From f332fe2614980e1d50e59e9429ff88ac49ec137c Mon Sep 17 00:00:00 2001
From: avoidr <avoidr@users.noreply.github.com>
Date: Sun, 6 Dec 2015 15:33:39 +0100
Subject: add parole.profile

---
 Makefile.in               |  1 +
 etc/parole.profile        | 17 +++++++++++++++++
 platform/debian/conffiles |  1 +
 3 files changed, 19 insertions(+)
 create mode 100644 etc/parole.profile

diff --git a/Makefile.in b/Makefile.in
index 59fe34f60..8c1a21e9a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -127,6 +127,7 @@ realinstall:
 	install -c -m 0644 .etc/weechat-curses.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/hexchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/rtorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/parole.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	rm -fr .etc
 	# man pages
diff --git a/etc/parole.profile b/etc/parole.profile
new file mode 100644
index 000000000..24181c8d6
--- /dev/null
+++ b/etc/parole.profile
@@ -0,0 +1,17 @@
+# Profile for Parole, the default XFCE4 media player
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+private-etc passwd,group,fonts
+private-bin parole,dbus-launch
+blacklist ${HOME}/.pki/nssdb
+blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.password-store
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+netfilter
+noroot
+shell none
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index bda064f60..47b84d207 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -53,3 +53,4 @@
 /etc/firejail/weechat-curses.profile
 /etc/firejail/hexchat.profile
 /etc/firejail/rtorrent.profile
+/etc/firejail/parole.profile
-- 
cgit v1.2.3-54-g00ecf