Create signal-desktop.profile

Profile for signal-desktop (standalone electron app, see https://github.com/WhisperSystems/Signal-Desktop)
author: Jonas Heinrich <onny@project-insanity.org> 2017-10-07 12:20:17 +0200
committer: GitHub <noreply@github.com> 2017-10-07 12:20:17 +0200
commit: 7ad904c876ec50558add02452e6b3879873e087e (patch)
tree: f7d3ba0a4efe7135fe07b4681be5fe0b976b5e22 /etc
parent: fldd fixes (diff)
download: firejail-7ad904c876ec50558add02452e6b3879873e087e.tar.gz
firejail-7ad904c876ec50558add02452e6b3879873e087e.tar.zst
firejail-7ad904c876ec50558add02452e6b3879873e087e.zip
1 files changed, 35 insertions, 0 deletions
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
new file mode 100644
index 000000000..f515e64a6
--- /dev/null
+++ b/etc/signal-desktop.profile
@@ -0,0 +1,35 @@
+# Firejail profile for sinal-desktop
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/signal-desktop.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.config/Signal
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.config/Signal
+whitelist ${DOWNLOADS}
+whitelist ~/.config/Signal
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+disable-mnt
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Jonas Heinrich <onny@project-insanity.org>	2017-10-07 12:20:17 +0200
committer	GitHub <noreply@github.com>	2017-10-07 12:20:17 +0200
commit	7ad904c876ec50558add02452e6b3879873e087e (patch)
tree	f7d3ba0a4efe7135fe07b4681be5fe0b976b5e22 /etc
parent	fldd fixes (diff)
download	firejail-7ad904c876ec50558add02452e6b3879873e087e.tar.gz firejail-7ad904c876ec50558add02452e6b3879873e087e.tar.zst firejail-7ad904c876ec50558add02452e6b3879873e087e.zip

diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile new file mode 100644 index 000000000..f515e64a6 --- /dev/null +++ b/etc/signal-desktop.profile
@@ -0,0 +1,35 @@
	1	# Firejail profile for sinal-desktop
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/signal-desktop.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ~/.config/Signal
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	mkdir ~/.config/Signal
	15	whitelist ${DOWNLOADS}
	16	whitelist ~/.config/Signal
	17	include /etc/firejail/whitelist-common.inc
	18
	19	caps.drop all
	20	netfilter
	21	nodvd
	22	nogroups
	23	nonewprivs
	24	noroot
	25	notv
	26	protocol unix,inet,inet6,netlink
	27	seccomp
	28	shell none
	29
	30	disable-mnt
	31	private-dev
	32	private-tmp
	33
	34	noexec ${HOME}
	35	noexec /tmp