From 8201711defc8a51c196508c4f6793174425fb973 Mon Sep 17 00:00:00 2001 From: Fred Barclay Date: Sat, 15 Apr 2017 11:51:19 -0500 Subject: BibleTime profile --- etc/bibletime.profile | 35 +++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 etc/bibletime.profile (limited to 'etc') diff --git a/etc/bibletime.profile b/etc/bibletime.profile new file mode 100644 index 000000000..19beb5aed --- /dev/null +++ b/etc/bibletime.profile @@ -0,0 +1,35 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/bibletime.local + +# Firejail profile for BibleTime +noblacklist ~/.sword +noblacklist ~/.bibletime + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +whitelist ${HOME}/.config/qt5ct +whitelist ${HOME}/.sword +whitelist ${HOME}/.bibletime + +blacklist ~/.bashrc +blacklist ~/.Xauthority + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +nosound +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +#private-bin bibletime,qt5ct +private-etc fonts,resolv.conf,sword,sword.conf,passwd +private-dev +private-tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 87f8e13b9..bad1f0263 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -18,6 +18,7 @@ blacklist ${HOME}/.atom blacklist ${HOME}/.attic blacklist ${HOME}/.audacity-data blacklist ${HOME}/.bcast5 +blacklist ${HOME}/.bibletime blacklist ${HOME}/.claws-mail blacklist ${HOME}/.config/0ad blacklist ${HOME}/.config/Atom @@ -107,6 +108,7 @@ blacklist ${HOME}/.config/pix blacklist ${HOME}/.config/pluma blacklist ${HOME}/.config/psi+ blacklist ${HOME}/.config/qpdfview +blacklist ${HOME}/.config/qt5ct blacklist ${HOME}/.config/qutebrowser blacklist ${HOME}/.config/ranger blacklist ${HOME}/.config/redshift.conf -- cgit v1.2.3-54-g00ecf