1 files changed, 33 insertions, 0 deletions

diff --git a/etc/gajim.profile b/etc/gajim.profile
new file mode 100644
index 000000000..04902a734
--- /dev/null
+++ b/etc/gajim.profile
@@ -0,0 +1,33 @@
+# Firejail profile for Gajim
+
+mkdir ${HOME}/.cache/gajim
+mkdir ${HOME}/.local/share/gajim
+mkdir ${HOME}/.config/gajim
+mkdir ${HOME}/Downloads
+
+# Allow the local python 2.7 site packages, in case any plugins are using these
+mkdir ${HOME}/.local/lib/python2.7/site-packages/
+whitelist ${HOME}/.local/lib/python2.7/site-packages/
+read-only ${HOME}/.local/lib/python2.7/site-packages/
+
+whitelist ${HOME}/.cache/gajim
+whitelist ${HOME}/.local/share/gajim
+whitelist ${HOME}/.config/gajim
+whitelist ${HOME}/Downloads
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+nonewprivs
+nogroups
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+
+#private-bin python2.7 gajim
+private-dev