From cb98aea61bf97c8125c2d2df6cb08b9f05355e3a Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Thu, 30 May 2019 17:31:25 +0200 Subject: Add profile templates Create etc/templates * profile.template * redirect_alias-profile.template * syscalls.txt * Notes --- etc/templates/profile.template | 82 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 etc/templates/profile.template (limited to 'etc/templates/profile.template') diff --git a/etc/templates/profile.template b/etc/templates/profile.template new file mode 100644 index 000000000..d7da0ed20 --- /dev/null +++ b/etc/templates/profile.template @@ -0,0 +1,82 @@ +# Firejail profile for PROGRAM_NAME +# Description: DESCRIPTION +# This file is overwritten after every install/update +##quiet +# Persistent local customizations +#include PROFILE.local +# Persistent global definitions +#include globals.local + +##ignore noexec ${HOME} + +##blacklist PATH + +#noblacklist PATH + +# Allow python (blacklisted by disable-interpreters.inc) +#noblacklist ${PATH}/python2* +#noblacklist ${PATH}/python3* +#noblacklist /usr/lib/python2* +#noblacklist /usr/lib/python3* +#noblacklist /usr/local/lib/python2* +#noblacklist /usr/local/lib/python3* + +#include disable-common.inc +#include disable-devel.inc +#include disable-exec.inc +#include disable-interpreters.inc +#include disable-passwdmgr.inc +#include disable-programs.inc +#include disable-xdg.inc + +#mkdir PATH +#mkfile PATH +#whitelist PATH +#include whitelist-common.inc +#include whitelist-var-common.inc + +#apparmor +#caps.drop all +# CLI only +##ipc-namespace +#machine-id +# 'net none' or 'netfilter' +#net none +#netfilter +#no3d +#nodbus +#nodvd +#nogroups +#nonewprivs +#noroot +#nosound +#notv +#nou2f +#novideo +#protocol unix,inet,inet6,netlink +#seccomp +##seccomp.drop SYSCALLS +#shell none +#tracelog + +#disable-mnt +##private +#private-bin PROGRAMS +#private-cache +#private-dev +#private-etc FILES +# private-etc templates (see also #1734) +# Internet: ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl +# Sound: alsa,asound.conf,machine-id,openal,pulse +# GTK: dconf,fonts,gtk-2.0,gtk-3.0,pango,xdg +# KDE/QT: fonts,kde4rc,kde5rc,ld.so.cache,machine-id,Trolltech.conf,xdg +# GUIs: fonts +# Alternatives: alternatives +##private-lib LIBS +##private-opt NAME +#private-tmp + +##env VAR=VALUE +#memory-deny-write-execute +##read-only ${HOME} +##join-or-start NAME -- cgit v1.2.3-70-g09d2