From 4e57e3975dce20824eb02ff726adef3d634d8e15 Mon Sep 17 00:00:00 2001
From: Jose Riha <jose1711@gmail.com>
Date: Sat, 15 Jun 2019 15:01:34 +0200
Subject: Add profile for udiskie

---
 etc/udiskie.profile | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 etc/udiskie.profile

(limited to 'etc')

diff --git a/etc/udiskie.profile b/etc/udiskie.profile
new file mode 100644
index 000000000..37b5d9a64
--- /dev/null
+++ b/etc/udiskie.profile
@@ -0,0 +1,35 @@
+# Firejail profile for udiskie
+# Description: Removable disk automounter using udisks
+# This file is overwritten after every install/update
+# quiet
+# Persistent local customizations
+include udiskie.local
+# Persistent global definitions
+include globals.local
+
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc include disable-programs.inc
+include disable-xdg.inc
+
+caps.drop all
+machine-id
+net none
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+seccomp
+shell none
+tracelog
+
+private-cache
+private-dev
+private-tmp
-- 
cgit v1.2.3-54-g00ecf


From f97e4fd97064b7f6a6101c1c60d5f88538d89ac6 Mon Sep 17 00:00:00 2001
From: Jose Riha <jose1711@gmail.com>
Date: Sat, 15 Jun 2019 15:56:08 +0200
Subject: Apply suggestions from code review

Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
---
 etc/udiskie.profile | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/udiskie.profile b/etc/udiskie.profile
index 37b5d9a64..7960b4bc3 100644
--- a/etc/udiskie.profile
+++ b/etc/udiskie.profile
@@ -1,7 +1,6 @@
 # Firejail profile for udiskie
 # Description: Removable disk automounter using udisks
 # This file is overwritten after every install/update
-# quiet
 # Persistent local customizations
 include udiskie.local
 # Persistent global definitions
@@ -14,22 +13,33 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
-include disable-passwdmgr.inc include disable-programs.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
 include disable-xdg.inc
 
+include whitelist-var-common.inc
+
 caps.drop all
 machine-id
 net none
+no3d
 nogroups
 nonewprivs
 noroot
+nosound
 notv
 nou2f
 novideo
+protocol unix
 seccomp
 shell none
 tracelog
 
+private-bin awk,cut,dbus-send,egrep,file,grep,head,python,python3,readlink,sed,sh,udiskie,uname,which,xdg-mime,xdg-open,xprop
+# add your configured file browser in udiskie.local, e. g.
+# private-bin nautilus
+# private-bin thunar
 private-cache
 private-dev
+private-etc ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,alternatives,mime.types,xdg
 private-tmp
-- 
cgit v1.2.3-54-g00ecf