diff options
Diffstat (limited to 'etc')
35 files changed, 408 insertions, 0 deletions
diff --git a/etc/audacious.profile b/etc/audacious.profile new file mode 100644 index 000000000..23f223a29 --- /dev/null +++ b/etc/audacious.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | # Audacious profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
8 | |||
diff --git a/etc/chromium-browser.profile b/etc/chromium-browser.profile new file mode 100644 index 000000000..4cdc098d1 --- /dev/null +++ b/etc/chromium-browser.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | # Chromium browser profile | ||
2 | include /etc/firejail/chromium.profile | ||
3 | |||
diff --git a/etc/chromium.profile b/etc/chromium.profile new file mode 100644 index 000000000..4f6e7e450 --- /dev/null +++ b/etc/chromium.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Chromium browser profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc chromium | ||
5 | netfilter | ||
6 | |||
7 | |||
diff --git a/etc/clementine.profile b/etc/clementine.profile new file mode 100644 index 000000000..dd855cc62 --- /dev/null +++ b/etc/clementine.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Clementine profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile new file mode 100644 index 000000000..e2f5787cc --- /dev/null +++ b/etc/deadbeef.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | # DeaDBeeF profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
8 | |||
diff --git a/etc/deluge.profile b/etc/deluge.profile new file mode 100644 index 000000000..138d0a133 --- /dev/null +++ b/etc/deluge.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # deluge profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc new file mode 100644 index 000000000..926000411 --- /dev/null +++ b/etc/disable-common.inc | |||
@@ -0,0 +1,10 @@ | |||
1 | blacklist ${HOME}/.adobe | ||
2 | blacklist ${HOME}/.macromedia | ||
3 | blacklist ${HOME}/.mozilla | ||
4 | blacklist ${HOME}/.icedove | ||
5 | blacklist ${HOME}/.thunderbird | ||
6 | blacklist ${HOME}/.config/midori | ||
7 | blacklist ${HOME}/.config/opera | ||
8 | blacklist ${HOME}/.config/chromium | ||
9 | blacklist ${HOME}/.config/google-chrome | ||
10 | blacklist ${HOME}/.filezilla | ||
diff --git a/etc/disable-mgmt.inc b/etc/disable-mgmt.inc new file mode 100644 index 000000000..f04619ea0 --- /dev/null +++ b/etc/disable-mgmt.inc | |||
@@ -0,0 +1,12 @@ | |||
1 | # system directories | ||
2 | blacklist /sbin | ||
3 | blacklist /usr/sbin | ||
4 | |||
5 | # system management | ||
6 | blacklist ${PATH}/umount | ||
7 | blacklist ${PATH}/mount | ||
8 | blacklist ${PATH}/fusermount | ||
9 | blacklist ${PATH}/su | ||
10 | blacklist ${PATH}/sudo | ||
11 | blacklist ${PATH}/xinput | ||
12 | blacklist ${PATH}/strace | ||
diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc new file mode 100644 index 000000000..8ac1b3792 --- /dev/null +++ b/etc/disable-secret.inc | |||
@@ -0,0 +1,9 @@ | |||
1 | # HOME directory | ||
2 | blacklist ${HOME}/.ssh | ||
3 | tmpfs ${HOME}/.gnome2_private | ||
4 | blacklist ${HOME}/.gnome2/keyrings | ||
5 | blacklist ${HOME}/kde4/share/apps/kwallet | ||
6 | blacklist ${HOME}/kde/share/apps/kwallet | ||
7 | blacklist ${HOME}/.pki/nssdb | ||
8 | blacklist ${HOME}/.gnupg | ||
9 | blacklist ${HOME}/.local/share/recently-used.xbel | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile new file mode 100644 index 000000000..82b54adb1 --- /dev/null +++ b/etc/dropbox.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # dropbox profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile new file mode 100644 index 000000000..d24cae528 --- /dev/null +++ b/etc/empathy.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | # Empathy profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
