1 files changed, 72 insertions, 0 deletions
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile
new file mode 100644
index 000000000..5ae9cddb3
--- /dev/null
+++ b/etc/profile-m-z/zim.profile
@@ -0,0 +1,72 @@
+# Firejail profile for Zim
+# Description: Desktop wiki & notekeeper
+# This file is overwritten after every install/update
+# Persistent local customizations
+include zim.local
+# Persistent global definitions
+include globals.local
+nodeny ${HOME}/.cache/zim
+nodeny ${HOME}/.config/zim
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+deny /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+mkdir ${HOME}/.cache/zim
+mkdir ${HOME}/.config/zim
+mkdir ${HOME}/Notebooks
+allow ${HOME}/.cache/zim
+allow ${HOME}/.config/zim
+allow ${HOME}/Notebooks
+allow ${DESKTOP}
+allow ${DOCUMENTS}
+allow ${DOWNLOADS}
+allow ${MUSIC}
+allow ${PICTURES}
+allow ${VIDEOS}
+allow /usr/share/zim
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin python*,zim
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
+private-tmp
+dbus-user none
+dbus-system none

diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile new file mode 100644 index 000000000..5ae9cddb3 --- /dev/null +++ b/etc/profile-m-z/zim.profile
@@ -0,0 +1,72 @@
	1	# Firejail profile for Zim
	2	# Description: Desktop wiki & notekeeper
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include zim.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	nodeny ${HOME}/.cache/zim
	10	nodeny ${HOME}/.config/zim
	11
	12	# Allow python (blacklisted by disable-interpreters.inc)
	13	include allow-python2.inc
	14	include allow-python3.inc
	15
	16	deny /usr/libexec
	17
	18	include disable-common.inc
	19	include disable-devel.inc
	20	include disable-exec.inc
	21	include disable-interpreters.inc
	22	include disable-passwdmgr.inc
	23	include disable-programs.inc
	24	include disable-shell.inc
	25
	26	mkdir ${HOME}/.cache/zim
	27	mkdir ${HOME}/.config/zim
	28	mkdir ${HOME}/Notebooks
	29	allow ${HOME}/.cache/zim
	30	allow ${HOME}/.config/zim
	31	allow ${HOME}/Notebooks
	32	allow ${DESKTOP}
	33	allow ${DOCUMENTS}
	34	allow ${DOWNLOADS}
	35	allow ${MUSIC}
	36	allow ${PICTURES}
	37	allow ${VIDEOS}
	38	allow /usr/share/zim
	39	include whitelist-common.inc
	40	include whitelist-runuser-common.inc
	41	include whitelist-usr-share-common.inc
	42	include whitelist-var-common.inc
	43
	44	apparmor
	45	caps.drop all
	46	machine-id
	47	net none
	48	no3d
	49	nodvd
	50	nogroups
	51	noinput
	52	nonewprivs
	53	noroot
	54	nosound
	55	notv
	56	nou2f
	57	novideo
	58	protocol unix
	59	seccomp
	60	seccomp.block-secondary
	61	shell none
	62	tracelog
	63
	64	disable-mnt
	65	private-bin python*,zim
	66	private-cache
	67	private-dev
	68	private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11
	69	private-tmp
	70
	71	dbus-user none
	72	dbus-system none