From 60599691bb404d34666b4bfd381eb977ecf50fbb Mon Sep 17 00:00:00 2001 From: CaseOf Date: Thu, 6 Jan 2022 22:17:01 +0100 Subject: Create seafile-applet.profile --- etc/inc/disable-programs.inc | 2 ++ etc/profile-m-z/seafile-applet.profile | 62 ++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 etc/profile-m-z/seafile-applet.profile (limited to 'etc') diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 02407f54f..a13d5a4d3 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -16,6 +16,7 @@ blacklist ${HOME}/.Natron blacklist ${HOME}/.PlayOnLinux blacklist ${HOME}/.PyCharm* blacklist ${HOME}/.Sayonara +blacklist ${HOME}/Seafile/.seafile-data blacklist ${HOME}/.Steam blacklist ${HOME}/.Steampath blacklist ${HOME}/.Steampid @@ -312,6 +313,7 @@ blacklist ${HOME}/.config/Riot blacklist ${HOME}/.config/Rocket.Chat blacklist ${HOME}/.config/RogueLegacy blacklist ${HOME}/.config/RogueLegacyStorageContainer +blacklist ${HOME}/.config/Seafile blacklist ${HOME}/.config/Signal blacklist ${HOME}/.config/Sinew Software Systems blacklist ${HOME}/.config/Slack diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile new file mode 100644 index 000000000..79e072475 --- /dev/null +++ b/etc/profile-m-z/seafile-applet.profile @@ -0,0 +1,62 @@ +# Firejail profile for Seafile +# Description: Seafile desktop client. +# This file is overwritten after every install/update +# Persistent local customizations +include seafile-applet.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/Seafile +noblacklist ${HOME}/Seafile/.seafile-data + +blacklist /usr/libexec + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.ccnet +mkdir ${HOME}/.config/Seafile +mkdir ${HOME}/Seafile +whitelist ${HOME}/.ccnet +whitelist ${HOME}/.config/Seafile +whitelist ${HOME}/Seafile + +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin seaf-cli,seaf-daemon,seafile-applet +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl +#private-opt none +private-tmp + +dbus-user none +dbus-system none -- cgit v1.2.3-54-g00ecf