Add profiles for mypaint & mypaint-ora-thumbnailer

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-02-17 11:07:17 +0100
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-02-17 11:07:17 +0100
commit: 7f43d7015b5e1516be7298f13d6e2ec73f99aec7 (patch)
tree: 03d1589eb1c6151c20e03d8b566a519ab4ec5c04 /etc/mypaint.profile
parent: typo (diff)
download: firejail-7f43d7015b5e1516be7298f13d6e2ec73f99aec7.tar.gz
firejail-7f43d7015b5e1516be7298f13d6e2ec73f99aec7.tar.zst
firejail-7f43d7015b5e1516be7298f13d6e2ec73f99aec7.zip
1 files changed, 51 insertions, 0 deletions
diff --git a/etc/mypaint.profile b/etc/mypaint.profile
new file mode 100644
index 000000000..1af6f3026
--- /dev/null
+++ b/etc/mypaint.profile
@@ -0,0 +1,51 @@
+# Firejail profile for mypaint
+# Description: A fast and easy graphics application for digital painters
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mypaint.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/mypaint
+noblacklist ${HOME}/.config/mypaint
+noblacklist ${HOME}/.local/share/mypaint
+noblacklist ${PATH}/python2*
+noblacklist /usr/lib/python2*
+noblacklist ${PICTURES}
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc fonts,gtk-3.0,dconf
+private-tmp
+noexec ${HOME}
+noexec /tmp
+# vim:set syntax=sh:
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-02-17 11:07:17 +0100
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-02-17 11:07:17 +0100
commit	7f43d7015b5e1516be7298f13d6e2ec73f99aec7 (patch)
tree	03d1589eb1c6151c20e03d8b566a519ab4ec5c04 /etc/mypaint.profile
parent	typo (diff)
download	firejail-7f43d7015b5e1516be7298f13d6e2ec73f99aec7.tar.gz firejail-7f43d7015b5e1516be7298f13d6e2ec73f99aec7.tar.zst firejail-7f43d7015b5e1516be7298f13d6e2ec73f99aec7.zip

diff --git a/etc/mypaint.profile b/etc/mypaint.profile new file mode 100644 index 000000000..1af6f3026 --- /dev/null +++ b/etc/mypaint.profile
@@ -0,0 +1,51 @@
	1	# Firejail profile for mypaint
	2	# Description: A fast and easy graphics application for digital painters
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include mypaint.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/mypaint
	10	noblacklist ${HOME}/.config/mypaint
	11	noblacklist ${HOME}/.local/share/mypaint
	12	noblacklist ${PATH}/python2*
	13	noblacklist /usr/lib/python2*
	14	noblacklist ${PICTURES}
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-interpreters.inc
	19	include disable-passwdmgr.inc
	20	include disable-programs.inc
	21	include disable-xdg.inc
	22
	23	apparmor
	24	caps.drop all
	25	machine-id
	26	net none
	27	no3d
	28	nodbus
	29	nodvd
	30	nogroups
	31	nonewprivs
	32	noroot
	33	nosound
	34	notv
	35	nou2f
	36	novideo
	37	protocol unix
	38	seccomp
	39	shell none
	40	tracelog
	41
	42	disable-mnt
	43	private-cache
	44	private-dev
	45	private-etc fonts,gtk-3.0,dconf
	46	private-tmp
	47
	48	noexec ${HOME}
	49	noexec /tmp
	50
	51	# vim:set syntax=sh: