From 41548ac02d6783896951b7d7ec1eabaabc31e444 Mon Sep 17 00:00:00 2001 From: Hugo Osvaldo Barrera Date: Mon, 29 Nov 2021 18:42:11 +0100 Subject: Add a profile for Flatseal --- etc/profile-a-l/com.github.tchx84.Flatseal.profile | 65 ++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 etc/profile-a-l/com.github.tchx84.Flatseal.profile (limited to 'etc') diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile new file mode 100644 index 000000000..a095104f0 --- /dev/null +++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile @@ -0,0 +1,65 @@ +# Firejail profile for flatseal +# This file is overwritten after every install/update +# Persistent local customizations +include com.github.tchx84.Flatseal.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.local/share/flatpak/overrides +noblacklist /var/lib/flatpak/app + +# Allow gjs (blacklisted by disable-interpreters.inc) +include allow-gjs.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.local/share/flatpak/overrides +whitelist ${HOME}/.local/share/flatpak/overrides +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +net none +no3d +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +seccomp.block-secondary +shell none +tracelog + +disable-mnt +private-bin com.github.tchx84.Flatseal,gjs +private-cache +private-dev +private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload +private-tmp + +dbus-user filter +dbus-user.own com.github.tchx84.Flatseal +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.freedesktop.impl.portal.PermissionStore +dbus-user.talk org.gnome.Software +dbus-system none + +read-write ${HOME}/.local/share/flatpak/overrides -- cgit v1.2.3-54-g00ecf