Unify all profiles

1 files changed, 13 insertions, 14 deletions

diff --git a/etc/gjs.profile b/etc/gjs.profile
index f1def3f16..443dccfea 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -1,35 +1,34 @@
-# Persistent global definitions go here
-include /etc/firejail/globals.local
-
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
+# Firejail profile for gjs
+# This file is overwritten after every install/update
+# Persistent local customizations
 include /etc/firejail/gjs.local
+# Persistent global definitions
+include /etc/firejail/globals.local
 
-# gjs (gnome javascript bindings) profile
-
-# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
-
+noblacklist ~/.cache/libgweather
+noblacklist ~/.cache/org.gnome.Books
 noblacklist ~/.config/libreoffice
 noblacklist ~/.local/share/gnome-photos
-noblacklist ~/.cache/org.gnome.Books
-noblacklist ~/.cache/libgweather
 
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 
 caps.drop all
+netfilter
 nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
-netfilter
 shell none
 tracelog
 
 # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
-private-tmp
 private-dev
 # private-etc fonts
+private-tmp
+
+# CLOBBERED COMMENTS
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them