diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/bibletime.profile | 35 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 |
2 files changed, 37 insertions, 0 deletions
diff --git a/etc/bibletime.profile b/etc/bibletime.profile new file mode 100644 index 000000000..19beb5aed --- /dev/null +++ b/etc/bibletime.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/bibletime.local | ||
4 | |||
5 | # Firejail profile for BibleTime | ||
6 | noblacklist ~/.sword | ||
7 | noblacklist ~/.bibletime | ||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | include /etc/firejail/disable-devel.inc | ||
11 | include /etc/firejail/disable-passwdmgr.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | |||
14 | whitelist ${HOME}/.config/qt5ct | ||
15 | whitelist ${HOME}/.sword | ||
16 | whitelist ${HOME}/.bibletime | ||
17 | |||
18 | blacklist ~/.bashrc | ||
19 | blacklist ~/.Xauthority | ||
20 | |||
21 | caps.drop all | ||
22 | netfilter | ||
23 | nogroups | ||
24 | nonewprivs | ||
25 | noroot | ||
26 | nosound | ||
27 | protocol unix,inet,inet6,netlink | ||
28 | seccomp | ||
29 | shell none | ||
30 | tracelog | ||
31 | |||
32 | #private-bin bibletime,qt5ct | ||
33 | private-etc fonts,resolv.conf,sword,sword.conf,passwd | ||
34 | private-dev | ||
35 | private-tmp | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 87f8e13b9..bad1f0263 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -18,6 +18,7 @@ blacklist ${HOME}/.atom | |||
18 | blacklist ${HOME}/.attic | 18 | blacklist ${HOME}/.attic |
19 | blacklist ${HOME}/.audacity-data | 19 | blacklist ${HOME}/.audacity-data |
20 | blacklist ${HOME}/.bcast5 | 20 | blacklist ${HOME}/.bcast5 |
21 | blacklist ${HOME}/.bibletime | ||
21 | blacklist ${HOME}/.claws-mail | 22 | blacklist ${HOME}/.claws-mail |
22 | blacklist ${HOME}/.config/0ad | 23 | blacklist ${HOME}/.config/0ad |
23 | blacklist ${HOME}/.config/Atom | 24 | blacklist ${HOME}/.config/Atom |
@@ -107,6 +108,7 @@ blacklist ${HOME}/.config/pix | |||
107 | blacklist ${HOME}/.config/pluma | 108 | blacklist ${HOME}/.config/pluma |
108 | blacklist ${HOME}/.config/psi+ | 109 | blacklist ${HOME}/.config/psi+ |
109 | blacklist ${HOME}/.config/qpdfview | 110 | blacklist ${HOME}/.config/qpdfview |
111 | blacklist ${HOME}/.config/qt5ct | ||
110 | blacklist ${HOME}/.config/qutebrowser | 112 | blacklist ${HOME}/.config/qutebrowser |
111 | blacklist ${HOME}/.config/ranger | 113 | blacklist ${HOME}/.config/ranger |
112 | blacklist ${HOME}/.config/redshift.conf | 114 | blacklist ${HOME}/.config/redshift.conf |