qupzilla.profile 1.42 KB
Newer Older
Tad's avatar
Tad committed
1 2 3
# Firejail profile for qupzilla
# This file is overwritten after every install/update
# Persistent local customizations
4
include qupzilla.local
Tad's avatar
Tad committed
5
# Persistent global definitions
6
include globals.local
7

8
noblacklist ${HOME}/.cache/qupzilla
Tad's avatar
Tad committed
9 10
noblacklist ${HOME}/.config/qupzilla

11 12 13 14 15
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
Tad's avatar
Tad committed
16

netblue30's avatar
netblue30 committed
17
whitelist ${DOWNLOADS}
18 19
whitelist ${HOME}/.cache/qupzilla
whitelist ${HOME}/.config/qupzilla
20 21
include whitelist-common.inc
include whitelist-var-common.inc
netblue30's avatar
netblue30 committed
22

Tad's avatar
Tad committed
23 24
caps.drop all
netfilter
Tad's avatar
Tad committed
25
nodvd
26 27
nogroups
nonewprivs
Tad's avatar
Tad committed
28
noroot
Tad's avatar
Tad committed
29
notv
30
nou2f
Tad's avatar
Tad committed
31
protocol unix,inet,inet6,netlink
32 33 34
# blacklisting of chroot system calls breaks qupzilla
seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
# tracelog
Tad's avatar
Tad committed
35

36
private-dev
37
# private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
38 39 40 41
# private-tmp - interferes with the opening of downloaded files

noexec ${HOME}
noexec /tmp