diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Screenshot.profile | 6 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/gnome-screenshot.profile | 47 |
3 files changed, 54 insertions, 0 deletions
diff --git a/etc/Screenshot.profile b/etc/Screenshot.profile new file mode 100644 index 000000000..d4b083736 --- /dev/null +++ b/etc/Screenshot.profile | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | # Firejail profile for gnome-screenshot | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | |||
| 4 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | ||
| 5 | # Redirect | ||
| 6 | include gnome-screenshot.profile | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index db257c1b6..0786ba7d2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -759,6 +759,7 @@ blacklist ${HOME}/.cache/gfeeds | |||
| 759 | blacklist ${HOME}/.cache/gimp | 759 | blacklist ${HOME}/.cache/gimp |
| 760 | blacklist ${HOME}/.cache/gnome-builder | 760 | blacklist ${HOME}/.cache/gnome-builder |
| 761 | blacklist ${HOME}/.cache/gnome-recipes | 761 | blacklist ${HOME}/.cache/gnome-recipes |
| 762 | blacklist ${HOME}/.cache/gnome-screenshot | ||
| 762 | blacklist ${HOME}/.cache/gnome-twitch | 763 | blacklist ${HOME}/.cache/gnome-twitch |
| 763 | blacklist ${HOME}/.cache/godot | 764 | blacklist ${HOME}/.cache/godot |
| 764 | blacklist ${HOME}/.cache/google-chrome | 765 | blacklist ${HOME}/.cache/google-chrome |
diff --git a/etc/gnome-screenshot.profile b/etc/gnome-screenshot.profile new file mode 100644 index 000000000..c00aefdb7 --- /dev/null +++ b/etc/gnome-screenshot.profile | |||
| @@ -0,0 +1,47 @@ | |||
| 1 | # Firejail profile for gnome-screenshot | ||
| 2 | # Description: GNOME screenshot tool | ||
| 3 | # This file is overwritten after every install/update | ||
| 4 | # Persistent local customizations | ||
| 5 | include gnome-screenshot.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include globals.local | ||
| 8 | |||
| 9 | noblacklist ${PICTURES} | ||
| 10 | noblacklist ${HOME}/.cache/gnome-screenshot | ||
| 11 | |||
| 12 | include disable-common.inc | ||
| 13 | include disable-devel.inc | ||
| 14 | include disable-exec.inc | ||
| 15 | include disable-interpreters.inc | ||
| 16 | include disable-passwdmgr.inc | ||
| 17 | include disable-programs.inc | ||
| 18 | include disable-xdg.inc | ||
| 19 | |||
| 20 | whitelist ${RUNUSER}/bus | ||
| 21 | whitelist ${RUNUSER}/pulse | ||
| 22 | whitelist ${RUNUSER}/gdm/Xauthority | ||
| 23 | whitelist ${RUNUSER}/wayland-0 | ||
| 24 | include whitelist-usr-share-common.inc | ||
| 25 | include whitelist-var-common.inc | ||
| 26 | |||
| 27 | apparmor | ||
| 28 | caps.drop all | ||
| 29 | net none | ||
| 30 | no3d | ||
| 31 | nodvd | ||
| 32 | nogroups | ||
| 33 | nonewprivs | ||
| 34 | noroot | ||
| 35 | notv | ||
| 36 | nou2f | ||
| 37 | novideo | ||
| 38 | protocol unix | ||
| 39 | seccomp | ||
| 40 | shell none | ||
| 41 | tracelog | ||
| 42 | |||
| 43 | disable-mnt | ||
| 44 | private-bin gnome-screenshot | ||
| 45 | private-dev | ||
| 46 | private-etc dconf,fonts,gtk-3.0,localtime,machine-id | ||
| 47 | private-tmp | ||