New profiles for balsa,trojita,kube (#3603)

* Added minecraft-launcher-profile Initial * Changed minecraft-launcher profile Added space,tracelog,nodvd * New profiles for balsa,trojita,kube * Switch to whitelisting * Enable gpg,firefox uniformity between other clients * Hyperlinks * Fix Co-authored-by: kortewegdevries <k0rtic_dv@aol.com>
author: kortewegdevries <kortewegdevries@protonmail.ch> 2020-09-03 08:01:15 +0000
committer: GitHub <noreply@github.com> 2020-09-03 08:01:15 +0000
commit: 7df28c1edeb50f6b856331ba65da05afae7ae81f (patch)
tree: 85578561dc3716bb4f836edf80dc6de25c113d2b
parent: bringing in awk preprocessor from rusty-snake (diff)
download: firejail-7df28c1edeb50f6b856331ba65da05afae7ae81f.tar.gz
firejail-7df28c1edeb50f6b856331ba65da05afae7ae81f.tar.zst
firejail-7df28c1edeb50f6b856331ba65da05afae7ae81f.zip
5 files changed, 234 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 1264caf30..e22a9ae3a 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -37,6 +37,7 @@ blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/.WebStorm*
 blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.ZAP
+blacklist ${HOME}/.abook
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
 blacklist ${HOME}/.anydesk
@@ -49,6 +50,7 @@ blacklist ${HOME}/.asunder_album_title
 blacklist ${HOME}/.atom
 blacklist ${HOME}/.attic
 blacklist ${HOME}/.audacity-data
+blacklist ${HOME}/.balsa
 blacklist ${HOME}/.bcast5
 blacklist ${HOME}/.bibletime
 blacklist ${HOME}/.bitcoin
@@ -209,6 +211,7 @@ blacklist ${HOME}/.config/evince
 blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.config/falkon
 blacklist ${HOME}/.config/filezilla
+blacklist ${HOME}/.config/flaska.net
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/font-manager
 blacklist ${HOME}/.config/freecol
@@ -278,6 +281,7 @@ blacklist ${HOME}/.config/konversation.notifyrc
 blacklist ${HOME}/.config/kritarc
 blacklist ${HOME}/.config/ktorrentrc
 blacklist ${HOME}/.config/ktouch2rc
+blacklist ${HOME}/.config/kube
 blacklist ${HOME}/.config/kwriterc
 blacklist ${HOME}/.config/leafpad
 blacklist ${HOME}/.config/libreoffice
@@ -354,6 +358,7 @@ blacklist ${HOME}/.config/rtv
 blacklist ${HOME}/.config/scribus
 blacklist ${HOME}/.config/scribusrc
 blacklist ${HOME}/.config/sinew.in
+blacklist ${HOME}/.config/sink
 blacklist ${HOME}/.config/skypeforlinux
 blacklist ${HOME}/.config/slimjet
 blacklist ${HOME}/.config/smplayer
@@ -636,6 +641,7 @@ blacklist ${HOME}/.local/share/krita
 blacklist ${HOME}/.local/share/ktorrent
 blacklist ${HOME}/.local/share/ktorrentrc
 blacklist ${HOME}/.local/share/ktouch
+blacklist ${HOME}/.local/share/kube
 blacklist ${HOME}/.local/share/kwrite
 blacklist ${HOME}/.local/share/kxmlgui5/*
 blacklist ${HOME}/.local/share/liferea
@@ -678,6 +684,7 @@ blacklist ${HOME}/.local/share/rhythmbox
 blacklist ${HOME}/.local/share/rtv
 blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/signal-cli
+blacklist ${HOME}/.local/share/sink
 blacklist ${HOME}/.local/share/smuxi
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
@@ -868,6 +875,7 @@ blacklist ${HOME}/.cache/epiphany
 blacklist ${HOME}/.cache/evolution
 blacklist ${HOME}/.cache/falkon
 blacklist ${HOME}/.cache/feedreader
+blacklist ${HOME}/.cache/flaska.net/trojita
 blacklist ${HOME}/.cache/font-manager
 blacklist ${HOME}/.cache/fossamail
 blacklist ${HOME}/.cache/fractal
@@ -907,6 +915,7 @@ blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
 blacklist ${HOME}/.cache/kscreenlocker_greet
