Info

Firejail Configuration for Session Messenger under Linux

Firejail provides additional protection against software errors under Linux. The best thing to do is to link the app image to session-desktop-linux-x86_64.AppImage

Firejail: https://firejail.wordpress.com/


  # KMJ.at / Karl M. Joch
  # Session Firejail

## Session Messenger Profile
## KMJ (https://kmj.at) 
## 20210122
## Version 1.00
## use /opt/Firejail/session as base or change directories here

## you are able to test with:
## /usr/bin/firejail --profile=/home/BENUTZER/.config/firejail/session.profile  /bin/bash
## or start with
## /usr/bin/firejail --profile=/home/BENUTZER/.config/firejail/session.profile --appimage /opt/Firejail/session/session-desktop-linux-x86_64.AppImage

###################################################################
## NOTES:
## home is /opt/Firejail/session
###################################################################

ignore noexec /tmp

noblacklist ${HOME}/.cache/session
noblacklist ${HOME}/.config/session
noblacklist ${HOME}/.local/share/session
noblacklist ${HOME}/.cache/Session
noblacklist ${HOME}/.config/Session
noblacklist ${HOME}/.local/share/Session

noblacklist /opt/Firejail/session
blacklist /opt/Firejail
blacklist /opt/Element
blacklist /snap
blacklist /usr/local/EXTRA

## Disable access 
include /etc/firejail/disable-common.inc 
include /etc/firejail/disable-programs.inc 
include /etc/firejail/disable-passwdmgr.inc 
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-exec.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-programs.inc

## Security filters 
caps.drop all 
netfilter
nodvd
nonewprivs 
noroot 
protocol unix,inet,inet6 
#seccomp
nogroups
shell none 

apparmor
notv
nou2f

## Filesystem
disable-mnt
private-cache 
private-tmp 
private-dev 
private-etc resolv.conf,localtime,alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,ssl
private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf,ls

private /opt/Firejail/session

# Blacklist 
blacklist /boot 
blacklist /mnt 
blacklist /media 
blacklist /root 
blacklist /srv

dbus-user none
dbus-system none