1 files changed, 44 insertions, 0 deletions
diff --git a/etc/profile-m-z/nautilus.profile b/etc/profile-m-z/nautilus.profile
new file mode 100644
index 000000000..e003488de
--- /dev/null
+++ b/etc/profile-m-z/nautilus.profile
@@ -0,0 +1,44 @@
+# Firejail profile for nautilus
+# Description: File manager and graphical shell for GNOME
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nautilus.local
+# Persistent global definitions
+include globals.local
+# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
+# is already a nautilus process running on gnome desktops firejail will have no effect.
+noblacklist ${HOME}/.config/nautilus
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/nautilus
+noblacklist ${HOME}/.local/share/nautilus-python
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# include disable-programs.inc
+allusers
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
+# private-bin nautilus
+# private-dev
+# private-tmp

diff --git a/etc/profile-m-z/nautilus.profile b/etc/profile-m-z/nautilus.profile new file mode 100644 index 000000000..e003488de --- /dev/null +++ b/etc/profile-m-z/nautilus.profile
@@ -0,0 +1,44 @@
	1	# Firejail profile for nautilus
	2	# Description: File manager and graphical shell for GNOME
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include nautilus.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
	10	# is already a nautilus process running on gnome desktops firejail will have no effect.
	11
	12	noblacklist ${HOME}/.config/nautilus
	13	noblacklist ${HOME}/.local/share/Trash
	14	noblacklist ${HOME}/.local/share/nautilus
	15	noblacklist ${HOME}/.local/share/nautilus-python
	16
	17	# Allow python (blacklisted by disable-interpreters.inc)
	18	include allow-python2.inc
	19	include allow-python3.inc
	20
	21	include disable-common.inc
	22	include disable-devel.inc
	23	include disable-interpreters.inc
	24	include disable-passwdmgr.inc
	25	# include disable-programs.inc
	26
	27	allusers
	28	caps.drop all
	29	netfilter
	30	nodvd
	31	nogroups
	32	nonewprivs
	33	noroot
	34	notv
	35	novideo
	36	protocol unix
	37	seccomp
	38	shell none
	39	tracelog
	40
	41	# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
	42	# private-bin nautilus
	43	# private-dev
	44	# private-tmp