diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2020-01-26 20:06:21 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-01-26 20:06:21 +0000 |
| commit | c921413c0ce0779cf03a6e5f1a5f831fa3a73573 (patch) | |
| tree | fe9fd5f5f3559e0a51f7bb058a637781e36e5518 /etc | |
| parent | fix beaker.profile (diff) | |
| download | firejail-c921413c0ce0779cf03a6e5f1a5f831fa3a73573.tar.gz firejail-c921413c0ce0779cf03a6e5f1a5f831fa3a73573.tar.zst firejail-c921413c0ce0779cf03a6e5f1a5f831fa3a73573.zip | |
refactor some profiles as electron redirects (#3188)
* refactor as electron redirect
* refactor as electron redirect
* refactor as electron redirect
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/teams-for-linux.profile | 22 | ||||
| -rw-r--r-- | etc/whalebird.profile | 21 | ||||
| -rw-r--r-- | etc/wire-desktop.profile | 21 |
3 files changed, 22 insertions, 42 deletions
diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index d9e874be2..a3feb42ad 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile | |||
| @@ -1,37 +1,26 @@ | |||
| 1 | # Firejail profile for teams-for-linux | 1 | # Firejail profile for teams-for-linux |
| 2 | # Description: Teams for Linux is an Electron application for Microsoft's team collaboration and chat program | 2 | # Description: Unofficial Microsoft Teams client for Linux using Electron. |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include teams-for-linux.local | 5 | include teams-for-linux.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include globals.local | 7 | # added by included profile |
| 8 | #include globals.local | ||
| 8 | 9 | ||
| 9 | noblacklist ${HOME}/.config/teams-for-linux | 10 | noblacklist ${HOME}/.config/teams-for-linux |
| 10 | 11 | ||
| 11 | include disable-common.inc | ||
| 12 | include disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include disable-exec.inc | 13 | include disable-exec.inc |
| 14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include disable-passwdmgr.inc | ||
| 16 | include disable-programs.inc | ||
| 17 | 15 | ||
| 18 | mkdir ${HOME}/.config/teams-for-linux | 16 | mkdir ${HOME}/.config/teams-for-linux |
| 19 | whitelist ${HOME}/.config/teams-for-linux | 17 | whitelist ${HOME}/.config/teams-for-linux |
| 20 | whitelist ${DOWNLOADS} | ||
| 21 | include whitelist-common.inc | 18 | include whitelist-common.inc |
| 22 | include whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
| 23 | 20 | ||
| 24 | caps.drop all | 21 | ignore nodbus |
| 25 | netfilter | ||
| 26 | nodvd | ||
| 27 | nogroups | ||
| 28 | nonewprivs | ||
| 29 | noroot | ||
| 30 | notv | ||
| 31 | nou2f | 22 | nou2f |
| 32 | novideo | 23 | novideo |
| 33 | protocol unix,inet,inet6,netlink | ||
| 34 | seccomp | ||
| 35 | shell none | 24 | shell none |
| 36 | 25 | ||
| 37 | disable-mnt | 26 | disable-mnt |
| @@ -40,3 +29,6 @@ private-cache | |||
| 40 | private-dev | 29 | private-dev |
| 41 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl | 30 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl |
| 42 | private-tmp | 31 | private-tmp |
| 32 | |||
| 33 | # Redirect | ||
| 34 | include electron.profile | ||
diff --git a/etc/whalebird.profile b/etc/whalebird.profile index 26932b6b3..bed1a8623 100644 --- a/etc/whalebird.profile +++ b/etc/whalebird.profile | |||
| @@ -4,37 +4,25 @@ | |||
| 4 | # Persistent local customizations | 4 | # Persistent local customizations |
| 5 | include whalebird.local | 5 | include whalebird.local |
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include globals.local | 7 | # added by included profile |
| 8 | #include globals.local | ||
| 8 | 9 | ||
| 9 | noblacklist ${HOME}/.config/Whalebird | 10 | noblacklist ${HOME}/.config/Whalebird |
| 10 | 11 | ||
