From fa10ab0e093a4224b16491273b0162b0e0a77a3a Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sat, 19 Nov 2016 21:57:42 +0100
Subject: many new profiles

---
 etc/nautilus.profile | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 etc/nautilus.profile

(limited to 'etc/nautilus.profile')

diff --git a/etc/nautilus.profile b/etc/nautilus.profile
new file mode 100644
index 000000000..264ee0b9d
--- /dev/null
+++ b/etc/nautilus.profile
@@ -0,0 +1,26 @@
+# nautilus profile
+
+# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect.
+
+noblacklist ~/.config/nautilus
+
+include /etc/firejail/disable-common.inc
+# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
+#include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+
+# private-bin nautilus
+# private-tmp
+# private-dev
+# private-etc fonts
-- 
cgit v1.2.3-54-g00ecf