1 files changed, 71 insertions, 0 deletions
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile
new file mode 100644
index 000000000..fa67b76c7
--- /dev/null
+++ b/etc/profile-m-z/zim.profile
@@ -0,0 +1,71 @@
+# Firejail profile for Zim
+# Description: Desktop wiki & notekeeper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include zim.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/zim
+noblacklist ${HOME}/.config/zim
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+mkdir ${HOME}/.cache/zim
+mkdir ${HOME}/.config/zim
+mkdir ${HOME}/Notebooks
+whitelist ${HOME}/.cache/zim
+whitelist ${HOME}/.config/zim
+whitelist ${HOME}/Notebooks
+whitelist ${DESKTOP}
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${MUSIC}
+whitelist ${PICTURES}
+whitelist ${VIDEOS}
+whitelist /usr/share/zim
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin python*,zim
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-tmp
+dbus-user none
+dbus-system none

diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile new file mode 100644 index 000000000..fa67b76c7 --- /dev/null +++ b/etc/profile-m-z/zim.profile
@@ -0,0 +1,71 @@
	1	# Firejail profile for Zim
	2	# Description: Desktop wiki & notekeeper
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include zim.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.cache/zim
	10	noblacklist ${HOME}/.config/zim
	11
	12	# Allow python (blacklisted by disable-interpreters.inc)
	13	include allow-python2.inc
	14	include allow-python3.inc
	15
	16	blacklist /usr/libexec
	17
	18	include disable-common.inc
	19	include disable-devel.inc
	20	include disable-exec.inc
	21	include disable-interpreters.inc
	22	include disable-programs.inc
	23	include disable-shell.inc
	24
	25	mkdir ${HOME}/.cache/zim
	26	mkdir ${HOME}/.config/zim
	27	mkdir ${HOME}/Notebooks
	28	whitelist ${HOME}/.cache/zim
	29	whitelist ${HOME}/.config/zim
	30	whitelist ${HOME}/Notebooks
	31	whitelist ${DESKTOP}
	32	whitelist ${DOCUMENTS}
	33	whitelist ${DOWNLOADS}
	34	whitelist ${MUSIC}
	35	whitelist ${PICTURES}
	36	whitelist ${VIDEOS}
	37	whitelist /usr/share/zim
	38	include whitelist-common.inc
	39	include whitelist-runuser-common.inc
	40	include whitelist-usr-share-common.inc
	41	include whitelist-var-common.inc
	42
	43	apparmor
	44	caps.drop all
	45	machine-id
	46	net none
	47	no3d
	48	nodvd
	49	nogroups
	50	noinput
	51	nonewprivs
	52	noroot
	53	nosound
	54	notv
	55	nou2f
	56	novideo
	57	protocol unix
	58	seccomp
	59	seccomp.block-secondary
	60	shell none
	61	tracelog
	62
	63	disable-mnt
	64	private-bin python*,zim
	65	private-cache
	66	private-dev
	67	private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
	68	private-tmp
	69
	70	dbus-user none
	71	dbus-system none