diff options
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/1password.profile | 20 | ||||
-rw-r--r-- | etc/profile-a-l/akonadi_control.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/cointop.profile | 63 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kmail.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/lutris.profile | 3 |
7 files changed, 90 insertions, 0 deletions
diff --git a/etc/profile-a-l/1password.profile b/etc/profile-a-l/1password.profile new file mode 100644 index 000000000..bc8bfae0d --- /dev/null +++ b/etc/profile-a-l/1password.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # Firejail profile for 1password | ||
2 | # Description: 1Password is a password manager developed by AgileBits Inc. | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include 1password.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/1Password | ||
10 | |||
11 | mkdir ${HOME}/.config/1Password | ||
12 | whitelist ${HOME}/.config/1Password | ||
13 | |||
14 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl | ||
15 | |||
16 | # Needed for keychain things, talking to Firefox, possibly other things? Not sure how to narrow down | ||
17 | ignore dbus-user none | ||
18 | |||
19 | # Redirect | ||
20 | include electron.profile | ||
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index f3fb678d1..2f58d9146 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -17,6 +17,7 @@ noblacklist ${HOME}/.local/share/apps/korganizer | |||
17 | noblacklist ${HOME}/.local/share/contacts | 17 | noblacklist ${HOME}/.local/share/contacts |
18 | noblacklist ${HOME}/.local/share/local-mail | 18 | noblacklist ${HOME}/.local/share/local-mail |
19 | noblacklist ${HOME}/.local/share/notes | 19 | noblacklist ${HOME}/.local/share/notes |
20 | noblacklist ${RUNUSER}/akonadi | ||
20 | noblacklist /sbin | 21 | noblacklist /sbin |
21 | noblacklist /tmp/akonadi-* | 22 | noblacklist /tmp/akonadi-* |
22 | noblacklist /usr/sbin | 23 | noblacklist /usr/sbin |
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index 075cac967..998ffd9da 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -57,6 +57,7 @@ private-cache | |||
57 | 57 | ||
58 | blacklist ${PATH}/curl | 58 | blacklist ${PATH}/curl |
59 | blacklist ${PATH}/wget | 59 | blacklist ${PATH}/wget |
60 | blacklist ${PATH}/wget2 | ||
60 | 61 | ||
61 | #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector. | 62 | #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector. |
62 | dbus-system none | 63 | dbus-system none |
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile new file mode 100644 index 000000000..4349f58fc --- /dev/null +++ b/etc/profile-a-l/cointop.profile | |||
@@ -0,0 +1,63 @@ | |||
1 | # Firejail profile for cointop | ||
2 | # Description: TUI for tracking cryptocurrency stats | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include cointop.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.config/cointop | ||
10 | |||
11 | blacklist ${RUNUSER} | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-proc.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | ||
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | mkdir ${HOME}/.config/cointop | ||
24 | whitelist ${HOME}/.config/cointop | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | ||
29 | |||
30 | apparmor | ||
31 | caps.drop all | ||
32 | ipc-namespace | ||
33 | machine-id | ||
34 | netfilter | ||
35 | no3d | ||
36 | nodvd | ||
37 | nogroups | ||
38 | noinput | ||
39 | nonewprivs | ||
40 | noprinters | ||
41 | noroot | ||
42 | nosound | ||
43 | notv | ||
44 | nou2f | ||
45 | novideo | ||
46 | protocol inet,inet6 | ||
47 | seccomp | ||
48 | seccomp.block-secondary | ||
49 | shell none | ||
50 | tracelog | ||
51 | |||
52 | disable-mnt | ||
53 | private-bin cointop | ||
54 | private-cache | ||
55 | private-dev | ||
56 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | ||
57 | private-lib | ||
58 | private-tmp | ||
59 | |||
60 | dbus-user none | ||
61 | dbus-system none | ||
62 | |||
63 | memory-deny-write-execute | ||
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 2fe12843e..373f41ffe 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -61,6 +61,7 @@ private-tmp | |||
61 | 61 | ||
62 | blacklist ${PATH}/curl | 62 | blacklist ${PATH}/curl |
63 | blacklist ${PATH}/wget | 63 | blacklist ${PATH}/wget |
64 | blacklist ${PATH}/wget2 | ||
64 | 65 | ||
65 | # 'dbus-user none' breaks various desktop integration features like global menus, native notifications, | 66 | # 'dbus-user none' breaks various desktop integration features like global menus, native notifications, |
66 | # Gnome connector, KDE connect and power management on KDE Plasma. | 67 | # Gnome connector, KDE connect and power management on KDE Plasma. |
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 0796e6876..1bbc141e8 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -29,6 +29,7 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail | |||
29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 | 29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 |
30 | noblacklist ${HOME}/.local/share/local-mail | 30 | noblacklist ${HOME}/.local/share/local-mail |
31 | noblacklist ${HOME}/.local/share/notes | 31 | noblacklist ${HOME}/.local/share/notes |
32 | noblacklist ${RUNUSER}/akonadi | ||
32 | noblacklist /tmp/akonadi-* | 33 | noblacklist /tmp/akonadi-* |
33 | 34 | ||
34 | include disable-common.inc | 35 | include disable-common.inc |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index bf8ab9e64..71309b48f 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
10 | noblacklist ${HOME}/Games | 10 | noblacklist ${HOME}/Games |
11 | noblacklist ${HOME}/.cache/lutris | 11 | noblacklist ${HOME}/.cache/lutris |
12 | noblacklist ${HOME}/.cache/wine | ||
12 | noblacklist ${HOME}/.cache/winetricks | 13 | noblacklist ${HOME}/.cache/winetricks |
13 | noblacklist ${HOME}/.config/lutris | 14 | noblacklist ${HOME}/.config/lutris |
14 | noblacklist ${HOME}/.local/share/lutris | 15 | noblacklist ${HOME}/.local/share/lutris |
@@ -34,6 +35,7 @@ include disable-xdg.inc | |||
34 | 35 | ||
35 | mkdir ${HOME}/Games | 36 | mkdir ${HOME}/Games |
36 | mkdir ${HOME}/.cache/lutris | 37 | mkdir ${HOME}/.cache/lutris |
38 | mkdir ${HOME}/.cache/wine | ||
37 | mkdir ${HOME}/.cache/winetricks | 39 | mkdir ${HOME}/.cache/winetricks |
38 | mkdir ${HOME}/.config/lutris | 40 | mkdir ${HOME}/.config/lutris |
39 | mkdir ${HOME}/.local/share/lutris | 41 | mkdir ${HOME}/.local/share/lutris |
@@ -41,6 +43,7 @@ mkdir ${HOME}/.local/share/lutris | |||
41 | whitelist ${DOWNLOADS} | 43 | whitelist ${DOWNLOADS} |
42 | whitelist ${HOME}/Games | 44 | whitelist ${HOME}/Games |
43 | whitelist ${HOME}/.cache/lutris | 45 | whitelist ${HOME}/.cache/lutris |
46 | whitelist ${HOME}/.cache/wine | ||
44 | whitelist ${HOME}/.cache/winetricks | 47 | whitelist ${HOME}/.cache/winetricks |
45 | whitelist ${HOME}/.config/lutris | 48 | whitelist ${HOME}/.config/lutris |
46 | whitelist ${HOME}/.local/share/lutris | 49 | whitelist ${HOME}/.local/share/lutris |