Feat: firejail profile

1 files changed, 43 insertions, 0 deletions

diff --git a/config.dot/firejail/git.profile.link b/config.dot/firejail/git.profile.link
new file mode 100644
index 0000000..3a5913a
--- /dev/null
+++ b/config.dot/firejail/git.profile.link
@@ -0,0 +1,43 @@
+# git profile
+quiet
+noblacklist ~/.gitconfig
+noblacklist ~/.ssh
+noblacklist ~/.gnupg
+noblacklist ~/.emacs
+noblacklist ~/.emacs.d
+noblacklist ~/.viminfo
+noblacklist ~/.vim
+
+# allow git to work with some other configs
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.mutt
+noblacklist ${HOME}/.muttrc
+noblacklist /etc/ssh
+
+# custom
+noblacklist ~/.custom/gitconfig
+noblacklist ${PATH}/nc
+noblacklist /tmp/ssh-*
+noblacklist ~/.subversion
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+# allow write operations in non-default folders
+include whitelist-common.local
+
+# allow git to work with dotfiles
+read-write ${HOME}/.dotfiles
+
+caps.drop all
+netfilter
+nonewprivs
+noroot
+nogroups
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev