Add new profile for sysprof (#2501)

* Create sysprof.profile

* Create sysprof-cli.profile

* Add sysprof to firecfg

2 files changed, 65 insertions, 0 deletions

diff --git a/etc/sysprof-cli.profile b/etc/sysprof-cli.profile
new file mode 100644
index 000000000..28d279d77
--- /dev/null
+++ b/etc/sysprof-cli.profile
@@ -0,0 +1,18 @@
+# Firejail profile for sysprof-cli
+# Description: Kernel based performance profiler (CLI)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sysprof-cli.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+nodbus
+
+# There is no GUI help menu to break in the CLI version
+private-bin sysprof-cli
+private-lib
+
+
+# Redirect
+include sysprof.profile
diff --git a/etc/sysprof.profile b/etc/sysprof.profile
new file mode 100644
index 000000000..a3135d001
--- /dev/null
+++ b/etc/sysprof.profile
@@ -0,0 +1,47 @@
+# Firejail profile for sysprof
+# Description: Kernel based performance profiler (GUI)
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sysprof.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+# nodbus - makes settings immutable
+nodvd
+nogroups
+nonewprivs
+# Ubuntu 16.04 version needs root privileges - uncomment if you don't use that
+#noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,netlink
+shell none
+tracelog
+
+disable-mnt
+#private-bin sysprof - breaks GUI help menu
+private-cache
+private-dev
+private-etc alternatives,fonts,ld.so.cache,machine-id,ssl
+# private-lib breaks GUI help menu
+#private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp