New profile: clac (#5947)

* firecfg.config: add support for clac * Create clac.profile
author: glitsj16 <glitsj16@users.noreply.github.com> 2023-08-10 09:11:29 +0000
committer: GitHub <noreply@github.com> 2023-08-10 09:11:29 +0000
commit: f106c33e0c0c0def614820e79a305355ca85f346 (patch)
tree: 60133961f0f4a160529010c77bd6918037476df8 /etc
parent: New profile: journal-viewer (#5943) (diff)
download: firejail-f106c33e0c0c0def614820e79a305355ca85f346.tar.gz
firejail-f106c33e0c0c0def614820e79a305355ca85f346.tar.zst
firejail-f106c33e0c0c0def614820e79a305355ca85f346.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile
new file mode 100644
index 000000000..b654b3890
--- /dev/null
+++ b/etc/profile-a-l/clac.profile
@@ -0,0 +1,63 @@
+# Firejail profile for clac
+# Description: Simple command-line calculator
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include clac.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+#include disable-X11.inc - x11 none
+include disable-xdg.inc
+#include whitelist-common.inc - see #903
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+# block socket syscall to simulate empty protocol option (see #639)
+seccomp socket
+seccomp.block-secondary
+tracelog
+x11 none
+disable-mnt
+private
+private-bin clac
+#private-cache
+private-dev
+private-etc
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+restrict-namespaces
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-08-10 09:11:29 +0000
committer	GitHub <noreply@github.com>	2023-08-10 09:11:29 +0000
commit	f106c33e0c0c0def614820e79a305355ca85f346 (patch)
tree	60133961f0f4a160529010c77bd6918037476df8 /etc
parent	New profile: journal-viewer (#5943) (diff)
download	firejail-f106c33e0c0c0def614820e79a305355ca85f346.tar.gz firejail-f106c33e0c0c0def614820e79a305355ca85f346.tar.zst firejail-f106c33e0c0c0def614820e79a305355ca85f346.zip

diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile new file mode 100644 index 000000000..b654b3890 --- /dev/null +++ b/etc/profile-a-l/clac.profile
@@ -0,0 +1,63 @@
	1	# Firejail profile for clac
	2	# Description: Simple command-line calculator
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include clac.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	blacklist ${RUNUSER}
	11
	12	include disable-common.inc
	13	include disable-devel.inc
	14	include disable-exec.inc
	15	include disable-interpreters.inc
	16	include disable-proc.inc
	17	include disable-programs.inc
	18	include disable-shell.inc
	19	#include disable-X11.inc - x11 none
	20	include disable-xdg.inc
	21
	22	#include whitelist-common.inc - see #903
	23	include whitelist-run-common.inc
	24	include whitelist-runuser-common.inc
	25	include whitelist-usr-share-common.inc
	26	include whitelist-var-common.inc
	27
	28	apparmor
	29	caps.drop all
	30	ipc-namespace
	31	machine-id
	32	net none
	33	no3d
	34	nodvd
	35	nogroups
	36	noinput
	37	nonewprivs
	38	noprinters
	39	noroot
	40	nosound
	41	notv
	42	nou2f
	43	novideo
	44	# block socket syscall to simulate empty protocol option (see #639)
	45	seccomp socket
	46	seccomp.block-secondary
	47	tracelog
	48	x11 none
	49
	50	disable-mnt
	51	private
	52	private-bin clac
	53	#private-cache
	54	private-dev
	55	private-etc
	56	private-tmp
	57
	58	dbus-user none
	59	dbus-system none
	60
	61	memory-deny-write-execute
	62	read-only ${HOME}
	63	restrict-namespaces