Code: Select all
# Save as:
# ~/.config/firejail/muwire.profile
# A Firejail profile customized for MuWire based on the profile for
# rtorrent.
# The program call in the terminal looks something like the
# following. First, the path to the executable files is reset in
# order to exclude further paths without a message from
# Firejail, followed by the actual program call.
# Runnable example (one line without wrapping):
# PATH=/usr/local/bin:/usr/bin:/bin firejail --profile=$HOME/.config/firejail/muwire.profile --debug /opt/MuWire-0.8.10/bin/MuWire &
# General settings:
include globals.local
include disable-common.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
caps.drop all
machine-id
netfilter
nodvd
noinput
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
disable-mnt
private-cache
private-dev
private-tmp
include whitelist-common.inc
### Basic Blacklisting ###
# Directories that are taboo:
blacklist /media/
blacklist /mnt/
# blacklist /whatever/
### Home Directory Whitelisting ###
# Either share the entire Java Fonts directory or just the one
# that matches the current version number:
whitelist ${HOME}/.java/fonts/17
# The configuration directory must be accessible to MuWire:
whitelist ${HOME}/.config/MuWire
# The path to the distribution directories. It must match your
# MuWire configuration:
whitelist ${HOME}/MuWire/
### Filesystem Whitelisting ###
whitelist /usr/share/java
include whitelist-usr-share-common.inc