Created
August 19, 2020 23:52
-
-
Save glitsj16/7b83acb0f2ecf5928587436e75b1c8a8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Firejail profile for ledger-live-desktop [appimage] | |
# Description: New generation wallet desktop application providing a unique interface to maintain multiple cryptocurrencies | |
# This file is overwritten after every install/update | |
# Persistent local customizations | |
include ledger-live-desktop.local | |
# Persistent global definitions | |
include globals.local | |
#noblacklist ${HOME}/.config/Ledger Live | |
ignore noexec /tmp | |
include disable-common.inc | |
include disable-devel.inc | |
include disable-exec.inc | |
include disable-interpreters.inc | |
include disable-passwdmgr.inc | |
include disable-programs.inc | |
# needs bash/sh | |
noblacklist ${PATH}/bash | |
noblacklist ${PATH}/sh | |
include disable-shell.inc | |
include disable-xdg.inc | |
mkdir ${HOME}/.config/Ledger Live | |
whitelist ${HOME}/.config/Ledger Live | |
whitelist ${DOWNLOADS} | |
include whitelist-common.inc | |
include whitelist-usr-share-common.inc | |
include whitelist-runuser-common.inc | |
include whitelist-var-common.inc | |
apparmor | |
caps.drop all | |
ipc-namespace | |
machine-id | |
netfilter | |
nodbus | |
nodvd | |
nogroups | |
nonewprivs | |
noroot | |
notv | |
nou2f | |
nosound | |
novideo | |
protocol unix,inet,inet6,netlink | |
seccomp !chroot | |
shell none | |
# tracelog - breaks on Arch | |
disable-mnt | |
private-bin bash,sh | |
private-cache | |
private-dev | |
private-etc alternatives,fonts | |
#private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,nsswitch.conf,pki,pulse,selinux,ssl,X11,xdg | |
private-lib | |
private-opt none | |
private-tmp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment