Add a profile for Neverball

author: Tad <tad@spotco.us> 2017-08-22 12:05:13 -0400
committer: Tad <tad@spotco.us> 2017-08-22 20:05:04 -0400
commit: 3d02204e7424f84695fb776b43886945514fba7b (patch)
tree: 8bb0456e712f27ee0ed57e905d2eb26c9a569da0 /etc
parent: testing (diff)
download: firejail-3d02204e7424f84695fb776b43886945514fba7b.tar.gz
firejail-3d02204e7424f84695fb776b43886945514fba7b.tar.zst
firejail-3d02204e7424f84695fb776b43886945514fba7b.zip
2 files changed, 38 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7b0e6e9eb..d02377036 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -334,6 +334,7 @@ blacklist ${HOME}/.multimc5
 blacklist ${HOME}/.mutt
 blacklist ${HOME}/.mutt/muttrc
 blacklist ${HOME}/.muttrc
+blacklist ${HOME}/.neverball
 blacklist ${HOME}/.nv
 blacklist ${HOME}/.nylas-mail
 blacklist ${HOME}/.openinvaders
diff --git a/etc/neverball.profile b/etc/neverball.profile
new file mode 100644
index 000000000..6a9a3a577
--- /dev/null
+++ b/etc/neverball.profile
@@ -0,0 +1,37 @@
+# Firejail profile for neverball
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/neverball.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.neverball
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.neverball
+whitelist ${HOME}/.neverball
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,netlink
+seccomp
+shell none
+disable-mnt
+private-bin neverball
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-08-22 12:05:13 -0400
committer	Tad <tad@spotco.us>	2017-08-22 20:05:04 -0400
commit	3d02204e7424f84695fb776b43886945514fba7b (patch)
tree	8bb0456e712f27ee0ed57e905d2eb26c9a569da0 /etc
parent	testing (diff)
download	firejail-3d02204e7424f84695fb776b43886945514fba7b.tar.gz firejail-3d02204e7424f84695fb776b43886945514fba7b.tar.zst firejail-3d02204e7424f84695fb776b43886945514fba7b.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7b0e6e9eb..d02377036 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -334,6 +334,7 @@ blacklist ${HOME}/.multimc5
334	blacklist ${HOME}/.mutt	334	blacklist ${HOME}/.mutt
335	blacklist ${HOME}/.mutt/muttrc	335	blacklist ${HOME}/.mutt/muttrc
336	blacklist ${HOME}/.muttrc	336	blacklist ${HOME}/.muttrc
		337	blacklist ${HOME}/.neverball
337	blacklist ${HOME}/.nv	338	blacklist ${HOME}/.nv
338	blacklist ${HOME}/.nylas-mail	339	blacklist ${HOME}/.nylas-mail
339	blacklist ${HOME}/.openinvaders	340	blacklist ${HOME}/.openinvaders


diff --git a/etc/neverball.profile b/etc/neverball.profile new file mode 100644 index 000000000..6a9a3a577 --- /dev/null +++ b/etc/neverball.profile
@@ -0,0 +1,37 @@
		1	# Firejail profile for neverball
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/neverball.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.neverball
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	mkdir ${HOME}/.neverball
		16	whitelist ${HOME}/.neverball
		17	include /etc/firejail/whitelist-common.inc
		18
		19	caps.drop all
		20	netfilter
		21	nodvd
		22	nogroups
		23	nonewprivs
		24	noroot
		25	notv
		26	novideo
		27	protocol unix,netlink
		28	seccomp
		29	shell none
		30
		31	disable-mnt
		32	private-bin neverball
		33	private-dev
		34	private-tmp
		35
		36	noexec ${HOME}
		37	noexec /tmp