From 11edb11c0d1620f753d43b1676077793a169b2d1 Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Wed, 17 Apr 2019 07:00:13 +0000 Subject: Profiles for gramps, newsboat and freeoffice (#2652) * Update firecfg.config * Create gramps.profile * Update disable-programs.inc * Create newsboat.profile * Update disable-programs.inc * Update firecfg.config * Create freeoffice-planmaker * Create freeoffice-textmaker * Create freeoffice-presentations * Update disable-programs.inc * Update firecfg.config * Update newsboat.profile * Update newsboat.profile * Update gramps.profile * Update freeoffice-textmaker * Update freeoffice-planmaker * Update freeoffice-presentations * Update freeoffice-planmaker * Update freeoffice-presentations * Update freeoffice-textmaker * Rename freeoffice-planmaker to freeoffice-planmaker.profile * Rename freeoffice-presentations to freeoffice-presentations.profile * Rename freeoffice-textmaker to freeoffice-textmaker.profile * Update gramps.profile * Update freeoffice-planmaker.profile * Update freeoffice-presentations.profile * Update freeoffice-textmaker.profile * Update freeoffice-textmaker.profile * Update freeoffice-presentations.profile * Update newsboat.profile * Update gramps.profile * Update freeoffice-planmaker.profile * Update freeoffice-presentations.profile * Update freeoffice-textmaker.profile --- etc/newsboat.profile | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 etc/newsboat.profile (limited to 'etc/newsboat.profile') diff --git a/etc/newsboat.profile b/etc/newsboat.profile new file mode 100644 index 000000000..0fed5bd06 --- /dev/null +++ b/etc/newsboat.profile @@ -0,0 +1,48 @@ +# Firejail profile for Newsboat +# Description: RSS program +# This file is overwritten after every install/update +# Persistent local customizations +include newsboat.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.newsboat + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.newsboat +whitelist ${HOME}/.newsboat +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +netfilter +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol inet,inet6 +seccomp +shell none + +disable-mnt +private-bin newsboat +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,terminfo +private-tmp + +memory-deny-write-execute + -- cgit v1.2.3-70-g09d2 From a0b8f809c8b6fdcd95df0c61457fa8631ffab85f Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Wed, 17 Apr 2019 09:04:55 +0200 Subject: remove blank lines at end of file --- etc/freeoffice-planmaker.profile | 2 -- etc/freeoffice-presentations.profile | 2 -- etc/freeoffice-textmaker.profile | 2 -- etc/gramps.profile | 2 -- etc/newsboat.profile | 1 - 5 files changed, 9 deletions(-) (limited to 'etc/newsboat.profile') diff --git a/etc/freeoffice-planmaker.profile b/etc/freeoffice-planmaker.profile index e00acb278..c69c5cf55 100644 --- a/etc/freeoffice-planmaker.profile +++ b/etc/freeoffice-planmaker.profile @@ -36,5 +36,3 @@ tracelog private-cache private-dev private-tmp - - diff --git a/etc/freeoffice-presentations.profile b/etc/freeoffice-presentations.profile index c71418cce..f8004c4f4 100644 --- a/etc/freeoffice-presentations.profile +++ b/etc/freeoffice-presentations.profile @@ -36,5 +36,3 @@ tracelog private-cache private-dev private-tmp - - diff --git a/etc/freeoffice-textmaker.profile b/etc/freeoffice-textmaker.profile index 0965cc70e..144a29900 100644 --- a/etc/freeoffice-textmaker.profile +++ b/etc/freeoffice-textmaker.profile @@ -36,5 +36,3 @@ tracelog private-cache private-dev private-tmp - - diff --git a/etc/gramps.profile b/etc/gramps.profile index 46337d269..764c14b60 100644 --- a/etc/gramps.profile +++ b/etc/gramps.profile @@ -51,5 +51,3 @@ disable-mnt private-cache private-dev private-tmp - - diff --git a/etc/newsboat.profile b/etc/newsboat.profile index 0fed5bd06..e063abe53 100644 --- a/etc/newsboat.profile +++ b/etc/newsboat.profile @@ -45,4 +45,3 @@ private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,ter private-tmp memory-deny-write-execute - -- cgit v1.2.3-70-g09d2