diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-21 21:02:36 +0100 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-21 21:02:36 +0100 |
commit | 71e36997587dfb45b6b688cf1bb9673ab34159cc (patch) | |
tree | b5b074e097f471003a19d4894ff9235389660da3 /etc | |
parent | Merge pull request #4125 from glitsj16/gnome-logs (diff) | |
download | firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.tar.gz firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.tar.zst firejail-71e36997587dfb45b6b688cf1bb9673ab34159cc.zip |
Rename chromium-common-hardened and feh-network …
…again
I am still not really happy about the rename from #4028, #4029, #4030
and #4031. I've no problem with moving away .inc but I don't like the
result. So here's a proposal to make this better:
| NAME | DESCRIPTION |
| ------------------------- | ------------------------------------------------------------ |
| `*-addons.profile` | (include) Allow external addons |
| `*-common.profile` | (include) Common parts across multiple profiles |
| `*-hardened.inc.profile` | Further hardening which can not be made default |
| `*-network.inc.profile` | Allow optional network access |
| `*-whitelist.inc.profile` | Enabled whitelisting (which can not be made default) ¹ |
| `*.inc.profile` | Other profile specific includes |
| `*.profile` | A profile for a program |
| `allow-*.inc` | Multiple `noblacklist`s that should always be used together |
| `disable-*.inc` | `blacklist`ing |
| `whitelist-*-common.inc` | common `whitelist`s |
| `*.inc` | Other generic includes |
| `globals.local` | User overrides for all profiles |
| `*.local` | Per profile user overrides |
¹ can be used for programs like KeePassXC or editors.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-a-l/chromium-common-hardened.inc.profile (renamed from etc/profile-a-l/chromium-common-hardened.profile) | 2 | ||||
-rw-r--r-- | etc/profile-a-l/feh-network.inc.profile (renamed from etc/profile-a-l/feh-network.profile) | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/profile-a-l/chromium-common-hardened.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index d756eec50..19addd285 100644 --- a/etc/profile-a-l/chromium-common-hardened.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include chromium-common-hardened.local | 3 | include chromium-common-hardened.inc.local |
4 | 4 | ||
5 | caps.drop all | 5 | caps.drop all |
6 | nonewprivs | 6 | nonewprivs |
diff --git a/etc/profile-a-l/feh-network.profile b/etc/profile-a-l/feh-network.inc.profile index f35facd64..690b39171 100644 --- a/etc/profile-a-l/feh-network.profile +++ b/etc/profile-a-l/feh-network.inc.profile | |||
@@ -1,6 +1,6 @@ | |||
1 | # This file is overwritten during software install. | 1 | # This file is overwritten during software install. |
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include feh-network.local | 3 | include feh-network.inc.local |
4 | 4 | ||
5 | ignore net none | 5 | ignore net none |
6 | netfilter | 6 | netfilter |