Add new profile for gnome-nettool (#2485)

* Create gnome-nettool.profile

* Add gnome-nettool to firecfg

1 files changed, 49 insertions, 0 deletions

diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile
new file mode 100644
index 000000000..585fb9a20
--- /dev/null
+++ b/etc/gnome-nettool.profile
@@ -0,0 +1,49 @@
+# Firejail profile for gnome-nettool
+# Description: Graphical interface for various networking tools
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-nettool.local
+# Persistent global definitions
+include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.keep net_raw
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+# ping needs to elevate privileges, noroot and nonewprivs will kill it
+#nonewprivs
+#noroot
+nosound
+notv
+nou2f
+novideo
+#seccomp
+#shell none
+
+disable-mnt
+#private-bin gnome-nettool
+private-cache
+private-dev
+#private-etc alternatives
+private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.*
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
+
+# never write anything
+read-only ${HOME}