diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-05-30 07:41:59 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-05-30 07:41:59 -0400 |
| commit | 97c41479a02b743c34184f4eace95775136d4831 (patch) | |
| tree | eb0f09766ba6f6c0d6fa71c092db7318ac36dd42 /etc | |
| parent | Merge pull request #1317 from laniakea64/master (diff) | |
| download | firejail-97c41479a02b743c34184f4eace95775136d4831.tar.gz firejail-97c41479a02b743c34184f4eace95775136d4831.tar.zst firejail-97c41479a02b743c34184f4eace95775136d4831.zip | |
darktable and vym profiles
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/darktable.profile | 30 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/vym.profile | 30 |
3 files changed, 61 insertions, 0 deletions
diff --git a/etc/darktable.profile b/etc/darktable.profile new file mode 100644 index 000000000..29630a746 --- /dev/null +++ b/etc/darktable.profile | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | # Persistent global definitions go here | ||
| 2 | include /etc/firejail/globals.local | ||
| 3 | |||
| 4 | # This file is overwritten during software install. | ||
| 5 | # Persistent customizations should go in a .local file. | ||
| 6 | include /etc/firejail/darktable.local | ||
| 7 | |||
| 8 | noblacklist ~/.cache/darktable | ||
| 9 | noblacklist ~/.config/darktable | ||
| 10 | include /etc/firejail/disable-common.inc | ||
| 11 | include /etc/firejail/disable-programs.inc | ||
| 12 | include /etc/firejail/disable-passwdmgr.inc | ||
| 13 | |||
| 14 | caps.drop all | ||
| 15 | netfilter | ||
| 16 | nonewprivs | ||
| 17 | noroot | ||
| 18 | protocol unix,inet,inet6 | ||
| 19 | seccomp | ||
| 20 | |||
| 21 | # | ||
| 22 | # depending on your usage, you can enable some of the commands below: | ||
| 23 | # | ||
| 24 | # nogroups | ||
| 25 | shell none | ||
| 26 | # private-bin program | ||
| 27 | # private-etc none | ||
| 28 | # private-dev | ||
| 29 | private-tmp | ||
| 30 | nosound | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 12f6d6d6d..af0bbfce6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -35,6 +35,7 @@ blacklist ${HOME}/.config/Gitter | |||
| 35 | blacklist ${HOME}/.config/Google | 35 | blacklist ${HOME}/.config/Google |
| 36 | blacklist ${HOME}/.config/Gpredict | 36 | blacklist ${HOME}/.config/Gpredict |
| 37 | blacklist ${HOME}/.config/INRIA | 37 | blacklist ${HOME}/.config/INRIA |
| 38 | blacklist ${HOME}/.config/InSilmaril | ||
| 38 | blacklist ${HOME}/.config/Luminance | 39 | blacklist ${HOME}/.config/Luminance |
| 39 | blacklist ${HOME}/.config/Meltytech | 40 | blacklist ${HOME}/.config/Meltytech |
| 40 | blacklist ${HOME}/.config/Mousepad | 41 | blacklist ${HOME}/.config/Mousepad |
diff --git a/etc/vym.profile b/etc/vym.profile new file mode 100644 index 000000000..4139ea901 --- /dev/null +++ b/etc/vym.profile | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | # Persistent global definitions go here | ||
| 2 | include /etc/firejail/globals.local | ||
| 3 | |||
| 4 | # This file is overwritten during software install. | ||
| 5 | # Persistent customizations should go in a .local file. | ||
| 6 | include /etc/firejail/vym.local | ||
| 7 | |||
| 8 | noblacklist ./.config/InSilmaril | ||
| 9 | include /etc/firejail/disable-common.inc | ||
| 10 | include /etc/firejail/disable-programs.inc | ||
| 11 | include /etc/firejail/disable-passwdmgr.inc | ||
| 12 | |||
| 13 | caps.drop all | ||
| 14 | netfilter | ||
| 15 | nonewprivs | ||
| 16 | noroot | ||
| 17 | # no network connectivity | ||
| 18 | protocol unix | ||
| 19 | seccomp | ||
| 20 | |||
| 21 | # | ||
| 22 | # depending on your usage, you can enable some of the commands below: | ||
| 23 | # | ||
| 24 | nogroups | ||
| 25 | shell none | ||
| 26 | # private-bin vym | ||
| 27 | # private-etc none | ||
| 28 | private-dev | ||
| 29 | private-tmp | ||
| 30 | nosound | ||