Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update wording in templates #2815

Merged
merged 3 commits into from
Jun 30, 2019
Merged

Update wording in templates #2815

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b2586be
Change wording in redirect_alias-profile.template
glitsj16 Jun 30, 2019
9de5980
Change wording in profile.template
glitsj16 Jun 30, 2019
72885bd
Update wording in redirect_alias-profile.template
glitsj16 Jun 30, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions etc/templates/profile.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,16 @@
# This file is overwritten after every install/update
# --- CUT HERE ---
# This is a generic template to help you with creation of profiles
# for new programs. PRs welcome at https://github.com/netblue30/firejail/
# for new programs. PRs welcome at https://github.com/netblue30/firejail/.
#
# Rules to follow:
# - lines with one # are often used in profiles
# - lines with two ## are only needed in special situations
# - make the profile as restrictive as possible while still keeping the program useful
# (e. g. a program that is unable to save user's work is considered a bad practice)
# - dedicate some time (based on how complex the application is) to profile testing before raising
# (e. g. a program that is unable to save user's work is considered bad practice)
# - dedicate some time (based on the complexity of the application) to profile testing before raising
# a pull request
# - keep the sections structure, use a single empty line as a separator
# - keep the sections structure, use a single empty line as separator
# - entries within sections are alphabetically sorted
# - consider putting binary into src/firecfg/firecfg.config (keep list sorted) but beware
# to not do this for essential utilities as this may *break* your OS! (related discussion:
Expand Down Expand Up @@ -66,8 +66,8 @@ include globals.local
# One way to retrieve the files a program uses is:
# - launch binary with --private naming a sandbox
# `firejail --name=test --ignore=private-bin [--profile=PROFILE] --private BINARY`
# - work with the program, do some configuration changes and save them, open new documents,
# install plugins if they exists, etc
# - work with the program, make some configuration changes and save them, open new documents,
# install plugins if they exists, etc.
# - join the sandbox with bash:
# `firejail --join=test bash`
# - look what has changed and use that information to populate blacklist and whitelist sections
Expand Down Expand Up @@ -128,14 +128,14 @@ include globals.local
#notv
#nou2f
#novideo
# Remove every not needed protocol
# Remove each unneeded protocol:
# - unix is usually needed
# - inet,inet6 only if internet access is requiered (see 'net none'/'netfilter' above)
# - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above)
# - netlink is rarely needed
# - packet almost never
#protocol unix,inet,inet6,netlink,packet
#seccomp
##seccomp.drop SYSCALLS (see also syscalls.txt)
##seccomp.drop SYSCALLS (see syscalls.txt)
#shell none
#tracelog
# Prefer 'x11 none' instead of 'blacklist /tmp/.X11-unix' if 'net none' is set
Expand Down
25 changes: 13 additions & 12 deletions etc/templates/redirect_alias-profile.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,38 +6,39 @@ include PROFILE.local
# Persistent global definitions
# added by included profile
#include globals.local
#NOTE: let include globals.local commented, except redirecting to a -common.profile
#NOTE: keep include globals.local commented, except when redirecting to a *-common.profile

# For more informations see profile.template
# For more information, see profile.template

# Ignore something that is in the included profile
# Ignoring option(s) from the included profile
#ignore net none
#ignore private-bin
#ignore seccomp
#...

# Additional noblacklisting (if needed)
# Additional noblacklisting (when needed)
#noblacklist PATH

# Additional allow includes (if needed)
# Additional allow includes (when needed)

# Additional blacklisting (if needed)
# Additional blacklisting (when needed)
#blacklist PATH

# Additional whitelisting (if needed)
# Additional whitelisting (when needed)
#NOTE: never use mkdir/mkfile when 'private' is set (see https://github.com/netblue30/firejail/issues/903)
#mkdir PATH
##mkfile PATH
#whitelist PATH

# Additional options (if needed)
# Additional options (when needed)

# Additional private-options (if needed)
# Add programs to private-bin (if needed)
# Additional private-options (when needed)
# Add programs to private-bin (when needed)
#private-bin PROGRAMS
# Add files to private-etc (if needed)
# Add files to private-etc (when needed)
#private-etc FILES

# Additional special options (if needed)
# Additional special options (when needed)

# Redirect
include PROFILE.profile