1 files changed, 19 insertions, 0 deletions
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
new file mode 100644
index 000000000..a614a8dbf
--- /dev/null
+++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
+# lxterminal (LXDE) profile
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+blacklist ${HOME}/.pki/nssdb
+blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.password-store
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+#noroot - somehow this breaks on Debian Jessie!
+# lxterminal is a single-instence program
+# blacklist any existing lxterminal socket in order to force a second process instance
+blacklist /tmp/.lxterminal-socket*

diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile new file mode 100644 index 000000000..a614a8dbf --- /dev/null +++ b/etc/lxterminal.profile
@@ -0,0 +1,19 @@
	1	# lxterminal (LXDE) profile
	2
	3	include /etc/firejail/disable-mgmt.inc
	4	include /etc/firejail/disable-secret.inc
	5	include /etc/firejail/disable-common.inc
	6	blacklist ${HOME}/.pki/nssdb
	7	blacklist ${HOME}/.lastpass
	8	blacklist ${HOME}/.keepassx
	9	blacklist ${HOME}/.password-store
	10	caps.drop all
	11	seccomp
	12	protocol unix,inet,inet6
	13	netfilter
	14
	15	#noroot - somehow this breaks on Debian Jessie!
	16
	17	# lxterminal is a single-instence program
	18	# blacklist any existing lxterminal socket in order to force a second process instance
	19	blacklist /tmp/.lxterminal-socket*