diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/2048-qt.profile | 27 | ||||
-rw-r--r-- | etc/blender.profile | 28 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 |
3 files changed, 57 insertions, 0 deletions
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile new file mode 100644 index 000000000..f0ec90ee7 --- /dev/null +++ b/etc/2048-qt.profile | |||
@@ -0,0 +1,27 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/2048-qt.local | ||
4 | |||
5 | noblacklist ~/.config/xiaoyong | ||
6 | noblacklist ~/.config/2048-qt | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | caps.drop all | ||
12 | netfilter | ||
13 | nonewprivs | ||
14 | noroot | ||
15 | protocol unix,inet,inet6 | ||
16 | seccomp | ||
17 | |||
18 | # | ||
19 | # depending on your usage, you can enable some of the commands below: | ||
20 | # | ||
21 | nogroups | ||
22 | shell none | ||
23 | # private-bin program | ||
24 | # private-etc none | ||
25 | # private-dev | ||
26 | # private-tmp | ||
27 | nosound | ||
diff --git a/etc/blender.profile b/etc/blender.profile new file mode 100644 index 000000000..fac6f7731 --- /dev/null +++ b/etc/blender.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include /etc/firejail/blender.local | ||
4 | |||
5 | noblacklist ~/.config/blender | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-programs.inc | ||
8 | include /etc/firejail/disable-passwdmgr.inc | ||
9 | |||
10 | caps.drop all | ||
11 | netfilter | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6,netlink | ||
15 | seccomp | ||
16 | |||
17 | # | ||
18 | # depending on your usage, you can enable some of the commands below: | ||
19 | # | ||
20 | nogroups | ||
21 | shell none | ||
22 | # private-bin program | ||
23 | # private-etc none | ||
24 | # private-dev | ||
25 | # private-tmp | ||
26 | |||
27 | # blender uses the sound system | ||
28 | # nosound | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 29da32bbf..0ee47a89e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5 | |||
21 | blacklist ${HOME}/.bibletime | 21 | blacklist ${HOME}/.bibletime |
22 | blacklist ${HOME}/.claws-mail | 22 | blacklist ${HOME}/.claws-mail |
23 | blacklist ${HOME}/.config/0ad | 23 | blacklist ${HOME}/.config/0ad |
24 | blacklist ${HOME}/.config/2048-qt | ||
24 | blacklist ${HOME}/.config/akregatorrc | 25 | blacklist ${HOME}/.config/akregatorrc |
25 | blacklist ${HOME}/.config/Atom | 26 | blacklist ${HOME}/.config/Atom |
26 | blacklist ${HOME}/.config/Audaciousrc | 27 | blacklist ${HOME}/.config/Audaciousrc |
@@ -151,6 +152,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | |||
151 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 152 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
152 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 153 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
153 | blacklist ${HOME}/.config/xfce4-dict | 154 | blacklist ${HOME}/.config/xfce4-dict |
155 | blacklist ${HOME}/.config/xiaoyong | ||
154 | blacklist ${HOME}/.config/xmms2 | 156 | blacklist ${HOME}/.config/xmms2 |
155 | blacklist ${HOME}/.config/xplayer | 157 | blacklist ${HOME}/.config/xplayer |
156 | blacklist ${HOME}/.config/xreader | 158 | blacklist ${HOME}/.config/xreader |