diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 6 | ||||
-rw-r--r-- | etc/kget.profile | 37 |
2 files changed, 42 insertions, 1 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9bfef1f5e..73a2e6515 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -230,6 +230,7 @@ blacklist ${HOME}/.java | |||
230 | blacklist ${HOME}/.jitsi | 230 | blacklist ${HOME}/.jitsi |
231 | blacklist ${HOME}/.kde/share/apps/gwenview | 231 | blacklist ${HOME}/.kde/share/apps/gwenview |
232 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 232 | blacklist ${HOME}/.kde/share/apps/kcookiejar |
233 | blacklist ${HOME}/.kde/share/apps/kget | ||
233 | blacklist ${HOME}/.kde/share/apps/khtml | 234 | blacklist ${HOME}/.kde/share/apps/khtml |
234 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | 235 | blacklist ${HOME}/.kde/share/apps/konqsidebartng |
235 | blacklist ${HOME}/.kde/share/apps/konqueror | 236 | blacklist ${HOME}/.kde/share/apps/konqueror |
@@ -241,6 +242,7 @@ blacklist ${HOME}/.kde/share/config/digikam | |||
241 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 242 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
242 | blacklist ${HOME}/.kde/share/config/k3brc | 243 | blacklist ${HOME}/.kde/share/config/k3brc |
243 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 244 | blacklist ${HOME}/.kde/share/config/kcookiejarrc |
245 | blacklist ${HOME}/.kde/share/config/kgetrc | ||
244 | blacklist ${HOME}/.kde/share/config/khtmlrc | 246 | blacklist ${HOME}/.kde/share/config/khtmlrc |
245 | blacklist ${HOME}/.kde/share/config/konq_history | 247 | blacklist ${HOME}/.kde/share/config/konq_history |
246 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | 248 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc |
@@ -251,6 +253,7 @@ blacklist ${HOME}/.kde/share/config/okularpartrc | |||
251 | blacklist ${HOME}/.kde/share/config/okularrc | 253 | blacklist ${HOME}/.kde/share/config/okularrc |
252 | blacklist ${HOME}/.kde4/share/apps/gwenview | 254 | blacklist ${HOME}/.kde4/share/apps/gwenview |
253 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 255 | blacklist ${HOME}/.kde4/share/apps/kcookiejar |
256 | blacklist ${HOME}/.kde4/share/apps/kget | ||
254 | blacklist ${HOME}/.kde4/share/apps/khtml | 257 | blacklist ${HOME}/.kde4/share/apps/khtml |
255 | blacklist ${HOME}/.kde4/share/apps/konqueror | 258 | blacklist ${HOME}/.kde4/share/apps/konqueror |
256 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 259 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng |
@@ -262,14 +265,15 @@ blacklist ${HOME}/.kde4/share/config/digikam | |||
262 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 265 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
263 | blacklist ${HOME}/.kde4/share/config/k3brc | 266 | blacklist ${HOME}/.kde4/share/config/k3brc |
264 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 267 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc |
268 | blacklist ${HOME}/.kde4/share/config/kgetrc | ||
265 | blacklist ${HOME}/.kde4/share/config/khtmlrc | 269 | blacklist ${HOME}/.kde4/share/config/khtmlrc |
266 | blacklist ${HOME}/.kde4/share/config/konq_history | 270 | blacklist ${HOME}/.kde4/share/config/konq_history |
267 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | 271 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc |
268 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 272 | blacklist ${HOME}/.kde4/share/config/konquerorrc |
269 | blacklist ${HOME}/.kde4/share/config/kopeterc | 273 | blacklist ${HOME}/.kde4/share/config/kopeterc |
274 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
270 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 275 | blacklist ${HOME}/.kde4/share/config/okularpartrc |
271 | blacklist ${HOME}/.kde4/share/config/okularrc | 276 | blacklist ${HOME}/.kde4/share/config/okularrc |
272 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | ||
273 | blacklist ${HOME}/.killingfloor | 277 | blacklist ${HOME}/.killingfloor |
274 | blacklist ${HOME}/.kino-history | 278 | blacklist ${HOME}/.kino-history |
275 | blacklist ${HOME}/.kinorc | 279 | blacklist ${HOME}/.kinorc |
diff --git a/etc/kget.profile b/etc/kget.profile new file mode 100644 index 000000000..f6d7352c1 --- /dev/null +++ b/etc/kget.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Firejail profile for kget | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/kget.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.kde/share/apps/kget | ||
9 | noblacklist ~/.kde/share/config/kgetrc | ||
10 | noblacklist ~/.kde4/share/apps/kget | ||
11 | noblacklist ~/.kde4/share/config/kgetrc | ||
12 | |||
13 | include /etc/firejail/disable-common.inc | ||
14 | include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | include /etc/firejail/disable-programs.inc | ||
17 | |||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | nonewprivs | ||
25 | noroot | ||
26 | nosound | ||
27 | notv | ||
28 | novideo | ||
29 | protocol unix,inet,inet6 | ||
30 | seccomp | ||
31 | |||
32 | private-dev | ||
33 | private-tmp | ||
34 | |||
35 | # memory-deny-write-execute | ||
36 | noexec ${HOME} | ||
37 | noexec /tmp | ||