new profile: trivalent (#6900)

https://github.com/secureblue/Trivalent
2026-05-21 06:45:29 -06:00 · 2025-09-22 22:50:51 -03:00 · 2025-09-22 22:50:51 -03:00 · a942b0bac7
commit a942b0bac7
parent 3207760728
2 changed files with 27 additions and 0 deletions
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@ -235,6 +235,7 @@ blacklist ${HOME}/.cache/thunderbird
 blacklist ${HOME}/.cache/tiny-rdm
 blacklist ${HOME}/.cache/torbrowser
 blacklist ${HOME}/.cache/transmission
+blacklist ${HOME}/.cache/trivalent
 blacklist ${HOME}/.cache/ueberzugpp
 blacklist ${HOME}/.cache/ungoogled-chromium
 blacklist ${HOME}/.cache/virt-manager
@ -682,6 +683,7 @@ blacklist ${HOME}/.config/totem
 blacklist ${HOME}/.config/tox
 blacklist ${HOME}/.config/transgui
 blacklist ${HOME}/.config/transmission
+blacklist ${HOME}/.config/trivalent
 blacklist ${HOME}/.config/truecraft
 blacklist ${HOME}/.config/tuir
 blacklist ${HOME}/.config/tuta_integration
--- a/etc/profile-m-z/trivalent.profile
+++ b/etc/profile-m-z/trivalent.profile
@ -0,0 +1,25 @@
+# Firejail profile for trivalent
+# Description: Secureblue's hardened Chromium fork
+# This file is overwritten after every install/update
+# Persistent local customizations
+include trivalent.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/trivalent
+noblacklist ${HOME}/.config/trivalent
+
+mkdir ${HOME}/.cache/trivalent
+mkdir ${HOME}/.config/trivalent
+whitelist ${HOME}/.cache/trivalent
+whitelist ${HOME}/.config/trivalent
+
+# We need this for some reason, just pulse/native doesn't work
+whitelist ${RUNUSER}/pulse
+read-only ${RUNUSER}/pulse/pid
+
+private-bin arch,cat,dirname,exec,grep,mkdir,ps,readlink,sh,trivalent,uname
+
+# Redirect
+include chromium-common.profile
+include chromium-common-hardened.inc.profile