From 3fe456f9a29389bcffd190bb4163fddbb6fb76db Mon Sep 17 00:00:00 2001 From: user <76937231+Tus1688@users.noreply.github.com> Date: Sun, 9 Jan 2022 16:21:24 +0700 Subject: feat: neovim profile --- etc/profile-m-z/nvim.profile | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 etc/profile-m-z/nvim.profile diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile new file mode 100644 index 000000000..b121b4417 --- /dev/null +++ b/etc/profile-m-z/nvim.profile @@ -0,0 +1,39 @@ +# Firejail profile for neovim +# Description: Nvim is open source and freely distributable +# This file is overwritten after every install/update +# Persistent local customizations +include nvim.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.vim + +include disable-common.inc +include disable-programs.inc +include disable-devel.inc +include disable-passwdmgr.inc +include disable-xdg.inc +include disable-write-mnt.inc +include whitelist-runuser-common.inc + +# Allows files commonly used by IDEs +include allow-common-devel.inc + +caps.drop all +netfilter +nodbus +nodvd +nogroups +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp + +private-dev + +read-write ${HOME}/.vim +read-only ${HOME}/.config -- cgit v1.2.3-54-g00ecf From 511bf48ab13d871307a1b1849a933af99d1f0fb4 Mon Sep 17 00:00:00 2001 From: user <76937231+Tus1688@users.noreply.github.com> Date: Mon, 10 Jan 2022 15:19:32 +0700 Subject: fix: neovim profile --- etc/profile-m-z/nvim.profile | 75 ++++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 34 deletions(-) diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index b121b4417..ef08c4397 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile @@ -1,39 +1,46 @@ -# Firejail profile for neovim +# Firejail profile for neovim # Description: Nvim is open source and freely distributable -# This file is overwritten after every install/update -# Persistent local customizations -include nvim.local -# Persistent global definitions -include globals.local +# Persistent local customizations +include nvim.local +# Persistent global definitions +include globals.local -noblacklist ${HOME}/.vim - -include disable-common.inc -include disable-programs.inc -include disable-devel.inc -include disable-passwdmgr.inc -include disable-xdg.inc -include disable-write-mnt.inc -include whitelist-runuser-common.inc +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.cache/nvim +noblacklist ${HOME}/.local/share/nvim + +include disable-common.inc +include disable-devel.inc +include disable-programs.inc +include disable-xdg.inc + +blacklist ${RUNUSER}/wayland-* +blacklist ${RUNUSER} + +include whitelist-runuser-common.inc + +ipc-namespace +machine-id +net none +netfilter +no3d +dbus-user none +dbus-system none +nodvd +nogroups +noinput +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp.block-secondary +shell none +tracelog +x11 none + +private-dev -# Allows files commonly used by IDEs -include allow-common-devel.inc - -caps.drop all -netfilter -nodbus -nodvd -nogroups -noinput -nonewprivs -noroot -notv -nou2f -novideo -protocol unix,inet,inet6 -seccomp - -private-dev - read-write ${HOME}/.vim read-only ${HOME}/.config -- cgit v1.2.3-54-g00ecf From ec966d4c00b157f62e6f96b560f788bc09b3d0d6 Mon Sep 17 00:00:00 2001 From: user <76937231+Tus1688@users.noreply.github.com> Date: Mon, 10 Jan 2022 15:58:28 +0700 Subject: fix: neovim profile --- etc/inc/disable-programs.inc | 2 ++ etc/profile-m-z/nvim.profile | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index ca8820ab6..112207228 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -173,6 +173,7 @@ blacklist ${HOME}/.cache/mutt blacklist ${HOME}/.cache/mypaint blacklist ${HOME}/.cache/netsurf blacklist ${HOME}/.cache/nheko +blacklist ${HOME}/.cache/nvim blacklist ${HOME}/.cache/okular blacklist ${HOME}/.cache/opera