1 files changed, 52 insertions, 0 deletions
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile
new file mode 100644
index 000000000..ee2a73b54
--- /dev/null
+++ b/etc/profile-a-l/blobby.profile
@@ -0,0 +1,52 @@
+# Firejail profile for blobby
+# Persistent local customizations
+include blobby.local
+# Persistent global definitions
+include globals.local
+nodeny  ${HOME}/.blobby
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.blobby
+allow  ${HOME}/.blobby
+include whitelist-common.inc
+allow  /usr/share/blobby
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin blobby
+private-dev
+private-etc alsa,alternatives,asound.conf,drirc,group,hosts,login.defs,machine-id,passwd,pulse
+private-lib
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute

diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile new file mode 100644 index 000000000..ee2a73b54 --- /dev/null +++ b/etc/profile-a-l/blobby.profile
@@ -0,0 +1,52 @@
	1	# Firejail profile for blobby
	2	# Persistent local customizations
	3	include blobby.local
	4	# Persistent global definitions
	5	include globals.local
	6
	7	nodeny ${HOME}/.blobby
	8
	9	include disable-common.inc
	10	include disable-devel.inc
	11	include disable-exec.inc
	12	include disable-interpreters.inc
	13	include disable-passwdmgr.inc
	14	include disable-programs.inc
	15	include disable-shell.inc
	16	include disable-xdg.inc
	17
	18	mkdir ${HOME}/.blobby
	19	allow ${HOME}/.blobby
	20	include whitelist-common.inc
	21	allow /usr/share/blobby
	22	include whitelist-usr-share-common.inc
	23	include whitelist-var-common.inc
	24
	25	apparmor
	26	caps.drop all
	27	ipc-namespace
	28	netfilter
	29	nodvd
	30	nogroups
	31	noinput
	32	nonewprivs
	33	noroot
	34	notv
	35	nou2f
	36	novideo
	37	protocol unix,inet,inet6,netlink
	38	seccomp
	39	shell none
	40	tracelog
	41
	42	disable-mnt
	43	private-bin blobby
	44	private-dev
	45	private-etc alsa,alternatives,asound.conf,drirc,group,hosts,login.defs,machine-id,passwd,pulse
	46	private-lib
	47	private-tmp
	48
	49	dbus-user none
	50	dbus-system none
	51
	52	memory-deny-write-execute