diff options
Diffstat (limited to 'etc/cherrytree.profile')
-rw-r--r-- | etc/cherrytree.profile | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 7c324a34b..139dec8ec 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # cherrytree note taking application | 1 | # cherrytree note taking application |
2 | noblacklist /usr/bin/python2* | 2 | noblacklist /usr/bin/python2* |
3 | noblacklist /usr/lib/python3* | 3 | noblacklist /usr/lib/python3* |
4 | noblacklist ${HOME}/.config/cherrytree | ||
4 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
5 | include /etc/firejail/disable-programs.inc | 6 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-devel.inc | 7 | include /etc/firejail/disable-devel.inc |
@@ -8,20 +9,10 @@ include /etc/firejail/disable-passwdmgr.inc | |||
8 | 9 | ||
9 | caps.drop all | 10 | caps.drop all |
10 | netfilter | 11 | netfilter |
12 | nogroups | ||
11 | nonewprivs | 13 | nonewprivs |
12 | noroot | 14 | noroot |
13 | nosound | 15 | nosound |
14 | seccomp | 16 | seccomp |
15 | protocol unix,inet,inet6,netlink | 17 | protocol unix,inet,inet6,netlink |
16 | tracelog | 18 | tracelog |
17 | |||
18 | include /etc/firejail/whitelist-common.inc | ||
19 | |||
20 | # no private-bin support for various reasons: | ||
21 | #10:25:34 exec 11249 (root) NEW SANDBOX: /usr/bin/firejail /usr/bin/cherrytree | ||
22 | #10:25:34 exec 11252 (netblue) /bin/bash -c "/usr/bin/cherrytree" | ||
23 | #10:25:34 exec 11252 (netblue) /usr/bin/python /usr/bin/cherrytree | ||
24 | #10:25:34 exec 11253 (netblue) sh -c /sbin/ldconfig -p 2>/dev/null | ||
25 | #10:25:34 exec 11255 (netblue) sh -c if type gcc >/dev/null 2>&1; then CC=gcc; elif type cc >/dev/null 2>&1; then CC=cc;else exit 10; fi;LANG=C LC_ALL=C $CC -Wl,-t -o /tmp/tmpiYr44S 2>&1 -llibc | ||
26 | # it requires acces to browser to show the online help | ||
27 | # it doesn't play nicely with expect | ||