diff options
-rw-r--r-- | etc/corebird.profile | 12 | ||||
-rw-r--r-- | etc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/konversation.profile | 12 | ||||
-rw-r--r-- | etc/psi-plus.profile | 27 | ||||
-rw-r--r-- | etc/whitelist-common.inc | 1 |
6 files changed, 54 insertions, 0 deletions
diff --git a/etc/corebird.profile b/etc/corebird.profile new file mode 100644 index 000000000..f3f73a44f --- /dev/null +++ b/etc/corebird.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail corebird profile | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | ||
12 | noroot | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 479f32cb1..a61f1b210 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -93,6 +93,7 @@ read-only ${HOME}/bin | |||
93 | 93 | ||
94 | # top secret | 94 | # top secret |
95 | blacklist ${HOME}/.ssh | 95 | blacklist ${HOME}/.ssh |
96 | blacklist ${HOME}/.cert | ||
96 | blacklist ${HOME}/.gnome2/keyrings | 97 | blacklist ${HOME}/.gnome2/keyrings |
97 | blacklist ${HOME}/kde4/share/apps/kwallet | 98 | blacklist ${HOME}/kde4/share/apps/kwallet |
98 | blacklist ${HOME}/kde/share/apps/kwallet | 99 | blacklist ${HOME}/kde/share/apps/kwallet |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 307ccaf6c..3474a6592 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -112,3 +112,4 @@ blacklist ${HOME}/.local/share/wesnoth | |||
112 | blacklist ${HOME}/.local/share/0ad | 112 | blacklist ${HOME}/.local/share/0ad |
113 | blacklist ${HOME}/.local/share/xplayer | 113 | blacklist ${HOME}/.local/share/xplayer |
114 | blacklist ${HOME}/.local/share/totem | 114 | blacklist ${HOME}/.local/share/totem |
115 | blacklist ${HOME}/.local/share/psi+ | ||
diff --git a/etc/konversation.profile b/etc/konversation.profile new file mode 100644 index 000000000..d10decb8f --- /dev/null +++ b/etc/konversation.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail konversation profile | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | seccomp | ||
10 | protocol unix,inet,inet6 | ||
11 | netfilter | ||
12 | noroot | ||
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile new file mode 100644 index 000000000..8194da74f --- /dev/null +++ b/etc/psi-plus.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # Firejail profile for Psi+ | ||
2 | |||
3 | noblacklist ${HOME}/.config/psi+ | ||
4 | noblacklist ${HOME}/.local/share/psi+ | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | whitelist ${DOWNLOADS} | ||
10 | mkdir ~/.config | ||
11 | mkdir ~/.config/psi+ | ||
12 | whitelist ~/.config/psi+ | ||
13 | mkdir ~/.local | ||
14 | mkdir ~/.local/share | ||
15 | mkdir ~/.local/share/psi+ | ||
16 | whitelist ~/.local/share/psi+ | ||
17 | mkdir ~/.cache | ||
18 | mkdir ~/.cache/psi+ | ||
19 | whitelist ~/.cache/psi+ | ||
20 | |||
21 | include /etc/firejail/whitelist-common.inc | ||
22 | |||
23 | caps.drop all | ||
24 | seccomp | ||
25 | protocol unix,inet,inet6 | ||
26 | netfilter | ||
27 | noroot | ||
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 9d5ef3d96..b3a1a1d30 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
@@ -1,5 +1,6 @@ | |||
1 | # common whitelist for all profiles | 1 | # common whitelist for all profiles |
2 | 2 | ||
3 | whitelist ~/.XCompose | ||
3 | whitelist ~/.config/mimeapps.list | 4 | whitelist ~/.config/mimeapps.list |
4 | whitelist ~/.icons | 5 | whitelist ~/.icons |
5 | whitelist ~/.config/user-dirs.dirs | 6 | whitelist ~/.config/user-dirs.dirs |