1 files changed, 65 insertions, 0 deletions
diff --git a/etc/profile-a-l/koreader.profile b/etc/profile-a-l/koreader.profile
new file mode 100644
index 000000000..f210ba72c
--- /dev/null
+++ b/etc/profile-a-l/koreader.profile
@@ -0,0 +1,65 @@
+# Firejail profile for koreader
+# Description: Ebook reader application
+# This file is overwritten after every install/update
+# Persistent local customizations
+include koreader.local
+# Persistent global definitions
+include globals.local
+blacklist /usr/libexec
+noblacklist ${HOME}/.config/koreader
+noblacklist ${DOCUMENTS}
+# Allow lua (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/koreader
+whitelist ${HOME}/.config/koreader
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+#no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+seccomp.block-secondary
+tracelog
+private-cache
+private-dev
+private-etc
+private-lib
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
+read-write ${HOME}/.config/koreader
+read-write ${DOWNLOADS}
+restrict-namespaces

diff --git a/etc/profile-a-l/koreader.profile b/etc/profile-a-l/koreader.profile new file mode 100644 index 000000000..f210ba72c --- /dev/null +++ b/etc/profile-a-l/koreader.profile
@@ -0,0 +1,65 @@
	1	# Firejail profile for koreader
	2	# Description: Ebook reader application
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include koreader.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	blacklist /usr/libexec
	10
	11	noblacklist ${HOME}/.config/koreader
	12	noblacklist ${DOCUMENTS}
	13
	14	# Allow lua (blacklisted by disable-interpreters.inc)
	15	include allow-lua.inc
	16
	17	include disable-common.inc
	18	include disable-devel.inc
	19	include disable-exec.inc
	20	include disable-interpreters.inc
	21	include disable-proc.inc
	22	include disable-programs.inc
	23	include disable-xdg.inc
	24
	25	mkdir ${HOME}/.config/koreader
	26	whitelist ${HOME}/.config/koreader
	27	include whitelist-common.inc
	28	include whitelist-run-common.inc
	29	include whitelist-runuser-common.inc
	30	include whitelist-usr-share-common.inc
	31
	32	apparmor
	33	caps.drop all
	34	ipc-namespace
	35	machine-id
	36	net none
	37	#no3d
	38	nodvd
	39	nogroups
	40	noinput
	41	nonewprivs
	42	noprinters
	43	noroot
	44	nosound
	45	notv
	46	nou2f
	47	novideo
	48	protocol unix,netlink
	49	seccomp
	50	seccomp.block-secondary
	51	tracelog
	52
	53	private-cache
	54	private-dev
	55	private-etc
	56	private-lib
	57	private-tmp
	58
	59	dbus-user none
	60	dbus-system none
	61
	62	read-only ${HOME}
	63	read-write ${HOME}/.config/koreader
	64	read-write ${DOWNLOADS}
	65	restrict-namespaces