1 files changed, 71 insertions, 0 deletions
diff --git a/etc/profile-m-z/session-desktop.profile b/etc/profile-m-z/session-desktop.profile
new file mode 100644
index 000000000..b1076b080
--- /dev/null
+++ b/etc/profile-m-z/session-desktop.profile
@@ -0,0 +1,71 @@
+# Firejail profile for session-desktop
+# Description: Encrypted messenger
+# This file is overwritten after every install/update
+# Persistent local customizations
+include session-desktop.local
+# Persistent global definitions
+include globals.local
+blacklist /usr/libexec
+ignore noexec /tmp
+noblacklist ${HOME}/.config/Session
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/Session
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Session
+whitelist /opt/Session
+whitelist /opt/session-desktop
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+?HAS_APPIMAGE: ignore noinput
+noinput
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin session-desktop*,session-messenger-desktop*
+private-cache
+?HAS_APPIMAGE: ignore private-dev
+private-dev
+private-etc @network,@tls-ca,@x11
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.impl.*
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.portal.*
+dbus-user.talk org.freedesktop.secrets
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+?ALLOW_TRAY: dbus-user.own org.kde.*
+dbus-system none
+# breaks app
+#restrict-namespaces

diff --git a/etc/profile-m-z/session-desktop.profile b/etc/profile-m-z/session-desktop.profile new file mode 100644 index 000000000..b1076b080 --- /dev/null +++ b/etc/profile-m-z/session-desktop.profile
@@ -0,0 +1,71 @@
	1	# Firejail profile for session-desktop
	2	# Description: Encrypted messenger
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include session-desktop.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	blacklist /usr/libexec
	10
	11	ignore noexec /tmp
	12
	13	noblacklist ${HOME}/.config/Session
	14
	15	include disable-common.inc
	16	include disable-devel.inc
	17	include disable-exec.inc
	18	include disable-interpreters.inc
	19	include disable-proc.inc
	20	include disable-programs.inc
	21	include disable-shell.inc
	22	include disable-xdg.inc
	23
	24	mkdir ${HOME}/.config/Session
	25	whitelist ${DOWNLOADS}
	26	whitelist ${HOME}/.config/Session
	27	whitelist /opt/Session
	28	whitelist /opt/session-desktop
	29	include whitelist-common.inc
	30	include whitelist-run-common.inc
	31	include whitelist-runuser-common.inc
	32	include whitelist-usr-share-common.inc
	33	include whitelist-var-common.inc
	34
	35	apparmor
	36	caps.drop all
	37	ipc-namespace
	38	netfilter
	39	nodvd
	40	nogroups
	41	?HAS_APPIMAGE: ignore noinput
	42	noinput
	43	nonewprivs
	44	noprinters
	45	noroot
	46	notv
	47	nou2f
	48	protocol unix,inet,inet6,netlink
	49	seccomp !chroot
	50	seccomp.block-secondary
	51	tracelog
	52
	53	disable-mnt
	54	private-bin session-desktop,session-messenger-desktop
	55	private-cache
	56	?HAS_APPIMAGE: ignore private-dev
	57	private-dev
	58	private-etc @network,@tls-ca,@x11
	59	private-tmp
	60
	61	dbus-user filter
	62	dbus-user.talk org.freedesktop.impl.*
	63	dbus-user.talk org.freedesktop.Notifications
	64	dbus-user.talk org.freedesktop.portal.*
	65	dbus-user.talk org.freedesktop.secrets
	66	?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
	67	?ALLOW_TRAY: dbus-user.own org.kde.*
	68	dbus-system none
	69
	70	# breaks app
	71	#restrict-namespaces