Explain what content should go in the profile and what the two inclusions
are for.
Bug: T257207
Change-Id: I7a0fbc558a85baa91624414f67f84d2dc23a41bb
# Firejail profile used by MediaWiki when shelling out
# Firejail profile used by MediaWiki when shelling out
+# Most rules are applied via command-line flags controlled by the
+# Shell::RESTRICTION_* constants.
+# Rules added to this file must be compatible with every command that could
+# be invoked. If something might need to be disabled, then it should be added
+# as a Shell:RESTRICTION_* constant instead so that commands can opt-in/out.
+
# See <https://firejail.wordpress.com/features-3/man-firejail-profile/> for
# See <https://firejail.wordpress.com/features-3/man-firejail-profile/> for
-# syntax documentation
-# Persistent local customizations
+# syntax documentation.
+
+# Optionally allow sysadmins to set extra restrictions that apply to their
+# MediaWiki setup, e.g. disallowing access to extra private directories.
include /etc/firejail/mediawiki.local
include /etc/firejail/mediawiki.local
-# Persistent global definitions
+
+# Include any global firejail customizations.
include /etc/firejail/globals.local
include /etc/firejail/globals.local