 blacklist ${HOME}/.cache/ksmserver-logout-greeter
 blacklist ${HOME}/.cache/ksplashqml
+blacklist ${HOME}/.cache/kube
 blacklist ${HOME}/.cache/kwin
 blacklist ${HOME}/.cache/libgweather
 blacklist ${HOME}/.cache/liferea
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile
new file mode 100644
index 000000000..a401ac592
--- /dev/null
+++ b/etc/profile-a-l/balsa.profile
@@ -0,0 +1,78 @@
+# Firejail profile for balsa
+# Description: GNOME mail client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include balsa.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.balsa
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/mail
+noblacklist /var/mail
+noblacklist /var/spool/mail
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.balsa
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/mail
+whitelist ${HOME}/.balsa
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/mail
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/balsa
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /var/mail
+whitelist /var/spool/mail
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+# disable-mnt
+# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg 
+# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
+private-bin balsa,balsa-ab
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg
+private-tmp
+writable-run-user
+writable-var
+dbus-user filter
+dbus-user.own org.desktop.Balsa
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.freedesktop.Notifications
+dbus-system none
+read-only ${HOME}/.mozilla/firefox/profiles.ini
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile
new file mode 100644
index 000000000..cf3a69fd7
--- /dev/null
+++ b/etc/profile-a-l/kube.profile
@@ -0,0 +1,81 @@
+# Firejail profile for kube
+# Description: Qt mail client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kube.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/kube
+noblacklist ${HOME}/.config/kube
+noblacklist ${HOME}/.config/sink
+noblacklist ${HOME}/.local/share/kube
+noblacklist ${HOME}/.local/share/sink
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.cache/kube
+mkdir ${HOME}/.config/kube
+mkdir ${HOME}/.config/sink
+mkdir ${HOME}/.local/share/kube
+mkdir ${HOME}/.local/share/sink
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.cache/kube
+whitelist ${HOME}/.config/kube
+whitelist ${HOME}/.config/sink
+whitelist ${HOME}/.local/share/kube
+whitelist ${HOME}/.local/share/sink
+whitelist ${RUNUSER}/gnupg
+whitelist /usr/share/kube
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+# disable-mnt
+# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg 
+# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
+private-bin kube,sink_synchronizer
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg
+private-tmp
+writable-run-user
+dbus-user filter
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.freedesktop.Notifications
+dbus-system none
+read-only ${HOME}/.mozilla/firefox/profiles.ini
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile
new file mode 100644
index 000000000..a8641af85
--- /dev/null
+++ b/etc/profile-m-z/trojita.profile
@@ -0,0 +1,63 @@
+# Firejail profile for trojita
+# Description: Qt mail client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include trojita.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.abook
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.cache/flaska.net/trojita
+noblacklist ${HOME}/.config/flaska.net
