Check-in [7c010a3f80]
Not logged in
Overview
Comment:mmmv_silkexec attic
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 7c010a3f80e79784a2e4158e89259269eb2c19f5
User & Date: martin_vahi on 2017-01-07 16:36:05
Other Links: manifest | tags
Context
2017-03-14 05:12
silktorrent_packager_t1.bash upgrade check-in: 451de8e10d user: martin_vahi tags: trunk
2017-01-07 16:36
mmmv_silkexec attic check-in: 7c010a3f80 user: martin_vahi tags: trunk
2017-01-01 22:09
mmmv_microbot_crypto_t1 template check-in: 76fba73212 user: martin_vahi tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Added work_in_progress/experiments/mmmv_silkexec/COMMENTS.txt version [d055cb0dfd].







>
>
>
1
2
3

All of the documentation resides at the Silktorrent wiki.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/pull_new_version_from_git_repository.bash version [b4cec1513e].



































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/env bash
#--------------------------------------------------------------------------
# Initial author: martin.vahi@softf1.com
# This file is in public domain.
#==========================================================================
S_FP_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
#--------------------------------------------------------------------------
# For copy-pasting to the ~/.bashrc
#
#     alias mmmv_cre_git_clone="cp $PATH_TO_THE<$S_FP_DIR>/pull_new_version_from_git_repository ./; mkdir -p ./the_repository_clones;"
#
#--------------------------------------------------------------------------


fun_assert_exists_on_path_t1 () {
    local S_NAME_OF_THE_EXECUTABLE=$1 # first function argument
    local S_TMP_0="\`which $S_NAME_OF_THE_EXECUTABLE 2>/dev/null\`"
    local S_TMP_1=""
    local S_TMP_2="S_TMP_1=$S_TMP_0"
    eval ${S_TMP_2}
    if [ "$S_TMP_1" == "" ] ; then
        echo ""
        echo "This bash script requires the \"$S_NAME_OF_THE_EXECUTABLE\" to be on the PATH."
        echo ""
        exit 1 # exit with error
    fi
} # fun_assert_exists_on_path_t1

fun_assert_exists_on_path_t1 "ruby"
fun_assert_exists_on_path_t1 "grep"
fun_assert_exists_on_path_t1 "date"
fun_assert_exists_on_path_t1 "git"


#--------------------------------------------------------------------------
S_TMP_0="`uname -a | grep -E [Ll]inux`"
if [ "$S_TMP_0" == "" ]; then
    S_TMP_0="`uname -a | grep -E [Bb][Ss][Dd]`"
    if [ "$S_TMP_0" == "" ]; then
        echo ""
        echo "  The classical command line utilities at "
        echo "  different operating systems, for example, Linux and BSD,"
        echo "  differ. This script is designed to run only on Linux and BSD."
        echo "  If You are willing to risk that some of Your data "
        echo "  is deleted and/or Your operating system instance"
        echo "  becomes permanently flawed, to the point that "
        echo "  it will not even boot, then You may edit the Bash script that "
        echo "  displays this error message by modifying the test that "
        echo "  checks for the operating system type."
        echo ""
        echo "  If You do decide to edit this Bash script, then "
        echo "  a recommendation is to test Your modifications "
        echo "  within a virtual machine or, if virtual machines are not"
        echo "  an option, as some new operating system user that does not have "
        echo "  any access to the vital data/files."
        echo "  GUID=='2df484c3-13f2-4796-99ac-91d0305090e7'"
        echo ""
        echo "  Aborting script without doing anything."
        echo ""
        exit 1 # exit with error
    fi
fi


#--------------------------------------------------------------------------

S_TIMESTAMP="`date +%Y`_`date +%m`_`date +%d`_T_`date +%H`h_`date +%M`min_`date +%S`s"
S_FP_ARCHIVE="$S_FP_DIR/archives/$S_TIMESTAMP"
mkdir -p $S_FP_ARCHIVE
S_FP_THE_REPOSITORY_CLONES="$S_FP_DIR/the_repository_clones"
mkdir -p $S_FP_THE_REPOSITORY_CLONES


AR_REPO_FOLDER_NAMES=()

fun_assemble_array_of_repository_clone_folder_names () {
    cd $S_FP_THE_REPOSITORY_CLONES
    local S_TMP_0="`ruby -e \"ar=Array.new; Dir.glob('*').each{|x| if File.directory? x then ar<<x end}; puts(ar.to_s.gsub('[','(').gsub(']',')').gsub(',',' '))\"`"
    cd $S_FP_DIR
    local S_TMP_1="AR_REPO_FOLDER_NAMES=$S_TMP_0"
    eval ${S_TMP_1}
} # fun_assemble_array_of_repository_clone_folder_names 

fun_assemble_array_of_repository_clone_folder_names 


fun_update () {
    local S_FP_FUNC_UPDATE_ORIG="`pwd`"
    for s_iter in ${AR_REPO_FOLDER_NAMES[@]}; do
         S_FOLDER_NAME_OF_THE_LOCAL_COPY="$s_iter"
         echo ""
         echo "            Archiving a copy of $S_FOLDER_NAME_OF_THE_LOCAL_COPY"
         cp -f -R $S_FP_THE_REPOSITORY_CLONES/$S_FOLDER_NAME_OF_THE_LOCAL_COPY $S_FP_ARCHIVE/
         cd $S_FP_THE_REPOSITORY_CLONES/$S_FOLDER_NAME_OF_THE_LOCAL_COPY
         echo "Checking out a newer version of $S_FOLDER_NAME_OF_THE_LOCAL_COPY"
         #--------
         # downloads the newest version of the software to that folder.
         git pull --recurse-submodules 
         #----
         # http://stackoverflow.com/questions/1030169/easy-way-pull-latest-of-all-submodules
         git submodule update --init --recursive
         #--------
         cd $S_FP_DIR
    done
    cd $S_FP_FUNC_UPDATE_ORIG
} # fun_update 

 
fun_update # is a call to the function
echo ""

#==========================================================================

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/FETCH_HEAD version [7898e2fd45].



>
1
2b9677bd2d15077766db70bfedb0a30d4994f8c3		branch 'master' of https://github.com/SpotComms/FirejailProfileGenerator

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/HEAD version [acbaef275e].



>
1
ref: refs/heads/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/ORIG_HEAD version [6f398a6d88].



>
1
2b9677bd2d15077766db70bfedb0a30d4994f8c3

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/config version [910dbba08c].























>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/SpotComms/FirejailProfileGenerator.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/description version [9635f1b7e1].



>
1
Unnamed repository; edit this file 'description' to name the repository.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/applypatch-msg.sample version [86b9655a9e].































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#!/bin/sh
#
# An example hook script to check the commit log message taken by
# applypatch from an e-mail message.
#
# The hook should exit with non-zero status after issuing an
# appropriate message if it wants to stop the commit.  The hook is
# allowed to edit the commit message file.
#
# To enable this hook, rename this file to "applypatch-msg".

. git-sh-setup
test -x "$GIT_DIR/hooks/commit-msg" &&
	exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"}
:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/commit-msg.sample version [ee1ed5aad9].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/sh
#
# An example hook script to check the commit log message.
# Called by "git commit" with one argument, the name of the file
# that has the commit message.  The hook should exit with non-zero
# status after issuing an appropriate message if it wants to stop the
# commit.  The hook is allowed to edit the commit message file.
#
# To enable this hook, rename this file to "commit-msg".

# Uncomment the below to add a Signed-off-by line to the message.
# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
# hook is more suited to it.
#
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

# This example catches duplicate Signed-off-by lines.

test "" = "$(grep '^Signed-off-by: ' "$1" |
	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
	echo >&2 Duplicate Signed-off-by lines.
	exit 1
}

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/post-update.sample version [b614c2f63d].

















>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
#!/bin/sh
#
# An example hook script to prepare a packed repository for use over
# dumb transports.
#
# To enable this hook, rename this file to "post-update".

exec git update-server-info

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/pre-applypatch.sample version [42fa415649].





























>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/bin/sh
#
# An example hook script to verify what is about to be committed
# by applypatch from an e-mail message.
#
# The hook should exit with non-zero status after issuing an
# appropriate message if it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-applypatch".

. git-sh-setup
test -x "$GIT_DIR/hooks/pre-commit" &&
	exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"}
:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/pre-commit.sample version [36aed8976d].



































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/sh
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments.  The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-commit".

if git rev-parse --verify HEAD >/dev/null 2>&1
then
	against=HEAD
else
	# Initial commit: diff against an empty tree object
	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi

# If you want to allow non-ASCII filenames set this variable to true.
allownonascii=$(git config --bool hooks.allownonascii)

# Redirect output to stderr.
exec 1>&2

# Cross platform projects tend to avoid non-ASCII filenames; prevent
# them from being added to the repository. We exploit the fact that the
# printable range starts at the space character and ends with tilde.
if [ "$allownonascii" != "true" ] &&
	# Note that the use of brackets around a tr range is ok here, (it's
	# even required, for portability to Solaris 10's /usr/bin/tr), since
	# the square bracket bytes happen to fall in the designated range.
	test $(git diff --cached --name-only --diff-filter=A -z $against |
	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
then
	cat <<\EOF
Error: Attempt to add a non-ASCII file name.

This can cause problems if you want to work with people on other platforms.

To be portable it is advisable to rename the file.

If you know what you are doing you can disable this check using:

  git config hooks.allownonascii true
EOF
	exit 1
fi

# If there are whitespace errors, print the offending file names and fail.
exec git diff-index --check --cached $against --

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/pre-push.sample version [b4ad74c989].













































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/sh

# An example hook script to verify what is about to be pushed.  Called by "git
# push" after it has checked the remote status, but before anything has been
# pushed.  If this script exits with a non-zero status nothing will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>
#
# This sample shows how to prevent push of commits where the log message starts
# with "WIP" (work in progress).

remote="$1"
url="$2"

z40=0000000000000000000000000000000000000000

IFS=' '
while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi

		# Check for WIP commit
		commit=`git rev-list -n 1 --grep '^WIP' "$range"`
		if [ -n "$commit" ]
		then
			echo "Found WIP commit in $local_ref, not pushing"
			exit 1
		fi
	fi
done

exit 0

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/pre-rebase.sample version [5885a56ab4].



















































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/bin/sh
#
# Copyright (c) 2006, 2008 Junio C Hamano
#
# The "pre-rebase" hook is run just before "git rebase" starts doing
# its job, and can prevent the command from running by exiting with
# non-zero status.
#
# The hook is called with the following parameters:
#
# $1 -- the upstream the series was forked from.
# $2 -- the branch being rebased (or empty when rebasing the current branch).
#
# This sample shows how to prevent topic branches that are already
# merged to 'next' branch from getting rebased, because allowing it
# would result in rebasing already published history.

publish=next
basebranch="$1"
if test "$#" = 2
then
	topic="refs/heads/$2"
else
	topic=`git symbolic-ref HEAD` ||
	exit 0 ;# we do not interrupt rebasing detached HEAD
fi

case "$topic" in
refs/heads/??/*)
	;;
*)
	exit 0 ;# we do not interrupt others.
	;;
esac

# Now we are dealing with a topic branch being rebased
# on top of master.  Is it OK to rebase it?

# Does the topic really exist?
git show-ref -q "$topic" || {
	echo >&2 "No such branch $topic"
	exit 1
}

# Is topic fully merged to master?
not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
if test -z "$not_in_master"
then
	echo >&2 "$topic is fully merged to master; better remove it."
	exit 1 ;# we could allow it, but there is no point.
fi

# Is topic ever merged to next?  If so you should not be rebasing it.
only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
only_next_2=`git rev-list ^master           ${publish} | sort`
if test "$only_next_1" = "$only_next_2"
then
	not_in_topic=`git rev-list "^$topic" master`
	if test -z "$not_in_topic"
	then
		echo >&2 "$topic is already up-to-date with master"
		exit 1 ;# we could allow it, but there is no point.
	else
		exit 0
	fi
else
	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
	/usr/bin/perl -e '
		my $topic = $ARGV[0];
		my $msg = "* $topic has commits already merged to public branch:\n";
		my (%not_in_next) = map {
			/^([0-9a-f]+) /;
			($1 => 1);
		} split(/\n/, $ARGV[1]);
		for my $elem (map {
				/^([0-9a-f]+) (.*)$/;
				[$1 => $2];
			} split(/\n/, $ARGV[2])) {
			if (!exists $not_in_next{$elem->[0]}) {
				if ($msg) {
					print STDERR $msg;
					undef $msg;
				}
				print STDERR " $elem->[1]\n";
			}
		}
	' "$topic" "$not_in_next" "$not_in_master"
	exit 1
fi

exit 0

################################################################

This sample hook safeguards topic branches that have been
published from being rewound.

The workflow assumed here is:

 * Once a topic branch forks from "master", "master" is never
   merged into it again (either directly or indirectly).

 * Once a topic branch is fully cooked and merged into "master",
   it is deleted.  If you need to build on top of it to correct
   earlier mistakes, a new topic branch is created by forking at
   the tip of the "master".  This is not strictly necessary, but
   it makes it easier to keep your history simple.

 * Whenever you need to test or publish your changes to topic
   branches, merge them into "next" branch.

The script, being an example, hardcodes the publish branch name
to be "next", but it is trivial to make it configurable via
$GIT_DIR/config mechanism.

With this workflow, you would want to know:

(1) ... if a topic branch has ever been merged to "next".  Young
    topic branches can have stupid mistakes you would rather
    clean up before publishing, and things that have not been
    merged into other branches can be easily rebased without
    affecting other people.  But once it is published, you would
    not want to rewind it.

(2) ... if a topic branch has been fully merged to "master".
    Then you can delete it.  More importantly, you should not
    build on top of it -- other people may already want to
    change things related to the topic as patches against your
    "master", so if you need further changes, it is better to
    fork the topic (perhaps with the same name) afresh from the
    tip of "master".

Let's look at this example:

		   o---o---o---o---o---o---o---o---o---o "next"
		  /       /           /           /
		 /   a---a---b A     /           /
		/   /               /           /
	       /   /   c---c---c---c B         /
	      /   /   /             \         /
	     /   /   /   b---b C     \       /
	    /   /   /   /             \     /
    ---o---o---o---o---o---o---o---o---o---o---o "master"


A, B and C are topic branches.

 * A has one fix since it was merged up to "next".

 * B has finished.  It has been fully merged up to "master" and "next",
   and is ready to be deleted.

 * C has not merged to "next" at all.

We would want to allow C to be rebased, refuse A, and encourage
B to be deleted.

To compute (1):

	git rev-list ^master ^topic next
	git rev-list ^master        next

	if these match, topic has not merged in next at all.

To compute (2):

	git rev-list master..topic

	if this is empty, it is fully merged to "master".

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/prepare-commit-msg.sample version [2b6275eda3].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh
#
# An example hook script to prepare the commit log message.
# Called by "git commit" with the name of the file that has the
# commit message, followed by the description of the commit
# message's source.  The hook's purpose is to edit the commit
# message file.  If the hook fails with a non-zero status,
# the commit is aborted.
#
# To enable this hook, rename this file to "prepare-commit-msg".

# This hook includes three examples.  The first comments out the
# "Conflicts:" part of a merge commit.
#
# The second includes the output of "git diff --name-status -r"
# into the message, just before the "git status" output.  It is
# commented because it doesn't cope with --amend or with squashed
# commits.
#
# The third example adds a Signed-off-by line to the message, that can
# still be edited.  This is rarely a good idea.

case "$2,$3" in
  merge,)
    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;

# ,|template,)
#   /usr/bin/perl -i.bak -pe '
#      print "\n" . `git diff --cached --name-status -r`
#	 if /^#/ && $first++ == 0' "$1" ;;

  *) ;;
esac

# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/hooks/update.sample version [39355a0759].

































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/bin/sh
#
# An example hook script to blocks unannotated tags from entering.
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
#
# To enable this hook, rename this file to "update".
#
# Config
# ------
# hooks.allowunannotated
#   This boolean sets whether unannotated tags will be allowed into the
#   repository.  By default they won't be.
# hooks.allowdeletetag
#   This boolean sets whether deleting tags will be allowed in the
#   repository.  By default they won't be.
# hooks.allowmodifytag
#   This boolean sets whether a tag may be modified after creation. By default
#   it won't be.
# hooks.allowdeletebranch
#   This boolean sets whether deleting branches will be allowed in the
#   repository.  By default they won't be.
# hooks.denycreatebranch
#   This boolean sets whether remotely creating branches will be denied
#   in the repository.  By default this is allowed.
#

# --- Command line
refname="$1"
oldrev="$2"
newrev="$3"

# --- Safety check
if [ -z "$GIT_DIR" ]; then
	echo "Don't run this script from the command line." >&2
	echo " (if you want, you could supply GIT_DIR then run" >&2
	echo "  $0 <ref> <oldrev> <newrev>)" >&2
	exit 1
fi

if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
	exit 1
fi

# --- Config
allowunannotated=$(git config --bool hooks.allowunannotated)
allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
denycreatebranch=$(git config --bool hooks.denycreatebranch)
allowdeletetag=$(git config --bool hooks.allowdeletetag)
allowmodifytag=$(git config --bool hooks.allowmodifytag)

# check for no description
projectdesc=$(sed -e '1q' "$GIT_DIR/description")
case "$projectdesc" in
"Unnamed repository"* | "")
	echo "*** Project description file hasn't been set" >&2
	exit 1
	;;
esac

# --- Check types
# if $newrev is 0000...0000, it's a commit to delete a ref.
zero="0000000000000000000000000000000000000000"
if [ "$newrev" = "$zero" ]; then
	newrev_type=delete
else
	newrev_type=$(git cat-file -t $newrev)
fi

case "$refname","$newrev_type" in
	refs/tags/*,commit)
		# un-annotated tag
		short_refname=${refname##refs/tags/}
		if [ "$allowunannotated" != "true" ]; then
			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
			exit 1
		fi
		;;
	refs/tags/*,delete)
		# delete tag
		if [ "$allowdeletetag" != "true" ]; then
			echo "*** Deleting a tag is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/tags/*,tag)
		# annotated tag
		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
		then
			echo "*** Tag '$refname' already exists." >&2
			echo "*** Modifying a tag is not allowed in this repository." >&2
			exit 1
		fi
		;;
	refs/heads/*,commit)
		# branch
		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
			echo "*** Creating a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/heads/*,delete)
		# delete branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/remotes/*,commit)
		# tracking branch
		;;
	refs/remotes/*,delete)
		# delete tracking branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	*)
		# Anything else (is there anything else?)
		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
		exit 1
		;;
esac

# --- Finished
exit 0

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/index version [61de8fb1cd].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/info/exclude version [c879df015d].













>
>
>
>
>
>
1
2
3
4
5
6
# git ls-files --others --exclude-from=.git/info/exclude
# Lines that start with '#' are comments.
# For a project mostly in C, the following would be a good set of
# exclude patterns (uncomment them if you want to use them):
# *.[oa]
# *~

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/logs/HEAD version [7f58ad4425].



>
1
0000000000000000000000000000000000000000 2b9677bd2d15077766db70bfedb0a30d4994f8c3 Martin Vahi <martin.vahi@softf1.com> 1483805513 +0200	clone: from https://github.com/SpotComms/FirejailProfileGenerator.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/logs/refs/heads/master version [7f58ad4425].



>
1
0000000000000000000000000000000000000000 2b9677bd2d15077766db70bfedb0a30d4994f8c3 Martin Vahi <martin.vahi@softf1.com> 1483805513 +0200	clone: from https://github.com/SpotComms/FirejailProfileGenerator.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/logs/refs/remotes/origin/HEAD version [7f58ad4425].



>
1
0000000000000000000000000000000000000000 2b9677bd2d15077766db70bfedb0a30d4994f8c3 Martin Vahi <martin.vahi@softf1.com> 1483805513 +0200	clone: from https://github.com/SpotComms/FirejailProfileGenerator.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/objects/pack/pack-4b99bb7c29ab18ab669f8b2f3e80b8fea0bccad3.idx version [150a41f830].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/objects/pack/pack-4b99bb7c29ab18ab669f8b2f3e80b8fea0bccad3.pack version [eb481ee048].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/packed-refs version [856280a965].





>
>
1
2
# pack-refs with: peeled fully-peeled 
2b9677bd2d15077766db70bfedb0a30d4994f8c3 refs/remotes/origin/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/refs/heads/master version [6f398a6d88].



>
1
2b9677bd2d15077766db70bfedb0a30d4994f8c3

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.git/refs/remotes/origin/HEAD version [d9427cda09].



>
1
ref: refs/remotes/origin/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/.gitignore version [c33884853d].









>
>
>
>
1
2
3
4
bin
.settings
.classpath
.project

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/Firejail_Config.xml version [b4a9b7b5cd].









































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
<!--	This file is part of FirejailProfileGenerator.
  
	FirejailProfileGenerator is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 2 of the License, or
	(at your option) any later version.

	FirejailProfileGenerator is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with FirejailProfileGenerator.  If not, see <http://www.gnu.org/licenses/>.
-->

<applications>

	<application>
		<name>default</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<genoptions>nodevel</genoptions>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>generic-5</name>
		<aliases>audacious # clementine # corebird</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>defaultw</name>
		<aliases>gnome-contacts # gnome-clocks # gnome-calendar # gnome-calculator # pithos # gnome-characters</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>defaultnd</name>
		<aliases>pdfsam</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<application>
		<name>server</name>
		<mode>blacklist</mode>
		<options>private # private-dev # nosound # private-tmp # seccomp # no3d</options>
		<genoptions>nodevel</genoptions>
		<noblacklistexplicit>/sbin # /usr/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>snap</name>
		<mode>blacklist</mode>
		<options>caps.keep chown,sys_admin</options>
		<genoptions>nodevel</genoptions>
		<paths>${HOME}/snap # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>generic-13</name>
		<aliases>less # strings</aliases>
		<mode>blacklist</mode>
		<options>quiet # tracelog # net none # shell none # private-dev # nosound # caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<application>
		<name>generic-compression</name>
		<aliases>tar # gtar # unrar # gzip # unzip # xz # xzdec # 7z</aliases>
		<mode>blacklist</mode>
		<options>quiet # tracelog # net none # shell none # private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,unrar,unzip,xzdec,7z # private-dev # private-etc passwd,group,localtime # hostname tar # nosound # caps.drop all # netfilter # nonewprivs # protocol unix,inet,inet6 # seccomp # no3d</options>
		<noblacklistexplicit>/sbin # /usr/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>0ad</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-dev # private-tmp</options>
		<paths>${HOME}/.cache/0ad # ${HOME}/.config/0ad # ${HOME}/.local/share/0ad</paths>
	</application>

	<application>
		<name>atril</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # nogroups # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-bin atril, atril-previewer, atril-thumbnailer # private-dev # private-tmp</options>
		<paths>${HOME}/.config/atril</paths>
	</application>

	<application>
		<name>audacity</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix # seccomp # shell none # tracelog # private-bin audacity # private-dev # private-tmp</options>
		<paths>${HOME}/.audacity-data</paths>
	</application>

	<application>
		<name>aweather</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin aweather # private-dev # private-tmp</options>
		<paths>${HOME}/.config/aweather</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>bitlbee</name>
		<mode>blacklist</mode>
		<options>netfilter # nonewprivs # private # private-dev # protocol unix,inet,inet6 # seccomp # nosound # read-write /var/lib/bitlbee</options>
		<noblacklistexplicit>/sbin # /usr/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>brave</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp</options>
		<paths>${HOME}/.config/brave # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>cherrytree</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nosound # seccomp # protocol unix,inet,inet6,netlink # tracelog</options>
		<noblacklistexplicit>/usr/bin/python2* # /usr/bin/python3*</noblacklistexplicit>
		<paths>${HOME}/.config/cherrytree</paths>
	</application>

	<application>
		<name>chromium</name>
		<aliases>chromium-browser</aliases>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/chromium # ${HOME}/.cache/chromium # ${HOME}/.pki</paths>
		<files>${HOME}/.config/chromium-flags.conf</files>
	</application>

	<application>
		<name>chromium-dev</name>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/chromium-dev # ${HOME}/.cache/chromium-dev # ${HOME}/.pki</paths>
		<files>${HOME}/.config/chromium-flags.conf</files>
	</application>

	<application>
		<name>cmus</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # private-bin cmus # private-etc group # shell none</options>
		<paths>${HOME}/.config/cmus</paths>
	</application>

	<application>
		<name>deadbeef</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/deadbeef</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>deluge</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # private-tmp # protocol unix,inet,inet6 # seccomp # shell none # private-dev # nosound</options>
		<genoptions>nodevel</genoptions>
	</application>

	<application>
		<name>dillo</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # tracelog</options>
		<paths>${HOME}/.dillo # ${HOME}/.fltk # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>dnscrypt-proxy</name>
		<mode>blacklist</mode>
		<options>no3d # private # private-dev # nosound # seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open</options>
		<noblacklistexplicit>/sbin # /usr/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>mumble</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin mumble # private-tmp</options>
		<paths>${HOME}/.config/Mumble # ${HOME}/.local/share/data/Mumble # ${HOME}/.local/share/Mumble</paths>
	</application>

	<application>
		<name>multimc5</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6</options>
		<paths>${HOME}/.multimc5 # ${HOME}/.local/share/multimc5</paths>
	</application>

	<application>
		<name>eog</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nogroups # protocol unix # seccomp # shell none # private-bin eog # private-dev # private-etc fonts # private-tmp # nosound</options>
		<paths>${HOME}/.config/eog # ${HOME}/.cache/champlain</paths>
	</application>

	<application>
		<name>atom</name>
		<aliases>atom-beta</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # nosound # protocol unix,inet,inet6,netlink # seccomp # shell none # private-dev # private-tmp</options>
		<genoptions>nodevel</genoptions>
		<paths>${HOME}/.atom # ${HOME}/.config/Atom</paths>
	</application>

	<application>
		<name>libreoffice</name>
		<aliases>localc # lodraw # loffice # lofromtemplate # loimpress # lomath # loweb # lowriter # soffice</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # net none # nogroups # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # tracelog # private-dev</options>
		<paths>${HOME}/.config/libreoffice</paths>
		<noblacklistexplicit>/usr/local/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>dnsmasq</name>
		<mode>blacklist</mode>
		<options>no3d # caps # netfilter # nonewprivs # private # private-dev # nosound # protocol unix,inet,inet6,netlink # seccomp</options>
		<noblacklistexplicit>/sbin # /usr/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>dosbox</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin dosbox # private-dev # private-tmp</options>
		<paths>${HOME}/.dosbox</paths>
	</application>

	<application>
		<name>dropbox</name>
		<mode>whitelist</mode>
		<options>caps.drop all # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/autostart # ${HOME}/Dropbox # ${HOME}/.dropbox-dist</paths>
		<files>${HOME}/.config/autostart/dropbox.desktop</files>
	</application>

	<application>
		<name>eom</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-bin eom # private-dev # private-tmp</options>
		<paths>${HOME}/.config/mate/eom</paths>
	</application>

	<application>
		<name>epiphany</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/epiphany # ${HOME}/.cache/epiphany # ${HOME}/.local/share/epiphany # ${DOWNLOADS}</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>evince</name>
		<mode>blacklist</mode>
		<options>netfilter # caps.drop all # nonewprivs # nogroups # noroot # nosound # protocol unix # seccomp # shell none # private-etc fonts # private-bin evince,evince-previewer,evince-thumbnailer # private-dev # tracelog</options>
	</application>

	<application>
		<name>fbreader</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # private-tmp # private-bin fbreader,FBReader # private-dev # nosound</options>
		<paths>${HOME}/.FBReader</paths>
	</application>

	<application>
		<name>file</name>
		<mode>blacklist</mode>
		<options>no3d # private-tmp # quiet # tracelog # net none # shell none # private-bin file # private-dev # private-etc magic.mgc,magic,localtime # hostname file # nosound # caps.drop all # netfilter # nonewprivs # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<application>
		<name>filezilla</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # private-tmp # private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp # private-dev # nosound</options>
		<paths>${HOME}/.filezilla # ${HOME}/.config/filezilla</paths>
	</application>

	<application>
		<name>firefox</name>
		<aliases>firefox-esr # iceweasel</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog # private-dev # private-tmp</options>
		<paths>${DOWNLOADS} # ${HOME}/.mozilla # ${HOME}/.cache/mozilla # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>icecat</name>
		<aliases>icecat-launcher</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.mozilla # ${HOME}/.cache/mozilla # ${HOME}/.pki </paths>
	</application>

	<application>
		<name>seamonkey</name>
		<aliases>seamonkey-bin</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.mozilla/seamonkey # ${HOME}/.cache/mozilla # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>abrowser</name>
		<aliases></aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.mozilla # ${HOME}/.cache/mozilla # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>cyberfox</name>
		<aliases>Cyberfox</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.pki # ${HOME}/.8pecxstudios # ${HOME}/.cache/8pecxstudios</paths>
	</application>

	<application>
		<name>palemoon</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.pki # ${HOME}/.moonchild productions # ${HOME}/.cache/moonchild productions</paths>
	</application>

	<application>
		<name>conkeror</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.pki # ${HOME}/.conkeror.mozdev.org </paths>
	</application>

	<application>
		<name>thunderbird</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.mozilla # ${HOME}/.cache/mozilla # ${HOME}/.pki # ${HOME}/.gnupg # ${HOME}/.thunderbird # ${HOME}/.cache/thunderbird</paths>
	</application>

	<application>
		<name>icedove</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${DOWNLOADS} # ${HOME}/.mozilla # ${HOME}/.cache/mozilla # ${HOME}/.pki # ${HOME}/.gnupg # ${HOME}/.icedove # ${HOME}/.cache/icedove</paths>
	</application>

	<application>
		<name>slimjet</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/slimjet # ${HOME}/.cache/slimjet # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>franz</name>
		<mode>blacklist</mode>
		<options>caps.drop all # seccomp # protocol unix,inet,inet6,netlink # netfilter # #tracelog # nonewprivs # noroot</options>
		<paths>${HOME}/.config/Franz # ${HOME}/.cache/Franz # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>gitter</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6,netlink # seccomp # shell none # private-bin gitter # private-dev # private-tmp</options>
		<paths>${HOME}/.config/Gitter</paths>
	</application>

	<application>
		<name>gnome-chess</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-bin fairymax,gnome-chess,hoichess # private-dev # private-etc fonts,gnome-chess # private-tmp</options>
		<paths>${HOME}/.local/share/gnome-chess</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>gnome-mplayer</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # private-bin gnome-mplayer # private-dev # private-tmp</options>
	</application>

	<application>
		<name>google-chrome</name>
		<aliases>google-chrome-stable</aliases>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/google-chrome # ${HOME}/.cache/google-chrome # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>google-chrome-beta</name>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/google-chrome-beta # ${HOME}/.cache/google-chrome-beta # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>google-chrome-unstable</name>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/google-chrome-unstable # ${HOME}/.cache/google-chrome-unstable # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>google-play-music-desktop-player</name>
		<mode>whitelist</mode>
		<options>caps.drop all # nonewprivs # noroot # netfilter # protocol unix,inet,inet6,netlink # seccomp</options>
		<paths>${HOME}/.config/Google Play Music Desktop Player</paths>
	</application>

	<application>
		<name>gpredict</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin gpredict # private-etc fonts,resolv.conf # private-dev # private-tmp</options>
		<paths>${HOME}/.config/Gpredict</paths>
	</application>

	<application>
		<name>gthumb</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-bin gthumb # private-dev # private-tmp</options>
		<paths>${HOME}/.config/gthumb</paths>
	</application>

	<application>
		<name>gwenview</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # noroot # nogroups # private-dev # protocol unix # seccomp # nosound</options>
		<paths>${HOME}/.kde/share/apps/gwenview</paths>
		<files>${HOME}/.kde/share/config/gwenviewrc</files>
	</application>

	<application>
		<name>hedgewars</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # seccomp # tracelog # private-dev # private-tmp</options>
		<paths>${HOME}/.hedgewars</paths>
	</application>

	<application>
		<name>hexchat</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin hexchat # private-dev # private-tmp</options>
		<paths>${HOME}/.config/hexchat</paths>
	</application>

	<application>
		<name>gajim</name>
		<mode>whitelist</mode>
		<options>read-only ${HOME}/.local/lib/python2.7/site-packages # caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6 # seccomp # shell none # private-dev</options>
		<paths>${HOME}/.cache/gajim # ${HOME}/.local/share/gajim # ${HOME}/.config/gajim # ${DOWNLOADS} # ${HOME}/.local/lib/python2.7/site-packages</paths>
	</application>

	<application>
		<name>inox</name>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<genoptions>nodevel</genoptions>
		<paths>${DOWNLOADS} # ${HOME}/.config/inox # ${HOME}/.cache/inox # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>jitsi</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # nogroups # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-tmp</options>
		<paths>${HOME}/.jitsi</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>kmail</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog # private-dev</options>
		<paths>${HOME}/.gnupg</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>konversation</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nogroups # noroot # seccomp # protocol unix,inet,inet6 # private-tmp</options>
	</application>

	<application>
		<name>lxterminal</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # protocol unix,inet,inet6 # seccomp</options>
		<genoptions>nodevel</genoptions>
	</application>

	<application>
		<name>Mathematica</name>
		<aliases>mathematica</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # nonewprivs # noroot # seccomp</options>
		<paths>${HOME}/.Mathematica # ${HOME}/.Wolfram Research # ${HOME}/Documents/Wolfram Mathematica</paths>
	</application>

	<application>
		<name>mcabber</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol inet,inet6 # seccomp # private-bin mcabber # private-etc null # private-dev # shell none # nosound</options>
		<paths>${HOME}/.mcabber</paths>
		<files>${HOME}/.mcabberrc</files>
	</application>

	<application>
		<name>midori</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/midori # ${HOME}/.cache/midori # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>mpv</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # private-bin mpv,youtube-dl,python2.7</options>
		<paths>${HOME}/.config/mpv</paths>
	</application>

	<application>
		<name>mupen64plus</name>
		<mode>whitelist</mode>
		<options>caps.drop all # net none # nonewprivs # noroot # seccomp</options>
		<paths>${HOME}/.config/mupen64plus # ${HOME}/.local/share/mupen64plus</paths>
	</application>

	<application>
		<name>netsurf</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${HOME}/.config/netsurf # ${HOME}/.cache/netsurf # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>okular</name>
		<mode>blacklist</mode>
		<options>read-only ${HOME}/.kde/share/config/kdeglobals # caps.drop all # nonewprivs # nogroups # noroot # private-dev # protocol unix # seccomp # nosound</options>
		<paths>${HOME}/.kde/share/apps/okular</paths>
		<files>${HOME}/.kde/share/config/okularrc # ${HOME}/.kde/share/config/okularpartrc</files>
	</application>

	<application>
		<name>opera</name>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<paths>${HOME}/.opera # ${HOME}/.cache/opera # ${HOME}/.config/opera # ${DOWNLOADS} # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>opera-beta</name>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<paths>${HOME}/.opera-beta # ${HOME}/.cache/opera-beta # ${HOME}/.config/opera-beta # ${DOWNLOADS} # ${HOME}/.pki</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>parole</name>
		<mode>blacklist</mode>
		<options>private-etc passwd,group,fonts # private-bin parole,dbus-launch # caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none</options>
	</application>

	<application>
		<name>pidgin</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin pidgin # private-dev # private-tmp</options>
		<paths>${HOME}/.purple</paths>
	</application>

	<application>
		<name>pix</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # nogroups # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-bin pix # private-dev # private-tmp</options>
		<paths>${HOME}/.config/pix # ${HOME}/.local/share/pix</paths>
	</application>

	<application>
		<name>empathy</name>
		<mode>whitelist</mode>
		<options>caps.drop all # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # nogroups</options>
		<paths>${DOWNLOADS} # ${HOME}/.cache/champlain # ${HOME}/.local/share/Empathy # ${HOME}/.local/share/telepathy # ${HOME}/.local/share/TpLogger # ${HOME}/.config/telepathy-account-widgets # ${HOME}/.cache/telepathy # ${HOME}/.purple</paths>
	</application>

	<application>
		<name>polari</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${DOWNLOADS} # ${HOME}/.local/share/Empathy # ${HOME}/.local/share/telepathy # ${HOME}/.local/share/TpLogger # ${HOME}/.config/telepathy-account-widgets # ${HOME}/.cache/telepathy # ${HOME}/.purple</paths>
	</application>

	<application>
		<name>psi-plus</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${DOWNLOADS} # ${HOME}/.config/psi+ # ${HOME}/.local/share/psi+</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>qbittorrent</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # private-dev # nosound # private-tmp</options>
	</application>

	<application>
		<name>qtox</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin qtox # private-tmp</options>
		<paths>${HOME}/.config/tox # ${DOWNLOADS}</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>quassel</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # noroot # netfilter # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<application>
		<name>quiterss</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # private-bin quiterss # private-dev # nosound # protocol unix,inet,inet6 # seccomp # shell none # tracelog</options>
		<paths>${HOME}/.config/QuiteRss # ${HOME}/.config/QuiteRssrc # ${HOME}/.cache/QuiteRss # ${HOME}/.local/share/QuiteRss</paths>
		<files>${HOME}/quiterssfeeds.opml</files>
	</application>

	<application>
		<name>qutebrowser</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # tracelog</options>
		<paths>${HOME}/.config/qutebrowser # ${HOME}/.cache/qutebrowser # ${DOWNLOADS}</paths>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>rhythmbox</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin rhythmbox # private-dev # private-tmp</options>
	</application>

	<!--TODO ADD PATHS (EVEN IN BLACKLIST, IT PREVENTS OTHER FIREJAILED APPS FROM ACCESSING)-->
	<application>
		<name>rtorrent</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # private-bin rtorrent # private-dev # nosound # private-tmp</options>
	</application>

	<application>
		<name>skype</name>
		<mode>whitelist</mode>
		<options>noexec ${HOME}/ # noexec /tmp/ # caps.drop all # protocol inet,inet6,unix # seccomp # noroot # private-etc resolv.conf,hosts,fonts,pulse # private-bin skype,bash # ipc-namespace</options>
		<paths>${HOME}/.Skype # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>skypeforlinux</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # noroot # seccomp # protocol unix,inet,inet6,netlink</options>
		<genoptions>nodevel</genoptions>
		<paths>${HOME}/.config/skypeforlinux</paths>
	</application>

	<application>
		<name>slack</name>
		<mode>whitelist</mode>
		<options>protocol unix,inet,inet6,netlink # private-dev # private-tmp # private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime # name slack # blacklist /var # caps.drop all # seccomp # netfilter # nonewprivs # nogroups # noroot # shell none # private-bin slack</options>
		<paths>${HOME}/.config/Slack # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>spotify</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # shell none # private-bin spotify # private-etc fonts,machine-id,pulse,resolv.conf # private-dev # private-tmp # blacklist ${HOME}/.Xauthority # blacklist ${HOME}/.bashrc # blacklist /boot # blacklist /lost+found # blacklist /media # blacklist /mnt # blacklist /opt # blacklist /root # blacklist /sbin # blacklist /srv # blacklist /sys # blacklist /var</options>
		<paths>${HOME}/.config/spotify # ${HOME}/.cache/spotify # ${HOME}/.local/share/spotify</paths>
	</application>

	<application>
		<name>ssh</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # quiet</options>
		<paths>${HOME}/.ssh # /tmp/ssh-*</paths>
	</application>

	<!-- TODO ADD MORE GAMES AND CONVERT TO WHITELIST -->
	<application>
		<name>steam</name>
		<aliases>steam-native</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp</options>
		<paths>${HOME}/.steampath # ${HOME}/.steampid # ${HOME}/.steam # ${HOME}/.local/share/Steam # ${HOME}/.local/share/steam # ${HOME}/My Games # ${HOME}/.killingfloor # ${HOME}/.local/share/aspyr-media # ${HOME}/.local/share/feral-interactive # ${HOME}/.local/share/3909/PapersPlease # ${HOME}/.local/share/SuperHexagon # ${HOME}/.local/share/vulkan # ${HOME}/.local/share/vpltd # ${HOME}/.nv # ${HOME}/.local/share/Terraria # ${HOME}/.local/share/cdprojektred</paths>
	</application>

	<application>
		<name>stellarium</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6,netlink # seccomp # shell none # tracelog # private-bin stellarium # private-dev # private-tmp</options>
		<paths>${HOME}/.stellarium # ${HOME}/.config/stellarium</paths>
	</application>

	<application>
		<name>telegram</name>
		<aliases>Telegram</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.TelegramDesktop</paths>
	</application>

	<application>
		<name>totem</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nonewprivs # noroot # netfilter # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/totem # ${HOME}/.local/share/totem</paths>
	</application>

	<application>
		<name>transmission-cli</name>
		<aliases>transmission-qt # transmission-gtk</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-dev # private-tmp</options>
		<paths>${HOME}/.config/transmission # ${HOME}/.cache/transmission</paths>
	</application>

	<application>
		<name>uget-gtk</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # shell none # private-bin uget-gtk # private-dev # nosound # private-tmp</options>
		<paths>${HOME}/.config/uGet # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>unbound</name>
		<mode>blacklist</mode>
		<options>private # private-dev # nosound # seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open</options>
		<noblacklistexplicit>/sbin # /usr/sbin</noblacklistexplicit>
	</application>

	<application>
		<name>vivaldi</name>
		<aliases>vivaldi-beta</aliases>
		<mode>whitelist</mode>
		<options>netfilter</options>
		<paths>${DOWNLOADS} # ${HOME}/.config/vivaldi # ${HOME}/.cache/vivaldi # ${HOME}/.pki</paths>
	</application>

	<application>
		<name>vlc</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # shell none # private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc # private-dev # private-tmp</options>
		<paths>${HOME}/.config/vlc</paths>
	</application>

	<application>
		<name>warzone2100</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # protocol unix,inet,inet6,netlink # seccomp # shell none # tracelog # private-bin warzone2100 # private-dev # private-tmp</options>
		<paths>${HOME}/.warzone2100-3.1</paths>
	</application>

	<application>
		<name>weechat</name>
		<aliases>weechat-curses</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.weechat</paths>
	</application>

	<application>
		<name>wesnoth</name>
		<mode>whitelist</mode>
		<options>caps.drop all # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # private-dev</options>
		<paths>${HOME}/.config/wesnoth # ${HOME}/.cache/wesnoth # ${HOME}/.local/share/wesnoth</paths>
	</application>

	<application>
		<name>wine</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # seccomp</options>
		<paths>${HOME}/.wine # ${HOME}/.wine64</paths>
	</application>

	<application>
		<name>xchat</name>
		<mode>whitelist</mode>
		<options>caps.drop all # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/xchat # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>xplayer</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer # private-dev # private-tmp</options>
		<paths>${HOME}/.config/xplayer # ${HOME}/.local/share/xplayer</paths>
	</application>

	<application>
		<name>xreader</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-bin xreader, xreader-previewer, xreader-thumbnailer # private-dev # private-tmp</options>
		<paths>${HOME}/.config/xreader # ${HOME}/.cache/xreader # ${HOME}/.local/share/xreader</paths>
	</application>

	<application>
		<name>xviewer</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # shell none # tracelog # private-dev # private-bin xviewer # private-tmp</options>
		<paths>${HOME}/.config/xviewer</paths>
	</application>

	<application>
		<name>uudeview</name>
		<mode>blacklist</mode>
		<options>quiet # tracelog # net none # shell none # private-bin uudeview # private-dev # private-etc nonexisting_fakefile_for_empty_etc # hostname uudeview # nosound # caps.drop all # netfilter # nonewprivs # protocol unix,inet,inet6 # seccomp</options>
	</application>

	<application>
		<name>teamspeak3</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.ts3client # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>linphone</name>
		<mode>whitelist</mode>
		<options>caps.drop all # noroot # seccomp</options>
		<paths>${DOWNLOADS}</paths>
		<files>${HOME}/.linphonerc # ${HOME}/.linphone-history.db</files>
	</application>

	<application>
		<name>mpd</name>
		<mode>blacklist</mode>
		<options>private-dev # private-bin mpd,bash # caps.drop all # noroot # seccomp</options>
		<files>${HOME}/.mpdconf</files>
	</application>

	<application>
		<name>openshot</name>
		<mode>blacklist</mode>
		<options>private-bin openshot,python # private-dev # noroot # protocol unix # shell none # seccomp # caps.drop all # nonewprivs # noroot</options>
		<paths>${HOME}/.openshot # ${HOME}/.openshot_qt</paths>
	</application>

	<application>
		<name>scribus</name>
		<mode>blacklist</mode>
		<options>private-bin scribus,gs # private-dev # noroot # protocol unix # shell none # seccomp # caps.drop all</options>
		<paths>${HOME}/.scribus</paths>
	</application>

	<application>
		<name>virtualbox</name>
		<mode>blacklist</mode>
		<options>caps.drop all</options>
		<paths>${HOME}/.config/VirtualBox # ${HOME}/.VirtualBox # ${HOME}/VirtualBox VMs</paths>
		<noblacklistexplicit>/dev/vboxdrv # /dev/vboxdrvu # /dev/vboxnetctl # /usr/bin/virtualbox</noblacklistexplicit>
	</application>

	<application>
		<name>gnome-2048</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.local/share/gnome-2048</paths>
	</application>

	<application>
		<name>gnome-maps</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.cache/champlain</paths>
		<files>${HOME}/.local/.share/maps-places.json</files>
	</application>

	<application>
		<name>gnome-music</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.local/share/gnome-music</paths>
	</application>

	<application>
		<name>lollypop</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.local/share/lollypop</paths>
	</application>

	<application>
		<name>gnome-weather</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.cache/libgweather</paths>
	</application>

	<application>
		<name>xonotic</name>
		<aliases>xonotic-sdl # xonotic-glx</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.xonotic</paths>
	</application>

	<application>
		<name>arduino</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/Arduino # ${HOME}/.arduino15</paths>
	</application>

	<application>
		<name>bless</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<paths>${HOME}/.config/bless</paths>
	</application>

	<application>
		<name>jd-gui</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<files>${HOME}/.config/jd-gui.cfg</files>
	</application>

	<application>
		<name>redshift</name>
		<aliases>redshift-gtk</aliases>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp</options>
		<files>${HOME}/.config/redshift.conf</files>
	</application>

	<application>
		<name>mupdf</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # netfilter # shell none # tracelog # private-bin mupdf,sh,tempfile,rm # private-tmp # private-dev # read-only ${HOME}</options>
	</application>

	<application>
		<name>qpdfview</name>
		<mode>blacklist</mode>
		<options>caps.drop all # ipc-namespace # net none # noexec ${HOME} # noexec /tmp # nogroups # nonewprivs # noroot # nosound # private-bin qpdfview # private-dev # private-etc fonts,X11,alternatives # private-tmp # protocol unix # </options>
		<paths>${HOME}/.config/qpdfview # ${HOME}/.local/share/qpdfview</paths>
	</application>

	<application>
		<name>luminance-hdr</name>
		<aliases>luminance-hdr-cli</aliases>
		<mode>blacklist</mode>
		<genoptions>nodevel</genoptions>
		<options>caps.drop all # ipc-namespace # net none # noexec ${HOME} # noexec /tmp # nogroups # noroot # nosound # private-bin luminance-hdr,luminance-hdr-cli,align_image_stack # private-dev # private-etc fonts,X11,alternatives # seccomp # shell none</options>
		<paths>${HOME}/.LuminanceHDR # ${HOME}/.config/Luminance</paths>
	</application>

	<application>
		<name>synfigstudio</name>
		<mode>blacklist</mode>
		<options>caps.drop all # ipc-namespace # net none # noexec ${HOME} # noexec /tmp # noroot # private-bin synfigstudio # private-dev # private-etc fonts,X11,synfig,synfig_modules.cfg # seccomp # shell none</options>
		<paths>${HOME}/.synfig</paths>
	</application>

	<application>
		<name>brackets</name>
		<mode>blacklist</mode>
		<options>private-bin bash,brackets,readlink,dirname,google-chrome,cat # private-dev</options>
		<noblacklistexplicit>/opt/brackets # /opt/google</noblacklistexplicit>
		<paths>${HOME}/.config/Brackets</paths>
	</application>

	<application>
		<name>gimp</name>
		<mode>blacklist</mode>
		<genoptions>nodevel</genoptions>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix # seccomp # private-dev # private-tmp # noexec ${HOME} # noexec /tmp # nogroups # nosound</options>
		<paths>${HOME}/.gimp*</paths>
	</application>

	<application>
		<name>inkscape</name>
		<mode>blacklist</mode>
		<genoptions>nodevel</genoptions>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix # seccomp # private-dev # private-tmp # noexec ${HOME} # noexec /tmp # nogroups # nosound</options>
		<paths>${HOME}/.inkscape</paths>
	</application>

	<application>
		<name>lmms</name>
		<mode>blacklist</mode>
		<options>private-dev # private-etc fonts,pulse # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nogroups # ipc-namespace</options>
		<files>${HOME}/.lmmsrc.xml</files>
	</application>

	<application>
		<name>cin</name>
		<mode>blacklist</mode>
		<options>caps.drop all # ipc-namespace # net none # noexec /home # noexec /tmp # nogroups # noroot # private-bin cin # private-dev # private-etc fonts,pulse # seccomp # shell none</options>
		<paths>${HOME}/.bcast5</paths>
	</application>

	<application>
		<name>feh</name>
		<mode>blacklist</mode>
		<options>caps.drop all # seccomp # protocol unix # netfilter # net none # nonewprivs # noroot # nogroups # nosound # shell none # private-bin feh # private-dev # private-etc feh # private-tmp</options>
	</application>

	<application>
		<name>zathura</name>
		<mode>blacklist</mode>
		<options>caps.drop all # seccomp # protocol unix # netfilter # nonewprivs # noroot # nogroups # nosound # net none # private-tmp # shell none # private-bin zathura # private-dev # private-etc fonts # whitelist /tmp/.X11-unix # read-only ~/ # read-write ~/.local/share/zathura/</options>
		<paths>${HOME}/.config/zathura # ${HOME}/.local/share/zathura</paths>
	</application>

	<application>
		<name>ranger</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # net none # nonewprivs # noroot # nogroups # protocol unix # seccomp # nosound # private-tmp # private-dev</options>
		<noblacklistexplicit>/usr/bin/perl # /usr/share/perl* # /usr/lib/perl*</noblacklistexplicit>
	</application>

	<application>
		<name>keepass</name>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # netfilter # shell none # private-tmp # private-dev</options>
		<paths>${HOME}/.config/keepass # ${HOME}/.keepass</paths>
	</application>

	<application>
		<name>keepassx</name>
		<aliases>keepassx2</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # nogroups # nonewprivs # noroot # nosound # protocol unix # seccomp # netfilter # shell none # private-tmp # private-dev </options>
		<paths>${HOME}/.config/keepassx # ${HOME}/.keepassx</paths>
	</application>

	<application>
		<name>calligra</name>
		<aliases>calligraauthor # calligraconverter # calligraflow # calligraplan # calligraplanwork # calligrasheets # calligrastage # calligrawords</aliases>
		<mode>blacklist</mode>
		<options>private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch # private-dev # private-etc fonts,passwd,alternatives,X11 # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nogroups # ipc-namespace</options>
		<noblacklistexplicit>/tmp/dbus_session_socket</noblacklistexplicit>
	</application>

	<application>
		<name>blender</name>
		<mode>blacklist</mode>
		<options>private-bin blender # private-dev # private-etc pulse # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nogroups # ipc-namespace</options>
		<paths>${HOME}/.config/blender</paths>
	</application>

	<application>
		<name>google-earth</name>
		<mode>whitelist</mode>
		<options>private-bin google-earth,sh,grep,sed,ls,dirname # private-dev # private-etc fonts,resolv.conf,X11,alternatives,pulse # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # noroot # nogroups # ipc-namespace</options>
		<paths>${HOME}/.googleearth/Cache/ # ${HOME}/.googleearth/Temp/ # ${HOME}/.config/Google</paths>
		<files>${HOME}/.googleearth/myplaces.kml # ${HOME}/.googleearth/myplaces.backup.kml</files>
	</application>

	<application>
		<name>flowblade</name>
		<mode>blacklist</mode>
		<options>private-bin python,flowblade # private-dev # private-etc pulse,fonts,alternatives,X11 # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nogroups # ipc-namespace # nonewprivs</options>
		<paths>${HOME}/.flowblade # ${HOME}/.config/flowblade</paths>
	</application>

	<application>
		<name>kdenlive</name>
		<mode>blacklist</mode>
		<options>private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper # private-dev # private-etc fonts,alternatives,X11,pulse,passwd # shell none # seccomp # caps.drop all # net none # noroot # nogroups</options>
		<noblacklistexplicit>/tmp/dbus_session_socket</noblacklistexplicit>
	</application>

	<application>
		<name>natron</name>
		<mode>blacklist</mode>
		<options>private-bin natron # private-etc fonts,X11,pulse # whitelist /tmp/.X11-unix/ # noexec ${HOME} # noexec /tmp # shell none # ipc-namespace</options>
		<paths>${HOME}/.Natron # ${HOME}/.cache/INRIA # ${HOME}/.config/INRIA</paths>
		<noblacklistexplicit>/opt/natron/</noblacklistexplicit>
	</application>

	<application>
		<name>darktable</name>
		<mode>blacklist</mode>
		<options>private-bin darktable # private-dev # private-etc fonts,X11,alternatives # noexec ${HOME} # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nosound # nogroups # ipc-namespace</options>
		<paths>${HOME}/.config/darktable # ${HOME}/.cache/darktable</paths>
	</application>

	<application>
		<name>zart</name>
		<mode>blacklist</mode>
		<options>private-bin zart,ffmpeg,melt,ffprobe,ffplay # private-etc fonts,X11 # private-dev # noexec ${HOME} # noexec /tmp # shell none # noroot # ipc-namespace # net none # seccomp # caps.drop all</options>
	</application>

	<application>
		<name>shotcut</name>
		<mode>blacklist</mode>
		<options>private-bin shotcut,melt,qmelt,nice # private-dev # private-etc X11,alternatives,pulse,fonts # noexec ${HOME} # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nogroups</options>
		<paths>${HOME}/.config/Meltytech</paths>
	</application>

	<application>
		<name>mutt</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # private-dev</options>
		<paths>${HOME}/.cache/mutt</paths>
		<files>${HOME}/.mutt # ${HOME}/.muttrc # ${DOWNLOADS}</files>
		<noblacklistexplicit>${HOME}/.mail # ${HOME}/.mailcap # ${HOME}/.gnupg</noblacklistexplicit>
	</application>

	<application>
		<name>claws-mail</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nogroups # nosound # protocol unix,inet,inet6 # seccomp # shell none # private-dev # private-tmp</options>
		<paths>${HOME}/.claws-mail # ${DOWNLOADS}</paths>
		<noblacklistexplicit>${HOME}/.signature # ${HOME}/.gnupg</noblacklistexplicit>
	</application>

	<application>
		<name>git</name>
		<mode>blacklist</mode>
		<options>quiet # caps.drop all # netfilter # nonewprivs # noroot # nogroups # nosound # protocol unix,inet,inet6 # seccomp # shell none # private-dev</options>
		<noblacklistexplicit>${HOME}/.gitconfig # ${HOME}/.ssh # ${HOME}/.gnupg</noblacklistexplicit>
	</application>

	<application>
		<name>ricochet</name>
		<mode>whitelist</mode>
		<options>private-bin ricochet,tor # private-dev # private-etc fonts,tor,X11,alternatives # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # noroot # nogroups # ipc-namespace</options>
		<paths>${HOME}/.local/share/Ricochet # ${DOWNLOADS}</paths>
	</application>

	<application>
		<name>xpdf</name>
		<mode>blacklist</mode>
		<options>caps.drop all # shell none # nonewprivs # noroot # protocol unix # seccomp # private-dev # private-tmp # net none</options>
		<files>${HOME}/.xpdfrc</files>
	</application>

	<application>
		<name>evolution</name>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # nogroups # protocol unix,inet,inet6 # seccomp # shell none # private-dev # private-tmp # nosound</options>
		<paths>${DOWNLOADS} # ${HOME}/.config/evolution # ${HOME}/.local/share/evolution # ${HOME}/.cache/evolution # ${HOME}/.pki # ${HOME}/.gnupg</paths>
	</application>

	<application>
		<name>ardour5</name>
		<aliases>ardour4</aliases>
		<mode>whitelist</mode>
		<options>blacklist /usr/local/bin # blacklist /boot # blacklist /media # blacklist /mnt # blacklist /opt # private-bin sh,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm # private-dev # private-etc pulse,X11,alternatives,ardour4,ardour5,fonts # private-tmp # noexec /home # noexec /tmp # shell none # seccomp # caps.drop all # net none # noroot # nogroups # ipc-namespace</options>
		<paths>${DOWNLOADS} # ${HOME}/Documents # ${HOME}/.config/ardour4 # ${HOME}/.config/ardour5 # ${HOME}/.lv2 # ${HOME}/.vst</paths>
	</application>

	<application>
		<name>torbrowser-launcher</name>
		<aliases>start-tor-browser</aliases>
		<mode>whitelist</mode>
		<options>blacklist /usr/local/bin # blacklist /boot # blacklist /media # blacklist /mnt # blacklist /opt # private-bin bash,grep,sed,tail,torbrowser-launcher,python,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,zenity,kdialog,xmessage,gxmessage,getconf,file,expr # whitelist /dev/dri # whitelist /dev/full # whitelist /dev/null # whitelist /dev/ptmx # whitelist /dev/pts # whitelist /dev/random # whitelist /dev/shm # whitelist /dev/snd # whitelist /dev/tty # whitelist /dev/urandom # whitelist /dev/video0 # whitelist /dev/zero # private-etc X11,alternatives,pulse,resolv.conf,fonts,ssl # private-tmp # noexec /tmp # shell none # seccomp # noroot # caps.drop all</options>
		<paths>${DOWNLOADS} # ${HOME}/.local/share/torbrowser # ${HOME}/.config/torbrowser # ${HOME}/.cache/torbrowser</paths>
	</application>

	<application>
		<name>xiphos</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nogroups # nonewprivs # noroot # nosound # protocol unix,inet,inet6 # seccomp # shell none # tracelog # private-bin xiphos # private-etc fonts,resolv.conf,sword # private-dev # private-tmp</options>
		<paths>${HOME}/.sword # ${HOME}/.xiphos</paths>
	</application>

	<application>
		<name>display</name>
		<mode>blacklist</mode>
		<options>caps.drop all # seccomp # protocol unix # netfilter # net none # nonewprivs # noroot # nogroups # nosound # shell none # x11 xorg # private-bin display  # private-tmp # private-dev # private-etc none # </options>
	</application>

	<application>
		<name>wire</name>
		<aliases>Wire</aliases>
		<mode>blacklist</mode>
		<options>caps.drop all # netfilter # nonewprivs # nogroups # noroot # protocol unix,inet,inet6,netlink # seccomp # shell none # private-tmp # private-dev</options>
		<paths>${DOWNLOADS} # ${HOME}/.config/Wire # ${HOME}/.config/wire</paths>
	</application>

	<application>
		<name>zoom</name>
		<mode>whitelist</mode>
		<options>caps.drop all # netfilter # nonewprivs # noroot # protocol unix,inet,inet6 # seccomp # private-tmp</options>
		<paths>${HOME}/.zoom</paths>
		<files>${HOME}/.config/zoomus.conf</files>
	</application>

</applications>

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/LICENSE version [dc8f2e570b].







































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

  The licenses for most software are designed to take away your
freedom to share and change it.  By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users.  This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it.  (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.)  You can apply it to
your programs, too.

