diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/mupdf.profile | 18 | ||||
-rw-r--r-- | etc/qpdfview.profile | 22 |
3 files changed, 42 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb0f5a669..54c53e794 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -26,6 +26,7 @@ blacklist ${HOME}/.kde/share/config/okularrc | |||
26 | blacklist ${HOME}/.kde/share/config/okularpartrc | 26 | blacklist ${HOME}/.kde/share/config/okularpartrc |
27 | blacklist ${HOME}/.kde/share/apps/gwenview | 27 | blacklist ${HOME}/.kde/share/apps/gwenview |
28 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 28 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
29 | blacklist ${HOME}/.config/qpdfview | ||
29 | 30 | ||
30 | # Media players | 31 | # Media players |
31 | blacklist ${HOME}/.config/cmus | 32 | blacklist ${HOME}/.config/cmus |
@@ -135,6 +136,7 @@ blacklist ${HOME}/.local/share/totem | |||
135 | blacklist ${HOME}/.local/share/psi+ | 136 | blacklist ${HOME}/.local/share/psi+ |
136 | blacklist ${HOME}/.local/share/pix | 137 | blacklist ${HOME}/.local/share/pix |
137 | blacklist ${HOME}/.local/share/gnome-chess | 138 | blacklist ${HOME}/.local/share/gnome-chess |
139 | blacklist ${HOME}/.local/share/qpdfview | ||
138 | 140 | ||
139 | # ssh | 141 | # ssh |
140 | blacklist /tmp/ssh-* | 142 | blacklist /tmp/ssh-* |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile new file mode 100644 index 000000000..6f2db511b --- /dev/null +++ b/etc/mupdf.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # mupdf reader profile | ||
2 | include /etc/firejail/disable-common.inc | ||
3 | include /etc/firejail/disable-programs.inc | ||
4 | include /etc/firejail/disable-devel.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | nogroups | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | nosound | ||
12 | protocol unix | ||
13 | seccomp | ||
14 | shell none | ||
15 | tracelog | ||
16 | |||
17 | private-tmp | ||
18 | private-dev | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile new file mode 100644 index 000000000..07ea173e6 --- /dev/null +++ b/etc/qpdfview.profile | |||
@@ -0,0 +1,22 @@ | |||
1 | # qpdfview profile | ||
2 | noblacklist ${HOME}/.config/qpdfview | ||
3 | noblacklist ${HOME}/.local/share/qpdfview | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | nosound | ||
15 | protocol unix | ||
16 | seccomp | ||
17 | shell none | ||
18 | tracelog | ||
19 | |||
20 | private-bin qpdfview | ||
21 | private-tmp | ||
22 | private-dev | ||