1 files changed, 60 insertions, 0 deletions
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
new file mode 100644
index 000000000..6d5dab41a
--- /dev/null
+++ b/etc/profile-a-l/agetpkg.profile
@@ -0,0 +1,60 @@
+# Firejail profile for agetpkg
+# Description: CLI tool to list/get/install packages from the Arch Linux Archive
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include agetpkg.local
+# Persistent global definitions
+include globals.local
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+# Allow python (blacklisted by disable-interpreters.inc)
+#include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+caps.drop all
+hostname agetpkg
+ipc-namespace
+machine-id
+noautopulse
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+private-bin agetpkg,python3
+private-cache
+private-dev
+private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute

diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile new file mode 100644 index 000000000..6d5dab41a --- /dev/null +++ b/etc/profile-a-l/agetpkg.profile
@@ -0,0 +1,60 @@
	1	# Firejail profile for agetpkg
	2	# Description: CLI tool to list/get/install packages from the Arch Linux Archive
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include agetpkg.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	blacklist /tmp/.X11-unix
	11	blacklist ${RUNUSER}/wayland-*
	12
	13	# Allow python (blacklisted by disable-interpreters.inc)
	14	#include allow-python2.inc
	15	include allow-python3.inc
	16
	17	include disable-common.inc
	18	include disable-devel.inc
	19	include disable-exec.inc
	20	include disable-interpreters.inc
	21	include disable-passwdmgr.inc
	22	include disable-programs.inc
	23	include disable-shell.inc
	24	include disable-xdg.inc
	25
	26	whitelist ${DOWNLOADS}
	27	include whitelist-common.inc
	28	include whitelist-usr-share-common.inc
	29	include whitelist-var-common.inc
	30
	31	caps.drop all
	32	hostname agetpkg
	33	ipc-namespace
	34	machine-id
	35	noautopulse
	36	netfilter
	37	no3d
	38	nodvd
	39	nogroups
	40	nonewprivs
	41	noroot
	42	nosound
	43	notv
	44	nou2f
	45	novideo
	46	protocol inet,inet6
	47	seccomp
	48	shell none
	49	tracelog
	50
	51	private-bin agetpkg,python3
	52	private-cache
	53	private-dev
	54	private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
	55	private-tmp
	56
	57	dbus-user none
	58	dbus-system none
	59
	60	memory-deny-write-execute