diff options
-rw-r--r-- | etc/gnome-character-map.profile | 9 | ||||
-rw-r--r-- | etc/gnome-characters.profile | 50 | ||||
-rw-r--r-- | etc/gucharmap.profile | 9 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
4 files changed, 65 insertions, 5 deletions
diff --git a/etc/gnome-character-map.profile b/etc/gnome-character-map.profile new file mode 100644 index 000000000..35db448f2 --- /dev/null +++ b/etc/gnome-character-map.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Firejail profile for gnome-character-map | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include gnome-character-map.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | include gucharmap.profile | ||
diff --git a/etc/gnome-characters.profile b/etc/gnome-characters.profile new file mode 100644 index 000000000..828c6324e --- /dev/null +++ b/etc/gnome-characters.profile | |||
@@ -0,0 +1,50 @@ | |||
1 | # Firejail profile for gnome-characters | ||
2 | # Description: Character map application for GNOME | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gnome-characters.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | include disable-common.inc | ||
10 | include disable-devel.inc | ||
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | include whitelist-common.inc | ||
18 | include whitelist-var-common.inc | ||
19 | |||
20 | caps.drop all | ||
21 | machine-id | ||
22 | net none | ||
23 | no3d | ||
24 | # Uncomment the next line (or add it to your gnome-characters.local) | ||
25 | # if you don't need recently used chars | ||
26 | #nodbus | ||
27 | nodvd | ||
28 | nogroups | ||
29 | nonewprivs | ||
30 | noroot | ||
31 | nosound | ||
32 | notv | ||
33 | nou2f | ||
34 | novideo | ||
35 | protocol unix | ||
36 | seccomp | ||
37 | shell none | ||
38 | tracelog | ||
39 | |||
40 | disable-mnt | ||
41 | # Uncomment the next line (or add it to your gnome-characters.local) | ||
42 | # if you don't need recently used chars | ||
43 | #private | ||
44 | private-bin gjs,gnome-characters | ||
45 | private-cache | ||
46 | private-dev | ||
47 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg | ||
48 | private-tmp | ||
49 | |||
50 | read-only ${HOME} | ||
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 9507188fc..c8fe9e8c9 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -6,7 +6,6 @@ include gucharmap.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | |||
10 | include disable-common.inc | 9 | include disable-common.inc |
11 | include disable-devel.inc | 10 | include disable-devel.inc |
12 | include disable-exec.inc | 11 | include disable-exec.inc |
@@ -23,6 +22,7 @@ caps.drop all | |||
23 | machine-id | 22 | machine-id |
24 | #net none - breaks dbus | 23 | #net none - breaks dbus |
25 | no3d | 24 | no3d |
25 | #nodbus - breaks state saveing | ||
26 | nodvd | 26 | nodvd |
27 | nogroups | 27 | nogroups |
28 | nonewprivs | 28 | nonewprivs |
@@ -34,15 +34,14 @@ novideo | |||
34 | protocol unix | 34 | protocol unix |
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | tracelog | ||
37 | 38 | ||
38 | disable-mnt | 39 | disable-mnt |
39 | private-bin gucharmap | 40 | private-bin gnome-character-map,gucharmap |
40 | private-cache | 41 | private-cache |
41 | private-dev | 42 | private-dev |
42 | private-etc alternatives,fonts | 43 | private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg |
43 | private-lib | 44 | private-lib |
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | memory-deny-write-execute | ||
47 | |||
48 | read-only ${HOME} | 47 | read-only ${HOME} |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 95ad95e95..72fac1893 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -233,6 +233,8 @@ gnome-2048 | |||
233 | gnome-books | 233 | gnome-books |
234 | gnome-builder | 234 | gnome-builder |
235 | gnome-calculator | 235 | gnome-calculator |
236 | gnome-character-map | ||
237 | gnome-characters | ||
236 | gnome-chess | 238 | gnome-chess |
237 | gnome-clocks | 239 | gnome-clocks |
238 | gnome-contacts | 240 | gnome-contacts |