Add 5 profiles

author: juan <gatitocurioso@cock.lu> 2017-09-16 13:20:36 -0400
committer: Tad <tad@spotco.us> 2017-09-18 18:24:13 -0400
commit: c435504a3eb66dee9a2964658bce8e17627e9c68 (patch)
tree: 492037d3f1cec726000e966d1be598d30148f335 /etc
parent: Add 31 profiles (diff)
download: firejail-c435504a3eb66dee9a2964658bce8e17627e9c68.tar.gz
firejail-c435504a3eb66dee9a2964658bce8e17627e9c68.tar.zst
firejail-c435504a3eb66dee9a2964658bce8e17627e9c68.zip
5 files changed, 174 insertions, 0 deletions
diff --git a/etc/ardour4.profile b/etc/ardour4.profile
new file mode 100644
index 000000000..3a52edb66
--- /dev/null
+++ b/etc/ardour4.profile
@@ -0,0 +1,34 @@
+# Firejail profile for ardour4
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ardour4.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.config/ardour4
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.config/ardour4
+whitelist ~/.config/ardour4
+whitelist ~/Music
+whitelist ~/Música
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+shell none
+tracelog
+# private-bin ardour4
+private-dev
+# private-etc ardour4
+private-tmp
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
new file mode 100644
index 000000000..ec85c7b58
--- /dev/null
+++ b/etc/dooble-qt4.profile
@@ -0,0 +1,33 @@
+# Firejail profile for dooble-qt4
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/dooble-qt4.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.dooble
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.dooble
+mkdir ~/usr/lib/dooble-qt4
+whitelist ${DOWNLOADS}
+whitelist ~/.config/keepassx
+whitelist ~/.config/lastpass
+whitelist ~/.dooble
+whitelist ~/.keepassx
+whitelist ~/.lastpass
+whitelist ~/keepassx.kdbx
+whitelist ~/usr/lib/dooble
+whitelist ~/usr/lib/dooble-qt4
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
diff --git a/etc/dooble.profile b/etc/dooble.profile
new file mode 100644
index 000000000..13e4ead96
--- /dev/null
+++ b/etc/dooble.profile
@@ -0,0 +1,33 @@
+# Firejail profile for dooble
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/dooble.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.dooble
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+mkdir ~/.dooble
+mkdir ~/usr/lib/dooble-qt4
+whitelist ${DOWNLOADS}
+whitelist ~/.config/keepassx
+whitelist ~/.config/lastpass
+whitelist ~/.dooble
+whitelist ~/.keepassx
+whitelist ~/.lastpass
+whitelist ~/keepassx.kdbx
+whitelist ~/usr/lib/dooble
+whitelist ~/usr/lib/dooble-qt4
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
diff --git a/etc/karbon.profile b/etc/karbon.profile
new file mode 100644
index 000000000..da72432f7
--- /dev/null
+++ b/etc/karbon.profile
@@ -0,0 +1,37 @@
+# Firejail profile for karbon
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/karbon.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.kde4
+whitelist ${HOME}/.themes
+whitelist ${HOME}/Images
+whitelist /tmp/.X11-unix
+# DBus has been forced to use an ordinary unix socket
+whitelist /tmp/dbus_session_socket
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+net none
+nogroups
+noroot
+seccomp
+shell none
+# private-bin krita,dbus-launch
+private-dev
+# private-etc fonts,passwd,alternatives,X11
+noexec /home
+noexec /tmp
diff --git a/etc/krita.profile b/etc/krita.profile
new file mode 100644
index 000000000..f6e62e387
--- /dev/null
+++ b/etc/krita.profile
@@ -0,0 +1,37 @@
+# Firejail profile for krita
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/krita.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.kde4
+whitelist ${HOME}/.themes
+whitelist ${HOME}/Images
+whitelist /tmp/.X11-unix
+# DBus has been forced to use an ordinary unix socket
+whitelist /tmp/dbus_session_socket
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+net none
+nogroups
+noroot
+seccomp
+shell none
+# private-bin krita,dbus-launch
+private-dev
+# private-etc fonts,passwd,alternatives,X11
+noexec /home
+noexec /tmp
author	juan <gatitocurioso@cock.lu>	2017-09-16 13:20:36 -0400
committer	Tad <tad@spotco.us>	2017-09-18 18:24:13 -0400
commit	c435504a3eb66dee9a2964658bce8e17627e9c68 (patch)
tree	492037d3f1cec726000e966d1be598d30148f335 /etc
parent	Add 31 profiles (diff)
download	firejail-c435504a3eb66dee9a2964658bce8e17627e9c68.tar.gz firejail-c435504a3eb66dee9a2964658bce8e17627e9c68.tar.zst firejail-c435504a3eb66dee9a2964658bce8e17627e9c68.zip

