1 files changed, 66 insertions, 0 deletions
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
new file mode 100644
index 000000000..adb33fae1
--- /dev/null
+++ b/etc/profile-a-l/artha.profile
@@ -0,0 +1,66 @@
+# Firejail profile for artha
+# Description: A free cross-platform English thesaurus based on WordNet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include artha.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/artha.conf
+noblacklist ${HOME}/.config/artha.log
+noblacklist ${HOME}/.config/enchant
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+# whitelisting in ${HOME} makes settings immutable, see #3112
+#mkfile ${HOME}/.config/artha.conf
+#mkdir ${HOME}/.config/enchant
+#whitelist ${HOME}/.config/artha.conf
+#whitelist ${HOME}/.config/artha.log
+#whitelist ${HOME}/.config/enchant
+whitelist /usr/share/artha
+whitelist /usr/share/wordnet
+#include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+# net none - breaks on Ubuntu
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin artha,enchant,notify-send
+private-cache
+private-dev
+private-etc alternatives,fonts,machine-id
+private-lib libnotify.so.*
+private-tmp
+# dbus-user none
+# dbus-system none
+memory-deny-write-execute

diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile new file mode 100644 index 000000000..adb33fae1 --- /dev/null +++ b/etc/profile-a-l/artha.profile
@@ -0,0 +1,66 @@
	1	# Firejail profile for artha
	2	# Description: A free cross-platform English thesaurus based on WordNet
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include artha.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/artha.conf
	10	noblacklist ${HOME}/.config/artha.log
	11	noblacklist ${HOME}/.config/enchant
	12
	13	blacklist /tmp/.X11-unix
	14	blacklist ${RUNUSER}/wayland-*
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-exec.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-shell.inc
	23	include disable-xdg.inc
	24
	25	# whitelisting in ${HOME} makes settings immutable, see #3112
	26	#mkfile ${HOME}/.config/artha.conf
	27	#mkdir ${HOME}/.config/enchant
	28	#whitelist ${HOME}/.config/artha.conf
	29	#whitelist ${HOME}/.config/artha.log
	30	#whitelist ${HOME}/.config/enchant
	31	whitelist /usr/share/artha
	32	whitelist /usr/share/wordnet
	33	#include whitelist-common.inc
	34	include whitelist-usr-share-common.inc
	35	include whitelist-var-common.inc
	36
	37	apparmor
	38	caps.drop all
	39	ipc-namespace
	40	# net none - breaks on Ubuntu
	41	no3d
	42	nodvd
	43	nogroups
	44	nonewprivs
	45	noroot
	46	nosound
	47	notv
	48	nou2f
	49	novideo
	50	protocol unix
	51	seccomp
	52	shell none
	53	tracelog
	54
	55	disable-mnt
	56	private-bin artha,enchant,notify-send
	57	private-cache
	58	private-dev
	59	private-etc alternatives,fonts,machine-id
	60	private-lib libnotify.so.*
	61	private-tmp
	62
	63	# dbus-user none
	64	# dbus-system none
	65
	66	memory-deny-write-execute