From e8e54df67cc8df996bf87b9d98b7f3e202e68b50 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 27 Dec 2017 11:46:43 -0500 Subject: adding basilisk profile - #1693 --- etc/basilisk.profile | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 etc/basilisk.profile (limited to 'etc/basilisk.profile') diff --git a/etc/basilisk.profile b/etc/basilisk.profile new file mode 100644 index 000000000..a87391942 --- /dev/null +++ b/etc/basilisk.profile @@ -0,0 +1,60 @@ +# Firejail profile for basilisk +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/basilisk.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${HOME}/.cache/moonchild productions/basilisk +noblacklist ${HOME}/.moonchild productions/basilisk + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-programs.inc + +# These are uncommented in the Firefox profile. If you run into trouble you may +# want to uncomment (some of) them. +#whitelist ${HOME}/dwhelper +#whitelist ${HOME}/.zotero +#whitelist ${HOME}/.vimperatorrc +#whitelist ${HOME}/.vimperator +#whitelist ${HOME}/.pentadactylrc +#whitelist ${HOME}/.pentadactyl +#whitelist ${HOME}/.keysnail.js +#whitelist ${HOME}/.config/gnome-mplayer +#whitelist ${HOME}/.cache/gnome-mplayer/plugin +#whitelist ${HOME}/.pki +#whitelist ${HOME}/.lastpass + +# For silverlight +#whitelist ${HOME}/.wine-pipelight +#whitelist ${HOME}/.wine-pipelight64 +#whitelist ${HOME}/.config/pipelight-widevine +#whitelist ${HOME}/.config/pipelight-silverlight5.1 + +mkdir ${HOME}/.cache/moonchild productions/basilisk +mkdir ${HOME}/.moonchild productions +whitelist ${DOWNLOADS} +whitelist ${HOME}/.cache/moonchild productions/basilisk +whitelist ${HOME}/.moonchild productions +include /etc/firejail/whitelist-common.inc + +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +# private-bin basilisk +# private-dev (disabled for now as it will interfere with webcam use in basilisk) +# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse +# private-opt basilisk +private-tmp + +disable-mnt -- cgit v1.2.3-54-g00ecf