1 files changed, 57 insertions, 0 deletions
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
new file mode 100644
index 000000000..4b6453015
--- /dev/null
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -0,0 +1,57 @@
+# Firejail profile for gnome-logs
+# Description: Viewer for the systemd journal
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-logs.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /var/log/journal
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+# When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html),
+# comment both 'nogroups' and 'noroot'
+# or put 'ignore nogroups' and 'ignore noroot' in your gnome-logs.local.
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin gnome-logs
+private-cache
+private-dev
+private-etc alternatives,fonts,localtime,machine-id
+private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
+private-tmp
+writable-var-log
+dbus-user none
+dbus-system none
+# comment this if you export logs to a file in your ${HOME}
+# or put 'ignore read-only ${HOME}' in your gnome-logs.local.
+read-only ${HOME}

diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile new file mode 100644 index 000000000..4b6453015 --- /dev/null +++ b/etc/profile-a-l/gnome-logs.profile
@@ -0,0 +1,57 @@
	1	# Firejail profile for gnome-logs
	2	# Description: Viewer for the systemd journal
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include gnome-logs.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	include disable-common.inc
	10	include disable-devel.inc
	11	include disable-exec.inc
	12	include disable-interpreters.inc
	13	include disable-passwdmgr.inc
	14	include disable-programs.inc
	15	include disable-xdg.inc
	16
	17	whitelist /var/log/journal
	18	include whitelist-runuser-common.inc
	19	include whitelist-usr-share-common.inc
	20	include whitelist-var-common.inc
	21
	22	apparmor
	23	caps.drop all
	24	ipc-namespace
	25	net none
	26	no3d
	27	nodvd
	28	# When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html),
	29	# comment both 'nogroups' and 'noroot'
	30	# or put 'ignore nogroups' and 'ignore noroot' in your gnome-logs.local.
	31	nogroups
	32	nonewprivs
	33	noroot
	34	nosound
	35	notv
	36	nou2f
	37	novideo
	38	protocol unix
	39	seccomp
	40	shell none
	41	tracelog
	42
	43	disable-mnt
	44	private-bin gnome-logs
	45	private-cache
	46	private-dev
	47	private-etc alternatives,fonts,localtime,machine-id
	48	private-lib gdk-pixbuf-2.,gio,gvfs/libgvfscommon.so,libgconf-2.so.,librsvg-2.so.*
	49	private-tmp
	50	writable-var-log
	51
	52	dbus-user none
	53	dbus-system none
	54
	55	# comment this if you export logs to a file in your ${HOME}
	56	# or put 'ignore read-only ${HOME}' in your gnome-logs.local.
	57	read-only ${HOME}