From 4a1d906e89c0d0f8ebe6dce16b8b7c05f2c6084f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 20 Jan 2017 09:20:11 -0500 Subject: profile merges --- README.md | 2 +- etc/disable-common.inc | 5 +---- etc/vlc.profile | 2 +- etc/xmms.profile | 11 +++++++++++ platform/debian/conffiles | 2 +- 5 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 etc/xmms.profile diff --git a/README.md b/README.md index 2e029bb0b..dcc9d8ca4 100644 --- a/README.md +++ b/README.md @@ -98,5 +98,5 @@ gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome- goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, -PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser +PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 6a3586e81..de8a9bfe7 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -75,12 +75,9 @@ blacklist /etc/profile.d blacklist /etc/rc.local blacklist /etc/anacrontab -# General startup files +# Startup files read-only ${HOME}/.xinitrc read-only ${HOME}/.xserverrc -read-only ${HOME}/.profile - -# Shell startup files read-only ${HOME}/.antigen read-only ${HOME}/.bash_login read-only ${HOME}/.bashrc diff --git a/etc/vlc.profile b/etc/vlc.profile index 2fd763f25..df9fcab03 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -8,7 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter -nogroups +# nogroups nonewprivs noroot protocol unix,inet,inet6,netlink diff --git a/etc/xmms.profile b/etc/xmms.profile new file mode 100644 index 000000000..4a482f49e --- /dev/null +++ b/etc/xmms.profile @@ -0,0 +1,11 @@ +# xmms media player profile +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 6b07f72f8..61e72583e 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -243,4 +243,4 @@ /etc/firejail/FossaMail.profile /etc/firejail/fossamail.profile /etc/firejail/uzbl-browser.profile - +/etc/firejail/xmms.profile -- cgit v1.2.3-54-g00ecf