1 files changed, 9 insertions, 11 deletions
diff --git a/etc/caja.profile b/etc/caja.profile
index a724e76b1..1350b63dd 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -1,24 +1,21 @@
-# Persistent global definitions go here
+# Firejail profile for caja
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/caja.local
+# Persistent global definitions
-# Caja profile for Firejail
+include /etc/firejail/globals.local
 # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a caja process running on MATE desktops firejail will have no effect.
 noblacklist ~/.config/caja
-noblacklist ~/.local/share/caja-python
 noblacklist ~/.local/share/Trash
+noblacklist ~/.local/share/caja-python
 include /etc/firejail/disable-common.inc
-# caja needs to be able to start arbitrary applications so we cannot blacklist their files
-#include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+# include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@@ -30,7 +27,8 @@ seccomp
 shell none
 tracelog
+# caja needs to be able to start arbitrary applications so we cannot blacklist their files
 # private-bin caja
-# private-tmp
 # private-dev
 # private-etc fonts
+# private-tmp

diff --git a/etc/caja.profile b/etc/caja.profile index a724e76b1..1350b63dd 100644 --- a/etc/caja.profile +++ b/etc/caja.profile
@@ -1,24 +1,21 @@
1	# Persistent global definitions go here	1	# Firejail profile for caja
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/caja.local	4	include /etc/firejail/caja.local
7		5	# Persistent global definitions
8	# Caja profile for Firejail	6	include /etc/firejail/globals.local
9		7
10	# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there	8	# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
11	# is already a caja process running on MATE desktops firejail will have no effect.	9	# is already a caja process running on MATE desktops firejail will have no effect.
12		10
13	noblacklist ~/.config/caja	11	noblacklist ~/.config/caja
14	noblacklist ~/.local/share/caja-python
15	noblacklist ~/.local/share/Trash	12	noblacklist ~/.local/share/Trash
		13	noblacklist ~/.local/share/caja-python
16		14
17	include /etc/firejail/disable-common.inc	15	include /etc/firejail/disable-common.inc
18	# caja needs to be able to start arbitrary applications so we cannot blacklist their files
19	#include /etc/firejail/disable-programs.inc
20	include /etc/firejail/disable-devel.inc	16	include /etc/firejail/disable-devel.inc
21	include /etc/firejail/disable-passwdmgr.inc	17	include /etc/firejail/disable-passwdmgr.inc
		18	# include /etc/firejail/disable-programs.inc
22		19
23	caps.drop all	20	caps.drop all
24	netfilter	21	netfilter
@@ -30,7 +27,8 @@ seccomp
30	shell none	27	shell none
31	tracelog	28	tracelog
32		29
		30	# caja needs to be able to start arbitrary applications so we cannot blacklist their files
33	# private-bin caja	31	# private-bin caja
34	# private-tmp
35	# private-dev	32	# private-dev
36	# private-etc fonts	33	# private-etc fonts
		34	# private-tmp