diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-19 08:18:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-19 08:18:54 -0400 |
commit | cf6069de722602c8bd73913d48bddb0ebaef54a4 (patch) | |
tree | ef4bf41099040783a966affbe6f72543560f660c /etc | |
parent | Merge pull request #456 from figue/master (diff) | |
parent | extra stellarium files (diff) | |
download | firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.tar.gz firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.tar.zst firejail-cf6069de722602c8bd73913d48bddb0ebaef54a4.zip |
Merge pull request #457 from Fred-Barclay/proposed
Aweather && Stellarium
Diffstat (limited to 'etc')
-rw-r--r-- | etc/aweather.profile | 23 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/stellarium.profile | 27 |
3 files changed, 53 insertions, 0 deletions
diff --git a/etc/aweather.profile b/etc/aweather.profile new file mode 100644 index 000000000..d7f510a7e --- /dev/null +++ b/etc/aweather.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # Firejail profile for aweather. | ||
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.config/aweather | ||
5 | |||
6 | # Include | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | |||
12 | # Call these options | ||
13 | caps.drop all | ||
14 | netfilter | ||
15 | noroot | ||
16 | protocol unix,inet,inet6,netlink | ||
17 | seccomp | ||
18 | tracelog | ||
19 | |||
20 | # Whitelist | ||
21 | mkdir ~/.config | ||
22 | mkdir ~/.config/aweather | ||
23 | whitelist ~/.config/aweather | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6c5515894..317ac082f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -5,10 +5,13 @@ blacklist ${HOME}/.FBReader | |||
5 | blacklist ${HOME}/.wine | 5 | blacklist ${HOME}/.wine |
6 | blacklist ${HOME}/.Mathematica | 6 | blacklist ${HOME}/.Mathematica |
7 | blacklist ${HOME}/.Wolfram Research | 7 | blacklist ${HOME}/.Wolfram Research |
8 | blacklist ${HOME}/.stellarium | ||
8 | blacklist ${HOME}/.config/mupen64plus | 9 | blacklist ${HOME}/.config/mupen64plus |
9 | blacklist ${HOME}/.config/transmission | 10 | blacklist ${HOME}/.config/transmission |
10 | blacklist ${HOME}/.config/uGet | 11 | blacklist ${HOME}/.config/uGet |
11 | blacklist ${HOME}/.config/Gpredict | 12 | blacklist ${HOME}/.config/Gpredict |
13 | blacklist ${HOME}/.config/aweather | ||
14 | blacklist ${HOME}/.config/stellarium | ||
12 | blacklist ~/.kde/share/apps/okular | 15 | blacklist ~/.kde/share/apps/okular |
13 | blacklist ~/.kde/share/config/okularrc | 16 | blacklist ~/.kde/share/config/okularrc |
14 | blacklist ~/.kde/share/config/okularpartrc | 17 | blacklist ~/.kde/share/config/okularpartrc |
diff --git a/etc/stellarium.profile b/etc/stellarium.profile new file mode 100644 index 000000000..7cb74eeaa --- /dev/null +++ b/etc/stellarium.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # Firejail profile for Stellarium. | ||
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.stellarium | ||
5 | noblacklist ~/.config/stellarium | ||
6 | |||
7 | # Include | ||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | |||
13 | # Call these options | ||
14 | caps.drop all | ||
15 | netfilter | ||
16 | noroot | ||
17 | protocol unix,inet,inet6,netlink | ||
18 | seccomp | ||
19 | tracelog | ||
20 | |||
21 | # Whitelist | ||
22 | mkdir ~/.stellarium | ||
23 | whitelist ~/.stellarium | ||
24 | |||
25 | mkdir ~/.config | ||
26 | mkdir ~/.config/stellarium | ||
27 | whitelist ~/.config/stellarium | ||