diff options
author | netblue30 <netblue30@yahoo.com> | 2017-03-05 09:11:12 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-03-05 09:11:12 -0500 |
commit | 9d6124f4d0e9f430e0417d3f5d6cb746672e4e86 (patch) | |
tree | 6eccdae44088d2252be21ca98a2bf856f6e5f092 /etc | |
parent | Merge pull request #1124 from SYN-cook/master (diff) | |
download | firejail-9d6124f4d0e9f430e0417d3f5d6cb746672e4e86.tar.gz firejail-9d6124f4d0e9f430e0417d3f5d6cb746672e4e86.tar.zst firejail-9d6124f4d0e9f430e0417d3f5d6cb746672e4e86.zip |
added Geeqie profile
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/geeqie.profile | 27 | ||||
-rw-r--r-- | etc/vlc.profile | 2 |
3 files changed, 31 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index c59285e85..98983bd72 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -30,6 +30,7 @@ blacklist ${HOME}/.cache/darktable | |||
30 | blacklist ${HOME}/.cache/epiphany | 30 | blacklist ${HOME}/.cache/epiphany |
31 | blacklist ${HOME}/.cache/evolution | 31 | blacklist ${HOME}/.cache/evolution |
32 | blacklist ${HOME}/.cache/gajim | 32 | blacklist ${HOME}/.cache/gajim |
33 | blacklist ${HOME}/.cache/geeqie | ||
33 | blacklist ${HOME}/.cache/google-chrome | 34 | blacklist ${HOME}/.cache/google-chrome |
34 | blacklist ${HOME}/.cache/google-chrome-beta | 35 | blacklist ${HOME}/.cache/google-chrome-beta |
35 | blacklist ${HOME}/.cache/google-chrome-unstable | 36 | blacklist ${HOME}/.cache/google-chrome-unstable |
@@ -103,6 +104,7 @@ blacklist ${HOME}/.config/evolution | |||
103 | blacklist ${HOME}/.config/filezilla | 104 | blacklist ${HOME}/.config/filezilla |
104 | blacklist ${HOME}/.config/flowblade | 105 | blacklist ${HOME}/.config/flowblade |
105 | blacklist ${HOME}/.config/gajim | 106 | blacklist ${HOME}/.config/gajim |
107 | blacklist ${HOME}/.config/geeqie | ||
106 | blacklist ${HOME}/.config/gedit | 108 | blacklist ${HOME}/.config/gedit |
107 | blacklist ${HOME}/.config/google-chrome | 109 | blacklist ${HOME}/.config/google-chrome |
108 | blacklist ${HOME}/.config/google-chrome-beta | 110 | blacklist ${HOME}/.config/google-chrome-beta |
@@ -218,6 +220,7 @@ blacklist ${HOME}/.local/share/epiphany | |||
218 | blacklist ${HOME}/.local/share/evolution | 220 | blacklist ${HOME}/.local/share/evolution |
219 | blacklist ${HOME}/.local/share/feral-interactive | 221 | blacklist ${HOME}/.local/share/feral-interactive |
220 | blacklist ${HOME}/.local/share/gajim | 222 | blacklist ${HOME}/.local/share/gajim |
223 | blacklist ${HOME}/.local/share/geeqie | ||
221 | blacklist ${HOME}/.local/share/gnome-2048 | 224 | blacklist ${HOME}/.local/share/gnome-2048 |
222 | blacklist ${HOME}/.local/share/gnome-chess | 225 | blacklist ${HOME}/.local/share/gnome-chess |
223 | blacklist ${HOME}/.local/share/gnome-music | 226 | blacklist ${HOME}/.local/share/gnome-music |
diff --git a/etc/geeqie.profile b/etc/geeqie.profile new file mode 100644 index 000000000..57f942a50 --- /dev/null +++ b/etc/geeqie.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/geeqie.local | ||
4 | |||
5 | # Firejail profile for Geeqie | ||
6 | noblacklist ~/.cache/geeqie | ||
7 | noblacklist ~/.config/geeqie | ||
8 | noblacklist ~/.local/share/geeqie | ||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | |||
14 | caps.drop all | ||
15 | nogroups | ||
16 | nonewprivs | ||
17 | noroot | ||
18 | protocol unix | ||
19 | seccomp | ||
20 | nosound | ||
21 | |||
22 | private-dev | ||
23 | |||
24 | #Experimental: | ||
25 | shell none | ||
26 | #private-bin geeqie | ||
27 | #private-etc X11 | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 9d1cdb4c8..0c96f0108 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -20,5 +20,5 @@ seccomp | |||
20 | shell none | 20 | shell none |
21 | 21 | ||
22 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 22 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc |
23 | private-dev | 23 | # private-dev |
24 | private-tmp | 24 | private-tmp |