From 04adc450151cc5107098ef2f555ad526ac9f632e Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 22 Sep 2017 08:42:52 -0400 Subject: Further fixup #1565 and add a profile for uefitool --- etc/bluefish.profile | 4 +--- etc/cliqz.profile | 4 ++-- etc/disable-programs.inc | 3 +++ etc/pinta.profile | 12 ++++++++---- etc/uefitool.profile | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 47 insertions(+), 9 deletions(-) create mode 100644 etc/uefitool.profile (limited to 'etc') diff --git a/etc/bluefish.profile b/etc/bluefish.profile index a0bceabbe..f18dea296 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile @@ -1,11 +1,10 @@ -# Firejail profile for pluma +# Firejail profile for bluefish # This file is overwritten after every install/update # Persistent local customizations include /etc/firejail/pluma.local # Persistent global definitions include /etc/firejail/globals.local -noblacklist ${HOME}/.config/pluma include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc @@ -29,7 +28,6 @@ tracelog private-bin bluefish private-dev -# private-etc fonts private-tmp noexec ${HOME} diff --git a/etc/cliqz.profile b/etc/cliqz.profile index 9c0f44e97..a7c791a02 100644 --- a/etc/cliqz.profile +++ b/etc/cliqz.profile @@ -1,7 +1,7 @@ -# Firejail profile for firefox +# Firejail profile for cliqz # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/firefox.local +include /etc/firejail/cliqz.local # Persistent global definitions include /etc/firejail/globals.local diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 615e28172..ad589890c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -81,6 +81,7 @@ blacklist ${HOME}/.config/chromium blacklist ${HOME}/.config/chromium-dev blacklist ${HOME}/.config/chromium-flags.conf blacklist ${HOME}/.config/clipit +blacklist ${HOME}/.config/cliqz blacklist ${HOME}/.config/cmus blacklist ${HOME}/.config/corebird blacklist ${HOME}/.config/darktable @@ -142,6 +143,7 @@ blacklist ${HOME}/.config/opera-beta blacklist ${HOME}/.config/orage blacklist ${HOME}/.config/org.kde.gwenviewrc blacklist ${HOME}/.config/pcmanfm +blacklist ${HOME}/.config/Pinta blacklist ${HOME}/.config/pix blacklist ${HOME}/.config/pluma blacklist ${HOME}/.config/psi+ @@ -408,6 +410,7 @@ blacklist ${HOME}/.cache/calibre blacklist ${HOME}/.cache/champlain blacklist ${HOME}/.cache/chromium blacklist ${HOME}/.cache/chromium-dev +blacklist ${HOME}/.cache/cliqz blacklist ${HOME}/.cache/darktable blacklist ${HOME}/.cache/epiphany blacklist ${HOME}/.cache/evolution diff --git a/etc/pinta.profile b/etc/pinta.profile index 2562e1b80..4228e5880 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile @@ -1,15 +1,21 @@ -# Firejail profile for krita +# Firejail profile for pinta # This file is overwritten after every install/update # Persistent local customizations -include /etc/firejail/krita.local +include /etc/firejail/pinta.local # Persistent global definitions include /etc/firejail/globals.local + +noblacklist ${HOME}/.config/Pinta + include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +whitelist ${HOME}/.config/Pinta +include /etc/firejail/whitelist-common.inc + caps.drop all ipc-namespace net none @@ -27,7 +33,5 @@ shell none private-dev private-tmp - -whitelist ~/.config/Pinta noexec ${HOME} noexec /tmp diff --git a/etc/uefitool.profile b/etc/uefitool.profile new file mode 100644 index 000000000..138f69aa8 --- /dev/null +++ b/etc/uefitool.profile @@ -0,0 +1,33 @@ +# Firejail profile for uefitool +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/uefitool.local +# Persistent global definitions +include /etc/firejail/globals.local + + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +caps.drop all +ipc-namespace +net none +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol unix +seccomp +shell none + +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-70-g09d2