From 538a4c027f184018d7d5b44921900e31f6f1e20b Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Sun, 16 May 2021 20:23:21 +0200 Subject: Add cargo.profile --- etc/profile-a-l/cargo.profile | 80 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 etc/profile-a-l/cargo.profile diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile new file mode 100644 index 000000000..2e00061d9 --- /dev/null +++ b/etc/profile-a-l/cargo.profile @@ -0,0 +1,80 @@ +# Firejail profile for cargo +# Description: The Rust package manager +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include cargo.local +# Persistent global definitions +include globals.local + +ignore noexec ${HOME} +ignore noexec /tmp + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER} + +noblacklist ${HOME}/.cargo/credentials +noblacklist ${HOME}/.cargo/credentials.toml + +# Allows files commonly used by IDEs +include allow-common-devel.inc + +# Allow lua (blacklisted by disable-interpreters.inc) +#include allow-lua.inc + +# Allow perl (blacklisted by disable-interpreters.inc) +#include allow-perl.inc + +# Allow python (blacklisted by disable-interpreters.inc) +#include allow-python2.inc +#include allow-python3.inc + +# Allow ssh (blacklisted by disable-common.inc) +#include allow-ssh.inc + +include disable-common.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +#mkdir ${HOME}/.cargo +#whitelist ${HOME}/YOUR_CARGO_PROJECTS +#whitelist ${HOME}/.cargo +#whitelist ${HOME}/.rustup +#include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +#private-bin cargo,rustc +private-cache +private-dev +private-tmp + +dbus-user none +dbus-system none + +read-write ${HOME}/.cargo/bin -- cgit v1.2.3-54-g00ecf