From 8aec7694cb4c7c0d07b333b689ab19faacb519f9 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Thu, 1 Feb 2018 22:39:21 +0100
Subject: KDE related enhancements

---
 etc/krunner.profile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'etc/krunner.profile')

diff --git a/etc/krunner.profile b/etc/krunner.profile
index 606b67677..1e97f4290 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -5,12 +5,15 @@ include /etc/firejail/krunner.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-# start a program in krunner: program will run with this generic profile
-# open a file in krunner: file viewer will run with its own profile (if firejailed automatically)
+# - programs started in krunner run with this generic profile.
+# - when a file is opened in krunner, the file viewer runs in its own sandbox
+#   with its own profile, if it is sandboxed automatically.
 
+# noblacklist ${HOME}/.cache/krunner
 noblacklist ${HOME}/.config/krunnerrc
 noblacklist ${HOME}/.kde/share/config/krunnerrc
 noblacklist ${HOME}/.kde4/share/config/krunnerrc
+# noblacklist ${HOME}/.local/share/baloo
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
@@ -21,6 +24,7 @@ include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
-- 
cgit v1.2.3-54-g00ecf