1 files changed, 68 insertions, 0 deletions
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
new file mode 100644
index 000000000..1d4ee9370
--- /dev/null
+++ b/etc/profile-m-z/tin.profile
@@ -0,0 +1,68 @@
+# Firejail profile for tin
+# Description: ncurses-based Usenet newsreader
+# This file is overwritten after every install/update
+# Persistent local customizations
+include tin.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.newsrc
+noblacklist ${HOME}/.tin
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.tin
+mkfile ${HOME}/.newsrc
+# Note: files/directories directly in ${HOME} can't be whitelisted, as
+#       tin saves .newsrc by renaming a temporary file, which is not possible for
+#       bind-mounted files.
+#whitelist ${HOME}/.newsrc
+#whitelist ${HOME}/.tin
+#include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin rtin,tin
+private-cache
+private-dev
+private-etc alternatives,ld.so.cache,ld.so.preload,passwd,resolv.conf,terminfo,tin
+private-lib terminfo
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute

diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile new file mode 100644 index 000000000..1d4ee9370 --- /dev/null +++ b/etc/profile-m-z/tin.profile
@@ -0,0 +1,68 @@
	1	# Firejail profile for tin
	2	# Description: ncurses-based Usenet newsreader
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include tin.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.newsrc
	10	noblacklist ${HOME}/.tin
	11
	12	blacklist /tmp/.X11-unix
	13	blacklist ${RUNUSER}
	14	blacklist /usr/libexec
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-exec.inc
	19	include disable-interpreters.inc
	20	include disable-programs.inc
	21	include disable-shell.inc
	22	include disable-xdg.inc
	23
	24	mkdir ${HOME}/.tin
	25	mkfile ${HOME}/.newsrc
	26	# Note: files/directories directly in ${HOME} can't be whitelisted, as
	27	# tin saves .newsrc by renaming a temporary file, which is not possible for
	28	# bind-mounted files.
	29	#whitelist ${HOME}/.newsrc
	30	#whitelist ${HOME}/.tin
	31	#include whitelist-common.inc
	32	include whitelist-runuser-common.inc
	33	include whitelist-usr-share-common.inc
	34	include whitelist-var-common.inc
	35
	36	apparmor
	37	caps.drop all
	38	ipc-namespace
	39	machine-id
	40	netfilter
	41	no3d
	42	nodvd
	43	nogroups
	44	noinput
	45	nonewprivs
	46	noroot
	47	nosound
	48	notv
	49	nou2f
	50	novideo
	51	protocol inet,inet6
	52	seccomp
	53	seccomp.block-secondary
	54	shell none
	55	tracelog
	56
	57	disable-mnt
	58	private-bin rtin,tin
	59	private-cache
	60	private-dev
	61	private-etc alternatives,ld.so.cache,ld.so.preload,passwd,resolv.conf,terminfo,tin
	62	private-lib terminfo
	63	private-tmp
	64
	65	dbus-user none
	66	dbus-system none
	67
	68	memory-deny-write-execute