  When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.

  To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.

  For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have.  You must make sure that they, too, receive or can get the
source code.  And you must show them these terms so they know their
rights.

  We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.

  Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software.  If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.

  Finally, any free program is threatened constantly by software
patents.  We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary.  To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.

  The precise terms and conditions for copying, distribution and
modification follow.

                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

  0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License.  The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language.  (Hereinafter, translation is included without limitation in
the term "modification".)  Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope.  The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.

  1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.

You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.

  2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:

    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.

    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.

    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole.  If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works.  But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

  3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for
making modifications to it.  For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable.  However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.

  4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License.  Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.

  5. You are not required to accept this License, since you have not
signed it.  However, nothing else grants you permission to modify or
distribute the Program or its derivative works.  These actions are
prohibited by law if you do not accept this License.  Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

  6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions.  You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.

  7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License.  If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all.  For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.

It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices.  Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.

This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.

  8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded.  In such case, this License incorporates
the limitation as if written in the body of this License.

  9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time.  Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number.  If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation.  If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

  10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission.  For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this.  Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.

                            NO WARRANTY

  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

                     END OF TERMS AND CONDITIONS

            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

  To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:

    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License.  Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary.  Here is a sample; alter the names:

  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.

  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs.  If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library.  If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/README.md version [1d83a26e09].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Firejail Profile Generator
==========

Goals
------
- Increase restrictions
- Reduce work needed by hand
- Streamline profiles
- Support more programs

End Goal
--------
- For the firejail project to perform what this program does internally

Profile Credits
-------
- Most profiles by [netblue30](https://github.com/netblue30/) and [Firejail contributors](https://raw.githubusercontent.com/netblue30/firejail/master/README) from https://github.com/netblue30/firejail/tree/master/etc
- Ardour 5, Blender, Brackets, Calligra, Cinelerra, Darktable, Flowblade, Gimp, Google Earth, InkScape, Kdenlive, LinPhone, LMMS, Luminance, mpd, OpenShot, Ricochet, Scribus, Shotcut, Skype, Synfig Studio, Tor Browser Bundle, VirtualBox by chiraag-nataraj from https://github.com/chiraag-nataraj/firejail-profiles
- TeamSpeak profile by melvinvermeeren from https://aur.archlinux.org/packages/firejail-profiles
- Natron, Zart profile by [triceratops1](https://github.com/triceratops1)
- Arduino, Bless, eog, Gnome 2048, Gnome Calculator, Gnome Calendar, Gnome Characters, Gnome Clocks, Gnome Contacts, Gnome Maps, Gnome Music, Gnome Weather, JD-GUI, Lollypop, MultiMC5, Mumble, PDFSam, Pithos, Redshift, Xonotic by SpotComms

Testing
-------
- See https://github.com/SpotComms/FirejailProfileGenerator/issues/1

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/.profile version [9ddc5a10fb].











>
>
>
>
>
1
2
3
4
5
#
#Profile for abrowser:
#

include /etc/firejail/abrowser.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/0ad.profile version [85d0b1feb4].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#
#Profile for 0ad
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/0ad
noblacklist ${HOME}/.config/0ad
noblacklist ${HOME}/.local/share/0ad

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.cache/0ad
whitelist ${HOME}/.cache/0ad
mkdir ${HOME}/.config/0ad
whitelist ${HOME}/.config/0ad
mkdir ${HOME}/.local/share/0ad
whitelist ${HOME}/.local/share/0ad
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/7z.profile version [506e9169d0].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:7z
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/Cyberfox.profile version [54b2c48afb].











>
>
>
>
>
1
2
3
4
5
#
#Profile for cyberfox:Cyberfox
#

include /etc/firejail/cyberfox.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/Mathematica.profile version [72121a72a1].



























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#
#Profile for Mathematica
#

#No Blacklist Paths
noblacklist ${HOME}/.Mathematica
noblacklist ${HOME}/.Wolfram Research
noblacklist ${HOME}/Documents/Wolfram Mathematica

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.Mathematica
whitelist ${HOME}/.Mathematica
mkdir ${HOME}/.Wolfram Research
whitelist ${HOME}/.Wolfram Research
mkdir ${HOME}/Documents/Wolfram Mathematica
whitelist ${HOME}/Documents/Wolfram Mathematica
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
nonewprivs
noroot
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/Telegram.profile version [be9c0772f3].











>
>
>
>
>
1
2
3
4
5
#
#Profile for telegram:Telegram
#

include /etc/firejail/telegram.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/Wire.profile version [1fbc169e34].











>
>
>
>
>
1
2
3
4
5
#
#Profile for wire:Wire
#

include /etc/firejail/wire.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/abrowser.profile version [261366625d].





































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#
#Profile for abrowser
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/mozilla
whitelist ${HOME}/.cache/mozilla
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/ardour4.profile version [4d4942fe6d].











>
>
>
>
>
1
2
3
4
5
#
#Profile for ardour5:ardour4
#

include /etc/firejail/ardour5.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/ardour5.profile version [7386f35fc6].







































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#
#Profile for ardour5
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/ardour4
noblacklist ${HOME}/.config/ardour5
noblacklist ${HOME}/.lv2
noblacklist ${HOME}/.vst
noblacklist ${HOME}/Documents

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/ardour4
whitelist ${HOME}/.config/ardour4
mkdir ${HOME}/.config/ardour5
whitelist ${HOME}/.config/ardour5
mkdir ${HOME}/.lv2
whitelist ${HOME}/.lv2
mkdir ${HOME}/.vst
whitelist ${HOME}/.vst
mkdir ${HOME}/Documents
whitelist ${HOME}/Documents
include /etc/firejail/whitelist-common.inc

#Options
blacklist /boot
blacklist /media
blacklist /mnt
blacklist /opt
blacklist /usr/local/bin
caps.drop all
ipc-namespace
net none
noexec /home
noexec /tmp
nogroups
noroot
private-bin sh,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
private-dev
private-etc pulse,X11,alternatives,ardour4,ardour5,fonts
private-tmp
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/arduino.profile version [78680b3ea1].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for arduino
#

#No Blacklist Paths
noblacklist ${HOME}/.arduino15
noblacklist ${HOME}/Arduino

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.arduino15
whitelist ${HOME}/.arduino15
mkdir ${HOME}/Arduino
whitelist ${HOME}/Arduino
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/atom-beta.profile version [d00d3134d6].











>
>
>
>
>
1
2
3
4
5
#
#Profile for atom:atom-beta
#

include /etc/firejail/atom.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/atom.profile version [43880e4604].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for atom
#

#No Blacklist Paths
noblacklist ${HOME}/.atom
noblacklist ${HOME}/.config/Atom

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/atril.profile version [2fb5690b0e].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for atril
#

#No Blacklist Paths
noblacklist ${HOME}/.config/atril

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin atril, atril-previewer, atril-thumbnailer
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/audacious.profile version [c13d44843e].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-5:audacious
#

include /etc/firejail/generic-5.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/audacity.profile version [c022f50f1f].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for audacity
#

#No Blacklist Paths
noblacklist ${HOME}/.audacity-data

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin audacity
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/aweather.profile version [d7e7892737].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for aweather
#

#No Blacklist Paths
noblacklist ${HOME}/.config/aweather

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/aweather
whitelist ${HOME}/.config/aweather
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin aweather
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/bitlbee.profile version [81091918de].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for bitlbee
#

#No Blacklist Explicit Paths
noblacklist /sbin
noblacklist /usr/sbin

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
netfilter
nonewprivs
nosound
private
private-dev
protocol unix,inet,inet6
read-write /var/lib/bitlbee
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/blender.profile version [27a4ebf8a7].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for blender
#

#No Blacklist Paths
noblacklist ${HOME}/.config/blender

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec /home
noexec /tmp
nogroups
noroot
private-bin blender
private-dev
private-etc pulse
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/bless.profile version [40694a6da6].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for bless
#

#No Blacklist Paths
noblacklist ${HOME}/.config/bless

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/brackets.profile version [1caa323ef0].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for brackets
#

#No Blacklist Explicit Paths
noblacklist /opt/brackets
noblacklist /opt/google

#No Blacklist Paths
noblacklist ${HOME}/.config/Brackets

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
private-bin bash,brackets,readlink,dirname,google-chrome,cat
private-dev

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/brave.profile version [729b70cbb0].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for brave
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/brave

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/brave
whitelist ${HOME}/.config/brave
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligra.profile version [975a10731a].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for calligra
#

#No Blacklist Explicit Paths
noblacklist /tmp/dbus_session_socket

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec /home
noexec /tmp
nogroups
noroot
private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch
private-dev
private-etc fonts,passwd,alternatives,X11
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligraauthor.profile version [b09a9be6c5].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligraauthor
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligraconverter.profile version [dbc4f5cb5b].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligraconverter
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligraflow.profile version [e5cf80a1a4].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligraflow
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligraplan.profile version [44f59077c7].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligraplan
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligraplanwork.profile version [b3bbbb4b11].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligraplanwork
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligrasheets.profile version [e3067e8e07].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligrasheets
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligrastage.profile version [4c31fe8dff].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligrastage
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/calligrawords.profile version [fb096bf70e].











>
>
>
>
>
1
2
3
4
5
#
#Profile for calligra:calligrawords
#

include /etc/firejail/calligra.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/cherrytree.profile version [97954faa51].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for cherrytree
#

#No Blacklist Explicit Paths
noblacklist /usr/bin/python2*
noblacklist /usr/bin/python3*

#No Blacklist Paths
noblacklist ${HOME}/.config/cherrytree

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/chromium-browser.profile version [d426da6af3].











>
>
>
>
>
1
2
3
4
5
#
#Profile for chromium:chromium-browser
#

include /etc/firejail/chromium.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/chromium-dev.profile version [a3cb8ea12e].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
#Profile for chromium-dev
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/chromium-dev
noblacklist ${HOME}/.config/chromium-dev
noblacklist ${HOME}/.pki
noblacklist ${HOME}/.config/chromium-flags.conf

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/chromium-dev
whitelist ${HOME}/.cache/chromium-dev
mkdir ${HOME}/.config/chromium-dev
whitelist ${HOME}/.config/chromium-dev
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
mkfile ${HOME}/.config/chromium-flags.conf
whitelist ${HOME}/.config/chromium-flags.conf
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/chromium.profile version [1d5e280758].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
#Profile for chromium
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/chromium
noblacklist ${HOME}/.config/chromium
noblacklist ${HOME}/.pki
noblacklist ${HOME}/.config/chromium-flags.conf

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/chromium
whitelist ${HOME}/.cache/chromium
mkdir ${HOME}/.config/chromium
whitelist ${HOME}/.config/chromium
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
mkfile ${HOME}/.config/chromium-flags.conf
whitelist ${HOME}/.config/chromium-flags.conf
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/cin.profile version [da66b6ecf9].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for cin
#

#No Blacklist Paths
noblacklist ${HOME}/.bcast5

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec /home
noexec /tmp
nogroups
noroot
private-bin cin
private-dev
private-etc fonts,pulse
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/claws-mail.profile version [bbec1ee8e5].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
#Profile for claws-mail
#

#No Blacklist Explicit Paths
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.signature

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.claws-mail

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/clementine.profile version [e0fcc34ca6].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-5:clementine
#

include /etc/firejail/generic-5.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/cmus.profile version [6908806660].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for cmus
#

#No Blacklist Paths
noblacklist ${HOME}/.config/cmus

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
private-bin cmus
private-etc group
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/conkeror.profile version [1e791df415].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for conkeror
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.conkeror.mozdev.org 
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.conkeror.mozdev.org 
whitelist ${HOME}/.conkeror.mozdev.org 
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/corebird.profile version [7cc912606e].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-5:corebird
#

include /etc/firejail/generic-5.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/cyberfox.profile version [44583f1c04].





































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#
#Profile for cyberfox
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.8pecxstudios
noblacklist ${HOME}/.cache/8pecxstudios
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.8pecxstudios
whitelist ${HOME}/.8pecxstudios
mkdir ${HOME}/.cache/8pecxstudios
whitelist ${HOME}/.cache/8pecxstudios
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/darktable.profile version [b999af2a15].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for darktable
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/darktable
noblacklist ${HOME}/.config/darktable

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec ${HOME}
noexec /tmp
nogroups
noroot
nosound
private-bin darktable
private-dev
private-etc fonts,X11,alternatives
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/deadbeef.profile version [e514c50825].







































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#
#Profile for deadbeef
#

#No Blacklist Paths
noblacklist ${HOME}/.config/deadbeef

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/default.profile version [e2e3d949f4].

































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#
#Profile for default
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/defaultnd.profile version [697e37d457].



































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#
#Profile for defaultnd
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/defaultw.profile version [bf0748db4f].







































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#
#Profile for defaultw
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/deluge.profile version [167a8a337d].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for deluge
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/dillo.profile version [d86b0b2b1f].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for dillo
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.dillo
noblacklist ${HOME}/.fltk

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.dillo
whitelist ${HOME}/.dillo
mkdir ${HOME}/.fltk
whitelist ${HOME}/.fltk
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/disable-programs.inc version [68792ffdbb].































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
blacklist ${HOME}/.8pecxstudios
blacklist ${HOME}/.FBReader
blacklist ${HOME}/.LuminanceHDR
blacklist ${HOME}/.Mathematica
blacklist ${HOME}/.Natron
blacklist ${HOME}/.Skype
blacklist ${HOME}/.TelegramDesktop
blacklist ${HOME}/.VirtualBox
blacklist ${HOME}/.Wolfram Research
blacklist ${HOME}/.arduino15
blacklist ${HOME}/.atom
blacklist ${HOME}/.audacity-data
blacklist ${HOME}/.bcast5
blacklist ${HOME}/.cache/0ad
blacklist ${HOME}/.cache/8pecxstudios
blacklist ${HOME}/.cache/Franz
blacklist ${HOME}/.cache/INRIA
blacklist ${HOME}/.cache/QuiteRss
blacklist ${HOME}/.cache/champlain
blacklist ${HOME}/.cache/chromium
blacklist ${HOME}/.cache/chromium-dev
blacklist ${HOME}/.cache/darktable
blacklist ${HOME}/.cache/epiphany
blacklist ${HOME}/.cache/evolution
blacklist ${HOME}/.cache/gajim
blacklist ${HOME}/.cache/google-chrome
blacklist ${HOME}/.cache/google-chrome-beta
blacklist ${HOME}/.cache/google-chrome-unstable
blacklist ${HOME}/.cache/icedove
blacklist ${HOME}/.cache/inox
blacklist ${HOME}/.cache/libgweather
blacklist ${HOME}/.cache/midori
blacklist ${HOME}/.cache/moonchild productions
blacklist ${HOME}/.cache/mozilla
blacklist ${HOME}/.cache/mutt
blacklist ${HOME}/.cache/netsurf
blacklist ${HOME}/.cache/opera
blacklist ${HOME}/.cache/opera-beta
blacklist ${HOME}/.cache/qutebrowser
blacklist ${HOME}/.cache/slimjet
blacklist ${HOME}/.cache/spotify
blacklist ${HOME}/.cache/telepathy
blacklist ${HOME}/.cache/thunderbird
blacklist ${HOME}/.cache/torbrowser
blacklist ${HOME}/.cache/transmission
blacklist ${HOME}/.cache/vivaldi
blacklist ${HOME}/.cache/wesnoth
blacklist ${HOME}/.cache/xreader
blacklist ${HOME}/.claws-mail
blacklist ${HOME}/.config/0ad
blacklist ${HOME}/.config/Atom
blacklist ${HOME}/.config/Brackets
blacklist ${HOME}/.config/Franz
blacklist ${HOME}/.config/Gitter
blacklist ${HOME}/.config/Google
blacklist ${HOME}/.config/Google Play Music Desktop Player
blacklist ${HOME}/.config/Gpredict
blacklist ${HOME}/.config/INRIA
blacklist ${HOME}/.config/Luminance
blacklist ${HOME}/.config/Meltytech
blacklist ${HOME}/.config/Mumble
blacklist ${HOME}/.config/QuiteRss
blacklist ${HOME}/.config/QuiteRssrc
blacklist ${HOME}/.config/Slack
blacklist ${HOME}/.config/VirtualBox
blacklist ${HOME}/.config/Wire
blacklist ${HOME}/.config/ardour4
blacklist ${HOME}/.config/ardour5
blacklist ${HOME}/.config/atril
blacklist ${HOME}/.config/autostart
blacklist ${HOME}/.config/autostart/dropbox.desktop
blacklist ${HOME}/.config/aweather
blacklist ${HOME}/.config/blender
blacklist ${HOME}/.config/bless
blacklist ${HOME}/.config/brave
blacklist ${HOME}/.config/cherrytree
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/chromium-dev
blacklist ${HOME}/.config/chromium-flags.conf
blacklist ${HOME}/.config/cmus
blacklist ${HOME}/.config/darktable
blacklist ${HOME}/.config/deadbeef
blacklist ${HOME}/.config/eog
blacklist ${HOME}/.config/epiphany
blacklist ${HOME}/.config/evolution
blacklist ${HOME}/.config/filezilla
blacklist ${HOME}/.config/flowblade
blacklist ${HOME}/.config/gajim
blacklist ${HOME}/.config/google-chrome
blacklist ${HOME}/.config/google-chrome-beta
blacklist ${HOME}/.config/google-chrome-unstable
blacklist ${HOME}/.config/gthumb
blacklist ${HOME}/.config/hexchat
blacklist ${HOME}/.config/inox
blacklist ${HOME}/.config/jd-gui.cfg
blacklist ${HOME}/.config/keepass
blacklist ${HOME}/.config/keepassx
blacklist ${HOME}/.config/libreoffice
blacklist ${HOME}/.config/mate/eom
blacklist ${HOME}/.config/midori
blacklist ${HOME}/.config/mpv
blacklist ${HOME}/.config/mupen64plus
blacklist ${HOME}/.config/netsurf
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/opera-beta
blacklist ${HOME}/.config/pix
blacklist ${HOME}/.config/psi+
blacklist ${HOME}/.config/qpdfview
blacklist ${HOME}/.config/qutebrowser
blacklist ${HOME}/.config/redshift.conf
blacklist ${HOME}/.config/skypeforlinux
blacklist ${HOME}/.config/slimjet
blacklist ${HOME}/.config/spotify
blacklist ${HOME}/.config/stellarium
blacklist ${HOME}/.config/telepathy-account-widgets
blacklist ${HOME}/.config/torbrowser
blacklist ${HOME}/.config/totem
blacklist ${HOME}/.config/tox
blacklist ${HOME}/.config/transmission
blacklist ${HOME}/.config/uGet
blacklist ${HOME}/.config/vivaldi
blacklist ${HOME}/.config/vlc
blacklist ${HOME}/.config/wesnoth
blacklist ${HOME}/.config/wire
blacklist ${HOME}/.config/xchat
blacklist ${HOME}/.config/xplayer
blacklist ${HOME}/.config/xreader
blacklist ${HOME}/.config/xviewer
blacklist ${HOME}/.config/zathura
blacklist ${HOME}/.config/zoomus.conf
blacklist ${HOME}/.conkeror.mozdev.org 
blacklist ${HOME}/.dillo
blacklist ${HOME}/.dosbox
blacklist ${HOME}/.dropbox-dist
blacklist ${HOME}/.filezilla
blacklist ${HOME}/.flowblade
blacklist ${HOME}/.fltk
blacklist ${HOME}/.gimp*
blacklist ${HOME}/.gnupg
blacklist ${HOME}/.googleearth/Cache/
blacklist ${HOME}/.googleearth/Temp/
blacklist ${HOME}/.googleearth/myplaces.backup.kml
blacklist ${HOME}/.googleearth/myplaces.kml
blacklist ${HOME}/.hedgewars
blacklist ${HOME}/.icedove
blacklist ${HOME}/.inkscape
blacklist ${HOME}/.jitsi
blacklist ${HOME}/.kde/share/apps/gwenview
blacklist ${HOME}/.kde/share/apps/okular
blacklist ${HOME}/.kde/share/config/gwenviewrc
blacklist ${HOME}/.kde/share/config/okularpartrc
blacklist ${HOME}/.kde/share/config/okularrc
blacklist ${HOME}/.keepass
blacklist ${HOME}/.keepassx
blacklist ${HOME}/.killingfloor
blacklist ${HOME}/.linphone-history.db
blacklist ${HOME}/.linphonerc
blacklist ${HOME}/.lmmsrc.xml
blacklist ${HOME}/.local/.share/maps-places.json
blacklist ${HOME}/.local/lib/python2.7/site-packages
blacklist ${HOME}/.local/share/0ad
blacklist ${HOME}/.local/share/3909/PapersPlease
blacklist ${HOME}/.local/share/Empathy
blacklist ${HOME}/.local/share/Mumble
blacklist ${HOME}/.local/share/QuiteRss
blacklist ${HOME}/.local/share/Ricochet
blacklist ${HOME}/.local/share/Steam
blacklist ${HOME}/.local/share/SuperHexagon
blacklist ${HOME}/.local/share/Terraria
blacklist ${HOME}/.local/share/TpLogger
blacklist ${HOME}/.local/share/aspyr-media
blacklist ${HOME}/.local/share/cdprojektred
blacklist ${HOME}/.local/share/data/Mumble
blacklist ${HOME}/.local/share/epiphany
blacklist ${HOME}/.local/share/evolution
blacklist ${HOME}/.local/share/feral-interactive
blacklist ${HOME}/.local/share/gajim
blacklist ${HOME}/.local/share/gnome-2048
blacklist ${HOME}/.local/share/gnome-chess
blacklist ${HOME}/.local/share/gnome-music
blacklist ${HOME}/.local/share/lollypop
blacklist ${HOME}/.local/share/multimc5
blacklist ${HOME}/.local/share/mupen64plus
blacklist ${HOME}/.local/share/pix
blacklist ${HOME}/.local/share/psi+
blacklist ${HOME}/.local/share/qpdfview
blacklist ${HOME}/.local/share/spotify
blacklist ${HOME}/.local/share/steam
blacklist ${HOME}/.local/share/telepathy
blacklist ${HOME}/.local/share/torbrowser
blacklist ${HOME}/.local/share/totem
blacklist ${HOME}/.local/share/vpltd
blacklist ${HOME}/.local/share/vulkan
blacklist ${HOME}/.local/share/wesnoth
blacklist ${HOME}/.local/share/xplayer
blacklist ${HOME}/.local/share/xreader
blacklist ${HOME}/.local/share/zathura
blacklist ${HOME}/.lv2
blacklist ${HOME}/.mcabber
blacklist ${HOME}/.mcabberrc
blacklist ${HOME}/.moonchild productions
blacklist ${HOME}/.mozilla
blacklist ${HOME}/.mozilla/seamonkey
blacklist ${HOME}/.mpdconf
blacklist ${HOME}/.multimc5
blacklist ${HOME}/.mutt
blacklist ${HOME}/.muttrc
blacklist ${HOME}/.nv
blacklist ${HOME}/.openshot
blacklist ${HOME}/.openshot_qt
blacklist ${HOME}/.opera
blacklist ${HOME}/.opera-beta
blacklist ${HOME}/.pki
blacklist ${HOME}/.pki 
blacklist ${HOME}/.purple
blacklist ${HOME}/.scribus
blacklist ${HOME}/.ssh
blacklist ${HOME}/.steam
blacklist ${HOME}/.steampath
blacklist ${HOME}/.steampid
blacklist ${HOME}/.stellarium
blacklist ${HOME}/.sword
blacklist ${HOME}/.synfig
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.ts3client
blacklist ${HOME}/.vst
blacklist ${HOME}/.warzone2100-3.1
blacklist ${HOME}/.weechat
blacklist ${HOME}/.wine
blacklist ${HOME}/.wine64
blacklist ${HOME}/.xiphos
blacklist ${HOME}/.xonotic
blacklist ${HOME}/.xpdfrc
blacklist ${HOME}/.zoom
blacklist ${HOME}/Arduino
blacklist ${HOME}/Documents/Wolfram Mathematica
blacklist ${HOME}/Dropbox
blacklist ${HOME}/My Games
blacklist ${HOME}/VirtualBox VMs
blacklist ${HOME}/quiterssfeeds.opml
blacklist ${HOME}/snap
blacklist /tmp/ssh-*
blacklist ${HOME}/.*coin
blacklist ${HOME}/.electrum*
blacklist ${HOME}/.gitconfig
blacklist ${HOME}/.git-credential-cache
blacklist ${HOME}/.msmtprc
blacklist ${HOME}/.mutt/muttrc
blacklist ${HOME}/.muttrc
blacklist ${HOME}/.retroshare
blacklist ${HOME}/.subversion
blacklist ${HOME}/.sylpheed-2.0
blacklist ${HOME}/.tconn
blacklist ${HOME}/wallet.dat
blacklist /tmp/ssh-*

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/display.profile version [292cdceb3f].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for display
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin display 
private-dev
private-etc none
private-tmp
protocol unix
seccomp
shell none
x11 xorg

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/dnscrypt-proxy.profile version [2806868847].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for dnscrypt-proxy
#

#No Blacklist Explicit Paths
noblacklist /sbin
noblacklist /usr/sbin

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
no3d
nosound
private
private-dev
seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/dnsmasq.profile version [1d4b2aa74b].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#
#Profile for dnsmasq
#

#No Blacklist Explicit Paths
noblacklist /sbin
noblacklist /usr/sbin

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps
netfilter
no3d
nonewprivs
nosound
private
private-dev
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/dosbox.profile version [454915ff28].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for dosbox
#

#No Blacklist Paths
noblacklist ${HOME}/.dosbox

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin dosbox
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/dropbox.profile version [a965a08198].



































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#
#Profile for dropbox
#

#No Blacklist Paths
noblacklist ${HOME}/.config/autostart
noblacklist ${HOME}/.dropbox-dist
noblacklist ${HOME}/Dropbox
noblacklist ${HOME}/.config/autostart/dropbox.desktop

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/autostart
whitelist ${HOME}/.config/autostart
mkdir ${HOME}/.dropbox-dist
whitelist ${HOME}/.dropbox-dist
mkdir ${HOME}/Dropbox
whitelist ${HOME}/Dropbox
mkfile ${HOME}/.config/autostart/dropbox.desktop
whitelist ${HOME}/.config/autostart/dropbox.desktop
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/empathy.profile version [1f7ebc2f73].



























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#
#Profile for empathy
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/champlain
noblacklist ${HOME}/.cache/telepathy
noblacklist ${HOME}/.config/telepathy-account-widgets
noblacklist ${HOME}/.local/share/Empathy
noblacklist ${HOME}/.local/share/TpLogger
noblacklist ${HOME}/.local/share/telepathy
noblacklist ${HOME}/.purple

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/champlain
whitelist ${HOME}/.cache/champlain
mkdir ${HOME}/.cache/telepathy
whitelist ${HOME}/.cache/telepathy
mkdir ${HOME}/.config/telepathy-account-widgets
whitelist ${HOME}/.config/telepathy-account-widgets
mkdir ${HOME}/.local/share/Empathy
whitelist ${HOME}/.local/share/Empathy
mkdir ${HOME}/.local/share/TpLogger
whitelist ${HOME}/.local/share/TpLogger
mkdir ${HOME}/.local/share/telepathy
whitelist ${HOME}/.local/share/telepathy
mkdir ${HOME}/.purple
whitelist ${HOME}/.purple
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/eog.profile version [1c580182c0].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for eog
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/champlain
noblacklist ${HOME}/.config/eog

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin eog
private-dev
private-etc fonts
private-tmp
protocol unix
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/eom.profile version [52cb6649dc].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for eom
#

#No Blacklist Paths
noblacklist ${HOME}/.config/mate/eom

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin eom
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/epiphany.profile version [9704e6005c].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for epiphany
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/epiphany
noblacklist ${HOME}/.config/epiphany
noblacklist ${HOME}/.local/share/epiphany

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/epiphany
whitelist ${HOME}/.cache/epiphany
mkdir ${HOME}/.config/epiphany
whitelist ${HOME}/.config/epiphany
mkdir ${HOME}/.local/share/epiphany
whitelist ${HOME}/.local/share/epiphany
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/evince.profile version [f7f30eca96].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#
#Profile for evince
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin evince,evince-previewer,evince-thumbnailer
private-dev
private-etc fonts
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/evolution.profile version [7dac8e01df].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
#Profile for evolution
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/evolution
noblacklist ${HOME}/.config/evolution
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.local/share/evolution
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/fbreader.profile version [c608be6d6e].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for fbreader
#

#No Blacklist Paths
noblacklist ${HOME}/.FBReader

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
private-bin fbreader,FBReader
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/feh.profile version [8a3ae26dcc].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for feh
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin feh
private-dev
private-etc feh
private-tmp
protocol unix
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/file.profile version [6cb25c3cbb].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for file
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
hostname file
net none
netfilter
no3d
nonewprivs
nosound
private-bin file
private-dev
private-etc magic.mgc,magic,localtime
private-tmp
protocol unix,inet,inet6
quiet
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/filezilla.profile version [6ec366ce82].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for filezilla
#

#No Blacklist Paths
noblacklist ${HOME}/.config/filezilla
noblacklist ${HOME}/.filezilla

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
nosound
private-bin filezilla,uname,sh,python,lsb_release,fzputtygen,fzsftp
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/firefox-esr.profile version [db23d465b0].











>
>
>
>
>
1
2
3
4
5
#
#Profile for firefox:firefox-esr
#

include /etc/firejail/firefox.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/firefox.profile version [72d64ea40e].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#
#Profile for firefox
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/mozilla
whitelist ${HOME}/.cache/mozilla
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/flowblade.profile version [6d26112e97].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for flowblade
#

#No Blacklist Paths
noblacklist ${HOME}/.config/flowblade
noblacklist ${HOME}/.flowblade

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec /home
noexec /tmp
nogroups
nonewprivs
noroot
private-bin python,flowblade
private-dev
private-etc pulse,fonts,alternatives,X11
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/franz.profile version [fc90103de6].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for franz
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/Franz
noblacklist ${HOME}/.config/Franz
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
#tracelog
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gajim.profile version [9bf7030365].

















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#
#Profile for gajim
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/gajim
noblacklist ${HOME}/.config/gajim
noblacklist ${HOME}/.local/lib/python2.7/site-packages
noblacklist ${HOME}/.local/share/gajim

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/gajim
whitelist ${HOME}/.cache/gajim
mkdir ${HOME}/.config/gajim
whitelist ${HOME}/.config/gajim
mkdir ${HOME}/.local/lib/python2.7/site-packages
whitelist ${HOME}/.local/lib/python2.7/site-packages
mkdir ${HOME}/.local/share/gajim
whitelist ${HOME}/.local/share/gajim
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-dev
protocol unix,inet,inet6
read-only ${HOME}/.local/lib/python2.7/site-packages
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/generic-13.profile version [bff53d6df7].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for generic-13
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
netfilter
nonewprivs
noroot
nosound
private-dev
protocol unix,inet,inet6
quiet
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/generic-5.profile version [24a33367e6].

































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#
#Profile for generic-5
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/generic-compression.profile version [3520c4dd80].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
#Profile for generic-compression
#

#No Blacklist Explicit Paths
noblacklist /sbin
noblacklist /usr/sbin

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
hostname tar
net none
netfilter
no3d
nonewprivs
nosound
private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,unrar,unzip,xzdec,7z
private-dev
private-etc passwd,group,localtime
protocol unix,inet,inet6
quiet
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gimp.profile version [6395c629c3].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for gimp
#

#No Blacklist Paths
noblacklist ${HOME}/.gimp*

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
noexec ${HOME}
noexec /tmp
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/git.profile version [a9de576e7f].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for git
#

#No Blacklist Explicit Paths
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.ssh

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
protocol unix,inet,inet6
quiet
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gitter.profile version [a3301d2992].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for gitter
#

#No Blacklist Paths
noblacklist ${HOME}/.config/Gitter

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin gitter
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-2048.profile version [0daadb6640].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for gnome-2048
#

#No Blacklist Paths
noblacklist ${HOME}/.local/share/gnome-2048

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.local/share/gnome-2048
whitelist ${HOME}/.local/share/gnome-2048
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-calculator.profile version [75f1611d86].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultw:gnome-calculator
#

include /etc/firejail/defaultw.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-calendar.profile version [c963101270].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultw:gnome-calendar
#

include /etc/firejail/defaultw.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-characters.profile version [9087576eb0].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultw:gnome-characters
#

include /etc/firejail/defaultw.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-chess.profile version [8c7d4cefa8].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for gnome-chess
#

#No Blacklist Paths
noblacklist ${HOME}/.local/share/gnome-chess

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin fairymax,gnome-chess,hoichess
private-dev
private-etc fonts,gnome-chess
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-clocks.profile version [12bc36935d].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultw:gnome-clocks
#

include /etc/firejail/defaultw.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-contacts.profile version [ca8be1beb5].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultw:gnome-contacts
#

include /etc/firejail/defaultw.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-maps.profile version [c947e993c9].











































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
#Profile for gnome-maps
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/champlain
noblacklist ${HOME}/.local/.share/maps-places.json

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-mplayer.profile version [ffa2e004d0].











































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
#Profile for gnome-mplayer
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
private-bin gnome-mplayer
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-music.profile version [0f20896a4b].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for gnome-music
#

#No Blacklist Paths
noblacklist ${HOME}/.local/share/gnome-music

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gnome-weather.profile version [f395060e27].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for gnome-weather
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/libgweather

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.cache/libgweather
whitelist ${HOME}/.cache/libgweather
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/google-chrome-beta.profile version [91732718b0].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for google-chrome-beta
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/google-chrome-beta
noblacklist ${HOME}/.config/google-chrome-beta
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/google-chrome-beta
whitelist ${HOME}/.cache/google-chrome-beta
mkdir ${HOME}/.config/google-chrome-beta
whitelist ${HOME}/.config/google-chrome-beta
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/google-chrome-stable.profile version [27d6a12352].











>
>
>
>
>
1
2
3
4
5
#
#Profile for google-chrome:google-chrome-stable
#

include /etc/firejail/google-chrome.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/google-chrome-unstable.profile version [adc7b8f5a7].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for google-chrome-unstable
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/google-chrome-unstable
noblacklist ${HOME}/.config/google-chrome-unstable
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/google-chrome-unstable
whitelist ${HOME}/.cache/google-chrome-unstable
mkdir ${HOME}/.config/google-chrome-unstable
whitelist ${HOME}/.config/google-chrome-unstable
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/google-chrome.profile version [1cf4bf6a27].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for google-chrome
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/google-chrome
noblacklist ${HOME}/.config/google-chrome
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/google-chrome
whitelist ${HOME}/.cache/google-chrome
mkdir ${HOME}/.config/google-chrome
whitelist ${HOME}/.config/google-chrome
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/google-earth.profile version [1fe7faddf0].





















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#
#Profile for google-earth
#

#No Blacklist Paths
noblacklist ${HOME}/.config/Google
noblacklist ${HOME}/.googleearth/Cache/
noblacklist ${HOME}/.googleearth/Temp/
noblacklist ${HOME}/.googleearth/myplaces.backup.kml
noblacklist ${HOME}/.googleearth/myplaces.kml

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/Google
whitelist ${HOME}/.config/Google
mkdir ${HOME}/.googleearth/Cache/
whitelist ${HOME}/.googleearth/Cache/
mkdir ${HOME}/.googleearth/Temp/
whitelist ${HOME}/.googleearth/Temp/
mkfile ${HOME}/.googleearth/myplaces.backup.kml
whitelist ${HOME}/.googleearth/myplaces.backup.kml
mkfile ${HOME}/.googleearth/myplaces.kml
whitelist ${HOME}/.googleearth/myplaces.kml
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
ipc-namespace
noexec /home
noexec /tmp
nogroups
noroot
private-bin google-earth,sh,grep,sed,ls,dirname
private-dev
private-etc fonts,resolv.conf,X11,alternatives,pulse
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/google-play-music-desktop-player.profile version [df546d405b].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for google-play-music-desktop-player
#

#No Blacklist Paths
noblacklist ${HOME}/.config/Google Play Music Desktop Player

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/Google Play Music Desktop Player
whitelist ${HOME}/.config/Google Play Music Desktop Player
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gpredict.profile version [09979e5822].



































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#
#Profile for gpredict
#

#No Blacklist Paths
noblacklist ${HOME}/.config/Gpredict

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/Gpredict
whitelist ${HOME}/.config/Gpredict
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin gpredict
private-dev
private-etc fonts,resolv.conf
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gtar.profile version [b3e9e58119].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:gtar
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gthumb.profile version [9070aa1ae0].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for gthumb
#

#No Blacklist Paths
noblacklist ${HOME}/.config/gthumb

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin gthumb
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gwenview.profile version [eae4a471fe].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for gwenview
#

#No Blacklist Paths
noblacklist ${HOME}/.kde/share/apps/gwenview
noblacklist ${HOME}/.kde/share/config/gwenviewrc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-dev
protocol unix
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/gzip.profile version [8a29a0d27a].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:gzip
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/hedgewars.profile version [1e21054bbb].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for hedgewars
#

#No Blacklist Paths
noblacklist ${HOME}/.hedgewars

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.hedgewars
whitelist ${HOME}/.hedgewars
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-dev
private-tmp
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/hexchat.profile version [94381b344f].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for hexchat
#

#No Blacklist Paths
noblacklist ${HOME}/.config/hexchat

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/hexchat
whitelist ${HOME}/.config/hexchat
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin hexchat
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/icecat-launcher.profile version [71205ab57a].











>
>
>
>
>
1
2
3
4
5
#
#Profile for icecat:icecat-launcher
#

include /etc/firejail/icecat.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/icecat.profile version [1c3825c109].





































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#
#Profile for icecat
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.pki 

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/mozilla
whitelist ${HOME}/.cache/mozilla
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
mkdir ${HOME}/.pki 
whitelist ${HOME}/.pki 
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/icedove.profile version [3288b45594].























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#
#Profile for icedove
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/icedove
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.icedove
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/icedove
whitelist ${HOME}/.cache/icedove
mkdir ${HOME}/.cache/mozilla
whitelist ${HOME}/.cache/mozilla
mkdir ${HOME}/.gnupg
whitelist ${HOME}/.gnupg
mkdir ${HOME}/.icedove
whitelist ${HOME}/.icedove
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/iceweasel.profile version [c6e55e4e82].











>
>
>
>
>
1
2
3
4
5
#
#Profile for firefox:iceweasel
#

include /etc/firejail/firefox.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/inkscape.profile version [74b07b0112].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for inkscape
#

#No Blacklist Paths
noblacklist ${HOME}/.inkscape

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
noexec ${HOME}
noexec /tmp
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/inox.profile version [c7a6980214].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for inox
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/inox
noblacklist ${HOME}/.config/inox
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/inox
whitelist ${HOME}/.cache/inox
mkdir ${HOME}/.config/inox
whitelist ${HOME}/.config/inox
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/jd-gui.profile version [8733f275ae].







































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#
#Profile for jd-gui
#

noblacklist ${HOME}/.config/jd-gui.cfg

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/jitsi.profile version [df0908a12c].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for jitsi
#

#No Blacklist Paths
noblacklist ${HOME}/.jitsi

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/kdenlive.profile version [ee837d0035].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for kdenlive
#

#No Blacklist Explicit Paths
noblacklist /tmp/dbus_session_socket

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
nogroups
noroot
private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper
private-dev
private-etc fonts,alternatives,X11,pulse,passwd
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/keepass.profile version [7e5e89fbd6].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for keepass
#

#No Blacklist Paths
noblacklist ${HOME}/.config/keepass
noblacklist ${HOME}/.keepass

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/keepassx.profile version [de67f902e1].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for keepassx
#

#No Blacklist Paths
noblacklist ${HOME}/.config/keepassx
noblacklist ${HOME}/.keepassx

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev 
private-tmp
protocol unix
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/keepassx2.profile version [d06454804d].











>
>
>
>
>
1
2
3
4
5
#
#Profile for keepassx:keepassx2
#

include /etc/firejail/keepassx.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/kmail.profile version [0b26d294ac].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for kmail
#

#No Blacklist Paths
noblacklist ${HOME}/.gnupg

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-dev
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/konversation.profile version [d8f2b0e0d2].





































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#
#Profile for konversation
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
noroot
private-tmp
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/less.profile version [9c64d8b8d0].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-13:less
#

include /etc/firejail/generic-13.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/libreoffice.profile version [c87dce983c].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for libreoffice
#

#No Blacklist Explicit Paths
noblacklist /usr/local/sbin

#No Blacklist Paths
noblacklist ${HOME}/.config/libreoffice

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
nogroups
nonewprivs
noroot
private-dev
protocol unix,inet,inet6
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/linphone.profile version [40c388fda5].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for linphone
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.linphone-history.db
noblacklist ${HOME}/.linphonerc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkfile ${HOME}/.linphone-history.db
whitelist ${HOME}/.linphone-history.db
mkfile ${HOME}/.linphonerc
whitelist ${HOME}/.linphonerc
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
noroot
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lmms.profile version [09a68be714].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#
#Profile for lmms
#

noblacklist ${HOME}/.lmmsrc.xml

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec /home
noexec /tmp
nogroups
noroot
private-dev
private-etc fonts,pulse
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/localc.profile version [17aa6970ff].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:localc
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lodraw.profile version [07890feb79].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:lodraw
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/loffice.profile version [7fcba17ebc].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:loffice
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lofromtemplate.profile version [cfa6a1554f].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:lofromtemplate
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/loimpress.profile version [e2d447dde3].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:loimpress
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lollypop.profile version [9d4dd4cff0].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for lollypop
#

#No Blacklist Paths
noblacklist ${HOME}/.local/share/lollypop

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lomath.profile version [c2dc82db8c].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:lomath
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/loweb.profile version [1e97df6c4e].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:loweb
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lowriter.profile version [102e4b2a3b].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:lowriter
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/luminance-hdr-cli.profile version [9ad36cf2d6].











>
>
>
>
>
1
2
3
4
5
#
#Profile for luminance-hdr:luminance-hdr-cli
#

include /etc/firejail/luminance-hdr.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/luminance-hdr.profile version [cab91d816c].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for luminance-hdr
#

#No Blacklist Paths
noblacklist ${HOME}/.LuminanceHDR
noblacklist ${HOME}/.config/Luminance

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
ipc-namespace
net none
noexec ${HOME}
noexec /tmp
nogroups
noroot
nosound
private-bin luminance-hdr,luminance-hdr-cli,align_image_stack
private-dev
private-etc fonts,X11,alternatives
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/lxterminal.profile version [2dddd4b04a].





























>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#
#Profile for lxterminal
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mathematica.profile version [155372478c].











>
>
>
>
>
1
2
3
4
5
#
#Profile for Mathematica:mathematica
#

include /etc/firejail/Mathematica.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mcabber.profile version [5e74709843].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for mcabber
#

#No Blacklist Paths
noblacklist ${HOME}/.mcabber
noblacklist ${HOME}/.mcabberrc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
private-bin mcabber
private-dev
private-etc null
protocol inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/midori.profile version [b26d9b1a2d].



























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#
#Profile for midori
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/midori
noblacklist ${HOME}/.config/midori

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/midori
whitelist ${HOME}/.cache/midori
mkdir ${HOME}/.config/midori
whitelist ${HOME}/.config/midori
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mpd.profile version [c92fd0594d].





































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#
#Profile for mpd
#

noblacklist ${HOME}/.mpdconf

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
noroot
private-bin mpd,bash
private-dev
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mpv.profile version [c3614d876c].













































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#
#Profile for mpv
#

#No Blacklist Paths
noblacklist ${HOME}/.config/mpv

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
private-bin mpv,youtube-dl,python2.7
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/multimc5.profile version [c36ae859df].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for multimc5
#

#No Blacklist Paths
noblacklist ${HOME}/.local/share/multimc5
noblacklist ${HOME}/.multimc5

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.local/share/multimc5
whitelist ${HOME}/.local/share/multimc5
mkdir ${HOME}/.multimc5
whitelist ${HOME}/.multimc5
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mumble.profile version [9290948d7c].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#
#Profile for mumble
#

#No Blacklist Paths
noblacklist ${HOME}/.config/Mumble
noblacklist ${HOME}/.local/share/Mumble
noblacklist ${HOME}/.local/share/data/Mumble

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/Mumble
whitelist ${HOME}/.config/Mumble
mkdir ${HOME}/.local/share/Mumble
whitelist ${HOME}/.local/share/Mumble
mkdir ${HOME}/.local/share/data/Mumble
whitelist ${HOME}/.local/share/data/Mumble
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin mumble
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mupdf.profile version [a6b6c2096f].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for mupdf
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin mupdf,sh,tempfile,rm
private-dev
private-tmp
protocol unix
read-only ${HOME}
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mupen64plus.profile version [2b002470c5].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for mupen64plus
#

#No Blacklist Paths
noblacklist ${HOME}/.config/mupen64plus
noblacklist ${HOME}/.local/share/mupen64plus

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/mupen64plus
whitelist ${HOME}/.config/mupen64plus
mkdir ${HOME}/.local/share/mupen64plus
whitelist ${HOME}/.local/share/mupen64plus
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
net none
nonewprivs
noroot
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/mutt.profile version [cc4a276e95].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for mutt
#

#No Blacklist Explicit Paths
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.mail
noblacklist ${HOME}/.mailcap

#No Blacklist Paths
noblacklist ${HOME}/.cache/mutt
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.mutt
noblacklist ${HOME}/.muttrc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/natron.profile version [ce7c686640].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for natron
#

#No Blacklist Explicit Paths
noblacklist /opt/natron/

#No Blacklist Paths
noblacklist ${HOME}/.Natron
noblacklist ${HOME}/.cache/INRIA
noblacklist ${HOME}/.config/INRIA

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
ipc-namespace
noexec ${HOME}
noexec /tmp
private-bin natron
private-etc fonts,X11,pulse
shell none
whitelist /tmp/.X11-unix/

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/netsurf.profile version [26b936b918].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for netsurf
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/netsurf
noblacklist ${HOME}/.config/netsurf

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/netsurf
whitelist ${HOME}/.cache/netsurf
mkdir ${HOME}/.config/netsurf
whitelist ${HOME}/.config/netsurf
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/okular.profile version [3f1cf79043].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for okular
#

#No Blacklist Paths
noblacklist ${HOME}/.kde/share/apps/okular
noblacklist ${HOME}/.kde/share/config/okularpartrc
noblacklist ${HOME}/.kde/share/config/okularrc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-dev
protocol unix
read-only ${HOME}/.kde/share/config/kdeglobals
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/openshot.profile version [78713b2847].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#
#Profile for openshot
#

#No Blacklist Paths
noblacklist ${HOME}/.openshot
noblacklist ${HOME}/.openshot_qt

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nonewprivs
noroot
noroot
private-bin openshot,python
private-dev
protocol unix
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/opera-beta.profile version [b3cddf82ac].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for opera-beta
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/opera-beta
noblacklist ${HOME}/.config/opera-beta
noblacklist ${HOME}/.opera-beta
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/opera-beta
whitelist ${HOME}/.cache/opera-beta
mkdir ${HOME}/.config/opera-beta
whitelist ${HOME}/.config/opera-beta
mkdir ${HOME}/.opera-beta
whitelist ${HOME}/.opera-beta
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/opera.profile version [3b3a0c62a7].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for opera
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/opera
noblacklist ${HOME}/.config/opera
noblacklist ${HOME}/.opera
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/opera
whitelist ${HOME}/.cache/opera
mkdir ${HOME}/.config/opera
whitelist ${HOME}/.config/opera
mkdir ${HOME}/.opera
whitelist ${HOME}/.opera
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/palemoon.profile version [27e5e594f5].





































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#
#Profile for palemoon
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/moonchild productions
noblacklist ${HOME}/.moonchild productions
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/moonchild productions
whitelist ${HOME}/.cache/moonchild productions
mkdir ${HOME}/.moonchild productions
whitelist ${HOME}/.moonchild productions
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/parole.profile version [2b15f2a648].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for parole
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
private-bin parole,dbus-launch
private-etc passwd,group,fonts
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/pdfsam.profile version [b6716779de].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultnd:pdfsam
#

include /etc/firejail/defaultnd.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/pidgin.profile version [130db609bb].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for pidgin
#

#No Blacklist Paths
noblacklist ${HOME}/.purple

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin pidgin
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/pithos.profile version [e312713727].











>
>
>
>
>
1
2
3
4
5
#
#Profile for defaultw:pithos
#

include /etc/firejail/defaultw.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/pix.profile version [311c22d70e].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for pix
#

#No Blacklist Paths
noblacklist ${HOME}/.config/pix
noblacklist ${HOME}/.local/share/pix

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin pix
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/polari.profile version [f71af38549].





















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#
#Profile for polari
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/telepathy
noblacklist ${HOME}/.config/telepathy-account-widgets
noblacklist ${HOME}/.local/share/Empathy
noblacklist ${HOME}/.local/share/TpLogger
noblacklist ${HOME}/.local/share/telepathy
noblacklist ${HOME}/.purple

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/telepathy
whitelist ${HOME}/.cache/telepathy
mkdir ${HOME}/.config/telepathy-account-widgets
whitelist ${HOME}/.config/telepathy-account-widgets
mkdir ${HOME}/.local/share/Empathy
whitelist ${HOME}/.local/share/Empathy
mkdir ${HOME}/.local/share/TpLogger
whitelist ${HOME}/.local/share/TpLogger
mkdir ${HOME}/.local/share/telepathy
whitelist ${HOME}/.local/share/telepathy
mkdir ${HOME}/.purple
whitelist ${HOME}/.purple
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/psi-plus.profile version [8d9621f972].



























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#
#Profile for psi-plus
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/psi+
noblacklist ${HOME}/.local/share/psi+

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/psi+
whitelist ${HOME}/.config/psi+
mkdir ${HOME}/.local/share/psi+
whitelist ${HOME}/.local/share/psi+
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/qbittorrent.profile version [6ccb1cad31].











































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
#Profile for qbittorrent
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
nosound
private-dev
private-tmp
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/qpdfview.profile version [2c108c0332].



























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#
#Profile for qpdfview
#

#No Blacklist Paths
noblacklist ${HOME}/.config/qpdfview
noblacklist ${HOME}/.local/share/qpdfview

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec ${HOME}
noexec /tmp
nogroups
nonewprivs
noroot
nosound
private-bin qpdfview
private-dev
private-etc fonts,X11,alternatives
private-tmp
protocol unix

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/qtox.profile version [4e390bede9].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for qtox
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/tox

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/tox
whitelist ${HOME}/.config/tox
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin qtox
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/quassel.profile version [5d3bca6a00].



































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#
#Profile for quassel
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/quiterss.profile version [ae3fcf2b8e].























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#
#Profile for quiterss
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/QuiteRss
noblacklist ${HOME}/.config/QuiteRss
noblacklist ${HOME}/.config/QuiteRssrc
noblacklist ${HOME}/.local/share/QuiteRss
noblacklist ${HOME}/quiterssfeeds.opml

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.cache/QuiteRss
whitelist ${HOME}/.cache/QuiteRss
mkdir ${HOME}/.config/QuiteRss
whitelist ${HOME}/.config/QuiteRss
mkdir ${HOME}/.config/QuiteRssrc
whitelist ${HOME}/.config/QuiteRssrc
mkdir ${HOME}/.local/share/QuiteRss
whitelist ${HOME}/.local/share/QuiteRss
mkfile ${HOME}/quiterssfeeds.opml
whitelist ${HOME}/quiterssfeeds.opml
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin quiterss
private-dev
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/qutebrowser.profile version [7345c5b6bd].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for qutebrowser
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/qutebrowser
noblacklist ${HOME}/.config/qutebrowser

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/qutebrowser
whitelist ${HOME}/.cache/qutebrowser
mkdir ${HOME}/.config/qutebrowser
whitelist ${HOME}/.config/qutebrowser
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/ranger.profile version [4accacbdf8].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for ranger
#

#No Blacklist Explicit Paths
noblacklist /usr/bin/perl
noblacklist /usr/lib/perl*
noblacklist /usr/share/perl*

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
netfilter
nogroups
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/redshift-gtk.profile version [e212144374].











