Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Firejail profile for otter-browser
# Description: Lightweight web browser based on Qt WebEngine
# This file is overwritten after every install/update
# Persistent local customizations
include otter-browser.local
# Persistent global definitions
include globals.local
#noblacklist ${HOME}/.cache/falkon
#noblacklist ${HOME}/.config/falkon
noblacklist ~/.config/otter
noblacklist ~/.cache/Otter
include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
mkdir ${HOME}/.cache/Otter
mkdir ${HOME}/.config/otter
whitelist ${DOWNLOADS}
whitelist ${HOME}/.cache/Otter
whitelist ${HOME}/.config/otter
include whitelist-common.inc
include whitelist-var-common.inc
caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
nou2f
protocol unix,inet,inet6,netlink
# blacklisting of chroot system calls breaks falkon
seccomp !chroot
#seccomp
# tracelog
nodbus
private-dev
# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
# private-tmp - interferes with the opening of downloaded files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment