diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-07-10 08:33:41 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-07-10 08:33:41 -0400 |
| commit | dbc4be0e49f9b0f8b59ccc87608fc33c39dd6fe4 (patch) | |
| tree | cf5492e55e825bcad0c45826d33d73a16f9e658b /etc | |
| parent | fix discretionary access control for sandboxes running as root with --noprofile (diff) | |
| parent | Fix #1370 (diff) | |
| download | firejail-dbc4be0e49f9b0f8b59ccc87608fc33c39dd6fe4.tar.gz firejail-dbc4be0e49f9b0f8b59ccc87608fc33c39dd6fe4.tar.zst firejail-dbc4be0e49f9b0f8b59ccc87608fc33c39dd6fe4.zip | |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/keepassxc.profile | 5 | ||||
| -rw-r--r-- | etc/peek.profile | 33 |
2 files changed, 36 insertions, 2 deletions
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index deace7898..4a5503944 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
| @@ -8,8 +8,8 @@ include /etc/firejail/keepassxc.local | |||
| 8 | # Firejail profile for KeepassXC | 8 | # Firejail profile for KeepassXC |
| 9 | noblacklist ${HOME}/.config/keepassxc | 9 | noblacklist ${HOME}/.config/keepassxc |
| 10 | noblacklist ${HOME}/.keepassxc | 10 | noblacklist ${HOME}/.keepassxc |
| 11 | noblacklist ${HOME}/.*kdbx | 11 | noblacklist ${HOME}/*.kdbx |
| 12 | noblacklist ${HOME}/.*kdb | 12 | noblacklist ${HOME}/*.kdb |
| 13 | 13 | ||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
| @@ -25,6 +25,7 @@ nogroups | |||
| 25 | nonewprivs | 25 | nonewprivs |
| 26 | noroot | 26 | noroot |
| 27 | nosound | 27 | nosound |
| 28 | novideo | ||
| 28 | protocol unix | 29 | protocol unix |
| 29 | seccomp | 30 | seccomp |
| 30 | shell none | 31 | shell none |
diff --git a/etc/peek.profile b/etc/peek.profile new file mode 100644 index 000000000..bac3e0a99 --- /dev/null +++ b/etc/peek.profile | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | # Persistent global definitions go here | ||
| 2 | include /etc/firejail/globals.local | ||
| 3 | |||
| 4 | # This file is overwritten during software install. | ||
| 5 | # Persistent customizations should go in a .local file. | ||
| 6 | include /etc/firejail/peek.local | ||
| 7 | |||
| 8 | # Firejail profile for Peek | ||
| 9 | noblacklist ${HOME}/.cache/peek | ||
| 10 | |||
| 11 | include /etc/firejail/disable-common.inc | ||
| 12 | include /etc/firejail/disable-devel.inc | ||
| 13 | include /etc/firejail/disable-passwdmgr.inc | ||
| 14 | include /etc/firejail/disable-programs.inc | ||
| 15 | |||
| 16 | caps.drop all | ||
| 17 | net none | ||
| 18 | no3d | ||
| 19 | nogroups | ||
| 20 | nonewprivs | ||
| 21 | noroot | ||
| 22 | nosound | ||
| 23 | novideo | ||
| 24 | protocol unix | ||
| 25 | seccomp | ||
| 26 | shell none | ||
| 27 | |||
| 28 | #private-bin peek,convert,ffmpeg | ||
| 29 | private-dev | ||
| 30 | private-tmp | ||
| 31 | |||
| 32 | noexec ${HOME} | ||
| 33 | noexec /tmp | ||