Add gnome-hexgl.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2020-02-03 14:58:49 +0100
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2020-02-03 14:58:49 +0100
commit: 4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98 (patch)
tree: 092cf347f3282f99c489d68ecfdfa7ae33fd58d0 /etc
parent: fix gnome-passwordsafe -- no whitelist globing yet (diff)
download: firejail-4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98.tar.gz
firejail-4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98.tar.zst
firejail-4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/etc/gnome-hexgl.profile b/etc/gnome-hexgl.profile
new file mode 100644
index 000000000..386c33d7f
--- /dev/null
+++ b/etc/gnome-hexgl.profile
@@ -0,0 +1,49 @@
+# Firejail profile for gnome-hexgl
+# Description: Gthree port of HexGL
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-hexgl.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/mesa_shader_cache
+whitelist ${RUNUSER}/pulse
+whitelist ${RUNUSER}/wayland-0
+whitelist /usr/share/gnome-hexgl
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private
+private-bin gnome-hexgl
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
+read-only ${HOME}
+read-write ${HOME}/.cache/mesa_shader_cache
author	rusty-snake <print_hello_world+Public@protonmail.com>	2020-02-03 14:58:49 +0100
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2020-02-03 14:58:49 +0100
commit	4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98 (patch)
tree	092cf347f3282f99c489d68ecfdfa7ae33fd58d0 /etc
parent	fix gnome-passwordsafe -- no whitelist globing yet (diff)
download	firejail-4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98.tar.gz firejail-4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98.tar.zst firejail-4ad0b26c0351587c8c9c12e7d59b2caa1d9f1b98.zip

diff --git a/etc/gnome-hexgl.profile b/etc/gnome-hexgl.profile new file mode 100644 index 000000000..386c33d7f --- /dev/null +++ b/etc/gnome-hexgl.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for gnome-hexgl
	2	# Description: Gthree port of HexGL
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include gnome-hexgl.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	include disable-common.inc
	10	include disable-devel.inc
	11	include disable-exec.inc
	12	include disable-interpreters.inc
	13	include disable-passwdmgr.inc
	14	include disable-programs.inc
	15	include disable-xdg.inc
	16
	17	mkdir ${HOME}/.cache/mesa_shader_cache
	18	whitelist ${RUNUSER}/pulse
	19	whitelist ${RUNUSER}/wayland-0
	20	whitelist /usr/share/gnome-hexgl
	21	include whitelist-usr-share-common.inc
	22	include whitelist-var-common.inc
	23
	24	apparmor
	25	caps.drop all
	26	net none
	27	nodbus
	28	nodvd
	29	nogroups
	30	nonewprivs
	31	noroot
	32	notv
	33	nou2f
	34	novideo
	35	protocol unix
	36	seccomp
	37	shell none
	38	tracelog
	39
	40	disable-mnt
	41	private
	42	private-bin gnome-hexgl
	43	private-cache
	44	private-dev
	45	private-etc machine-id
	46	private-tmp
	47
	48	read-only ${HOME}
	49	read-write ${HOME}/.cache/mesa_shader_cache