remove firejail generic.profile

include the appropriate files instead
2026-01-23 02:24:09 +00:00 · 2017-07-29 16:11:31 -07:00 · 2017-07-29 16:11:31 -07:00 · 8d499dc7f7
commit 8d499dc7f7
parent e2aed9edd7
8 changed files with 10 additions and 30 deletions
--- a/roles/calibre/files/firejail/calibre.profile
+++ b/roles/calibre/files/firejail/calibre.profile
@ -1,4 +1,5 @@
-include /usr/local/etc/firejail/generic.profile
+include /etc/firejail/default.profile
+include /etc/firejail/disable-devel.inc

 private-dev
 private-etc firejail,passwd,group,hostname,hosts,nsswitch.conf,resolv.conf,gtk-2.0,gtk-3.0,fonts,mime.types
--- a/roles/firejail/files/disable-more.inc
+++ b/roles/firejail/files/disable-more.inc
@ -1,18 +0,0 @@
-# Passwords
-blacklist ${HOME}/.password-store
-blacklist ${HOME}/.keys
-
-# Ledger
-blacklist ${HOME}/ledger
-blacklist ${HOME}/library/ledger
-
-# Mail
-blacklist ${HOME}/.offlineimaprc
-blacklist ${HOME}/.offlineimap
-blacklist ${HOME}/.mbsyncrc
-
-# PIM
-blacklist ${HOME}/.config/vdirsyncer
-blacklist ${HOME}/.vdirsyncer
-blacklist ${HOME}/.contacts
-blacklist ${HOME}/.calendars
--- a/roles/firejail/files/generic.profile
+++ b/roles/firejail/files/generic.profile
@ -1,2 +0,0 @@
-include /etc/firejail/default.profile
-include /etc/firejail/disable-devel.inc
--- a/roles/firejail/tasks/main.yml
+++ b/roles/firejail/tasks/main.yml
@ -21,8 +21,3 @@
              state=present
              line="blacklist {{ item }}"
  with_items: "{{ firejail.blacklist }}"
-
- name: Push generic firejail profile
-  copy: src=generic.profile dest=/usr/local/etc/firejail/generic.profile
-  notify:
-    - activate firejail profiles
--- a/roles/mpd/files/firejail/ncmpcpp.profile
+++ b/roles/mpd/files/firejail/ncmpcpp.profile
@ -1,4 +1,5 @@
-include /usr/local/etc/firejail/generic.profile
+include /etc/firejail/default.profile
+include /etc/firejail/disable-devel.inc

 whitelist ~/.ncmpcpp
 whitelist ~/audio
--- a/roles/pianobar/files/firejail/pianobar.profile
+++ b/roles/pianobar/files/firejail/pianobar.profile
@ -1,4 +1,5 @@
-include /usr/local/etc/firejail/generic.profile
+include /etc/firejail/default.profile
+include /etc/firejail/disable-devel.inc

 private-etc firejail,group,hosts,nsswitch.conf,resolv.conf,asound.conf,pulse,ssl,ca-certificates
 private-tmp
--- a/roles/redshift/files/firejail/redshift.profile
+++ b/roles/redshift/files/firejail/redshift.profile
@ -1,4 +1,5 @@
-include /usr/local/etc/firejail/generic.profile
+include /etc/firejail/default.profile
+include /etc/firejail/disable-devel.inc

 whitelist ~/.config/redshift.conf
 net none
--- a/roles/wormhole/files/firejail/wormhole.profile
+++ b/roles/wormhole/files/firejail/wormhole.profile
@ -1,4 +1,5 @@
-include /usr/local/etc/firejail/generic.profile
+include /etc/firejail/default.profile
+include /etc/firejail/disable-devel.inc

 private-dev
 private-etc firejail