3 files changed, 49 insertions, 1 deletions

diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
index b517620db..2831fec72 100644
--- a/etc/profile-a-l/audacity.profile
+++ b/etc/profile-a-l/audacity.profile
@@ -20,7 +20,8 @@ include disable-xdg.inc
 
 include whitelist-var-common.inc
 
-apparmor
+## Enabling App Armor appears to break some Fedora / Arch installs
+#apparmor
 caps.drop all
 net none
 no3d
diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile
new file mode 100644
index 000000000..783183bea
--- /dev/null
+++ b/etc/profile-a-l/gdu.profile
@@ -0,0 +1,46 @@
+# Firejail profile for gdu
+# Description: Fast disk usage analyzer with console interface
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include gdu.local
+# Persistent global definitions
+include globals.local
+
+blacklist ${RUNUSER}/wayland-*
+
+include disable-exec.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+# block the socket syscall to simulate an be empty protocol line, see #639
+seccomp socket
+seccomp.block-secondary
+x11 none
+
+private-dev
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+
+# gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features.
+# Depending on workflow and use case the sandbox can be hardened by adding the
+# lines below to your gdu.local if you don't need/want these functionalities.
+#include disable-shell.inc
+#private-bin gdu
+#read-only ${HOME}
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index dd2f0b318..4ec6ef82e 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -1,4 +1,5 @@
 # Firejail profile for makepkg
+# Description: A utility to automate the building of Arch Linux packages
 # This file is overwritten after every install/update
 quiet
 # Persistent local customizations