Merge pull request #1849 from jelford/gcloud-profile

Added a basic profile for gcloud
author: SkewedZeppelin <8296104+SkewedZeppelin@users.noreply.github.com> 2018-04-01 06:16:21 -0400
committer: GitHub <noreply@github.com> 2018-04-01 06:16:21 -0400
commit: 4f1a707f84ecabb708b37a7772f3c8d950e1624a (patch)
tree: 8dd71d0ff2c8579d605a94410fdff5c808d713d3 /etc
parent: Merge pull request #1853 from glitsj16/gnome-logs (diff)
parent: Remove /usr/local from gcloud.profile (diff)
download: firejail-4f1a707f84ecabb708b37a7772f3c8d950e1624a.tar.gz
firejail-4f1a707f84ecabb708b37a7772f3c8d950e1624a.tar.zst
firejail-4f1a707f84ecabb708b37a7772f3c8d950e1624a.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
new file mode 100644
index 000000000..195dc9302
--- /dev/null
+++ b/etc/gcloud.profile
@@ -0,0 +1,40 @@
+# Firejail profile for gcloud
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gcloud.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.boto
+noblacklist ${HOME}/.config/gcloud
+noblacklist /var/run/docker.sock
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodbus
+nodvd
+# required for sudo-free docker
+#nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-dev
+private-etc ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache
+private-tmp
+noexec /tmp
+# will break user-local installs of gcloud tooling
+# noexec ${HOME}
author	SkewedZeppelin <8296104+SkewedZeppelin@users.noreply.github.com>	2018-04-01 06:16:21 -0400
committer	GitHub <noreply@github.com>	2018-04-01 06:16:21 -0400
commit	4f1a707f84ecabb708b37a7772f3c8d950e1624a (patch)
tree	8dd71d0ff2c8579d605a94410fdff5c808d713d3 /etc
parent	Merge pull request #1853 from glitsj16/gnome-logs (diff)
parent	Remove /usr/local from gcloud.profile (diff)
download	firejail-4f1a707f84ecabb708b37a7772f3c8d950e1624a.tar.gz firejail-4f1a707f84ecabb708b37a7772f3c8d950e1624a.tar.zst firejail-4f1a707f84ecabb708b37a7772f3c8d950e1624a.zip

diff --git a/etc/gcloud.profile b/etc/gcloud.profile new file mode 100644 index 000000000..195dc9302 --- /dev/null +++ b/etc/gcloud.profile
@@ -0,0 +1,40 @@
	1	# Firejail profile for gcloud
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/gcloud.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ${HOME}/.boto
	9	noblacklist ${HOME}/.config/gcloud
	10	noblacklist /var/run/docker.sock
	11
	12	include /etc/firejail/disable-common.inc
	13	include /etc/firejail/disable-devel.inc
	14	include /etc/firejail/disable-programs.inc
	15
	16	apparmor
	17	caps.drop all
	18	machine-id
	19	netfilter
	20	nodbus
	21	nodvd
	22	# required for sudo-free docker
	23	#nogroups
	24	nonewprivs
	25	noroot
	26	notv
	27	protocol unix,inet,inet6
	28	seccomp
	29	shell none
	30	tracelog
	31
	32	disable-mnt
	33	private-dev
	34	private-etc ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache
	35	private-tmp
	36
	37	noexec /tmp
	38
	39	# will break user-local installs of gcloud tooling
	40	# noexec ${HOME}