| 11 | include disable-common.inc | ||
| 12 | include disable-devel.inc | 12 | include disable-devel.inc |
| 13 | include disable-exec.inc | 13 | include disable-exec.inc |
| 14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
| 15 | include disable-passwdmgr.inc | ||
| 16 | include disable-programs.inc | ||
| 17 | include disable-xdg.inc | 15 | include disable-xdg.inc |
| 18 | 16 | ||
| 19 | mkdir ${HOME}/.config/Whalebird | 17 | mkdir ${HOME}/.config/Whalebird |
| 20 | whitelist ${HOME}/.config/Whalebird | 18 | whitelist ${HOME}/.config/Whalebird |
| 21 | whitelist ${DOWNLOADS} | ||
| 22 | include whitelist-common.inc | 19 | include whitelist-common.inc |
| 23 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
| 24 | 21 | ||
| 25 | apparmor | 22 | ignore nodbus |
| 26 | caps.drop all | ||
| 27 | netfilter | ||
| 28 | no3d | 23 | no3d |
| 29 | nodvd | ||
| 30 | nogroups | ||
| 31 | nonewprivs | ||
| 32 | noroot | ||
| 33 | notv | ||
| 34 | nou2f | 24 | nou2f |
| 35 | novideo | 25 | novideo |
| 36 | protocol unix,inet,inet6 | ||
| 37 | seccomp | ||
| 38 | shell none | 26 | shell none |
| 39 | 27 | ||
| 40 | disable-mnt | 28 | disable-mnt |
| @@ -43,3 +31,6 @@ private-cache | |||
| 43 | private-dev | 31 | private-dev |
| 44 | private-etc fonts,machine-id | 32 | private-etc fonts,machine-id |
| 45 | private-tmp | 33 | private-tmp |
| 34 | |||
| 35 | # Redirect | ||
| 36 | include electron.profile | ||
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index a56ecef1b..78c4b418a 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
| @@ -1,36 +1,33 @@ | |||
| 1 | # Firejail profile for wire-desktop | 1 | # Firejail profile for wire-desktop |
| 2 | # Description: End-to-end encrypted messenger with file sharing, voice calls and video conferences | ||
| 2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 4 | # Persistent local customizations |
| 4 | include wire-desktop.local | 5 | include wire-desktop.local |
| 5 | # Persistent global definitions | 6 | # Persistent global definitions |
| 6 | include globals.local | 7 | # added by included profile |
| 8 | #include globals.local | ||
| 9 | |||
| 10 | # Debian/Ubuntu use /opt/Wire. As that is not in PATH by default, run `firejail /opt/Wire/wire-desktop` to start it. | ||
| 7 | 11 | ||
| 8 | noblacklist ${HOME}/.config/Wire | 12 | noblacklist ${HOME}/.config/Wire |
| 9 | 13 | ||
| 10 | include disable-common.inc | ||
| 11 | include disable-devel.inc | 14 | include disable-devel.inc |
| 12 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 13 | include disable-passwdmgr.inc | ||
| 14 | include disable-programs.inc | ||
| 15 | 16 | ||
| 16 | mkdir ${HOME}/.config/Wire | 17 | mkdir ${HOME}/.config/Wire |
| 17 | whitelist ${HOME}/.config/Wire | 18 | whitelist ${HOME}/.config/Wire |
| 18 | whitelist ${DOWNLOADS} | ||
| 19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
| 20 | 20 | ||
| 21 | caps.keep sys_admin,sys_chroot | 21 | caps.keep sys_admin,sys_chroot |
| 22 | netfilter | 22 | ignore nodbus |
| 23 | nodvd | ||
| 24 | nogroups | ||
| 25 | notv | ||
| 26 | nou2f | 23 | nou2f |
| 27 | shell none | 24 | shell none |
| 28 | 25 | ||
| 29 | # Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore | ||
| 30 | # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" | ||
| 31 | |||
| 32 | disable-mnt | 26 | disable-mnt |
| 33 | private-bin bash,electron,electron4,env,sh,wire-desktop | 27 | private-bin bash,electron,electron4,env,sh,wire-desktop |
| 34 | private-dev | 28 | private-dev |
| 35 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl | 29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl |
| 36 | private-tmp | 30 | private-tmp |
| 31 | |||
| 32 | # Redirect | ||
| 33 | include electron.profile | ||