From 39dc3c893b5d895ed9db9071dd47b3de7b28f2fd Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 7 Aug 2017 14:24:51 -0400
Subject: Unify last 8 profiles

---
 etc/default.profile | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

(limited to 'etc/default.profile')

diff --git a/etc/default.profile b/etc/default.profile
index 44a9e548b..693f89ad3 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -1,31 +1,38 @@
-# Persistent global definitions go here
+# Firejail profile for default
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/default.local
+# Persistent global definitions
 include /etc/firejail/globals.local
 
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
-include /etc/firejail/default.local
+# generic gui profile
+# depending on your usage, you can enable some of the commands below:
 
-################################
-# Generic GUI application profile
-################################
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 
 caps.drop all
+# ipc-namespace
 netfilter
+# nogroups
 nonewprivs
 noroot
+# nosound
+# novideo
 protocol unix,inet,inet6
 seccomp
-
-#
-# depending on your usage, you can enable some of the commands below:
-#
-# nogroups
 # shell none
+
+# disable-mnt
+# private
 # private-bin program
-# private-etc none
 # private-dev
+# private-etc none
+# private-lib
 # private-tmp
-# nosound
+
+# memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
-- 
cgit v1.2.3-70-g09d2