From c435504a3eb66dee9a2964658bce8e17627e9c68 Mon Sep 17 00:00:00 2001
From: juan <gatitocurioso@cock.lu>
Date: Sat, 16 Sep 2017 13:20:36 -0400
Subject: Add 5 profiles

---
 etc/ardour4.profile    | 34 ++++++++++++++++++++++++++++++++++
 etc/dooble-qt4.profile | 33 +++++++++++++++++++++++++++++++++
 etc/dooble.profile     | 33 +++++++++++++++++++++++++++++++++
 etc/karbon.profile     | 37 +++++++++++++++++++++++++++++++++++++
 etc/krita.profile      | 37 +++++++++++++++++++++++++++++++++++++
 5 files changed, 174 insertions(+)
 create mode 100644 etc/ardour4.profile
 create mode 100644 etc/dooble-qt4.profile
 create mode 100644 etc/dooble.profile
 create mode 100644 etc/karbon.profile
 create mode 100644 etc/krita.profile

diff --git a/etc/ardour4.profile b/etc/ardour4.profile
new file mode 100644
index 000000000..3a52edb66
--- /dev/null
+++ b/etc/ardour4.profile
@@ -0,0 +1,34 @@
+# Firejail profile for ardour4
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/ardour4.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ~/.config/ardour4
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ~/.config/ardour4
+whitelist ~/.config/ardour4
+whitelist ~/Music
+whitelist ~/Música
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+shell none
+tracelog
+
+# private-bin ardour4
+private-dev
+# private-etc ardour4
+private-tmp
diff --git a/etc/dooble-qt4.profile b/etc/dooble-qt4.profile
new file mode 100644
index 000000000..ec85c7b58
--- /dev/null
+++ b/etc/dooble-qt4.profile
@@ -0,0 +1,33 @@
+# Firejail profile for dooble-qt4
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/dooble-qt4.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ~/.dooble
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ~/.dooble
+mkdir ~/usr/lib/dooble-qt4
+whitelist ${DOWNLOADS}
+whitelist ~/.config/keepassx
+whitelist ~/.config/lastpass
+whitelist ~/.dooble
+whitelist ~/.keepassx
+whitelist ~/.lastpass
+whitelist ~/keepassx.kdbx
+whitelist ~/usr/lib/dooble
+whitelist ~/usr/lib/dooble-qt4
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
diff --git a/etc/dooble.profile b/etc/dooble.profile
new file mode 100644
index 000000000..13e4ead96
--- /dev/null
+++ b/etc/dooble.profile
@@ -0,0 +1,33 @@
+# Firejail profile for dooble
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/dooble.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ~/.dooble
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ~/.dooble
+mkdir ~/usr/lib/dooble-qt4
+whitelist ${DOWNLOADS}
+whitelist ~/.config/keepassx
+whitelist ~/.config/lastpass
+whitelist ~/.dooble
+whitelist ~/.keepassx
+whitelist ~/.lastpass
+whitelist ~/keepassx.kdbx
+whitelist ~/usr/lib/dooble
+whitelist ~/usr/lib/dooble-qt4
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
diff --git a/etc/karbon.profile b/etc/karbon.profile
new file mode 100644
index 000000000..da72432f7
--- /dev/null
+++ b/etc/karbon.profile
@@ -0,0 +1,37 @@
+# Firejail profile for karbon
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/karbon.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.kde4
+whitelist ${HOME}/.themes
+whitelist ${HOME}/Images
+whitelist /tmp/.X11-unix
+# DBus has been forced to use an ordinary unix socket
+whitelist /tmp/dbus_session_socket
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+nogroups
+noroot
+seccomp
+shell none
+
+# private-bin krita,dbus-launch
+private-dev
+# private-etc fonts,passwd,alternatives,X11
+
+noexec /home
+noexec /tmp
diff --git a/etc/krita.profile b/etc/krita.profile
new file mode 100644
index 000000000..f6e62e387
--- /dev/null
+++ b/etc/krita.profile
@@ -0,0 +1,37 @@
+# Firejail profile for krita
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/krita.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+blacklist /boot
+blacklist /media
+blacklist /mnt
+blacklist /opt
+
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.kde4
+whitelist ${HOME}/.themes
+whitelist ${HOME}/Images
+whitelist /tmp/.X11-unix
+# DBus has been forced to use an ordinary unix socket
+whitelist /tmp/dbus_session_socket
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+nogroups
+noroot
+seccomp
+shell none
+
+# private-bin krita,dbus-launch
+private-dev
+# private-etc fonts,passwd,alternatives,X11
+
+noexec /home
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2