diff options
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/cola.profile | 10 | ||||
-rw-r--r-- | etc/profile-a-l/git-cola.profile | 29 |
2 files changed, 33 insertions, 6 deletions
diff --git a/etc/profile-a-l/cola.profile b/etc/profile-a-l/cola.profile new file mode 100644 index 000000000..e5debfd82 --- /dev/null +++ b/etc/profile-a-l/cola.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile for cola | ||
2 | # Description: Linux native frontend for Git,alternative call for git-cola | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include cola.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include git-cola.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 30e80f519..4708078dd 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.gitconfig | |||
12 | noblacklist ${HOME}/.git-credentials | 12 | noblacklist ${HOME}/.git-credentials |
13 | noblacklist ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.ssh | 14 | noblacklist ${HOME}/.ssh |
15 | noblacklist ${HOME}/.subversion | ||
15 | noblacklist ${HOME}/.config/git | 16 | noblacklist ${HOME}/.config/git |
16 | noblacklist ${HOME}/.config/git-cola | 17 | noblacklist ${HOME}/.config/git-cola |
17 | # Put your editor,diff viewer config path below and uncomment to load settings | 18 | # Put your editor,diff viewer config path below and uncomment to load settings |
@@ -28,7 +29,19 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 29 | include disable-programs.inc |
29 | include disable-xdg.inc | 30 | include disable-xdg.inc |
30 | 31 | ||
32 | whitelist ${RUNUSER}/gnupg | ||
33 | whitelist ${RUNUSER}/keyring | ||
34 | # Whitelist your editor, diff viewer, gnupg path below in /usr/share/ | ||
35 | whitelist /usr/share/git | ||
36 | whitelist /usr/share/git-cola | ||
37 | whitelist /usr/share/git-core | ||
38 | whitelist /usr/share/git-gui | ||
39 | whitelist /usr/share/gitk | ||
40 | whitelist /usr/share/gitweb | ||
41 | whitelist /usr/share/gnupg | ||
42 | whitelist /usr/share/gnupg2 | ||
31 | include whitelist-runuser-common.inc | 43 | include whitelist-runuser-common.inc |
44 | include whitelist-usr-share-common.inc | ||
32 | include whitelist-var-common.inc | 45 | include whitelist-var-common.inc |
33 | 46 | ||
34 | apparmor | 47 | apparmor |
@@ -49,18 +62,22 @@ seccomp | |||
49 | shell none | 62 | shell none |
50 | tracelog | 63 | tracelog |
51 | 64 | ||
52 | # private-bin atom,bash,colordiff,emacs,fldiff,geany,gedit,git,git gui,git-cola,git-dag,gitk,gpg,gvim,leafpad,meld,mousepad,nano,notepadqq,python*,sh,ssh,vim,vimdiff,which,xed | 65 | # Add your own diff viewer,editor,pinentry program |
66 | # pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg | ||
67 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed | ||
53 | private-cache | 68 | private-cache |
54 | private-dev | 69 | private-dev |
55 | # Comment if you sign commits with GPG | 70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,X11,xdg | ||
57 | private-tmp | 71 | private-tmp |
72 | writable-run-user | ||
58 | 73 | ||
59 | dbus-user filter | 74 | # Breaks meld as diff viewer |
75 | # dbus-user filter | ||
60 | # Uncomment if you need keyring access | 76 | # Uncomment if you need keyring access |
61 | # dbus-user.talk org.freedesktop.secrets | 77 | # dbus-user.talk org.freedesktop.secrets |
62 | dbus-system none | 78 | dbus-system none |
63 | 79 | ||
64 | read-only ${HOME}/.ssh | ||
65 | read-only ${HOME}/.gnupg | ||
66 | read-only ${HOME}/.git-credentials | 80 | read-only ${HOME}/.git-credentials |
81 | |||
82 | # Comment if you need to allow hosts | ||
83 | read-only ${HOME}/.ssh | ||