diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/cower.profile | 1 | ||||
-rw-r--r-- | etc/gzip.profile | 3 | ||||
-rw-r--r-- | etc/makepkg.profile | 15 | ||||
-rw-r--r-- | etc/tar.profile | 3 |
4 files changed, 13 insertions, 9 deletions
diff --git a/etc/cower.profile b/etc/cower.profile index 69575cea4..8efe48240 100644 --- a/etc/cower.profile +++ b/etc/cower.profile | |||
@@ -45,4 +45,5 @@ private-dev | |||
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
48 | |||
48 | read-only ${HOME}/.config/cower/config | 49 | read-only ${HOME}/.config/cower/config |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 38f6ee65e..48e495c60 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -7,6 +7,9 @@ include gzip.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | ||
11 | noblacklist /var/lib/pacman | ||
12 | |||
10 | include disable-common.inc | 13 | include disable-common.inc |
11 | include disable-devel.inc | 14 | include disable-devel.inc |
12 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 55bea9c5e..0120fc2cd 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
@@ -1,5 +1,10 @@ | |||
1 | # Firejail profile for makepkg | 1 | # Firejail profile for makepkg |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | ||
4 | # Persistent local customizations | ||
5 | include makepkg.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
3 | 8 | ||
4 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 9 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
5 | # for potential issues and their solutions when Firejailing makepkg | 10 | # for potential issues and their solutions when Firejailing makepkg |
@@ -8,13 +13,6 @@ | |||
8 | # whitelist ${HOME}/<Your Build Folder> | 13 | # whitelist ${HOME}/<Your Build Folder> |
9 | # whitelist ${HOME}/.gnupg | 14 | # whitelist ${HOME}/.gnupg |
10 | 15 | ||
11 | quiet | ||
12 | # Persistent local customizations | ||
13 | include makepkg.local | ||
14 | # Persistent global definitions | ||
15 | include globals.local | ||
16 | |||
17 | |||
18 | # Enable severely restricted access to ${HOME}/.gnupg | 16 | # Enable severely restricted access to ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.gnupg | 17 | noblacklist ${HOME}/.gnupg |
20 | read-only ${HOME}/.gnupg/gpg.conf | 18 | read-only ${HOME}/.gnupg/gpg.conf |
@@ -26,8 +24,7 @@ blacklist ${HOME}/.gnupg/private-keys-v1.d | |||
26 | blacklist ${HOME}/.gnupg/crls.d | 24 | blacklist ${HOME}/.gnupg/crls.d |
27 | blacklist ${HOME}/.gnupg/openpgp-revocs.d | 25 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
28 | 26 | ||
29 | 27 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | |
30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | ||
31 | noblacklist /var/lib/pacman | 28 | noblacklist /var/lib/pacman |
32 | 29 | ||
33 | include disable-common.inc | 30 | include disable-common.inc |
diff --git a/etc/tar.profile b/etc/tar.profile index 1232bb372..cace89965 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -7,6 +7,9 @@ include tar.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | ||
11 | noblacklist /var/lib/pacman | ||
12 | |||
10 | include disable-common.inc | 13 | include disable-common.inc |
11 | include disable-devel.inc | 14 | include disable-devel.inc |
12 | include disable-exec.inc | 15 | include disable-exec.inc |