1 files changed, 61 insertions, 0 deletions
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
new file mode 100644
index 000000000..f14868668
--- /dev/null
+++ b/etc/profile-a-l/inkscape.profile
@@ -0,0 +1,61 @@
+# Firejail profile for inkscape
+# Description: Vector-based drawing program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include inkscape.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/inkscape
+noblacklist ${HOME}/.config/inkscape
+noblacklist ${HOME}/.inkscape
+noblacklist ${DOCUMENTS}
+noblacklist ${PICTURES}
+# Allow exporting .xcf files
+noblacklist ${HOME}/.config/GIMP
+noblacklist ${HOME}/.gimp*
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /usr/share/inkscape
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+# private-bin inkscape,potrace,python* - problems on Debian stretch
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
+# memory-deny-write-execute

diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile new file mode 100644 index 000000000..f14868668 --- /dev/null +++ b/etc/profile-a-l/inkscape.profile
@@ -0,0 +1,61 @@
	1	# Firejail profile for inkscape
	2	# Description: Vector-based drawing program
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include inkscape.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/inkscape
	10	noblacklist ${HOME}/.config/inkscape
	11	noblacklist ${HOME}/.inkscape
	12	noblacklist ${DOCUMENTS}
	13	noblacklist ${PICTURES}
	14	# Allow exporting .xcf files
	15	noblacklist ${HOME}/.config/GIMP
	16	noblacklist ${HOME}/.gimp*
	17
	18
	19	# Allow python (blacklisted by disable-interpreters.inc)
	20	include allow-python2.inc
	21	include allow-python3.inc
	22
	23	include disable-common.inc
	24	include disable-devel.inc
	25	include disable-exec.inc
	26	include disable-interpreters.inc
	27	include disable-passwdmgr.inc
	28	include disable-programs.inc
	29	include disable-xdg.inc
	30
	31	whitelist /usr/share/inkscape
	32	include whitelist-usr-share-common.inc
	33	include whitelist-var-common.inc
	34
	35	apparmor
	36	caps.drop all
	37	ipc-namespace
	38	machine-id
	39	net none
	40	nodvd
	41	nogroups
	42	nonewprivs
	43	noroot
	44	nosound
	45	notv
	46	nou2f
	47	novideo
	48	protocol unix
	49	seccomp
	50	shell none
	51	tracelog
	52
	53	# private-bin inkscape,potrace,python* - problems on Debian stretch
	54	private-cache
	55	private-dev
	56	private-tmp
	57
	58	dbus-user none
	59	dbus-system none
	60
	61	# memory-deny-write-execute