From 4d32f53c721c4040232c9a5dcf67cfdef8c6e4a4 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 25 Apr 2017 12:00:07 -0400 Subject: added Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict and Ristretto profiles --- etc/disable-programs.inc | 8 ++++++++ etc/globaltime.profile | 26 ++++++++++++++++++++++++++ etc/orage.profile | 27 +++++++++++++++++++++++++++ etc/ristretto.profile | 26 ++++++++++++++++++++++++++ etc/xfce4-dict.profile | 26 ++++++++++++++++++++++++++ etc/xfce4-notes.profile | 28 ++++++++++++++++++++++++++++ 6 files changed, 141 insertions(+) create mode 100644 etc/globaltime.profile create mode 100644 etc/orage.profile create mode 100644 etc/ristretto.profile create mode 100644 etc/xfce4-dict.profile create mode 100644 etc/xfce4-notes.profile (limited to 'etc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fbe614b0d..9b84f5e8a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -76,6 +76,7 @@ blacklist ${HOME}/.config/flowblade blacklist ${HOME}/.config/gajim blacklist ${HOME}/.config/geeqie blacklist ${HOME}/.config/gedit +blacklist ${HOME}/.config/globaltime blacklist ${HOME}/.config/google-chrome blacklist ${HOME}/.config/google-chrome-beta blacklist ${HOME}/.config/google-chrome-unstable @@ -104,10 +105,12 @@ blacklist ${HOME}/.config/okularpartrc blacklist ${HOME}/.config/okularrc blacklist ${HOME}/.config/opera blacklist ${HOME}/.config/opera-beta +blacklist ${HOME}/.config/orage blacklist ${HOME}/.config/org.kde.gwenviewrc blacklist ${HOME}/.config/pix blacklist ${HOME}/.config/pluma blacklist ${HOME}/.config/psi+ +blacklist ${HOME}/.config/ristretto blacklist ${HOME}/.config/qpdfview blacklist ${HOME}/.config/qt5ct blacklist ${HOME}/.config/qutebrowser @@ -135,6 +138,9 @@ blacklist ${HOME}/.config/xchat blacklist ${HOME}/.config/xed blacklist ${HOME}/.config/xfburn blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml +blacklist ${HOME}/.config/xfce4/xfce4-notes.rc +blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc +blacklist ${HOME}/.config/xfce4-dict blacklist ${HOME}/.config/xplayer blacklist ${HOME}/.config/xreader blacklist ${HOME}/.config/xviewer @@ -242,6 +248,7 @@ blacklist ${HOME}/.local/share/mupen64plus blacklist ${HOME}/.local/share/nautilus blacklist ${HOME}/.local/share/nemo blacklist ${HOME}/.local/share/okular +blacklist ${HOME}/.local/share/orage blacklist ${HOME}/.local/share/org.kde.gwenview blacklist ${HOME}/.local/share/pix blacklist ${HOME}/.local/share/psi+ @@ -256,6 +263,7 @@ blacklist ${HOME}/.local/share/vpltd blacklist ${HOME}/.local/share/vulkan blacklist ${HOME}/.local/share/wesnoth blacklist ${HOME}/.local/share/xplayer +blacklist ${HOME}/.local/share/notes blacklist ${HOME}/.local/share/xreader blacklist ${HOME}/.local/share/zathura blacklist ${HOME}/.lv2 diff --git a/etc/globaltime.profile b/etc/globaltime.profile new file mode 100644 index 000000000..271c331a9 --- /dev/null +++ b/etc/globaltime.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/globaltime.local + +noblacklist ${HOME}/.config/globaltime +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/orage.profile b/etc/orage.profile new file mode 100644 index 000000000..b0bd8b9c3 --- /dev/null +++ b/etc/orage.profile @@ -0,0 +1,27 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/orage.local + +noblacklist ${HOME}/.config/orage +noblacklist ${HOME}/.local/share/orage +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/ristretto.profile b/etc/ristretto.profile new file mode 100644 index 000000000..9499febe1 --- /dev/null +++ b/etc/ristretto.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/risretto.local + +noblacklist ${HOME}/.config/ristretto +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile new file mode 100644 index 000000000..41544e6b9 --- /dev/null +++ b/etc/xfce4-dict.profile @@ -0,0 +1,26 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/xfce4-dict.local + +noblacklist ${HOME}/.config/xfce4-dict +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile new file mode 100644 index 000000000..f2cb9a5f1 --- /dev/null +++ b/etc/xfce4-notes.profile @@ -0,0 +1,28 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/xfce4-notes.local + +noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc +noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc +noblacklist ${HOME}/.local/share/notes +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + -- cgit v1.2.3-70-g09d2