From 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 7 Aug 2017 01:22:08 -0400 Subject: Unify all profiles --- etc/caja.profile | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) (limited to 'etc/caja.profile') diff --git a/etc/caja.profile b/etc/caja.profile index a724e76b1..adbcc09b9 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -1,24 +1,18 @@ -# Persistent global definitions go here -include /etc/firejail/globals.local - -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. +# Firejail profile for caja +# This file is overwritten after every install/update +# Persistent local customizations include /etc/firejail/caja.local - -# Caja profile for Firejail - -# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there -# is already a caja process running on MATE desktops firejail will have no effect. +# Persistent global definitions +include /etc/firejail/globals.local noblacklist ~/.config/caja -noblacklist ~/.local/share/caja-python noblacklist ~/.local/share/Trash +noblacklist ~/.local/share/caja-python include /etc/firejail/disable-common.inc -# caja needs to be able to start arbitrary applications so we cannot blacklist their files -#include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc +# include /etc/firejail/disable-programs.inc caps.drop all netfilter @@ -31,6 +25,11 @@ shell none tracelog # private-bin caja -# private-tmp # private-dev # private-etc fonts +# private-tmp + +# CLOBBERED COMMENTS +# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there +# caja needs to be able to start arbitrary applications so we cannot blacklist their files +# is already a caja process running on MATE desktops firejail will have no effect. -- cgit v1.2.3-54-g00ecf