From fa28d0ec87146a718219bbd7addf6a6994c6bf37 Mon Sep 17 00:00:00 2001 From: kortewegdevries Date: Wed, 2 Sep 2020 10:40:51 +0000 Subject: Various profiles # 2 (#3566) * Matrix clients Initial * Add profile for fractal, # 1139 * Fixes --- etc/profile-m-z/mirage.profile | 59 ++++++++++++++++++++++++++++++++++++++ etc/profile-m-z/quaternion.profile | 54 ++++++++++++++++++++++++++++++++++ etc/profile-m-z/spectral.profile | 53 ++++++++++++++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100644 etc/profile-m-z/mirage.profile create mode 100644 etc/profile-m-z/quaternion.profile create mode 100644 etc/profile-m-z/spectral.profile (limited to 'etc/profile-m-z') diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile new file mode 100644 index 000000000..4a5f12aec --- /dev/null +++ b/etc/profile-m-z/mirage.profile @@ -0,0 +1,59 @@ +# Firejail profile for mirage +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include mirage.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/mirage +noblacklist ${HOME}/.config/mirage +noblacklist ${HOME}/.local/share/mirage + +include allow-python2.inc +include allow-python3.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/mirage +mkdir ${HOME}/.config/mirage +mkdir ${HOME}/.local/share/mirage +whitelist ${HOME}/.cache/mirage +whitelist ${HOME}/.config/mirage +whitelist ${HOME}/.local/share/mirage +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin mirage +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile new file mode 100644 index 000000000..2133c74d3 --- /dev/null +++ b/etc/profile-m-z/quaternion.profile @@ -0,0 +1,54 @@ +# Firejail profile for quaternion +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include quaternion.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/Quotient/quaternion +noblacklist ${HOME}/.config/Quotient + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/Quotient/quaternion +mkdir ${HOME}/.config/Quotient +whitelist ${HOME}/.cache/Quotient/quaternion +whitelist ${HOME}/.config/Quotient +whitelist ${DOWNLOADS} +whitelist /usr/share/Quotient/quaternion +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin quaternion +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile new file mode 100644 index 000000000..d7f94e144 --- /dev/null +++ b/etc/profile-m-z/spectral.profile @@ -0,0 +1,53 @@ +# Firejail profile for spectral +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include spectral.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/ENCOM/Spectral +noblacklist ${HOME}/.config/ENCOM + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/ENCOM/Spectral +mkdir ${HOME}/.config/ENCOM +whitelist ${HOME}/.cache/ENCOM/Spectral +whitelist ${HOME}/.config/ENCOM +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +disable-mnt +private-cache +private-bin spectral +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none -- cgit v1.2.3-54-g00ecf