Very basic Caja profile.

Modified from existing nautilus profile. It might need some future editing and tweaking.
author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-04-28 11:28:44 -0500
committer: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-04-28 11:28:44 -0500
commit: e1f738891aefa1c200b973fc6ed0bda56b6fd870 (patch)
tree: fde00547b1be1868ea7262634e884615ab8a9a45 /etc/caja.profile
parent: Added noexec to qtox profile (diff)
download: firejail-e1f738891aefa1c200b973fc6ed0bda56b6fd870.tar.gz
firejail-e1f738891aefa1c200b973fc6ed0bda56b6fd870.tar.zst
firejail-e1f738891aefa1c200b973fc6ed0bda56b6fd870.zip
1 files changed, 32 insertions, 0 deletions
diff --git a/etc/caja.profile b/etc/caja.profile
new file mode 100644
index 000000000..fe89d7b2d
--- /dev/null
+++ b/etc/caja.profile
@@ -0,0 +1,32 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/caja.local
+# Caja profile for Firejail
+# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
+ # is already a caja process running on MATE desktops firejail will have no effect.
+noblacklist ~/.config/caja
+noblacklist ~/.local/share/caja
+include /etc/firejail/disable-common.inc
+# caja needs to be able to start arbitrary applications so we cannot blacklist their files
+#include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin caja
+# private-tmp
+# private-dev
+# private-etc fonts
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-04-28 11:28:44 -0500
committer	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-04-28 11:28:44 -0500
commit	e1f738891aefa1c200b973fc6ed0bda56b6fd870 (patch)
tree	fde00547b1be1868ea7262634e884615ab8a9a45 /etc/caja.profile
parent	Added noexec to qtox profile (diff)
download	firejail-e1f738891aefa1c200b973fc6ed0bda56b6fd870.tar.gz firejail-e1f738891aefa1c200b973fc6ed0bda56b6fd870.tar.zst firejail-e1f738891aefa1c200b973fc6ed0bda56b6fd870.zip

diff --git a/etc/caja.profile b/etc/caja.profile new file mode 100644 index 000000000..fe89d7b2d --- /dev/null +++ b/etc/caja.profile
@@ -0,0 +1,32 @@
	1	# This file is overwritten during software install.
	2	# Persistent customizations should go in a .local file.
	3	include /etc/firejail/caja.local
	4
	5	# Caja profile for Firejail
	6
	7	# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
	8	# is already a caja process running on MATE desktops firejail will have no effect.
	9
	10	noblacklist ~/.config/caja
	11	noblacklist ~/.local/share/caja
	12
	13	include /etc/firejail/disable-common.inc
	14	# caja needs to be able to start arbitrary applications so we cannot blacklist their files
	15	#include /etc/firejail/disable-programs.inc
	16	include /etc/firejail/disable-devel.inc
	17	include /etc/firejail/disable-passwdmgr.inc
	18
	19	caps.drop all
	20	nogroups
	21	nonewprivs
	22	noroot
	23	protocol unix
	24	seccomp
	25	netfilter
	26	shell none
	27	tracelog
	28
	29	# private-bin caja
	30	# private-tmp
	31	# private-dev
	32	# private-etc fonts