blacklist ${HOME}/.cache/opera-beta @@ -939,6 +940,7 @@ blacklist ${HOME}/.local/share/newsboat blacklist ${HOME}/.local/share/nheko blacklist ${HOME}/.local/share/nomacs blacklist ${HOME}/.local/share/notes +blacklist ${HOME}/.local/share/nvim blacklist ${HOME}/.local/share/ocenaudio blacklist ${HOME}/.local/share/okular blacklist ${HOME}/.local/share/onlyoffice diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index ef08c4397..2f69bc377 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile @@ -1,5 +1,6 @@ # Firejail profile for neovim # Description: Nvim is open source and freely distributable +# This file is overwritten after every install/update # Persistent local customizations include nvim.local # Persistent global definitions @@ -14,7 +15,6 @@ include disable-devel.inc include disable-programs.inc include disable-xdg.inc -blacklist ${RUNUSER}/wayland-* blacklist ${RUNUSER} include whitelist-runuser-common.inc @@ -22,10 +22,7 @@ include whitelist-runuser-common.inc ipc-namespace machine-id net none -netfilter no3d -dbus-user none -dbus-system none nodvd nogroups noinput @@ -35,6 +32,7 @@ notv nou2f novideo protocol unix,inet,inet6 +seccomp seccomp.block-secondary shell none tracelog @@ -42,5 +40,8 @@ x11 none private-dev +dbus-user none +dbus-system none + read-write ${HOME}/.vim read-only ${HOME}/.config -- cgit v1.2.3-54-g00ecf From 6b480e581d8be17c4ad74e635f00a9165f71b69f Mon Sep 17 00:00:00 2001 From: user <76937231+Tus1688@users.noreply.github.com> Date: Tue, 11 Jan 2022 10:35:32 +0700 Subject: fix: neovim profile --- etc/inc/disable-common.inc | 3 +++ etc/inc/disable-programs.inc | 1 + etc/profile-m-z/nvim.profile | 7 ++++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index b1ec25987..625364cf6 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -18,6 +18,7 @@ blacklist-nolog ${HOME}/.kde4/share/apps/klipper blacklist-nolog ${HOME}/.local/share/fish/fish_history blacklist-nolog ${HOME}/.local/share/ibus-typing-booster blacklist-nolog ${HOME}/.local/share/klipper +blacklist-nolog ${HOME}/.local/share/nvim blacklist-nolog ${HOME}/.macromedia blacklist-nolog ${HOME}/.mupdf.history blacklist-nolog ${HOME}/.python-history @@ -323,6 +324,7 @@ read-only ${HOME}/.ssh/config.d # Initialization files that allow arbitrary command execution read-only ${HOME}/.caffrc read-only ${HOME}/.cargo/env +read-only ${HOME}/.config/nvim read-only ${HOME}/.dotfiles read-only ${HOME}/.emacs read-only ${HOME}/.emacs.d @@ -332,6 +334,7 @@ read-only ${HOME}/.homesick read-only ${HOME}/.iscreenrc read-only ${HOME}/.local/lib read-only ${HOME}/.local/share/cool-retro-term +read-only ${HOME}/.local/share/nvim read-only ${HOME}/.mailcap read-only ${HOME}/.msmtprc read-only ${HOME}/.mutt/muttrc diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 112207228..ded5e4b46 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -536,6 +536,7 @@ blacklist ${HOME}/.config/newsflash blacklist ${HOME}/.config/nheko blacklist ${HOME}/.config/nomacs blacklist ${HOME}/.config/nuclear +blacklist ${HOME}/.config/nvim blacklist ${HOME}/.config/obs-studio blacklist ${HOME}/.config/okularpartrc blacklist ${HOME}/.config/okularrc diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index 2f69bc377..27a0aec28 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile @@ -7,7 +7,9 @@ include nvim.local include globals.local noblacklist ${HOME}/.vim +noblacklist ${HOME}/.vimrc noblacklist ${HOME}/.cache/nvim +noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.local/share/nvim include disable-common.inc @@ -43,5 +45,8 @@ private-dev dbus-user none dbus-system none -read-write ${HOME}/.vim read-only ${HOME}/.config +read-write ${HOME}/.config/nvim +read-write ${HOME}/.local/share/nvim +read-write ${HOME}/.vim +read-write ${HOME}/.vimrc -- cgit v1.2.3-54-g00ecf