1 files changed, 22 insertions, 15 deletions
diff --git a/etc/default.profile b/etc/default.profile
index 44a9e548b..693f89ad3 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -1,31 +1,38 @@
-# Persistent global definitions go here
+# Firejail profile for default
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/default.local
+# Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+# generic gui profile
-# Persistent customizations should go in a .local file.
+# depending on your usage, you can enable some of the commands below:
-include /etc/firejail/default.local
-################################
-# Generic GUI application profile
-################################
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 caps.drop all
+# ipc-namespace
 netfilter
+# nogroups
 nonewprivs
 noroot
+# nosound
+# novideo
 protocol unix,inet,inet6
 seccomp
-#
-# depending on your usage, you can enable some of the commands below:
-#
-# nogroups
 # shell none
+# disable-mnt
+# private
 # private-bin program
-# private-etc none
 # private-dev
+# private-etc none
+# private-lib
 # private-tmp
-# nosound
+# memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp

diff --git a/etc/default.profile b/etc/default.profile index 44a9e548b..693f89ad3 100644 --- a/etc/default.profile +++ b/etc/default.profile
@@ -1,31 +1,38 @@
1	# Persistent global definitions go here	1	# Firejail profile for default
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/default.local
		5	# Persistent global definitions
2	include /etc/firejail/globals.local	6	include /etc/firejail/globals.local
3		7
4	# This file is overwritten during software install.	8	# generic gui profile
5	# Persistent customizations should go in a .local file.	9	# depending on your usage, you can enable some of the commands below:
6	include /etc/firejail/default.local
7		10
8	################################
9	# Generic GUI application profile
10	################################
11	include /etc/firejail/disable-common.inc	11	include /etc/firejail/disable-common.inc
12	include /etc/firejail/disable-programs.inc	12	# include /etc/firejail/disable-devel.inc
13	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
14		15
15	caps.drop all	16	caps.drop all
		17	# ipc-namespace
16	netfilter	18	netfilter
		19	# nogroups
17	nonewprivs	20	nonewprivs
18	noroot	21	noroot
		22	# nosound
		23	# novideo
19	protocol unix,inet,inet6	24	protocol unix,inet,inet6
20	seccomp	25	seccomp
21
22	#
23	# depending on your usage, you can enable some of the commands below:
24	#
25	# nogroups
26	# shell none	26	# shell none
		27
		28	# disable-mnt
		29	# private
27	# private-bin program	30	# private-bin program
28	# private-etc none
29	# private-dev	31	# private-dev
		32	# private-etc none
		33	# private-lib
30	# private-tmp	34	# private-tmp
31	# nosound	35
		36	# memory-deny-write-execute
		37	# noexec ${HOME}
		38	# noexec /tmp