diff options
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/amfora.profile | 23 | ||||
| -rw-r--r-- | profiles/kristall.profile | 59 |
2 files changed, 73 insertions, 9 deletions
diff --git a/profiles/amfora.profile b/profiles/amfora.profile index d4d6fa8..fcbeb82 100644 --- a/profiles/amfora.profile +++ b/profiles/amfora.profile @@ -13,14 +13,6 @@ noblacklist ${HOME}/.local/share/amfora blacklist /tmp/.X11-unix blacklist ${RUNUSER}/wayland-* -mkdir ${HOME}/.config/amfora -whitelist ${HOME}/.config/amfora -mkdir ${HOME}/.local/share/amfora -whitelist ${HOME}/.local/share/amfora - - -include allow-perl.inc - include disable-common.inc include disable-devel.inc include disable-interpreters.inc @@ -28,9 +20,15 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc +mkdir ${HOME}/.config/amfora +mkdir ${HOME}/.local/share/amfora + +whitelist ${HOME}/.config/amfora +whitelist ${HOME}/.local/share/amfora include whitelist-runuser-common.inc caps.drop all +machine-id netfilter no3d nodvd @@ -46,11 +44,18 @@ seccomp shell none tracelog +disable-mnt private-bin amfora private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl +private-etc ca-certificates,resolv.conf,ssl private-tmp +dbus-user none +dbus-system none + +noexec ${HOME} +noexec /tmp + # # Use with hardened-malloc package env LD_PRELOAD=/usr/lib/libhardened_malloc.so diff --git a/profiles/kristall.profile b/profiles/kristall.profile new file mode 100644 index 0000000..4e570b2 --- /dev/null +++ b/profiles/kristall.profile @@ -0,0 +1,59 @@ +# Firejail profile for kristall +# This file is overwritten after every install/update +# Persistent local customizations +include kristall.local +# Persistent global definitions +include globals.local + + +noblacklist ${HOME}/.cache/kristall +noblacklist ${HOME}/.config/xqTechnologies +#noblacklist ${HOME}/.local/share/kristall + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-xdg.inc + +mkdir ${HOME}/.config/xqTechnologies +#mkdir ${HOME}/.local/share/kristall + +whitelist ${DOWNLOADS} +#whitelist ${HOME}/.cache/kristall +whitelist ${HOME}/.config/xqTechnologies +#whitelist ${HOME}/.local/share/kristall +include /etc/firejail/whitelist-common.inc + + +caps.drop all +machine-id +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6,netlink +seccomp !name_to_handle_at +shell none +tracelog + +disable-mnt +private-bin bash,kristall +private-cache +private-dev +private-etc ca-certificates,fonts,machine-id,resolv.conf,ssl +private-tmp + +dbus-user none +dbus-system none + +noexec ${HOME} +noexec /tmp + +# # Use with hardened-malloc package +env LD_PRELOAD=/usr/lib/libhardened_malloc.so |