1 files changed, 57 insertions, 0 deletions
diff --git a/etc/crow.profile b/etc/crow.profile
new file mode 100644
index 000000000..14145ffea
--- /dev/null
+++ b/etc/crow.profile
@@ -0,0 +1,57 @@
+# Firejail profile for crow
+# This file is overwritten after every install/update
+# Persistent local customizations
+include crow.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/crow
+noblacklist ${HOME}/.cache/gstreamer-1.0
+mkdir ${HOME}/.config/crow
+mkdir ${HOME}/.cache/gstreamer-1.0
+whitelist ${HOME}/.config/crow
+whitelist ${HOME}/.cache/gstreamer-1.0
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+# apparmor
+caps.drop all
+# ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+# nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+# tracelog
+disable-mnt
+private-bin crow
+# private-cache
+private-dev
+private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies
+# private-lib
+private-opt none
+private-tmp
+private-srv none
+# memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/crow.profile b/etc/crow.profile new file mode 100644 index 000000000..14145ffea --- /dev/null +++ b/etc/crow.profile
@@ -0,0 +1,57 @@
	1	# Firejail profile for crow
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include crow.local
	5	# Persistent global definitions
	6	include globals.local
	7
	8	noblacklist ${HOME}/.config/crow
	9	noblacklist ${HOME}/.cache/gstreamer-1.0
	10
	11	mkdir ${HOME}/.config/crow
	12	mkdir ${HOME}/.cache/gstreamer-1.0
	13
	14	whitelist ${HOME}/.config/crow
	15	whitelist ${HOME}/.cache/gstreamer-1.0
	16
	17	include disable-common.inc
	18	include disable-devel.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	include whitelist-common.inc
	25
	26	# apparmor
	27	caps.drop all
	28	# ipc-namespace
	29	netfilter
	30	no3d
	31	nodbus
	32	nodvd
	33	nogroups
	34	nonewprivs
	35	noroot
	36	# nosound
	37	notv
	38	nou2f
	39	novideo
	40	protocol unix,inet,inet6,netlink
	41	seccomp
	42	shell none
	43	# tracelog
	44
	45	disable-mnt
	46	private-bin crow
	47	# private-cache
	48	private-dev
	49	private-etc ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies
	50	# private-lib
	51	private-opt none
	52	private-tmp
	53	private-srv none
	54
	55	# memory-deny-write-execute
	56	noexec ${HOME}
	57	noexec /tmp