Added customizations for several firejail profiles

Configured local customizations for several firejail profiles. Whitelisted non-standard paths needed for firefox and newsboat. Blacklisted non-standard password manager paths.
author: Sam Chudnick <sam@chudnick.com> 2022-06-16 21:27:02 -0400
committer: Sam Chudnick <sam@chudnick.com> 2022-06-16 21:27:02 -0400
commit: 3c1666bd4791467e11b53b843e062b2122c59b33 (patch)
tree: 7a9dabc4199e4cb31e27440a1dd796bdabc8f6a5 /.config/firejail/newsboat.profile
parent: c090ce58a2fd1edfbdefd756e18bf2f2296d8a4a (diff)
1 files changed, 54 insertions, 0 deletions
diff --git a/.config/firejail/newsboat.profile b/.config/firejail/newsboat.profile
new file mode 100644
index 0000000..0de5928
--- /dev/null
+++ b/.config/firejail/newsboat.profile
@@ -0,0 +1,54 @@
+# Firejail profile for Newsboat
+# Description: RSS program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include newsboat.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.newsboat
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist ${HOME}/.config/newsboat
+whitelist ${HOME}/.local/share/newsboat
+whitelist ${HOME}/repos/website/rss.xml
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin gzip,lynx,newsboat,sh
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+quiet
author	Sam Chudnick <sam@chudnick.com>	2022-06-16 21:27:02 -0400
committer	Sam Chudnick <sam@chudnick.com>	2022-06-16 21:27:02 -0400
commit	3c1666bd4791467e11b53b843e062b2122c59b33 (patch)
tree	7a9dabc4199e4cb31e27440a1dd796bdabc8f6a5 /.config/firejail/newsboat.profile
parent	c090ce58a2fd1edfbdefd756e18bf2f2296d8a4a (diff)

diff --git a/.config/firejail/newsboat.profile b/.config/firejail/newsboat.profile new file mode 100644 index 0000000..0de5928 --- /dev/null +++ b/.config/firejail/newsboat.profile
@@ -0,0 +1,54 @@
	1	# Firejail profile for Newsboat
	2	# Description: RSS program
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include newsboat.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.newsboat
	10
	11	include disable-common.inc
	12	include disable-devel.inc
	13	include disable-exec.inc
	14	include disable-interpreters.inc
	15	include disable-passwdmgr.inc
	16	include disable-programs.inc
	17	include disable-xdg.inc
	18
	19	whitelist ${HOME}/.config/newsboat
	20	whitelist ${HOME}/.local/share/newsboat
	21	whitelist ${HOME}/repos/website/rss.xml
	22
	23	include whitelist-common.inc
	24	include whitelist-runuser-common.inc
	25	include whitelist-var-common.inc
	26
	27	caps.drop all
	28	ipc-namespace
	29	netfilter
	30	no3d
	31	nodvd
	32	nogroups
	33	nonewprivs
	34	noroot
	35	notv
	36	nou2f
	37	novideo
	38	protocol inet,inet6
	39	seccomp
	40	shell none
	41
	42	disable-mnt
	43	private-bin gzip,lynx,newsboat,sh
	44	private-cache
	45	private-dev
	46	private-etc alternatives,ca-certificates,crypto-policies,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo
	47	private-tmp
	48
	49	dbus-user none
	50	dbus-system none
	51
	52	memory-deny-write-execute
	53
	54	quiet