Add profile for Gajim IM client

author: greigdp <greigdp@users.noreply.github.com> 2016-08-18 12:00:46 +0100
committer: greigdp <greigdp@users.noreply.github.com> 2016-08-18 12:00:46 +0100
commit: 6ffdc467370c4d4964ced120e5a2cddc0bc38490 (patch)
tree: 6b1a5b72a0ada75f8fcf4d4fb8171924b1aa3801 /etc/gajim.profile
parent: firemon fixes (diff)
download: firejail-6ffdc467370c4d4964ced120e5a2cddc0bc38490.tar.gz
firejail-6ffdc467370c4d4964ced120e5a2cddc0bc38490.tar.zst
firejail-6ffdc467370c4d4964ced120e5a2cddc0bc38490.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/etc/gajim.profile b/etc/gajim.profile
new file mode 100644
index 000000000..04902a734
--- /dev/null
+++ b/etc/gajim.profile
@@ -0,0 +1,33 @@
+# Firejail profile for Gajim
+mkdir ${HOME}/.cache/gajim
+mkdir ${HOME}/.local/share/gajim
+mkdir ${HOME}/.config/gajim
+mkdir ${HOME}/Downloads
+# Allow the local python 2.7 site packages, in case any plugins are using these
+mkdir ${HOME}/.local/lib/python2.7/site-packages/
+whitelist ${HOME}/.local/lib/python2.7/site-packages/
+read-only ${HOME}/.local/lib/python2.7/site-packages/
+whitelist ${HOME}/.cache/gajim
+whitelist ${HOME}/.local/share/gajim
+whitelist ${HOME}/.config/gajim
+whitelist ${HOME}/Downloads
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+nonewprivs
+nogroups
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+#private-bin python2.7 gajim
+private-dev
author	greigdp <greigdp@users.noreply.github.com>	2016-08-18 12:00:46 +0100
committer	greigdp <greigdp@users.noreply.github.com>	2016-08-18 12:00:46 +0100
commit	6ffdc467370c4d4964ced120e5a2cddc0bc38490 (patch)
tree	6b1a5b72a0ada75f8fcf4d4fb8171924b1aa3801 /etc/gajim.profile
parent	firemon fixes (diff)
download	firejail-6ffdc467370c4d4964ced120e5a2cddc0bc38490.tar.gz firejail-6ffdc467370c4d4964ced120e5a2cddc0bc38490.tar.zst firejail-6ffdc467370c4d4964ced120e5a2cddc0bc38490.zip

diff --git a/etc/gajim.profile b/etc/gajim.profile new file mode 100644 index 000000000..04902a734 --- /dev/null +++ b/etc/gajim.profile
@@ -0,0 +1,33 @@
	1	# Firejail profile for Gajim
	2
	3	mkdir ${HOME}/.cache/gajim
	4	mkdir ${HOME}/.local/share/gajim
	5	mkdir ${HOME}/.config/gajim
	6	mkdir ${HOME}/Downloads
	7
	8	# Allow the local python 2.7 site packages, in case any plugins are using these
	9	mkdir ${HOME}/.local/lib/python2.7/site-packages/
	10	whitelist ${HOME}/.local/lib/python2.7/site-packages/
	11	read-only ${HOME}/.local/lib/python2.7/site-packages/
	12
	13	whitelist ${HOME}/.cache/gajim
	14	whitelist ${HOME}/.local/share/gajim
	15	whitelist ${HOME}/.config/gajim
	16	whitelist ${HOME}/Downloads
	17
	18	include /etc/firejail/disable-common.inc
	19	include /etc/firejail/disable-passwdmgr.inc
	20	include /etc/firejail/disable-programs.inc
	21	include /etc/firejail/disable-devel.inc
	22
	23	caps.drop all
	24	netfilter
	25	nonewprivs
	26	nogroups
	27	noroot
	28	protocol unix,inet,inet6
	29	seccomp
	30	shell none
	31
	32	#private-bin python2.7 gajim
	33	private-dev