1 files changed, 73 insertions, 0 deletions
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile
new file mode 100644
index 000000000..5c965f55c
--- /dev/null
+++ b/etc/profile-m-z/mcomix.profile
@@ -0,0 +1,73 @@
+# Firejail profile for mcomix
+# Description: A comic book and manga viewer in python
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mcomix.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/mcomix
+noblacklist ${HOME}/.local/share/mcomix
+noblacklist ${DOCUMENTS}
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+# Allow python (blacklisted by disable-interpreters.inc)
+# mcomix <= 1.2 uses python2
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/mcomix
+mkdir ${HOME}/.local/share/mcomix
+whitelist /usr/share/mcomix
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+include whitelist-runuser-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+# mcomix <= 1.2 uses python2
+private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip
+private-cache
+private-dev
+# mcomix <= 1.2 uses gtk-2.0
+private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
+read-write ${HOME}/.config/mcomix
+read-write ${HOME}/.local/share/mcomix
+#to allow ${HOME}/.local/share/recently-used.xbel
+read-write ${HOME}/.local/share
+# used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails
+read-write ${HOME}/.thumbnails

diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile new file mode 100644 index 000000000..5c965f55c --- /dev/null +++ b/etc/profile-m-z/mcomix.profile
@@ -0,0 +1,73 @@
	1	# Firejail profile for mcomix
	2	# Description: A comic book and manga viewer in python
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include mcomix.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/mcomix
	10	noblacklist ${HOME}/.local/share/mcomix
	11	noblacklist ${DOCUMENTS}
	12
	13	# Allow /bin/sh (blacklisted by disable-shell.inc)
	14	include allow-bin-sh.inc
	15
	16	# Allow python (blacklisted by disable-interpreters.inc)
	17	# mcomix <= 1.2 uses python2
	18	include allow-python2.inc
	19	include allow-python3.inc
	20
	21	include disable-common.inc
	22	include disable-devel.inc
	23	include disable-exec.inc
	24	include disable-interpreters.inc
	25	include disable-programs.inc
	26	include disable-shell.inc
	27	include disable-write-mnt.inc
	28	include disable-xdg.inc
	29
	30	mkdir ${HOME}/.config/mcomix
	31	mkdir ${HOME}/.local/share/mcomix
	32	whitelist /usr/share/mcomix
	33	include whitelist-usr-share-common.inc
	34	include whitelist-var-common.inc
	35	include whitelist-runuser-common.inc
	36
	37	apparmor
	38	caps.drop all
	39	machine-id
	40	net none
	41	nodvd
	42	nogroups
	43	noinput
	44	nonewprivs
	45	noroot
	46	nosound
	47	notv
	48	nou2f
	49	novideo
	50	protocol unix
	51	seccomp
	52	seccomp.block-secondary
	53	shell none
	54	tracelog
	55
	56	# mcomix <= 1.2 uses python2
	57	private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip
	58	private-cache
	59	private-dev
	60	# mcomix <= 1.2 uses gtk-2.0
	61	private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg
	62	private-tmp
	63
	64	dbus-user none
	65	dbus-system none
	66
	67	read-only ${HOME}
	68	read-write ${HOME}/.config/mcomix
	69	read-write ${HOME}/.local/share/mcomix
	70	#to allow ${HOME}/.local/share/recently-used.xbel
	71	read-write ${HOME}/.local/share
	72	# used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails
	73	read-write ${HOME}/.thumbnails