From 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 7 Aug 2017 01:22:08 -0400 Subject: Unify all profiles --- etc/quiterss.profile | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'etc/quiterss.profile') diff --git a/etc/quiterss.profile b/etc/quiterss.profile index aa17693cd..934763a25 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -1,9 +1,9 @@ -# Persistent global definitions go here -include /etc/firejail/globals.local - -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. +# Firejail profile for quiterss +# This file is overwritten after every install/update +# Persistent local customizations include /etc/firejail/quiterss.local +# Persistent global definitions +include /etc/firejail/globals.local noblacklist ${HOME}/.cache/QuiteRss noblacklist ${HOME}/.config/QuiteRss @@ -11,19 +11,20 @@ noblacklist ${HOME}/.config/QuiteRssrc noblacklist ${HOME}/.local/share/QuiteRss include /etc/firejail/disable-common.inc -include /etc/firejail/disable-programs.inc -include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc -whitelist ${HOME}/quiterssfeeds.opml +mkdir ~/.cache/QuiteRss mkdir ~/.config/QuiteRss -whitelist ${HOME}/.config/QuiteRss/ -whitelist ${HOME}/.config/QuiteRssrc mkdir ~/.local/share/data mkdir ~/.local/share/data/QuiteRss -whitelist ${HOME}/.local/share/data/QuiteRss -mkdir ~/.cache/QuiteRss whitelist ${HOME}/.cache/QuiteRss +whitelist ${HOME}/.config/QuiteRss/ +whitelist ${HOME}/.config/QuiteRssrc +whitelist ${HOME}/.local/share/data/QuiteRss +whitelist ${HOME}/quiterssfeeds.opml +include /etc/firejail/whitelist-common.inc caps.drop all netfilter @@ -36,12 +37,10 @@ seccomp shell none tracelog +disable-mnt private-bin quiterss private-dev -#private-etc X11,ssl -disable-mnt - -include /etc/firejail/whitelist-common.inc +# private-etc X11,ssl noexec ${HOME} noexec /tmp -- cgit v1.2.3-70-g09d2