From d753ab6bf7c5e90633781a6c75046284c772d9d8 Mon Sep 17 00:00:00 2001 From: Fred Barclay Date: Wed, 14 Dec 2016 22:40:08 -0600 Subject: Add keepassx2 profile --- etc/disable-common.inc | 28 ++++++++++++++-------------- etc/disable-programs.inc | 4 ++-- etc/keepassx2.profile | 22 ++++++++++++++++++++++ 3 files changed, 38 insertions(+), 16 deletions(-) create mode 100644 etc/keepassx2.profile (limited to 'etc') diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b86c6f998..07814a704 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -39,19 +39,19 @@ blacklist /usr/share/applications/veracrypt.* blacklist /usr/share/pixmaps/veracrypt.* blacklist ${HOME}/.VeraCrypt -# TrueCrypt -blacklist ${PATH}/truecrypt -blacklist ${PATH}/truecrypt-uninstall.sh -blacklist /usr/share/truecrypt -blacklist /usr/share/applications/truecrypt.* -blacklist /usr/share/pixmaps/truecrypt.* -blacklist ${HOME}/.TrueCrypt - -# zuluCrypt -blacklist ${HOME}/.zuluCrypt -blacklist ${HOME}/.zuluCrypt-socket -blacklist ${PATH}/zuluCrypt-cli -blacklist ${PATH}/zuluMount-cli +# TrueCrypt +blacklist ${PATH}/truecrypt +blacklist ${PATH}/truecrypt-uninstall.sh +blacklist /usr/share/truecrypt +blacklist /usr/share/applications/truecrypt.* +blacklist /usr/share/pixmaps/truecrypt.* +blacklist ${HOME}/.TrueCrypt + +# zuluCrypt +blacklist ${HOME}/.zuluCrypt +blacklist ${HOME}/.zuluCrypt-socket +blacklist ${PATH}/zuluCrypt-cli +blacklist ${PATH}/zuluMount-cli # var blacklist /var/spool/cron @@ -154,7 +154,7 @@ blacklist /etc/ssh blacklist /var/backup blacklist /home/.ecryptfs -# system directories +# system directories blacklist /sbin blacklist /usr/sbin blacklist /usr/local/sbin diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a9ca487c5..8e9392c7b 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -107,7 +107,7 @@ blacklist ${HOME}/.config/katepartrc blacklist ${HOME}/.config/katerc blacklist ${HOME}/.config/kateschemarc blacklist ${HOME}/.config/katesyntaxhighlightingrc -blacklist ${HOME}/.config/katevirc +blacklist ${HOME}/.config/katevir blacklist ${HOME}/.config/libreoffice blacklist ${HOME}/.config/mate/eom blacklist ${HOME}/.config/midori @@ -148,7 +148,7 @@ blacklist ${HOME}/.config/xreader blacklist ${HOME}/.config/xviewer blacklist ${HOME}/.config/zathura blacklist ${HOME}/.config/zoomus.conf -blacklist ${HOME}/.conkeror.mozdev.org +blacklist ${HOME}/.conkeror.mozdev.org blacklist ${HOME}/.dillo blacklist ${HOME}/.dosbox blacklist ${HOME}/.dropbox-dist diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile new file mode 100644 index 000000000..d8621773f --- /dev/null +++ b/etc/keepassx2.profile @@ -0,0 +1,22 @@ +# keepassx password manager profile +noblacklist ${HOME}/.config/keepassx +noblacklist ${HOME}/.keepassx +noblacklist ${HOME}/keepassx.kdbx + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +nogroups +nonewprivs +noroot +nosound +protocol unix +seccomp +netfilter +shell none + +private-tmp +private-dev -- cgit v1.2.3-54-g00ecf