1 files changed, 59 insertions, 0 deletions
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
new file mode 100644
index 000000000..e5a2f3985
--- /dev/null
+++ b/etc/profile-a-l/git.profile
@@ -0,0 +1,59 @@
+# Firejail profile for git
+# Description: Fast, scalable, distributed revision control system
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include git.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/git
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.git-credentials
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-exec.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+whitelist /usr/share/git
+whitelist /usr/share/git-core
+whitelist /usr/share/gitgui
+whitelist /usr/share/gitweb
+whitelist /usr/share/nano
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-cache
+private-dev
+memory-deny-write-execute

diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile new file mode 100644 index 000000000..e5a2f3985 --- /dev/null +++ b/etc/profile-a-l/git.profile
@@ -0,0 +1,59 @@
	1	# Firejail profile for git
	2	# Description: Fast, scalable, distributed revision control system
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include git.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	noblacklist ${HOME}/.config/git
	11	noblacklist ${HOME}/.config/nano
	12	noblacklist ${HOME}/.emacs
	13	noblacklist ${HOME}/.emacs.d
	14	noblacklist ${HOME}/.gitconfig
	15	noblacklist ${HOME}/.git-credentials
	16	noblacklist ${HOME}/.gnupg
	17	noblacklist ${HOME}/.nanorc
	18	noblacklist ${HOME}/.ssh
	19	noblacklist ${HOME}/.vim
	20	noblacklist ${HOME}/.viminfo
	21
	22	blacklist /tmp/.X11-unix
	23	blacklist ${RUNUSER}/wayland-*
	24
	25	include disable-common.inc
	26	include disable-exec.inc
	27	include disable-passwdmgr.inc
	28	include disable-programs.inc
	29
	30	whitelist /usr/share/git
	31	whitelist /usr/share/git-core
	32	whitelist /usr/share/gitgui
	33	whitelist /usr/share/gitweb
	34	whitelist /usr/share/nano
	35	include whitelist-usr-share-common.inc
	36	include whitelist-var-common.inc
	37
	38	apparmor
	39	caps.drop all
	40	ipc-namespace
	41	machine-id
	42	netfilter
	43	no3d
	44	nodvd
	45	nogroups
	46	nonewprivs
	47	noroot
	48	nosound
	49	notv
	50	nou2f
	51	novideo
	52	protocol unix,inet,inet6
	53	seccomp
	54	shell none
	55
	56	private-cache
	57	private-dev
	58
	59	memory-deny-write-execute