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.abook
+mkdir ${HOME}/.cache/flaska.net/trojita
+mkdir ${HOME}/.config/flaska.net
+whitelist ${HOME}/.abook
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+whitelist ${HOME}/.cache/flaska.net/trojita
+whitelist ${HOME}/.config/flaska.net
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+# disable-mnt
+# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
+private-bin trojita
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}/.mozilla/firefox/profiles.ini
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 54c568f27..5e0ca8de4 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -70,6 +70,7 @@ autokey-shell
 aweather
 baloo_file
 baloo_filemetadata_temp_extractor
+balsa
 baobab
 barrier
 basilisk
@@ -405,6 +406,7 @@ krita
 # krunner
 ktorrent
 ktouch
+kube
 # kwin_x11
 kwrite
 leafpad
@@ -748,6 +750,7 @@ transmission-remote-cli
 transmission-remote-gtk
 transmission-show
 tremulous
+trojita
 truecraft
 tshark
 tuxguitar
author	kortewegdevries <kortewegdevries@protonmail.ch>	2020-09-03 08:01:15 +0000
committer	GitHub <noreply@github.com>	2020-09-03 08:01:15 +0000
commit	7df28c1edeb50f6b856331ba65da05afae7ae81f (patch)
tree	85578561dc3716bb4f836edf80dc6de25c113d2b
parent	bringing in awk preprocessor from rusty-snake (diff)
download	firejail-7df28c1edeb50f6b856331ba65da05afae7ae81f.tar.gz firejail-7df28c1edeb50f6b856331ba65da05afae7ae81f.tar.zst firejail-7df28c1edeb50f6b856331ba65da05afae7ae81f.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 1264caf30..e22a9ae3a 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -37,6 +37,7 @@ blacklist ${HOME}/.VirtualBox
37	blacklist ${HOME}/.WebStorm*	37	blacklist ${HOME}/.WebStorm*
38	blacklist ${HOME}/.Wolfram Research	38	blacklist ${HOME}/.Wolfram Research
39	blacklist ${HOME}/.ZAP	39	blacklist ${HOME}/.ZAP
		40	blacklist ${HOME}/.abook
40	blacklist ${HOME}/.aMule	41	blacklist ${HOME}/.aMule
41	blacklist ${HOME}/.android	42	blacklist ${HOME}/.android
42	blacklist ${HOME}/.anydesk	43	blacklist ${HOME}/.anydesk
@@ -49,6 +50,7 @@ blacklist ${HOME}/.asunder_album_title
49	blacklist ${HOME}/.atom	50	blacklist ${HOME}/.atom
50	blacklist ${HOME}/.attic	51	blacklist ${HOME}/.attic
51	blacklist ${HOME}/.audacity-data	52	blacklist ${HOME}/.audacity-data
		53	blacklist ${HOME}/.balsa
52	blacklist ${HOME}/.bcast5	54	blacklist ${HOME}/.bcast5
53	blacklist ${HOME}/.bibletime	55	blacklist ${HOME}/.bibletime
54	blacklist ${HOME}/.bitcoin	56	blacklist ${HOME}/.bitcoin
@@ -209,6 +211,7 @@ blacklist ${HOME}/.config/evince
209	blacklist ${HOME}/.config/evolution	211	blacklist ${HOME}/.config/evolution
210	blacklist ${HOME}/.config/falkon	212	blacklist ${HOME}/.config/falkon
211	blacklist ${HOME}/.config/filezilla	213	blacklist ${HOME}/.config/filezilla
		214	blacklist ${HOME}/.config/flaska.net
212	blacklist ${HOME}/.config/flowblade	215	blacklist ${HOME}/.config/flowblade
213	blacklist ${HOME}/.config/font-manager	216	blacklist ${HOME}/.config/font-manager
214	blacklist ${HOME}/.config/freecol	217	blacklist ${HOME}/.config/freecol
@@ -278,6 +281,7 @@ blacklist ${HOME}/.config/konversation.notifyrc
278	blacklist ${HOME}/.config/kritarc	281	blacklist ${HOME}/.config/kritarc
279	blacklist ${HOME}/.config/ktorrentrc	282	blacklist ${HOME}/.config/ktorrentrc
280	blacklist ${HOME}/.config/ktouch2rc	283	blacklist ${HOME}/.config/ktouch2rc
		284	blacklist ${HOME}/.config/kube
