1 files changed, 62 insertions, 0 deletions
diff --git a/etc/com.github.johnfactotum.Foliate.profile b/etc/com.github.johnfactotum.Foliate.profile
new file mode 100644
index 000000000..39a9a360d
--- /dev/null
+++ b/etc/com.github.johnfactotum.Foliate.profile
@@ -0,0 +1,62 @@
+# Firejail profile for foliate
+# Description: Simple and modern GTK eBook reader
+# This file is overwritten after every install/update
+# Persistent local customizations
+include foliate.local
+# Persistent global definitions
+include globals.local
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
+noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+# Allow gjs (blacklisted by disable-interpreters.inc)
+include allow-gjs.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
+mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
+whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist /usr/share/com.github.johnfactotum.Foliate
+whitelist /usr/share/hyphen
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin com.github.johnfactotum.Foliate,gjs
+private-cache
+private-dev
+private-etc dconf,fonts,gconf,gtk-3.0
+private-tmp
+read-only ${HOME}
+read-write ${HOME}/.cache/com.github.johnfactotum.Foliate
+read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate

diff --git a/etc/com.github.johnfactotum.Foliate.profile b/etc/com.github.johnfactotum.Foliate.profile new file mode 100644 index 000000000..39a9a360d --- /dev/null +++ b/etc/com.github.johnfactotum.Foliate.profile
@@ -0,0 +1,62 @@
	1	# Firejail profile for foliate
	2	# Description: Simple and modern GTK eBook reader
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include foliate.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${DOCUMENTS}
	10	noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate
	11	noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
	12
	13	# Allow gjs (blacklisted by disable-interpreters.inc)
	14	include allow-gjs.inc
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-exec.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate
	25	mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate
	26	whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate
	27	whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate
	28	whitelist ${DOCUMENTS}
	29	whitelist ${DOWNLOADS}
	30	whitelist /usr/share/com.github.johnfactotum.Foliate
	31	whitelist /usr/share/hyphen
	32	include whitelist-common.inc
	33	include whitelist-usr-share-common.inc
	34	include whitelist-var-common.inc
	35
	36	apparmor
	37	caps.drop all
	38	machine-id
	39	net none
	40	nodvd
	41	nogroups
	42	nonewprivs
	43	noroot
	44	nosound
	45	notv
	46	nou2f
	47	novideo
	48	protocol unix
	49	seccomp
	50	shell none
	51	tracelog
	52
	53	disable-mnt
	54	private-bin com.github.johnfactotum.Foliate,gjs
	55	private-cache
	56	private-dev
	57	private-etc dconf,fonts,gconf,gtk-3.0
	58	private-tmp
	59
	60	read-only ${HOME}
	61	read-write ${HOME}/.cache/com.github.johnfactotum.Foliate
	62	read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate