From 6ffdc467370c4d4964ced120e5a2cddc0bc38490 Mon Sep 17 00:00:00 2001
From: greigdp <greigdp@users.noreply.github.com>
Date: Thu, 18 Aug 2016 12:00:46 +0100
Subject: Add profile for Gajim IM client

---
 etc/gajim.profile | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 etc/gajim.profile

(limited to 'etc/gajim.profile')

diff --git a/etc/gajim.profile b/etc/gajim.profile
new file mode 100644
index 000000000..04902a734
--- /dev/null
+++ b/etc/gajim.profile
@@ -0,0 +1,33 @@
+# Firejail profile for Gajim
+
+mkdir ${HOME}/.cache/gajim
+mkdir ${HOME}/.local/share/gajim
+mkdir ${HOME}/.config/gajim
+mkdir ${HOME}/Downloads
+
+# Allow the local python 2.7 site packages, in case any plugins are using these
+mkdir ${HOME}/.local/lib/python2.7/site-packages/
+whitelist ${HOME}/.local/lib/python2.7/site-packages/
+read-only ${HOME}/.local/lib/python2.7/site-packages/
+
+whitelist ${HOME}/.cache/gajim
+whitelist ${HOME}/.local/share/gajim
+whitelist ${HOME}/.config/gajim
+whitelist ${HOME}/Downloads
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+
+caps.drop all
+netfilter
+nonewprivs
+nogroups
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+
+#private-bin python2.7 gajim
+private-dev
-- 
cgit v1.2.3-54-g00ecf