diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-01-28 23:38:54 -0600 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-01-28 23:38:54 -0600 |
commit | cfaf67e1aea9791970b1e7b28fbbbecc8d871c82 (patch) | |
tree | fb34b71d2f87e22238a9d9b094413cd3fca3c5e8 /etc | |
parent | noblacklist /usr/share/perl in hexchat - potential fix for #1754 (diff) | |
parent | debug messages for appimage (diff) | |
download | firejail-cfaf67e1aea9791970b1e7b28fbbbecc8d871c82.tar.gz firejail-cfaf67e1aea9791970b1e7b28fbbbecc8d871c82.tar.zst firejail-cfaf67e1aea9791970b1e7b28fbbbecc8d871c82.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/redeclipse.profile (renamed from etc/xmr-stak-cpu.profile) | 17 | ||||
-rw-r--r-- | etc/xmr-stak.profile | 44 | ||||
-rw-r--r-- | etc/xonotic.profile | 1 |
4 files changed, 53 insertions, 11 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 8cfcaa838..4d9c4d85f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -416,6 +416,7 @@ blacklist ${HOME}/.passwd-s3fs | |||
416 | blacklist ${HOME}/.pingus | 416 | blacklist ${HOME}/.pingus |
417 | blacklist ${HOME}/.purple | 417 | blacklist ${HOME}/.purple |
418 | blacklist ${HOME}/.qemu-launcher | 418 | blacklist ${HOME}/.qemu-launcher |
419 | blacklist ${HOME}/.redeclipse | ||
419 | blacklist ${HOME}/.remmina | 420 | blacklist ${HOME}/.remmina |
420 | blacklist ${HOME}/.repo_.gitconfig.json | 421 | blacklist ${HOME}/.repo_.gitconfig.json |
421 | blacklist ${HOME}/.repoconfig | 422 | blacklist ${HOME}/.repoconfig |
@@ -453,6 +454,7 @@ blacklist ${HOME}/.wireshark | |||
453 | blacklist ${HOME}/.wine64 | 454 | blacklist ${HOME}/.wine64 |
454 | blacklist ${HOME}/.xiphos | 455 | blacklist ${HOME}/.xiphos |
455 | blacklist ${HOME}/.xmms | 456 | blacklist ${HOME}/.xmms |
457 | blacklist ${HOME}/.xmr-stak | ||
456 | blacklist ${HOME}/.xonotic | 458 | blacklist ${HOME}/.xonotic |
457 | blacklist ${HOME}/.xpdfrc | 459 | blacklist ${HOME}/.xpdfrc |
458 | blacklist ${HOME}/.zoom | 460 | blacklist ${HOME}/.zoom |
diff --git a/etc/xmr-stak-cpu.profile b/etc/redeclipse.profile index 9cc6e0c1f..f0a993c54 100644 --- a/etc/xmr-stak-cpu.profile +++ b/etc/redeclipse.profile | |||
@@ -1,27 +1,28 @@ | |||
1 | # Firejail profile for xmr-stak-cpu | 1 | # Firejail profile for redeclipse |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include /etc/firejail/xmr-stak-cpu.local | 4 | include /etc/firejail/redeclipse.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.redeclipse | ||
8 | 9 | ||
9 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
11 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
13 | 14 | ||
15 | mkdir ${HOME}/.redeclipse | ||
16 | whitelist ${HOME}/.redeclipse | ||
17 | include /etc/firejail/whitelist-common.inc | ||
14 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
15 | 19 | ||
16 | caps.drop all | 20 | caps.drop all |
17 | ipc-namespace | ||
18 | netfilter | 21 | netfilter |
19 | no3d | ||
20 | nodvd | 22 | nodvd |
21 | nogroups | 23 | nogroups |
22 | nonewprivs | 24 | nonewprivs |
23 | noroot | 25 | noroot |
24 | nosound | ||
25 | notv | 26 | notv |
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
@@ -29,14 +30,8 @@ seccomp | |||
29 | shell none | 30 | shell none |
30 | 31 | ||
31 | disable-mnt | 32 | disable-mnt |
32 | private | ||
33 | private-bin xmr-stak-cpu | ||
34 | private-dev | 33 | private-dev |
35 | private-etc xmr-stak-cpu.json | ||
36 | private-lib | ||
37 | private-opt none | ||
38 | private-tmp | 34 | private-tmp |
39 | 35 | ||
40 | memory-deny-write-execute | ||
41 | noexec ${HOME} | 36 | noexec ${HOME} |
42 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile new file mode 100644 index 000000000..151a4c694 --- /dev/null +++ b/etc/xmr-stak.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for xmr-stak | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/xmr-stak.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.xmr-stak | ||
9 | noblacklist /usr/lib/llvm* | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-devel.inc | ||
13 | include /etc/firejail/disable-passwdmgr.inc | ||
14 | include /etc/firejail/disable-programs.inc | ||
15 | |||
16 | mkdir ${HOME}/.xmr-stak | ||
17 | include /etc/firejail/whitelist-var-common.inc | ||
18 | |||
19 | caps.drop all | ||
20 | ipc-namespace | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | nonewprivs | ||
25 | noroot | ||
26 | nosound | ||
27 | notv | ||
28 | novideo | ||
29 | protocol unix,inet,inet6 | ||
30 | seccomp | ||
31 | shell none | ||
32 | |||
33 | disable-mnt | ||
34 | private ${HOME}/.xmr-stak | ||
35 | private-bin xmr-stak | ||
36 | private-dev | ||
37 | private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | ||
38 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend | ||
39 | private-opt cuda | ||
40 | private-tmp | ||
41 | |||
42 | memory-deny-write-execute | ||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index d17d2b612..7a466db9b 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | mkdir ${HOME}/.xonotic | 15 | mkdir ${HOME}/.xonotic |
16 | whitelist ${HOME}/.xonotic | 16 | whitelist ${HOME}/.xonotic |
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | include /etc/firejail/whitelist-var-common.inc | ||
18 | 19 | ||
19 | caps.drop all | 20 | caps.drop all |
20 | netfilter | 21 | netfilter |