surf.profile 811 Bytes
Newer Older
1
# Firejail profile for surf
2
# Description: Simple web browser by suckless community
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include surf.local
6
# Persistent global definitions
7
include globals.local
8 9 10

noblacklist ${HOME}/.surf

11 12 13 14
include disable-common.inc
include disable-devel.inc
include disable-passwdmgr.inc
include disable-programs.inc
15 16 17

mkdir ${HOME}/.surf
whitelist ${DOWNLOADS}
18
include whitelist-common.inc
19 20 21 22 23 24 25

caps.drop all
netfilter
nodvd
nonewprivs
noroot
notv
26
nou2f
27 28 29 30 31 32 33 34
protocol unix,inet,inet6,netlink
seccomp
shell none
tracelog

disable-mnt
private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
private-dev
35
private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies
36 37 38 39
private-tmp

noexec ${HOME}
noexec /tmp