diff options
-rw-r--r-- | etc/seahorse-daemon.profile | 15 | ||||
-rw-r--r-- | etc/seahorse-tool.profile | 13 | ||||
-rw-r--r-- | etc/seahorse.profile | 45 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
4 files changed, 58 insertions, 16 deletions
diff --git a/etc/seahorse-daemon.profile b/etc/seahorse-daemon.profile new file mode 100644 index 000000000..1beb0edc6 --- /dev/null +++ b/etc/seahorse-daemon.profile | |||
@@ -0,0 +1,15 @@ | |||
1 | # Firejail profile for seahorse-daemon | ||
2 | # Description: PGP encryption and signing | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include seahorse-daemon.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | blacklist /tmp/.X11-unix | ||
11 | |||
12 | memory-deny-write-execute | ||
13 | |||
14 | # Redirect | ||
15 | include seahorse.profile | ||
diff --git a/etc/seahorse-tool.profile b/etc/seahorse-tool.profile index 2e792c8e0..96f365a4b 100644 --- a/etc/seahorse-tool.profile +++ b/etc/seahorse-tool.profile | |||
@@ -7,20 +7,11 @@ include seahorse-tool.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | # dconf | 10 | noblacklist ${DOWNLOADS} |
11 | noblacklist ${HOME}/.config/dconf | ||
12 | 11 | ||
13 | include disable-exec.inc | ||
14 | include disable-xdg.inc | ||
15 | include whitelist-var-common.inc | ||
16 | |||
17 | apparmor | ||
18 | ipc-namespace | ||
19 | |||
20 | disable-mnt | ||
21 | private-tmp | 12 | private-tmp |
22 | 13 | ||
23 | memory-deny-write-execute | 14 | memory-deny-write-execute |
24 | 15 | ||
25 | # Redirect | 16 | # Redirect |
26 | include gpg.profile | 17 | include seahorse.profile |
diff --git a/etc/seahorse.profile b/etc/seahorse.profile index 83aeb6aec..cd9f6c767 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile | |||
@@ -4,22 +4,57 @@ | |||
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include seahorse.local | 5 | include seahorse.local |
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | # added by included profile | 7 | include globals.local |
8 | #include globals.local | ||
9 | 8 | ||
10 | # dconf | 9 | # dconf |
11 | noblacklist ${HOME}/.config/dconf | 10 | noblacklist ${HOME}/.config/dconf |
11 | whitelist ${HOME}/.config/dconf | ||
12 | |||
13 | # gpg | ||
14 | mkdir ${HOME}/.gnupg | ||
15 | noblacklist ${HOME}/.gnupg | ||
16 | whitelist ${HOME}/.gnupg | ||
12 | 17 | ||
13 | # ssh | 18 | # ssh |
19 | whitelist /etc/ld.so.preload | ||
14 | noblacklist /etc/ssh | 20 | noblacklist /etc/ssh |
21 | whitelist /etc/ssh | ||
15 | noblacklist /tmp/ssh-* | 22 | noblacklist /tmp/ssh-* |
23 | whitelist /tmp/ssh-* | ||
24 | mkdir ${HOME}/.ssh | ||
16 | noblacklist ${HOME}/.ssh | 25 | noblacklist ${HOME}/.ssh |
26 | whitelist ${HOME}/.ssh | ||
17 | 27 | ||
28 | include disable-common.inc | ||
29 | include disable-devel.inc | ||
18 | include disable-exec.inc | 30 | include disable-exec.inc |
31 | include disable-interpreters.inc | ||
32 | include disable-passwdmgr.inc | ||
33 | include disable-programs.inc | ||
34 | include disable-xdg.inc | ||
35 | include whitelist-common.inc | ||
19 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
20 | 37 | ||
21 | apparmor | 38 | apparmor |
22 | ipc-namespace | 39 | caps.drop all |
40 | machine-id | ||
41 | netfilter | ||
42 | no3d | ||
43 | nodvd | ||
44 | nogroups | ||
45 | nonewprivs | ||
46 | noroot | ||
47 | nosound | ||
48 | notv | ||
49 | nou2f | ||
50 | novideo | ||
51 | protocol unix,inet,inet6 | ||
52 | seccomp | ||
53 | # shell none - causes gpg to hang | ||
54 | tracelog | ||
55 | |||
56 | disable-mnt | ||
57 | private-cache | ||
58 | private-dev | ||
23 | 59 | ||
24 | # Redirect | 60 | writable-run-user |
25 | include gpg.profile | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f1be8bfd9..7531206f5 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -432,6 +432,7 @@ scallion | |||
432 | scribus | 432 | scribus |
433 | sdat2img | 433 | sdat2img |
434 | seahorse | 434 | seahorse |
435 | seahorse-daemon | ||
435 | seahorse-tool | 436 | seahorse-tool |
436 | seamonkey | 437 | seamonkey |
437 | seamonkey-bin | 438 | seamonkey-bin |