-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of https://github.com/chiraag-nataraj/firejail-…
- Loading branch information
Showing
55 changed files
with
1,144 additions
and
496 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,28 +1,42 @@ | ||
| <<<<<<< HEAD | ||
| include /etc/firejail/globals.local | ||
|
|
||
| blacklist /usr/local/bin | ||
| blacklist /usr/local/sbin | ||
|
|
||
| whitelist ${HOME}/.config/ | ||
| whitelist ${HOME}/.local/share/akregator/ | ||
| ======= | ||
| # Firejail profile for akregator | ||
| # This file is overwritten after every install/update | ||
| # Persistent local customizations | ||
| include /etc/firejail/akregator.local | ||
| # Persistent global definitions | ||
| include /etc/firejail/globals.local | ||
| >>>>>>> 7bf44969dff7201d9239c0a606510cc67ed688db | ||
|
|
||
| blacklist /boot | ||
| blacklist /media | ||
| blacklist /mnt | ||
| blacklist /opt | ||
| blacklist /usr/local/bin | ||
| blacklist /usr/local/sbin | ||
|
|
||
| private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | ||
| private-dev | ||
| private-etc fonts,alternatives,X11,passwd | ||
|
|
||
| whitelist ${HOME}/.config/ | ||
| whitelist ${HOME}/.local/share/akregator/ | ||
| whitelist /tmp/.X11-unix | ||
| # I have forced DBus to use an ordinary unix socket | ||
| # DBus is forced to use an ordinary unix socket | ||
| whitelist /tmp/dbus_session_socket | ||
| include /etc/firejail/whitelist-common.inc | ||
|
|
||
| shell none | ||
| seccomp | ||
| caps.drop all | ||
| noroot | ||
| nonewprivs | ||
| ipc-namespace | ||
| nogroups | ||
| ipc-namespace | ||
| nonewprivs | ||
| noroot | ||
| seccomp | ||
| shell none | ||
|
|
||
| private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | ||
| private-dev | ||
| private-etc fonts,alternatives,X11,passwd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,28 +1,41 @@ | ||
| <<<<<<< HEAD | ||
| include /etc/firejail/globals.local | ||
|
|
||
| whitelist ${HOME}/.config/blender | ||
|
|
||
| whitelist ${DOWNLOADS} | ||
| whitelist ${HOME}/Videos | ||
| ======= | ||
| # Firejail profile for blender | ||
| # This file is overwritten after every install/update | ||
| # Persistent local customizations | ||
| include /etc/firejail/blender.local | ||
| # Persistent global definitions | ||
| include /etc/firejail/globals.local | ||
| >>>>>>> 7bf44969dff7201d9239c0a606510cc67ed688db | ||
|
|
||
| blacklist /boot | ||
| blacklist /media | ||
| blacklist /mnt | ||
| blacklist /opt | ||
|
|
||
| whitelist ${DOWNLOADS} | ||
| whitelist ${HOME}/.config/blender | ||
| whitelist ${HOME}/Videos | ||
| whitelist /tmp/.X11-unix | ||
| include /etc/firejail/whitelist-common.inc | ||
|
|
||
| caps.drop all | ||
| ipc-namespace | ||
| net none | ||
| nogroups | ||
| noroot | ||
| seccomp | ||
| shell none | ||
|
|
||
| private-bin blender | ||
| private-dev | ||
| private-etc pulse,fonts | ||
|
|
||
| whitelist /tmp/.X11-unix | ||
|
|
||
| noexec /home | ||
| noexec /tmp | ||
|
|
||
| shell none | ||
| seccomp | ||
| caps.drop all | ||
| net none | ||
| noroot | ||
| nogroups | ||
| ipc-namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,36 @@ | ||
| <<<<<<< HEAD | ||
| include /etc/firejail/globals.local | ||
|
|
||
| ======= | ||
| # Firejail profile for brackets | ||
| # This file is overwritten after every install/update | ||