diff --git a/etc/evince.profile b/etc/evince.profile new file mode 100644 index 000000000..4d96d5904 --- /dev/null +++ b/etc/evince.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | # evince profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile new file mode 100644 index 000000000..a54b5a734 --- /dev/null +++ b/etc/filezilla.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # FileZilla profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc .filezilla | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
8 | netfilter | ||
9 | |||
10 | |||
diff --git a/etc/firefox.profile b/etc/firefox.profile new file mode 100644 index 000000000..dc3489d35 --- /dev/null +++ b/etc/firefox.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc .mozilla | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/firejail.bash_completion b/etc/firejail.bash_completion new file mode 100644 index 000000000..50eccf536 --- /dev/null +++ b/etc/firejail.bash_completion | |||
@@ -0,0 +1,86 @@ | |||
1 | # bash completion for firejail -*- shell-script -*- | ||
2 | #******************************************************************** | ||
3 | # Script based on completions/configure script in bash-completion package in | ||
4 | # Debian. The original package is release under GPL v2 license, the webpage is | ||
5 | # http://bash-completion.alioth.debian.org | ||
6 | #******************************************************************* | ||
7 | |||
8 | __interfaces(){ | ||
9 | cut -f 1 -d ':' /proc/net/dev | tail -n +3 | grep -v lo | xargs | ||
10 | } | ||
11 | |||
12 | |||
13 | _firejail() | ||
14 | { | ||
15 | local cur prev words cword split | ||
16 | _init_completion -s || return | ||
17 | |||
18 | case $prev in | ||
19 | --help|--version|-debug-caps|--debug-syscalls|--list|--tree|--top|--join|--shutdown) | ||
20 | return 0 | ||
21 | ;; | ||
22 | --profile) | ||
23 | _filedir | ||
24 | return 0 | ||
25 | ;; | ||
26 | --chroot) | ||
27 | _filedir -d | ||
28 | return 0 | ||
29 | ;; | ||
30 | --cgroup) | ||
31 | _filedir -d | ||
32 | return 0 | ||
33 | ;; | ||
34 | --tmpfs) | ||
35 | _filedir | ||
36 | return 0 | ||
37 | ;; | ||
38 | --blacklist) | ||
39 | _filedir | ||
40 | return 0 | ||
41 | ;; | ||
42 | --read-only) | ||
43 | _filedir | ||
44 | return 0 | ||
45 | ;; | ||
46 | --bind) | ||
47 | _filedir | ||
48 | return 0 | ||
49 | ;; | ||
50 | --private) | ||
51 | _filedir | ||
52 | return 0 | ||
53 | ;; | ||
54 | --shell) | ||
55 | _filedir | ||
56 | return 0 | ||
57 | ;; | ||
58 | --net) | ||
59 | comps=$(__interfaces) | ||
60 | COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) | ||
61 | return 0 | ||
62 | ;; | ||
63 | esac | ||
64 | |||
65 | $split && return 0 | ||
66 | |||
67 | # if $COMP_CONFIGURE_HINTS is not null, then completions of the form | ||
68 | # --option=SETTING will include 'SETTING' as a contextual hint | ||
69 | [[ "$cur" != -* ]] && _filedir && return 0 | ||
70 | |||
71 | if [[ -n $COMP_CONFIGURE_HINTS ]]; then | ||
72 | COMPREPLY=( $( compgen -W "$( $1 --help 2>&1 | \ | ||
73 | awk '/^ --[A-Za-z]/ { print $1; \ | ||
74 | if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,].*//g' )" \ | ||
75 | -- "$cur" ) ) | ||
76 | [[ $COMPREPLY == *=* ]] && compopt -o nospace | ||
77 | else | ||
78 | COMPREPLY=( $( compgen -W '$( _parse_help "$1" )' -- "$cur" ) ) | ||
79 | [[ $COMPREPLY == *= ]] && compopt -o nospace | ||
80 | fi | ||
81 | |||
82 | } && | ||
83 | complete -F _firejail firejail | ||
84 | |||
85 | |||
86 | |||
diff --git a/etc/firemon.bash_completion b/etc/firemon.bash_completion new file mode 100644 index 000000000..befbf2388 --- /dev/null +++ b/etc/firemon.bash_completion | |||
@@ -0,0 +1,39 @@ | |||
1 | # bash completion for firemon -*- shell-script -*- | ||
2 | #******************************************************************** | ||
3 | # Script based on completions/configure script in bash-completion package in | ||
4 | # Debian. The original package is release under GPL v2 license, the webpage is | ||
5 | # http://bash-completion.alioth.debian.org | ||
6 | #******************************************************************* | ||
