aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-12-07 07:48:23 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-12-07 07:48:23 -0300
commitb6c6cfba78b597d07e383de8d5699498d385cddd (patch)
treecc843b2703aecb2ce5d25c7fc9fd8718aac11ed8
parenta31d0d270354745f30f21639de4206c1ba5fe69f (diff)
downloadprofile-b6c6cfba78b597d07e383de8d5699498d385cddd.tar.gz
profile-b6c6cfba78b597d07e383de8d5699498d385cddd.tar.bz2
Fix: firejail: move some profiles to their own modules
Diffstat
-rw-r--r--config.dot/firejail/git.profile.link43
-rw-r--r--config.dot/firejail/luakit.profile.link13
-rw-r--r--config.dot/firejail/mutt.profile.link78
-rw-r--r--config.dot/firejail/ranger.profile.link21
4 files changed, 0 insertions, 155 deletions
diff --git a/config.dot/firejail/git.profile.link b/config.dot/firejail/git.profile.link
deleted file mode 100644
index 3a5913a..0000000
--- a/config.dot/firejail/git.profile.link
+++ /dev/null
@@ -1,43 +0,0 @@
-# git profile
-quiet
-noblacklist ~/.gitconfig
-noblacklist ~/.ssh
-noblacklist ~/.gnupg
-noblacklist ~/.emacs
-noblacklist ~/.emacs.d
-noblacklist ~/.viminfo
-noblacklist ~/.vim
-
-# allow git to work with some other configs
-noblacklist ${HOME}/.config/autostart
-noblacklist ${HOME}/.mutt
-noblacklist ${HOME}/.muttrc
-noblacklist /etc/ssh
-
-# custom
-noblacklist ~/.custom/gitconfig
-noblacklist ${PATH}/nc
-noblacklist /tmp/ssh-*
-noblacklist ~/.subversion
-
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-passwdmgr.inc
-
-# allow write operations in non-default folders
-include whitelist-common.local
-
-# allow git to work with dotfiles
-read-write ${HOME}/.dotfiles
-
-caps.drop all
-netfilter
-nonewprivs
-noroot
-nogroups
-nosound
-protocol unix,inet,inet6
-seccomp
-shell none
-
-private-dev
diff --git a/config.dot/firejail/luakit.profile.link b/config.dot/firejail/luakit.profile.link
deleted file mode 100644
index 19ed543..0000000
--- a/config.dot/firejail/luakit.profile.link
+++ /dev/null
@@ -1,13 +0,0 @@
-# luakit profile
-
-#blacklist ${HOME}/.wine
-noblacklist ~/.config/luakit
-noblacklist ~/.local/share/luakit
-
-caps.drop all
-netfilter
-nonewprivs
-noroot
-protocol unix,inet,inet6
-seccomp
-shell none
diff --git a/config.dot/firejail/mutt.profile.link b/config.dot/firejail/mutt.profile.link
deleted file mode 100644
index eca098d..0000000
--- a/config.dot/firejail/mutt.profile.link
+++ /dev/null
@@ -1,78 +0,0 @@
-# mutt profile
-blacklist /tmp/.X11-unix
-
-noblacklist /var/mail
-noblacklist /var/spool/mail
-noblacklist ${HOME}/.Mail
-noblacklist ${HOME}/.bogofilter
-noblacklist ${HOME}/.cache/mutt
-noblacklist ${HOME}/.elinks
-noblacklist ${HOME}/.emacs
-noblacklist ${HOME}/.emacs.d
-noblacklist ${HOME}/.gnupg
-noblacklist ${HOME}/.mail
-noblacklist ${HOME}/.mailcap
-noblacklist ${HOME}/.msmtprc
-noblacklist ${HOME}/.mutt
-noblacklist ${HOME}/.muttrc
-noblacklist ${HOME}/.signature
-noblacklist ${HOME}/.vim
-noblacklist ${HOME}/.viminfo
-noblacklist ${HOME}/.vimrc
-noblacklist ${HOME}/.w3m
-noblacklist ${HOME}/Mail
-noblacklist ${HOME}/mail
-noblacklist ${HOME}/postponed
-noblacklist ${HOME}/sent
-
-# custom
-quiet
-noblacklist ~/.custom
-noblacklist ~/.msmtprc
-noblacklist ~/.procmailrc
-noblacklist ~/.fetchmailrc
-noblacklist ~/.getmail
-noblacklist ~/apps/utils-mail
-noblacklist /usr/bin/procmail
-noblacklist /usr/bin/fetchmail
-noblacklist /usr/bin/getmail
-noblacklist /usr/bin/getmails
-noblacklist /usr/bin/perl
-noblacklist /usr/bin/cpan*
-noblacklist /usr/share/perl*
-noblacklist /usr/lib/perl*
-
-# allow local mail
-whitelist /var/mail
-
-# allow write operations in non-default folders
-include whitelist-common.local
-
-include disable-common.inc
-include disable-devel.inc
-
-# These restrictions prevent the use of the getmails(1) script
-#include disable-interpreters.inc
-
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-caps.drop all
-netfilter
-no3d
-nodvd
-nogroups
-noroot
-nosound
-notv
-nou2f
-novideo
-writable-run-user
-
-# These restrictions prevent msmtp to use the passwordeval option
-#nonewprivs
-#protocol unix,inet,inet6
-#seccomp
-#shell none
-
-private-dev
diff --git a/config.dot/firejail/ranger.profile.link b/config.dot/firejail/ranger.profile.link
deleted file mode 100644
index 70bf94b..0000000
--- a/config.dot/firejail/ranger.profile.link
+++ /dev/null
@@ -1,21 +0,0 @@
-# ranger file manager profile
-quiet
-
-# allow write operations in non-default folders
-include whitelist-common.local
-
-# from fbreader ebook reader profile
-noblacklist ${HOME}/.FBReader
-
-# from zathura document viewer profile
-noblacklist ~/.config/zathura
-noblacklist ~/.local/share/zathura
-
-## from gimp profile
-noblacklist ${HOME}/.gimp*
-
-# from mpv profile
-noblacklist ${HOME}/.config/mpv
-
-# include the default profile
-include /etc/firejail/ranger.profile
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 11:02:09 +0000