1 files changed, 41 insertions, 0 deletions
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile
new file mode 100644
index 000000000..3d0d1d356
--- /dev/null
+++ b/etc/archaudit-report.profile
@@ -0,0 +1,41 @@
+# Firejail profile for archaudit-report
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/archaudit-report.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist /var/lib/pacman
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
+#private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile new file mode 100644 index 000000000..3d0d1d356 --- /dev/null +++ b/etc/archaudit-report.profile
@@ -0,0 +1,41 @@
	1	# Firejail profile for archaudit-report
	2	# This file is overwritten after every install/update
	3	quiet
	4	# Persistent local customizations
	5	include /etc/firejail/archaudit-report.local
	6	# Persistent global definitions
	7	include /etc/firejail/globals.local
	8
	9
	10	noblacklist /var/lib/pacman
	11
	12	include /etc/firejail/disable-common.inc
	13	include /etc/firejail/disable-devel.inc
	14	include /etc/firejail/disable-passwdmgr.inc
	15	include /etc/firejail/disable-programs.inc
	16	include /etc/firejail/whitelist-common.inc
	17
	18	caps.drop all
	19	ipc-namespace
	20	netfilter
	21	no3d
	22	nodvd
	23	nogroups
	24	nonewprivs
	25	noroot
	26	nosound
	27	notv
	28	novideo
	29	protocol unix,inet,inet6
	30	seccomp
	31	shell none
	32
	33	disable-mnt
	34	private
	35	private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
	36	#private-dev
	37	private-tmp
	38
	39	memory-deny-write-execute
	40	noexec ${HOME}
	41	noexec /tmp