diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-09-27 11:32:59 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-09-27 11:32:59 -0400 |
| commit | ed31d2238915749730856f877fceae3579b320da (patch) | |
| tree | 9993d1a3f3dacc369a7cd237d5dcc58cf963c7cf /etc | |
| parent | CVE-2016-7545 (diff) | |
| download | firejail-ed31d2238915749730856f877fceae3579b320da.tar.gz firejail-ed31d2238915749730856f877fceae3579b320da.tar.zst firejail-ed31d2238915749730856f877fceae3579b320da.zip | |
mupdf and qpdfview profiles
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/disable-programs.inc | 2 | ||||
| -rw-r--r-- | etc/mupdf.profile | 18 | ||||
| -rw-r--r-- | etc/qpdfview.profile | 22 |
3 files changed, 42 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb0f5a669..54c53e794 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -26,6 +26,7 @@ blacklist ${HOME}/.kde/share/config/okularrc | |||
| 26 | blacklist ${HOME}/.kde/share/config/okularpartrc | 26 | blacklist ${HOME}/.kde/share/config/okularpartrc |
| 27 | blacklist ${HOME}/.kde/share/apps/gwenview | 27 | blacklist ${HOME}/.kde/share/apps/gwenview |
| 28 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 28 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
| 29 | blacklist ${HOME}/.config/qpdfview | ||
| 29 | 30 | ||
| 30 | # Media players | 31 | # Media players |
| 31 | blacklist ${HOME}/.config/cmus | 32 | blacklist ${HOME}/.config/cmus |
| @@ -135,6 +136,7 @@ blacklist ${HOME}/.local/share/totem | |||
| 135 | blacklist ${HOME}/.local/share/psi+ | 136 | blacklist ${HOME}/.local/share/psi+ |
| 136 | blacklist ${HOME}/.local/share/pix | 137 | blacklist ${HOME}/.local/share/pix |
| 137 | blacklist ${HOME}/.local/share/gnome-chess | 138 | blacklist ${HOME}/.local/share/gnome-chess |
| 139 | blacklist ${HOME}/.local/share/qpdfview | ||
| 138 | 140 | ||
| 139 | # ssh | 141 | # ssh |
| 140 | blacklist /tmp/ssh-* | 142 | blacklist /tmp/ssh-* |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile new file mode 100644 index 000000000..6f2db511b --- /dev/null +++ b/etc/mupdf.profile | |||
| @@ -0,0 +1,18 @@ | |||
| 1 | # mupdf reader profile | ||
| 2 | include /etc/firejail/disable-common.inc | ||
| 3 | include /etc/firejail/disable-programs.inc | ||
| 4 | include /etc/firejail/disable-devel.inc | ||
| 5 | include /etc/firejail/disable-passwdmgr.inc | ||
| 6 | |||
| 7 | caps.drop all | ||
| 8 | nogroups | ||
| 9 | nonewprivs | ||
| 10 | noroot | ||
| 11 | nosound | ||
| 12 | protocol unix | ||
| 13 | seccomp | ||
| 14 | shell none | ||
| 15 | tracelog | ||
| 16 | |||
| 17 | private-tmp | ||
| 18 | private-dev | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile new file mode 100644 index 000000000..07ea173e6 --- /dev/null +++ b/etc/qpdfview.profile | |||
| @@ -0,0 +1,22 @@ | |||
| 1 | # qpdfview profile | ||
| 2 | noblacklist ${HOME}/.config/qpdfview | ||
| 3 | noblacklist ${HOME}/.local/share/qpdfview | ||
| 4 | |||
| 5 | include /etc/firejail/disable-common.inc | ||
| 6 | include /etc/firejail/disable-programs.inc | ||
| 7 | include /etc/firejail/disable-devel.inc | ||
| 8 | include /etc/firejail/disable-passwdmgr.inc | ||
| 9 | |||
| 10 | caps.drop all | ||
| 11 | nogroups | ||
| 12 | nonewprivs | ||
| 13 | noroot | ||
| 14 | nosound | ||
| 15 | protocol unix | ||
| 16 | seccomp | ||
| 17 | shell none | ||
| 18 | tracelog | ||
| 19 | |||
| 20 | private-bin qpdfview | ||
| 21 | private-tmp | ||
| 22 | private-dev | ||