diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/surf.profile | 35 |
2 files changed, 36 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e740353a6..3007a51b3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -362,6 +362,7 @@ blacklist ${HOME}/.steampath | |||
362 | blacklist ${HOME}/.steampid | 362 | blacklist ${HOME}/.steampid |
363 | blacklist ${HOME}/.stellarium | 363 | blacklist ${HOME}/.stellarium |
364 | blacklist ${HOME}/.subversion | 364 | blacklist ${HOME}/.subversion |
365 | blacklist ${HOME}/.surf | ||
365 | blacklist ${HOME}/.sword | 366 | blacklist ${HOME}/.sword |
366 | blacklist ${HOME}/.sylpheed-2.0 | 367 | blacklist ${HOME}/.sylpheed-2.0 |
367 | blacklist ${HOME}/.synfig | 368 | blacklist ${HOME}/.synfig |
diff --git a/etc/surf.profile b/etc/surf.profile new file mode 100644 index 000000000..251331902 --- /dev/null +++ b/etc/surf.profile | |||
@@ -0,0 +1,35 @@ | |||
1 | # Firejail profile for surf | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/surf.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ~/.surf | ||
9 | |||
10 | include /etc/firejail/disable-common.inc | ||
11 | include /etc/firejail/disable-devel.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | |||
14 | mkdir ~/.surf | ||
15 | whitelist ${DOWNLOADS} | ||
16 | include /etc/firejail/whitelist-common.inc | ||
17 | |||
18 | caps.drop all | ||
19 | netfilter | ||
20 | nodvd | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | notv | ||
24 | protocol unix,inet,inet6,netlink | ||
25 | seccomp | ||
26 | shell none | ||
27 | tracelog | ||
28 | |||
29 | private-bin ls,surf,sh,dash,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop | ||
30 | private-dev | ||
31 | private-etc passwd,group,hosts,resolv.conf,fonts,ssl | ||
32 | private-tmp | ||
33 | |||
34 | noexec ${HOME} | ||
35 | noexec /tmp | ||