caja.profile 1.16 KB
Newer Older
Tad's avatar
Tad committed
1
# Firejail profile for caja
2
# Description: File manager for the MATE desktop
Tad's avatar
Tad committed
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include caja.local
Tad's avatar
Tad committed
6
# Persistent global definitions
7
include globals.local
Fred Barclay's avatar
Fred Barclay committed
8

Tad's avatar
Tad committed
9 10 11
# Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
# is already a caja process running on MATE desktops firejail will have no effect.

12 13 14
noblacklist ${HOME}/.local/share/Trash
# noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below
# noblacklist ${HOME}/.local/share/caja-python
Fred Barclay's avatar
Fred Barclay committed
15

16 17 18 19 20 21
# Allow python (blacklisted by disable-interpreters.inc)
noblacklist ${PATH}/python2*
noblacklist ${PATH}/python3*
noblacklist /usr/lib/python2*
noblacklist /usr/lib/python3*

22 23 24 25
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
26
# include disable-programs.inc
Fred Barclay's avatar
Fred Barclay committed
27 28

caps.drop all
29
netfilter
Tad's avatar
Tad committed
30
nodvd
Fred Barclay's avatar
Fred Barclay committed
31 32
nogroups
nonewprivs
33
noroot
Tad's avatar
Tad committed
34
notv
smitsohu's avatar
smitsohu committed
35
novideo
Fred Barclay's avatar
Fred Barclay committed
36 37 38 39 40
protocol unix
seccomp
shell none
tracelog

Tad's avatar
Tad committed
41
# caja needs to be able to start arbitrary applications so we cannot blacklist their files
Fred Barclay's avatar
Fred Barclay committed
42 43 44
# private-bin caja
# private-dev
# private-etc fonts
Tad's avatar
Tad committed
45
# private-tmp