1 files changed, 47 insertions, 0 deletions
diff --git a/etc/cower.profile b/etc/cower.profile
new file mode 100644
index 000000000..5e5c367c4
--- /dev/null
+++ b/etc/cower.profile
@@ -0,0 +1,47 @@
+# Firejail profile for cower
+# This file is overwritten after every install/update
+# This profile could be significantly strengthened by adding the following to cower.local
+# whitelist ~/<Your Build Folder>
+# whitelist ~/.config/cower/
+quiet
+# Persistent local customizations
+include /etc/firejail/cower.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.config/cower/config
+read-only ~/.config/cower/config
+noblacklist /var/lib/pacman
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin cower
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/cower.profile b/etc/cower.profile new file mode 100644 index 000000000..5e5c367c4 --- /dev/null +++ b/etc/cower.profile
@@ -0,0 +1,47 @@
	1	# Firejail profile for cower
	2	# This file is overwritten after every install/update
	3
	4	# This profile could be significantly strengthened by adding the following to cower.local
	5	# whitelist ~/<Your Build Folder>
	6	# whitelist ~/.config/cower/
	7
	8	quiet
	9
	10	# Persistent local customizations
	11	include /etc/firejail/cower.local
	12	# Persistent global definitions
	13	include /etc/firejail/globals.local
	14
	15	noblacklist ~/.config/cower/config
	16	read-only ~/.config/cower/config
	17
	18	noblacklist /var/lib/pacman
	19
	20	include /etc/firejail/disable-common.inc
	21	include /etc/firejail/disable-devel.inc
	22	include /etc/firejail/disable-passwdmgr.inc
	23	include /etc/firejail/disable-programs.inc
	24
	25	caps.drop all
	26	ipc-namespace
	27	netfilter
	28	no3d
	29	nodvd
	30	nogroups
	31	nonewprivs
	32	noroot
	33	nosound
	34	notv
	35	novideo
	36	protocol unix,inet,inet6
	37	seccomp
	38	shell none
	39
	40	disable-mnt
	41	private-bin cower
	42	private-dev
	43	private-tmp
	44
	45	memory-deny-write-execute
	46	noexec ${HOME}
	47	noexec /tmp