Unify all profiles

1 files changed, 13 insertions, 14 deletions

diff --git a/etc/caja.profile b/etc/caja.profile
index a724e76b1..adbcc09b9 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -1,24 +1,18 @@
-# Persistent global definitions go here
-include /etc/firejail/globals.local
-
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
+# Firejail profile for caja
+# This file is overwritten after every install/update
+# Persistent local customizations
 include /etc/firejail/caja.local
-
-# Caja profile for Firejail
-
-# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
-# is already a caja process running on MATE desktops firejail will have no effect.
+# Persistent global definitions
+include /etc/firejail/globals.local
 
 noblacklist ~/.config/caja
-noblacklist ~/.local/share/caja-python
 noblacklist ~/.local/share/Trash
+noblacklist ~/.local/share/caja-python
 
 include /etc/firejail/disable-common.inc
-# caja needs to be able to start arbitrary applications so we cannot blacklist their files
-#include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+# include /etc/firejail/disable-programs.inc
 
 caps.drop all
 netfilter
@@ -31,6 +25,11 @@ shell none
 tracelog
 
 # private-bin caja
-# private-tmp
 # private-dev
 # private-etc fonts
+# private-tmp
+
+# CLOBBERED COMMENTS
+# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
+# caja needs to be able to start arbitrary applications so we cannot blacklist their files
+# is already a caja process running on MATE desktops firejail will have no effect.