From bc8d91400256b6d0739c50097f1564d1598310a4 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Wed, 23 Jun 2021 01:14:34 -0700
Subject: Add kristall profile Update amfora profile

---
 PKGBUILD                  |  4 ++--
 profiles/amfora.profile   | 23 ++++++++++--------
 profiles/kristall.profile | 59 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 75 insertions(+), 11 deletions(-)
 create mode 100644 profiles/kristall.profile

diff --git a/PKGBUILD b/PKGBUILD
index 3d456a7..4368bce 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,14 +2,14 @@
 
 pkgname=firejail-profiles
 pkgver=20210623
-pkgrel=1
+pkgrel=2
 pkgdesc="Additional firejail profiles and locals"
 arch=('any')
 url="https://library.iserlohn-fortress.net/firejail-profiles.git"
 license=('GPLv3')
 depends=('firejail' 'hardened-malloc')
 source=(profiles.tar.gz)
-b2sums=('c9be5521de29a3db3ba84a2813291222b4edcc1807c989339ebbd034684aec5135a7de75eb8316bd88598d54fa1d715393c847b9577bf9871a7e989950ee5223')
+b2sums=('57e3c4f64d5b5cff971ba218e1a52bd213c5164998e1d44ed6009a6d7eedd99f036e8f8ddc941e1d52396346f169a1e964bf743396516c12ada64c9033c86509')
 
 package() {
   install --directory ${pkgdir}/etc/firejail
diff --git a/profiles/amfora.profile b/profiles/amfora.profile
index d4d6fa8..fcbeb82 100644
--- a/profiles/amfora.profile
+++ b/profiles/amfora.profile
@@ -13,14 +13,6 @@ noblacklist ${HOME}/.local/share/amfora
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
 
-mkdir ${HOME}/.config/amfora
-whitelist ${HOME}/.config/amfora
-mkdir ${HOME}/.local/share/amfora
-whitelist ${HOME}/.local/share/amfora
-
-
-include allow-perl.inc
-
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
@@ -28,9 +20,15 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.config/amfora
+mkdir ${HOME}/.local/share/amfora
+
+whitelist ${HOME}/.config/amfora
+whitelist ${HOME}/.local/share/amfora
 include whitelist-runuser-common.inc
 
 caps.drop all
+machine-id
 netfilter
 no3d
 nodvd
@@ -46,11 +44,18 @@ seccomp
 shell none
 tracelog
 
+disable-mnt
 private-bin amfora
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-etc ca-certificates,resolv.conf,ssl
 private-tmp
 
+dbus-user none
+dbus-system none
+
+noexec ${HOME}
+noexec /tmp
+
 # # Use with hardened-malloc package
 env LD_PRELOAD=/usr/lib/libhardened_malloc.so
diff --git a/profiles/kristall.profile b/profiles/kristall.profile
new file mode 100644
index 0000000..4e570b2
--- /dev/null
+++ b/profiles/kristall.profile
@@ -0,0 +1,59 @@
+# Firejail profile for kristall
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kristall.local
+# Persistent global definitions
+include globals.local
+
+
+noblacklist ${HOME}/.cache/kristall
+noblacklist ${HOME}/.config/xqTechnologies
+#noblacklist ${HOME}/.local/share/kristall
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+
+mkdir ${HOME}/.config/xqTechnologies
+#mkdir ${HOME}/.local/share/kristall
+
+whitelist ${DOWNLOADS}
+#whitelist ${HOME}/.cache/kristall
+whitelist ${HOME}/.config/xqTechnologies
+#whitelist ${HOME}/.local/share/kristall
+include /etc/firejail/whitelist-common.inc
+
+
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp !name_to_handle_at
+shell none
+tracelog
+
+disable-mnt
+private-bin bash,kristall
+private-cache
+private-dev
+private-etc ca-certificates,fonts,machine-id,resolv.conf,ssl
+private-tmp
+
+dbus-user none
+dbus-system none
+
+noexec ${HOME}
+noexec /tmp
+
+# # Use with hardened-malloc package
+env LD_PRELOAD=/usr/lib/libhardened_malloc.so
-- 
cgit v1.2.1