diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2017-09-19 20:42:15 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2017-09-19 20:42:15 -0300 |
| commit | c79a1563453773064bb639091f79243365c80dd4 (patch) | |
| tree | d819caa2594ef96e90e2968845cb159e18797356 /config.dot | |
| parent | 43897fde0b680e2cdb7aac300e96c94431d1a82a (diff) | |
| download | profile-c79a1563453773064bb639091f79243365c80dd4.tar.gz profile-c79a1563453773064bb639091f79243365c80dd4.tar.bz2 | |
Adds firejail config
Diffstat (limited to 'config.dot')
| -rw-r--r-- | config.dot/firejail/git.profile.link | 39 | ||||
| -rw-r--r-- | config.dot/firejail/luakit.profile.link | 13 | ||||
| -rw-r--r-- | config.dot/firejail/mutt.profile.link | 46 |
3 files changed, 98 insertions, 0 deletions
diff --git a/config.dot/firejail/git.profile.link b/config.dot/firejail/git.profile.link new file mode 100644 index 0000000..e3cc87d --- /dev/null +++ b/config.dot/firejail/git.profile.link @@ -0,0 +1,39 @@ +# git profile +quiet +noblacklist ~/.gitconfig +noblacklist ~/.ssh +noblacklist ~/.gnupg +noblacklist ~/.emacs +noblacklist ~/.emacs.d +noblacklist ~/.viminfo +noblacklist ~/.vim + +# allow git to work with some other configs +noblacklist ${HOME}/.config/autostart +noblacklist ${HOME}/.mutt +noblacklist ${HOME}/.muttrc +noblacklist /etc/ssh + +# custom +noblacklist ~/.custom/gitconfig +noblacklist ${PATH}/nc +noblacklist /tmp/ssh-* + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +# allow git to work with dotfiles +read-write ${HOME}/.dotfiles + +caps.drop all +netfilter +nonewprivs +noroot +nogroups +nosound +protocol unix,inet,inet6 +seccomp +shell none + +private-dev diff --git a/config.dot/firejail/luakit.profile.link b/config.dot/firejail/luakit.profile.link new file mode 100644 index 0000000..19ed543 --- /dev/null +++ b/config.dot/firejail/luakit.profile.link @@ -0,0 +1,13 @@ +# luakit profile + +#blacklist ${HOME}/.wine +noblacklist ~/.config/luakit +noblacklist ~/.local/share/luakit + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp +shell none diff --git a/config.dot/firejail/mutt.profile.link b/config.dot/firejail/mutt.profile.link new file mode 100644 index 0000000..6225c83 --- /dev/null +++ b/config.dot/firejail/mutt.profile.link @@ -0,0 +1,46 @@ +# mutt email client profile + +noblacklist ~/.muttrc +noblacklist ~/.mutt +noblacklist ~/.mutt/muttrc +noblacklist ~/.mailcap +noblacklist ~/.gnupg +noblacklist ~/.mail +noblacklist ~/.Mail +noblacklist ~/mail +noblacklist ~/Mail +noblacklist ~/sent +noblacklist ~/postponed +noblacklist ~/.cache/mutt +noblacklist ~/.w3m +noblacklist ~/.elinks +noblacklist ~/.vim +noblacklist ~/.vimrc +noblacklist ~/.viminfo +noblacklist ~/.emacs +noblacklist ~/.emacs.d +noblacklist ~/.signature +noblacklist ~/.bogofilter + +# custom +noblacklist ~/.custom +noblacklist ~/.msmtprc +noblacklist ~/.procmailrc +noblacklist ~/.fetchmailrc + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-devel.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +nosound +protocol unix,inet,inet6 +seccomp +shell none + +private-dev |