7 | |||
8 | _firemon() | ||
9 | { | ||
10 | local cur prev words cword split | ||
11 | _init_completion -s || return | ||
12 | |||
13 | case $prev in | ||
14 | --help|--version) | ||
15 | return | ||
16 | ;; | ||
17 | esac | ||
18 | |||
19 | $split && return 0 | ||
20 | |||
21 | # if $COMP_CONFIGURE_HINTS is not null, then completions of the form | ||
22 | # --option=SETTING will include 'SETTING' as a contextual hint | ||
23 | [[ "$cur" != -* ]] && return 0 | ||
24 | |||
25 | if [[ -n $COMP_CONFIGURE_HINTS ]]; then | ||
26 | COMPREPLY=( $( compgen -W "$( $1 --help 2>&1 | \ | ||
27 | awk '/^ --[A-Za-z]/ { print $1; \ | ||
28 | if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,].*//g' )" \ | ||
29 | -- "$cur" ) ) | ||
30 | [[ $COMPREPLY == *=* ]] && compopt -o nospace | ||
31 | else | ||
32 | COMPREPLY=( $( compgen -W '$( _parse_help "$1" )' -- "$cur" ) ) | ||
33 | [[ $COMPREPLY == *= ]] && compopt -o nospace | ||
34 | fi | ||
35 | } && | ||
36 | complete -F _firemon firemon | ||
37 | |||
38 | |||
39 | |||
diff --git a/etc/generic.profile b/etc/generic.profile new file mode 100644 index 000000000..83bf59e0a --- /dev/null +++ b/etc/generic.profile | |||
@@ -0,0 +1,41 @@ | |||
1 | ################################ | ||
2 | # Generic profile based on Firefox profile | ||
3 | ################################ | ||
4 | #include /etc/firejail/disable-mgmt.inc | ||
5 | # system directories | ||
6 | blacklist /sbin | ||
7 | blacklist /usr/sbin | ||
8 | # system management | ||
9 | blacklist ${PATH}/umount | ||
10 | blacklist ${PATH}/mount | ||
11 | blacklist ${PATH}/fusermount | ||
12 | blacklist ${PATH}/su | ||
13 | blacklist ${PATH}/sudo | ||
14 | blacklist ${PATH}/xinput | ||
15 | blacklist ${PATH}/strace | ||
16 | |||
17 | #include /etc/firejail/disable-secret.inc | ||
18 | # HOME directory | ||
19 | blacklist ${HOME}/.ssh | ||
20 | tmpfs ${HOME}/.gnome2_private | ||
21 | blacklist ${HOME}/.gnome2/keyrings | ||
22 | blacklist ${HOME}/kde4/share/apps/kwallet | ||
23 | blacklist ${HOME}/kde/share/apps/kwallet | ||
24 | blacklist ${HOME}/.pki/nssdb | ||
25 | blacklist ${HOME}/.gnupg | ||
26 | blacklist ${HOME}/.local/share/recently-used.xbel | ||
27 | |||
28 | blacklist ${HOME}/.adobe | ||
29 | blacklist ${HOME}/.macromedia | ||
30 | blacklist ${HOME}/.mozilla | ||
31 | blacklist ${HOME}/.icedove | ||
32 | blacklist ${HOME}/.thunderbird | ||
33 | blacklist ${HOME}/.config/opera | ||
34 | blacklist ${HOME}/.config/chromium | ||
35 | blacklist ${HOME}/.config/google-chrome | ||
36 | |||
37 | caps.drop all | ||
38 | seccomp | ||
39 | netfilter | ||
40 | noroot | ||
41 | |||
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile new file mode 100644 index 000000000..b69cf3a57 --- /dev/null +++ b/etc/gnome-mplayer.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # GNOME MPlayer profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/icecat.profile b/etc/icecat.profile new file mode 100644 index 000000000..25d426ad2 --- /dev/null +++ b/etc/icecat.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | # Firejail profile for GNU Icecat | ||
2 | include /etc/firejail/firefox.profile | ||
diff --git a/etc/icedove.profile b/etc/icedove.profile new file mode 100644 index 000000000..057e0c9ef --- /dev/null +++ b/etc/icedove.profile | |||
@@ -0,0 +1,3 @@ | |||
1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) | ||
2 | include /etc/firejail/thunderbird.profile | ||
3 | |||
diff --git a/etc/iceweasel.profile b/etc/iceweasel.profile new file mode 100644 index 000000000..e9b32846a --- /dev/null +++ b/etc/iceweasel.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | ||
2 | include /etc/firejail/firefox.profile | ||
diff --git a/etc/login.users b/etc/login.users new file mode 100644 index 000000000..5d5969091 --- /dev/null +++ b/etc/login.users | |||
@@ -0,0 +1,14 @@ | |||
1 | # /etc/firejail/login.users - restricted user shell configuration | ||
2 | # | ||
