diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-07-28 09:05:32 +0200 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-07-28 09:05:32 +0200 |
| commit | 8f867d029a6ae7b757190d9f273886d4bbc1344b (patch) | |
| tree | a34afc4a39a19bbe9e0b612586ff9ef62217b5f4 /etc | |
| parent | Update RELNOTES (diff) | |
| download | firejail-8f867d029a6ae7b757190d9f273886d4bbc1344b.tar.gz firejail-8f867d029a6ae7b757190d9f273886d4bbc1344b.tar.zst firejail-8f867d029a6ae7b757190d9f273886d4bbc1344b.zip | |
Refactor code.profile as electron redirect
closes #4408
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/profile-a-l/code.profile | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index e19b78908..fdf94ec41 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
| @@ -5,6 +5,21 @@ include code.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include globals.local | 6 | include globals.local |
| 7 | 7 | ||
| 8 | # Disabled until someone reported positive feedback | ||
| 9 | ignore include disable-devel.inc | ||
| 10 | ignore include disable-exec.inc | ||
| 11 | ignore include disable-interpreters.inc | ||
| 12 | ignore include disable-xdg.inc | ||
| 13 | ignore whitelist ${DOWNLOADS} | ||
| 14 | ignore include whitelist-common.inc | ||
| 15 | ignore include whitelist-runuser-common.inc | ||
| 16 | ignore include whitelist-usr-share-common.inc | ||
| 17 | ignore include whitelist-var-common.inc | ||
| 18 | ignore apparmor | ||
| 19 | ignore disable-mnt | ||
| 20 | ignore dbus-user none | ||
| 21 | ignore dbus-system none | ||
| 22 | |||
| 8 | noblacklist ${HOME}/.config/Code | 23 | noblacklist ${HOME}/.config/Code |
| 9 | noblacklist ${HOME}/.config/Code - OSS | 24 | noblacklist ${HOME}/.config/Code - OSS |
| 10 | noblacklist ${HOME}/.vscode | 25 | noblacklist ${HOME}/.vscode |
| @@ -13,31 +28,13 @@ noblacklist ${HOME}/.vscode-oss | |||
| 13 | # Allows files commonly used by IDEs | 28 | # Allows files commonly used by IDEs |
| 14 | include allow-common-devel.inc | 29 | include allow-common-devel.inc |
| 15 | 30 | ||
| 16 | include disable-common.inc | ||
| 17 | include disable-passwdmgr.inc | ||
| 18 | include disable-programs.inc | ||
| 19 | |||
| 20 | caps.drop all | ||
| 21 | netfilter | ||
| 22 | nodvd | ||
| 23 | nogroups | ||
| 24 | noinput | ||
| 25 | nonewprivs | ||
| 26 | noroot | ||
| 27 | nosound | 31 | nosound |
| 28 | notv | ||
| 29 | nou2f | ||
| 30 | novideo | ||
| 31 | protocol unix,inet,inet6,netlink | ||
| 32 | seccomp | ||
| 33 | shell none | ||
| 34 | |||
| 35 | private-cache | ||
| 36 | private-dev | ||
| 37 | private-tmp | ||
| 38 | 32 | ||
| 39 | # Disabling noexec ${HOME} for now since it will | 33 | # Disabling noexec ${HOME} for now since it will |
| 40 | # probably interfere with running some programmes | 34 | # probably interfere with running some programmes |
| 41 | # in VS Code | 35 | # in VS Code |
| 42 | # noexec ${HOME} | 36 | # noexec ${HOME} |
| 43 | noexec /tmp | 37 | noexec /tmp |
| 38 | |||
| 39 | # Redirect | ||
| 40 | include electron.profile | ||