Default profiles work

author: netblue30 <netblue30@yahoo.com> 2015-09-16 07:33:08 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-09-16 07:33:08 -0400
commit: 1265803f63a2f7e5fcb778dac34efe7436eba8c1 (patch)
tree: 00390b5812c63d43111de8e7dba3cbabd0fd7712 /etc
parent: release 0.9.30 (diff)
download: firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.tar.gz
firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.tar.zst
firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.zip
2 files changed, 31 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index f4aea1b6a..984bbe628 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -20,3 +20,23 @@ blacklist ${HOME}/.remmina
 # Other
 blacklist ${HOME}/.tconn
+blacklist ${HOME}/.FBReader
+# X11 session autostart
+blacklist ${HOME}/.xinitrc
+blacklist ${HOME}/.xprofile
+blacklist ${HOME}/.config/autostart
+blacklist /etc/xdg/autostart
+blacklist ${HOME}/.kde4/Autostart
+blacklist ${HOME}/.kde/Autostart
+blacklist ${HOME}/.config/plasma-workspace/shutdown
+blacklist ${HOME}/.config/plasma-workspace/env
+blacklist ${HOME}/.config/lxsession/LXDE/autostart
+blacklist ${HOME}/.fluxbox/startup
+blacklist ${HOME}/.config/openbox/autostart
+blacklist ${HOME}/.config/openbox/environment
+# git, subversion
+blacklist ${HOME}/.subversion
+blacklist ${HOME}/.gitconfig
+blacklist ${HOME}/.git-credential-cache
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
new file mode 100644
index 000000000..97baa2a3e
--- /dev/null
+++ b/etc/fbreader.profile
@@ -0,0 +1,11 @@
+# fbreader profile
+noblacklist ${HOME}/.FBReader
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-history.inc
+caps.drop all
+seccomp
+netfilter
+noroot
author	netblue30 <netblue30@yahoo.com>	2015-09-16 07:33:08 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-09-16 07:33:08 -0400
commit	1265803f63a2f7e5fcb778dac34efe7436eba8c1 (patch)
tree	00390b5812c63d43111de8e7dba3cbabd0fd7712 /etc
parent	release 0.9.30 (diff)
download	firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.tar.gz firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.tar.zst firejail-1265803f63a2f7e5fcb778dac34efe7436eba8c1.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index f4aea1b6a..984bbe628 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -20,3 +20,23 @@ blacklist ${HOME}/.remmina
20		20
21	# Other	21	# Other
22	blacklist ${HOME}/.tconn	22	blacklist ${HOME}/.tconn
		23	blacklist ${HOME}/.FBReader
		24
		25	# X11 session autostart
		26	blacklist ${HOME}/.xinitrc
		27	blacklist ${HOME}/.xprofile
		28	blacklist ${HOME}/.config/autostart
		29	blacklist /etc/xdg/autostart
		30	blacklist ${HOME}/.kde4/Autostart
		31	blacklist ${HOME}/.kde/Autostart
		32	blacklist ${HOME}/.config/plasma-workspace/shutdown
		33	blacklist ${HOME}/.config/plasma-workspace/env
		34	blacklist ${HOME}/.config/lxsession/LXDE/autostart
		35	blacklist ${HOME}/.fluxbox/startup
		36	blacklist ${HOME}/.config/openbox/autostart
		37	blacklist ${HOME}/.config/openbox/environment
		38
		39	# git, subversion
		40	blacklist ${HOME}/.subversion
		41	blacklist ${HOME}/.gitconfig
		42	blacklist ${HOME}/.git-credential-cache


diff --git a/etc/fbreader.profile b/etc/fbreader.profile new file mode 100644 index 000000000..97baa2a3e --- /dev/null +++ b/etc/fbreader.profile
@@ -0,0 +1,11 @@
		1	# fbreader profile
		2	noblacklist ${HOME}/.FBReader
		3	include /etc/firejail/disable-mgmt.inc
		4	include /etc/firejail/disable-secret.inc
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-history.inc
		7	caps.drop all
		8	seccomp
		9	netfilter
		10	noroot
		11