diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/gnome-recipes.profile | 2 | ||||
-rw-r--r-- | etc/ncdu.profile | 29 | ||||
-rw-r--r-- | etc/steam.profile | 8 |
3 files changed, 35 insertions, 4 deletions
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 2392440a6..2f7657c0c 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin gnome-recipes,tar | 36 | private-bin gnome-recipes,tar |
37 | private-dev | 37 | private-dev |
38 | private-etc ca-certificates,fonts,ssl | 38 | private-etc ca-certificates,fonts,ssl,crypto-policies,pki |
39 | # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) | 39 | # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) |
40 | # not widely tested though, leaving it to devs discretion to enable it later | 40 | # not widely tested though, leaving it to devs discretion to enable it later |
41 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 | 41 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 |
diff --git a/etc/ncdu.profile b/etc/ncdu.profile new file mode 100644 index 000000000..ab79a325e --- /dev/null +++ b/etc/ncdu.profile | |||
@@ -0,0 +1,29 @@ | |||
1 | # Firejail profile for ncdu | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/ncdu.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | caps.drop all | ||
9 | ipc-namespace | ||
10 | nodbus | ||
11 | net none | ||
12 | no3d | ||
13 | nodvd | ||
14 | nogroups | ||
15 | nonewprivs | ||
16 | noroot | ||
17 | nosound | ||
18 | notv | ||
19 | novideo | ||
20 | protocol unix | ||
21 | seccomp | ||
22 | shell none | ||
23 | |||
24 | private-dev | ||
25 | # private-tmp | ||
26 | |||
27 | memory-deny-write-execute | ||
28 | noexec ${HOME} | ||
29 | noexec /tmp | ||
diff --git a/etc/steam.profile b/etc/steam.profile index 4965d3a54..e6449aa97 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -32,7 +32,9 @@ include /etc/firejail/disable-programs.inc | |||
32 | include /etc/firejail/whitelist-var-common.inc | 32 | include /etc/firejail/whitelist-var-common.inc |
33 | 33 | ||
34 | caps.drop all | 34 | caps.drop all |
35 | #ipc-namespace | ||
35 | netfilter | 36 | netfilter |
37 | #nodbus | ||
36 | nodvd | 38 | nodvd |
37 | nogroups | 39 | nogroups |
38 | nonewprivs | 40 | nonewprivs |
@@ -44,10 +46,10 @@ protocol unix,inet,inet6,netlink | |||
44 | seccomp | 46 | seccomp |
45 | shell none | 47 | shell none |
46 | # tracelog disabled as it breaks integrated browser | 48 | # tracelog disabled as it breaks integrated browser |
47 | # tracelog | 49 | #tracelog |
48 | 50 | ||
49 | # private-dev should be commented for controllers | 51 | # private-dev should be commented for controllers |
50 | private-dev | 52 | private-dev |
51 | # private-etc breaks some games | 53 | # private-etc breaks a small selection of games on some systems, comment to support those |
52 | #private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies | 54 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives |
53 | private-tmp | 55 | private-tmp |