diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-30 09:33:45 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-30 09:33:45 -0400 |
commit | e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc (patch) | |
tree | 46b9b3aed144e134aa42e8dfa0c048caad744476 /etc | |
parent | Merge pull request #822 from manevich/xauthority-link (diff) | |
download | firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.tar.gz firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.tar.zst firejail-e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc.zip |
added luminance-hdr and synfigstudio profiles
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/luminance-hdr.profile | 23 | ||||
-rw-r--r-- | etc/synfigstudio.profile | 17 |
3 files changed, 43 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 54c53e794..8566ea0c5 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -27,6 +27,9 @@ blacklist ${HOME}/.kde/share/config/okularpartrc | |||
27 | blacklist ${HOME}/.kde/share/apps/gwenview | 27 | blacklist ${HOME}/.kde/share/apps/gwenview |
28 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 28 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
29 | blacklist ${HOME}/.config/qpdfview | 29 | blacklist ${HOME}/.config/qpdfview |
30 | blacklist ${HOME}/.config/Luminance | ||
31 | blacklist ${HOME}/.config/synfig | ||
32 | blacklist ${HOME}/.synfig | ||
30 | 33 | ||
31 | # Media players | 34 | # Media players |
32 | blacklist ${HOME}/.config/cmus | 35 | blacklist ${HOME}/.config/cmus |
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile new file mode 100644 index 000000000..e9207fba3 --- /dev/null +++ b/etc/luminance-hdr.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # luminance-hdr | ||
2 | noblacklist ${HOME}/.config/Luminance | ||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | |||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | protocol unix | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | seccomp | ||
15 | shell none | ||
16 | tracelog | ||
17 | private-tmp | ||
18 | private-dev | ||
19 | noexec ${HOME} | ||
20 | noexec /tmp | ||
21 | nogroups | ||
22 | nosound | ||
23 | ipc-namespace | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile new file mode 100644 index 000000000..d46467b99 --- /dev/null +++ b/etc/synfigstudio.profile | |||
@@ -0,0 +1,17 @@ | |||
1 | # synfigstudio | ||
2 | noblacklist ${HOME}/.config/synfig | ||
3 | noblacklist ${HOME}/.synfig | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | netfilter | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | private-dev | ||
15 | private-tmp | ||
16 | noexec ${HOME} | ||
17 | noexec /tmp | ||