diff options
Diffstat (limited to 'profiles/hg.profile')
| -rw-r--r-- | profiles/hg.profile | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/profiles/hg.profile b/profiles/hg.profile new file mode 100644 index 0000000..ac5943d --- /dev/null +++ b/profiles/hg.profile @@ -0,0 +1,59 @@ +# Firejail profile for hg +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include hg.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/nano +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.hgrc +#noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.nanorc +noblacklist ${HOME}/.oh-my-zsh +#noblacklist ${HOME}/.ssh +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo + +include disable-common.inc +include disable-passwdmgr.inc +include disable-programs.inc + +blacklist /tmp/.X11-unix + +whitelist ${HOME}/.config/nano +whitelist ${HOME}/.emacs +whitelist ${HOME}/.emacs.d +whitelist ${HOME}/.hgrc +#whitelist ${HOME}/.gnupg +#read-only ${HOME}/.gnupg +whitelist ${HOME}/.nanorc +read-only ${HOME}/.nanorc +whitelist ${HOME}/.oh-my-zsh +#whitelist ${HOME}/.ssh +#read-only ${HOME}/.ssh +whitelist ${HOME}/.vim +whitelist ${HOME}/.viminfo +whitelist ${HOME}/build +whitelist ${HOME}/workspace + +caps.drop all +machine-id +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +novideo +protocol inet,inet6 +#protocol unix,inet,inet6 +seccomp +shell none + +private-bin hg,python2 +private-dev |