From beb9638e2fc9d07f26671ff010cee1ed93ff8a9e Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 22 Jan 2019 00:09:08 +0000 Subject: Refactor github-desktop.profile --- etc/desktop.profile | 44 ------------------------------------- etc/github-desktop.profile | 54 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 44 deletions(-) delete mode 100644 etc/desktop.profile create mode 100644 etc/github-desktop.profile diff --git a/etc/desktop.profile b/etc/desktop.profile deleted file mode 100644 index bfb1618b2..000000000 --- a/etc/desktop.profile +++ /dev/null @@ -1,44 +0,0 @@ -# Firejail profile for desktop -# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop -# This file is overwritten after every install/update -# Persistent local customizations -include github-desktop.local -# Persistent global definitions -include globals.local - -whitelist ${HOME}/.gitconfig -whitelist ${HOME}/.config/GitHub Desktop - -include disable-common.inc -include disable-passwdmgr.inc -include disable-programs.inc -include disable-devel.inc -include disable-interpreters.inc - -include whitelist-common.inc - -caps.drop all -netfilter -# no3d -nodvd -nogroups -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix,inet,inet6,netlink -seccomp - -disable-mnt -# private-bin Atom,desktop -# private-cache -# private-dev -# private-etc none -# private-lib -# private-tmp - -# memory-deny-write-execute -# noexec ${HOME} -# noexec /tmp diff --git a/etc/github-desktop.profile b/etc/github-desktop.profile new file mode 100644 index 000000000..d7c894ac5 --- /dev/null +++ b/etc/github-desktop.profile @@ -0,0 +1,54 @@ +# Firejail profile for github-desktop +# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop +# This file is overwritten after every install/update +# Persistent local customizations +include github-desktop.local +# Persistent global definitions +include globals.local + +# Note: add noblacklist/whitelist entrees below for any +# location where you keep local repository clones. + +noblacklist ${HOME}/.gitconfig +whitelist ${HOME}/.gitconfig +noblacklist ${HOME}/.config/GitHub Desktop +whitelist ${HOME}/.config/GitHub Desktop + +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-devel.inc +include disable-interpreters.inc + +include whitelist-common.inc + +caps.drop all +netfilter +# no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6,netlink +seccomp + +# Note: On debian-based distributions the binary might be located in +# /opt/GitHub Desktop/github-desktop, and therefore not be in PATH. +# If that's the case you can start GitHub Desktop with firejail via +# `firejail "/opt/GitHub Desktop/github-desktop"`. + +disable-mnt +# private-bin github-desktop +private-cache +private-dev +# private-etc none +# private-lib +private-tmp + +# memory-deny-write-execute +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf