From c79a1563453773064bb639091f79243365c80dd4 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 19 Sep 2017 20:42:15 -0300 Subject: Adds firejail config --- config.dot/firejail/git.profile.link | 39 ++++++++++++++++++++++++++++ config.dot/firejail/luakit.profile.link | 13 ++++++++++ config.dot/firejail/mutt.profile.link | 46 +++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 config.dot/firejail/git.profile.link create mode 100644 config.dot/firejail/luakit.profile.link create mode 100644 config.dot/firejail/mutt.profile.link (limited to 'config.dot') diff --git a/config.dot/firejail/git.profile.link b/config.dot/firejail/git.profile.link new file mode 100644 index 0000000..e3cc87d --- /dev/null +++ b/config.dot/firejail/git.profile.link @@ -0,0 +1,39 @@ +# git profile +quiet +noblacklist ~/.gitconfig +noblacklist ~/.ssh +noblacklist ~/.gnupg +noblacklist ~/.emacs +noblacklist ~/.emacs.d +noblacklist ~/.viminfo +noblacklist ~/.vim + +# allow git to work with some other configs +noblacklist ${HOME}/.config/autostart +noblacklist ${HOME}/.mutt +noblacklist ${HOME}/.muttrc +noblacklist /etc/ssh + +# custom +noblacklist ~/.custom/gitconfig +noblacklist ${PATH}/nc +noblacklist /tmp/ssh-* + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +# allow git to work with dotfiles +read-write ${HOME}/.dotfiles + +caps.drop all +netfilter +nonewprivs +noroot +nogroups +nosound +protocol unix,inet,inet6 +seccomp +shell none + +private-dev diff --git a/config.dot/firejail/luakit.profile.link b/config.dot/firejail/luakit.profile.link new file mode 100644 index 0000000..19ed543 --- /dev/null +++ b/config.dot/firejail/luakit.profile.link @@ -0,0 +1,13 @@ +# luakit profile + +#blacklist ${HOME}/.wine +noblacklist ~/.config/luakit +noblacklist ~/.local/share/luakit + +caps.drop all +netfilter +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp +shell none diff --git a/config.dot/firejail/mutt.profile.link b/config.dot/firejail/mutt.profile.link new file mode 100644 index 0000000..6225c83 --- /dev/null +++ b/config.dot/firejail/mutt.profile.link @@ -0,0 +1,46 @@ +# mutt email client profile + +noblacklist ~/.muttrc +noblacklist ~/.mutt +noblacklist ~/.mutt/muttrc +noblacklist ~/.mailcap +noblacklist ~/.gnupg +noblacklist ~/.mail +noblacklist ~/.Mail +noblacklist ~/mail +noblacklist ~/Mail +noblacklist ~/sent +noblacklist ~/postponed +noblacklist ~/.cache/mutt +noblacklist ~/.w3m +noblacklist ~/.elinks +noblacklist ~/.vim +noblacklist ~/.vimrc +noblacklist ~/.viminfo +noblacklist ~/.emacs +noblacklist ~/.emacs.d +noblacklist ~/.signature +noblacklist ~/.bogofilter + +# custom +noblacklist ~/.custom +noblacklist ~/.msmtprc +noblacklist ~/.procmailrc +noblacklist ~/.fetchmailrc + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-devel.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +nosound +protocol unix,inet,inet6 +seccomp +shell none + +private-dev -- cgit v1.2.3