diff options
Diffstat (limited to 'etc/makepkg.profile')
-rw-r--r-- | etc/makepkg.profile | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 96846592d..6d2e6b0ce 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
@@ -5,8 +5,8 @@ | |||
5 | # for potential issues and their solutions when Firejailing makepkg | 5 | # for potential issues and their solutions when Firejailing makepkg |
6 | 6 | ||
7 | # This profile could be significantly strengthened by adding the following to makepkg.local | 7 | # This profile could be significantly strengthened by adding the following to makepkg.local |
8 | # whitelist ~/<Your Build Folder> | 8 | # whitelist ${HOME}/<Your Build Folder> |
9 | # whitelist ~/.gnupg | 9 | # whitelist ${HOME}/.gnupg |
10 | 10 | ||
11 | quiet | 11 | quiet |
12 | # Persistent local customizations | 12 | # Persistent local customizations |
@@ -16,15 +16,15 @@ include /etc/firejail/globals.local | |||
16 | 16 | ||
17 | 17 | ||
18 | # Enable severely restricted access to ${HOME}/.gnupg | 18 | # Enable severely restricted access to ${HOME}/.gnupg |
19 | noblacklist ~/.gnupg | 19 | noblacklist ${HOME}/.gnupg |
20 | read-only ~/.gnupg/gpg.conf | 20 | read-only ${HOME}/.gnupg/gpg.conf |
21 | read-only ~/.gnupg/trustdb.gpg | 21 | read-only ${HOME}/.gnupg/trustdb.gpg |
22 | read-only ~/.gnupg/pubring.kbx | 22 | read-only ${HOME}/.gnupg/pubring.kbx |
23 | blacklist ~/.gnupg/random_seed | 23 | blacklist ${HOME}/.gnupg/random_seed |
24 | blacklist ~/.gnupg/pubring.kbx~ | 24 | blacklist ${HOME}/.gnupg/pubring.kbx~ |
25 | blacklist ~/.gnupg/private-keys-v1.d | 25 | blacklist ${HOME}/.gnupg/private-keys-v1.d |
26 | blacklist ~/.gnupg/crls.d | 26 | blacklist ${HOME}/.gnupg/crls.d |
27 | blacklist ~/.gnupg/openpgp-revocs.d | 27 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
28 | 28 | ||
29 | 29 | ||
30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | 30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} |