selivan/skypeforlinux.profile

## skypeforlinux.profile
# Firejail profile for skypeforlinux
# This file is overwritten after every install/update
# Persistent local customizations
include /etc/firejail/skypeforlinux.local
# Persistent global definitions
include /etc/firejail/globals.local

ignore private-dev
whitelist /dev/dri
whitelist /dev/full
# whitelist /dev/log
whitelist /dev/null
whitelist /dev/ptmx
whitelist /dev/pts
whitelist /dev/random
whitelist /dev/shm
whitelist /dev/snd
whitelist /dev/tty
whitelist /dev/urandom
whitelist /dev/video0
whitelist /dev/zero

noblacklist ${HOME}/.config/skypeforlinux
whitelist ${HOME}/.config/skypeforlinux

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

caps.drop all
netfilter
nodvd
nogroups
nonewprivs
noroot
notv
protocol unix,inet,inet6,netlink
seccomp
shell none

noblacklist ${HOME}/.pulse
whitelist ${HOME}/.pulse

# Caused problems, disabled. See https://github.com/netblue30/firejail/issues/1740
#private-dev
private-tmp
disable-mnt

# https://github.com/netblue30/firejail/issues/1740
#noblacklist /run/systemd
#read-only /run/systemd
#noblacklist /var/run/systemd
#read-only /var/run/systemd

noexec ${HOME}
noexec /tmp
	# Firejail profile for skypeforlinux
	# This file is overwritten after every install/update
	# Persistent local customizations
	include /etc/firejail/skypeforlinux.local
	# Persistent global definitions
	include /etc/firejail/globals.local

	ignore private-dev
	whitelist /dev/dri
	whitelist /dev/full
	# whitelist /dev/log
	whitelist /dev/null
	whitelist /dev/ptmx
	whitelist /dev/pts
	whitelist /dev/random
	whitelist /dev/shm
	whitelist /dev/snd
	whitelist /dev/tty
	whitelist /dev/urandom
	whitelist /dev/video0
	whitelist /dev/zero

	noblacklist ${HOME}/.config/skypeforlinux
	whitelist ${HOME}/.config/skypeforlinux

	include /etc/firejail/disable-common.inc
	include /etc/firejail/disable-devel.inc
	include /etc/firejail/disable-passwdmgr.inc
	include /etc/firejail/disable-programs.inc

	caps.drop all
	netfilter
	nodvd
	nogroups
	nonewprivs
	noroot
	notv
	protocol unix,inet,inet6,netlink
	seccomp
	shell none

	noblacklist ${HOME}/.pulse
	whitelist ${HOME}/.pulse

	# Caused problems, disabled. See https://github.com/netblue30/firejail/issues/1740
	#private-dev
	private-tmp
	disable-mnt

	# https://github.com/netblue30/firejail/issues/1740
	#noblacklist /run/systemd
	#read-only /run/systemd
	#noblacklist /var/run/systemd
	#read-only /var/run/systemd

	noexec ${HOME}
	noexec /tmp