commit 4e1715347243a80ceff9e5c4aecb2e3c724b57cb
parent 138f4819bc44a3489eb332543609af057ced9b26
Author: Anders Damsgaard <anders@adamsgaard.dk>
Date: Tue, 26 Mar 2019 10:56:20 +0100
Add scli submodule and firejail configuration
Diffstat:
3 files changed, 44 insertions(+), 0 deletions(-)
diff --git a/.gitmodules b/.gitmodules
@@ -22,3 +22,6 @@
[submodule "lib/ddgr"]
path = lib/ddgr
url = git@github.com:jarun/ddgr.git
+[submodule "lib/scli"]
+ path = lib/scli
+ url = git@github.com:isamert/scli
diff --git a/lib/scli b/lib/scli
@@ -0,0 +1 @@
+Subproject commit d7d68199a5448cea5f02c9adcfb60e3c2b62e9ec
diff --git a/links/.config/firejail/signal-scli.profile b/links/.config/firejail/signal-scli.profile
@@ -0,0 +1,40 @@
+# Firejail profile for signal-desktop
+# This file is overwritten after every install/update
+# Persistent local customizations
+#include signal-desktop.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/tmp
+noblacklist ${HOME}/.local/share/signal-cli
+noblacklist ${HOME}/code/dotfiles/lib/scli
+
+include disable-common.inc
+include disable-devel.inc
+#include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+
+#whitelist ${HOME}/tmp
+#whitelist ${HOME}/.local/share/signal-cli
+#whitelist ${HOME}/code/dotfiles/lib/scli
+#include whitelist-common.inc
+#include whitelist-var-common.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+
+disable-mnt
+private-dev
+private-tmp
+
+#noexec ${HOME}
