From b0b62e28dc9e14b8d693c8d24bc2722e6a8e56ef Mon Sep 17 00:00:00 2001 From: Jean Lucas Date: Wed, 31 Jul 2019 03:23:02 -0400 Subject: Add Zulip profile --- etc/zulip.profile | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 etc/zulip.profile diff --git a/etc/zulip.profile b/etc/zulip.profile new file mode 100644 index 000000000..d3f9a2240 --- /dev/null +++ b/etc/zulip.profile @@ -0,0 +1,46 @@ +# Firejail profile for zulip +# Description: Real-time team chat based on the email threading model +# This file is overwritten after every install/update +# Persistent local customizations +include zulip.local +# Persistent global definitions +include globals.local + +ignore noexec /tmp + +noblacklist ${HOME}/.config/Zulip + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +mkdir ${HOME}/.config/Zulip +whitelist ${HOME}/.config/Zulip +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none + +disable-mnt +private-bin locale,zulip +private-cache +private-dev +private-etc asound.conf,fonts,machine-id +private-tmp -- cgit v1.2.3-70-g09d2 From f47d86cb8f010a82ef9d799adbe2e612a353f148 Mon Sep 17 00:00:00 2001 From: Jean Lucas Date: Wed, 31 Jul 2019 14:15:36 -0400 Subject: Corrections - Add Zulip config dir to disable-programs.inc - Add disable-xdg.inc to Zulip profile - Add Zulip to firecfg.config --- etc/disable-programs.inc | 1 + etc/zulip.profile | 1 + src/firecfg/firecfg.config | 1 + 3 files changed, 3 insertions(+) diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index cc6877693..9b66702fc 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -322,6 +322,7 @@ blacklist ${HOME}/.config/yelp blacklist ${HOME}/.config/youtube-dl blacklist ${HOME}/.config/zathura blacklist ${HOME}/.config/zoomus.conf +blacklist ${HOME}/.config/Zulip blacklist ${HOME}/.conkeror.mozdev.org blacklist ${HOME}/.crawl blacklist ${HOME}/.curlrc diff --git a/etc/zulip.profile b/etc/zulip.profile index d3f9a2240..999c2f77a 100644 --- a/etc/zulip.profile +++ b/etc/zulip.profile @@ -16,6 +16,7 @@ include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.config/Zulip whitelist ${HOME}/.config/Zulip diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 9645215ef..daf7a5621 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -679,3 +679,4 @@ zathura zeal zoom zpaq +zulip -- cgit v1.2.3-70-g09d2