281	blacklist ${HOME}/.config/kwriterc	285	blacklist ${HOME}/.config/kwriterc
282	blacklist ${HOME}/.config/leafpad	286	blacklist ${HOME}/.config/leafpad
283	blacklist ${HOME}/.config/libreoffice	287	blacklist ${HOME}/.config/libreoffice
@@ -354,6 +358,7 @@ blacklist ${HOME}/.config/rtv
354	blacklist ${HOME}/.config/scribus	358	blacklist ${HOME}/.config/scribus
355	blacklist ${HOME}/.config/scribusrc	359	blacklist ${HOME}/.config/scribusrc
356	blacklist ${HOME}/.config/sinew.in	360	blacklist ${HOME}/.config/sinew.in
		361	blacklist ${HOME}/.config/sink
357	blacklist ${HOME}/.config/skypeforlinux	362	blacklist ${HOME}/.config/skypeforlinux
358	blacklist ${HOME}/.config/slimjet	363	blacklist ${HOME}/.config/slimjet
359	blacklist ${HOME}/.config/smplayer	364	blacklist ${HOME}/.config/smplayer
@@ -636,6 +641,7 @@ blacklist ${HOME}/.local/share/krita
636	blacklist ${HOME}/.local/share/ktorrent	641	blacklist ${HOME}/.local/share/ktorrent
637	blacklist ${HOME}/.local/share/ktorrentrc	642	blacklist ${HOME}/.local/share/ktorrentrc
638	blacklist ${HOME}/.local/share/ktouch	643	blacklist ${HOME}/.local/share/ktouch
		644	blacklist ${HOME}/.local/share/kube
639	blacklist ${HOME}/.local/share/kwrite	645	blacklist ${HOME}/.local/share/kwrite
640	blacklist ${HOME}/.local/share/kxmlgui5/*	646	blacklist ${HOME}/.local/share/kxmlgui5/*
641	blacklist ${HOME}/.local/share/liferea	647	blacklist ${HOME}/.local/share/liferea
@@ -678,6 +684,7 @@ blacklist ${HOME}/.local/share/rhythmbox
678	blacklist ${HOME}/.local/share/rtv	684	blacklist ${HOME}/.local/share/rtv
679	blacklist ${HOME}/.local/share/scribus	685	blacklist ${HOME}/.local/share/scribus
680	blacklist ${HOME}/.local/share/signal-cli	686	blacklist ${HOME}/.local/share/signal-cli
		687	blacklist ${HOME}/.local/share/sink
681	blacklist ${HOME}/.local/share/smuxi	688	blacklist ${HOME}/.local/share/smuxi
682	blacklist ${HOME}/.local/share/spotify	689	blacklist ${HOME}/.local/share/spotify
683	blacklist ${HOME}/.local/share/steam	690	blacklist ${HOME}/.local/share/steam
@@ -868,6 +875,7 @@ blacklist ${HOME}/.cache/epiphany
868	blacklist ${HOME}/.cache/evolution	875	blacklist ${HOME}/.cache/evolution
869	blacklist ${HOME}/.cache/falkon	876	blacklist ${HOME}/.cache/falkon
870	blacklist ${HOME}/.cache/feedreader	877	blacklist ${HOME}/.cache/feedreader
		878	blacklist ${HOME}/.cache/flaska.net/trojita
871	blacklist ${HOME}/.cache/font-manager	879	blacklist ${HOME}/.cache/font-manager
872	blacklist ${HOME}/.cache/fossamail	880	blacklist ${HOME}/.cache/fossamail
873	blacklist ${HOME}/.cache/fractal	881	blacklist ${HOME}/.cache/fractal
@@ -907,6 +915,7 @@ blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite*
907	blacklist ${HOME}/.cache/kscreenlocker_greet	915	blacklist ${HOME}/.cache/kscreenlocker_greet
908	blacklist ${HOME}/.cache/ksmserver-logout-greeter	916	blacklist ${HOME}/.cache/ksmserver-logout-greeter
909	blacklist ${HOME}/.cache/ksplashqml	917	blacklist ${HOME}/.cache/ksplashqml
		918	blacklist ${HOME}/.cache/kube
910	blacklist ${HOME}/.cache/kwin	919	blacklist ${HOME}/.cache/kwin
911	blacklist ${HOME}/.cache/libgweather	920	blacklist ${HOME}/.cache/libgweather
912	blacklist ${HOME}/.cache/liferea	921	blacklist ${HOME}/.cache/liferea


diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile new file mode 100644 index 000000000..a401ac592 --- /dev/null +++ b/etc/profile-a-l/balsa.profile
@@ -0,0 +1,78 @@
		1	# Firejail profile for balsa
