A tool to easily run appimages and other programs in Firejail sandbox.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

46 lines
1.1 KiB

#This is fireinvoke firejail profile.
#include global settings
include globals.local
include fire-globals.local
#default disable commands, every program should have those, so you shouldnt comment them out, unless there is a special reason.
include disable-common.inc
include disable-programs.inc
include disable-devel.inc
include disable-passwdmgr.inc
#interpeters should be allowed to allow programs in interpreted languages.
#include disable-interpreters.inc
#For Your convenience, here you can quickly enable and disable common directories in Your home directory
#whitelist ${DESKTOP}
#whitelist ${DOWNLOADS}
#whitelist ${DOCUMENTS}
#whitelist ${MUSIC}
#whitelist ${PICTURES}
#whitelist ${VIDEOS}
caps.drop all
netfilter
nonewprivs
seccomp
nodbus
noroot
nogroups
no3d
notv
novideo
nodvd
#this causes waterfox to fail, so it is disabled:
#memory-deny-write-execute
#it seems that private-dev does not cause problems.
private-dev
#pritate-etc disables internet for some programs.
#private-etc thisfiledoesnotexist
#some apps like rssguard needs netlink protocol, or other protocols.
#protocol unix,inet,inet6