2 files changed, 42 insertions, 1 deletions
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 9785b9eae..ae40c3ec7 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -28,6 +28,7 @@ shell none
 private-dev
 # private-tmp
-memory-deny-write-execute
+# memory-deny-write-execute breaks some systems, see issue #1850
+# memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
new file mode 100644
index 000000000..7e7902dff
--- /dev/null
+++ b/etc/gnome-logs.profile
@@ -0,0 +1,40 @@
+# Firejail profile for gnome-logs
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gnome-logs.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+whitelist /var/log/journal
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+disable-mnt
+private-bin gnome-logs
+private-dev
+#private-etc fonts
+#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,librsvg-2.so.2
+private-tmp
+writable-var-log
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 9785b9eae..ae40c3ec7 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile
@@ -28,6 +28,7 @@ shell none
28	private-dev	28	private-dev
29	# private-tmp	29	# private-tmp
30		30
31	memory-deny-write-execute	31	# memory-deny-write-execute breaks some systems, see issue #1850
		32	# memory-deny-write-execute
32	noexec ${HOME}	33	noexec ${HOME}
33	noexec /tmp	34	noexec /tmp


diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile new file mode 100644 index 000000000..7e7902dff --- /dev/null +++ b/etc/gnome-logs.profile
@@ -0,0 +1,40 @@
		1	# Firejail profile for gnome-logs
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/gnome-logs.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-devel.inc
		10	include /etc/firejail/disable-passwdmgr.inc
		11	include /etc/firejail/disable-programs.inc
		12
		13	whitelist /var/log/journal
		14	include /etc/firejail/whitelist-var-common.inc
		15
		16	caps.drop all
		17	net none
		18	no3d
		19	nodbus
		20	nodvd
		21	nogroups
		22	nonewprivs
		23	noroot
		24	nosound
		25	notv
		26	novideo
		27	protocol unix
		28	seccomp
		29	shell none
		30
		31	disable-mnt
		32	private-bin gnome-logs
		33	private-dev
		34	#private-etc fonts
		35	#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,librsvg-2.so.2
		36	private-tmp
		37	writable-var-log
		38
		39	noexec ${HOME}
		40	noexec /tmp