diff options
Diffstat (limited to 'etc/wire-desktop.profile')
-rw-r--r-- | etc/wire-desktop.profile | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 490255fa6..3c783322b 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -1,40 +1,35 @@ | |||
1 | # Firejail profile for wire-desktop | 1 | # Firejail profile for wire-desktop |
2 | # Description: End-to-end encrypted messenger with file sharing, voice calls and video conferences | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include wire-desktop.local | 5 | include wire-desktop.local |
5 | # Persistent global definitions | 6 | # Persistent global definitions |
6 | include globals.local | 7 | # added by included profile |
8 | #include globals.local | ||
9 | |||
10 | # Debian/Ubuntu use /opt/Wire. As that is not in PATH by default, run `firejail /opt/Wire/wire-desktop` to start it. | ||
11 | |||
12 | ignore caps.drop all | ||
13 | ignore nodbus | ||
7 | 14 | ||
8 | noblacklist ${HOME}/.config/Wire | 15 | noblacklist ${HOME}/.config/Wire |
9 | 16 | ||
10 | include disable-common.inc | ||
11 | include disable-devel.inc | 17 | include disable-devel.inc |
12 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | ||
15 | 19 | ||
16 | mkdir ${HOME}/.config/Wire | 20 | mkdir ${HOME}/.config/Wire |
17 | whitelist ${HOME}/.config/Wire | 21 | whitelist ${HOME}/.config/Wire |
18 | whitelist ${DOWNLOADS} | ||
19 | include whitelist-common.inc | 22 | include whitelist-common.inc |
20 | 23 | ||
21 | caps.drop all | 24 | caps.keep sys_admin,sys_chroot |
22 | netfilter | ||
23 | nodvd | ||
24 | nogroups | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | notv | ||
28 | nou2f | 25 | nou2f |
29 | protocol unix,inet,inet6,netlink | ||
30 | seccomp | ||
31 | shell none | 26 | shell none |
32 | 27 | ||
33 | # Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore | ||
34 | # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" | ||
35 | |||
36 | disable-mnt | 28 | disable-mnt |
37 | private-bin bash,electron,electron4,env,sh,wire-desktop | 29 | private-bin bash,electron,electron4,env,sh,wire-desktop |
38 | private-dev | 30 | private-dev |
39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl | 31 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl |
40 | private-tmp | 32 | private-tmp |
33 | |||
34 | # Redirect | ||
35 | include electron.profile | ||