summaryrefslogtreecommitdiff
path: root/firejail
diff options
context:
space:
mode:
authorzachir <zachir@librem.one>2022-10-05 22:00:32 -0500
committerzachir <zachir@librem.one>2022-10-05 22:00:32 -0500
commitf39d735e2ba625a31a7dbf6fb8bdd62501379ad1 (patch)
treed17c96714c930e0b8bc75616cc9c81b961ed5aa0 /firejail
Initial Commit
Diffstat (limited to 'firejail')
-rw-r--r--firejail/disable-exec.local1
-rw-r--r--firejail/dolphin-emu.local4
-rw-r--r--firejail/librewolf.local4
-rw-r--r--firejail/lynx.local3
-rw-r--r--firejail/mpv.local3
-rw-r--r--firejail/neomutt.local24
-rw-r--r--firejail/nextcloud.local4
-rw-r--r--firejail/qutebrowser.local4
-rw-r--r--firejail/steam.local2
9 files changed, 49 insertions, 0 deletions
diff --git a/firejail/disable-exec.local b/firejail/disable-exec.local
new file mode 100644
index 0000000..3162dc1
--- /dev/null
+++ b/firejail/disable-exec.local
@@ -0,0 +1 @@
+ignore noexec ${HOME}
diff --git a/firejail/dolphin-emu.local b/firejail/dolphin-emu.local
new file mode 100644
index 0000000..43c8046
--- /dev/null
+++ b/firejail/dolphin-emu.local
@@ -0,0 +1,4 @@
+noblacklist ${HOME}/roms
+
+mkdir ${HOME}/roms
+whitelist ${HOME}/roms
diff --git a/firejail/librewolf.local b/firejail/librewolf.local
new file mode 100644
index 0000000..cede7d2
--- /dev/null
+++ b/firejail/librewolf.local
@@ -0,0 +1,4 @@
+noblacklist ${HOME}/dwhelper
+
+mkdir ${HOME}/dwhelper
+whitelist ${HOME}/dwhelper
diff --git a/firejail/lynx.local b/firejail/lynx.local
new file mode 100644
index 0000000..acdd06c
--- /dev/null
+++ b/firejail/lynx.local
@@ -0,0 +1,3 @@
+noblacklist /tmp/neomutt.html
+
+whitelist /tmp/neomutt.html
diff --git a/firejail/mpv.local b/firejail/mpv.local
new file mode 100644
index 0000000..b6915f0
--- /dev/null
+++ b/firejail/mpv.local
@@ -0,0 +1,3 @@
+whitelist ${HOME}/videos
+whitelist ${HOME}/Videos
+whitelist ${HOME}/Media
diff --git a/firejail/neomutt.local b/firejail/neomutt.local
new file mode 100644
index 0000000..ce84d3f
--- /dev/null
+++ b/firejail/neomutt.local
@@ -0,0 +1,24 @@
+noblacklist ${HOME}/.mbsyncrc
+noblacklist ${HOME}/.local/scripts
+noblacklist ${HOME}/.local/share/mail
+noblacklist ${HOME}/.local/share/pass
+noblacklist ${HOME}/.local/share/gnupg
+noblacklist /etc/ld.so.preload
+noblacklist /etc/lynx.cfg
+noblacklist /etc/ssl/certs/ca-certificates.crt
+noblacklist /usr/share/mutt-wizard
+
+mkdir ${HOME}/.local/share/mail
+mkdir ${HOME}/.local/share/pass
+mkdir ${HOME}/.local/share/gnupg
+whitelist ${HOME}/.mbsyncrc
+whitelist ${HOME}/.local/scripts
+whitelist ${HOME}/.local/share/mail
+whitelist ${HOME}/.local/share/pass
+whitelist ${HOME}/.local/share/gnupg
+whitelist /etc/ld.so.preload
+whitelist /etc/lynx.cfg
+whitelist /etc/ssl/certs/ca-certificates.crt
+whitelist /usr/share/mutt-wizard
+
+ignore apparmor
diff --git a/firejail/nextcloud.local b/firejail/nextcloud.local
new file mode 100644
index 0000000..94f4aec
--- /dev/null
+++ b/firejail/nextcloud.local
@@ -0,0 +1,4 @@
+noblacklist ${HOME}/nc
+
+mkdir ${HOME}/nc
+whitelist ${HOME}/nc
diff --git a/firejail/qutebrowser.local b/firejail/qutebrowser.local
new file mode 100644
index 0000000..82a6106
--- /dev/null
+++ b/firejail/qutebrowser.local
@@ -0,0 +1,4 @@
+noblacklist ${HOME}/.local/share/qutebrowser-profiles
+
+mkdir ${HOME}/.local/share/qutebrowser-profiles
+whitelist ${HOME}/.local/share/qutebrowser-profiles
diff --git a/firejail/steam.local b/firejail/steam.local
new file mode 100644
index 0000000..33c6b88
--- /dev/null
+++ b/firejail/steam.local
@@ -0,0 +1,2 @@
+seccomp !ptrace,!mount,!name_to_handle_at,!pivot_root,!umount2,!chroot
+ignore seccomp