From 109b1865669ac1038454023762fb83cd0ebf6cca Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Sun, 2 Jun 2019 21:01:08 +0200 Subject: many profile cleanups (3) --- etc/cower.profile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'etc/cower.profile') diff --git a/etc/cower.profile b/etc/cower.profile index bc1eeedc0..69575cea4 100644 --- a/etc/cower.profile +++ b/etc/cower.profile @@ -1,20 +1,13 @@ # Firejail profile for cower +# Description: a simple AUR agent with a pretentious name # This file is overwritten after every install/update - -# This profile could be significantly strengthened by adding the following to cower.local -# whitelist ${HOME}/ -# whitelist ${HOME}/.config/cower/ - quiet - # Persistent local customizations include cower.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.config/cower/config -read-only ${HOME}/.config/cower/config - +noblacklist ${HOME}/.config/cower noblacklist /var/lib/pacman include disable-common.inc @@ -23,6 +16,11 @@ include disable-exec.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc +include disable-xdg.inc + +# This profile could be significantly strengthened by adding the following to cower.local +# whitelist ${HOME}/ +# whitelist ${HOME}/.config/cower caps.drop all ipc-namespace @@ -42,7 +40,9 @@ shell none disable-mnt private-bin cower +private-cache private-dev private-tmp memory-deny-write-execute +read-only ${HOME}/.config/cower/config -- cgit v1.2.3-70-g09d2