aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-m-z/reader.profile
diff options
context:
space:
mode:
Diffstat (limited to 'etc/profile-m-z/reader.profile')
-rw-r--r--etc/profile-m-z/reader.profile63
1 files changed, 63 insertions, 0 deletions
diff --git a/etc/profile-m-z/reader.profile b/etc/profile-m-z/reader.profile
new file mode 100644
index 000000000..050c46d53
--- /dev/null
+++ b/etc/profile-m-z/reader.profile
@@ -0,0 +1,63 @@
1# Firejail profile for reader
2# Description: Better readability of web pages on the CLI
3# This file is overwritten after every install/update
4# Persistent local customizations
5include reader.local
6# Persistent global definitions
7include globals.local
8
9blacklist ${RUNUSER}
10
11include disable-common.inc
12include disable-devel.inc
13include disable-exec.inc
14include disable-interpreters.inc
15include disable-proc.inc
16include disable-programs.inc
17include disable-shell.inc
18include disable-xdg.inc
19
20include whitelist-common.inc
21include whitelist-run-common.inc
22include whitelist-runuser-common.inc
23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc
25
26apparmor
27caps.drop all
28ipc-namespace
29machine-id
30netfilter
31no3d
32nodvd
33nogroups
34noinput
35nonewprivs
36noprinters
37noroot
38nosound
39notv
40nou2f
41novideo
42protocol inet
43seccomp
44seccomp.block-secondary
45tracelog
46x11 none
47
48disable-mnt
49private
50private-bin reader
51private-cache
52private-dev
53private-etc @network,@tls-ca
54private-lib
55private-opt none
56private-tmp
57
58dbus-user none
59dbus-system none
60
61memory-deny-write-execute
62read-only ${HOME}
63restrict-namespaces
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 01:41:17 +0000