aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Fred-Barclay <Fred-Barclay@users.noreply.github.com>2018-01-28 23:38:54 -0600
committerLibravatar Fred-Barclay <Fred-Barclay@users.noreply.github.com>2018-01-28 23:38:54 -0600
commitcfaf67e1aea9791970b1e7b28fbbbecc8d871c82 (patch)
treefb34b71d2f87e22238a9d9b094413cd3fca3c5e8 /etc
parentnoblacklist /usr/share/perl in hexchat - potential fix for #1754 (diff)
parentdebug messages for appimage (diff)
downloadfirejail-cfaf67e1aea9791970b1e7b28fbbbecc8d871c82.tar.gz
firejail-cfaf67e1aea9791970b1e7b28fbbbecc8d871c82.tar.zst
firejail-cfaf67e1aea9791970b1e7b28fbbbecc8d871c82.zip
Merge branch 'master' of https://github.com/netblue30/firejail
Diffstat (limited to 'etc')
-rw-r--r--etc/disable-programs.inc2
-rw-r--r--etc/redeclipse.profile (renamed from etc/xmr-stak-cpu.profile)17
-rw-r--r--etc/xmr-stak.profile44
-rw-r--r--etc/xonotic.profile1
4 files changed, 53 insertions, 11 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 8cfcaa838..4d9c4d85f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -416,6 +416,7 @@ blacklist ${HOME}/.passwd-s3fs
416blacklist ${HOME}/.pingus 416blacklist ${HOME}/.pingus
417blacklist ${HOME}/.purple 417blacklist ${HOME}/.purple
418blacklist ${HOME}/.qemu-launcher 418blacklist ${HOME}/.qemu-launcher
419blacklist ${HOME}/.redeclipse
419blacklist ${HOME}/.remmina 420blacklist ${HOME}/.remmina
420blacklist ${HOME}/.repo_.gitconfig.json 421blacklist ${HOME}/.repo_.gitconfig.json
421blacklist ${HOME}/.repoconfig 422blacklist ${HOME}/.repoconfig
@@ -453,6 +454,7 @@ blacklist ${HOME}/.wireshark
453blacklist ${HOME}/.wine64 454blacklist ${HOME}/.wine64
454blacklist ${HOME}/.xiphos 455blacklist ${HOME}/.xiphos
455blacklist ${HOME}/.xmms 456blacklist ${HOME}/.xmms
457blacklist ${HOME}/.xmr-stak
456blacklist ${HOME}/.xonotic 458blacklist ${HOME}/.xonotic
457blacklist ${HOME}/.xpdfrc 459blacklist ${HOME}/.xpdfrc
458blacklist ${HOME}/.zoom 460blacklist ${HOME}/.zoom
diff --git a/etc/xmr-stak-cpu.profile b/etc/redeclipse.profile
index 9cc6e0c1f..f0a993c54 100644
--- a/etc/xmr-stak-cpu.profile
+++ b/etc/redeclipse.profile
@@ -1,27 +1,28 @@
1# Firejail profile for xmr-stak-cpu 1# Firejail profile for redeclipse
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3# Persistent local customizations 3# Persistent local customizations
4include /etc/firejail/xmr-stak-cpu.local 4include /etc/firejail/redeclipse.local
5# Persistent global definitions 5# Persistent global definitions
6include /etc/firejail/globals.local 6include /etc/firejail/globals.local
7 7
8noblacklist ${HOME}/.redeclipse
8 9
9include /etc/firejail/disable-common.inc 10include /etc/firejail/disable-common.inc
10include /etc/firejail/disable-devel.inc 11include /etc/firejail/disable-devel.inc
11include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
13 14
15mkdir ${HOME}/.redeclipse
16whitelist ${HOME}/.redeclipse
17include /etc/firejail/whitelist-common.inc
14include /etc/firejail/whitelist-var-common.inc 18include /etc/firejail/whitelist-var-common.inc
15 19
16caps.drop all 20caps.drop all
17ipc-namespace
18netfilter 21netfilter
19no3d
20nodvd 22nodvd
21nogroups 23nogroups
22nonewprivs 24nonewprivs
23noroot 25noroot
24nosound
25notv 26notv
26novideo 27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
@@ -29,14 +30,8 @@ seccomp
29shell none 30shell none
30 31
31disable-mnt 32disable-mnt
32private
33private-bin xmr-stak-cpu
34private-dev 33private-dev
35private-etc xmr-stak-cpu.json
36private-lib
37private-opt none
38private-tmp 34private-tmp
39 35
40memory-deny-write-execute
41noexec ${HOME} 36noexec ${HOME}
42noexec /tmp 37noexec /tmp
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile
new file mode 100644
index 000000000..151a4c694
--- /dev/null
+++ b/etc/xmr-stak.profile
@@ -0,0 +1,44 @@
1# Firejail profile for xmr-stak
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/xmr-stak.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.xmr-stak
9noblacklist /usr/lib/llvm*
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16mkdir ${HOME}/.xmr-stak
17include /etc/firejail/whitelist-var-common.inc
18
19caps.drop all
20ipc-namespace
21netfilter
22nodvd
23nogroups
24nonewprivs
25noroot
26nosound
27notv
28novideo
29protocol unix,inet,inet6
30seccomp
31shell none
32
33disable-mnt
34private ${HOME}/.xmr-stak
35private-bin xmr-stak
36private-dev
37private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
38#private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend
39private-opt cuda
40private-tmp
41
42memory-deny-write-execute
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index d17d2b612..7a466db9b 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc
15mkdir ${HOME}/.xonotic 15mkdir ${HOME}/.xonotic
16whitelist ${HOME}/.xonotic 16whitelist ${HOME}/.xonotic
17include /etc/firejail/whitelist-common.inc 17include /etc/firejail/whitelist-common.inc
18include /etc/firejail/whitelist-var-common.inc
18 19
19caps.drop all 20caps.drop all
20netfilter 21netfilter
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-28 17:17:49 +0000