Merge pull request #3296 from 0x7969/master

Create ferdi.profile
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-03-29 13:40:09 +0000
committer: GitHub <noreply@github.com> 2020-03-29 13:40:09 +0000
commit: 2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d (patch)
tree: 7cdbeca9d6313a3a55aa8aa2db7ad5182a1d7fdc /etc
parent: blacklist libvirt and flatpak [skip ci] (diff)
parent: Added paths for ferdi (diff)
download: firejail-2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d.tar.gz
firejail-2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d.tar.zst
firejail-2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d.zip
2 files changed, 48 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index be8f0ff75..15a62d4e2 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -75,6 +75,7 @@ blacklist ${HOME}/.config/Code Industry
 blacklist ${HOME}/.config/Cryptocat
 blacklist ${HOME}/.config/Debauchee/Barrier.conf
 blacklist ${HOME}/.config/Enox
+blacklist ${HOME}/.config/Ferdi
 blacklist ${HOME}/.config/Franz
 blacklist ${HOME}/.config/FreeCAD
 blacklist ${HOME}/.config/Fritzing
@@ -738,6 +739,7 @@ blacklist ${HOME}/.cache/BraveSoftware
 blacklist ${HOME}/.cache/Clementine
 blacklist ${HOME}/.cache/Enox
 blacklist ${HOME}/.cache/Enpass
+blacklist ${HOME}/.cache/Ferdi
 blacklist ${HOME}/.cache/Franz
 blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/MusicBrainz
diff --git a/etc/ferdi.profile b/etc/ferdi.profile
new file mode 100644
index 000000000..9b4c5f114
--- /dev/null
+++ b/etc/ferdi.profile
@@ -0,0 +1,46 @@
+# Firejail profile for ferdi
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ferdi.local
+# Persistent global definitions
+include globals.local
+ignore noexec /tmp
+noblacklist ${HOME}/.cache/Ferdi
+noblacklist ${HOME}/.config/Ferdi
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+mkdir ${HOME}/.cache/Ferdi
+mkdir ${HOME}/.config/Ferdi
+mkdir ${HOME}/.pki
+mkdir ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/Ferdi
+whitelist ${HOME}/.config/Ferdi
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.local/share/pki
+include whitelist-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+shell none
+disable-mnt
+private-dev
+private-tmp
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-03-29 13:40:09 +0000
committer	GitHub <noreply@github.com>	2020-03-29 13:40:09 +0000
commit	2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d (patch)
tree	7cdbeca9d6313a3a55aa8aa2db7ad5182a1d7fdc /etc
parent	blacklist libvirt and flatpak [skip ci] (diff)
parent	Added paths for ferdi (diff)
download	firejail-2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d.tar.gz firejail-2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d.tar.zst firejail-2d4485ef8ad989f1bfa7adb4a08ee9db7737a44d.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index be8f0ff75..15a62d4e2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -75,6 +75,7 @@ blacklist ${HOME}/.config/Code Industry
75	blacklist ${HOME}/.config/Cryptocat	75	blacklist ${HOME}/.config/Cryptocat
76	blacklist ${HOME}/.config/Debauchee/Barrier.conf	76	blacklist ${HOME}/.config/Debauchee/Barrier.conf
77	blacklist ${HOME}/.config/Enox	77	blacklist ${HOME}/.config/Enox
		78	blacklist ${HOME}/.config/Ferdi
78	blacklist ${HOME}/.config/Franz	79	blacklist ${HOME}/.config/Franz
79	blacklist ${HOME}/.config/FreeCAD	80	blacklist ${HOME}/.config/FreeCAD
80	blacklist ${HOME}/.config/Fritzing	81	blacklist ${HOME}/.config/Fritzing
@@ -738,6 +739,7 @@ blacklist ${HOME}/.cache/BraveSoftware
738	blacklist ${HOME}/.cache/Clementine	739	blacklist ${HOME}/.cache/Clementine
739	blacklist ${HOME}/.cache/Enox	740	blacklist ${HOME}/.cache/Enox
740	blacklist ${HOME}/.cache/Enpass	741	blacklist ${HOME}/.cache/Enpass
		742	blacklist ${HOME}/.cache/Ferdi
741	blacklist ${HOME}/.cache/Franz	743	blacklist ${HOME}/.cache/Franz
742	blacklist ${HOME}/.cache/INRIA	744	blacklist ${HOME}/.cache/INRIA
743	blacklist ${HOME}/.cache/MusicBrainz	745	blacklist ${HOME}/.cache/MusicBrainz


diff --git a/etc/ferdi.profile b/etc/ferdi.profile new file mode 100644 index 000000000..9b4c5f114 --- /dev/null +++ b/etc/ferdi.profile
@@ -0,0 +1,46 @@
		1	# Firejail profile for ferdi
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include ferdi.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	ignore noexec /tmp
		9
		10	noblacklist ${HOME}/.cache/Ferdi
		11	noblacklist ${HOME}/.config/Ferdi
		12	noblacklist ${HOME}/.pki
		13	noblacklist ${HOME}/.local/share/pki
		14
		15	include disable-common.inc
		16	include disable-devel.inc
		17	include disable-exec.inc
		18	include disable-interpreters.inc
		19	include disable-programs.inc
		20
		21	mkdir ${HOME}/.cache/Ferdi
		22	mkdir ${HOME}/.config/Ferdi
		23	mkdir ${HOME}/.pki
		24	mkdir ${HOME}/.local/share/pki
		25	whitelist ${DOWNLOADS}
		26	whitelist ${HOME}/.cache/Ferdi
		27	whitelist ${HOME}/.config/Ferdi
		28	whitelist ${HOME}/.pki
		29	whitelist ${HOME}/.local/share/pki
		30	include whitelist-common.inc
		31
		32	caps.drop all
		33	netfilter
		34	nodvd
		35	nogroups
		36	nonewprivs
		37	noroot
		38	notv
		39	nou2f
		40	protocol unix,inet,inet6,netlink
		41	seccomp !chroot
		42	shell none
		43
		44	disable-mnt
		45	private-dev
		46	private-tmp