1 files changed, 76 insertions, 0 deletions
diff --git a/etc/profile-a-l/lettura.profile b/etc/profile-a-l/lettura.profile
new file mode 100644
index 000000000..94a455355
--- /dev/null
+++ b/etc/profile-a-l/lettura.profile
@@ -0,0 +1,76 @@
+# Firejail profile for lettura
+# Description: Another free and open-source feed reader
+# This file is overwritten after every install/update
+# Persistent local customizations
+include lettura.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/lettura
+noblacklist ${HOME}/.config/com.lettura.dev
+noblacklist ${HOME}/.lettura
+noblacklist ${HOME}/.local/share/com.lettura.dev
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/lettura
+mkdir ${HOME}/.config/com.lettura.dev
+mkdir ${HOME}/.lettura
+mkdir ${HOME}/.local/share/com.lettura.dev
+whitelist ${HOME}/.cache/lettura
+whitelist ${HOME}/.config/com.lettura.dev
+whitelist ${HOME}/.lettura
+whitelist ${HOME}/.local/share/com.lettura.dev
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+# The lines below are needed to find the default Firefox profile name, to allow
+# opening links in an existing instance of Firefox (note that it still fails if
+# there isn't a Firefox instance running with the default profile; see #5352)
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+#nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin lettura
+private-cache
+private-dev
+private-etc @network,@sound,@tls-ca,@x11,mime.types
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.*
+dbus-system none
+restrict-namespaces

diff --git a/etc/profile-a-l/lettura.profile b/etc/profile-a-l/lettura.profile new file mode 100644 index 000000000..94a455355 --- /dev/null +++ b/etc/profile-a-l/lettura.profile
@@ -0,0 +1,76 @@
	1	# Firejail profile for lettura
	2	# Description: Another free and open-source feed reader
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include lettura.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/lettura
	10	noblacklist ${HOME}/.config/com.lettura.dev
	11	noblacklist ${HOME}/.lettura
	12	noblacklist ${HOME}/.local/share/com.lettura.dev
	13
	14	include disable-common.inc
	15	include disable-devel.inc
	16	include disable-exec.inc
	17	include disable-interpreters.inc
	18	include disable-proc.inc
	19	include disable-programs.inc
	20	include disable-shell.inc
	21	include disable-xdg.inc
	22
	23	mkdir ${HOME}/.cache/lettura
	24	mkdir ${HOME}/.config/com.lettura.dev
	25	mkdir ${HOME}/.lettura
	26	mkdir ${HOME}/.local/share/com.lettura.dev
	27	whitelist ${HOME}/.cache/lettura
	28	whitelist ${HOME}/.config/com.lettura.dev
	29	whitelist ${HOME}/.lettura
	30	whitelist ${HOME}/.local/share/com.lettura.dev
	31	whitelist ${DOWNLOADS}
	32	include whitelist-common.inc
	33	include whitelist-run-common.inc
	34	include whitelist-runuser-common.inc
	35	include whitelist-usr-share-common.inc
	36	include whitelist-var-common.inc
	37
	38	# The lines below are needed to find the default Firefox profile name, to allow
	39	# opening links in an existing instance of Firefox (note that it still fails if
	40	# there isn't a Firefox instance running with the default profile; see #5352)
	41	noblacklist ${HOME}/.mozilla
	42	whitelist ${HOME}/.mozilla/firefox/profiles.ini
	43
	44	apparmor
	45	caps.drop all
	46	netfilter
	47	nodvd
	48	nogroups
	49	noinput
	50	nonewprivs
	51	noprinters
	52	noroot
	53	#nosound
	54	notv
	55	nou2f
	56	novideo
	57	protocol unix,inet,inet6
	58	seccomp
	59	seccomp.block-secondary
	60	tracelog
	61
	62	disable-mnt
	63	private-bin lettura
	64	private-cache
	65	private-dev
	66	private-etc @network,@sound,@tls-ca,@x11,mime.types
	67	private-tmp
	68
	69	dbus-user filter
	70	dbus-user.talk org.freedesktop.Notifications
	71	?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
	72	# allow D-Bus communication with firefox for opening links
	73	dbus-user.talk org.mozilla.*
	74	dbus-system none
	75
	76	restrict-namespaces