aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/disable-programs.inc3
-rw-r--r--etc/profile-m-z/newsbeuter.profile18
-rw-r--r--etc/profile-m-z/newsboat.profile14
-rw-r--r--etc/templates/profile.template8
4 files changed, 34 insertions, 9 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 5fe043b14..7a37c9fb4 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -334,6 +334,7 @@ blacklist ${HOME}/.config/nemo
334blacklist ${HOME}/.config/neomutt 334blacklist ${HOME}/.config/neomutt
335blacklist ${HOME}/.config/netsurf 335blacklist ${HOME}/.config/netsurf
336blacklist ${HOME}/.config/newsbeuter 336blacklist ${HOME}/.config/newsbeuter
337blacklist ${HOME}/.config/newsboat
337blacklist ${HOME}/.config/newsflash 338blacklist ${HOME}/.config/newsflash
338blacklist ${HOME}/.config/nheko 339blacklist ${HOME}/.config/nheko
339blacklist ${HOME}/.config/NitroShare 340blacklist ${HOME}/.config/NitroShare
@@ -703,6 +704,8 @@ blacklist ${HOME}/.local/share/nautilus-python
703blacklist ${HOME}/.local/share/nemo 704blacklist ${HOME}/.local/share/nemo
704blacklist ${HOME}/.local/share/nemo-python 705blacklist ${HOME}/.local/share/nemo-python
705blacklist ${HOME}/.local/share/news-flash 706blacklist ${HOME}/.local/share/news-flash
707blacklist ${HOME}/.local/share/newsbeuter
708blacklist ${HOME}/.local/share/newsboat
706blacklist ${HOME}/.local/share/nomacs 709blacklist ${HOME}/.local/share/nomacs
707blacklist ${HOME}/.local/share/notes 710blacklist ${HOME}/.local/share/notes
708blacklist ${HOME}/.local/share/ocenaudio 711blacklist ${HOME}/.local/share/ocenaudio
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile
index 85581a2f0..6efb19502 100644
--- a/etc/profile-m-z/newsbeuter.profile
+++ b/etc/profile-m-z/newsbeuter.profile
@@ -7,13 +7,23 @@ include newsbeuter.local
7# added by included profile 7# added by included profile
8#include globals.local 8#include globals.local
9 9
10noblacklist ${HOME}/.config/newsbeuter 10ignore include newsboat.local
11noblacklist ${HOME}/.newsbeuter 11ignore mkdir ${HOME}/.config/newsboat
12ignore mkdir ${HOME}/.local/share/newsboat
13ignore mkdir ${HOME}/.newsboat
14blacklist ${PATH}/newsboat
15
16blacklist ${HOME}/.config/newsboat
17blacklist ${HOME}/.local/share/newsboat
18blacklist ${HOME}/.newsboat
19
20nowhitelist ${HOME}/.config/newsboat
21nowhitelist ${HOME}/.local/share/newsboat
22nowhitelist ${HOME}/.newsboat
12 23
13mkdir ${HOME}/.config/newsbeuter 24mkdir ${HOME}/.config/newsbeuter
25mkdir ${HOME}/.local/share/newsbeuter
14mkdir ${HOME}/.newsbeuter 26mkdir ${HOME}/.newsbeuter
15whitelist ${HOME}/.config/newsbeuter
16whitelist ${HOME}/.newsbeuter
17 27
18private-bin newsbeuter 28private-bin newsbeuter
19 29
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile
index 85b780ced..23c2de43c 100644
--- a/etc/profile-m-z/newsboat.profile
+++ b/etc/profile-m-z/newsboat.profile
@@ -6,6 +6,11 @@ include newsboat.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.config/newsbeuter
10noblacklist ${HOME}/.config/newsboat
11noblacklist ${HOME}/.local/share/newsbeuter
12noblacklist ${HOME}/.local/share/newsboat
13noblacklist ${HOME}/.newsbeuter
9noblacklist ${HOME}/.newsboat 14noblacklist ${HOME}/.newsboat
10 15
11include disable-common.inc 16include disable-common.inc
@@ -16,7 +21,14 @@ include disable-passwdmgr.inc
16include disable-programs.inc 21include disable-programs.inc
17include disable-xdg.inc 22include disable-xdg.inc
18 23
24mkdir ${HOME}/.config/newsboat
25mkdir ${HOME}/.local/share/newsboat
19mkdir ${HOME}/.newsboat 26mkdir ${HOME}/.newsboat
27whitelist ${HOME}/.config/newsbeuter
28whitelist ${HOME}/.config/newsboat
29whitelist ${HOME}/.local/share/newsbeuter
30whitelist ${HOME}/.local/share/newsboat
31whitelist ${HOME}/.newsbeuter
20whitelist ${HOME}/.newsboat 32whitelist ${HOME}/.newsboat
21include whitelist-common.inc 33include whitelist-common.inc
22include whitelist-runuser-common.inc 34include whitelist-runuser-common.inc
@@ -38,7 +50,7 @@ seccomp
38shell none 50shell none
39 51
40disable-mnt 52disable-mnt
41private-bin gzip,lynx,newsboat,sh 53private-bin gzip,lynx,newsboat,sh,w3m
42private-cache 54private-cache
43private-dev 55private-dev
44private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo 56private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 17d7f55b2..065245a63 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -1,5 +1,5 @@
1# Firejail profile for PROGRAM_NAME 1# Firejail profile for PROGRAM_NAME
2# Description: DESCRIPTION 2# Description: DESCRIPTION OF THE PROGRAM
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4# --- CUT HERE --- 4# --- CUT HERE ---
5# This is a generic template to help you create profiles. 5# This is a generic template to help you create profiles.
@@ -10,8 +10,8 @@
10# - lines with two ## are only needed in special situations 10# - lines with two ## are only needed in special situations
11# - make the profile as restrictive as possible while still keeping the program useful 11# - make the profile as restrictive as possible while still keeping the program useful
12# (e.g. a program that is unable to save user's work is considered bad practice) 12# (e.g. a program that is unable to save user's work is considered bad practice)
13# - dedicate ample time (based on the complexity of the application) to profile testing before raising 13# - dedicate ample time (based on the complexity of the application) to profile testing before
14# a pull request 14# submitting a pull request
15# - keep the sections structure, use a single empty line as separator 15# - keep the sections structure, use a single empty line as separator
16# - entries within sections are alphabetically sorted 16# - entries within sections are alphabetically sorted
17# - consider putting binary into src/firecfg/firecfg.config (keep list sorted) but beware 17# - consider putting binary into src/firecfg/firecfg.config (keep list sorted) but beware
@@ -203,7 +203,7 @@ include globals.local
203# - Some features like native notifications are implemented as portal too. 203# - Some features like native notifications are implemented as portal too.
204# - In order to make dconf work (when used by the app) you need to allow 204# - In order to make dconf work (when used by the app) you need to allow
205# 'ca.desrt.dconf' even when not allowed by flatpak. 205# 'ca.desrt.dconf' even when not allowed by flatpak.
206# Notes and Policiy about addresses can be found at 206# Notes and policies about addresses can be found at
207# <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus> 207# <https://github.com/netblue30/firejail/wiki/Restrict-D-Bus>
208#dbus-user filter 208#dbus-user filter
209#dbus-user.own com.github.netblue30.firejail 209#dbus-user.own com.github.netblue30.firejail
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-26 23:25:51 +0000