1 files changed, 38 insertions, 0 deletions
diff --git a/etc/gajim.profile b/etc/gajim.profile
new file mode 100644
index 000000000..eb60f858b
--- /dev/null
+++ b/etc/gajim.profile
@@ -0,0 +1,38 @@
+# Firejail profile for Gajim
+noblacklist ${HOME}/.cache/gajim
+noblacklist ${HOME}/.local/share/gajim
+noblacklist ${HOME}/.config/gajim
+mkdir ${HOME}/.cache/gajim
+mkdir ${HOME}/.local/share/gajim
+mkdir ${HOME}/.config/gajim
+mkdir ${HOME}/Downloads
+# Allow the local python 2.7 site packages, in case any plugins are using these
+mkdir ${HOME}/.local/lib/python2.7/site-packages/
+whitelist ${HOME}/.local/lib/python2.7/site-packages/
+read-only ${HOME}/.local/lib/python2.7/site-packages/
+whitelist ${HOME}/.cache/gajim
+whitelist ${HOME}/.local/share/gajim
+whitelist ${HOME}/.config/gajim
+whitelist ${HOME}/Downloads
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+#private-bin python2.7 gajim
+#private-etc fonts
+private-dev
+#private-tmp

diff --git a/etc/gajim.profile b/etc/gajim.profile new file mode 100644 index 000000000..eb60f858b --- /dev/null +++ b/etc/gajim.profile
@@ -0,0 +1,38 @@
	1	# Firejail profile for Gajim
	2	noblacklist ${HOME}/.cache/gajim
	3	noblacklist ${HOME}/.local/share/gajim
	4	noblacklist ${HOME}/.config/gajim
	5
	6	mkdir ${HOME}/.cache/gajim
	7	mkdir ${HOME}/.local/share/gajim
	8	mkdir ${HOME}/.config/gajim
	9	mkdir ${HOME}/Downloads
	10
	11	# Allow the local python 2.7 site packages, in case any plugins are using these
	12	mkdir ${HOME}/.local/lib/python2.7/site-packages/
	13	whitelist ${HOME}/.local/lib/python2.7/site-packages/
	14	read-only ${HOME}/.local/lib/python2.7/site-packages/
	15
	16	whitelist ${HOME}/.cache/gajim
	17	whitelist ${HOME}/.local/share/gajim
	18	whitelist ${HOME}/.config/gajim
	19	whitelist ${HOME}/Downloads
	20
	21	include /etc/firejail/disable-common.inc
	22	include /etc/firejail/disable-passwdmgr.inc
	23	include /etc/firejail/disable-programs.inc
	24	include /etc/firejail/disable-devel.inc
	25
	26	caps.drop all
	27	netfilter
	28	nogroups
	29	nonewprivs
	30	noroot
	31	protocol unix,inet,inet6
	32	seccomp
	33	shell none
	34
	35	#private-bin python2.7 gajim
	36	#private-etc fonts
	37	private-dev
	38	#private-tmp