From 8d499dc7f7000a398eb4daed373c6ed5bf802d1c Mon Sep 17 00:00:00 2001 From: Pig Monkey Date: Sat, 29 Jul 2017 16:11:31 -0700 Subject: [PATCH] remove firejail generic.profile include the appropriate files instead --- roles/calibre/files/firejail/calibre.profile | 3 ++- roles/firejail/files/disable-more.inc | 18 ------------------ roles/firejail/files/generic.profile | 2 -- roles/firejail/tasks/main.yml | 5 ----- roles/mpd/files/firejail/ncmpcpp.profile | 3 ++- roles/pianobar/files/firejail/pianobar.profile | 3 ++- roles/redshift/files/firejail/redshift.profile | 3 ++- roles/wormhole/files/firejail/wormhole.profile | 3 ++- 8 files changed, 10 insertions(+), 30 deletions(-) delete mode 100644 roles/firejail/files/disable-more.inc delete mode 100644 roles/firejail/files/generic.profile diff --git a/roles/calibre/files/firejail/calibre.profile b/roles/calibre/files/firejail/calibre.profile index c3a7e95..492f434 100644 --- a/roles/calibre/files/firejail/calibre.profile +++ b/roles/calibre/files/firejail/calibre.profile @@ -1,4 +1,5 @@ -include /usr/local/etc/firejail/generic.profile +include /etc/firejail/default.profile +include /etc/firejail/disable-devel.inc private-dev private-etc firejail,passwd,group,hostname,hosts,nsswitch.conf,resolv.conf,gtk-2.0,gtk-3.0,fonts,mime.types diff --git a/roles/firejail/files/disable-more.inc b/roles/firejail/files/disable-more.inc deleted file mode 100644 index 2693b80..0000000 --- a/roles/firejail/files/disable-more.inc +++ /dev/null @@ -1,18 +0,0 @@ -# Passwords -blacklist ${HOME}/.password-store -blacklist ${HOME}/.keys - -# Ledger -blacklist ${HOME}/ledger -blacklist ${HOME}/library/ledger - -# Mail -blacklist ${HOME}/.offlineimaprc -blacklist ${HOME}/.offlineimap -blacklist ${HOME}/.mbsyncrc - -# PIM -blacklist ${HOME}/.config/vdirsyncer -blacklist ${HOME}/.vdirsyncer -blacklist ${HOME}/.contacts -blacklist ${HOME}/.calendars diff --git a/roles/firejail/files/generic.profile b/roles/firejail/files/generic.profile deleted file mode 100644 index c9dc520..0000000 --- a/roles/firejail/files/generic.profile +++ /dev/null @@ -1,2 +0,0 @@ -include /etc/firejail/default.profile -include /etc/firejail/disable-devel.inc diff --git a/roles/firejail/tasks/main.yml b/roles/firejail/tasks/main.yml index d3cf339..cdd25fc 100644 --- a/roles/firejail/tasks/main.yml +++ b/roles/firejail/tasks/main.yml @@ -21,8 +21,3 @@ state=present line="blacklist {{ item }}" with_items: "{{ firejail.blacklist }}" - -- name: Push generic firejail profile - copy: src=generic.profile dest=/usr/local/etc/firejail/generic.profile - notify: - - activate firejail profiles diff --git a/roles/mpd/files/firejail/ncmpcpp.profile b/roles/mpd/files/firejail/ncmpcpp.profile index 649960a..71fa6b3 100644 --- a/roles/mpd/files/firejail/ncmpcpp.profile +++ b/roles/mpd/files/firejail/ncmpcpp.profile @@ -1,4 +1,5 @@ -include /usr/local/etc/firejail/generic.profile +include /etc/firejail/default.profile +include /etc/firejail/disable-devel.inc whitelist ~/.ncmpcpp whitelist ~/audio diff --git a/roles/pianobar/files/firejail/pianobar.profile b/roles/pianobar/files/firejail/pianobar.profile index 9009da1..c82f426 100644 --- a/roles/pianobar/files/firejail/pianobar.profile +++ b/roles/pianobar/files/firejail/pianobar.profile @@ -1,4 +1,5 @@ -include /usr/local/etc/firejail/generic.profile +include /etc/firejail/default.profile +include /etc/firejail/disable-devel.inc private-etc firejail,group,hosts,nsswitch.conf,resolv.conf,asound.conf,pulse,ssl,ca-certificates private-tmp diff --git a/roles/redshift/files/firejail/redshift.profile b/roles/redshift/files/firejail/redshift.profile index cd199ef..00656e7 100644 --- a/roles/redshift/files/firejail/redshift.profile +++ b/roles/redshift/files/firejail/redshift.profile @@ -1,4 +1,5 @@ -include /usr/local/etc/firejail/generic.profile +include /etc/firejail/default.profile +include /etc/firejail/disable-devel.inc whitelist ~/.config/redshift.conf net none diff --git a/roles/wormhole/files/firejail/wormhole.profile b/roles/wormhole/files/firejail/wormhole.profile index f3cf107..961c718 100644 --- a/roles/wormhole/files/firejail/wormhole.profile +++ b/roles/wormhole/files/firejail/wormhole.profile @@ -1,4 +1,5 @@ -include /usr/local/etc/firejail/generic.profile +include /etc/firejail/default.profile +include /etc/firejail/disable-devel.inc private-dev private-etc firejail