quiet
2# Persistent global definitions go here
3include /etc/firejail/globals.local
4
5# This file is overwritten during software install.
6# Persistent customizations should go in a .local file.
7include /etc/firejail/sdat2img.local
8
9# Firejail profile for sdat2img
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15caps.drop all
16no3d
17net none
18nogroups
19nonewprivs
20noroot
21nosound
22novideo
23protocol unix
24seccomp
25shell none
26
27private-dev
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
new file mode 100644
index 000000000..642612a52
--- /dev/null
+++ b/etc/soundconverter.profile
@@ -0,0 +1,30 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/soundconverter.local
7
8# Firejail profile for Sound Converter
9include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc
13
14caps.drop all
15net none
16no3d
17nogroups
18nonewprivs
19noroot
20nosound
21novideo
22protocol unix
23seccomp
24shell none
25
26private-dev
27private-tmp
28
29noexec ${HOME}
30noexec /tmp
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
new file mode 100644
index 000000000..a08064d8c
--- /dev/null
+++ b/etc/sqlitebrowser.profile
@@ -0,0 +1,34 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/sqlitebrowser.local
7
8# Firejail profile for SQLiteBrowser
9noblacklist ${HOME}/.config/sqlitebrowser
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17net none
18no3d
19nogroups
20nonewprivs
21noroot
22nosound
23novideo
24protocol unix
25seccomp
26shell none
27
28private-bin sqlitebrowser
29private-dev
30private-tmp
31
32memory-deny-write-execute
33noexec ${HOME}
34noexec /tmp
diff --git a/etc/truecraft.profile b/etc/truecraft.profile
new file mode 100644
index 000000000..20435c30f
--- /dev/null
+++ b/etc/truecraft.profile
@@ -0,0 +1,37 @@
1# Persistent global definitions go here
2include /etc/firejail/globals.local
3
4# This file is overwritten during software install.
5# Persistent customizations should go in a .local file.
6include /etc/firejail/truecraft.local
7
8# Firejail profile for TrueCraft
9noblacklist ${HOME}/.config/mono
10noblacklist ${HOME}/.config/truecraft
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16
17mkdir ${HOME}/.config/mono
18whitelist ${HOME}/.config/mono
19mkdir ${HOME}/.config/truecraft
20whitelist ${HOME}/.config/truecraft
21include /etc/firejail/whitelist-common.inc
22
23caps.drop all
24nogroups
25nonewprivs
26noroot
27novideo
28protocol unix,inet,inet6
29seccomp
30shell none
31
32disable-mnt
33private-dev
34private-tmp
35
36noexec ${HOME}
37noexec /tmp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-04 16:31:38 +0000