>
>
>
>
>
1
2
3
4
5
#
#Profile for redshift:redshift-gtk
#

include /etc/firejail/redshift.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/redshift.profile version [032b8bc861].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for redshift
#

noblacklist ${HOME}/.config/redshift.conf

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

mkfile ${HOME}/.config/redshift.conf
whitelist ${HOME}/.config/redshift.conf
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/rhythmbox.profile version [ca4decfe13].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for rhythmbox
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin rhythmbox
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/ricochet.profile version [5d5e7176b2].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for ricochet
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.local/share/Ricochet

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.local/share/Ricochet
whitelist ${HOME}/.local/share/Ricochet
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
ipc-namespace
noexec /home
noexec /tmp
nogroups
noroot
private-bin ricochet,tor
private-dev
private-etc fonts,tor,X11,alternatives
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/rtorrent.profile version [12eb704afd].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for rtorrent
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
nosound
private-bin rtorrent
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/scribus.profile version [9193472792].











































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
#Profile for scribus
#

#No Blacklist Paths
noblacklist ${HOME}/.scribus

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
noroot
private-bin scribus,gs
private-dev
protocol unix
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/seamonkey-bin.profile version [10abd01cfc].











>
>
>
>
>
1
2
3
4
5
#
#Profile for seamonkey:seamonkey-bin
#

include /etc/firejail/seamonkey.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/seamonkey.profile version [4683d6f168].





































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#
#Profile for seamonkey
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.mozilla/seamonkey
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/mozilla
whitelist ${HOME}/.cache/mozilla
mkdir ${HOME}/.mozilla/seamonkey
whitelist ${HOME}/.mozilla/seamonkey
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/server.profile version [b951fd0246].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for server
#

#No Blacklist Explicit Paths
noblacklist /sbin
noblacklist /usr/sbin

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
no3d
nosound
private
private-dev
private-tmp
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/shotcut.profile version [ac79aa9f7d].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for shotcut
#

#No Blacklist Paths
noblacklist ${HOME}/.config/Meltytech

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
noexec ${HOME}
noexec /tmp
nogroups
noroot
private-bin shotcut,melt,qmelt,nice
private-dev
private-etc X11,alternatives,pulse,fonts
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/skype.profile version [5ec1db702b].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
#Profile for skype
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.Skype

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.Skype
whitelist ${HOME}/.Skype
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
ipc-namespace
noexec ${HOME}/
noexec /tmp/
noroot
private-bin skype,bash
private-etc resolv.conf,hosts,fonts,pulse
protocol inet,inet6,unix
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/skypeforlinux.profile version [80e1b4ad70].





































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#
#Profile for skypeforlinux
#

#No Blacklist Paths
noblacklist ${HOME}/.config/skypeforlinux

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.drop all
netfilter
noroot
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/slack.profile version [0d866a40ba].







































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#
#Profile for slack
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/Slack

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/Slack
whitelist ${HOME}/.config/Slack
include /etc/firejail/whitelist-common.inc

#Options
blacklist /var
caps.drop all
name slack
netfilter
nogroups
nonewprivs
noroot
private-bin slack
private-dev
private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/slimjet.profile version [9fadcfbd94].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for slimjet
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/slimjet
noblacklist ${HOME}/.config/slimjet
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/slimjet
whitelist ${HOME}/.cache/slimjet
mkdir ${HOME}/.config/slimjet
whitelist ${HOME}/.config/slimjet
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/snap.profile version [18e8570bde].































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#
#Profile for snap
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/snap

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc

#Options
caps.keep chown,sys_admin

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/soffice.profile version [06491646f9].











>
>
>
>
>
1
2
3
4
5
#
#Profile for libreoffice:soffice
#

include /etc/firejail/libreoffice.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/spotify.profile version [e66c444a12].



































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#
#Profile for spotify
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/spotify
noblacklist ${HOME}/.config/spotify
noblacklist ${HOME}/.local/share/spotify

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.cache/spotify
whitelist ${HOME}/.cache/spotify
mkdir ${HOME}/.config/spotify
whitelist ${HOME}/.config/spotify
mkdir ${HOME}/.local/share/spotify
whitelist ${HOME}/.local/share/spotify
include /etc/firejail/whitelist-common.inc

#Options
blacklist ${HOME}/.Xauthority
blacklist ${HOME}/.bashrc
blacklist /boot
blacklist /lost+found
blacklist /media
blacklist /mnt
blacklist /opt
blacklist /root
blacklist /sbin
blacklist /srv
blacklist /sys
blacklist /var
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin spotify
private-dev
private-etc fonts,machine-id,pulse,resolv.conf
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/ssh.profile version [2a7e9199bd].













































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#
#Profile for ssh
#

#No Blacklist Paths
noblacklist ${HOME}/.ssh
noblacklist /tmp/ssh-*

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
quiet
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/start-tor-browser.profile version [a1b43b1d02].











>
>
>
>
>
1
2
3
4
5
#
#Profile for torbrowser-launcher:start-tor-browser
#

include /etc/firejail/torbrowser-launcher.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/steam-native.profile version [666a06ae83].











>
>
>
>
>
1
2
3
4
5
#
#Profile for steam:steam-native
#

include /etc/firejail/steam.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/steam.profile version [7f882358f6].







































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#
#Profile for steam
#

#No Blacklist Paths
noblacklist ${HOME}/.killingfloor
noblacklist ${HOME}/.local/share/3909/PapersPlease
noblacklist ${HOME}/.local/share/Steam
noblacklist ${HOME}/.local/share/SuperHexagon
noblacklist ${HOME}/.local/share/Terraria
noblacklist ${HOME}/.local/share/aspyr-media
noblacklist ${HOME}/.local/share/cdprojektred
noblacklist ${HOME}/.local/share/feral-interactive
noblacklist ${HOME}/.local/share/steam
noblacklist ${HOME}/.local/share/vpltd
noblacklist ${HOME}/.local/share/vulkan
noblacklist ${HOME}/.nv
noblacklist ${HOME}/.steam
noblacklist ${HOME}/.steampath
noblacklist ${HOME}/.steampid
noblacklist ${HOME}/My Games

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/stellarium.profile version [79d8297353].







































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#
#Profile for stellarium
#

#No Blacklist Paths
noblacklist ${HOME}/.config/stellarium
noblacklist ${HOME}/.stellarium

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.config/stellarium
whitelist ${HOME}/.config/stellarium
mkdir ${HOME}/.stellarium
whitelist ${HOME}/.stellarium
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin stellarium
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/strings.profile version [e19af0c3ed].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-13:strings
#

include /etc/firejail/generic-13.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/synfigstudio.profile version [b7daacebac].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for synfigstudio
#

#No Blacklist Paths
noblacklist ${HOME}/.synfig

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec ${HOME}
noexec /tmp
noroot
private-bin synfigstudio
private-dev
private-etc fonts,X11,synfig,synfig_modules.cfg
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/tar.profile version [835d1c29ef].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:tar
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/teamspeak3.profile version [0c4524e87b].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for teamspeak3
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.ts3client

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.ts3client
whitelist ${HOME}/.ts3client
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/telegram.profile version [a09973eec8].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for telegram
#

#No Blacklist Paths
noblacklist ${HOME}/.TelegramDesktop

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/thunderbird.profile version [d0d9d940ef].























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#
#Profile for thunderbird
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/mozilla
noblacklist ${HOME}/.cache/thunderbird
noblacklist ${HOME}/.gnupg
noblacklist ${HOME}/.mozilla
noblacklist ${HOME}/.pki
noblacklist ${HOME}/.thunderbird

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/mozilla
whitelist ${HOME}/.cache/mozilla
mkdir ${HOME}/.cache/thunderbird
whitelist ${HOME}/.cache/thunderbird
mkdir ${HOME}/.gnupg
whitelist ${HOME}/.gnupg
mkdir ${HOME}/.mozilla
whitelist ${HOME}/.mozilla
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
mkdir ${HOME}/.thunderbird
whitelist ${HOME}/.thunderbird
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/torbrowser-launcher.profile version [46a7b4a796].









































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#
#Profile for torbrowser-launcher
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/torbrowser
noblacklist ${HOME}/.config/torbrowser
noblacklist ${HOME}/.local/share/torbrowser

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/torbrowser
whitelist ${HOME}/.cache/torbrowser
mkdir ${HOME}/.config/torbrowser
whitelist ${HOME}/.config/torbrowser
mkdir ${HOME}/.local/share/torbrowser
whitelist ${HOME}/.local/share/torbrowser
include /etc/firejail/whitelist-common.inc

#Options
blacklist /boot
blacklist /media
blacklist /mnt
blacklist /opt
blacklist /usr/local/bin
caps.drop all
noexec /tmp
noroot
private-bin bash,grep,sed,tail,torbrowser-launcher,python,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,zenity,kdialog,xmessage,gxmessage,getconf,file,expr
private-etc X11,alternatives,pulse,resolv.conf,fonts,ssl
private-tmp
seccomp
shell none
whitelist /dev/dri
whitelist /dev/full
whitelist /dev/null
whitelist /dev/ptmx
whitelist /dev/pts
whitelist /dev/random
whitelist /dev/shm
whitelist /dev/snd
whitelist /dev/tty
whitelist /dev/urandom
whitelist /dev/video0
whitelist /dev/zero

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/totem.profile version [c3d4ed0875].











































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#
#Profile for totem
#

#No Blacklist Paths
noblacklist ${HOME}/.config/totem
noblacklist ${HOME}/.local/share/totem

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/transmission-cli.profile version [b9adaade10].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for transmission-cli
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/transmission
noblacklist ${HOME}/.config/transmission

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/transmission-gtk.profile version [79476f82cb].











>
>
>
>
>
1
2
3
4
5
#
#Profile for transmission-cli:transmission-gtk
#

include /etc/firejail/transmission-cli.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/transmission-qt.profile version [a08e2b6127].











>
>
>
>
>
1
2
3
4
5
#
#Profile for transmission-cli:transmission-qt
#

include /etc/firejail/transmission-cli.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/uget-gtk.profile version [13aa715492].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for uget-gtk
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/uGet

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/uGet
whitelist ${HOME}/.config/uGet
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
nosound
private-bin uget-gtk
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/unbound.profile version [eba42b5461].







































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#
#Profile for unbound
#

#No Blacklist Explicit Paths
noblacklist /sbin
noblacklist /usr/sbin

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
nosound
private
private-dev
seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/unrar.profile version [0743328d3f].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:unrar
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/unzip.profile version [7dbad9c2a5].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:unzip
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/uudeview.profile version [49c5e8d51e].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for uudeview
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
hostname uudeview
net none
netfilter
nonewprivs
nosound
private-bin uudeview
private-dev
private-etc nonexisting_fakefile_for_empty_etc
protocol unix,inet,inet6
quiet
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/virtualbox.profile version [873a4d591e].















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#Profile for virtualbox
#

#No Blacklist Explicit Paths
noblacklist /dev/vboxdrv
noblacklist /dev/vboxdrvu
noblacklist /dev/vboxnetctl
noblacklist /usr/bin/virtualbox

#No Blacklist Paths
noblacklist ${HOME}/.VirtualBox
noblacklist ${HOME}/.config/VirtualBox
noblacklist ${HOME}/VirtualBox VMs

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/vivaldi-beta.profile version [27b7ee4e4a].











>
>
>
>
>
1
2
3
4
5
#
#Profile for vivaldi:vivaldi-beta
#

include /etc/firejail/vivaldi.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/vivaldi.profile version [5d6cae80ca].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for vivaldi
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.cache/vivaldi
noblacklist ${HOME}/.config/vivaldi
noblacklist ${HOME}/.pki

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.cache/vivaldi
whitelist ${HOME}/.cache/vivaldi
mkdir ${HOME}/.config/vivaldi
whitelist ${HOME}/.config/vivaldi
mkdir ${HOME}/.pki
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc

#Options
netfilter

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/vlc.profile version [9a1846ecce].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for vlc
#

#No Blacklist Paths
noblacklist ${HOME}/.config/vlc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/warzone2100.profile version [0d7de084ae].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for warzone2100
#

#No Blacklist Paths
noblacklist ${HOME}/.warzone2100-3.1

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.warzone2100-3.1
whitelist ${HOME}/.warzone2100-3.1
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin warzone2100
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/weechat-curses.profile version [8fe26537f8].











>
>
>
>
>
1
2
3
4
5
#
#Profile for weechat:weechat-curses
#

include /etc/firejail/weechat.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/weechat.profile version [c1cf294afd].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for weechat
#

#No Blacklist Paths
noblacklist ${HOME}/.weechat

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/wesnoth.profile version [a391927805].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#
#Profile for wesnoth
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/wesnoth
noblacklist ${HOME}/.config/wesnoth
noblacklist ${HOME}/.local/share/wesnoth

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.cache/wesnoth
whitelist ${HOME}/.cache/wesnoth
mkdir ${HOME}/.config/wesnoth
whitelist ${HOME}/.config/wesnoth
mkdir ${HOME}/.local/share/wesnoth
whitelist ${HOME}/.local/share/wesnoth
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
nonewprivs
noroot
private-dev
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/wine.profile version [2c2d54dabe].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#
#Profile for wine
#

#No Blacklist Paths
noblacklist ${HOME}/.wine
noblacklist ${HOME}/.wine64

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/wire.profile version [a2aa1deab8].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for wire
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/Wire
noblacklist ${HOME}/.config/wire

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-dev
private-tmp
protocol unix,inet,inet6,netlink
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xchat.profile version [eeee33db92].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for xchat
#

#No Blacklist Paths
noblacklist ${DOWNLOADS}
noblacklist ${HOME}/.config/xchat

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
whitelist ${DOWNLOADS}
mkdir ${HOME}/.config/xchat
whitelist ${HOME}/.config/xchat
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xiphos.profile version [46186701bd].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#
#Profile for xiphos
#

#No Blacklist Paths
noblacklist ${HOME}/.sword
noblacklist ${HOME}/.xiphos

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.sword
whitelist ${HOME}/.sword
mkdir ${HOME}/.xiphos
whitelist ${HOME}/.xiphos
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin xiphos
private-dev
private-etc fonts,resolv.conf,sword
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xonotic-glx.profile version [e5e72716ab].











>
>
>
>
>
1
2
3
4
5
#
#Profile for xonotic:xonotic-glx
#

include /etc/firejail/xonotic.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xonotic-sdl.profile version [db8de4b002].











>
>
>
>
>
1
2
3
4
5
#
#Profile for xonotic:xonotic-sdl
#

include /etc/firejail/xonotic.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xonotic.profile version [124bef4402].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#
#Profile for xonotic
#

#No Blacklist Paths
noblacklist ${HOME}/.xonotic

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.xonotic
whitelist ${HOME}/.xonotic
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xpdf.profile version [92a3d4d466].













































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#
#Profile for xpdf
#

noblacklist ${HOME}/.xpdfrc

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
nonewprivs
noroot
private-dev
private-tmp
protocol unix
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xplayer.profile version [c283109b9f].























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#
#Profile for xplayer
#

#No Blacklist Paths
noblacklist ${HOME}/.config/xplayer
noblacklist ${HOME}/.local/share/xplayer

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
netfilter
nogroups
nonewprivs
noroot
private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer
private-dev
private-tmp
protocol unix,inet,inet6
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xreader.profile version [d80370b637].

























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#
#Profile for xreader
#

#No Blacklist Paths
noblacklist ${HOME}/.cache/xreader
noblacklist ${HOME}/.config/xreader
noblacklist ${HOME}/.local/share/xreader

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin xreader, xreader-previewer, xreader-thumbnailer
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xviewer.profile version [b2988c2657].





















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#
#Profile for xviewer
#

#No Blacklist Paths
noblacklist ${HOME}/.config/xviewer

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
nogroups
nonewprivs
noroot
nosound
private-bin xviewer
private-dev
private-tmp
protocol unix
seccomp
shell none
tracelog

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xz.profile version [674ef54aac].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:xz
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/xzdec.profile version [84fd2b13dd].











>
>
>
>
>
1
2
3
4
5
#
#Profile for generic-compression:xzdec
#

include /etc/firejail/generic-compression.profile

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/zart.profile version [e3c835a492].













































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#
#Profile for zart
#

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
ipc-namespace
net none
noexec ${HOME}
noexec /tmp
noroot
private-bin zart,ffmpeg,melt,ffprobe,ffplay
private-dev
private-etc fonts,X11
seccomp
shell none

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/zathura.profile version [73f508aa40].

































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#
#Profile for zathura
#

#No Blacklist Paths
noblacklist ${HOME}/.config/zathura
noblacklist ${HOME}/.local/share/zathura

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Options
caps.drop all
net none
netfilter
nogroups
nonewprivs
noroot
nosound
private-bin zathura
private-dev
private-etc fonts
private-tmp
protocol unix
read-only ~/
read-write ~/.local/share/zathura/
seccomp
shell none
whitelist /tmp/.X11-unix

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/generated/zoom.profile version [6478359b4a].



























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#
#Profile for zoom
#

#No Blacklist Paths
noblacklist ${HOME}/.zoom
noblacklist ${HOME}/.config/zoomus.conf

#Blacklist Paths
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-devel.inc

#Whitelist Paths
mkdir ${HOME}/.zoom
whitelist ${HOME}/.zoom
mkfile ${HOME}/.config/zoomus.conf
whitelist ${HOME}/.config/zoomus.conf
include /etc/firejail/whitelist-common.inc

#Options
caps.drop all
netfilter
nonewprivs
noroot
private-tmp
protocol unix,inet,inet6
seccomp

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/overlay/disable-programs.inc version [c4831eb62b].



























>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
blacklist ${HOME}/.*coin
blacklist ${HOME}/.electrum*
blacklist ${HOME}/.gitconfig
blacklist ${HOME}/.git-credential-cache
blacklist ${HOME}/.msmtprc
blacklist ${HOME}/.mutt/muttrc
blacklist ${HOME}/.muttrc
blacklist ${HOME}/.retroshare
blacklist ${HOME}/.subversion
blacklist ${HOME}/.sylpheed-2.0
blacklist ${HOME}/.tconn
blacklist ${HOME}/wallet.dat
blacklist /tmp/ssh-*

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/src/info/spotcomms/firejailprofilegenerator/Application.java version [7abf15e0f4].



































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*This file is part of FirejailProfileGenerator.
  
  FirejailProfileGenerator is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 2 of the License, or
  (at your option) any later version.
  
  FirejailProfileGenerator is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with FirejailProfileGenerator.  If not, see <http://www.gnu.org/licenses/>.
*/

package info.spotcomms.firejailprofilegenerator;

import java.util.ArrayList;

public class Application {

  private String name;
  private ArrayList<String> aliases;
  private boolean mode;//false == blacklist, true == whitelist
  private ArrayList<String> options;
  private ArrayList<String> genOptions;
  private ArrayList<String> noBlacklistExplicit;
  private ArrayList<String> paths;
  private ArrayList<String> files;

  public Application(String name) {
    this.name = name;
  }

  public ArrayList<String> getAliases() {
    return aliases;
  }

  public void setAliases(ArrayList<String> aliases) {
    this.aliases = aliases;
  }

  public boolean getMode() {
    return mode;
  }

  public void setMode(boolean mode) {
    this.mode = mode;
  }

  public ArrayList<String> getOptions() {
    return options;
  }

  public void setOptions(ArrayList<String> options) {
    this.options = options;
  }

  public ArrayList<String> getGenOptions() {
    return genOptions;
  }

  public void setGenOptions(ArrayList<String> genOptions) {
    this.genOptions = genOptions;
  }

  public ArrayList<String> getNoBlacklistExplicit() {
    return noBlacklistExplicit;
  }

  public void setNoBlacklistExplicit(ArrayList<String> noBlacklistExplicit) {
    this.noBlacklistExplicit = noBlacklistExplicit;
  }

  public ArrayList<String> getPaths() {
    return paths;
  }

  public void setPaths(ArrayList<String> paths) {
    this.paths = paths;
  }

  public ArrayList<String> getFiles() {
    return files;
  }

  public void setFiles(ArrayList<String> files) {
    this.files = files;
  }


  public String getName() {
    return name;
  }

}

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/FirejailProfileGenerator/src/info/spotcomms/firejailprofilegenerator/Main.java version [db00ed7763].





































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
/*This file is part of FirejailProfileGenerator.

  FirejailProfileGenerator is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 2 of the License, or
  (at your option) any later version.

  FirejailProfileGenerator is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with FirejailProfileGenerator.  If not, see <http://www.gnu.org/licenses/>.
 */

package info.spotcomms.firejailprofilegenerator;

import java.io.File;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Scanner;
import java.util.Set;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

public class Main {

  private static ArrayList<Application> applications = new ArrayList<Application>();
  private static Application curApplication;

  public static void main(String[] args) {
    try {
      //START OF XML PARSING
      File configFile = new File("Firejail_Config.xml");
      DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
      DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
      Document config = documentBuilder.parse(configFile);
      config.getDocumentElement().normalize();
      NodeList nodes = config.getElementsByTagName("application");
      for(int c = 0; c < nodes.getLength(); c++) {
        Node curNode = nodes.item(c);
        if (curNode.getNodeType() == Node.ELEMENT_NODE) {
          Element element = (Element) curNode;
          curApplication = new Application(element.getElementsByTagName("name").item(0).getTextContent());
          curApplication.setMode(element.getElementsByTagName("mode").item(0).getTextContent().equals("whitelist") ? true : false);
          if(element.getElementsByTagName("aliases").item(0) != null) {
            curApplication.setAliases(convertToArray(element.getElementsByTagName("aliases").item(0).getTextContent()));
          }
          if(element.getElementsByTagName("options").item(0) != null) {
            curApplication.setOptions(convertToArray(element.getElementsByTagName("options").item(0).getTextContent()));
          }
          if(element.getElementsByTagName("paths").item(0) != null) {
            curApplication.setPaths(convertToArray(element.getElementsByTagName("paths").item(0).getTextContent()));
          }
          if(element.getElementsByTagName("files").item(0) != null) {
            curApplication.setFiles(convertToArray(element.getElementsByTagName("files").item(0).getTextContent()));
          }
          if(element.getElementsByTagName("noblacklistexplicit").item(0) != null) {
            curApplication.setNoBlacklistExplicit(convertToArray(element.getElementsByTagName("noblacklistexplicit").item(0).getTextContent()));
          }
          if(element.getElementsByTagName("genoptions").item(0) != null) {
            curApplication.setGenOptions(convertToArray(element.getElementsByTagName("genoptions").item(0).getTextContent()));
          }
          applications.add(curApplication);
          curApplication = null;
        }
      }
      //END OF XML PARSING

      //START OF disable-programs.inc GENERATION 
      PrintWriter out = new PrintWriter("generated/disable-programs.inc", "UTF-8");
      //Dynamic
      for(String path : getAllPaths()) {
        if(!path.equals("${DOWNLOADS}") && !path.equals("${HOME}/Documents")) {
          out.println("blacklist " + path);
        }
      }
      //Static
      Scanner s = new Scanner(new File("overlay/disable-programs.inc"));
      while(s.hasNext()) {
        out.println(s.nextLine());
      }
      out.close();
      out = null;
      //END OF disable-programs.inc GENERATION 

      //START OF .profiles GENERATION
      for(Application app : applications) {
        PrintWriter outA = new PrintWriter("generated/" + app.getName() + ".profile", "UTF-8");
        //Header
        outA.println("#\n#Profile for " + app.getName() + "\n#");
        outA.println();
        //No Blacklist Explicit Paths
        if(app.getNoBlacklistExplicit() != null) {
          outA.println("#No Blacklist Explicit Paths");
          for(String path : app.getNoBlacklistExplicit()) {
            outA.println("noblacklist " + path);
          }
          outA.println();
        }
        //No Blacklist Paths
        if(app.getPaths() != null) {
          outA.println("#No Blacklist Paths");
          for(String path : app.getPaths()) {
            outA.println("noblacklist " + path);
          }
        }
        if(app.getFiles() != null) {
          for(String file : app.getFiles()) {
            outA.println("noblacklist " + file);
          }
        }
        if(app.getPaths() != null || app.getFiles() != null) {
          outA.println();
        }
        //Blacklist Paths
        outA.println("#Blacklist Paths");
        outA.println("include /etc/firejail/disable-common.inc");
        outA.println("include /etc/firejail/disable-programs.inc");
        outA.println("include /etc/firejail/disable-passwdmgr.inc");
        if(app.getGenOptions() == null || app.getGenOptions() != null && !app.getGenOptions().contains("nodevel")) {
          outA.println("include /etc/firejail/disable-devel.inc");
        }
        outA.println();
        //Whitelist Paths
        if(app.getMode()) {
          if(app.getPaths() != null) {
            outA.println("#Whitelist Paths");
            for(String path : app.getPaths()) {
              if(!path.equals("${DOWNLOADS}")) {
                outA.println("mkdir " + path);
              }
              outA.println("whitelist " + path);
            }
          }
          //Whitelist Files
          if(app.getFiles() != null) {
            for(String file : app.getFiles()) {
              outA.println("mkfile " + file);
              outA.println("whitelist " + file);
            }
          }
          outA.println("include /etc/firejail/whitelist-common.inc");
          outA.println();
        }
        //Options
        if(app.getOptions() != null) {
          outA.println("#Options");
          for(String option : app.getOptions()) {
            outA.println(option);
          }
        }
        outA.close();

        //START OF ALIASES GENERATION
        if(app.getAliases() != null) {
          for(String alias : app.getAliases()) {
            PrintWriter outAa = new PrintWriter("generated/" + alias + ".profile", "UTF-8");
            //Header
            outAa.println("#\n#Profile for " + app.getName() + ":" + alias + "\n#");
            outAa.println();
            outAa.println("include /etc/firejail/" + app.getName() + ".profile");
            outAa.close();
          }
        }
        //END OF ALIASES GENERATION
      }
      //END OF .profiles GENERATION
    } catch(Exception e) {
      e.printStackTrace();
    }
  }

  private static ArrayList<String> convertToArray(String input) {
    ArrayList<String> output = new ArrayList<String>(Arrays.asList(input.split(" # ")));
    Collections.sort(output);
    return output;
  }

  private static ArrayList<String> getAllPaths() {
    Set<String> paths = new HashSet<String>();
    for(Application app: applications) {
      if(app.getPaths() != null) {
        for(String path : app.getPaths()) {
          paths.add(path);
        }
      }
      if(app.getFiles() != null) {
        for(String file : app.getFiles()) {
          paths.add(file);
        }
      }
    }
    ArrayList<String> pathsNew = new ArrayList<String>();
    pathsNew.addAll(paths);
    Collections.sort(pathsNew);
    return pathsNew;
  }

}

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/FETCH_HEAD version [8b3f6b4ea8].



>
1
8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7		branch 'master' of https://github.com/debops-contrib/ansible-firejail

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/HEAD version [acbaef275e].



>
1
ref: refs/heads/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/ORIG_HEAD version [ca0db9847d].



>
1
8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/config version [afd5f78806].























>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/debops-contrib/ansible-firejail.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/description version [9635f1b7e1].



>
1
Unnamed repository; edit this file 'description' to name the repository.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/applypatch-msg.sample version [86b9655a9e].































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#!/bin/sh
#
# An example hook script to check the commit log message taken by
# applypatch from an e-mail message.
#
# The hook should exit with non-zero status after issuing an
# appropriate message if it wants to stop the commit.  The hook is
# allowed to edit the commit message file.
#
# To enable this hook, rename this file to "applypatch-msg".

. git-sh-setup
test -x "$GIT_DIR/hooks/commit-msg" &&
	exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"}
:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/commit-msg.sample version [ee1ed5aad9].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/sh
#
# An example hook script to check the commit log message.
# Called by "git commit" with one argument, the name of the file
# that has the commit message.  The hook should exit with non-zero
# status after issuing an appropriate message if it wants to stop the
# commit.  The hook is allowed to edit the commit message file.
#
# To enable this hook, rename this file to "commit-msg".

