From 11edb11c0d1620f753d43b1676077793a169b2d1 Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Wed, 17 Apr 2019 07:00:13 +0000 Subject: Profiles for gramps, newsboat and freeoffice (#2652) * Update firecfg.config * Create gramps.profile * Update disable-programs.inc * Create newsboat.profile * Update disable-programs.inc * Update firecfg.config * Create freeoffice-planmaker * Create freeoffice-textmaker * Create freeoffice-presentations * Update disable-programs.inc * Update firecfg.config * Update newsboat.profile * Update newsboat.profile * Update gramps.profile * Update freeoffice-textmaker * Update freeoffice-planmaker * Update freeoffice-presentations * Update freeoffice-planmaker * Update freeoffice-presentations * Update freeoffice-textmaker * Rename freeoffice-planmaker to freeoffice-planmaker.profile * Rename freeoffice-presentations to freeoffice-presentations.profile * Rename freeoffice-textmaker to freeoffice-textmaker.profile * Update gramps.profile * Update freeoffice-planmaker.profile * Update freeoffice-presentations.profile * Update freeoffice-textmaker.profile * Update freeoffice-textmaker.profile * Update freeoffice-presentations.profile * Update newsboat.profile * Update gramps.profile * Update freeoffice-planmaker.profile * Update freeoffice-presentations.profile * Update freeoffice-textmaker.profile --- etc/newsboat.profile | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 etc/newsboat.profile (limited to 'etc/newsboat.profile') diff --git a/etc/newsboat.profile b/etc/newsboat.profile new file mode 100644 index 000000000..0fed5bd06 --- /dev/null +++ b/etc/newsboat.profile @@ -0,0 +1,48 @@ +# Firejail profile for Newsboat +# Description: RSS program +# This file is overwritten after every install/update +# Persistent local customizations +include newsboat.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.newsboat + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.newsboat +whitelist ${HOME}/.newsboat +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +netfilter +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol inet,inet6 +seccomp +shell none + +disable-mnt +private-bin newsboat +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,terminfo +private-tmp + +memory-deny-write-execute + -- cgit v1.2.3-70-g09d2