1 files changed, 39 insertions, 0 deletions
diff --git a/etc/patch.profile b/etc/patch.profile
new file mode 100644
index 000000000..3e8045bd4
--- /dev/null
+++ b/etc/patch.profile
@@ -0,0 +1,39 @@
+# Firejail profile for patch
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/patch.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-xdg.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-bin patch,red
+private-dev
+private-lib
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/patch.profile b/etc/patch.profile new file mode 100644 index 000000000..3e8045bd4 --- /dev/null +++ b/etc/patch.profile
@@ -0,0 +1,39 @@
	1	# Firejail profile for patch
	2	# This file is overwritten after every install/update
	3	quiet
	4	# Persistent local customizations
	5	include /etc/firejail/patch.local
	6	# Persistent global definitions
	7	include /etc/firejail/globals.local
	8
	9	noblacklist ${DOCUMENTS}
	10
	11	include /etc/firejail/disable-common.inc
	12	include /etc/firejail/disable-devel.inc
	13	include /etc/firejail/disable-interpreters.inc
	14	include /etc/firejail/disable-passwdmgr.inc
	15	include /etc/firejail/disable-xdg.inc
	16
	17	caps.drop all
	18	ipc-namespace
	19	net none
	20	no3d
	21	nodbus
	22	nodvd
	23	nogroups
	24	nonewprivs
	25	noroot
	26	nosound
	27	notv
	28	novideo
	29	protocol unix
	30	seccomp
	31	shell none
	32
	33	private-bin patch,red
	34	private-dev
	35	private-lib
	36
	37	memory-deny-write-execute
	38	noexec ${HOME}
	39	noexec /tmp