From bc257b6a4cdd0d335d744a0e70d06cef0c81ea26 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 24 Apr 2017 20:39:23 -0400 Subject: added akregator, kcalc and ktorrent profiles --- etc/akregator.profile | 30 ++++++++++++++++++++++++++++++ etc/disable-programs.inc | 4 ++++ etc/kcalc.profile | 29 +++++++++++++++++++++++++++++ etc/ktorrent.profile | 30 ++++++++++++++++++++++++++++++ 4 files changed, 93 insertions(+) create mode 100644 etc/akregator.profile create mode 100644 etc/kcalc.profile create mode 100644 etc/ktorrent.profile (limited to 'etc') diff --git a/etc/akregator.profile b/etc/akregator.profile new file mode 100644 index 000000000..c99153450 --- /dev/null +++ b/etc/akregator.profile @@ -0,0 +1,30 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/akregator.local + +################################ +# Generic GUI application profile +################################ +noblacklist ${HOME}/.config/akregatorrc +noblacklist ${HOME}/.local/share/akregator +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +# nogroups +# shell none +# private-bin program +# private-etc none +# private-dev +# private-tmp + diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32adac298..fbe614b0d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5 blacklist ${HOME}/.bibletime blacklist ${HOME}/.claws-mail blacklist ${HOME}/.config/0ad +blacklist ${HOME}/.config/akregatorrc blacklist ${HOME}/.config/Atom blacklist ${HOME}/.config/Audaciousrc blacklist ${HOME}/.config/Brackets @@ -179,6 +180,7 @@ blacklist ${HOME}/.kde4/share/config/konqsidebartngrc blacklist ${HOME}/.kde4/share/config/konquerorrc blacklist ${HOME}/.kde4/share/config/okularpartrc blacklist ${HOME}/.kde4/share/config/okularrc +blacklist ${HOME}/.kde4/share/config/ktorrentrc blacklist ${HOME}/.kde/share/apps/gwenview blacklist ${HOME}/.kde/share/apps/kcookiejar blacklist ${HOME}/.kde/share/apps/khtml @@ -196,6 +198,7 @@ blacklist ${HOME}/.kde/share/config/konqsidebartngrc blacklist ${HOME}/.kde/share/config/konquerorrc blacklist ${HOME}/.kde/share/config/okularpartrc blacklist ${HOME}/.kde/share/config/okularrc +blacklist ${HOME}/.kde/share/config/ktorrentrc blacklist ${HOME}/.killingfloor blacklist ${HOME}/.kino-history blacklist ${HOME}/.kinorc @@ -207,6 +210,7 @@ blacklist ${HOME}/.local/.share/maps-places.json blacklist ${HOME}/.local/lib/python2.7/site-packages blacklist ${HOME}/.local/share/0ad blacklist ${HOME}/.local/share/3909/PapersPlease +blacklist ${HOME}/.local/share/akregator blacklist ${HOME}/.local/share/Empathy blacklist ${HOME}/.local/share/Mumble blacklist ${HOME}/.local/share/QuiteRss diff --git a/etc/kcalc.profile b/etc/kcalc.profile new file mode 100644 index 000000000..88f84fdf6 --- /dev/null +++ b/etc/kcalc.profile @@ -0,0 +1,29 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/kcalc.local + +################################ +# Generic GUI application profile +################################ +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +private +nogroups +shell none +# private-bin program +# private-etc none +private-dev +private-tmp + diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile new file mode 100644 index 000000000..f1a5d995d --- /dev/null +++ b/etc/ktorrent.profile @@ -0,0 +1,30 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/ktorrent.local + +################################ +# Generic GUI application profile +################################ +blacklist ${HOME}/.kde/share/config/ktorrentrc +blacklist ${HOME}/.kde4/share/config/ktorrentrc +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp + +# +# depending on you usage, you can enable some of the commands below: +# +nogroups +shell none +# private-bin program +# private-etc none +private-dev +# private-tmp + -- cgit v1.2.3-70-g09d2