From 41427b8f62358344d45197fb674786d1a4dd11bf Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Sat, 30 Oct 2021 08:35:09 -0400
Subject: adding noprofile.profile from rusty-snake

---
 etc/profile-m-z/noprofile.profile | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 etc/profile-m-z/noprofile.profile

(limited to 'etc')

diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile
new file mode 100644
index 000000000..560ee9db3
--- /dev/null
+++ b/etc/profile-m-z/noprofile.profile
@@ -0,0 +1,28 @@
+# This is the weakest possible firejail profile.
+# If a program still fail with this profile, it is incompatible with firejail.
+# (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72)
+#
+# Usage:
+#   1. download
+#   2. firejail --profile=noprofile.profile /path/to/program
+
+# Keep in mind that even with this profile some things are done
+# which can break the program.
+# - some env-vars are cleared
+# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes'
+# - a new private pid-namespace is created
+# - a minimal hardcoded blacklist is applied
+# - ...
+
+noblacklist /sys/fs
+noblacklist /sys/module
+
+allow-debuggers
+allusers
+keep-config-pulse
+keep-dev-shm
+keep-var-tmp
+writable-etc
+writable-run-user
+writable-var
+writable-var-log
-- 
cgit v1.2.3-70-g09d2