From 176dae16c44794f30cb347dfd84fe84bcc5c9708 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Sat, 14 Mar 2020 23:55:30 -0700
Subject: Initial commit

---
 profiles/hg.profile | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 profiles/hg.profile

(limited to 'profiles/hg.profile')

diff --git a/profiles/hg.profile b/profiles/hg.profile
new file mode 100644
index 0000000..ac5943d
--- /dev/null
+++ b/profiles/hg.profile
@@ -0,0 +1,59 @@
+# Firejail profile for hg
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include hg.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/nano
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.hgrc
+#noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.nanorc
+noblacklist ${HOME}/.oh-my-zsh
+#noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+blacklist /tmp/.X11-unix
+
+whitelist ${HOME}/.config/nano
+whitelist ${HOME}/.emacs
+whitelist ${HOME}/.emacs.d
+whitelist ${HOME}/.hgrc
+#whitelist ${HOME}/.gnupg
+#read-only ${HOME}/.gnupg
+whitelist ${HOME}/.nanorc
+read-only ${HOME}/.nanorc
+whitelist ${HOME}/.oh-my-zsh
+#whitelist ${HOME}/.ssh
+#read-only ${HOME}/.ssh
+whitelist ${HOME}/.vim
+whitelist ${HOME}/.viminfo
+whitelist ${HOME}/build
+whitelist ${HOME}/workspace
+
+caps.drop all
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol inet,inet6
+#protocol unix,inet,inet6
+seccomp
+shell none
+
+private-bin hg,python2
+private-dev
-- 
cgit v1.2.1