From f6502ebf237a54a9914c80f386f321772f0e8063 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sat, 3 Mar 2018 23:24:50 -0600 Subject: Add VS Code profile - see request in #1139 --- README.md | 2 +- RELNOTES | 2 +- etc/code.profile | 36 ++++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 2 ++ src/firecfg/firecfg.config | 1 + 5 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 etc/code.profile diff --git a/README.md b/README.md index 2fe11be06..fe3a4f1f5 100644 --- a/README.md +++ b/README.md @@ -244,4 +244,4 @@ firefox-common-addons.inc in firefox-common.profile. Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary, pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain, -tilp, vivaldi-snapshot, bitcoin-qt +tilp, vivaldi-snapshot, bitcoin-qt, VS Code diff --git a/RELNOTES b/RELNOTES index 3868da924..b05d88e2d 100644 --- a/RELNOTES +++ b/RELNOTES @@ -25,7 +25,7 @@ firejail (0.9.53) baseline; urgency=low * private-tmp support for overlay and chroot sandboxes * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, - * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, + * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code -- netblue30 Thu, 1 Mar 2018 08:00:00 -0500 firejail (0.9.52) baseline; urgency=low diff --git a/etc/code.profile b/etc/code.profile new file mode 100644 index 000000000..af7d379ed --- /dev/null +++ b/etc/code.profile @@ -0,0 +1,36 @@ +# Firejail profile for Visual Studio Code +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/code.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${HOME}/.vscode +noblacklist ${HOME}/.config/Code + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +caps.drop all +net none +netfilter +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol unix,inet,inet6,netlink +seccomp +shell none + +private-dev +private-tmp + +# Disabling noexec ${HOME} for now since it will +# probably interfere with running some programmes +# in VS Code +# noexec ${HOME} +noexec /tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index b20500734..ac6f3fe1f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -40,6 +40,7 @@ blacklist ${HOME}/.config/Atom blacklist ${HOME}/.config/Audaciousrc blacklist ${HOME}/.config/Brackets blacklist ${HOME}/.config/Clementine +blacklist ${HOME}/.config/Code blacklist ${HOME}/.config/Cryptocat blacklist ${HOME}/.config/Franz blacklist ${HOME}/.config/FreeCAD @@ -460,6 +461,7 @@ blacklist ${HOME}/.tuxguitar* blacklist ${HOME}/.unknown-horizons blacklist ${HOME}/.viking blacklist ${HOME}/.viking-maps +blacklist ${HOME}/.vscode blacklist ${HOME}/.vst blacklist ${HOME}/.w3m blacklist ${HOME}/.warzone2100-3.* diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 82da8e32b..8d5f2066f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -72,6 +72,7 @@ clementine clipit cliqz cmus +code conkeror conky corebird -- cgit v1.2.3-54-g00ecf