diff options
Diffstat (limited to 'etc/profile-m-z')
| -rw-r--r-- | etc/profile-m-z/mumble.profile | 1 | ||||
| -rw-r--r-- | etc/profile-m-z/qrencode.profile | 2 | ||||
| -rw-r--r-- | etc/profile-m-z/quodlibet.profile | 66 | ||||
| -rw-r--r-- | etc/profile-m-z/tmux.profile | 45 |
4 files changed, 112 insertions, 2 deletions
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index 0c4efc3d3..c7f59c5ee 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile | |||
| @@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
| 29 | 29 | ||
| 30 | caps.drop all | 30 | caps.drop all |
| 31 | netfilter | 31 | netfilter |
| 32 | no3d | ||
| 33 | nodvd | 32 | nodvd |
| 34 | nogroups | 33 | nogroups |
| 35 | nonewprivs | 34 | nonewprivs |
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 952e9f5f3..6480651b2 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
| @@ -48,7 +48,7 @@ private-bin qrencode | |||
| 48 | private-cache | 48 | private-cache |
| 49 | private-dev | 49 | private-dev |
| 50 | private-etc none | 50 | private-etc none |
| 51 | private-lib libpcre2-8.so.0 | 51 | private-lib libpcre* |
| 52 | private-tmp | 52 | private-tmp |
| 53 | 53 | ||
| 54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile new file mode 100644 index 000000000..e3680dcf1 --- /dev/null +++ b/etc/profile-m-z/quodlibet.profile | |||
| @@ -0,0 +1,66 @@ | |||
| 1 | # Firejail profile for quodlibet | ||
| 2 | # Description: Music player and music library manager | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include quodlibet.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${HOME}/.cache/quodlibet | ||
| 10 | noblacklist ${HOME}/.config/quodlibet | ||
| 11 | noblacklist ${HOME}/.quodlibet | ||
| 12 | noblacklist ${MUSIC} | ||
| 13 | |||
| 14 | include allow-bin-sh.inc | ||
| 15 | |||
| 16 | # Allow python (blacklisted by disable-interpreters.inc) | ||
| 17 | include allow-python2.inc | ||
| 18 | include allow-python3.inc | ||
| 19 | |||
| 20 | include disable-common.inc | ||
| 21 | include disable-devel.inc | ||
| 22 | include disable-exec.inc | ||
| 23 | include disable-interpreters.inc | ||
| 24 | include disable-passwdmgr.inc | ||
| 25 | include disable-programs.inc | ||
| 26 | include disable-shell.inc | ||
| 27 | include disable-xdg.inc | ||
| 28 | |||
| 29 | mkdir ${HOME}/.cache/quodlibet | ||
| 30 | mkdir ${HOME}/.config/quodlibet | ||
| 31 | mkdir ${HOME}/.quodlibet | ||
| 32 | |||
| 33 | whitelist ${HOME}/.cache/quodlibet | ||
| 34 | whitelist ${HOME}/.config/quodlibet | ||
| 35 | whitelist ${HOME}/.quodlibet | ||
| 36 | whitelist ${DOWNLOADS} | ||
| 37 | whitelist ${MUSIC} | ||
| 38 | include whitelist-common.inc | ||
| 39 | include whitelist-runuser-common.inc | ||
| 40 | include whitelist-usr-share-common.inc | ||
| 41 | include whitelist-var-common.inc | ||
| 42 | |||
| 43 | apparmor | ||
| 44 | caps.drop all | ||
| 45 | netfilter | ||
| 46 | no3d | ||
| 47 | nodvd | ||
| 48 | nogroups | ||
| 49 | nonewprivs | ||
| 50 | noroot | ||
| 51 | notv | ||
| 52 | nou2f | ||
| 53 | novideo | ||
| 54 | protocol unix,inet,inet6 | ||
| 55 | seccomp | ||
| 56 | seccomp.block-secondary | ||
| 57 | shell none | ||
| 58 | tracelog | ||
| 59 | |||
| 60 | private-bin exfalso,operon,python*,quodlibet,sh | ||
| 61 | private-cache | ||
| 62 | private-dev | ||
| 63 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,passwd,pki,pulse,resolv.conf,ssl | ||
| 64 | private-tmp | ||
| 65 | |||
| 66 | dbus-system none | ||
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile new file mode 100644 index 000000000..706f39f24 --- /dev/null +++ b/etc/profile-m-z/tmux.profile | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | # Firejail profile for tmux | ||
| 2 | # Description: terminal multiplexer | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | quiet | ||
| 5 | # Persistent local customizations | ||
| 6 | include tmux.local | ||
| 7 | # Persistent global definitions | ||
| 8 | include globals.local | ||
| 9 | |||
| 10 | blacklist /tmp/.X11-unix | ||
| 11 | blacklist ${RUNUSER} | ||
| 12 | |||
| 13 | noblacklist /tmp/tmux-* | ||
| 14 | |||
| 15 | # include disable-common.inc | ||
| 16 | # include disable-devel.inc | ||
| 17 | # include disable-exec.inc | ||
| 18 | include disable-passwdmgr.inc | ||
| 19 | # include disable-programs.inc | ||
| 20 | |||
| 21 | caps.drop all | ||
| 22 | ipc-namespace | ||
| 23 | machine-id | ||
| 24 | netfilter | ||
| 25 | no3d | ||
| 26 | nodvd | ||
| 27 | nogroups | ||
| 28 | nonewprivs | ||
| 29 | noroot | ||
| 30 | nosound | ||
| 31 | notv | ||
| 32 | nou2f | ||
| 33 | novideo | ||
| 34 | protocol unix,inet,inet6,netlink | ||
| 35 | seccomp | ||
| 36 | seccomp.block-secondary | ||
| 37 | shell none | ||
| 38 | tracelog | ||
| 39 | |||
| 40 | # private-cache | ||
| 41 | private-dev | ||
| 42 | # private-tmp | ||
| 43 | |||
| 44 | dbus-user none | ||
| 45 | dbus-system none | ||