# Uncomment the below to add a Signed-off-by line to the message.
# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
# hook is more suited to it.
#
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

# This example catches duplicate Signed-off-by lines.

test "" = "$(grep '^Signed-off-by: ' "$1" |
	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
	echo >&2 Duplicate Signed-off-by lines.
	exit 1
}

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/post-update.sample version [b614c2f63d].

















>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
#!/bin/sh
#
# An example hook script to prepare a packed repository for use over
# dumb transports.
#
# To enable this hook, rename this file to "post-update".

exec git update-server-info

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/pre-applypatch.sample version [42fa415649].





























>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/bin/sh
#
# An example hook script to verify what is about to be committed
# by applypatch from an e-mail message.
#
# The hook should exit with non-zero status after issuing an
# appropriate message if it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-applypatch".

. git-sh-setup
test -x "$GIT_DIR/hooks/pre-commit" &&
	exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"}
:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/pre-commit.sample version [36aed8976d].



































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/sh
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments.  The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-commit".

if git rev-parse --verify HEAD >/dev/null 2>&1
then
	against=HEAD
else
	# Initial commit: diff against an empty tree object
	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi

# If you want to allow non-ASCII filenames set this variable to true.
allownonascii=$(git config --bool hooks.allownonascii)

# Redirect output to stderr.
exec 1>&2

# Cross platform projects tend to avoid non-ASCII filenames; prevent
# them from being added to the repository. We exploit the fact that the
# printable range starts at the space character and ends with tilde.
if [ "$allownonascii" != "true" ] &&
	# Note that the use of brackets around a tr range is ok here, (it's
	# even required, for portability to Solaris 10's /usr/bin/tr), since
	# the square bracket bytes happen to fall in the designated range.
	test $(git diff --cached --name-only --diff-filter=A -z $against |
	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
then
	cat <<\EOF
Error: Attempt to add a non-ASCII file name.

This can cause problems if you want to work with people on other platforms.

To be portable it is advisable to rename the file.

If you know what you are doing you can disable this check using:

  git config hooks.allownonascii true
EOF
	exit 1
fi

# If there are whitespace errors, print the offending file names and fail.
exec git diff-index --check --cached $against --

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/pre-push.sample version [b4ad74c989].













































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/sh

# An example hook script to verify what is about to be pushed.  Called by "git
# push" after it has checked the remote status, but before anything has been
# pushed.  If this script exits with a non-zero status nothing will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>
#
# This sample shows how to prevent push of commits where the log message starts
# with "WIP" (work in progress).

remote="$1"
url="$2"

z40=0000000000000000000000000000000000000000

IFS=' '
while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi

		# Check for WIP commit
		commit=`git rev-list -n 1 --grep '^WIP' "$range"`
		if [ -n "$commit" ]
		then
			echo "Found WIP commit in $local_ref, not pushing"
			exit 1
		fi
	fi
done

exit 0

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/pre-rebase.sample version [5885a56ab4].



















































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/bin/sh
#
# Copyright (c) 2006, 2008 Junio C Hamano
#
# The "pre-rebase" hook is run just before "git rebase" starts doing
# its job, and can prevent the command from running by exiting with
# non-zero status.
#
# The hook is called with the following parameters:
#
# $1 -- the upstream the series was forked from.
# $2 -- the branch being rebased (or empty when rebasing the current branch).
#
# This sample shows how to prevent topic branches that are already
# merged to 'next' branch from getting rebased, because allowing it
# would result in rebasing already published history.

publish=next
basebranch="$1"
if test "$#" = 2
then
	topic="refs/heads/$2"
else
	topic=`git symbolic-ref HEAD` ||
	exit 0 ;# we do not interrupt rebasing detached HEAD
fi

case "$topic" in
refs/heads/??/*)
	;;
*)
	exit 0 ;# we do not interrupt others.
	;;
esac

# Now we are dealing with a topic branch being rebased
# on top of master.  Is it OK to rebase it?

# Does the topic really exist?
git show-ref -q "$topic" || {
	echo >&2 "No such branch $topic"
	exit 1
}

# Is topic fully merged to master?
not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
if test -z "$not_in_master"
then
	echo >&2 "$topic is fully merged to master; better remove it."
	exit 1 ;# we could allow it, but there is no point.
fi

# Is topic ever merged to next?  If so you should not be rebasing it.
only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
only_next_2=`git rev-list ^master           ${publish} | sort`
if test "$only_next_1" = "$only_next_2"
then
	not_in_topic=`git rev-list "^$topic" master`
	if test -z "$not_in_topic"
	then
		echo >&2 "$topic is already up-to-date with master"
		exit 1 ;# we could allow it, but there is no point.
	else
		exit 0
	fi
else
	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
	/usr/bin/perl -e '
		my $topic = $ARGV[0];
		my $msg = "* $topic has commits already merged to public branch:\n";
		my (%not_in_next) = map {
			/^([0-9a-f]+) /;
			($1 => 1);
		} split(/\n/, $ARGV[1]);
		for my $elem (map {
				/^([0-9a-f]+) (.*)$/;
				[$1 => $2];
			} split(/\n/, $ARGV[2])) {
			if (!exists $not_in_next{$elem->[0]}) {
				if ($msg) {
					print STDERR $msg;
					undef $msg;
				}
				print STDERR " $elem->[1]\n";
			}
		}
	' "$topic" "$not_in_next" "$not_in_master"
	exit 1
fi

exit 0

################################################################

This sample hook safeguards topic branches that have been
published from being rewound.

The workflow assumed here is:

 * Once a topic branch forks from "master", "master" is never
   merged into it again (either directly or indirectly).

 * Once a topic branch is fully cooked and merged into "master",
   it is deleted.  If you need to build on top of it to correct
   earlier mistakes, a new topic branch is created by forking at
   the tip of the "master".  This is not strictly necessary, but
   it makes it easier to keep your history simple.

 * Whenever you need to test or publish your changes to topic
   branches, merge them into "next" branch.

The script, being an example, hardcodes the publish branch name
to be "next", but it is trivial to make it configurable via
$GIT_DIR/config mechanism.

With this workflow, you would want to know:

(1) ... if a topic branch has ever been merged to "next".  Young
    topic branches can have stupid mistakes you would rather
    clean up before publishing, and things that have not been
    merged into other branches can be easily rebased without
    affecting other people.  But once it is published, you would
    not want to rewind it.

(2) ... if a topic branch has been fully merged to "master".
    Then you can delete it.  More importantly, you should not
    build on top of it -- other people may already want to
    change things related to the topic as patches against your
    "master", so if you need further changes, it is better to
    fork the topic (perhaps with the same name) afresh from the
    tip of "master".

Let's look at this example:

		   o---o---o---o---o---o---o---o---o---o "next"
		  /       /           /           /
		 /   a---a---b A     /           /
		/   /               /           /
	       /   /   c---c---c---c B         /
	      /   /   /             \         /
	     /   /   /   b---b C     \       /
	    /   /   /   /             \     /
    ---o---o---o---o---o---o---o---o---o---o---o "master"


A, B and C are topic branches.

 * A has one fix since it was merged up to "next".

 * B has finished.  It has been fully merged up to "master" and "next",
   and is ready to be deleted.

 * C has not merged to "next" at all.

We would want to allow C to be rebased, refuse A, and encourage
B to be deleted.

To compute (1):

	git rev-list ^master ^topic next
	git rev-list ^master        next

	if these match, topic has not merged in next at all.

To compute (2):

	git rev-list master..topic

	if this is empty, it is fully merged to "master".

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/prepare-commit-msg.sample version [2b6275eda3].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh
#
# An example hook script to prepare the commit log message.
# Called by "git commit" with the name of the file that has the
# commit message, followed by the description of the commit
# message's source.  The hook's purpose is to edit the commit
# message file.  If the hook fails with a non-zero status,
# the commit is aborted.
#
# To enable this hook, rename this file to "prepare-commit-msg".

# This hook includes three examples.  The first comments out the
# "Conflicts:" part of a merge commit.
#
# The second includes the output of "git diff --name-status -r"
# into the message, just before the "git status" output.  It is
# commented because it doesn't cope with --amend or with squashed
# commits.
#
# The third example adds a Signed-off-by line to the message, that can
# still be edited.  This is rarely a good idea.

case "$2,$3" in
  merge,)
    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;

# ,|template,)
#   /usr/bin/perl -i.bak -pe '
#      print "\n" . `git diff --cached --name-status -r`
#	 if /^#/ && $first++ == 0' "$1" ;;

  *) ;;
esac

# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/hooks/update.sample version [39355a0759].

































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/bin/sh
#
# An example hook script to blocks unannotated tags from entering.
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
#
# To enable this hook, rename this file to "update".
#
# Config
# ------
# hooks.allowunannotated
#   This boolean sets whether unannotated tags will be allowed into the
#   repository.  By default they won't be.
# hooks.allowdeletetag
#   This boolean sets whether deleting tags will be allowed in the
#   repository.  By default they won't be.
# hooks.allowmodifytag
#   This boolean sets whether a tag may be modified after creation. By default
#   it won't be.
# hooks.allowdeletebranch
#   This boolean sets whether deleting branches will be allowed in the
#   repository.  By default they won't be.
# hooks.denycreatebranch
#   This boolean sets whether remotely creating branches will be denied
#   in the repository.  By default this is allowed.
#

# --- Command line
refname="$1"
oldrev="$2"
newrev="$3"

# --- Safety check
if [ -z "$GIT_DIR" ]; then
	echo "Don't run this script from the command line." >&2
	echo " (if you want, you could supply GIT_DIR then run" >&2
	echo "  $0 <ref> <oldrev> <newrev>)" >&2
	exit 1
fi

if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
	exit 1
fi

# --- Config
allowunannotated=$(git config --bool hooks.allowunannotated)
allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
denycreatebranch=$(git config --bool hooks.denycreatebranch)
allowdeletetag=$(git config --bool hooks.allowdeletetag)
allowmodifytag=$(git config --bool hooks.allowmodifytag)

# check for no description
projectdesc=$(sed -e '1q' "$GIT_DIR/description")
case "$projectdesc" in
"Unnamed repository"* | "")
	echo "*** Project description file hasn't been set" >&2
	exit 1
	;;
esac

# --- Check types
# if $newrev is 0000...0000, it's a commit to delete a ref.
zero="0000000000000000000000000000000000000000"
if [ "$newrev" = "$zero" ]; then
	newrev_type=delete
else
	newrev_type=$(git cat-file -t $newrev)
fi

case "$refname","$newrev_type" in
	refs/tags/*,commit)
		# un-annotated tag
		short_refname=${refname##refs/tags/}
		if [ "$allowunannotated" != "true" ]; then
			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
			exit 1
		fi
		;;
	refs/tags/*,delete)
		# delete tag
		if [ "$allowdeletetag" != "true" ]; then
			echo "*** Deleting a tag is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/tags/*,tag)
		# annotated tag
		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
		then
			echo "*** Tag '$refname' already exists." >&2
			echo "*** Modifying a tag is not allowed in this repository." >&2
			exit 1
		fi
		;;
	refs/heads/*,commit)
		# branch
		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
			echo "*** Creating a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/heads/*,delete)
		# delete branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/remotes/*,commit)
		# tracking branch
		;;
	refs/remotes/*,delete)
		# delete tracking branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	*)
		# Anything else (is there anything else?)
		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
		exit 1
		;;
esac

# --- Finished
exit 0

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/index version [c7e639f7b9].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/info/exclude version [c879df015d].













>
>
>
>
>
>
1
2
3
4
5
6
# git ls-files --others --exclude-from=.git/info/exclude
# Lines that start with '#' are comments.
# For a project mostly in C, the following would be a good set of
# exclude patterns (uncomment them if you want to use them):
# *.[oa]
# *~

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/logs/HEAD version [af6582f65a].



>
1
0000000000000000000000000000000000000000 8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7 Martin Vahi <martin.vahi@softf1.com> 1483805544 +0200	clone: from https://github.com/debops-contrib/ansible-firejail.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/logs/refs/heads/master version [af6582f65a].



>
1
0000000000000000000000000000000000000000 8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7 Martin Vahi <martin.vahi@softf1.com> 1483805544 +0200	clone: from https://github.com/debops-contrib/ansible-firejail.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/logs/refs/remotes/origin/HEAD version [af6582f65a].



>
1
0000000000000000000000000000000000000000 8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7 Martin Vahi <martin.vahi@softf1.com> 1483805544 +0200	clone: from https://github.com/debops-contrib/ansible-firejail.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/04/e05ca0ffb9f0f821205b5996bc8edae4983928 version [967ad9359f].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/07/d1d4915bd67fb4be83ae9d96b6aeed0e42d06d version [f720c5b20e].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/07/e69919fb1ebcb4a70152737c0f6f3a4cf0959d version [9d2aa7b347].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/08/4670277a9e68449236ce01e0c6f72a0790eb34 version [4bd009fccf].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/09/639512b678cb14811e037614382943205f50bc version [930338f973].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/0c/fc1549f48d33861e954935c90a6926cd06c135 version [5d904ac0fd].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/11/45d190f6f3a2a444bdaa4ca73173920ece3f2f version [90fdfe507a].





>
>
1
2
xP10+qp8:td	>%hDB!>
fƴlܭRYʎ4) =JWbw /+[6N8 pO2ڊ'O|3TqR@YɍVuF>Mn;˹(0\Py/s:cDJ`d^%K^ŎX󱤿es+)Q^v

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/12/053896321918a86fa7450717fa24aba476dbd6 version [91ac69cccc].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/13/d4d1d14ef412983d747de57dfbfa0bcb51a5b4 version [8bee7c8ec0].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/27/806673cc8f34f9c06314703a2083fc13cdc8fa version [b3a9f151c3].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/29/fd1844dbeb70ebd61744dd52ba939b092ce68e version [d6eaadc54d].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/33/3daf953508ca9e27d9fb37532819467c9632d1 version [bdbe02ab0e].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/37/1a099400af2b7c40f32f64aafcbf8625ec9992 version [923ae6e2e7].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/37/36935719586aa6c0ec30b84409b67c6187af93 version [bbddeddee7].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/3a/21b54e9667ef47acd5f68ad35de9a4f184c84e version [305aa3cd47].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/3a/24421a8565f3ce289a3b14f46f0982d9e08e83 version [279fe1a863].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/3a/501e6147bd2d0b4142aa430cc0e04299a6c721 version [d8eb34da70].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/3f/0ac85d74bd94f38b5e7269828e0e752c33d4c6 version [c1a1365062].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/41/c6982b5aa6ce8000ab0a02a75e72dda0f4d9e6 version [470af60de3].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/46/5a1525a9d3e0e27d673a1f684d822cb6d10b84 version [4a151e639e].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/48/fdb354c49a4c80f147526511d94234cb49ed1b version [7eb3440c34].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/4c/e195debb451c19318629927ccea9710f18bdc0 version [30ae18a984].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/51/a8e3b112b0b704f486b5c35e1b293da990102f version [8081667f2e].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/54/3367e9de6b36f4f633eeeebb7a3f74237f2e2e version [2c03bd98c2].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/55/fb229f9bef66ab2d7e5d0736667f98b2e07d86 version [b0b03b4597].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/56/eb1faffbde62c72789ad03eb3450130f036428 version [5a1bceac76].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/5d/39b660eedfd262b9651d0ef389be3031518574 version [013a621698].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/62/03b90909b1d5f91b883ab82f95fce2b324ffac version [32f63f50e9].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/64/d1770212d26610359d0bafe5909b12336b7a28 version [24fbaa712c].





>
>
1
2
x}OK@=S,Ѓ^rED$$nf#M?to޼TTjye Z&ʲ4=qk,S6K|hCoHo"Vgk׎l 0DᖺP=hM5G!^n=JXݯS[VChP\1 !	XK\	;RC,
 Bb E"Xz]ECgM'd}zxK-Bx.͕::Jxya2'.	Ora@|/ZpqX@

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/6b/665a6350d0d30b4104dc25b45c811dfbc7d70b version [9cdeb46bca].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/73/ca1fe3b08cabc14c8b76fb2b27743a3ab3b963 version [e41d23f3b2].



>
1
xKOR03aSK)MIӁ9zE%\礂^c

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/83/91d4d7c881d6f7afeb25244bb2e9e69e15cfc7 version [d35f3106a2].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/8b/831a320c8217f8125835294874c85a9bc9b449 version [f65e0ec15b].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/90/02ba9dad38587b1a446c5eec7127a207706941 version [578dff5e4f].



>
1
x}A0{֯xN-tK&4	ÒlcG$K)bg4ޛW—Oo7*i?RAAa[aq-13vtjJiuI5mᔧ&.jm=:^pS!Nyګ'8>[LD.޴$a4jQ>OQ8LQAG~=irfzUcjҞp$8ƢA5o."Hq2p?oXfd'v'mtcqg WH9`{8샓:HOfˬ܁Xdj^XsؤyͶ4fo< KGCY䎝7wG5#IΒ8g7zhd-	xFztJz8w㧉x

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/94/a9ed024d3859793618152ea559a168bbcbb5e2 version [1c2d080a86].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/9b/6893ae98dd9dd11605f07d3879535bbc8db840 version [7601198f75].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/9d/590440d0a135bfaa9efd9fd61bbee834e79510 version [39fb2dd9de].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/9f/e79b550936b4ee5180832214b1970f3f4f3886 version [864011315c].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/a3/05d74c4543578bc532af5453ef85ea98bbdfd3 version [4961ab86ae].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/ad/cb0194fd0f72549aa251ed38de779055b9fd7b version [4d985f62f7].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/bd/dd5921f240f9ed90d2d5fdf8ab21b78b5fe661 version [63ac1def57].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/c8/3a3912603c4fac9e1e9ee49de80877fb1becea version [ea5ba73b3b].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/ca/df2b27f67e4d3c943b4cf10258fd9eac32e790 version [1bcab7b745].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/d0/92257958ff447d0b14499af3359d395ea03e59 version [ad6c851ea6].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/d2/3bb31be008b5da07348a0eeb230e974178a2d8 version [effd5b6c73].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/d9/e113ec685b92b018297dd2f200341d1fba01f9 version [13d8e1df58].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/dd/7c9922154fed9431266adfcf0480b16ef7c208 version [903dc319dc].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/de/7362d1ad0cfb7301d1d5539f3c0d9a17e89712 version [508e137ece].

















>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
xVmo6g+u0JM
tm˖V4(fJ:L(RS;-#VEM{;VTpNN`hud}.ʲ0-e'Zt	wPuxxiFH؏8V::SwA@5vL\6҃߻4j*xΣh`+v1 KE١%p3cTҊCkWHSd1\JAV
T`v+?m38?e/#ɿfs<wAzfRhZ,aSBx~;Vmtci9ZjF,;A{).
%gXT|1aǟ?zYSr
`9Wן_AoMkEGd zXlB.1Jwf`'nYV+k/uwݡ7#AՀ{%k_^[nm{ϫ~S0D1i J2wO~ĚlEj$cDA&tN"D}baˏK8鍕
XP!FRfErD|wB;`T|D!SRƐ멓k/)z .Pgf1;+ۙ		1*~'J6Oq>Ev5@O8`r1h:%1EdFj &}M%s3&Hw j<($qޝguKb߃ z}EtUx&erFWcJ*)HzѰO+JA:REtl Qo%r&xUI6t4Ꜹt4blO\&NΨ(fsޥɲLV$y4^f3NHDNFH=l_1'9ubHxI]@(E+5J<r$3Ća>?|2ueEiNsĂ`ITND/0Mp娃x^Г
q\҈#HiV1#mKJSC8>w]o5Ҡ<,%mjnDwNd7>ZqC/<B.X!%+o./g0FLJ.Tf]I1+ۏث*$ E8^:R=_yzz:,'{a.[~.e8b1=a.
ǯUd~=S&5U(rHdC=8L#legʄ=>m"ǿrWXJz=

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/e0/0838c97712acc102efed8ee191aeacd7affb07 version [aa4e6852c5].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/e4/613e894f619f23ede3c52b7e7c3b52490c1706 version [9399ec6cbf].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 version [c2baae88d6].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/ee/2fe2f9257521148d94a56331ebabcc7ac755a6 version [be93eb9848].



>
1
xMA @Q=(P @c6Mjy>0FMPZ&$CއїL8ᱰgHcL33a' #6rR!ibTaPW˳I6Lk[YB

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/ee/7e9d82aaf8cde03d56dcdda53f30590a2f8b2a version [49069b6e23].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/f7/9817c4a9f4795b4cb1d79de9f4e3f84cc8a53a version [5612192edd].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/objects/fa/052870c9008a4541eca35e2b811f2795eeb919 version [2c9a2b0cbf].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/packed-refs version [3bf8149286].





>
>
1
2
# pack-refs with: peeled fully-peeled 
8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7 refs/remotes/origin/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/refs/heads/master version [ca0db9847d].



>
1
8391d4d7c881d6f7afeb25244bb2e9e69e15cfc7

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.git/refs/remotes/origin/HEAD version [d9427cda09].



>
1
ref: refs/remotes/origin/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.gitignore version [623892c747].























>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
## For quick testing.
## Generated by https://github.com/ypid/ypid-ansible-common/blob/master/bin/sphinx-debops-role-build
docs/Makefile
docs/_build/
docs/conf.py
docs/defaults.rst
docs/includes/global.rst
docs/_templates/page.html
docs/_templates/.gitkeep
docs/_static/custom.css
docs/_static/.gitkeep

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/.travis.yml version [75e03931de].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
---

sudo: True
dist: 'trusty'
language: 'python'
python: '2.7'

virtualenv:
  system_site_packages: true

before_install: True
install: True

script:
  - 'git clone --depth 1 https://github.com/nickjj/rolespec'
  - 'cd rolespec ; bin/rolespec -r https://github.com/debops/test-suite'

notifications:
  webhooks:
    - 'https://galaxy.ansible.com/api/v1/notifications/'

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/CHANGES.rst version [e41ff46619].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Changelog
=========

.. include:: includes/all.rst

**debops-contrib.firejail**

This project adheres to `Semantic Versioning <http://semver.org/spec/v2.0.0.html>`__
and `human-readable changelog <http://keepachangelog.com/en/0.3.0/>`__.

The current role maintainer_ is ypid_.


debops-contrib.firejail v0.1.0 - unreleased
-------------------------------------------

Added
~~~~~

- Initial coding and design. [ypid_]

Changed
~~~~~~~

- Optimized performance by only checking if programs are installed when this
  actually matters (when :ref:`item.system_wide_sandboxed <firejail__ref_system_wide_sandboxed>`
  is ``if_installed``). [ypid_]

Fixed
~~~~~

- The role did not handle ``firejail__global_profiles_system_wide_sandboxed``
  set to ``absent`` correctly and instead (was handled as it was set to
  ``present``). [ypid_]

- Note in the documentation that this role requires Jinja 2.8 or later. [ypid_]

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/COPYRIGHT version [3a07c48113].





































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
debops-contrib.firejail - Setup and configure Firejail

Copyright (C) 2016 Robin Schneider <ypid@riseup.net>
Copyright (C) 2016 DebOps https://debops.org/

This Ansible role is part of DebOps.

DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.

DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/LICENSE version [8624bcdae5].





































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

  The GNU General Public License is a free, copyleft license for
software and other kinds of works.

  The licenses for most software and other practical works are designed
to take away your freedom to share and change the works.  By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.  We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors.  You can apply it to
your programs, too.

  When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.

  To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights.  Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.

  For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received.  You must make sure that they, too, receive
or can get the source code.  And you must show them these terms so they
know their rights.

  Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.

  For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software.  For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.

  Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so.  This is fundamentally incompatible with the aim of
protecting users' freedom to change the software.  The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable.  Therefore, we
have designed this version of the GPL to prohibit the practice for those
products.  If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.

  Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary.  To prevent this, the GPL assures that
patents cannot be used to render the program non-free.

  The precise terms and conditions for copying, distribution and
modification follow.

                       TERMS AND CONDITIONS

  0. Definitions.

  "This License" refers to version 3 of the GNU General Public License.

  "Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.

  "The Program" refers to any copyrightable work licensed under this
License.  Each licensee is addressed as "you".  "Licensees" and
"recipients" may be individuals or organizations.

  To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy.  The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.

  A "covered work" means either the unmodified Program or a work based
on the Program.

  To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy.  Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.

  To "convey" a work means any kind of propagation that enables other
parties to make or receive copies.  Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.

  An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License.  If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.

  1. Source Code.

  The "source code" for a work means the preferred form of the work
for making modifications to it.  "Object code" means any non-source
form of a work.

  A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.

  The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form.  A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.

  The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities.  However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work.  For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.

  The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.

  The Corresponding Source for a work in source code form is that
same work.

  2. Basic Permissions.

  All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met.  This License explicitly affirms your unlimited
permission to run the unmodified Program.  The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work.  This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.

  You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force.  You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright.  Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.

  Conveying under any other circumstances is permitted solely under
the conditions stated below.  Sublicensing is not allowed; section 10
makes it unnecessary.

  3. Protecting Users' Legal Rights From Anti-Circumvention Law.

  No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.

  When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.

  4. Conveying Verbatim Copies.

  You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.

  You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.

  5. Conveying Modified Source Versions.

  You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:

    a) The work must carry prominent notices stating that you modified
    it, and giving a relevant date.

    b) The work must carry prominent notices stating that it is
    released under this License and any conditions added under section
    7.  This requirement modifies the requirement in section 4 to
    "keep intact all notices".

    c) You must license the entire work, as a whole, under this
    License to anyone who comes into possession of a copy.  This
    License will therefore apply, along with any applicable section 7
    additional terms, to the whole of the work, and all its parts,
    regardless of how they are packaged.  This License gives no
    permission to license the work in any other way, but it does not
    invalidate such permission if you have separately received it.

    d) If the work has interactive user interfaces, each must display
    Appropriate Legal Notices; however, if the Program has interactive
    interfaces that do not display Appropriate Legal Notices, your
    work need not make them do so.

  A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit.  Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.

  6. Conveying Non-Source Forms.

  You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:

    a) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by the
    Corresponding Source fixed on a durable physical medium
    customarily used for software interchange.

    b) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by a
    written offer, valid for at least three years and valid for as
    long as you offer spare parts or customer support for that product
    model, to give anyone who possesses the object code either (1) a
    copy of the Corresponding Source for all the software in the
    product that is covered by this License, on a durable physical
    medium customarily used for software interchange, for a price no
    more than your reasonable cost of physically performing this
    conveying of source, or (2) access to copy the
    Corresponding Source from a network server at no charge.

    c) Convey individual copies of the object code with a copy of the
    written offer to provide the Corresponding Source.  This
    alternative is allowed only occasionally and noncommercially, and
    only if you received the object code with such an offer, in accord
    with subsection 6b.

    d) Convey the object code by offering access from a designated
    place (gratis or for a charge), and offer equivalent access to the
    Corresponding Source in the same way through the same place at no
    further charge.  You need not require recipients to copy the
    Corresponding Source along with the object code.  If the place to
    copy the object code is a network server, the Corresponding Source
    may be on a different server (operated by you or a third party)
    that supports equivalent copying facilities, provided you maintain
    clear directions next to the object code saying where to find the
    Corresponding Source.  Regardless of what server hosts the
    Corresponding Source, you remain obligated to ensure that it is
    available for as long as needed to satisfy these requirements.

    e) Convey the object code using peer-to-peer transmission, provided
    you inform other peers where the object code and Corresponding
    Source of the work are being offered to the general public at no
    charge under subsection 6d.

  A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.

  A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling.  In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage.  For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product.  A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.

  "Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source.  The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.

  If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information.  But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).

  The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed.  Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.

  Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.

  7. Additional Terms.

  "Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law.  If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.

  When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it.  (Additional permissions may be written to require their own
removal in certain cases when you modify the work.)  You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.

  Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:

    a) Disclaiming warranty or limiting liability differently from the
    terms of sections 15 and 16 of this License; or

    b) Requiring preservation of specified reasonable legal notices or
    author attributions in that material or in the Appropriate Legal
    Notices displayed by works containing it; or

    c) Prohibiting misrepresentation of the origin of that material, or
    requiring that modified versions of such material be marked in
    reasonable ways as different from the original version; or

    d) Limiting the use for publicity purposes of names of licensors or
    authors of the material; or

    e) Declining to grant rights under trademark law for use of some
    trade names, trademarks, or service marks; or

    f) Requiring indemnification of licensors and authors of that
    material by anyone who conveys the material (or modified versions of
    it) with contractual assumptions of liability to the recipient, for
    any liability that these contractual assumptions directly impose on
    those licensors and authors.

  All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10.  If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term.  If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.

  If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.

  Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.

  8. Termination.

  You may not propagate or modify a covered work except as expressly
provided under this License.  Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).

  However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.

  Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.

  Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License.  If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.

  9. Acceptance Not Required for Having Copies.

  You are not required to accept this License in order to receive or
run a copy of the Program.  Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance.  However,
nothing other than this License grants you permission to propagate or
modify any covered work.  These actions infringe copyright if you do
not accept this License.  Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.

  10. Automatic Licensing of Downstream Recipients.

  Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License.  You are not responsible
for enforcing compliance by third parties with this License.

  An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations.  If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.

  You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License.  For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.

  11. Patents.

  A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based.  The
work thus licensed is called the contributor's "contributor version".

  A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version.  For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.

  Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.

  In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement).  To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.

  If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients.  "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.

  If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.

  A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License.  You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.

  Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.

  12. No Surrender of Others' Freedom.

  If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License.  If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all.  For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.

  13. Use with the GNU Affero General Public License.

  Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work.  The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time.  Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

  Each version is given a distinguishing version number.  If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation.  If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.

  Later license versions may give you additional or different
permissions.  However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.

  15. Disclaimer of Warranty.

  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

  16. Limitation of Liability.

  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.

  17. Interpretation of Sections 15 and 16.

  If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.

                     END OF TERMS AND CONDITIONS

            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

  To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

Also add information on how to contact you by electronic and paper mail.

  If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:

    <program>  Copyright (C) <year>  <name of author>
    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License.  Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".

  You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.

  The GNU General Public License does not permit incorporating your program
into proprietary programs.  If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library.  If this is what you want to do, use the GNU Lesser General
Public License instead of this License.  But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/README.md version [b84cf8459e].



































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
## [![DebOps](https://debops.org/images/debops-small.png)](https://debops.org) firejail

<!-- This file was generated by Ansigenome. Do not edit this file directly but
     instead have a look at the files in the ./meta/ directory. -->

[![Travis CI](https://img.shields.io/travis/debops-contrib/ansible-firejail.svg?style=flat)](https://travis-ci.org/debops-contrib/ansible-firejail)
[![test-suite](https://img.shields.io/badge/test--suite-ansible--firejail-blue.svg?style=flat)](https://github.com/debops/test-suite/tree/master/ansible-firejail/)
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-debops--contrib.firejail-660198.svg?style=flat)](https://galaxy.ansible.com/debops-contrib/firejail)


Firejail is a SUID program that reduces the risk of security breaches by
restricting the running environment of untrusted applications using Linux
namespaces and seccomp-bpf.

This Ansible role allows you to setup and configure Firejail.

### Features

* Install Firejail from jessie-backports or other configured APT
  repositories. [debops.apt] can be used to enable Backports if needed.
* Sandbox programs system wide by placing a symlink to `firejail` into the
  ``PATH`` so that `firejail` can wrap program invocations and sandbox the
  invoked program using security profiles that Firejail ships or that the system
  administrator defines.

[debops.apt]: https://github.com/debops/ansible-apt

### Installation

This role requires at least Ansible `v2.1.3`. To install it, run:

