1 files changed, 26 insertions, 0 deletions
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
new file mode 100644
index 000000000..264ee0b9d
--- /dev/null
+++ b/etc/nautilus.profile
@@ -0,0 +1,26 @@
+# nautilus profile
+# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect.
+noblacklist ~/.config/nautilus
+include /etc/firejail/disable-common.inc
+# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
+#include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin nautilus
+# private-tmp
+# private-dev
+# private-etc fonts

diff --git a/etc/nautilus.profile b/etc/nautilus.profile new file mode 100644 index 000000000..264ee0b9d --- /dev/null +++ b/etc/nautilus.profile
@@ -0,0 +1,26 @@
	1	# nautilus profile
	2
	3	# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect.
	4
	5	noblacklist ~/.config/nautilus
	6
	7	include /etc/firejail/disable-common.inc
	8	# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
	9	#include /etc/firejail/disable-programs.inc
	10	include /etc/firejail/disable-devel.inc
	11	include /etc/firejail/disable-passwdmgr.inc
	12
	13	caps.drop all
	14	nogroups
	15	nonewprivs
	16	noroot
	17	protocol unix
	18	seccomp
	19	netfilter
	20	shell none
	21	tracelog
	22
	23	# private-bin nautilus
	24	# private-tmp
	25	# private-dev
	26	# private-etc fonts