iankelling.org / git / distro-setup / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bunch of fixes, change sy host, deploy some new stuff
[distro-setup] / filesystem / etc / firejail / makekitty.profile
diff --git a/filesystem/etc/firejail/makekitty.profile b/filesystem/etc/firejail/makekitty.profile
new file mode 100644 (file)
index 0000000..19c06f8
--- /dev/null
+++ b/filesystem/etc/firejail/makekitty.profile
@@ -0,0 +1,33 @@
+private
+net none
+
+include globals.local
+
+
+# below is copied from makepkg
+
+include disable-common.inc
+include disable-exec.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+# noroot is only disabled to allow the creation of kernel headers from an official PKGBUILD.
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-tmp
+
+memory-deny-write-execute
~16k lines of my .bashrc + lots of my configs