# Firejail profile for kristall
# This file is overwritten after every install/update
# Persistent local customizations
include kristall.local
# Persistent global definitions
include globals.local


noblacklist ${HOME}/.cache/kristall
noblacklist ${HOME}/.config/xqTechnologies
#noblacklist ${HOME}/.local/share/kristall

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-shell.inc
include /etc/firejail/disable-write-mnt.inc
include /etc/firejail/disable-xdg.inc

mkdir ${HOME}/.config/xqTechnologies
#mkdir ${HOME}/.local/share/kristall

whitelist ${DOWNLOADS}
#whitelist ${HOME}/.cache/kristall
whitelist ${HOME}/.config/xqTechnologies
#whitelist ${HOME}/.local/share/kristall
include /etc/firejail/whitelist-common.inc


caps.drop all
machine-id
netfilter
nodvd
nogroups
noinput
nonewprivs
noroot
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
restrict-namespaces
seccomp !name_to_handle_at
tracelog

disable-mnt
private-bin bash,kristall
private-cache
private-dev
private-etc ca-certificates,fonts,machine-id,resolv.conf,ssl
private-tmp

dbus-user none
dbus-system none

noexec ${HOME}
noexec /tmp

# # Use with hardened-malloc package
env LD_PRELOAD=/usr/lib/libhardened_malloc.so