add profile for sushi (#3558)

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-07-30 20:41:02 +0000
committer: GitHub <noreply@github.com> 2020-07-30 20:41:02 +0000
commit: 8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c (patch)
tree: 9fb3a024c539db2bb9010132b1a48be2c1066ee1 /etc
parent: Added lyx profile (#3556) (diff)
download: firejail-8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c.tar.gz
firejail-8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c.tar.zst
firejail-8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c.zip
2 files changed, 58 insertions, 0 deletions
diff --git a/etc/profile-m-z/org.gnome.NautilusPreviewer.profile b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile
new file mode 100644
index 000000000..eb75add58
--- /dev/null
+++ b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile
@@ -0,0 +1,10 @@
+# Firejail profile alias for sushi
+# This file is overwritten after every install/update
+# Persistent local customizations
+include org.gnome.NautilusPreviewer.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include sushi.profile
diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile
new file mode 100644
index 000000000..68abd8c94
--- /dev/null
+++ b/etc/profile-m-z/sushi.profile
@@ -0,0 +1,48 @@
+# Firejail profile for sushi
+# Description: A quick previewer for Nautilus
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sushi.local
+# Persistent global definitions
+include globals.local
+# Allow gjs (blacklisted by disable-interpreters.inc)
+include allow-gjs.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# include disable-programs.inc
+include disable-shell.inc
+include whitelist-runuser-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-bin gjs,sushi
+private-dev
+private-tmp
+dbus-system none
+read-only /
+read-only /mnt
+read-only /media
+read-only /run/mount
+read-only /run/media
+read-only ${HOME}
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-07-30 20:41:02 +0000
committer	GitHub <noreply@github.com>	2020-07-30 20:41:02 +0000
commit	8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c (patch)
tree	9fb3a024c539db2bb9010132b1a48be2c1066ee1 /etc
parent	Added lyx profile (#3556) (diff)
download	firejail-8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c.tar.gz firejail-8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c.tar.zst firejail-8cddf9dc2e3292d1abfdc7ea0a92acac08a6c70c.zip

diff --git a/etc/profile-m-z/org.gnome.NautilusPreviewer.profile b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile new file mode 100644 index 000000000..eb75add58 --- /dev/null +++ b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile
@@ -0,0 +1,10 @@
	1	# Firejail profile alias for sushi
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include org.gnome.NautilusPreviewer.local
	5	# Persistent global definitions
	6	# added by included profile
	7	#include globals.local
	8
	9	# Redirect
	10	include sushi.profile


diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile new file mode 100644 index 000000000..68abd8c94 --- /dev/null +++ b/etc/profile-m-z/sushi.profile
@@ -0,0 +1,48 @@
	1	# Firejail profile for sushi
	2	# Description: A quick previewer for Nautilus
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include sushi.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Allow gjs (blacklisted by disable-interpreters.inc)
	10	include allow-gjs.inc
	11
	12	include disable-common.inc
	13	include disable-devel.inc
	14	include disable-exec.inc
	15	include disable-interpreters.inc
	16	include disable-passwdmgr.inc
	17	# include disable-programs.inc
	18	include disable-shell.inc
	19
	20	include whitelist-runuser-common.inc
	21
	22	apparmor
	23	caps.drop all
	24	net none
	25	nodvd
	26	nogroups
	27	nonewprivs
	28	noroot
	29	notv
	30	nou2f
	31	novideo
	32	protocol unix
	33	seccomp
	34	shell none
	35	tracelog
	36
	37	private-bin gjs,sushi
	38	private-dev
	39	private-tmp
	40
	41	dbus-system none
	42
	43	read-only /
	44	read-only /mnt
	45	read-only /media
	46	read-only /run/mount
	47	read-only /run/media
	48	read-only ${HOME}