From e1f738891aefa1c200b973fc6ed0bda56b6fd870 Mon Sep 17 00:00:00 2001
From: Fred Barclay <Fred-Barclay@users.noreply.github.com>
Date: Fri, 28 Apr 2017 11:28:44 -0500
Subject: Very basic Caja profile. Modified from existing nautilus profile. It
 might need some future editing and tweaking.

---
 etc/caja.profile | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 etc/caja.profile

(limited to 'etc')

diff --git a/etc/caja.profile b/etc/caja.profile
new file mode 100644
index 000000000..fe89d7b2d
--- /dev/null
+++ b/etc/caja.profile
@@ -0,0 +1,32 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/caja.local
+
+# Caja profile for Firejail
+
+# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
+ # is already a caja process running on MATE desktops firejail will have no effect.
+
+noblacklist ~/.config/caja
+noblacklist ~/.local/share/caja
+
+include /etc/firejail/disable-common.inc
+# caja needs to be able to start arbitrary applications so we cannot blacklist their files
+#include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+
+# private-bin caja
+# private-tmp
+# private-dev
+# private-etc fonts
-- 
cgit v1.2.3-54-g00ecf