summaryrefslogtreecommitdiff
path: root/archive/.config/firejail
diff options
context:
space:
mode:
Diffstat (limited to 'archive/.config/firejail')
l---------archive/.config/firejail/firefox-esr.profile1
-rw-r--r--archive/.config/firejail/firefox.profile20
-rw-r--r--archive/.config/firejail/hexographer.profile50
-rw-r--r--archive/.config/firejail/skype.profile5
4 files changed, 76 insertions, 0 deletions
diff --git a/archive/.config/firejail/firefox-esr.profile b/archive/.config/firejail/firefox-esr.profile
new file mode 120000
index 00000000..2d3c1623
--- /dev/null
+++ b/archive/.config/firejail/firefox-esr.profile
@@ -0,0 +1 @@
+firefox.profile \ No newline at end of file
diff --git a/archive/.config/firejail/firefox.profile b/archive/.config/firejail/firefox.profile
new file mode 100644
index 00000000..9aaf9bd6
--- /dev/null
+++ b/archive/.config/firejail/firefox.profile
@@ -0,0 +1,20 @@
+include /etc/firejail/firefox.profile
+
+whitelist ~/tmp
+
+# for dash-haskell docsets
+whitelist ~/src
+whitelist ~/local/mutt
+whitelist ~/local/5thsrd_offline
+whitelist ~/local/clhs
+whitelist ~/lib/dionysus/Philosophy/jobs20
+whitelist ~/doc/jobs20
+whitelist ~/doc/letters
+blacklist ~/src/athpriv
+blacklist ~/src/priv
+blacklist ~/lib/priv
+read-only ~/src
+
+# fix ibus in Firefox on stretch
+# should be removable once upgraded to buster
+env GTK_IM_MODULE=xim
diff --git a/archive/.config/firejail/hexographer.profile b/archive/.config/firejail/hexographer.profile
new file mode 100644
index 00000000..39f0ffee
--- /dev/null
+++ b/archive/.config/firejail/hexographer.profile
@@ -0,0 +1,50 @@
+# Firejail profile for hexographer, based on upstream profile for
+# terasology
+
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.java
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.java
+
+whitelist ~/.fonts
+whitelist ~/.fonts.d
+whitelist ~/.fontconfig
+whitelist ~/.fonts.conf
+whitelist ~/.fonts.conf.d
+
+whitelist ${HOME}/.java
+whitelist ${HOME}/lib/annex/.git/annex/objects
+read-only ${HOME}/lib/annex/.git/annex/objects
+whitelist ${HOME}/lib/annex/big/software
+read-only ${HOME}/lib/annex/big/software
+# following will require `git annex unlock`
+whitelist ${HOME}/lib/annex/doc/gaming
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-dev
+# following causes hexographer to use ~/?/.java instead of ~/.java
+#private-etc profile,fonts,alternatives,java-9-openjdk,java-8-openjdk,java-7-openjdk
+private-tmp
+
+noexec ${HOME}
diff --git a/archive/.config/firejail/skype.profile b/archive/.config/firejail/skype.profile
new file mode 100644
index 00000000..5a49779c
--- /dev/null
+++ b/archive/.config/firejail/skype.profile
@@ -0,0 +1,5 @@
+include /etc/firejail/skype.profile
+
+private
+private-tmp
+net eth0
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 14:27:37 +0000