From 018d75775eab4a0f045949a9d069c57686ca2686 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 21 Apr 2020 08:24:28 -0400 Subject: reorganize github etc directory --- etc/profile-a-l/baloo_file.profile | 54 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 etc/profile-a-l/baloo_file.profile (limited to 'etc/profile-a-l/baloo_file.profile') diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile new file mode 100644 index 000000000..785e37a16 --- /dev/null +++ b/etc/profile-a-l/baloo_file.profile @@ -0,0 +1,54 @@ +# Firejail profile for baloo_file +# This file is overwritten after every install/update +# Persistent local customizations +include baloo_file.local +# Persistent global definitions +include globals.local + +# Make home directory read-only and allow writing only to ${HOME}/.local/share/baloo +# Note: Baloo will not be able to update the "first run" key in its configuration files. +# mkdir ${HOME}/.local/share/baloo +# read-only ${HOME} +# read-write ${HOME}/.local/share/baloo +# ignore read-write + +noblacklist ${HOME}/.config/baloofilerc +noblacklist ${HOME}/.kde/share/config/baloofilerc +noblacklist ${HOME}/.kde/share/config/baloorc +noblacklist ${HOME}/.kde4/share/config/baloofilerc +noblacklist ${HOME}/.kde4/share/config/baloorc +noblacklist ${HOME}/.local/share/baloo + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +# net none +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +# blacklisting of ioprio_set system calls breaks baloo_file +seccomp !ioprio_set +shell none +# x11 xorg + +private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kbuildsycoca4 +private-cache +private-dev +private-tmp -- cgit v1.2.3-54-g00ecf