1 files changed, 11 insertions, 13 deletions
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index aac358d38..93acbd09e 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -1,34 +1,32 @@
-# Persistent global definitions go here
+# Firejail profile for dolphin
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/dolphin.local
+# Persistent global definitions
-# dolphin profile
+include /etc/firejail/globals.local
 # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
+noblacklist ${HOME}/.local/share/Trash
 noblacklist ~/.config/dolphinrc
 noblacklist ~/.local/share/dolphin
-noblacklist ${HOME}/.local/share/Trash
 include /etc/firejail/disable-common.inc
-# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
-#include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+# include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
 nogroups
 nonewprivs
 noroot
-shell none
-seccomp
 protocol unix
+seccomp
+shell none
+# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
 # private-bin
 # private-dev
-# private-tmp
 # private-etc
+# private-tmp

diff --git a/etc/dolphin.profile b/etc/dolphin.profile index aac358d38..93acbd09e 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile
@@ -1,34 +1,32 @@
1	# Persistent global definitions go here	1	# Firejail profile for dolphin
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/dolphin.local	4	include /etc/firejail/dolphin.local
7		5	# Persistent global definitions
8	# dolphin profile	6	include /etc/firejail/globals.local
9		7
10	# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5	8	# warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
11		9
		10	noblacklist ${HOME}/.local/share/Trash
12	noblacklist ~/.config/dolphinrc	11	noblacklist ~/.config/dolphinrc
13	noblacklist ~/.local/share/dolphin	12	noblacklist ~/.local/share/dolphin
14	noblacklist ${HOME}/.local/share/Trash
15		13
16	include /etc/firejail/disable-common.inc	14	include /etc/firejail/disable-common.inc
17	# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
18	#include /etc/firejail/disable-programs.inc
19	include /etc/firejail/disable-devel.inc	15	include /etc/firejail/disable-devel.inc
20	include /etc/firejail/disable-passwdmgr.inc	16	include /etc/firejail/disable-passwdmgr.inc
		17	# include /etc/firejail/disable-programs.inc
21		18
22	caps.drop all	19	caps.drop all
23	netfilter	20	netfilter
24	nogroups	21	nogroups
25	nonewprivs	22	nonewprivs
26	noroot	23	noroot
27	shell none
28	seccomp
29	protocol unix	24	protocol unix
		25	seccomp
		26	shell none
30		27
		28	# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
31	# private-bin	29	# private-bin
32	# private-dev	30	# private-dev
33	# private-tmp
34	# private-etc	31	# private-etc
		32	# private-tmp