cool profiles

[nyancat18]

• openvpn
• eddie (for airvpn...A VERY COOL vpn but premium),
• i2p (taking as base the i2prouter with systemd services installed at /opt)
• freenet
• dia (ms visio like)
• geany (a COOL IDE)

[chiraag-nataraj]

Added Dia! 😄

[chiraag-nataraj]

With respect to geany, won't the profile depend on which plugins you need? Like, if you're never going to use the C stuff, then giving geany access to gcc is a terrible idea.

[chiraag-nataraj]

@nyancat18 What level of security would you like for geany? That is, what exactly do you use it for? Because that will definitely determine how restricted the profile is. I can also completely leave off private-bin, but that's not exactly that secure...

[chiraag-nataraj]

I would recommend that you use systemd to sandbox system services like openvpn (and related VPN services), i2p, and freenet. You get the same granularity as with firejail (sometimes more), and with system services, you get the full range of options systemd has to offer (unlike with user services, where firejail is really useful).

[chiraag-nataraj]

I'll try to bring in a profile for geany though.

[chiraag-nataraj]

Done!

[chiraag-nataraj]

After reconsidering, I'll try to bring in a profile for openvpn, i2p, and freenet. Since I don't have AirVPN, I can't test eddie at all, but if you want to bring in a profile for that, I'd be happy to merge it. Re-opening as a result.