3 files changed, 48 insertions, 1 deletions
diff --git a/README.md b/README.md
index 22fd03b9f..5a0991294 100644
--- a/README.md
+++ b/README.md
@@ -221,4 +221,4 @@ Stats:
 ### New profiles:
-onionshare, onionshare-cli, opera-developer, songrec
+onionshare, onionshare-cli, opera-developer, songrec, gdu
diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile
new file mode 100644
index 000000000..783183bea
--- /dev/null
+++ b/etc/profile-a-l/gdu.profile
@@ -0,0 +1,46 @@
+# Firejail profile for gdu
+# Description: Fast disk usage analyzer with console interface
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include gdu.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}/wayland-*
+include disable-exec.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+# block the socket syscall to simulate an be empty protocol line, see #639
+seccomp socket
+seccomp.block-secondary
+x11 none
+private-dev
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+# gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features.
+# Depending on workflow and use case the sandbox can be hardened by adding the
+# lines below to your gdu.local if you don't need/want these functionalities.
+#include disable-shell.inc
+#private-bin gdu
+#read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 71cec5eaf..1e10258d5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -289,6 +289,7 @@ gapplication
 gcalccmd
 gcloud
 gconf-editor
+gdu
 geany
 geary
 gedit

diff --git a/README.md b/README.md index 22fd03b9f..5a0991294 100644 --- a/README.md +++ b/README.md
@@ -221,4 +221,4 @@ Stats:
221		221
222	### New profiles:	222	### New profiles:
223		223
224	onionshare, onionshare-cli, opera-developer, songrec	224	onionshare, onionshare-cli, opera-developer, songrec, gdu


diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile new file mode 100644 index 000000000..783183bea --- /dev/null +++ b/etc/profile-a-l/gdu.profile
@@ -0,0 +1,46 @@
		1	# Firejail profile for gdu
		2	# Description: Fast disk usage analyzer with console interface
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include gdu.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	blacklist ${RUNUSER}/wayland-*
		11
		12	include disable-exec.inc
		13
		14	apparmor
		15	caps.drop all
		16	ipc-namespace
		17	machine-id
		18	net none
		19	no3d
		20	nodvd
		21	nogroups
		22	noinput
		23	nonewprivs
		24	noroot
		25	nosound
		26	notv
		27	nou2f
		28	novideo
		29	# block the socket syscall to simulate an be empty protocol line, see #639
		30	seccomp socket
		31	seccomp.block-secondary
		32	x11 none
		33
		34	private-dev
		35
		36	dbus-user none
		37	dbus-system none
		38
		39	memory-deny-write-execute
		40
		41	# gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features.
		42	# Depending on workflow and use case the sandbox can be hardened by adding the
		43	# lines below to your gdu.local if you don't need/want these functionalities.
		44	#include disable-shell.inc
		45	#private-bin gdu
		46	#read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 71cec5eaf..1e10258d5 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -289,6 +289,7 @@ gapplication
289	gcalccmd	289	gcalccmd
290	gcloud	290	gcloud
291	gconf-editor	291	gconf-editor
		292	gdu
292	geany	293	geany
293	geary	294	geary
294	gedit	295	gedit