From 397b4e86f3e1581f8910efb0639c515d3420a21c Mon Sep 17 00:00:00 2001 From: valoq Date: Sat, 29 Oct 2016 17:22:51 +0200 Subject: added profile for display - imagemagick --- etc/display.profile | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 etc/display.profile diff --git a/etc/display.profile b/etc/display.profile new file mode 100644 index 000000000..ec041bff7 --- /dev/null +++ b/etc/display.profile @@ -0,0 +1,23 @@ +# display (ImageMagick tool) image viewer profile +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +seccomp +protocol unix +netfilter +net none +nonewprivs +noroot +nogroups +nosound +shell none +x11 xorg + +private-bin display +private-tmp +private-dev +private-etc none + -- cgit v1.2.3-54-g00ecf From 9fd22cec3ba42475c773b792105f70f4bf783d39 Mon Sep 17 00:00:00 2001 From: valoq Date: Sat, 29 Oct 2016 19:10:06 +0200 Subject: added profile for wire --- etc/Wire.profile | 22 ++++++++++++++++++++++ etc/disable-programs.inc | 1 + 2 files changed, 23 insertions(+) create mode 100644 etc/Wire.profile diff --git a/etc/Wire.profile b/etc/Wire.profile new file mode 100644 index 000000000..b488d75e4 --- /dev/null +++ b/etc/Wire.profile @@ -0,0 +1,22 @@ +# wire messenger profile + +noblacklist ~/.config/Wire + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +nogroups +noroot +protocol unix,inet,inet6,netlink +seccomp +shell none + +private-tmp +private-dev + +# please note: the wire binary is currently identified with a capital W. This might change in future versions diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6e22fe04d..0d9bd1bb4 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -106,6 +106,7 @@ blacklist ${HOME}/.config/Slack blacklist ${HOME}/.cache/gajim blacklist ${HOME}/.local/share/gajim blacklist ${HOME}/.config/gajim +blacklist ${HOME}/.config/Wire # Games blacklist ${HOME}/.hedgewars -- cgit v1.2.3-54-g00ecf