stellarium.profile 900 Bytes
Newer Older
Tad's avatar
Tad committed
1
# Firejail profile for stellarium
2
# Description: Real-time photo-realistic sky generator
Tad's avatar
Tad committed
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include stellarium.local
Tad's avatar
Tad committed
6
# Persistent global definitions
7
include globals.local
8

9 10
noblacklist ${HOME}/.config/stellarium
noblacklist ${HOME}/.stellarium
Tad's avatar
Tad committed
11

12 13 14 15 16
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
Fred-Barclay's avatar
Fred-Barclay committed
17

18 19 20 21
mkdir ${HOME}/.config/stellarium
mkdir ${HOME}/.stellarium
whitelist ${HOME}/.config/stellarium
whitelist ${HOME}/.stellarium
22 23
include whitelist-common.inc
include whitelist-var-common.inc
Fred-Barclay's avatar
Fred-Barclay committed
24

Fred-Barclay's avatar
Fred-Barclay committed
25
caps.drop all
26
machine-id
Fred-Barclay's avatar
Fred-Barclay committed
27
netfilter
Tad's avatar
Tad committed
28
nodvd
Fred-Barclay's avatar
Fred-Barclay committed
29
nogroups
30
nonewprivs
Fred-Barclay's avatar
Fred-Barclay committed
31
noroot
Fred-Barclay's avatar
Fred-Barclay committed
32
nosound
Tad's avatar
Tad committed
33
notv
34
nou2f
Fred-Barclay's avatar
Fred-Barclay committed
35 36
protocol unix,inet,inet6,netlink
seccomp
Fred-Barclay's avatar
Fred-Barclay committed
37
shell none
Fred-Barclay's avatar
Fred-Barclay committed
38 39
tracelog

Tad's avatar
Tad committed
40
disable-mnt
Fred-Barclay's avatar
Fred-Barclay committed
41 42
private-bin stellarium
private-dev
Fred-Barclay's avatar
Fred-Barclay committed
43
private-tmp
44 45 46

noexec ${HOME}
noexec /tmp