Add a profile for OnionShare

author: Tad <tad@spotco.us> 2018-01-14 12:37:17 -0500
committer: Tad <tad@spotco.us> 2018-01-14 12:37:17 -0500
commit: 672cc747039c240d9af53cd3719dec458129ecc0 (patch)
tree: 990a375d02cba8fea1648d592fe81cee315db6e2 /etc
parent: Add a profile for Pitivi (diff)
download: firejail-672cc747039c240d9af53cd3719dec458129ecc0.tar.gz
firejail-672cc747039c240d9af53cd3719dec458129ecc0.tar.zst
firejail-672cc747039c240d9af53cd3719dec458129ecc0.zip
2 files changed, 36 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index e6d425df2..667c209ed 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf
 blacklist ${HOME}/.config/nheko
 blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/onionshare
 blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
new file mode 100644
index 000000000..7220f7e1c
--- /dev/null
+++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
+# Firejail profile for onionshare-gui
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/onionshare-gui.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/onionshare
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2018-01-14 12:37:17 -0500
committer	Tad <tad@spotco.us>	2018-01-14 12:37:17 -0500
commit	672cc747039c240d9af53cd3719dec458129ecc0 (patch)
tree	990a375d02cba8fea1648d592fe81cee315db6e2 /etc
parent	Add a profile for Pitivi (diff)
download	firejail-672cc747039c240d9af53cd3719dec458129ecc0.tar.gz firejail-672cc747039c240d9af53cd3719dec458129ecc0.tar.zst firejail-672cc747039c240d9af53cd3719dec458129ecc0.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e6d425df2..667c209ed 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -155,6 +155,7 @@ blacklist ${HOME}/.config/netsurf
155	blacklist ${HOME}/.config/nheko	155	blacklist ${HOME}/.config/nheko
156	blacklist ${HOME}/.config/okularpartrc	156	blacklist ${HOME}/.config/okularpartrc
157	blacklist ${HOME}/.config/okularrc	157	blacklist ${HOME}/.config/okularrc
		158	blacklist ${HOME}/.config/onionshare
158	blacklist ${HOME}/.config/opera	159	blacklist ${HOME}/.config/opera
159	blacklist ${HOME}/.config/opera-beta	160	blacklist ${HOME}/.config/opera-beta
160	blacklist ${HOME}/.config/orage	161	blacklist ${HOME}/.config/orage


diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile new file mode 100644 index 000000000..7220f7e1c --- /dev/null +++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
		1	# Firejail profile for onionshare-gui
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/onionshare-gui.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.config/onionshare
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	caps.drop all
		16	ipc-namespace
		17	netfilter
		18	no3d
		19	nodvd
		20	nogroups
		21	nonewprivs
		22	noroot
		23	nosound
		24	notv
		25	novideo
		26	protocol unix,inet,inet6
		27	seccomp
		28	shell none
		29
		30	private-dev
		31	private-tmp
		32
		33	memory-deny-write-execute
		34	noexec ${HOME}
		35	noexec /tmp