3 files changed, 19 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in
index 59fe34f60..8c1a21e9a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -127,6 +127,7 @@ realinstall:
        install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/rtorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/parole.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
        # man pages
diff --git a/etc/parole.profile b/etc/parole.profile
new file mode 100644
index 000000000..24181c8d6
--- /dev/null
+++ b/etc/parole.profile
@@ -0,0 +1,17 @@
+# Profile for Parole, the default XFCE4 media player
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+private-etc passwd,group,fonts
+private-bin parole,dbus-launch
+blacklist ${HOME}/.pki/nssdb
+blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.password-store
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+noroot
+shell none
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index bda064f60..47b84d207 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -53,3 +53,4 @@
 /etc/firejail/weechat-curses.profile
 /etc/firejail/hexchat.profile
 /etc/firejail/rtorrent.profile
+/etc/firejail/parole.profile

diff --git a/Makefile.in b/Makefile.in index 59fe34f60..8c1a21e9a 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -127,6 +127,7 @@ realinstall:
127	install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/.	127	install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/.
128	install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.	128	install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
129	install -c -m 0644 .etc/rtorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/.	129	install -c -m 0644 .etc/rtorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/.
		130	install -c -m 0644 .etc/parole.profile $(DESTDIR)/$(sysconfdir)/firejail/.
130	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	131	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
131	rm -fr .etc	132	rm -fr .etc
132	# man pages	133	# man pages


diff --git a/etc/parole.profile b/etc/parole.profile new file mode 100644 index 000000000..24181c8d6 --- /dev/null +++ b/etc/parole.profile
@@ -0,0 +1,17 @@
		1	# Profile for Parole, the default XFCE4 media player
		2	include /etc/firejail/disable-mgmt.inc
		3	include /etc/firejail/disable-secret.inc
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-devel.inc
		6	private-etc passwd,group,fonts
		7	private-bin parole,dbus-launch
		8	blacklist ${HOME}/.pki/nssdb
		9	blacklist ${HOME}/.lastpass
		10	blacklist ${HOME}/.keepassx
		11	blacklist ${HOME}/.password-store
		12	caps.drop all
		13	seccomp
		14	protocol unix,inet,inet6
		15	netfilter
		16	noroot
		17	shell none


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index bda064f60..47b84d207 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -53,3 +53,4 @@
53	/etc/firejail/weechat-curses.profile	53	/etc/firejail/weechat-curses.profile
54	/etc/firejail/hexchat.profile	54	/etc/firejail/hexchat.profile
55	/etc/firejail/rtorrent.profile	55	/etc/firejail/rtorrent.profile
		56	/etc/firejail/parole.profile