From 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 7 Aug 2017 01:22:08 -0400 Subject: Unify all profiles --- etc/gjs.profile | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) (limited to 'etc/gjs.profile') diff --git a/etc/gjs.profile b/etc/gjs.profile index f1def3f16..443dccfea 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile @@ -1,35 +1,34 @@ -# Persistent global definitions go here -include /etc/firejail/globals.local - -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. +# Firejail profile for gjs +# This file is overwritten after every install/update +# Persistent local customizations include /etc/firejail/gjs.local +# Persistent global definitions +include /etc/firejail/globals.local -# gjs (gnome javascript bindings) profile - -# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them - +noblacklist ~/.cache/libgweather +noblacklist ~/.cache/org.gnome.Books noblacklist ~/.config/libreoffice noblacklist ~/.local/share/gnome-photos -noblacklist ~/.cache/org.gnome.Books -noblacklist ~/.cache/libgweather include /etc/firejail/disable-common.inc -include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc caps.drop all +netfilter nogroups nonewprivs noroot protocol unix,inet,inet6 seccomp -netfilter shell none tracelog # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather -private-tmp private-dev # private-etc fonts +private-tmp + +# CLOBBERED COMMENTS +# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them -- cgit v1.2.3-54-g00ecf