diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-04-26 08:45:52 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-04-26 08:45:52 -0400 |
| commit | da9bdbaeadeba6c2271dd39245cb7583d430bf39 (patch) | |
| tree | 0b37949c0aa788b9c01159624cb50a5e02dd4d57 /etc | |
| parent | Added noexec for home and tmp, spotify profile. (diff) | |
| download | firejail-da9bdbaeadeba6c2271dd39245cb7583d430bf39.tar.gz firejail-da9bdbaeadeba6c2271dd39245cb7583d430bf39.tar.zst firejail-da9bdbaeadeba6c2271dd39245cb7583d430bf39.zip | |
PCManFM profile
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Thunar.profile | 10 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/pcmanfm.profile | 30 |
3 files changed, 40 insertions, 1 deletions
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 5a27177e0..f1b75b1f3 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
| @@ -7,7 +7,7 @@ noblacklist ~/.config/Thunar | |||
| 7 | noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 7 | noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
| 8 | 8 | ||
| 9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
| 10 | include /etc/firejail/disable-programs.inc | 10 | #include /etc/firejail/disable-programs.inc |
| 11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | 13 | ||
| @@ -21,3 +21,11 @@ protocol unix | |||
| 21 | seccomp | 21 | seccomp |
| 22 | shell none | 22 | shell none |
| 23 | tracelog | 23 | tracelog |
| 24 | |||
| 25 | # | ||
| 26 | # depending on you usage, you can enable some of the commands below: | ||
| 27 | # | ||
| 28 | # private-bin program | ||
| 29 | # private-etc none | ||
| 30 | # private-dev | ||
| 31 | # private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9b84f5e8a..18b644987 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -107,6 +107,7 @@ blacklist ${HOME}/.config/opera | |||
| 107 | blacklist ${HOME}/.config/opera-beta | 107 | blacklist ${HOME}/.config/opera-beta |
| 108 | blacklist ${HOME}/.config/orage | 108 | blacklist ${HOME}/.config/orage |
| 109 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 109 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
| 110 | blacklist ${HOME}/.config/pcmanfm | ||
| 110 | blacklist ${HOME}/.config/pix | 111 | blacklist ${HOME}/.config/pix |
| 111 | blacklist ${HOME}/.config/pluma | 112 | blacklist ${HOME}/.config/pluma |
| 112 | blacklist ${HOME}/.config/psi+ | 113 | blacklist ${HOME}/.config/psi+ |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile new file mode 100644 index 000000000..e51c5e3b8 --- /dev/null +++ b/etc/pcmanfm.profile | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | # This file is overwritten during software install. | ||
| 2 | # Persistent customizations should go in a .local file. | ||
| 3 | include /etc/firejail/pcmanfm.local | ||
| 4 | |||
| 5 | noblacklist ~/.config/pcmanfm | ||
| 6 | noblacklist ~/.config/libfm | ||
| 7 | include /etc/firejail/disable-common.inc | ||
| 8 | #include /etc/firejail/disable-programs.inc | ||
| 9 | include /etc/firejail/disable-devel.inc | ||
| 10 | include /etc/firejail/disable-passwdmgr.inc | ||
| 11 | |||
| 12 | caps.drop all | ||
| 13 | netfilter | ||
| 14 | nogroups | ||
| 15 | nonewprivs | ||
| 16 | noroot | ||
| 17 | nosound | ||
| 18 | protocol unix | ||
| 19 | seccomp | ||
| 20 | shell none | ||
| 21 | tracelog | ||
| 22 | |||
| 23 | # | ||
| 24 | # depending on you usage, you can enable some of the commands below: | ||
| 25 | # | ||
| 26 | # private-bin program | ||
| 27 | # private-etc none | ||
| 28 | # private-dev | ||
| 29 | # private-tmp | ||
| 30 | |||