1 files changed, 9 insertions, 11 deletions
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 4f2f50d9f..2da8f32d7 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -1,25 +1,22 @@
-# Persistent global definitions go here
+# Firejail profile for nautilus
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/nautilus.local
+# Persistent global definitions
-# nautilus profile
+include /etc/firejail/globals.local
 # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a nautilus process running on gnome desktops firejail will have no effect.
 noblacklist ~/.config/nautilus
+noblacklist ~/.local/share/Trash
 noblacklist ~/.local/share/nautilus
 noblacklist ~/.local/share/nautilus-python
-noblacklist ~/.local/share/Trash
 include /etc/firejail/disable-common.inc
-# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
-#include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+# include /etc/firejail/disable-programs.inc
 caps.drop all
 netfilter
@@ -31,7 +28,8 @@ seccomp
 shell none
 tracelog
+# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
 # private-bin nautilus
-# private-tmp
 # private-dev
 # private-etc fonts
+# private-tmp

diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 4f2f50d9f..2da8f32d7 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile
@@ -1,25 +1,22 @@
1	# Persistent global definitions go here	1	# Firejail profile for nautilus
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/nautilus.local	4	include /etc/firejail/nautilus.local
7		5	# Persistent global definitions
8	# nautilus profile	6	include /etc/firejail/globals.local
9		7
10	# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there	8	# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
11	# is already a nautilus process running on gnome desktops firejail will have no effect.	9	# is already a nautilus process running on gnome desktops firejail will have no effect.
12		10
13	noblacklist ~/.config/nautilus	11	noblacklist ~/.config/nautilus
		12	noblacklist ~/.local/share/Trash
14	noblacklist ~/.local/share/nautilus	13	noblacklist ~/.local/share/nautilus
15	noblacklist ~/.local/share/nautilus-python	14	noblacklist ~/.local/share/nautilus-python
16	noblacklist ~/.local/share/Trash
17		15
18	include /etc/firejail/disable-common.inc	16	include /etc/firejail/disable-common.inc
19	# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
20	#include /etc/firejail/disable-programs.inc
21	include /etc/firejail/disable-devel.inc	17	include /etc/firejail/disable-devel.inc
22	include /etc/firejail/disable-passwdmgr.inc	18	include /etc/firejail/disable-passwdmgr.inc
		19	# include /etc/firejail/disable-programs.inc
23		20
24	caps.drop all	21	caps.drop all
25	netfilter	22	netfilter
@@ -31,7 +28,8 @@ seccomp
31	shell none	28	shell none
32	tracelog	29	tracelog
33		30
		31	# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
34	# private-bin nautilus	32	# private-bin nautilus
35	# private-tmp
36	# private-dev	33	# private-dev
37	# private-etc fonts	34	# private-etc fonts
		35	# private-tmp