| # Persistent local customizations | ||
| include /etc/firejail/brackets.local | ||
| # Persistent global definitions | ||
| include /etc/firejail/globals.local | ||
|
|
||
| blacklist /boot | ||
| blacklist /media | ||
| blacklist /mnt | ||
|
|
||
| whitelist ${DOWNLOADS} | ||
| >>>>>>> 7bf44969dff7201d9239c0a606510cc67ed688db | ||
| whitelist ${HOME}/.config/Brackets | ||
| whitelist ${HOME}/.gtkrc-2.0 | ||
| whitelist ${HOME}/.themes | ||
| whitelist ${DOWNLOADS} | ||
| whitelist ${HOME}/Documents | ||
|
|
||
| whitelist /opt/brackets/ | ||
| whitelist /opt/google/ | ||
|
|
||
| blacklist /boot | ||
| blacklist /media | ||
| blacklist /mnt | ||
|
|
||
| private-bin bash,brackets,readlink,dirname,google-chrome,cat | ||
| private-dev | ||
| whitelist /tmp/.X11-unix | ||
| include /etc/firejail/whitelist-common.inc | ||
|
|
||
| caps.drop all | ||
| # Comment out or use --ignore=net if you want to install extensions or themes | ||
| net none | ||
|
|
||
| # Disable these if you use live preview (until I figure out a workaround) | ||
| # Doing so should be relatively safe since there is no network access | ||
| seccomp | ||
| noroot | ||
| caps.drop all | ||
| seccomp | ||
|
|
||
| private-bin bash,brackets,readlink,dirname,google-chrome,cat | ||
| private-dev |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,33 +1,46 @@ | ||
| <<<<<<< HEAD | ||
| include /etc/firejail/globals.local | ||
|
|
||
| whitelist ${HOME}/.config/Trolltech.conf | ||
| whitelist ${HOME}/.gtkrc-2.0 | ||
| whitelist ${HOME}/.kde | ||
| whitelist ${HOME}/.themes | ||
| ======= | ||
| # Firejail profile for calligra | ||
| # This file is overwritten after every install/update | ||
| # Persistent local customizations | ||
| include /etc/firejail/calligra.local | ||
| # Persistent global definitions | ||
| include /etc/firejail/globals.local | ||
| >>>>>>> 7bf44969dff7201d9239c0a606510cc67ed688db | ||
|
|
||
| blacklist /boot | ||
| blacklist /media | ||
| blacklist /mnt | ||
| blacklist /opt | ||
|
|
||
| whitelist ${DOWNLOADS} | ||
| whitelist ${HOME}/.config/Trolltech.conf | ||
| whitelist ${HOME}/.gtkrc-2.0 | ||
| whitelist ${HOME}/.kde | ||
| whitelist ${HOME}/.themes | ||
| whitelist ${HOME}/Documents | ||
| whitelist /tmp/.X11-unix | ||
| # DBus is forced to use an ordinary unix socket | ||
| whitelist /tmp/dbus_session_socket | ||
| include /etc/firejail/whitelist-common.inc | ||
|
|
||
| caps.drop all | ||
| ipc-namespace | ||
| net none | ||
| nogroups | ||
| noroot | ||
| seccomp | ||
| shell none | ||
|
|
||
| private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch | ||
| private-dev | ||
| private-etc fonts,passwd,alternatives,X11 | ||
|
|
||
| whitelist /tmp/.X11-unix | ||
| # I have forced DBus to use an ordinary unix socket | ||
| whitelist /tmp/dbus_session_socket | ||
|
|
||
| noexec /home | ||
| noexec /tmp | ||
|
|
||
| shell none | ||
| seccomp | ||
| caps.drop all | ||
| net none | ||
| noroot | ||
| nogroups | ||
| ipc-namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,5 @@ | ||
| include ${HOME}/.config/firejail/calligra.profile | ||
| # Firejail profile alias for calligra | ||
| # This file is overwritten after every install/update | ||
|
|
||
|
|
||
| include ${HOME}/.config/firejail/calligra.profile |
Oops, something went wrong.