diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-11-10 18:17:42 -0800 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-11-10 18:17:42 -0800 |
| commit | 00fd61062491cb4be3b7bcf003b6a784f2ecf486 (patch) | |
| tree | 2c6d3706de8b24d55f70174d42c0c4cbb54669f7 | |
| parent | Fix typo in vlc profile (diff) | |
| download | firejail-profiles-00fd61062491cb4be3b7bcf003b6a784f2ecf486.tar.xz | |
Add qimv profile
Minor formatting fixes to qtox and toxic profiles
| -rw-r--r-- | PKGBUILD | 4 | ||||
| -rw-r--r-- | profiles/qimv.profile | 52 | ||||
| -rw-r--r-- | profiles/qtox.local | 2 | ||||
| -rw-r--r-- | profiles/toxic.profile | 2 |
4 files changed, 56 insertions, 4 deletions
@@ -1,7 +1,7 @@ # Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net> pkgname=firejail-profiles -pkgver=20201102 +pkgver=20201110 pkgrel=1 pkgdesc="Additional firejail profiles and locals" arch=('any') @@ -9,7 +9,7 @@ url="https://library.iserlohn-fortress.net/firejail-profiles.git" license=('GPLv3') depends=('firejail' 'hardened-malloc') source=(profiles.tar.gz) -b2sums=('8da1ce65408ddc5e00011fb42dd0e84e3cff1e36593dd14d12f26ea96b48dde5e8a78322dfa70ce67701b6529cfa096327ba74b691543155932e5dfbaa38047a') +b2sums=('bd16ed8ad3e20de2d294c916783335dc125c073bff9f94ba1c0ed33af3d7675727c4798101287b8e2d52bc6883adf07ea20166a386f3440aba36da62cc6c4d45') package() { install --directory ${pkgdir}/etc/firejail diff --git a/profiles/qimv.profile b/profiles/qimv.profile new file mode 100644 index 0000000..e3a7500 --- /dev/null +++ b/profiles/qimv.profile @@ -0,0 +1,52 @@ +# Firejail profile for qimv +# Description: Image viewer +# This file is overwritten after every install/update +# Persistent local customizations +include qimv.local +# Persistent global definitions +include globals.local + +# Comment in these two lines to enable testing the binary from ${HOME} +#ignore noexec ${HOME} +#ignore private-bin qimv,imv + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc + +#include whitelist-common.inc +#include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +# no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +# disable-mnt +private-bin qimv,imv +private-cache +private-dev +private-etc fonts,machine-id,localtime,passwd +private-tmp + +memory-deny-write-execute + +dbus-user none +dbus-system none diff --git a/profiles/qtox.local b/profiles/qtox.local index 8186bdf..8faca83 100644 --- a/profiles/qtox.local +++ b/profiles/qtox.local @@ -1,4 +1,4 @@ -# # qtox alsa audio will work with ipc-namespace, +# # alsa audio will work with ipc-namespace, # # but it hogs the alsa device from other applications ignore ipc-namespace diff --git a/profiles/toxic.profile b/profiles/toxic.profile index 15203b6..8b6bd53 100644 --- a/profiles/toxic.profile +++ b/profiles/toxic.profile @@ -45,8 +45,8 @@ disable-mnt private-bin toxic # private-bin toxic,gpg,pinentry-qt private-cache -private-etc asound.conf,group,localtime,machine-id,resolv.conf private-dev +private-etc asound.conf,group,localtime,machine-id,resolv.conf private-tmp memory-deny-write-execute |