diff options
Diffstat (limited to 'etc/profile-a-l/alpine.profile')
-rw-r--r-- | etc/profile-a-l/alpine.profile | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile new file mode 100644 index 000000000..0b5cf0df0 --- /dev/null +++ b/etc/profile-a-l/alpine.profile | |||
@@ -0,0 +1,104 @@ | |||
1 | # Firejail profile for alpine | ||
2 | # Description: Text-based email and newsgroups reader | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include alpine.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 | ||
11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' | ||
12 | |||
13 | noblacklist /var/mail | ||
14 | noblacklist /var/spool/mail | ||
15 | noblacklist ${DOCUMENTS} | ||
16 | noblacklist ${HOME}/.addressbook | ||
17 | noblacklist ${HOME}/.alpine-smime | ||
18 | noblacklist ${HOME}/.mailcap | ||
19 | noblacklist ${HOME}/.mh_profile | ||
20 | noblacklist ${HOME}/.mime.types | ||
21 | noblacklist ${HOME}/.newsrc | ||
22 | noblacklist ${HOME}/.pine-crash | ||
23 | noblacklist ${HOME}/.pine-debug1 | ||
24 | noblacklist ${HOME}/.pine-debug2 | ||
25 | noblacklist ${HOME}/.pine-debug3 | ||
26 | noblacklist ${HOME}/.pine-debug4 | ||
27 | noblacklist ${HOME}/.pine-interrupted-mail | ||
28 | noblacklist ${HOME}/.pinerc | ||
29 | noblacklist ${HOME}/.pinercex | ||
30 | noblacklist ${HOME}/.signature | ||
31 | noblacklist ${HOME}/mail | ||
32 | |||
33 | blacklist /tmp/.X11-unix | ||
34 | blacklist ${RUNUSER}/wayland-* | ||
35 | |||
36 | include disable-common.inc | ||
37 | include disable-devel.inc | ||
38 | include disable-exec.inc | ||
39 | include disable-interpreters.inc | ||
40 | include disable-passwdmgr.inc | ||
41 | include disable-programs.inc | ||
42 | include disable-shell.inc | ||
43 | include disable-xdg.inc | ||
44 | |||
45 | #whitelist ${DOCUMENTS} | ||
46 | #whitelist ${DOWNLOADS} | ||
47 | #whitelist ${HOME}/.addressbook | ||
48 | #whitelist ${HOME}/.alpine-smime | ||
49 | #whitelist ${HOME}/.mailcap | ||
50 | #whitelist ${HOME}/.mh_profile | ||
51 | #whitelist ${HOME}/.mime.types | ||
52 | #whitelist ${HOME}/.newsrc | ||
53 | #whitelist ${HOME}/.pine-crash | ||
54 | #whitelist ${HOME}/.pine-interrupted-mail | ||
55 | #whitelist ${HOME}/.pinerc | ||
56 | #whitelist ${HOME}/.pinercex | ||
57 | #whitelist ${HOME}/.pine-debug1 | ||
58 | #whitelist ${HOME}/.pine-debug2 | ||
59 | #whitelist ${HOME}/.pine-debug3 | ||
60 | #whitelist ${HOME}/.pine-debug4 | ||
61 | #whitelist ${HOME}/.signature | ||
62 | #whitelist ${HOME}/mail | ||
63 | whitelist /var/mail | ||
64 | whitelist /var/spool/mail | ||
65 | #include whitelist-common.inc | ||
66 | include whitelist-runuser-common.inc | ||
67 | include whitelist-usr-share-common.inc | ||
68 | include whitelist-var-common.inc | ||
69 | |||
70 | apparmor | ||
71 | caps.drop all | ||
72 | ipc-namespace | ||
73 | machine-id | ||
74 | netfilter | ||
75 | no3d | ||
76 | nodvd | ||
77 | nogroups | ||
78 | noinput | ||
79 | nonewprivs | ||
80 | noroot | ||
81 | nosound | ||
82 | notv | ||
83 | nou2f | ||
84 | novideo | ||
85 | protocol unix,inet,inet6 | ||
86 | seccomp | ||
87 | seccomp.block-secondary | ||
88 | shell none | ||
89 | tracelog | ||
90 | |||
91 | disable-mnt | ||
92 | private-bin alpine | ||
93 | private-cache | ||
94 | private-dev | ||
95 | private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg | ||
96 | private-tmp | ||
97 | writable-run-user | ||
98 | writable-var | ||
99 | |||
100 | dbus-user none | ||
101 | dbus-system none | ||
102 | |||
103 | memory-deny-write-execute | ||
104 | read-only ${HOME}/.signature | ||