From f32b5d95996d661632edc6ce8d377276ae32db7c Mon Sep 17 00:00:00 2001 From: pirate486743186 Date: Fri, 4 Jun 2021 22:24:09 +0200 Subject: creating googler and ddgr profiles (#4333) * Create googler-common.profile * Create googler.profile * Create ddgr.profile * Update firecfg.config * sort fix * space * space * tightening * comment * fix comment * fix private-etc and ${DOWNLOADS} * fix sort * redundant ${DOWNLOADS} --- etc/profile-a-l/ddgr.profile | 13 ++++++++ etc/profile-a-l/googler-common.profile | 61 ++++++++++++++++++++++++++++++++++ etc/profile-a-l/googler.profile | 13 ++++++++ src/firecfg/firecfg.config | 2 ++ 4 files changed, 89 insertions(+) create mode 100644 etc/profile-a-l/ddgr.profile create mode 100644 etc/profile-a-l/googler-common.profile create mode 100644 etc/profile-a-l/googler.profile diff --git a/etc/profile-a-l/ddgr.profile b/etc/profile-a-l/ddgr.profile new file mode 100644 index 000000000..b1d41ddf7 --- /dev/null +++ b/etc/profile-a-l/ddgr.profile @@ -0,0 +1,13 @@ +# Firejail profile for ddgr +# Description: Search DuckDuckGo from your terminal +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include ddgr.local +# Persistent global definitions +include globals.local + +private-bin ddgr + +# Redirect +include googler-common.profile diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile new file mode 100644 index 000000000..26ff4c617 --- /dev/null +++ b/etc/profile-a-l/googler-common.profile @@ -0,0 +1,61 @@ +# Firejail profile for googler clones +# Description: common profile for googler clones +# This file is overwritten after every install/update +# Persistent local customizations +include googler-common.local +# Persistent global definitions +# added by caller profile +#include globals.local + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER} + +noblacklist ${HOME}/.w3m + +# Allow /bin/sh (blacklisted by disable-shell.inc) +include allow-bin-sh.inc +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python3.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +whitelist ${HOME}/.w3m +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin env,python3*,sh,w3m +private-cache +private-dev +private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-a-l/googler.profile b/etc/profile-a-l/googler.profile new file mode 100644 index 000000000..9d67006f6 --- /dev/null +++ b/etc/profile-a-l/googler.profile @@ -0,0 +1,13 @@ +# Firejail profile for googler +# Description: Search Google from your terminal +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include googler.local +# Persistent global definitions +include globals.local + +private-bin googler + +# Redirect +include googler-common.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 245e6a4a0..61ca2c74e 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -167,6 +167,7 @@ cvlc cyberfox darktable dconf-editor +ddgr ddgtk deadbeef deluge @@ -350,6 +351,7 @@ google-chrome-unstable google-earth google-earth-pro google-play-music-desktop-player +googler gpa gpicview gpredict -- cgit v1.2.3-54-g00ecf