1 files changed, 64 insertions, 0 deletions
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile
new file mode 100644
index 000000000..bf263efa9
--- /dev/null
+++ b/etc/profile-a-l/gnome-maps.profile
@@ -0,0 +1,64 @@
+# Firejail profile for gnome-maps
+# Description: Map application for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-maps.local
+# Persistent global definitions
+include globals.local
+# Some distributions use gapplications to start gnome-maps over D-Bus. As firecfg cannot handle that, you need to run the following command.
+# sed -e "s/Exec=gapplication launch org.gnome.Maps %U/Exec=gnome-maps %U/" -e "s/DBusActivatable=true/DBusActivatable=false/" "/usr/share/applications/org.gnome.Maps.desktop" > "~/.local/share/applications/org.gnome.Maps.desktop"
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ${HOME}/.cache/champlain
+noblacklist ${HOME}/.cache/org.gnome.Maps
+noblacklist ${HOME}/.local/share/maps-places.json
+# Allow gjs (blacklisted by disable-interpreters.inc)
+include allow-gjs.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/champlain
+mkfile ${HOME}/.local/share/maps-places.json
+whitelist ${HOME}/.cache/champlain
+whitelist ${HOME}/.local/share/maps-places.json
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
+whitelist /usr/share/gnome-maps
+whitelist /usr/share/libgweather
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin gjs,gnome-maps
+# private-cache -- gnome-maps cache all maps/satelite-images
+private-dev
+private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
+private-tmp

diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile new file mode 100644 index 000000000..bf263efa9 --- /dev/null +++ b/etc/profile-a-l/gnome-maps.profile
@@ -0,0 +1,64 @@
	1	# Firejail profile for gnome-maps
	2	# Description: Map application for GNOME
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include gnome-maps.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Some distributions use gapplications to start gnome-maps over D-Bus. As firecfg cannot handle that, you need to run the following command.
	10	# sed -e "s/Exec=gapplication launch org.gnome.Maps %U/Exec=gnome-maps %U/" -e "s/DBusActivatable=true/DBusActivatable=false/" "/usr/share/applications/org.gnome.Maps.desktop" > "~/.local/share/applications/org.gnome.Maps.desktop"
	11
	12	# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
	13
	14	noblacklist ${HOME}/.cache/champlain
	15	noblacklist ${HOME}/.cache/org.gnome.Maps
	16	noblacklist ${HOME}/.local/share/maps-places.json
	17
	18	# Allow gjs (blacklisted by disable-interpreters.inc)
	19	include allow-gjs.inc
	20
	21	include disable-common.inc
	22	include disable-devel.inc
	23	include disable-exec.inc
	24	include disable-interpreters.inc
	25	include disable-passwdmgr.inc
	26	include disable-programs.inc
	27	include disable-xdg.inc
	28
	29	mkdir ${HOME}/.cache/champlain
	30	mkfile ${HOME}/.local/share/maps-places.json
	31	whitelist ${HOME}/.cache/champlain
	32	whitelist ${HOME}/.local/share/maps-places.json
	33	whitelist ${DOWNLOADS}
	34	whitelist ${PICTURES}
	35	whitelist /usr/share/gnome-maps
	36	whitelist /usr/share/libgweather
	37	include whitelist-common.inc
	38	include whitelist-runuser-common.inc
	39	include whitelist-usr-share-common.inc
	40	include whitelist-var-common.inc
	41
	42	apparmor
	43	caps.drop all
	44	machine-id
	45	netfilter
	46	nodvd
	47	nogroups
	48	nonewprivs
	49	noroot
	50	nosound
	51	notv
	52	nou2f
	53	novideo
	54	protocol unix,inet,inet6
	55	seccomp
	56	shell none
	57	tracelog
	58
	59	disable-mnt
	60	private-bin gjs,gnome-maps
	61	# private-cache -- gnome-maps cache all maps/satelite-images
	62	private-dev
	63	private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg
	64	private-tmp