		2	# Description: GNOME mail client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include balsa.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.balsa
		10	noblacklist ${HOME}/.gnupg
		11	noblacklist ${HOME}/.mozilla
		12	noblacklist ${HOME}/mail
		13	noblacklist /var/mail
		14	noblacklist /var/spool/mail
		15
		16	include disable-common.inc
		17	include disable-devel.inc
		18	include disable-exec.inc
		19	include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	include disable-programs.inc
		22	include disable-shell.inc
		23	include disable-xdg.inc
		24
		25	mkdir ${HOME}/.balsa
		26	mkdir ${HOME}/.gnupg
		27	mkdir ${HOME}/mail
		28	whitelist ${HOME}/.balsa
		29	whitelist ${HOME}/.gnupg
		30	whitelist ${HOME}/.mozilla/firefox/profiles.ini
		31	whitelist ${HOME}/mail
		32	whitelist ${RUNUSER}/gnupg
		33	whitelist /usr/share/balsa
		34	whitelist /usr/share/gnupg
		35	whitelist /usr/share/gnupg2
		36	whitelist /var/mail
		37	whitelist /var/spool/mail
		38	include whitelist-common.inc
		39	include whitelist-runuser-common.inc
		40	include whitelist-usr-share-common.inc
		41	include whitelist-var-common.inc
		42
		43	apparmor
		44	caps.drop all
		45	netfilter
		46	no3d
		47	nodvd
		48	nogroups
		49	nonewprivs
		50	noroot
		51	nosound
		52	notv
		53	nou2f
		54	novideo
		55	protocol unix,inet,inet6
		56	seccomp
		57	shell none
		58	tracelog
		59
		60	# disable-mnt
		61	# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
		62	# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
		63	private-bin balsa,balsa-ab
		64	private-cache
		65	private-dev
		66	private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg
		67	private-tmp
		68	writable-run-user
		69	writable-var
		70
		71	dbus-user filter
		72	dbus-user.own org.desktop.Balsa
		73	dbus-user.talk ca.desrt.dconf
		74	dbus-user.talk org.freedesktop.secrets
		75	dbus-user.talk org.freedesktop.Notifications
		76	dbus-system none
		77
		78	read-only ${HOME}/.mozilla/firefox/profiles.ini


diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile new file mode 100644 index 000000000..cf3a69fd7 --- /dev/null +++ b/etc/profile-a-l/kube.profile
@@ -0,0 +1,81 @@
		1	# Firejail profile for kube
		2	# Description: Qt mail client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include kube.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.gnupg
		10	noblacklist ${HOME}/.mozilla
		11	noblacklist ${HOME}/.cache/kube
		12	noblacklist ${HOME}/.config/kube
		13	noblacklist ${HOME}/.config/sink
		14	noblacklist ${HOME}/.local/share/kube
		15	noblacklist ${HOME}/.local/share/sink
		16
		17	include disable-common.inc
		18	include disable-devel.inc
		19	include disable-exec.inc
		20	include disable-interpreters.inc
		21	include disable-passwdmgr.inc
		22	include disable-programs.inc
		23	include disable-shell.inc
		24	include disable-xdg.inc
		25
		26	mkdir ${HOME}/.gnupg
		27	mkdir ${HOME}/.cache/kube
		28	mkdir ${HOME}/.config/kube
		29	mkdir ${HOME}/.config/sink
		30	mkdir ${HOME}/.local/share/kube
		31	mkdir ${HOME}/.local/share/sink
		32	whitelist ${HOME}/.gnupg
		33	whitelist ${HOME}/.mozilla/firefox/profiles.ini
		34	whitelist ${HOME}/.cache/kube
		35	whitelist ${HOME}/.config/kube
		36	whitelist ${HOME}/.config/sink
		37	whitelist ${HOME}/.local/share/kube
		38	whitelist ${HOME}/.local/share/sink
		39	whitelist ${RUNUSER}/gnupg
		40	whitelist /usr/share/kube
		41	whitelist /usr/share/gnupg
		42	whitelist /usr/share/gnupg2
		43	include whitelist-common.inc
		44	include whitelist-runuser-common.inc