```Shell
ansible-galaxy install debops-contrib.firejail
```

### Documentation

<!-- FIXME: Change to the canonical URL when it has been setup. https://github.com/debops/docs/issues/111 -->
More information about `debops-contrib.firejail` can be found in the
[official debops-contrib.firejail documentation](https://debops-contrib.readthedocs.io/en/latest/ansible/roles/ansible-firejail/docs/).



### Are you using this as a standalone role without DebOps?

You may need to include missing roles from the [DebOps common
playbook](https://github.com/debops/debops-playbooks/blob/master/playbooks/common.yml)
into your playbook.

[Try DebOps now](https://debops.org/) for a complete solution to run your Debian-based infrastructure.





### Authors and license

- [Robin Schneider](https://docs.debops.org/en/latest/debops-keyring/docs/entities.html#debops-keyring-entity-ypid) (maintainer) | [e-mail](mailto:ypid@riseup.net) | [GitHub](https://github.com/ypid)

License: [GPL-3.0](https://tldrlegal.com/license/gnu-general-public-license-v3-%28gpl-3%29)

***

This role is part of [DebOps Contrib](https://github.com/debops-contrib/debops-contrib). README generated by [ansigenome](https://github.com/nickjj/ansigenome/).
<!-- Ansigenome sources: https://github.com/ypid/ypid-ansible-common/tree/master/template_READMEs/debops-contrib -->

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/defaults/main.yml version [c4672f7feb].

























































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker

# debops-contrib.firejail default variables [[[
# =============================================

# .. contents:: Sections
#    :local:
#
# .. include:: includes/all.rst


# Packages and installation [[[
# -----------------------------

# .. envvar:: firejail__base_packages [[[
#
# List of base packages to install.
firejail__base_packages:
  - 'firejail'

                                                                   # ]]]
# .. envvar:: firejail__packages [[[
#
# List of optional global packages.
# This variable is intended to be used in Ansible’s global inventory.
firejail__packages: []

                                                                   # ]]]
# .. envvar:: firejail__group_packages [[[
#
# List of optional group packages.
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
firejail__group_packages: []

                                                                   # ]]]
# .. envvar:: firejail__host_packages [[[
#
# List of optional host packages.
# This variable is intended to be used in the inventory of hosts.
firejail__host_packages: []

                                                                   # ]]]
# .. envvar:: firejail__deploy_state [[[
#
# What is the desired state which this role should achieve? Possible options:
#
# ``present``
#   Default. Ensure that Firejail is installed and configured as requested.
#
# ``absent``
#   Ensure that Firejail is uninstalled and it's configuration is removed.
#
firejail__deploy_state: 'present'
                                                                   # ]]]
                                                                   # ]]]
# System paths [[[
# ----------------

# .. envvar:: firejail__config_path [[[
#
# Directory where the system wide Firejail configuration and profiles are
# stored.
firejail__config_path: '/etc/firejail'

                                                                   # ]]]
# .. envvar:: firejail__program_file_path [[[
#
# File path of the :command:`firejail` binary.
# When set to ``auto``, the role tries to figure out the file path via the
# :command:`which` command.
# Note that :command:`which` is executed in the context of the root user who
# might have a different ``PATH`` variable then normal users.
#
# To use :command:`firejail` from another location, set:
#
# .. code-block:: yaml
#   :linenos:
#
#    firejail__program_file_path: '/usr/local/bin/firejail'
#
# in your Ansible inventory.
firejail__program_file_path: 'auto'

                                                                   # ]]]
# .. envvar:: firejail__system_local_bin_path [[[
#
# Directory in which to create the symlinks when enabling a profile system
# wide.
# This directory path must be included in the ``PATH`` variable before the
# directory which contains the real program so that the symlink pointing to
# :command:`firejail` is used when users try to execute the program.
firejail__system_local_bin_path: '{{ ansible_local.root.bin
                                     if (ansible_local|d() and ansible_local.root|d() and
                                         ansible_local.root.root|d())
                                     else "/usr/local/bin" }}'
                                                                   # ]]]
                                                                   # ]]]
# Program sandboxes [[[
# ---------------------

# Program sandboxes can be defined using dictionary variables on different
# inventory levels which are combined together.
#
# For more details refer to :ref:`firejail__ref_program_sandboxes`
# in the :ref:`firejail__ref_default_variable_details` section.

# .. envvar:: firejail__program_sandboxes [[[
#
# This variable is intended to be used in Ansible’s global inventory.
firejail__program_sandboxes: {}

                                                                   # ]]]
# .. envvar:: firejail__group_program_sandboxes [[[
#
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
firejail__group_program_sandboxes: {}

                                                                   # ]]]
# .. envvar:: firejail__host_program_sandboxes [[[
#
# This variable is intended to be used in the inventory of hosts.
firejail__host_program_sandboxes: {}

                                                                   # ]]]
# .. envvar:: firejail__role_program_sandboxes [[[
#
# Program sandbox definitions used/set internally by this role.
firejail__role_program_sandboxes:
  default:
    # The "default" profile is not intended to correspond to a program called
    # "default". Ensure that even if such a program exists, it will not be
    # sandboxed system wide without the role maintainers approving it first.
    system_wide_sandboxed: 'absent'
  ssh:
    # Might conflict with other programs using it. For example, Ansible and
    # BorgBackup did not work with this enabled system wide.
    system_wide_sandboxed: 'absent'

                                                                   # ]]]
# .. envvar:: firejail__combined_program_sandboxes [[[
#
# Combined dictionary of program sandboxes as it is used by the role.
# This defines the order in which dictionary keys might "mask" previous once.
firejail__combined_program_sandboxes: '{{
  firejail__role_program_sandboxes
  | combine(firejail__program_sandboxes)
  | combine(firejail__group_program_sandboxes)
  | combine(firejail__host_program_sandboxes) }}'

                                                                   # ]]]
# .. envvar:: firejail__global_profiles_system_wide_sandboxed [[[
#
# Sandbox all programs for which Firejail ships profiles or which have
# otherwise been configured below :envvar:`firejail__config_path` system wide
# using the method described in
# :ref:`item.system_wide_sandboxed <firejail__ref_system_wide_sandboxed>`.
# This variable only applies when the program was not configured using
# :ref:`firejail__ref_program_sandboxes`. For that case refer to
# ``firejail__program_sandboxes_system_wide_sandboxed``.
firejail__global_profiles_system_wide_sandboxed: 'if_installed'

                                                                   # ]]]
# .. envvar:: firejail__program_sandboxes_system_wide_sandboxed [[[
#
# Default value for :ref:`item.system_wide_sandboxed <firejail__ref_system_wide_sandboxed>`.
firejail__program_sandboxes_system_wide_sandboxed: 'if_installed'
                                                                   # ]]]
                                                                   # ]]]
                                                                   # ]]]

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/ansible-integration.rst version [28b9ac6aa2].































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Ansible integration and role design
===================================

.. include:: includes/all.rst

Design goals
------------

* :command:`firecfg` is not being used to enabling/disabling
  :ref:`system wide sandboxes <firejail__ref_system_wide_sandboxed>`.
  This is done by the role itself to have more control over the process.

  Note that running :command:`firecfg` without arguments will have a similar
  affect than when using this role with
  :envvar:`firejail__global_profiles_system_wide_sandboxed` set to
  `if_installed <firejail__ref_system_wide_sandboxed_if_installed>`_ but
  without all the other logic of this role.
  So :command:`firecfg` might change settings done by the role. You can rerun
  the role to ensure that the state defined by Ansible is present on the
  system.

Alternative roles
-----------------

As of 2016-10-31 ypid_ was aware of two alternative Ansible roles for Firejail:

* `gbraad.firejail <https://galaxy.ansible.com/gbraad/firejail/>`_, targets Fedora, has a major security issue: `Installation can be trivially MITMed leading to the system being comprised <https://github.com/gbraad/ansible-role-firejail/issues/2>`_. Only deals with installing the Firejail suite itself.
* `Firejail role <https://bitbucket.org/aaaaaaaaaaaaaaaaaaaaa1/ansible-firejail>`_ by `aaaaaaaaaaaaaaaaaaaaa1 <https://bitbucket.org/aaaaaaaaaaaaaaaaaaaaa1/>`_, targets system which use APT_. Only deals with building and installing Firejail itself.

None of the existing roles where found to be a suitable start for this role so
it has been designed and written from scratch.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/changelog.rst version [afda90e84c].



>
1
.. include:: ../CHANGES.rst

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/copyright.rst version [938ffd3332].









>
>
>
>
1
2
3
4
Copyright
=========

.. literalinclude:: ../COPYRIGHT

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/defaults-detailed.rst version [4e72f1ff98].



















































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
.. _firejail__ref_default_variable_details:

Default variable details
========================

.. include:: includes/all.rst

Some of ``debops-contrib.firejail`` default variables have more extensive
configuration than simple strings or lists, here you can find documentation and
examples for them.

.. contents::
   :local:
   :depth: 1

.. _firejail__ref_program_sandboxes:

program_sandboxes
-----------------

The :envvar:`firejail__program_sandboxes` and similar dictionaries allow you to
configure program sandboxes using Firejail profiles (:manpage:`firejail-profile(5)`).
The dictionary key is the program name, the value is a dictionary with the
following supported keys:

.. _firejail__ref_system_wide_sandboxed:

``system_wide_sandboxed``
  Optional, string.
  Should the program be sandboxed with :command:`firejail` for all users of the
  system by creating a symlink under :jinja_code:`/usr/local/bin/{{ item.key }}`
  with the :command:`firejail` program binary file path as target.
  The directory path where the symlink is being created/removed
  (:file:`/usr/local/bin/`) can be changed via :envvar:`firejail__system_local_bin_path`.
  This option relies on the feature of :command:`firejail` to be called via a
  different file path which causes :command:`firejail` to act as a wrapper
  around the real program.

  These options are supported:

  ``present``
    The sandbox should be present system wide.

  .. _firejail__ref_system_wide_sandboxed_if_installed:

  ``if_installed``
    The sandbox should be present system wide but only if the program is
    installed (is found in ``PATH``) on role run.
    This can be used to not make it look like the program is installed (by
    creating a symlink with the name in the ``PATH``) and to avoid the case where
    a user tries to run the program and :command:`firejail` complaining with
    "Error: cannot find the program in the path".
    If the program is not found, then the system wide sandbox will be made
    ``absent``.

  ``absent``
    The sandbox should be absent system wide.

  Defaults to :envvar:`firejail__global_profiles_system_wide_sandboxed`.
  Refer to :manpage:`firejail(1)` under "Desktop Integration" or `Firejail
  0.9.38 Release Announcement`_ under "Symlink invocation".

``profile``
  Optional, dictionary.
  Use a provided profile by copying it from the Ansible controller into the
  :envvar:`firejail__config_path` directory of the remote system using the
  `Ansible copy module`_.
  ``profile`` is basically just passed to the module. Refer to it’s
  documentation for details with the exception that the ``state`` parameter is
  handled properly. ``state`` defaults to ``present`` but can be set to
  ``absent`` which will cause the profile on the remote systems to become absent.
  Refer to :ref:`firejail__ref_program_sandboxes_providing_additional_profiles`
  for how this can be used.


Examples for sandboxing additional programs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sandbox the given programs on all hosts even if Firejail does not yet ship with
a profile for them:

.. code-block:: yaml

   firejail__program_sandboxes:
     jq: {}
     my_cool_program:
       system_wide_sandboxed: 'present'

The symlink for :program:`jq` will only be created if :program:`jq` is installed.
The symlink for :program:`my_cool_program` will be created regardless whether
it has been found in the ``PATH``.


Example to exclude a program from being sandboxed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Depending on the value of :envvar:`firejail__global_profiles_system_wide_sandboxed`,
the role might sandbox all programs which are installed and for which security
profiles are defined. Check out the following example in case you want to
exclude programs from being sandboxed system wide:

.. code-block:: yaml

   firejail__program_sandboxes:
     less:
       # Less can’t possibly have an issue with parsing untrusted input (TM).
       # I know what I am doing! Don’t sandbox it!
       system_wide_sandboxed: 'absent'


.. _firejail__ref_program_sandboxes_providing_additional_profiles:

Examples for providing additional profiles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copy Firejail security profiles from the Ansible controller to all remote
systems:

.. code-block:: yaml

   firejail__program_sandboxes:
     smplayer:
       profile:
         src: '/home/user/.config/firejail/smplayer.profile'

         ## `content` can be used alternatively to `src` to provide the profile inlined
         ## (supports Jinja templating as usual):
         # content: |
         #   # {{ ansible_managed }}
         #   # smplyer security profile.
         #   noblacklist ${HOME}/.config/smplayer
         #   # And so on.

         ## `state` can be used to make the profile absent:
         # state: 'absent'

This will create :file:`/etc/firejail/smplayer.profile` on all remote systems.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/getting-started.rst version [fda44cb348].















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Getting started
===============

.. include:: includes/all.rst

.. contents::
   :local:


Example inventory
-----------------

To setup and configure Firejail on a given host it should be included in the
``debops_service_firejail`` Ansible inventory group:

.. code:: ini

   [debops_service_firejail]
   hostname

Example playbook
----------------

Here's an example playbook that uses the ``debops-contrib.firejail`` role:

.. literalinclude:: playbooks/firejail.yml
   :language: yaml

This playbooks is shipped with this role under
:file:`./docs/playbooks/firejail.yml` from which you can symlink it to your
playbook directory.
In case you use multiple `DebOps Contrib`_ roles, consider using the
`DebOps Contrib playbooks`_.

Ansible tags
------------

You can use Ansible ``--tags`` or ``--skip-tags`` parameters to limit what
tasks are performed during Ansible run. This can be used after a host was first
configured to speed up playbook execution, when you are sure that most of the
configuration is already in the desired state.

Available role tags:

``role::firejail``
  Main role tag, should be used in the playbook to execute all of the role
  tasks as well as role dependencies.

``role::firejail:pkgs``
  Tasks related to system package management like installing or
  removing packages.

``role::firejail:profile``
  Tasks related to Firejail security profile management like copying or
  removing profile files.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/includes/all.rst version [6bc260b813].





>
>
1
2
.. include:: includes/global.rst
.. include:: includes/role.rst

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/includes/role.rst version [82bcfa98f3].





>
>
1
2
.. _Firejail 0.9.38 Release Announcement: https://l3net.wordpress.com/2016/02/04/firejail-0-9-38-release-announcement/
.. _ypid_firejail-scripts: https://github.com/ypid/firejail-scripts

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/index.rst version [a41dea4ca3].











































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
.. _debops-contrib.firejail:

Ansible role: debops-contrib.firejail
=====================================

.. toctree::
   :maxdepth: 2

   introduction
   getting-started
   defaults
   defaults-detailed
   ansible-integration
   copyright
   changelog

..
 Local Variables:
 mode: rst
 ispell-local-dictionary: "american"
 End:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/introduction.rst version [db6eefdfd5].



















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Introduction
============

.. include:: includes/all.rst

Firejail_ is a SUID program that reduces the risk of security breaches by
restricting the running environment of untrusted applications using Linux
namespaces and seccomp-bpf.

This Ansible role allows you to setup and configure Firejail.

Features
~~~~~~~~

* Install Firejail from jessie-backports_ or other configured APT_
  repositories. debops.apt_ can be used to enable Backports if needed.
* Sandbox programs system wide by placing a symlink to :command:`firejail` into the
  ``PATH`` so that :command:`firejail` can wrap program invocations and sandbox the
  invoked program using security profiles that Firejail ships or that the system
  administrator defines.


