1 files changed, 66 insertions, 0 deletions
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile
new file mode 100644
index 000000000..b2f94d3cf
--- /dev/null
+++ b/etc/profile-a-l/links.profile
@@ -0,0 +1,66 @@
+# Firejail profile for links
+# Description: Text WWW browser
+# This file is overwritten after every install/update
+# Persistent local customizations
+include links.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.links
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# you may want to noblacklist files/directories blacklisted in
+# disable-programs.inc and used as associated programs
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.links
+whitelist ${HOME}/.links
+whitelist ${DOWNLOADS}
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+# comment machine-id (or put 'ignore machine-id' in your links.local) if you want
+# to allow access only to user-configured associated media player
+machine-id
+netfilter
+# comment no3d (or put 'ignore no3d' in your links.local) if you want
+# to allow access only to user-configured associated media player
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+# comment nosound (or put 'ignore nosound' in your links.local) if you want
+# to allow access only to user-configured associated media player
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+# if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' to your links.local
+# or append 'PROGRAM1,PROGRAM2' to this private-bin line
+private-bin links,sh
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
+# Uncomment the following line (or put it in your links.local) allow external
+# media players
+# private-etc alsa,asound.conf,machine-id,openal,pulse
+private-tmp
+memory-deny-write-execute

diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile new file mode 100644 index 000000000..b2f94d3cf --- /dev/null +++ b/etc/profile-a-l/links.profile
@@ -0,0 +1,66 @@
	1	# Firejail profile for links
	2	# Description: Text WWW browser
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include links.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.links
	10
	11	blacklist /tmp/.X11-unix
	12	blacklist ${RUNUSER}/wayland-*
	13
	14	include disable-common.inc
	15	include disable-devel.inc
	16	include disable-exec.inc
	17	include disable-interpreters.inc
	18	include disable-passwdmgr.inc
	19	# you may want to noblacklist files/directories blacklisted in
	20	# disable-programs.inc and used as associated programs
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	mkdir ${HOME}/.links
	25	whitelist ${HOME}/.links
	26	whitelist ${DOWNLOADS}
	27	include whitelist-runuser-common.inc
	28	include whitelist-var-common.inc
	29
	30	caps.drop all
	31	ipc-namespace
	32	# comment machine-id (or put 'ignore machine-id' in your links.local) if you want
	33	# to allow access only to user-configured associated media player
	34	machine-id
	35	netfilter
	36	# comment no3d (or put 'ignore no3d' in your links.local) if you want
	37	# to allow access only to user-configured associated media player
	38	no3d
	39	nodvd
	40	nogroups
	41	nonewprivs
	42	noroot
	43	# comment nosound (or put 'ignore nosound' in your links.local) if you want
	44	# to allow access only to user-configured associated media player
	45	nosound
	46	notv
	47	nou2f
	48	novideo
	49	protocol unix,inet,inet6
	50	seccomp
	51	shell none
	52	tracelog
	53
	54	disable-mnt
	55	# if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' to your links.local
	56	# or append 'PROGRAM1,PROGRAM2' to this private-bin line
	57	private-bin links,sh
	58	private-cache
	59	private-dev
	60	private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
	61	# Uncomment the following line (or put it in your links.local) allow external
	62	# media players
	63	# private-etc alsa,asound.conf,machine-id,openal,pulse
	64	private-tmp
	65
	66	memory-deny-write-execute