diff options
author | 2016-04-19 08:21:22 -0400 | |
---|---|---|
committer | 2016-04-19 08:21:22 -0400 | |
commit | c14364ff5ffe9a9415f5879248804cfde57cb793 (patch) | |
tree | 9d85d8ffa7fc206d4408650a1b70603b0f272f1d /etc | |
parent | close lock file (diff) | |
parent | Merge pull request #457 from Fred-Barclay/proposed (diff) | |
download | firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.tar.gz firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.tar.zst firejail-c14364ff5ffe9a9415f5879248804cfde57cb793.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
-rw-r--r-- | etc/aweather.profile | 23 | ||||
-rw-r--r-- | etc/disable-programs.inc | 3 | ||||
-rw-r--r-- | etc/google-play-music-desktop-player.profile | 16 | ||||
-rw-r--r-- | etc/stellarium.profile | 27 |
4 files changed, 69 insertions, 0 deletions
diff --git a/etc/aweather.profile b/etc/aweather.profile new file mode 100644 index 000000000..d7f510a7e --- /dev/null +++ b/etc/aweather.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # Firejail profile for aweather. | ||
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.config/aweather | ||
5 | |||
6 | # Include | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-devel.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | include /etc/firejail/disable-programs.inc | ||
11 | |||
12 | # Call these options | ||
13 | caps.drop all | ||
14 | netfilter | ||
15 | noroot | ||
16 | protocol unix,inet,inet6,netlink | ||
17 | seccomp | ||
18 | tracelog | ||
19 | |||
20 | # Whitelist | ||
21 | mkdir ~/.config | ||
22 | mkdir ~/.config/aweather | ||
23 | whitelist ~/.config/aweather | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6c5515894..317ac082f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -5,10 +5,13 @@ blacklist ${HOME}/.FBReader | |||
5 | blacklist ${HOME}/.wine | 5 | blacklist ${HOME}/.wine |
6 | blacklist ${HOME}/.Mathematica | 6 | blacklist ${HOME}/.Mathematica |
7 | blacklist ${HOME}/.Wolfram Research | 7 | blacklist ${HOME}/.Wolfram Research |
8 | blacklist ${HOME}/.stellarium | ||
8 | blacklist ${HOME}/.config/mupen64plus | 9 | blacklist ${HOME}/.config/mupen64plus |
9 | blacklist ${HOME}/.config/transmission | 10 | blacklist ${HOME}/.config/transmission |
10 | blacklist ${HOME}/.config/uGet | 11 | blacklist ${HOME}/.config/uGet |
11 | blacklist ${HOME}/.config/Gpredict | 12 | blacklist ${HOME}/.config/Gpredict |
13 | blacklist ${HOME}/.config/aweather | ||
14 | blacklist ${HOME}/.config/stellarium | ||
12 | blacklist ~/.kde/share/apps/okular | 15 | blacklist ~/.kde/share/apps/okular |
13 | blacklist ~/.kde/share/config/okularrc | 16 | blacklist ~/.kde/share/config/okularrc |
14 | blacklist ~/.kde/share/config/okularpartrc | 17 | blacklist ~/.kde/share/config/okularpartrc |
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile new file mode 100644 index 000000000..56d09d5b2 --- /dev/null +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -0,0 +1,16 @@ | |||
1 | # Google Play Music desktop player profile | ||
2 | noblacklist ~/.config/Google Play Music Desktop Player | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | noroot | ||
13 | |||
14 | #whitelist ~/.pulse | ||
15 | #whitelist ~/.config/pulse | ||
16 | whitelist ~/.config/Google Play Music Desktop Player | ||
diff --git a/etc/stellarium.profile b/etc/stellarium.profile new file mode 100644 index 000000000..7cb74eeaa --- /dev/null +++ b/etc/stellarium.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # Firejail profile for Stellarium. | ||
2 | |||
3 | # Noblacklist | ||
4 | noblacklist ~/.stellarium | ||
5 | noblacklist ~/.config/stellarium | ||
6 | |||
7 | # Include | ||
8 | include /etc/firejail/disable-common.inc | ||
9 | include /etc/firejail/disable-devel.inc | ||
10 | include /etc/firejail/disable-passwdmgr.inc | ||
11 | include /etc/firejail/disable-programs.inc | ||
12 | |||
13 | # Call these options | ||
14 | caps.drop all | ||
15 | netfilter | ||
16 | noroot | ||
17 | protocol unix,inet,inet6,netlink | ||
18 | seccomp | ||
19 | tracelog | ||
20 | |||
21 | # Whitelist | ||
22 | mkdir ~/.stellarium | ||
23 | whitelist ~/.stellarium | ||
24 | |||
25 | mkdir ~/.config | ||
26 | mkdir ~/.config/stellarium | ||
27 | whitelist ~/.config/stellarium | ||