From 30927eb246fbc0d76d9e65e42469476caf6f2af8 Mon Sep 17 00:00:00 2001 From: kortewegdevries <62639087+kortewegdevries@users.noreply.github.com> Date: Tue, 21 Jul 2020 13:09:34 +0530 Subject: New profile for homebank (#3525) * Add files via upload New profile for homebank * Update etc/profile-a-l/homebank.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * Update etc/profile-a-l/homebank.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * Update homebank.profile * Update firecfg.config homebank added * Update disable-programs.inc Added blacklist. * Update homebank.profile Added disable-shell,removed whitelisted docs * Update disable-programs.inc Changed sorting * Update homebank.profile Changed sorting * Added cawbird profile Initial * Revert "Added cawbird profile" This reverts commit 6b045976adf62a91882236600c55926af34b6a52. Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> --- etc/inc/disable-programs.inc | 1 + etc/profile-a-l/homebank.profile | 59 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 etc/profile-a-l/homebank.profile (limited to 'etc') diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 865eefb18..5ad60dc9f 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -236,6 +236,7 @@ blacklist ${HOME}/.config/gthumb blacklist ${HOME}/.config/gummi blacklist ${HOME}/.config/gwenviewrc blacklist ${HOME}/.config/hexchat +blacklist ${HOME}/.config/homebank blacklist ${HOME}/.config/i2p blacklist ${HOME}/.config/inkscape blacklist ${HOME}/.config/inox diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile new file mode 100644 index 000000000..8e600a2d7 --- /dev/null +++ b/etc/profile-a-l/homebank.profile @@ -0,0 +1,59 @@ +# Firejail profile for homebank +# Description: Personal finance manager +# This file is overwritten after every install/update +# Persistent local customizations +include homebank.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/homebank + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-passwdmgr.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.config/homebank +whitelist ${DOWNLOADS} +whitelist ${HOME}/.config/homebank +whitelist /usr/share/homebank +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +# net none +netfilter +nodvd +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin homebank +private-cache +private-dev +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11 +private-tmp + +dbus-user none +dbus-system none + +# memory-deny-write-execute -- cgit v1.2.3-70-g09d2