1 files changed, 56 insertions, 0 deletions
diff --git a/etc/gfeeds.profile b/etc/gfeeds.profile
new file mode 100644
index 000000000..dcb33bc38
--- /dev/null
+++ b/etc/gfeeds.profile
@@ -0,0 +1,56 @@
+# Firejail profile for gfeeds
+# Description: RSS/Atom feed reader for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gfeeds.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/org.gabmus.gfeeds
+noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/org.gabmus.gfeeds
+mkfile ${HOME}/.config/org.gabmus.gfeeds.json
+whitelist ${HOME}/.cache/org.gabmus.gfeeds
+whitelist ${HOME}/.config/org.gabmus.gfeeds.json
+whitelist /usr/share/gfeeds
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+#nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin gfeeds,python3*
+# private-cache -- feeds are stored in ~/.cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
+private-tmp

diff --git a/etc/gfeeds.profile b/etc/gfeeds.profile new file mode 100644 index 000000000..dcb33bc38 --- /dev/null +++ b/etc/gfeeds.profile
@@ -0,0 +1,56 @@
	1	# Firejail profile for gfeeds
	2	# Description: RSS/Atom feed reader for GNOME
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include gfeeds.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/org.gabmus.gfeeds
	10	noblacklist ${HOME}/.config/org.gabmus.gfeeds.json
	11
	12	# Allow python (blacklisted by disable-interpreters.inc)
	13	include allow-python3.inc
	14
	15	include disable-common.inc
	16	include disable-devel.inc
	17	include disable-exec.inc
	18	include disable-interpreters.inc
	19	include disable-passwdmgr.inc
	20	include disable-programs.inc
	21	include disable-xdg.inc
	22
	23	mkdir ${HOME}/.cache/org.gabmus.gfeeds
	24	mkfile ${HOME}/.config/org.gabmus.gfeeds.json
	25	whitelist ${HOME}/.cache/org.gabmus.gfeeds
	26	whitelist ${HOME}/.config/org.gabmus.gfeeds.json
	27	whitelist /usr/share/gfeeds
	28	include whitelist-common.inc
	29	include whitelist-usr-share-common.inc
	30	include whitelist-var-common.inc
	31
	32	apparmor
	33	caps.drop all
	34	machine-id
	35	netfilter
	36	no3d
	37	#nodbus
	38	nodvd
	39	nogroups
	40	nonewprivs
	41	noroot
	42	nosound
	43	notv
	44	nou2f
	45	novideo
	46	protocol unix,inet,inet6
	47	seccomp
	48	shell none
	49	tracelog
	50
	51	disable-mnt
	52	private-bin gfeeds,python3*
	53	# private-cache -- feeds are stored in ~/.cache
	54	private-dev
	55	private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
	56	private-tmp