diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-10-23 14:06:37 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-10-23 14:06:37 +0200 |
commit | 582ae38e811a7a768d2cfbcf93e711ebbc984e07 (patch) | |
tree | f290de320d79ced20ee3e194e91e12cab0d0baea /etc | |
parent | Merge pull request #3683 from jmetrius/vlc-aacs-fix (diff) | |
download | firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.gz firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.tar.zst firejail-582ae38e811a7a768d2cfbcf93e711ebbc984e07.zip |
harden peek; update README.md; add gnome-sound-…
…recorder to firecfg.config
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/profile-m-z/peek.profile | 24 |
2 files changed, 22 insertions, 4 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index a7ce7ed8a..42d690c94 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -68,7 +68,6 @@ blacklist ${HOME}/.cliqz | |||
68 | blacklist ${HOME}/.clonk | 68 | blacklist ${HOME}/.clonk |
69 | blacklist ${HOME}/.config/0ad | 69 | blacklist ${HOME}/.config/0ad |
70 | blacklist ${HOME}/.config/2048-qt | 70 | blacklist ${HOME}/.config/2048-qt |
71 | blacklist ${HOME}/.config/aacs | ||
72 | blacklist ${HOME}/.config/Atom | 71 | blacklist ${HOME}/.config/Atom |
73 | blacklist ${HOME}/.config/Audaciousrc | 72 | blacklist ${HOME}/.config/Audaciousrc |
74 | blacklist ${HOME}/.config/Authenticator | 73 | blacklist ${HOME}/.config/Authenticator |
@@ -143,6 +142,7 @@ blacklist ${HOME}/.config/Wire | |||
143 | blacklist ${HOME}/.config/Youtube | 142 | blacklist ${HOME}/.config/Youtube |
144 | blacklist ${HOME}/.config/Zeal | 143 | blacklist ${HOME}/.config/Zeal |
145 | blacklist ${HOME}/.config/ZeGrapher Project | 144 | blacklist ${HOME}/.config/ZeGrapher Project |
145 | blacklist ${HOME}/.config/aacs | ||
146 | blacklist ${HOME}/.config/abiword | 146 | blacklist ${HOME}/.config/abiword |
147 | blacklist ${HOME}/.config/agenda | 147 | blacklist ${HOME}/.config/agenda |
148 | blacklist ${HOME}/.config/akonadi* | 148 | blacklist ${HOME}/.config/akonadi* |
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 66fdd6496..28a7da404 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -17,7 +17,18 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | #mkdir ${HOME}/.cache/peek | ||
21 | #whitelist ${HOME}/.cache/peek | ||
22 | #whitelist ${PICTURES} | ||
23 | #whitelist ${VIDEOS} | ||
24 | #include whitelist-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
20 | caps.drop all | 30 | caps.drop all |
31 | machine-id | ||
21 | net none | 32 | net none |
22 | no3d | 33 | no3d |
23 | nodvd | 34 | nodvd |
@@ -31,13 +42,20 @@ novideo | |||
31 | protocol unix | 42 | protocol unix |
32 | seccomp | 43 | seccomp |
33 | shell none | 44 | shell none |
45 | tracelog | ||
34 | 46 | ||
35 | # private-bin breaks gif mode, mp4 and webm mode work fine however | 47 | disable-mnt |
36 | # private-bin convert,ffmpeg,peek | 48 | private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh |
37 | private-dev | 49 | private-dev |
50 | private-etc dconf,firejail,fonts,gtk-3.0,login.defs,pango,passwd,X11 | ||
38 | private-tmp | 51 | private-tmp |
39 | 52 | ||
40 | dbus-user none | 53 | dbus-user filter |
54 | dbus-user.own com.uploadedlobster.peek | ||
55 | dbus-user.talk ca.desrt.dconf | ||
56 | dbus-user.talk org.freedesktop.FileManager1 | ||
57 | dbus-user.talk org.freedesktop.Notifications | ||
58 | dbus-user.talk org.gnome.Shell.Screencast | ||
41 | dbus-system none | 59 | dbus-system none |
42 | 60 | ||
43 | memory-deny-write-execute | 61 | memory-deny-write-execute |