From 7e20af49b10d716154b21d5b19abf3a312a31c7e Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Tue, 25 Oct 2016 12:23:23 -0500 Subject: Added gpredict, TBB, and xiphos --- etc/gpredict.profile | 8 ++++---- etc/start-tor-browser.profile | 20 ++++++++++++++++++++ etc/xiphos.profile | 30 ++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 etc/start-tor-browser.profile create mode 100644 etc/xiphos.profile diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 0cc6c416b..f62bf11aa 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -6,20 +6,20 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc # Whitelist -mkdir ~/.config/Gpredict whitelist ~/.config/Gpredict caps.drop all netfilter -nogroups nonewprivs +nogroups noroot nosound protocol unix,inet,inet6 seccomp -shell none +#shell none tracelog -private-bin gpredict +#private-bin gpredict +private-etc fonts,resolv.conf private-dev private-tmp diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile new file mode 100644 index 000000000..ee19cee25 --- /dev/null +++ b/etc/start-tor-browser.profile @@ -0,0 +1,20 @@ +# Firejail profile for the Tor Brower Bundle +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-bin bash,grep,sed,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf +private-etc fonts +private-dev +private-tmp diff --git a/etc/xiphos.profile b/etc/xiphos.profile new file mode 100644 index 000000000..b7fb6ecf3 --- /dev/null +++ b/etc/xiphos.profile @@ -0,0 +1,30 @@ +# Firejail profile for xiphos +noblacklist ~/.sword +noblacklist ~/.xiphos + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +blacklist ~/.bashrc +blacklist ~/.Xauthority + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +nosound +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-bin xiphos +private-etc fonts,resolv.conf,sword +private-dev +private-tmp + +whitelist ${HOME}/.sword +whitelist ${HOME}/.xiphos -- cgit v1.2.3-70-g09d2