2 files changed, 64 insertions, 0 deletions
diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile
new file mode 100644
index 000000000..b654b3890
--- /dev/null
+++ b/etc/profile-a-l/clac.profile
@@ -0,0 +1,63 @@
+# Firejail profile for clac
+# Description: Simple command-line calculator
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include clac.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+#include disable-X11.inc - x11 none
+include disable-xdg.inc
+#include whitelist-common.inc - see #903
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+# block socket syscall to simulate empty protocol option (see #639)
+seccomp socket
+seccomp.block-secondary
+tracelog
+x11 none
+disable-mnt
+private
+private-bin clac
+#private-cache
+private-dev
+private-etc
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 71c03a5e6..7db4480b6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -147,6 +147,7 @@ chromium-freeworld
 cin
 cinelerra
 cinelerra-gg
+clac
 clamdscan
 clamdtop
 clamscan

diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile new file mode 100644 index 000000000..b654b3890 --- /dev/null +++ b/etc/profile-a-l/clac.profile
@@ -0,0 +1,63 @@
		1	# Firejail profile for clac
		2	# Description: Simple command-line calculator
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include clac.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	blacklist ${RUNUSER}
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-proc.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	#include disable-X11.inc - x11 none
		20	include disable-xdg.inc
		21
		22	#include whitelist-common.inc - see #903
		23	include whitelist-run-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	ipc-namespace
		31	machine-id
		32	net none
		33	no3d
		34	nodvd
		35	nogroups
		36	noinput
		37	nonewprivs
		38	noprinters
		39	noroot
		40	nosound
		41	notv
		42	nou2f
		43	novideo
		44	# block socket syscall to simulate empty protocol option (see #639)
		45	seccomp socket
		46	seccomp.block-secondary
		47	tracelog
		48	x11 none
		49
		50	disable-mnt
		51	private
		52	private-bin clac
		53	#private-cache
		54	private-dev
		55	private-etc
		56	private-tmp
		57
		58	dbus-user none
		59	dbus-system none
		60
		61	memory-deny-write-execute
		62	read-only ${HOME}
		63	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 71c03a5e6..7db4480b6 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -147,6 +147,7 @@ chromium-freeworld
147	cin	147	cin
148	cinelerra	148	cinelerra
149	cinelerra-gg	149	cinelerra-gg
		150	clac
150	clamdscan	151	clamdscan
151	clamdtop	152	clamdtop
152	clamscan	153	clamscan