2 files changed, 56 insertions, 0 deletions
diff --git a/etc/profile-a-l/chafa.profile b/etc/profile-a-l/chafa.profile
new file mode 100644
index 000000000..b042ac189
--- /dev/null
+++ b/etc/profile-a-l/chafa.profile
@@ -0,0 +1,55 @@
+# Firejail profile for chafa
+# Description: A terminal-based image viewer and image-to-text converter.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include chafa.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+# Add the following to your chafa.local if you do not need to view images in
+# /usr/share.
+#include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+seccomp socket
+seccomp.block-secondary
+tracelog
+x11 none
+private-bin chafa
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 1de107a03..72a33ed5a 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -127,6 +127,7 @@ cantata
 catfish
 cawbird
 celluloid
+chafa
 checkbashisms
 cheese
 cherrytree

diff --git a/etc/profile-a-l/chafa.profile b/etc/profile-a-l/chafa.profile new file mode 100644 index 000000000..b042ac189 --- /dev/null +++ b/etc/profile-a-l/chafa.profile
@@ -0,0 +1,55 @@
		1	# Firejail profile for chafa
		2	# Description: A terminal-based image viewer and image-to-text converter.
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include chafa.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	blacklist ${RUNUSER}
		10	blacklist /usr/libexec
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-proc.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-write-mnt.inc
		20
		21	include whitelist-run-common.inc
		22	include whitelist-runuser-common.inc
		23	# Add the following to your chafa.local if you do not need to view images in
		24	# /usr/share.
		25	#include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	machine-id
		31	net none
		32	no3d
		33	nodvd
		34	nogroups
		35	noinput
		36	nonewprivs
		37	noroot
		38	nosound
		39	notv
		40	nou2f
		41	novideo
		42	seccomp socket
		43	seccomp.block-secondary
		44	tracelog
		45	x11 none
		46
		47	private-bin chafa
		48	private-cache
		49	private-dev
		50	private-tmp
		51
		52	dbus-user none
		53	dbus-system none
		54
		55	read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 1de107a03..72a33ed5a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -127,6 +127,7 @@ cantata
127	catfish	127	catfish
128	cawbird	128	cawbird
129	celluloid	129	celluloid
		130	chafa
130	checkbashisms	131	checkbashisms
131	cheese	132	cheese
132	cherrytree	133	cherrytree