github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

Add profile templates

Browse source 
Create etc/templates
 * profile.template
 * redirect_alias-profile.template
 * syscalls.txt
 * Notes
This commit is contained in:
rusty-snake 2019-05-30 17:31:25 +02:00
parent 360b066fba
commit cb98aea61b
No known key found for this signature in database
GPG key ID: CE890C49EE1373C1
6 changed files with 172 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

82
etc/templates/profile.template Normal file
View file

@ -0,0 +1,82 @@
# Firejail profile for PROGRAM_NAME
# Description: DESCRIPTION
# This file is overwritten after every install/update
##quiet
# Persistent local customizations
#include PROFILE.local
# Persistent global definitions
#include globals.local
##ignore noexec ${HOME}
##blacklist PATH
#noblacklist PATH
# Allow python (blacklisted by disable-interpreters.inc)
#noblacklist ${PATH}/python2*
#noblacklist ${PATH}/python3*
#noblacklist /usr/lib/python2*
#noblacklist /usr/lib/python3*
#noblacklist /usr/local/lib/python2*
#noblacklist /usr/local/lib/python3*
#include disable-common.inc
#include disable-devel.inc
#include disable-exec.inc
#include disable-interpreters.inc
#include disable-passwdmgr.inc
#include disable-programs.inc
#include disable-xdg.inc
#mkdir PATH
#mkfile PATH
#whitelist PATH
#include whitelist-common.inc
#include whitelist-var-common.inc
#apparmor
#caps.drop all
# CLI only
##ipc-namespace
#machine-id
# 'net none' or 'netfilter'
#net none
#netfilter
#no3d
#nodbus
#nodvd
#nogroups
#nonewprivs
#noroot
#nosound
#notv
#nou2f
#novideo
#protocol unix,inet,inet6,netlink
#seccomp
##seccomp.drop SYSCALLS
#shell none
#tracelog
#disable-mnt
##private
#private-bin PROGRAMS
#private-cache
#private-dev
#private-etc FILES
# private-etc templates (see also #1734)
# Internet: ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
# Sound: alsa,asound.conf,machine-id,openal,pulse
# GTK: dconf,fonts,gtk-2.0,gtk-3.0,pango,xdg
# KDE/QT: fonts,kde4rc,kde5rc,ld.so.cache,machine-id,Trolltech.conf,xdg
# GUIs: fonts
# Alternatives: alternatives
##private-lib LIBS
##private-opt NAME
#private-tmp
##env VAR=VALUE
#memory-deny-write-execute
##read-only ${HOME}
##join-or-start NAME