From 8636d326649c7be838048d0b89fda32db74092b4 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 16 Mar 2024 20:26:12 +0000 Subject: New profile: dexios.profile (#6234) Description: CLI encryption tool https://github.com/brxken128/dexios https://aur.archlinux.org/packages/dexios-bin --- etc/profile-a-l/dexios.profile | 63 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 etc/profile-a-l/dexios.profile (limited to 'etc/profile-a-l') diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile new file mode 100644 index 000000000..4dfccd685 --- /dev/null +++ b/etc/profile-a-l/dexios.profile @@ -0,0 +1,63 @@ +# Firejail profile for dexios +# Description: CLI encryption tool +quiet +# This file is overwritten after every install/update +# Persistent local customizations +include dexios.local +# Persistent global definitions +include globals.local + +blacklist /tmp/.X11-unix +blacklist /usr/libexec +blacklist ${RUNUSER} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +whitelist ${DOWNLOADS} +include whitelist-run-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notv +nou2f +novideo +seccomp.drop socket +seccomp.block-secondary +tracelog +x11 none + +disable-mnt +private-bin dexios +private-cache +private-dev +private-etc +private-lib +private-tmp + +dbus-user none +dbus-system none + +memory-deny-write-execute +read-only ${HOME} +read-write ${DOWNLOADS} +restrict-namespaces -- cgit v1.2.3-54-g00ecf