diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/audacity.profile | 16 | ||||
-rw-r--r-- | etc/cpio.profile | 8 | ||||
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/gzip.profile | 19 | ||||
-rw-r--r-- | etc/xzdec.profile | 13 |
5 files changed, 57 insertions, 0 deletions
diff --git a/etc/audacity.profile b/etc/audacity.profile new file mode 100644 index 000000000..8971ce1a2 --- /dev/null +++ b/etc/audacity.profile | |||
@@ -0,0 +1,16 @@ | |||
1 | # Audacity profile | ||
2 | noblacklist ~/.audacity-data | ||
3 | |||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nonewprivs | ||
12 | noroot | ||
13 | nogroups | ||
14 | #private-bin audacity | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
diff --git a/etc/cpio.profile b/etc/cpio.profile new file mode 100644 index 000000000..811d657f2 --- /dev/null +++ b/etc/cpio.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | include /usr/local/etc/firejail/server.profile | ||
2 | include /usr/local/etc/firejail/disable-common.inc | ||
3 | include /usr/local/etc/firejail/disable-programs.inc | ||
4 | include /usr/local/etc/firejail/disable-passwdmgr.inc | ||
5 | caps.drop all | ||
6 | net none | ||
7 | shell none | ||
8 | seccomp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 70deb2b0c..e9dd331aa 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -32,6 +32,7 @@ blacklist ${HOME}/.config/vlc | |||
32 | blacklist ${HOME}/.config/mpv | 32 | blacklist ${HOME}/.config/mpv |
33 | blacklist ${HOME}/.config/totem | 33 | blacklist ${HOME}/.config/totem |
34 | blacklist ${HOME}/.config/xplayer | 34 | blacklist ${HOME}/.config/xplayer |
35 | blacklist ${HOME}/.audacity-data | ||
35 | 36 | ||
36 | # HTTP / FTP / Mail | 37 | # HTTP / FTP / Mail |
37 | blacklist ${HOME}/.icedove | 38 | blacklist ${HOME}/.icedove |
diff --git a/etc/gzip.profile b/etc/gzip.profile new file mode 100644 index 000000000..f231c3780 --- /dev/null +++ b/etc/gzip.profile | |||
@@ -0,0 +1,19 @@ | |||
1 | ################################ | ||
2 | # Gzip profile | ||
3 | ################################ | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | blacklist ${HOME}/.wine | ||
9 | blacklist ${HOME}/.ssh | ||
10 | |||
11 | tracelog | ||
12 | caps.drop all | ||
13 | seccomp | ||
14 | net none | ||
15 | noroot | ||
16 | nosound | ||
17 | nogroups | ||
18 | nonewprivs | ||
19 | |||
diff --git a/etc/xzdec.profile b/etc/xzdec.profile new file mode 100644 index 000000000..f29f7360c --- /dev/null +++ b/etc/xzdec.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # Firejail profile for XZ decompressor | ||
2 | # xzdec.profile | ||
3 | |||
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | tracelog | ||
12 | noroot | ||
13 | shell none | ||