From 00fd61062491cb4be3b7bcf003b6a784f2ecf486 Mon Sep 17 00:00:00 2001 From: jc_gargma Date: Tue, 10 Nov 2020 18:17:42 -0800 Subject: Add qimv profile Minor formatting fixes to qtox and toxic profiles --- PKGBUILD | 4 ++-- profiles/qimv.profile | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ profiles/qtox.local | 2 +- profiles/toxic.profile | 2 +- 4 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 profiles/qimv.profile diff --git a/PKGBUILD b/PKGBUILD index 3068de1..42e1eaf 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -1,7 +1,7 @@ # Maintainer: jc_gargma pkgname=firejail-profiles -pkgver=20201102 +pkgver=20201110 pkgrel=1 pkgdesc="Additional firejail profiles and locals" arch=('any') @@ -9,7 +9,7 @@ url="https://library.iserlohn-fortress.net/firejail-profiles.git" license=('GPLv3') depends=('firejail' 'hardened-malloc') source=(profiles.tar.gz) -b2sums=('8da1ce65408ddc5e00011fb42dd0e84e3cff1e36593dd14d12f26ea96b48dde5e8a78322dfa70ce67701b6529cfa096327ba74b691543155932e5dfbaa38047a') +b2sums=('bd16ed8ad3e20de2d294c916783335dc125c073bff9f94ba1c0ed33af3d7675727c4798101287b8e2d52bc6883adf07ea20166a386f3440aba36da62cc6c4d45') package() { install --directory ${pkgdir}/etc/firejail diff --git a/profiles/qimv.profile b/profiles/qimv.profile new file mode 100644 index 0000000..e3a7500 --- /dev/null +++ b/profiles/qimv.profile @@ -0,0 +1,52 @@ +# Firejail profile for qimv +# Description: Image viewer +# This file is overwritten after every install/update +# Persistent local customizations +include qimv.local +# Persistent global definitions +include globals.local + +# Comment in these two lines to enable testing the binary from ${HOME} +#ignore noexec ${HOME} +#ignore private-bin qimv,imv + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc + +#include whitelist-common.inc +#include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +# no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +# disable-mnt +private-bin qimv,imv +private-cache +private-dev +private-etc fonts,machine-id,localtime,passwd +private-tmp + +memory-deny-write-execute + +dbus-user none +dbus-system none diff --git a/profiles/qtox.local b/profiles/qtox.local index 8186bdf..8faca83 100644 --- a/profiles/qtox.local +++ b/profiles/qtox.local @@ -1,4 +1,4 @@ -# # qtox alsa audio will work with ipc-namespace, +# # alsa audio will work with ipc-namespace, # # but it hogs the alsa device from other applications ignore ipc-namespace diff --git a/profiles/toxic.profile b/profiles/toxic.profile index 15203b6..8b6bd53 100644 --- a/profiles/toxic.profile +++ b/profiles/toxic.profile @@ -45,8 +45,8 @@ disable-mnt private-bin toxic # private-bin toxic,gpg,pinentry-qt private-cache -private-etc asound.conf,group,localtime,machine-id,resolv.conf private-dev +private-etc asound.conf,group,localtime,machine-id,resolv.conf private-tmp memory-deny-write-execute -- cgit v1.2.1