Merge pull request #585 from Fred-Barclay/proposed

Proposed
author: netblue30 <netblue30@yahoo.com> 2016-06-20 11:47:43 -0400
committer: GitHub <noreply@github.com> 2016-06-20 11:47:43 -0400
commit: 370dd9a27893e05bd7766269b5e1e59eb18e713d (patch)
tree: 6beb68e7d2e8ec2463f33ef8f355e1067e347ac9 /etc
parent: Merge pull request #586 from avoidr/mpv.profile (diff)
parent: extra Pix files (diff)
download: firejail-370dd9a27893e05bd7766269b5e1e59eb18e713d.tar.gz
firejail-370dd9a27893e05bd7766269b5e1e59eb18e713d.tar.zst
firejail-370dd9a27893e05bd7766269b5e1e59eb18e713d.zip
2 files changed, 21 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index a5b33c860..70deb2b0c 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -17,6 +17,7 @@ blacklist ${HOME}/.config/atril
 blacklist ${HOME}/.config/xreader
 blacklist ${HOME}/.config/xviewer
 blacklist ${HOME}/.config/libreoffice
+blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.kde/share/apps/okular
 blacklist ${HOME}/.kde/share/config/okularrc
 blacklist ${HOME}/.kde/share/config/okularpartrc
@@ -120,3 +121,4 @@ blacklist ${HOME}/.local/share/0ad
 blacklist ${HOME}/.local/share/xplayer
 blacklist ${HOME}/.local/share/totem
 blacklist ${HOME}/.local/share/psi+
+blacklist ${HOME}/.local/share/pix
diff --git a/etc/pix.profile b/etc/pix.profile
new file mode 100644
index 000000000..ccf0c0381
--- /dev/null
+++ b/etc/pix.profile
@@ -0,0 +1,19 @@
+# gthumb profile
+noblacklist ${HOME}/.config/pix
+noblacklist ${HOME}/.local/share/pix
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+private-bin pix
+whitelist /tmp/.X11-unix
author	netblue30 <netblue30@yahoo.com>	2016-06-20 11:47:43 -0400
committer	GitHub <noreply@github.com>	2016-06-20 11:47:43 -0400
commit	370dd9a27893e05bd7766269b5e1e59eb18e713d (patch)
tree	6beb68e7d2e8ec2463f33ef8f355e1067e347ac9 /etc
parent	Merge pull request #586 from avoidr/mpv.profile (diff)
parent	extra Pix files (diff)
download	firejail-370dd9a27893e05bd7766269b5e1e59eb18e713d.tar.gz firejail-370dd9a27893e05bd7766269b5e1e59eb18e713d.tar.zst firejail-370dd9a27893e05bd7766269b5e1e59eb18e713d.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a5b33c860..70deb2b0c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -17,6 +17,7 @@ blacklist ${HOME}/.config/atril
17	blacklist ${HOME}/.config/xreader	17	blacklist ${HOME}/.config/xreader
18	blacklist ${HOME}/.config/xviewer	18	blacklist ${HOME}/.config/xviewer
19	blacklist ${HOME}/.config/libreoffice	19	blacklist ${HOME}/.config/libreoffice
		20	blacklist ${HOME}/.config/pix
20	blacklist ${HOME}/.kde/share/apps/okular	21	blacklist ${HOME}/.kde/share/apps/okular
21	blacklist ${HOME}/.kde/share/config/okularrc	22	blacklist ${HOME}/.kde/share/config/okularrc
22	blacklist ${HOME}/.kde/share/config/okularpartrc	23	blacklist ${HOME}/.kde/share/config/okularpartrc
@@ -120,3 +121,4 @@ blacklist ${HOME}/.local/share/0ad
120	blacklist ${HOME}/.local/share/xplayer	121	blacklist ${HOME}/.local/share/xplayer
121	blacklist ${HOME}/.local/share/totem	122	blacklist ${HOME}/.local/share/totem
122	blacklist ${HOME}/.local/share/psi+	123	blacklist ${HOME}/.local/share/psi+
		124	blacklist ${HOME}/.local/share/pix


diff --git a/etc/pix.profile b/etc/pix.profile new file mode 100644 index 000000000..ccf0c0381 --- /dev/null +++ b/etc/pix.profile
@@ -0,0 +1,19 @@
		1	# gthumb profile
		2	noblacklist ${HOME}/.config/pix
		3	noblacklist ${HOME}/.local/share/pix
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	shell none
		18	private-bin pix
		19	whitelist /tmp/.X11-unix