mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
98e34c444b
To match how things are sorted elsewhere, such as with `noblacklist` /
`whitelist` lines (vertically) in profiles and in
ci/check/profiles/sort-disable-programs.sh and src/etc-cleanup/main.c.
This makes the order in `private-etc` always be groups (`@group`), then
uppercase paths, then lowercase paths. Example from
etc/profile-m-z/softmaker-common.profile:
private-etc @tls-ca,SoftMaker,fstab
Note that this does not affect a significant amount of profiles; most
changes are in `private-bin` / `private-lib` lines and in `private-etc`
lines for newer profiles that do not use groups. This is partly due to
commit 5d0822c52 ("private-etc: big profile changes", 2023-02-05)
replacing `X11` with `@x11` in `private-etc` lines and then commit
0f996ea4d ("private-etc: groups modified", 2023-02-05) removing
`Trolltech.conf` from `private-etc` lines and using case-sensitive
sorting in them.
Relates to #5610.
38 lines
733 B
Text
38 lines
733 B
Text
# Firejail profile for natron
|
|
# This file is overwritten after every install/update
|
|
# Persistent local customizations
|
|
include natron.local
|
|
# Persistent global definitions
|
|
include globals.local
|
|
|
|
noblacklist ${HOME}/.Natron
|
|
noblacklist ${HOME}/.cache/INRIA/Natron
|
|
noblacklist ${HOME}/.config/INRIA
|
|
|
|
# Allow python (blacklisted by disable-interpreters.inc)
|
|
include allow-python2.inc
|
|
include allow-python3.inc
|
|
|
|
include disable-common.inc
|
|
include disable-devel.inc
|
|
include disable-exec.inc
|
|
include disable-interpreters.inc
|
|
include disable-programs.inc
|
|
|
|
caps.drop all
|
|
net none
|
|
nodvd
|
|
nogroups
|
|
nonewprivs
|
|
noroot
|
|
notv
|
|
nou2f
|
|
protocol unix
|
|
seccomp
|
|
|
|
private-bin Natron,NatronRenderer,natron
|
|
|
|
dbus-user none
|
|
dbus-system none
|
|
|
|
restrict-namespaces
|