diff options
Diffstat (limited to 'unmaintained/hg.profile')
| -rw-r--r-- | unmaintained/hg.profile | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/unmaintained/hg.profile b/unmaintained/hg.profile new file mode 100644 index 0000000..57eb45b --- /dev/null +++ b/unmaintained/hg.profile @@ -0,0 +1,70 @@ +# Firejail profile for hg +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include hg.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/nano +noblacklist ${HOME}/.emacs +noblacklist ${HOME}/.emacs.d +noblacklist ${HOME}/.hgrc +#noblacklist ${HOME}/.gnupg +noblacklist ${HOME}/.nanorc +noblacklist ${HOME}/.oh-my-zsh +#noblacklist ${HOME}/.ssh +noblacklist ${HOME}/.vim +noblacklist ${HOME}/.viminfo + +# Allow ssh (blacklisted by disable-common.inc) +include allow-ssh.inc + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + +include disable-common.inc +include disable-exec.inc +include disable-programs.inc + +whitelist ${HOME}/.config/nano +whitelist ${HOME}/.emacs +whitelist ${HOME}/.emacs.d +whitelist ${HOME}/.hgrc +#whitelist ${HOME}/.gnupg +#read-only ${HOME}/.gnupg +whitelist ${HOME}/.nanorc +read-only ${HOME}/.nanorc +whitelist ${HOME}/.oh-my-zsh +#whitelist ${HOME}/.ssh +#read-only ${HOME}/.ssh +whitelist ${HOME}/.vim +whitelist ${HOME}/.viminfo +whitelist ${HOME}/build +whitelist ${HOME}/workspace + +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodvd +nogroups +noinput +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol inet,inet6 +#protocol unix,inet,inet6 +seccomp +shell none + +private-bin hg,python2 +private-cache +private-dev + +memory-deny-write-execute + |