Initial commit

1 files changed, 64 insertions, 0 deletions

diff --git a/profiles/kmymoney.profile b/profiles/kmymoney.profile
new file mode 100644
index 0000000..1e3b266
--- /dev/null
+++ b/profiles/kmymoney.profile
@@ -0,0 +1,64 @@
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kmymoney.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.aqbanking
+noblacklist ${HOME}/.config/kmymoneyrc
+noblacklist ${HOME}/.config/kmymoney
+noblacklist ${HOME}/.local/share/kmymoney
+
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+mkdir ${HOME}/.aqbanking
+mkfile ${HOME}/.config/kmymoneyrc
+mkdir ${HOME}/.config/kmymoney
+mkdir ${HOME}/.local/share/kmymoney
+
+whitelist ${HOME}/.aqbanking
+# # whitelist entire .config as kde workaround
+whitelist ${HOME}/.config
+whitelist ${HOME}/.config/kmymoneyrc
+whitelist ${HOME}/.config/kmymoney
+whitelist ${HOME}/.local/share/kmymoney
+
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+machine-id
+net none
+netfilter
+# # no3d breaks gpu accelerated rendering
+# no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+# # seccomp breaks integrated file manager on kde applications
+# # due to syscall name_to_handle_at
+seccomp !name_to_handle_at
+shell none
+tracelog
+
+disable-mnt
+private-bin bash,kmymoney
+private-cache
+private-dev
+private-etc fonts,localtime
+private-tmp
+
+# memory-deny-write-execute