1 files changed, 60 insertions, 0 deletions
diff --git a/etc/profile-m-z/system-log-common.profile b/etc/profile-m-z/system-log-common.profile
new file mode 100644
index 000000000..dda8bdc47
--- /dev/null
+++ b/etc/profile-m-z/system-log-common.profile
@@ -0,0 +1,60 @@
+# Firejail profile for system-log-common
+# Description: Common profile for GUI system log viewers
+# This file is overwritten after every install/update
+# Persistent local customizations
+include system-log-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist /run/log/journal
+whitelist /var/log/journal
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+#nogroups
+noinput
+nonewprivs
+noprinters
+#noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
+dbus-user none
+dbus-system none
+restrict-namespaces
+# Add 'ignore read-only ${HOME}' to your system-log-common.local
+# if you export logs to a file under your ${HOME}.
+read-only ${HOME}
+writable-var-log

diff --git a/etc/profile-m-z/system-log-common.profile b/etc/profile-m-z/system-log-common.profile new file mode 100644 index 000000000..dda8bdc47 --- /dev/null +++ b/etc/profile-m-z/system-log-common.profile
@@ -0,0 +1,60 @@
	1	# Firejail profile for system-log-common
	2	# Description: Common profile for GUI system log viewers
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include system-log-common.local
	6	# Persistent global definitions
	7	# added by caller profile
	8	#include globals.local
	9
	10	include disable-common.inc
	11	include disable-devel.inc
	12	include disable-exec.inc
	13	include disable-interpreters.inc
	14	include disable-proc.inc
	15	include disable-programs.inc
	16	include disable-shell.inc
	17	include disable-xdg.inc
	18
	19	whitelist /run/log/journal
	20	whitelist /var/log/journal
	21	include whitelist-common.inc
	22	include whitelist-run-common.inc
	23	include whitelist-runuser-common.inc
	24	include whitelist-usr-share-common.inc
	25	include whitelist-var-common.inc
	26
	27	apparmor
	28	caps.drop all
	29	ipc-namespace
	30	net none
	31	no3d
	32	nodvd
	33	#nogroups
	34	noinput
	35	nonewprivs
	36	noprinters
	37	#noroot
	38	nosound
	39	notv
	40	nou2f
	41	novideo
	42	protocol unix
	43	seccomp
	44	seccomp.block-secondary
	45	tracelog
	46
	47	disable-mnt
	48	private-cache
	49	private-dev
	50	private-etc machine-id
	51	private-tmp
	52
	53	dbus-user none
	54	dbus-system none
	55
	56	restrict-namespaces
	57	# Add 'ignore read-only ${HOME}' to your system-log-common.local
	58	# if you export logs to a file under your ${HOME}.
	59	read-only ${HOME}
	60	writable-var-log