diff options
author | Tad <tad@spotco.us> | 2018-01-14 12:37:17 -0500 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-01-14 12:37:17 -0500 |
commit | 672cc747039c240d9af53cd3719dec458129ecc0 (patch) | |
tree | 990a375d02cba8fea1648d592fe81cee315db6e2 /etc | |
parent | Add a profile for Pitivi (diff) | |
download | firejail-672cc747039c240d9af53cd3719dec458129ecc0.tar.gz firejail-672cc747039c240d9af53cd3719dec458129ecc0.tar.zst firejail-672cc747039c240d9af53cd3719dec458129ecc0.zip |
Add a profile for OnionShare
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/onionshare-gui.profile | 35 |
2 files changed, 36 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e6d425df2..667c209ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf | |||
155 | blacklist ${HOME}/.config/nheko | 155 | blacklist ${HOME}/.config/nheko |
156 | blacklist ${HOME}/.config/okularpartrc | 156 | blacklist ${HOME}/.config/okularpartrc |
157 | blacklist ${HOME}/.config/okularrc | 157 | blacklist ${HOME}/.config/okularrc |
158 | blacklist ${HOME}/.config/onionshare | ||
158 | blacklist ${HOME}/.config/opera | 159 | blacklist ${HOME}/.config/opera |
159 | blacklist ${HOME}/.config/opera-beta | 160 | blacklist ${HOME}/.config/opera-beta |
160 | blacklist ${HOME}/.config/orage | 161 | blacklist ${HOME}/.config/orage |
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile new file mode 100644 index 000000000..7220f7e1c --- /dev/null +++ b/etc/onionshare-gui.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Firejail profile for onionshare-gui | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/onionshare-gui.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.config/onionshare | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | |||
15 | caps.drop all | ||
16 | ipc-namespace | ||
17 | netfilter | ||
18 | no3d | ||
19 | nodvd | ||
20 | nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | nosound | ||
24 | notv | ||
25 | novideo | ||
26 | protocol unix,inet,inet6 | ||
27 | seccomp | ||
28 | shell none | ||
29 | |||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | memory-deny-write-execute | ||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||