1 files changed, 50 insertions, 0 deletions

diff --git a/archive/.config/firejail/hexographer.profile b/archive/.config/firejail/hexographer.profile
new file mode 100644
index 00000000..39f0ffee
--- /dev/null
+++ b/archive/.config/firejail/hexographer.profile
@@ -0,0 +1,50 @@
+# Firejail profile for hexographer, based on upstream profile for
+# terasology
+
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.java
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.java
+
+whitelist ~/.fonts
+whitelist ~/.fonts.d
+whitelist ~/.fontconfig
+whitelist ~/.fonts.conf
+whitelist ~/.fonts.conf.d
+
+whitelist ${HOME}/.java
+whitelist ${HOME}/lib/annex/.git/annex/objects
+read-only ${HOME}/lib/annex/.git/annex/objects
+whitelist ${HOME}/lib/annex/big/software
+read-only ${HOME}/lib/annex/big/software
+# following will require `git annex unlock`
+whitelist ${HOME}/lib/annex/doc/gaming
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+net none
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-dev
+# following causes hexographer to use ~/?/.java instead of ~/.java
+#private-etc profile,fonts,alternatives,java-9-openjdk,java-8-openjdk,java-7-openjdk
+private-tmp
+
+noexec ${HOME}