diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-03-14 23:55:30 -0700 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-03-14 23:55:30 -0700 |
| commit | 176dae16c44794f30cb347dfd84fe84bcc5c9708 (patch) | |
| tree | 3c3b092e9446c01e5613c7596e5fa89277cb1385 /profiles/hg.profile | |
| download | firejail-profiles-176dae16c44794f30cb347dfd84fe84bcc5c9708.tar.xz | |
Initial commit
Diffstat (limited to 'profiles/hg.profile')
| -rw-r--r-- | profiles/hg.profile | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/profiles/hg.profile b/profiles/hg.profile new file mode 100644 index 0000000..ac5943d --- /dev/null +++ b/profiles/hg.profile @@ -0,0 +1,59 @@ +# Firejail profile for hg +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include hg.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/nano +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.hgrc +#noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.nanorc +noblacklist ${HOME}/.oh-my-zsh +#noblacklist ${HOME}/.ssh +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo + +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc + +blacklist /tmp/.X11-unix + +whitelist ${HOME}/.config/nano +whitelist ${HOME}/.emacs +whitelist ${HOME}/.emacs.d +whitelist ${HOME}/.hgrc +#whitelist ${HOME}/.gnupg +#read-only ${HOME}/.gnupg +whitelist ${HOME}/.nanorc +read-only ${HOME}/.nanorc +whitelist ${HOME}/.oh-my-zsh +#whitelist ${HOME}/.ssh +#read-only ${HOME}/.ssh +whitelist ${HOME}/.vim +whitelist ${HOME}/.viminfo +whitelist ${HOME}/build +whitelist ${HOME}/workspace + +caps.drop all +machine-id +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol inet,inet6 +#protocol unix,inet,inet6 +seccomp +shell none + +private-bin hg,python2 +private-dev |