Installation
~~~~~~~~~~~~

This role requires at least Ansible ``v2.1.3``. To install it, run::

    ansible-galaxy install debops-contrib.firejail


Note that this role uses features recently introduced in Jinja2, namely
the `equalto` filter which was released with
`Jinja 2.8 <http://jinja.pocoo.org/docs/dev/changelog/#version-2-8>`_ and thus
requires Jinja 2.8.
If you use Debian Jessie, you can install it `from Debian Jessie Backports <https://packages.debian.org/search?keywords=python-jinja2>`_.

..
 Local Variables:
 mode: rst
 ispell-local-dictionary: "american"
 End:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/docs/playbooks/firejail.yml version [e40790b7be].





























>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
---

- name: Setup and configure Firejail
  hosts: [ 'debops_service_firejail' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops-contrib.firejail
      tags: [ 'role::firejail' ]

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/meta/ansigenome.yml version [85a99d7cfb].



































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---

ansigenome_info:
  galaxy_url: 'https://galaxy.ansible.com/debops-contrib/firejail'
  github_url: 'https://github.com/debops-contrib/ansible-firejail'
  git_branch: 'master'

  travis: True

  license_url: 'https://tldrlegal.com/license/gnu-general-public-license-v3-(gpl-3)'

  authors:
    - name:  'Robin Schneider'
      email: 'ypid@riseup.net'
      github: 'ypid'

  synopsis: |
    Firejail is a SUID program that reduces the risk of security breaches by
    restricting the running environment of untrusted applications using Linux
    namespaces and seccomp-bpf.

    This Ansible role allows you to setup and configure Firejail.

    ### Features

    * Install Firejail from jessie-backports or other configured APT
      repositories. [debops.apt] can be used to enable Backports if needed.
    * Sandbox programs system wide by placing a symlink to `firejail` into the
      ``PATH`` so that `firejail` can wrap program invocations and sandbox the
      invoked program using security profiles that Firejail ships or that the system
      administrator defines.

    [debops.apt]: https://github.com/debops/ansible-apt

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/meta/main.yml version [62eb36643f].











































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
---

dependencies: []

galaxy_info:

  company: 'DebOps'
  author: 'Robin Schneider'
  description: 'Setup and configure Firejail'
  license: 'GPL-3.0'
  min_ansible_version: '2.1.3'

  platforms:

    - name: Debian
      versions:
        - jessie

    ## https://launchpad.net/ubuntu/+source/firejail
    - name: Ubuntu
      versions:
        - xenial

        ## Ansible Galaxy does not yet know them ?? :(
        ## The role should work fine with them.
        # - yakkety
        # - zesty

  galaxy_tags:
    - security
    - isolation
    - sandboxing
    - compartmentalization
    - firejail
    - seccomp
    - apparmor
    - X11

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/ansible-firejail/tasks/main.yml version [946f844496].

























































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
---
# vim: foldmarker=[[[,]]]:foldmethod=marker

# Ensure specified packages are present [[[
- name: Ensure specified packages are present
  package:
    name: '{{ item }}'
    state: 'present'
  when: firejail__deploy_state in ["present"]
  with_flattened:
    - '{{ firejail__base_packages }}'
    - '{{ firejail__packages }}'
    - '{{ firejail__group_packages }}'
    - '{{ firejail__host_packages }}'
  tags: [ 'role::firejail:pkgs' ]
# ]]]

# Installation details [[[
- name: Get program file path of firejail
  command: which -a firejail
  register: firejail__register_program_file_path
  always_run: True
  changed_when: False
  failed_when: firejail__register_program_file_path.rc not in [ 0, 1 ]
  when: (firejail__program_file_path == "auto")

- name: Set program file path of firejail for later use in the role
  set_fact:
    firejail__program_file_path: '{{ (firejail__register_program_file_path.stdout_lines + ["/usr/bin/firejail"]) | first }}'
  when: (firejail__program_file_path == "auto")
# ]]]

# Gather list of system wide profiles [[[
- name: Get list of system wide profiles
  find:
    file_type: 'file'
    paths: [ '{{ firejail__config_path }}' ]
    patterns: '*.profile'
    use_regex: False
    hidden: False
    recurse: False
  register: firejail__register_find_system_wide_profiles
  # no_log: True
  ## Disabled because the output is not interesting but very verbose.

- name: Set list of system wide profiles
  set_fact:
    firejail__fact_system_wide_profiles: '{{
      firejail__register_find_system_wide_profiles.files
        | map(attribute="path")
        | map("basename")
        | map("regex_replace", "\.profile$", "") | list }}'
# ]]]

# Gather list of installed programs [[[
- name: Check if programs which should be sandboxed are installed
  command: which -a {{ item | quote }}
  always_run: True
  changed_when: False
  failed_when: firejail__register_cmd_which_programs.rc not in [ 0, 1 ]
  register: firejail__register_cmd_which_programs
  when: (item in (
          firejail__combined_program_sandboxes.keys() + (
            firejail__fact_system_wide_profiles
            if (firejail__global_profiles_system_wide_sandboxed == "if_installed")
            else []
          )
        ))
  with_items: '{{ firejail__combined_program_sandboxes.keys() | union(firejail__fact_system_wide_profiles) }}'

# For optimized performance, firejail__fact_installed_programs only contains
# programs for which the install state actually matters.
- name: Set list of installed programs
  set_fact:
    firejail__fact_installed_programs: '{{
      firejail__register_cmd_which_programs.results
      | selectattr("rc", "defined") | selectattr("rc", "equalto", 0) | map(attribute="stdout_lines") | map("first") | map("basename") | list }}'

# ]]]

# Create/remove symlinks for sandboxed programs [[[
- name: Create/remove symlinks for sandboxed programs
  file:
    path: '{{ firejail__system_local_bin_path + "/" + item }}'
    src: '{{ firejail__program_file_path }}'
    state: '{{ "link"
               if (
                 firejail__deploy_state in ["present"] and (
                   (item in firejail__combined_program_sandboxes and (
                     (firejail__combined_program_sandboxes[item].system_wide_sandboxed|d(firejail__program_sandboxes_system_wide_sandboxed) == "present") or
                     (
                       (firejail__combined_program_sandboxes[item].system_wide_sandboxed|d(firejail__program_sandboxes_system_wide_sandboxed) == "if_installed") and
                       item in firejail__fact_installed_programs
                     )
                   )) or (item not in firejail__combined_program_sandboxes and (
                     (
                       firejail__global_profiles_system_wide_sandboxed == "present"
                     ) or (
                       firejail__global_profiles_system_wide_sandboxed == "if_installed" and
                       item in firejail__fact_installed_programs
                     )
                   ))
                 )
               ) else "absent" }}'
    owner: 'root'
    group: 'root'
    force: '{{ ansible_check_mode|d(omit) }}'
  with_items: '{{ firejail__combined_program_sandboxes.keys() | union(firejail__fact_system_wide_profiles) }}'
# ]]]

# Manage profile [[[
- name: Provide (additional) profiles
  copy:
    dest:           '{{ item.value.profile.dest           | d(firejail__config_path + "/" + item.key + ".profile") }}'
    backup:         '{{ item.value.profile.backup         | d(omit) }}'
    content:        '{{ item.value.profile.content        | d(omit) }}'
    directory_mode: '{{ item.value.profile.directory_mode | d(omit) }}'
    follow:         '{{ item.value.profile.follow         | d(omit) }}'
    force:          '{{ item.value.profile.force          | d(omit) }}'
    owner:          '{{ item.value.profile.owner          | d("root") }}'
    group:          '{{ item.value.profile.group          | d("root") }}'
    mode:           '{{ item.value.profile.mode           | d("0644") }}'
    selevel:        '{{ item.value.profile.selevel        | d(omit) }}'
    serole:         '{{ item.value.profile.serole         | d(omit) }}'
    setype:         '{{ item.value.profile.setype         | d(omit) }}'
    seuser:         '{{ item.value.profile.seuser         | d(omit) }}'
    src:            '{{ item.value.profile.src            | d(omit) }}'
    validate:       '{{ item.value.profile.validate       | d(omit) }}'
  when: (firejail__deploy_state in ["present"] and
         "profile" in item.value and item.value.profile.state|d("present") == "present")
  with_dict: '{{ firejail__combined_program_sandboxes }}'
  tags: [ 'role::firejail:profile' ]

- name: Delete profiles
  file:
    path: '{{ item.value.profile.dest | d(firejail__config_path + "/" + item.key + ".profile") }}'
    state: 'absent'
  when: ("profile" in item.value and
         (item.value.profile.state|d("present") == "absent" or firejail__deploy_state in ["absent"]))
  with_dict: '{{ firejail__combined_program_sandboxes }}'
  tags: [ 'role::firejail:profile' ]
# ]]]

# Clean up program sandboxes [[[

# This will not `find` broken symlinks which is the reason why system package
# removal is performed after the cleanup so that the symlinks are not yet broken
# when the cleanup tasks are run in `absent` `firejail__deploy_state`.
# > /usr/local/bin/$program was skipped as it does not seem to be a valid file or it cannot be accessed
- name: Get list of files in local bin path
  find:
    file_type: 'file'
    paths: [ '{{ firejail__system_local_bin_path }}' ]
    hidden: False
    recurse: False
  register: firejail__register_profile_program_symlinks_find
  no_log: True
  ## Disabled because log is not interesting but very verbose.

# Needed because of a bug: https://github.com/ansible/ansible-modules-core/issues/3027
# `realpath` filter (https://docs.ansible.com/ansible/playbooks_filters.html#other-useful-filters)
# can not be used because filters are executed on the Ansible controller.
- name: Workaround to get the realpath
  stat:
    path: '{{ item.path }}'
  register: firejail__register_profile_program_symlinks_stat
  no_log: True
  ## Disabled because log is not interesting but very verbose.
  with_items: '{{ firejail__register_profile_program_symlinks_find.files }}'

- name: Remove program symlink when profiles is is not defined in any variable
  file:
    path: '{{ item.stat.path }}'
    state: 'absent'
  no_log: True
  ## Disabled because log is not interesting but very verbose.
  when: (item.stat.islnk and (
         (
           item.stat.lnk_source|basename == "firejail" and (
             item.stat.lnk_source != firejail__program_file_path or
             firejail__deploy_state not in ["present"]
           )
         ) or (
           item.stat.lnk_source == firejail__program_file_path and
           (item.stat.path|basename not in (firejail__combined_program_sandboxes.keys() | union(firejail__fact_system_wide_profiles)))
         )
        ))
  with_items: '{{ firejail__register_profile_program_symlinks_stat.results }}'

# ]]]

# Ensure specified packages are absent [[[
- name: Ensure specified packages are absent
  package:
    name: '{{ item }}'
    state: 'absent'
  when: firejail__deploy_state in ["absent"]
  with_flattened:
    - '{{ firejail__base_packages }}'
    - '{{ firejail__packages }}'
    - '{{ firejail__group_packages }}'
    - '{{ firejail__host_packages }}'
  tags: [ 'role::firejail:pkgs' ]
# ]]]

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/FETCH_HEAD version [afb39ca0b9].



>
1
6cd854170f1ed87d1ce381805d79c781ac9ee262		branch 'master' of https://github.com/rahiel/firectl

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/HEAD version [acbaef275e].



>
1
ref: refs/heads/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/ORIG_HEAD version [050d1756e4].



>
1
6cd854170f1ed87d1ce381805d79c781ac9ee262

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/config version [19357a14cf].























>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = https://github.com/rahiel/firectl.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/description version [9635f1b7e1].



>
1
Unnamed repository; edit this file 'description' to name the repository.

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/applypatch-msg.sample version [86b9655a9e].































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#!/bin/sh
#
# An example hook script to check the commit log message taken by
# applypatch from an e-mail message.
#
# The hook should exit with non-zero status after issuing an
# appropriate message if it wants to stop the commit.  The hook is
# allowed to edit the commit message file.
#
# To enable this hook, rename this file to "applypatch-msg".

. git-sh-setup
test -x "$GIT_DIR/hooks/commit-msg" &&
	exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"}
:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/commit-msg.sample version [ee1ed5aad9].

















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/sh
#
# An example hook script to check the commit log message.
# Called by "git commit" with one argument, the name of the file
# that has the commit message.  The hook should exit with non-zero
# status after issuing an appropriate message if it wants to stop the
# commit.  The hook is allowed to edit the commit message file.
#
# To enable this hook, rename this file to "commit-msg".

# Uncomment the below to add a Signed-off-by line to the message.
# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
# hook is more suited to it.
#
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

# This example catches duplicate Signed-off-by lines.

test "" = "$(grep '^Signed-off-by: ' "$1" |
	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
	echo >&2 Duplicate Signed-off-by lines.
	exit 1
}

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/post-update.sample version [b614c2f63d].

















>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
#!/bin/sh
#
# An example hook script to prepare a packed repository for use over
# dumb transports.
#
# To enable this hook, rename this file to "post-update".

exec git update-server-info

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/pre-applypatch.sample version [42fa415649].





























>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/bin/sh
#
# An example hook script to verify what is about to be committed
# by applypatch from an e-mail message.
#
# The hook should exit with non-zero status after issuing an
# appropriate message if it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-applypatch".

. git-sh-setup
test -x "$GIT_DIR/hooks/pre-commit" &&
	exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"}
:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/pre-commit.sample version [36aed8976d].



































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/sh
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments.  The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-commit".

if git rev-parse --verify HEAD >/dev/null 2>&1
then
	against=HEAD
else
	# Initial commit: diff against an empty tree object
	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
fi

# If you want to allow non-ASCII filenames set this variable to true.
allownonascii=$(git config --bool hooks.allownonascii)

# Redirect output to stderr.
exec 1>&2

# Cross platform projects tend to avoid non-ASCII filenames; prevent
# them from being added to the repository. We exploit the fact that the
# printable range starts at the space character and ends with tilde.
if [ "$allownonascii" != "true" ] &&
	# Note that the use of brackets around a tr range is ok here, (it's
	# even required, for portability to Solaris 10's /usr/bin/tr), since
	# the square bracket bytes happen to fall in the designated range.
	test $(git diff --cached --name-only --diff-filter=A -z $against |
	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
then
	cat <<\EOF
Error: Attempt to add a non-ASCII file name.

This can cause problems if you want to work with people on other platforms.

To be portable it is advisable to rename the file.

If you know what you are doing you can disable this check using:

  git config hooks.allownonascii true
EOF
	exit 1
fi

# If there are whitespace errors, print the offending file names and fail.
exec git diff-index --check --cached $against --

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/pre-push.sample version [b4ad74c989].













































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/sh

# An example hook script to verify what is about to be pushed.  Called by "git
# push" after it has checked the remote status, but before anything has been
# pushed.  If this script exits with a non-zero status nothing will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>
#
# This sample shows how to prevent push of commits where the log message starts
# with "WIP" (work in progress).

remote="$1"
url="$2"

z40=0000000000000000000000000000000000000000

IFS=' '
while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi

		# Check for WIP commit
		commit=`git rev-list -n 1 --grep '^WIP' "$range"`
		if [ -n "$commit" ]
		then
			echo "Found WIP commit in $local_ref, not pushing"
			exit 1
		fi
	fi
done

exit 0

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/pre-rebase.sample version [5885a56ab4].



















































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#!/bin/sh
#
# Copyright (c) 2006, 2008 Junio C Hamano
#
# The "pre-rebase" hook is run just before "git rebase" starts doing
# its job, and can prevent the command from running by exiting with
# non-zero status.
#
# The hook is called with the following parameters:
#
# $1 -- the upstream the series was forked from.
# $2 -- the branch being rebased (or empty when rebasing the current branch).
#
# This sample shows how to prevent topic branches that are already
# merged to 'next' branch from getting rebased, because allowing it
# would result in rebasing already published history.

publish=next
basebranch="$1"
if test "$#" = 2
then
	topic="refs/heads/$2"
else
	topic=`git symbolic-ref HEAD` ||
	exit 0 ;# we do not interrupt rebasing detached HEAD
fi

case "$topic" in
refs/heads/??/*)
	;;
*)
	exit 0 ;# we do not interrupt others.
	;;
esac

# Now we are dealing with a topic branch being rebased
# on top of master.  Is it OK to rebase it?

# Does the topic really exist?
git show-ref -q "$topic" || {
	echo >&2 "No such branch $topic"
	exit 1
}

# Is topic fully merged to master?
not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
if test -z "$not_in_master"
then
	echo >&2 "$topic is fully merged to master; better remove it."
	exit 1 ;# we could allow it, but there is no point.
fi

# Is topic ever merged to next?  If so you should not be rebasing it.
only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
only_next_2=`git rev-list ^master           ${publish} | sort`
if test "$only_next_1" = "$only_next_2"
then
	not_in_topic=`git rev-list "^$topic" master`
	if test -z "$not_in_topic"
	then
		echo >&2 "$topic is already up-to-date with master"
		exit 1 ;# we could allow it, but there is no point.
	else
		exit 0
	fi
else
	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
	/usr/bin/perl -e '
		my $topic = $ARGV[0];
		my $msg = "* $topic has commits already merged to public branch:\n";
		my (%not_in_next) = map {
			/^([0-9a-f]+) /;
			($1 => 1);
		} split(/\n/, $ARGV[1]);
		for my $elem (map {
				/^([0-9a-f]+) (.*)$/;
				[$1 => $2];
			} split(/\n/, $ARGV[2])) {
			if (!exists $not_in_next{$elem->[0]}) {
				if ($msg) {
					print STDERR $msg;
					undef $msg;
				}
				print STDERR " $elem->[1]\n";
			}
		}
	' "$topic" "$not_in_next" "$not_in_master"
	exit 1
fi

exit 0

################################################################

This sample hook safeguards topic branches that have been
published from being rewound.

The workflow assumed here is:

 * Once a topic branch forks from "master", "master" is never
   merged into it again (either directly or indirectly).

 * Once a topic branch is fully cooked and merged into "master",
   it is deleted.  If you need to build on top of it to correct
   earlier mistakes, a new topic branch is created by forking at
   the tip of the "master".  This is not strictly necessary, but
   it makes it easier to keep your history simple.

 * Whenever you need to test or publish your changes to topic
   branches, merge them into "next" branch.

The script, being an example, hardcodes the publish branch name
to be "next", but it is trivial to make it configurable via
$GIT_DIR/config mechanism.

With this workflow, you would want to know:

(1) ... if a topic branch has ever been merged to "next".  Young
    topic branches can have stupid mistakes you would rather
    clean up before publishing, and things that have not been
    merged into other branches can be easily rebased without
    affecting other people.  But once it is published, you would
    not want to rewind it.

(2) ... if a topic branch has been fully merged to "master".
    Then you can delete it.  More importantly, you should not
    build on top of it -- other people may already want to
    change things related to the topic as patches against your
    "master", so if you need further changes, it is better to
    fork the topic (perhaps with the same name) afresh from the
    tip of "master".

Let's look at this example:

		   o---o---o---o---o---o---o---o---o---o "next"
		  /       /           /           /
		 /   a---a---b A     /           /
		/   /               /           /
	       /   /   c---c---c---c B         /
	      /   /   /             \         /
	     /   /   /   b---b C     \       /
	    /   /   /   /             \     /
    ---o---o---o---o---o---o---o---o---o---o---o "master"


A, B and C are topic branches.

 * A has one fix since it was merged up to "next".

 * B has finished.  It has been fully merged up to "master" and "next",
   and is ready to be deleted.

 * C has not merged to "next" at all.

We would want to allow C to be rebased, refuse A, and encourage
B to be deleted.

To compute (1):

	git rev-list ^master ^topic next
	git rev-list ^master        next

	if these match, topic has not merged in next at all.

To compute (2):

	git rev-list master..topic

	if this is empty, it is fully merged to "master".

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/prepare-commit-msg.sample version [2b6275eda3].









































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh
#
# An example hook script to prepare the commit log message.
# Called by "git commit" with the name of the file that has the
# commit message, followed by the description of the commit
# message's source.  The hook's purpose is to edit the commit
# message file.  If the hook fails with a non-zero status,
# the commit is aborted.
#
# To enable this hook, rename this file to "prepare-commit-msg".

# This hook includes three examples.  The first comments out the
# "Conflicts:" part of a merge commit.
#
# The second includes the output of "git diff --name-status -r"
# into the message, just before the "git status" output.  It is
# commented because it doesn't cope with --amend or with squashed
# commits.
#
# The third example adds a Signed-off-by line to the message, that can
# still be edited.  This is rarely a good idea.

case "$2,$3" in
  merge,)
    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;

# ,|template,)
#   /usr/bin/perl -i.bak -pe '
#      print "\n" . `git diff --cached --name-status -r`
#	 if /^#/ && $first++ == 0' "$1" ;;

  *) ;;
esac

# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/hooks/update.sample version [39355a0759].

































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/bin/sh
#
# An example hook script to blocks unannotated tags from entering.
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
#
# To enable this hook, rename this file to "update".
#
# Config
# ------
# hooks.allowunannotated
#   This boolean sets whether unannotated tags will be allowed into the
#   repository.  By default they won't be.
# hooks.allowdeletetag
#   This boolean sets whether deleting tags will be allowed in the
#   repository.  By default they won't be.
# hooks.allowmodifytag
#   This boolean sets whether a tag may be modified after creation. By default
#   it won't be.
# hooks.allowdeletebranch
#   This boolean sets whether deleting branches will be allowed in the
#   repository.  By default they won't be.
# hooks.denycreatebranch
#   This boolean sets whether remotely creating branches will be denied
#   in the repository.  By default this is allowed.
#

# --- Command line
refname="$1"
oldrev="$2"
newrev="$3"

# --- Safety check
if [ -z "$GIT_DIR" ]; then
	echo "Don't run this script from the command line." >&2
	echo " (if you want, you could supply GIT_DIR then run" >&2
	echo "  $0 <ref> <oldrev> <newrev>)" >&2
	exit 1
fi

if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
	exit 1
fi

# --- Config
allowunannotated=$(git config --bool hooks.allowunannotated)
allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
denycreatebranch=$(git config --bool hooks.denycreatebranch)
allowdeletetag=$(git config --bool hooks.allowdeletetag)
allowmodifytag=$(git config --bool hooks.allowmodifytag)

# check for no description
projectdesc=$(sed -e '1q' "$GIT_DIR/description")
case "$projectdesc" in
"Unnamed repository"* | "")
	echo "*** Project description file hasn't been set" >&2
	exit 1
	;;
esac

# --- Check types
# if $newrev is 0000...0000, it's a commit to delete a ref.
zero="0000000000000000000000000000000000000000"
if [ "$newrev" = "$zero" ]; then
	newrev_type=delete
else
	newrev_type=$(git cat-file -t $newrev)
fi

case "$refname","$newrev_type" in
	refs/tags/*,commit)
		# un-annotated tag
		short_refname=${refname##refs/tags/}
		if [ "$allowunannotated" != "true" ]; then
			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
			exit 1
		fi
		;;
	refs/tags/*,delete)
		# delete tag
		if [ "$allowdeletetag" != "true" ]; then
			echo "*** Deleting a tag is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/tags/*,tag)
		# annotated tag
		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
		then
			echo "*** Tag '$refname' already exists." >&2
			echo "*** Modifying a tag is not allowed in this repository." >&2
			exit 1
		fi
		;;
	refs/heads/*,commit)
		# branch
		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
			echo "*** Creating a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/heads/*,delete)
		# delete branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	refs/remotes/*,commit)
		# tracking branch
		;;
	refs/remotes/*,delete)
		# delete tracking branch
		if [ "$allowdeletebranch" != "true" ]; then
			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
			exit 1
		fi
		;;
	*)
		# Anything else (is there anything else?)
		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
		exit 1
		;;
esac

# --- Finished
exit 0

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/index version [e654702349].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/info/exclude version [c879df015d].













>
>
>
>
>
>
1
2
3
4
5
6
# git ls-files --others --exclude-from=.git/info/exclude
# Lines that start with '#' are comments.
# For a project mostly in C, the following would be a good set of
# exclude patterns (uncomment them if you want to use them):
# *.[oa]
# *~

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/logs/HEAD version [aef4b72f5a].



>
1
0000000000000000000000000000000000000000 6cd854170f1ed87d1ce381805d79c781ac9ee262 Martin Vahi <martin.vahi@softf1.com> 1483805615 +0200	clone: from https://github.com/rahiel/firectl.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/logs/refs/heads/master version [aef4b72f5a].



>
1
0000000000000000000000000000000000000000 6cd854170f1ed87d1ce381805d79c781ac9ee262 Martin Vahi <martin.vahi@softf1.com> 1483805615 +0200	clone: from https://github.com/rahiel/firectl.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/logs/refs/remotes/origin/HEAD version [aef4b72f5a].



>
1
0000000000000000000000000000000000000000 6cd854170f1ed87d1ce381805d79c781ac9ee262 Martin Vahi <martin.vahi@softf1.com> 1483805615 +0200	clone: from https://github.com/rahiel/firectl.git

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/02/0efd4e39d81856bc4d44716ba0a259cf96aa75 version [5ff2433862].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/02/9cd930628478002fbe7192c76498143ba7e847 version [c6c672f0f6].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/02/aaa5f956ead1136f093754ea10f6192d39beee version [9f9db5df20].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/07/22454d7a5f9bbebc9037dd03ea5e398d8bcd14 version [560dbb21e8].





>
>
1
2
x;
B1@QbzA&7s $G^ܿ`yM@dwVHZEECWV>l0k	P*7xvͣk|zD+pF(1]'ϺZ($:

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/09/46b314b41e5c5ad36eed7cca7786a769e59b4e version [2f4aa72fce].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/09/bee721891e82dc8491b907c704a0c936b5cad8 version [4036809075].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/17/079335028f38a7ec18ac596145b904473c127e version [e671bf2bc5].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/1c/ea999372e9d68ab88c0b1d944c0b5377bbe7b3 version [e3d02f6f26].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/21/591cb7b83e15fd158fe1dcaac7abd252cdd847 version [a2e42f7832].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/22/7274c01db85bf00256153a332d7b1b094c438c version [0f38a6fcad].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/29/19ab528e704b7c67916f98e5301ea16145f89d version [34f71a3ac1].





>
>
1
2
xe]j0S|jh"7ڢh߾CӲ̰cdux_*y!F&
4)^˔'.\8^DN|A6;!fG%ٛv^&ys{׸3y֞q0FhsOط"2ѝȒ?k}We	PyNڪGtZ

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/2a/a1248f9a13c2012aadde71b9f5a2a3ccc2ea14 version [506c92badb].











>
>
>
>
>
1
2
3
4
5
xTj0b$4]X0t,!t,
!ٞxՕ%U͚Vo˙sFG..񋽗ip6-JMZ$wV7㵖DcC$INX,Loińi W.Ԫ+t jﳫb>i*v:ܕh cI 17H1v41IH#ZZBW	xm@(ID~J({[{o4Mkס MjZLd+Eʑb{&"L7
]vvy.enG ]EI0HhRಟ|Ǧ)_q6d/|N4qC*dž6AЦP'3V;']FvKꬲ(i%<t
o5,-).($F6B yC.Zt١[ָ✌*`*Ď\UpH\z:yl`V5B	YںqbpB~:1Voi,Ͼ\*\2tP=mArQ/ uyjnI:܅Pa7+ 7DWuu/w!qWm
EWX+|>`{m?.GB{d,9H~7s

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/2b/5b87d98f420f83d0e67657c802ff76a6781751 version [6413d5ce18].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/2d/3bdfe203c97e27345bf9da8fff90eaf45f451a version [b50c0003a3].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/2d/ee3468817638d695542aacb5ddf37c9ba32847 version [760997775f].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/32/616187121594e5758bc1188e9be9d3fcedecc7 version [73cb3629f6].



>
1
xKn!D|r3xg#xWZ~ J9L8Go"ZMZE2dObm@gVNG'H{azᗮW{_tKTϴo@cZfD)/y7)(ЙgXKv?B.u$T

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/32/a07af6af4145413212252a0191620d8e2af4c1 version [a223038613].





>
>
1
2
xT]k@~r}IhjɃAP6!iL@!qէɉ(]Icvfwkmp||vjCvZAUR#I60:I5q6bښ2+\P@
Qn)tv9U8A>rt.s"KHc{Ѝ4TDz⨋eYdY_0ORi.X,IBF9yǯIbTa[Y5&U*GYr?yÓ:*[}zWuFfmE0;ȊYVӟWƬxB|фݯ8[ak)_,To*]PVf̵^m#$y b{UVAdĊvcN5F6q%а/CsG r+fȚ`;V\LLBɱ;7x7~oǪ+2v%?ZNhѯV0u8G$5,5'`	 Hp{pz+(SB$pK.||KXHSֲ.i[ ˿ZT8¼&]:pͽ{\-G&7Er(

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/35/04a1f00ab79b48a1598a03a81dcf93a120ddc4 version [922359975c].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/37/92a55568db3990124d69d41a248b336bacb269 version [187d1230ab].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/39/e016d581b2d36a34b0330b11b2404dccc592f1 version [2111b80c41].



>
1
x10 PfװH'HdSTi+b<H"BiGP"7˕1_{+@_`I̛~^I=#sd

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/41/0e9e86135d88cdff2d51b327e47744b4ff6ea3 version [64449b84b7].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/44/231499aa7f524c922a512a2bce14501dd6a45b version [95c1722f10].





>
>
1
2
xeM
0F]B ؝/ I;4LbY} 3c0>I7f+DzA;J9[0q:L.ͬcD0ōQwO=1Rug%C=YHM3O!WTo'	%afO_N7

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/45/ad6fd279e40f8d6b707dc15ad8287a03ed4bc8 version [6f2c057e2c].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/49/2b22b61da30398e78f64f31df03975838aadfb version [eb99269bef].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/51/369554c49521b57a90df79e4a74b68db604959 version [1b267255da].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/53/381426029d51c0461669bcc1fbe9dc366153ca version [6b93d2d94e].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/5b/bab52655536ca8aed83b2fad7c5a761018800d version [e4f73f40fa].





>
>
1
2
xKn D(k@Eg4&&a(Ǐ5GȲTzUԎL^ 9%)MDȧ%Kch$LYF{quEQE[ӎLtlΘ̺&
ϭu­8LfwPֆ.RI)9r?b|V1B.N\vP*P|yX=

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/5e/f2773be3a47e0b50599d0f223ce6ac46a973da version [2246f8a0db].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/6c/d854170f1ed87d1ce381805d79c781ac9ee262 version [28f6e81f7f].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/73/c88dd63dcdfa61f5e2149a9b1a5c97f5a84ae7 version [94c74a23e8].









>
>
>
>
1
2
3
4
xT]k0ݳE{IYvCl	,]C 7Y$9ﻲn˛ǹ{k8;x6^k@TF[E$~m$'@0yZY.xpsh&ٰ*)0<;I%I2c0e;mchb,,
zRI+oP	ym@(0"?'>t)zox4*k\,
?Jr$b\ФViJD?{rKYQP̎<&3'u;-1n;S?{goMm>s'.aEJY'h
2ce.sb#}+)X5)QjSKXyk1\[XZR(	2~D{lj!d~AX.ߙ*ΑѴ;VXΓuE焀~1Vi,}ϿZ.aYpޟ GC'}C]^"[>(બy]6d	Z._!*]a^[^:pͣhCGƒ7U1m

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/83/b51ed4a2ce04a30be0b4edf2e85a243264224b version [dc73e34d1d].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/86/4cb42353f16b4271ac8ca2ceadbf5a1c53e840 version [18c09c89a0].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/8a/f3b342ddf73d16f06b25f7e9ea65492a22de10 version [567fa09366].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/92/08a2f6fd7d89351c2684e5a7bd5360cd397711 version [c17a7edadc].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/93/71de270aeb7076b699a3882ff1f32a134e1b94 version [f5f17a541c].



>
1
x;0EQjbz$4q$d2Q,qd,J-%wp!zSFLhXmv*NĆf[GE"Q8Nɏn,h?RB R<xɺmo׭p^O\"GF~]\U7צy_O

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/94/10f8dd8fac04553cafee7da935a07ee2875ed2 version [d0fc9d485f].



>
1
xeMj0F)څ@@5m"7ڢ4h߾CEf5 1ҿU`C(^aLJ	hR)/h]p>Rეmfw^!;CR͎6>[KHY7LD5q?f$cZ{*MZ=bߚxhFw2"K]%DB95joѩ_Z

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/9c/037e6b14e61664f7d26e7c6280b7b70d2256aa version [7a9469b9bc].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/a0/a69f501823a4e5acf431635e19c8eec2cc144e version [995436c71b].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/a2/34a8964960a2a1a6770d48de355cdb20c68698 version [bc0814a861].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/a7/e4dd7d7c0d907e12977bcebd4f90b355ff8440 version [3e37e0e443].





>
>
1
2
x}1O0+QɓUb@]{t-۩뤅"%~ctp_1ԆF>qjzna
d4K! vp _FdzubZj?WҟQ)ڈ9(t8Hѓ?0JRԤ< 4p=yȷf=lڢ̐]:rK/J	"I[[,TqLecY~#:`Ӊo`^1w6`8xN7LQ,:b}O

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/aa/cea31ca8ca63c05f4914413b683ddbe930768c version [5862ac33d2].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/b0/9ff78e3355382cc5e53fc35ef5ba8d240440e5 version [9c2a7dd2c3].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/b2/550aca5df249dee39b14d79e04589fd477c8ac version [d4bd55a362].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/b6/614b764f53e25c6ed96aaec4eacc48453c6852 version [81086f6780].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/b7/285a4cc6c5c8216427e9875c03ff4be69ae684 version [7bcea823c0].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/bb/2da8004dbd6669410aac0b86366316c67c4512 version [c0412b24f8].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/bf/cb965683b16a78cc562978d8f0633bdafc9eb1 version [8a34757367].





>
>
1
2
x A
 s 	I5(sPZ T3QgDqͫ	g*)p̕XrLQ

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/c2/9b5bfc7ba21e432ca634a0e94652b076b6948e version [7c64d717b3].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/c9/4f8cc88559228564525c395cb4ffab3ddb1e54 version [3f7cc6bb59].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/ca/6d669702542d9f9e53b794e8d6f7f2f2ad3d6d version [325ee87657].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/cc/4066f4fdbcba189fc13b73fcd54acade2a9109 version [5adec5b98a].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/d1/59169d1050894d3ea3b98e1c965c4058208fe1 version [1a880b6c4b].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/d2/2b10589d6818c891266d049779af5d42c54757 version [341bb83f89].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/d5/743b06c029f8484cbce12c7470e1e08fba1dfa version [1da52aaa87].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/db/6ffe1798a61e9591ef1a3bce3a89bb874114e6 version [ca455a5f49].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/db/c975e54a63db87663840ce88b582e39c7d50d4 version [24d663e606].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/dd/2dc1061fb53065c4d27a69c24d68d4ac38041a version [ab4c1ea513].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/e1/242fbb0044b7392bc7b6f0346930a7fcf1d327 version [271ec26c78].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/e6/cd9f64325d21603465cd69e2d931db3410fa7c version [61fe2e1375].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/f0/1b5e4d43af59749806b9af23617bc0e268d40d version [7d529122a8].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/f0/723d0c255ffe41ab6a7ca2ca06f435be2ede5e version [b4fc91891f].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/f1/3e9db6d324646511665c9728574174d26b5f16 version [7bd1ee3527].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/f4/77f81281d89276f01e4e4bab69a4f55fde1c12 version [0d22f63f42].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/fd/4edf5ef0d96d4ef7081b4e5e87fdb0e0d323b9 version [c7671ebf87].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/objects/fd/71aca2fa715e8ce171ef06d2a5940f9a476bb9 version [eb16c8bedb].

cannot compute difference between binary files

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/packed-refs version [cf6d9f25d1].









>
>
>
>
1
2
3
4
# pack-refs with: peeled fully-peeled 
6cd854170f1ed87d1ce381805d79c781ac9ee262 refs/remotes/origin/master
d5743b06c029f8484cbce12c7470e1e08fba1dfa refs/tags/1.0
^6cd854170f1ed87d1ce381805d79c781ac9ee262

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/refs/heads/master version [050d1756e4].



>
1
6cd854170f1ed87d1ce381805d79c781ac9ee262

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.git/refs/remotes/origin/HEAD version [d9427cda09].



>
1
ref: refs/remotes/origin/master

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/.gitignore version [3e892b503b].















>
>
>
>
>
>
>
1
2
3
4
5
6
7
*.pyc
venv
dist
build
*.egg-info
__pycache__
*.deb

Added work_in_progress/experiments/mmmv_silkexec/attic/firejail/src_from_GitHub/the_repository_clones/firectl/LICENSE version [4cc77b90af].