From e90a8025a8173f3ce1fb0d22c3fc0b2ccb431ecc Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 30 Sep 2016 09:33:45 -0400
Subject: added luminance-hdr and synfigstudio profiles

---
 etc/disable-programs.inc  |  3 +++
 etc/luminance-hdr.profile | 23 +++++++++++++++++++++++
 etc/synfigstudio.profile  | 17 +++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 etc/luminance-hdr.profile
 create mode 100644 etc/synfigstudio.profile

(limited to 'etc')

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 54c53e794..8566ea0c5 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -27,6 +27,9 @@ blacklist ${HOME}/.kde/share/config/okularpartrc
 blacklist ${HOME}/.kde/share/apps/gwenview
 blacklist ${HOME}/.kde/share/config/gwenviewrc
 blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/Luminance
+blacklist ${HOME}/.config/synfig
+blacklist ${HOME}/.synfig
 
 # Media players
 blacklist ${HOME}/.config/cmus
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
new file mode 100644
index 000000000..e9207fba3
--- /dev/null
+++ b/etc/luminance-hdr.profile
@@ -0,0 +1,23 @@
+# luminance-hdr
+noblacklist ${HOME}/.config/Luminance
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
+
+
+caps.drop all
+netfilter
+protocol unix
+nonewprivs
+noroot
+seccomp
+shell none
+tracelog
+private-tmp
+private-dev
+noexec ${HOME}
+noexec /tmp
+nogroups
+nosound
+ipc-namespace
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
new file mode 100644
index 000000000..d46467b99
--- /dev/null
+++ b/etc/synfigstudio.profile
@@ -0,0 +1,17 @@
+# synfigstudio
+noblacklist ${HOME}/.config/synfig
+noblacklist ${HOME}/.synfig
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix
+seccomp
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2