1 files changed, 49 insertions, 0 deletions
diff --git a/etc/profile-a-l/file-manager-common.profile b/etc/profile-a-l/file-manager-common.profile
new file mode 100644
index 000000000..8551e713d
--- /dev/null
+++ b/etc/profile-a-l/file-manager-common.profile
@@ -0,0 +1,49 @@
+# Firejail profile for file managers
+# Description: Common profile for GUI file managers
+# This file is overwritten after every install/update
+# Persistent local customizations
+include file-manager-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+# File managers need to be able to see everything under ${HOME}
+# and be able to start arbitrary applications
+ignore noexec ${HOME}
+# Allow lua (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
+# Allow perl
+include allow-perl.inc
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+#include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# include disable-programs.inc
+allusers
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+private-dev
+#dbus-user none
+#dbus-system none

diff --git a/etc/profile-a-l/file-manager-common.profile b/etc/profile-a-l/file-manager-common.profile new file mode 100644 index 000000000..8551e713d --- /dev/null +++ b/etc/profile-a-l/file-manager-common.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for file managers
	2	# Description: Common profile for GUI file managers
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include file-manager-common.local
	6	# Persistent global definitions
	7	# added by caller profile
	8	#include globals.local
	9
	10	# File managers need to be able to see everything under ${HOME}
	11	# and be able to start arbitrary applications
	12
	13	ignore noexec ${HOME}
	14
	15	# Allow lua (blacklisted by disable-interpreters.inc)
	16	include allow-lua.inc
	17
	18	# Allow perl
	19	include allow-perl.inc
	20
	21	# Allow python (blacklisted by disable-interpreters.inc)
	22	include allow-python2.inc
	23	include allow-python3.inc
	24
	25	#include disable-common.inc
	26	include disable-devel.inc
	27	include disable-interpreters.inc
	28	include disable-passwdmgr.inc
	29	# include disable-programs.inc
	30
	31	allusers
	32	caps.drop all
	33	netfilter
	34	nodvd
	35	nogroups
	36	nonewprivs
	37	noroot
	38	notv
	39	nou2f
	40	novideo
	41	protocol unix,inet,inet6,netlink
	42	seccomp
	43	shell none
	44	tracelog
	45
	46	private-dev
	47
	48	#dbus-user none
	49	#dbus-system none