From 9a0db13e12516efcbbd0d72ce25e8e111f5d3319 Mon Sep 17 00:00:00 2001
From: Tavi <tavi@divested.dev>
Date: Tue, 30 Apr 2024 14:35:14 -0400
Subject: profiles: add loupe

Signed-off-by: Tavi <tavi@divested.dev>
---
 etc/profile-a-l/loupe.profile | 50 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 etc/profile-a-l/loupe.profile

(limited to 'etc')

diff --git a/etc/profile-a-l/loupe.profile b/etc/profile-a-l/loupe.profile
new file mode 100644
index 000000000..5d39341f5
--- /dev/null
+++ b/etc/profile-a-l/loupe.profile
@@ -0,0 +1,50 @@
+# Firejail profile for loupe
+# Description: GNOME's modern Image Viewer program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include loupe.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
+
+#include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-write-mnt.inc
+
+#whitelist /usr/share/glycin-loaders
+include whitelist-runuser-common.inc
+#include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,netlink
+#loupe decodes all images in their own sandbox via glycin
+#https://gitlab.gnome.org/sophie-h/glycin#sandboxing-and-inner-workings
+#seccomp
+seccomp.block-secondary
+tracelog
+
+private-cache
+private-dev
+private-etc @x11
+private-tmp
-- 
cgit v1.2.3-54-g00ecf