1 files changed, 78 insertions, 0 deletions
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
new file mode 100644
index 000000000..d3112ae95
--- /dev/null
+++ b/etc/profile-m-z/psi.profile
@@ -0,0 +1,78 @@
+# Firejail profile for psi
+# Description: Native XMPP client with GPG support
+# This file is overwritten after every install/update
+# Persistent local customizations
+include psi.local
+# Persistent global definitions
+include globals.local
+# Uncomment for GPG
+# noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/psi
+noblacklist ${HOME}/.cache/Psi
+noblacklist ${HOME}/.config/psi
+noblacklist ${HOME}/.local/share/psi
+noblacklist ${HOME}/.local/share/Psi
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+# Uncomment for GPG
+# mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.cache/psi
+mkdir ${HOME}/.cache/Psi
+mkdir ${HOME}/.config/psi
+mkdir ${HOME}/.local/share/psi
+mkdir ${HOME}/.local/share/Psi
+# Uncomment for GPG
+# whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.cache/psi
+whitelist ${HOME}/.cache/Psi
+whitelist ${HOME}/.config/psi
+whitelist ${HOME}/.local/share/psi
+whitelist ${HOME}/.local/share/Psi
+whitelist ${DOWNLOADS}
+# Uncomment for GPG
+# whitelist /usr/share/gnupg
+# whitelist /usr/share/gnupg2
+whitelist /usr/share/psi
+# Uncomment for GPG
+# whitelist ${RUNUSER}/gnupg
+# whitelist ${RUNUSER}/keyring
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+shell none
+# breaks on Arch
+# tracelog
+disable-mnt
+# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG
+private-bin getopt,psi
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-tmp
+dbus-user none
+dbus-system none

diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile new file mode 100644 index 000000000..d3112ae95 --- /dev/null +++ b/etc/profile-m-z/psi.profile
@@ -0,0 +1,78 @@
	1	# Firejail profile for psi
	2	# Description: Native XMPP client with GPG support
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include psi.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Uncomment for GPG
	10	# noblacklist ${HOME}/.gnupg
	11	noblacklist ${HOME}/.cache/psi
	12	noblacklist ${HOME}/.cache/Psi
	13	noblacklist ${HOME}/.config/psi
	14	noblacklist ${HOME}/.local/share/psi
	15	noblacklist ${HOME}/.local/share/Psi
	16
	17	include disable-common.inc
	18	include disable-devel.inc
	19	include disable-exec.inc
	20	include disable-interpreters.inc
	21	include disable-passwdmgr.inc
	22	include disable-programs.inc
	23	include disable-shell.inc
	24	include disable-xdg.inc
	25
	26	# Uncomment for GPG
	27	# mkdir ${HOME}/.gnupg
	28	mkdir ${HOME}/.cache/psi
	29	mkdir ${HOME}/.cache/Psi
	30	mkdir ${HOME}/.config/psi
	31	mkdir ${HOME}/.local/share/psi
	32	mkdir ${HOME}/.local/share/Psi
	33	# Uncomment for GPG
	34	# whitelist ${HOME}/.gnupg
	35	whitelist ${HOME}/.cache/psi
	36	whitelist ${HOME}/.cache/Psi
	37	whitelist ${HOME}/.config/psi
	38	whitelist ${HOME}/.local/share/psi
	39	whitelist ${HOME}/.local/share/Psi
	40	whitelist ${DOWNLOADS}
	41	# Uncomment for GPG
	42	# whitelist /usr/share/gnupg
	43	# whitelist /usr/share/gnupg2
	44	whitelist /usr/share/psi
	45	# Uncomment for GPG
	46	# whitelist ${RUNUSER}/gnupg
	47	# whitelist ${RUNUSER}/keyring
	48	include whitelist-common.inc
	49	include whitelist-runuser-common.inc
	50	include whitelist-usr-share-common.inc
	51	include whitelist-var-common.inc
	52
	53	apparmor
	54	caps.drop all
	55	netfilter
	56	nodvd
	57	nogroups
	58	nonewprivs
	59	noroot
	60	notv
	61	novideo
	62	nou2f
	63	protocol unix,inet,inet6,netlink
	64	seccomp !chroot
	65	shell none
	66	# breaks on Arch
	67	# tracelog
	68
	69	disable-mnt
	70	# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG
	71	private-bin getopt,psi
	72	private-cache
	73	private-dev
	74	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
	75	private-tmp
	76
	77	dbus-user none
	78	dbus-system none