diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2022-11-25 15:10:16 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2022-11-25 15:11:03 -0700 |
commit | 639bdb74e607c1d3c48a775ffe6b889103e1f1dd (patch) | |
tree | 5456ef40cbc47900c29cfce5630476eecea7b88b /archive/.config/firejail/hexographer.profile | |
parent | 03a46b352842a2b77cc7f2a159eb794d1079bc00 (diff) | |
download | dotfiles-639bdb74e607c1d3c48a775ffe6b889103e1f1dd.tar.gz |
archive some unused configuration
Diffstat (limited to 'archive/.config/firejail/hexographer.profile')
-rw-r--r-- | archive/.config/firejail/hexographer.profile | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/archive/.config/firejail/hexographer.profile b/archive/.config/firejail/hexographer.profile new file mode 100644 index 00000000..39f0ffee --- /dev/null +++ b/archive/.config/firejail/hexographer.profile @@ -0,0 +1,50 @@ +# Firejail profile for hexographer, based on upstream profile for +# terasology + +include /etc/firejail/globals.local + +noblacklist ${HOME}/.java + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +mkdir ${HOME}/.java + +whitelist ~/.fonts +whitelist ~/.fonts.d +whitelist ~/.fontconfig +whitelist ~/.fonts.conf +whitelist ~/.fonts.conf.d + +whitelist ${HOME}/.java +whitelist ${HOME}/lib/annex/.git/annex/objects +read-only ${HOME}/lib/annex/.git/annex/objects +whitelist ${HOME}/lib/annex/big/software +read-only ${HOME}/lib/annex/big/software +# following will require `git annex unlock` +whitelist ${HOME}/lib/annex/doc/gaming +include /etc/firejail/whitelist-common.inc + +caps.drop all +ipc-namespace +net none +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +novideo +protocol unix,inet,inet6 +seccomp +shell none + +disable-mnt +private-dev +# following causes hexographer to use ~/?/.java instead of ~/.java +#private-etc profile,fonts,alternatives,java-9-openjdk,java-8-openjdk,java-7-openjdk +private-tmp + +noexec ${HOME} |