3 | # Each user entry consists of a user name and firejail | ||
4 | # program arguments: | ||
5 | # | ||
6 | # user name: arguments | ||
7 | # | ||
8 | # For example: | ||
9 | # | ||
10 | # netblue:--debug --net=none | ||
11 | # | ||
12 | # The extra arguments are inserted into program command line if firejail | ||
13 | # was started as a login shell. | ||
14 | |||
diff --git a/etc/midori.profile b/etc/midori.profile new file mode 100644 index 000000000..5479ba172 --- /dev/null +++ b/etc/midori.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Midory browser profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc midori | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/opera.profile b/etc/opera.profile new file mode 100644 index 000000000..852f10719 --- /dev/null +++ b/etc/opera.profile | |||
@@ -0,0 +1,8 @@ | |||
1 | # Chromium browser profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc opera | ||
5 | netfilter | ||
6 | noroot | ||
7 | |||
8 | |||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile new file mode 100644 index 000000000..6f5594919 --- /dev/null +++ b/etc/pidgin.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Pidgin profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile new file mode 100644 index 000000000..f85dfc994 --- /dev/null +++ b/etc/qbittorrent.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # abittorrent profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/quassel.profile b/etc/quassel.profile new file mode 100644 index 000000000..a2057ad01 --- /dev/null +++ b/etc/quassel.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Quassel IRC profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile new file mode 100644 index 000000000..42d4dc0fa --- /dev/null +++ b/etc/rhythmbox.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Rhythmbox profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/server.profile b/etc/server.profile new file mode 100644 index 000000000..bb15774fa --- /dev/null +++ b/etc/server.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | # generic server profile | ||
2 | include /etc/firejail/disable-mgmt.inc sbin | ||
3 | private | ||
4 | private-dev | ||
5 | seccomp | ||
6 | |||
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile new file mode 100644 index 000000000..8b63a6ec5 --- /dev/null +++ b/etc/thunderbird.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # Firejail profile for Mozilla Thunderbird (Icedove in Debian) | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc thunderbird icedove | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/totem.profile b/etc/totem.profile new file mode 100644 index 000000000..50115deb5 --- /dev/null +++ b/etc/totem.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # Totem profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile new file mode 100644 index 000000000..9ccece285 --- /dev/null +++ b/etc/transmission-gtk.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # transmission-gtk profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile new file mode 100644 index 000000000..65a045f8e --- /dev/null +++ b/etc/transmission-qt.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # transmission-qt profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | netfilter | ||
8 | noroot | ||
9 | |||
diff --git a/etc/vlc.profile b/etc/vlc.profile new file mode 100644 index 000000000..76e1395f9 --- /dev/null +++ b/etc/vlc.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # VLC profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||
diff --git a/etc/xchat.profile b/etc/xchat.profile new file mode 100644 index 000000000..b8d8cb1e2 --- /dev/null +++ b/etc/xchat.profile | |||
@@ -0,0 +1,7 @@ | |||
1 | # XChat profile | ||
2 | include /etc/firejail/disable-mgmt.inc | ||
3 | include /etc/firejail/disable-secret.inc | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | caps.drop all | ||
6 | seccomp | ||
7 | noroot | ||