Merge pull request #1828 from glitsj16/gnome-recipes

gnome-recipes profile

2 files changed, 44 insertions, 0 deletions

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0d542c6d8..30ab75d03 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -369,6 +369,7 @@ blacklist ${HOME}/.local/share/gnome-2048
 blacklist ${HOME}/.local/share/gnome-chess
 blacklist ${HOME}/.local/share/gnome-music
 blacklist ${HOME}/.local/share/gnome-photos
+blacklist ${HOME}/.local/share/gnome-recipes
 blacklist ${HOME}/.local/share/gnome-ring
 blacklist ${HOME}/.local/share/gnome-twitch
 blacklist ${HOME}/.local/share/gwenview
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
new file mode 100644
index 000000000..a546a60d2
--- /dev/null
+++ b/etc/gnome-recipes.profile
@@ -0,0 +1,43 @@
+# Firejail profile for gnome-recipes
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gnome-recipes.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+mkdir ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
+
+noblacklist ${HOME}/.local/share/gnome-recipes
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-bin gnome-recipes,tar
+private-dev
+private-etc ca-certificates,fonts,ssl
+# private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux)
+# not widely tested though, leaving it to devs discretion to enable it later
+#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2
+private-tmp
+
+noexec ${HOME}
+noexec /tmp