diff --git a/etc/ardour4.profile b/etc/ardour4.profile new file mode 100644 index 000000000..3a52edb66 --- /dev/null +++ b/etc/ardour4.profile
@@ -0,0 +1,34 @@
	1	# Firejail profile for ardour4
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/ardour4.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ~/.config/ardour4
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-passwdmgr.inc
	13	include /etc/firejail/disable-programs.inc
	14
	15	mkdir ~/.config/ardour4
	16	whitelist ~/.config/ardour4
	17	whitelist ~/Music
	18	whitelist ~/Música
	19	include /etc/firejail/whitelist-common.inc
	20
	21	caps.drop all
	22	netfilter
	23	nogroups
	24	nonewprivs
	25	noroot
	26	protocol unix
	27	seccomp
	28	shell none
	29	tracelog
	30
	31	# private-bin ardour4
	32	private-dev
	33	# private-etc ardour4
	34	private-tmp


diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile new file mode 100644 index 000000000..ec85c7b58 --- /dev/null +++ b/etc/dooble-qt4.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for dooble-qt4
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/dooble-qt4.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ~/.dooble
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	mkdir ~/.dooble
	15	mkdir ~/usr/lib/dooble-qt4
	16	whitelist ${DOWNLOADS}
	17	whitelist ~/.config/keepassx
	18	whitelist ~/.config/lastpass
	19	whitelist ~/.dooble
	20	whitelist ~/.keepassx
	21	whitelist ~/.lastpass
	22	whitelist ~/keepassx.kdbx
	23	whitelist ~/usr/lib/dooble
	24	whitelist ~/usr/lib/dooble-qt4
	25	include /etc/firejail/whitelist-common.inc
	26
	27	caps.drop all
	28	netfilter
	29	nonewprivs
	30	noroot
	31	protocol unix,inet,inet6,netlink
	32	seccomp
	33	tracelog


diff --git a/etc/dooble.profile b/etc/dooble.profile new file mode 100644 index 000000000..13e4ead96 --- /dev/null +++ b/etc/dooble.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for dooble
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/dooble.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ~/.dooble
	9
	10	include /etc/firejail/disable-common.inc
	11	include /etc/firejail/disable-devel.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	mkdir ~/.dooble
	15	mkdir ~/usr/lib/dooble-qt4
	16	whitelist ${DOWNLOADS}
	17	whitelist ~/.config/keepassx
	18	whitelist ~/.config/lastpass
	19	whitelist ~/.dooble
	20	whitelist ~/.keepassx
	21	whitelist ~/.lastpass
	22	whitelist ~/keepassx.kdbx
	23	whitelist ~/usr/lib/dooble
	24	whitelist ~/usr/lib/dooble-qt4
	25	include /etc/firejail/whitelist-common.inc
	26
	27	caps.drop all
	28	netfilter
	29	nonewprivs
	30	noroot
	31	protocol unix,inet,inet6,netlink
	32	seccomp
	33	tracelog


diff --git a/etc/karbon.profile b/etc/karbon.profile new file mode 100644 index 000000000..da72432f7 --- /dev/null +++ b/etc/karbon.profile
@@ -0,0 +1,37 @@
	1	# Firejail profile for karbon
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/karbon.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	blacklist /boot
	9	blacklist /media
	10	blacklist /mnt
	11	blacklist /opt
	12
	13	whitelist ${DOWNLOADS}
	14	whitelist ${HOME}/.config/Trolltech.conf
	15	whitelist ${HOME}/.gtkrc-2.0
	16	whitelist ${HOME}/.kde4
	17	whitelist ${HOME}/.themes
	18	whitelist ${HOME}/Images
	19	whitelist /tmp/.X11-unix
	20	# DBus has been forced to use an ordinary unix socket
	21	whitelist /tmp/dbus_session_socket
	22	include /etc/firejail/whitelist-common.inc
	23
	24	caps.drop all
	25	ipc-namespace
	26	net none
	27	nogroups
	28	noroot
	29	seccomp
	30	shell none
	31
	32	# private-bin krita,dbus-launch
	33	private-dev
	34	# private-etc fonts,passwd,alternatives,X11
	35
	36	noexec /home
	37	noexec /tmp


diff --git a/etc/krita.profile b/etc/krita.profile new file mode 100644 index 000000000..f6e62e387 --- /dev/null +++ b/etc/krita.profile
@@ -0,0 +1,37 @@
	1	# Firejail profile for krita
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/krita.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	blacklist /boot
	9	blacklist /media
	10	blacklist /mnt
	11	blacklist /opt
	12
	13	whitelist ${DOWNLOADS}
	14	whitelist ${HOME}/.config/Trolltech.conf
	15	whitelist ${HOME}/.gtkrc-2.0
	16	whitelist ${HOME}/.kde4
	17	whitelist ${HOME}/.themes
	18	whitelist ${HOME}/Images
	19	whitelist /tmp/.X11-unix
	20	# DBus has been forced to use an ordinary unix socket
	21	whitelist /tmp/dbus_session_socket
	22	include /etc/firejail/whitelist-common.inc
	23
	24	caps.drop all
	25	ipc-namespace
	26	net none
	27	nogroups
	28	noroot
	29	seccomp
	30	shell none
	31
	32	# private-bin krita,dbus-launch
	33	private-dev
	34	# private-etc fonts,passwd,alternatives,X11
	35
	36	noexec /home
	37	noexec /tmp