From 55906959a9cbf6a9d53273c5bd875174ab1a6d51 Mon Sep 17 00:00:00 2001
From: Fred Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 13 Jun 2020 12:02:53 -0500
Subject: More fixes for #3464

Backporting fixes for Atom 1.48 to firejail 0.9.52, 0.9.58, and 0.9.60

Summary:
- remove nonewprivs, noroot, protocol, and seccomp
- update caps filter to keep sys_admin and sys_chroot

Without these changes Atom 1.48 breaks and refuses to start (due to
Electron sandboxing)
---
 etc-fixes/0.9.58/atom.profile | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 etc-fixes/0.9.58/atom.profile

(limited to 'etc-fixes/0.9.58/atom.profile')

diff --git a/etc-fixes/0.9.58/atom.profile b/etc-fixes/0.9.58/atom.profile
new file mode 100644
index 000000000..9bc35da5a
--- /dev/null
+++ b/etc-fixes/0.9.58/atom.profile
@@ -0,0 +1,36 @@
+
+# Firejail profile for atom
+# Description: A hackable text editor for the 21st Century
+# This file is overwritten after every install/update
+# Persistent local customizations
+include atom.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.atom
+noblacklist ${HOME}/.config/Atom
+noblacklist ${HOME}/.cargo/config
+noblacklist ${HOME}/.cargo/registry
+
+include disable-common.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+caps.keep sys_admin,sys_chroot
+# net none
+netfilter
+nodbus
+nodvd
+nogroups
+nosound
+notv
+nou2f
+novideo
+shell none
+
+private-cache
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2