Merge branch 'master' of http://github.com/netblue30/firejail

author: netblue30 <netblue30@yahoo.com> 2018-03-12 16:45:10 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-03-12 16:45:10 -0400
commit: abf3f585b35042866de433233cafe3ca0ee5f2ba (patch)
tree: 799ad3ee5dc6f9aa968f14b79e33221240fe465c /etc
parent: bringing back private-lib in evince, and some fixes for Arch Linux (diff)
parent: Add a profile for gnome-builder (diff)
download: firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.gz
firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.zst
firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.zip
2 files changed, 27 insertions, 1 deletions
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
new file mode 100644
index 000000000..a5a48e97a
--- /dev/null
+++ b/etc/gnome-builder.profile
@@ -0,0 +1,25 @@
+# Firejail profile for gnome-builder
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gnome-builder.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 4df71f728..39bf3f7ce 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -37,6 +37,7 @@ private-dev
 private-etc fonts
 private-tmp
-memory-deny-write-execute
+# memory-deny-write-executes breaks on Arch - see issue #1808
+#memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
author	netblue30 <netblue30@yahoo.com>	2018-03-12 16:45:10 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-03-12 16:45:10 -0400
commit	abf3f585b35042866de433233cafe3ca0ee5f2ba (patch)
tree	799ad3ee5dc6f9aa968f14b79e33221240fe465c /etc
parent	bringing back private-lib in evince, and some fixes for Arch Linux (diff)
parent	Add a profile for gnome-builder (diff)
download	firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.gz firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.tar.zst firejail-abf3f585b35042866de433233cafe3ca0ee5f2ba.zip

diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile new file mode 100644 index 000000000..a5a48e97a --- /dev/null +++ b/etc/gnome-builder.profile
@@ -0,0 +1,25 @@
		1	# Firejail profile for gnome-builder
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/gnome-builder.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10	include /etc/firejail/disable-programs.inc
		11
		12	caps.drop all
		13	ipc-namespace
		14	netfilter
		15	nodvd
		16	nogroups
		17	nonewprivs
		18	noroot
		19	notv
		20	novideo
		21	protocol unix,inet,inet6
		22	seccomp
		23	shell none
		24
		25	private-dev


diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 4df71f728..39bf3f7ce 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile
@@ -37,6 +37,7 @@ private-dev
37	private-etc fonts	37	private-etc fonts
38	private-tmp	38	private-tmp
39		39
40	memory-deny-write-execute	40	# memory-deny-write-executes breaks on Arch - see issue #1808
		41	#memory-deny-write-execute
41	noexec ${HOME}	42	noexec ${HOME}
42	noexec /tmp	43	noexec /tmp