diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-a-l/audacity.profile | 3 | ||||
-rw-r--r-- | etc/profile-a-l/gdu.profile | 46 | ||||
-rw-r--r-- | etc/profile-m-z/makepkg.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/neomutt.profile | 20 |
4 files changed, 49 insertions, 21 deletions
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index b517620db..2831fec72 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -20,7 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | 23 | ## Enabling App Armor appears to break some Fedora / Arch installs |
24 | #apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | net none | 26 | net none |
26 | no3d | 27 | no3d |
diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile new file mode 100644 index 000000000..783183bea --- /dev/null +++ b/etc/profile-a-l/gdu.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for gdu | ||
2 | # Description: Fast disk usage analyzer with console interface | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include gdu.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
12 | include disable-exec.inc | ||
13 | |||
14 | apparmor | ||
15 | caps.drop all | ||
16 | ipc-namespace | ||
17 | machine-id | ||
18 | net none | ||
19 | no3d | ||
20 | nodvd | ||
21 | nogroups | ||
22 | noinput | ||
23 | nonewprivs | ||
24 | noroot | ||
25 | nosound | ||
26 | notv | ||
27 | nou2f | ||
28 | novideo | ||
29 | # block the socket syscall to simulate an be empty protocol line, see #639 | ||
30 | seccomp socket | ||
31 | seccomp.block-secondary | ||
32 | x11 none | ||
33 | |||
34 | private-dev | ||
35 | |||
36 | dbus-user none | ||
37 | dbus-system none | ||
38 | |||
39 | memory-deny-write-execute | ||
40 | |||
41 | # gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features. | ||
42 | # Depending on workflow and use case the sandbox can be hardened by adding the | ||
43 | # lines below to your gdu.local if you don't need/want these functionalities. | ||
44 | #include disable-shell.inc | ||
45 | #private-bin gdu | ||
46 | #read-only ${HOME} | ||
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index dd2f0b318..4ec6ef82e 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for makepkg | 1 | # Firejail profile for makepkg |
2 | # Description: A utility to automate the building of Arch Linux packages | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | quiet | 4 | quiet |
4 | # Persistent local customizations | 5 | # Persistent local customizations |
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 5d482adca..9000b7972 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -50,31 +50,11 @@ include disable-programs.inc | |||
50 | include disable-xdg.inc | 50 | include disable-xdg.inc |
51 | 51 | ||
52 | mkdir ${HOME}/.Mail | 52 | mkdir ${HOME}/.Mail |
53 | mkdir ${HOME}/.bogofilter | ||
54 | mkdir ${HOME}/.config/mutt | ||
55 | mkdir ${HOME}/.config/nano | ||
56 | mkdir ${HOME}/.config/neomutt | ||
57 | mkdir ${HOME}/.elinks | ||
58 | mkdir ${HOME}/.emacs.d | ||
59 | mkdir ${HOME}/.gnupg | ||
60 | mkdir ${HOME}/.mail | 53 | mkdir ${HOME}/.mail |
61 | mkdir ${HOME}/.mutt | ||
62 | mkdir ${HOME}/.neomutt | ||
63 | mkdir ${HOME}/.vim | ||
64 | mkdir ${HOME}/.w3m | ||
65 | mkdir ${HOME}/Mail | 54 | mkdir ${HOME}/Mail |
66 | mkdir ${HOME}/mail | 55 | mkdir ${HOME}/mail |
67 | mkdir ${HOME}/postponed | 56 | mkdir ${HOME}/postponed |
68 | mkdir ${HOME}/sent | 57 | mkdir ${HOME}/sent |
69 | mkfile ${HOME}/.emacs | ||
70 | mkfile ${HOME}/.mailcap | ||
71 | mkfile ${HOME}/.msmtprc | ||
72 | mkfile ${HOME}/.muttrc | ||
73 | mkfile ${HOME}/.nanorc | ||
74 | mkfile ${HOME}/.neomuttrc | ||
75 | mkfile ${HOME}/.signature | ||
76 | mkfile ${HOME}/.viminfo | ||
77 | mkfile ${HOME}/.vimrc | ||
78 | whitelist ${DOCUMENTS} | 58 | whitelist ${DOCUMENTS} |
79 | whitelist ${DOWNLOADS} | 59 | whitelist ${DOWNLOADS} |
80 | whitelist ${HOME}/.Mail | 60 | whitelist ${HOME}/.Mail |