		45	include whitelist-usr-share-common.inc
		46	include whitelist-var-common.inc
		47
		48	apparmor
		49	caps.drop all
		50	netfilter
		51	no3d
		52	nodvd
		53	nogroups
		54	nonewprivs
		55	noroot
		56	nosound
		57	notv
		58	nou2f
		59	novideo
		60	protocol unix,inet,inet6
		61	seccomp
		62	shell none
		63	tracelog
		64
		65	# disable-mnt
		66	# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
		67	# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
		68	private-bin kube,sink_synchronizer
		69	private-cache
		70	private-dev
		71	private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg
		72	private-tmp
		73	writable-run-user
		74
		75	dbus-user filter
		76	dbus-user.talk ca.desrt.dconf
		77	dbus-user.talk org.freedesktop.secrets
		78	dbus-user.talk org.freedesktop.Notifications
		79	dbus-system none
		80
		81	read-only ${HOME}/.mozilla/firefox/profiles.ini


diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile new file mode 100644 index 000000000..a8641af85 --- /dev/null +++ b/etc/profile-m-z/trojita.profile
@@ -0,0 +1,63 @@
		1	# Firejail profile for trojita
		2	# Description: Qt mail client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include trojita.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.abook
		10	noblacklist ${HOME}/.mozilla
		11	noblacklist ${HOME}/.cache/flaska.net/trojita
		12	noblacklist ${HOME}/.config/flaska.net
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-passwdmgr.inc
		19	include disable-programs.inc
		20	include disable-shell.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.abook
		24	mkdir ${HOME}/.cache/flaska.net/trojita
		25	mkdir ${HOME}/.config/flaska.net
		26	whitelist ${HOME}/.abook
		27	whitelist ${HOME}/.mozilla/firefox/profiles.ini
		28	whitelist ${HOME}/.cache/flaska.net/trojita
		29	whitelist ${HOME}/.config/flaska.net
		30	include whitelist-common.inc
		31	include whitelist-runuser-common.inc
		32	include whitelist-usr-share-common.inc
		33	include whitelist-var-common.inc
		34
		35	apparmor
		36	caps.drop all
		37	netfilter
		38	no3d
		39	nodvd
		40	nogroups
		41	nonewprivs
		42	noroot
		43	nosound
		44	notv
		45	nou2f
		46	novideo
		47	protocol unix,inet,inet6,netlink
		48	seccomp
		49	shell none
		50	tracelog
		51
		52	# disable-mnt
		53	# Add "ignore private-bin" for hyperlinks or have a look at the private-bins in firefox.profile and firefox-common.profile.
		54	private-bin trojita
		55	private-cache
		56	private-dev
		57	private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg
		58	private-tmp
		59
		60	dbus-user none
		61	dbus-system none
		62
		63	read-only ${HOME}/.mozilla/firefox/profiles.ini


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 54c568f27..5e0ca8de4 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -70,6 +70,7 @@ autokey-shell
70	aweather	70	aweather
71	baloo_file	71	baloo_file
72	baloo_filemetadata_temp_extractor	72	baloo_filemetadata_temp_extractor
		73	balsa
73	baobab	74	baobab
74	barrier	75	barrier
75	basilisk	76	basilisk
@@ -405,6 +406,7 @@ krita
405	# krunner	406	# krunner
406	ktorrent	407	ktorrent
407	ktouch	408	ktouch
		409	kube
408	# kwin_x11	410	# kwin_x11
409	kwrite	411	kwrite
410	leafpad	412	leafpad
@@ -748,6 +750,7 @@ transmission-remote-cli
748	transmission-remote-gtk	750	transmission-remote-gtk
749	transmission-show	751	transmission-show
750	tremulous	752	tremulous
		753	trojita
751	truecraft	754	truecraft
752	tshark	755	tshark
753	tuxguitar	756	tuxguitar