Merge pull request #2171 from glitsj16/desktop

New profile desktop (a.k.a. github-desktop)

2 files changed, 45 insertions, 0 deletions

diff --git a/etc/desktop.profile b/etc/desktop.profile
new file mode 100644
index 000000000..8bfa885a3
--- /dev/null
+++ b/etc/desktop.profile
@@ -0,0 +1,44 @@
+# Firejail profile for desktop
+# Description: Extend your GitHub workflow beyond your browser with GitHub Desktop
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/github-desktop.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+whitelist ${HOME}/.gitconfig
+whitelist ${HOME}/.config/GitHub Desktop
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+# no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+
+disable-mnt
+# private-bin Atom,desktop
+# private-cache
+# private-dev
+# private-etc none
+# private-lib
+# private-tmp
+
+# memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0b445301d..fe6b04ed0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -57,6 +57,7 @@ blacklist ${HOME}/.config/Franz
 blacklist ${HOME}/.config/FreeCAD
 blacklist ${HOME}/.config/Fritzing
 blacklist ${HOME}/.config/GIMP
+blacklist ${HOME}/.config/GitHub Desktop
 blacklist ${HOME}/.config/Gitter
 blacklist ${HOME}/.config/Google
 blacklist ${HOME}/.config/Google Play Music Desktop Player