From 37ef5cfb9d31be49a071d27ff6f626cf65b2231f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 26 Apr 2017 16:35:18 -0400 Subject: Dia, FontForge, Geany, Hugin profiles --- etc/default.profile | 2 +- etc/dia.profile | 26 ++++++++++++++++++++++++++ etc/disable-programs.inc | 4 ++++ etc/fontforge.profile | 26 ++++++++++++++++++++++++++ etc/geany.profile | 26 ++++++++++++++++++++++++++ etc/hugin.profile | 27 +++++++++++++++++++++++++++ 6 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 etc/dia.profile create mode 100644 etc/fontforge.profile create mode 100644 etc/geany.profile create mode 100644 etc/hugin.profile (limited to 'etc') diff --git a/etc/default.profile b/etc/default.profile index 66b04896f..484c1cd8e 100644 --- a/etc/default.profile +++ b/etc/default.profile @@ -25,4 +25,4 @@ seccomp # private-etc none # private-dev # private-tmp - +# nosound diff --git a/etc/dia.profile b/etc/dia.profile new file mode 100644 index 000000000..3c01e9a0b --- /dev/null +++ b/etc/dia.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/dia.local + +noblacklist ~/.dia +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +private-tmp + diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 18b644987..285a7f7e3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution blacklist ${HOME}/.config/filezilla blacklist ${HOME}/.config/flowblade blacklist ${HOME}/.config/gajim +blacklist ${HOME}/.config/geany blacklist ${HOME}/.config/geeqie blacklist ${HOME}/.config/gedit blacklist ${HOME}/.config/globaltime @@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer blacklist ${HOME}/.config/zathura blacklist ${HOME}/.config/zoomus.conf blacklist ${HOME}/.conkeror.mozdev.org +blacklist ${HOME}/.dia blacklist ${HOME}/.dillo blacklist ${HOME}/.dosbox blacklist ${HOME}/.dropbox-dist @@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d blacklist ${HOME}/.filezilla blacklist ${HOME}/.flowblade blacklist ${HOME}/.fltk +blacklist ${HOME}/.FontForge blacklist ${HOME}/.gimp* blacklist ${HOME}/.git-credential-cache blacklist ${HOME}/.gitconfig @@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml blacklist ${HOME}/.googleearth/myplaces.kml blacklist ${HOME}/.guayadeque blacklist ${HOME}/.hedgewars +blacklist ${HOME}/.hugin blacklist ${HOME}/.icedove blacklist ${HOME}/.inkscape blacklist ${HOME}/.jitsi diff --git a/etc/fontforge.profile b/etc/fontforge.profile new file mode 100644 index 000000000..014d15650 --- /dev/null +++ b/etc/fontforge.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/fontforge.local + +noblacklist ${HOME}/.FontForge +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +private-tmp + diff --git a/etc/geany.profile b/etc/geany.profile new file mode 100644 index 000000000..8ccc44dc1 --- /dev/null +++ b/etc/geany.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/geany.local + +noblacklist ${HOME}/.config/geany +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +private-tmp + diff --git a/etc/hugin.profile b/etc/hugin.profile new file mode 100644 index 000000000..d2ad16c0e --- /dev/null +++ b/etc/hugin.profile @@ -0,0 +1,27 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/hugin.local + +noblacklist ${HOME}/.hugin +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +private-tmp +nosound + -- cgit v1.2.3-54-g00ecf