diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2020-12-07 07:49:38 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2020-12-07 07:49:38 -0300 |
commit | 6bfd5be3cbcfb04215070fa49b4f8285400c2876 (patch) | |
tree | d271e30e61aae9fc6fae088f2987ec8c1ecb6c61 /config.dot/firejail | |
parent | 8b3df4cc6ea149a7d929e2345e1fd39162ad74d8 (diff) | |
download | git-6bfd5be3cbcfb04215070fa49b4f8285400c2876.tar.gz git-6bfd5be3cbcfb04215070fa49b4f8285400c2876.tar.bz2 |
Feat: firejail profile
Diffstat (limited to 'config.dot/firejail')
-rw-r--r-- | config.dot/firejail/git.profile.link | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/config.dot/firejail/git.profile.link b/config.dot/firejail/git.profile.link new file mode 100644 index 0000000..3a5913a --- /dev/null +++ b/config.dot/firejail/git.profile.link @@ -0,0 +1,43 @@ +# git profile +quiet +noblacklist ~/.gitconfig +noblacklist ~/.ssh +noblacklist ~/.gnupg +noblacklist ~/.emacs +noblacklist ~/.emacs.d +noblacklist ~/.viminfo +noblacklist ~/.vim + +# allow git to work with some other configs +noblacklist ${HOME}/.config/autostart +noblacklist ${HOME}/.mutt +noblacklist ${HOME}/.muttrc +noblacklist /etc/ssh + +# custom +noblacklist ~/.custom/gitconfig +noblacklist ${PATH}/nc +noblacklist /tmp/ssh-* +noblacklist ~/.subversion + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +# allow write operations in non-default folders +include whitelist-common.local + +# allow git to work with dotfiles +read-write ${HOME}/.dotfiles + +caps.drop all +netfilter +nonewprivs +noroot +nogroups +nosound +protocol unix,inet,inet6 +seccomp +shell none + +private-dev |