1 files changed, 10 insertions, 12 deletions
diff --git a/etc/gjs.profile b/etc/gjs.profile
index f1def3f16..739100888 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -1,35 +1,33 @@
-# Persistent global definitions go here
+# Firejail profile for gjs
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/gjs.local
+# Persistent global definitions
-# gjs (gnome javascript bindings) profile
+include /etc/firejail/globals.local
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/libgweather
+noblacklist ~/.cache/org.gnome.Books
 noblacklist ~/.config/libreoffice
 noblacklist ~/.local/share/gnome-photos
-noblacklist ~/.cache/org.gnome.Books
-noblacklist ~/.cache/libgweather
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 caps.drop all
+netfilter
 nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
-netfilter
 shell none
 tracelog
 # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
-private-tmp
 private-dev
 # private-etc fonts
+private-tmp

diff --git a/etc/gjs.profile b/etc/gjs.profile index f1def3f16..739100888 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile
@@ -1,35 +1,33 @@
1	# Persistent global definitions go here	1	# Firejail profile for gjs
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/gjs.local	4	include /etc/firejail/gjs.local
7		5	# Persistent global definitions
8	# gjs (gnome javascript bindings) profile	6	include /etc/firejail/globals.local
9		7
10	# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them	8	# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
11		9
		10	noblacklist ~/.cache/libgweather
		11	noblacklist ~/.cache/org.gnome.Books
12	noblacklist ~/.config/libreoffice	12	noblacklist ~/.config/libreoffice
13	noblacklist ~/.local/share/gnome-photos	13	noblacklist ~/.local/share/gnome-photos
14	noblacklist ~/.cache/org.gnome.Books
15	noblacklist ~/.cache/libgweather
16		14
17	include /etc/firejail/disable-common.inc	15	include /etc/firejail/disable-common.inc
18	include /etc/firejail/disable-programs.inc
19	include /etc/firejail/disable-devel.inc	16	include /etc/firejail/disable-devel.inc
20	include /etc/firejail/disable-passwdmgr.inc	17	include /etc/firejail/disable-passwdmgr.inc
		18	include /etc/firejail/disable-programs.inc
21		19
22	caps.drop all	20	caps.drop all
		21	netfilter
23	nogroups	22	nogroups
24	nonewprivs	23	nonewprivs
25	noroot	24	noroot
26	protocol unix,inet,inet6	25	protocol unix,inet,inet6
27	seccomp	26	seccomp
28	netfilter
29	shell none	27	shell none
30	tracelog	28	tracelog
31		29
32	# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather	30	# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
33	private-tmp
34	private-dev	31	private-dev
35	# private-etc fonts	32	# private-etc fonts
		33	private-tmp