From 0ea4ed8408f6fc506f9e4bef0f9e94fe14ea8d9c Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 16 Mar 2019 17:49:01 +0000
Subject: Seahorse revisited (#2600)

* Refactor seahorse into a whitelist profile

* Refactor seahorse-tool as a whitelist profile

* Create seahorse-daemon.profile

* Add seahorse-daemon to firecfg

* Drop blacklist /tmp/.X11-unix from seahorse.profile

Thanks to @rusty-snake for pointing out blacklisting /tmp/.X11-unix is ridiculous for GUI's.

* Add non-GUI option to seahorse-daemon
---
 etc/seahorse-daemon.profile | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 etc/seahorse-daemon.profile

(limited to 'etc/seahorse-daemon.profile')

diff --git a/etc/seahorse-daemon.profile b/etc/seahorse-daemon.profile
new file mode 100644
index 000000000..1beb0edc6
--- /dev/null
+++ b/etc/seahorse-daemon.profile
@@ -0,0 +1,15 @@
+# Firejail profile for seahorse-daemon
+# Description: PGP encryption and signing
+# This file is overwritten after every install/update
+# Persistent local customizations
+include seahorse-daemon.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+
+blacklist /tmp/.X11-unix
+
+memory-deny-write-execute
+
+# Redirect
+include seahorse.profile
-- 
cgit v1.2.3-70-g09d2