added calibre profile

7 files changed, 54 insertions, 3 deletions

diff --git a/README.md b/README.md
index b9b50d788..aef7e96fa 100644
--- a/README.md
+++ b/README.md
@@ -66,5 +66,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 
 ## New profiles:
 
-curl, mplayer2, SMPlayer
+curl, mplayer2, SMPlayer, Calibre, ebook-viewer
 
diff --git a/etc/calibre.profile b/etc/calibre.profile
new file mode 100644
index 000000000..b75e0c276
--- /dev/null
+++ b/etc/calibre.profile
@@ -0,0 +1,35 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/calibre.local
+
+noblacklist ~/.config/calibre
+noblacklist ~/.cache/calibre
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+#ipc-namespace
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+#private-bin
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 3b2c150fc..7a3ca37ed 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -62,6 +62,7 @@ blacklist ${HOME}/.config/borg
 blacklist ${HOME}/.config/brasero
 blacklist ${HOME}/.config/brave
 blacklist ${HOME}/.config/caja
+blacklist ${HOME}/.config/calibre
 blacklist ${HOME}/.config/catfish
 blacklist ${HOME}/.config/cherrytree
 blacklist ${HOME}/.config/chromium
@@ -361,6 +362,7 @@ blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/attic
 blacklist ${HOME}/.cache/borg
+blacklist ${HOME}/.cache/calibre
 blacklist ${HOME}/.cache/champlain
 blacklist ${HOME}/.cache/chromium
 blacklist ${HOME}/.cache/qupzilla
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile
new file mode 100644
index 000000000..ba28e3550
--- /dev/null
+++ b/etc/ebook-viewer.profile
@@ -0,0 +1,10 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/ebook-viewer.local
+
+# Firejail profile for ebook-viewer (Calibre)
+include /etc/firejail/calibre.profile
+net none
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index ad01c9b2a..05b5a819f 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -310,3 +310,5 @@
 /etc/firejail/curl.profile
 /etc/firejail/mplayer.profile
 /etc/firejail/smplayer.profile
+/etc/firejail/ebook-viewer.profile
+/etc/firejail/calibre.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 7bac70887..1ac8234ab 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -23,6 +23,7 @@ bless
 blender
 brasero
 brave
+calibre
 catfish
 cherrytree
 chromium
@@ -50,6 +51,7 @@ dolphin
 dosbox
 dragon
 dropbox
+ebook-viewer
 elinks
 empathy
 eog
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index 5ce156603..79ebc3b1b 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -639,7 +639,7 @@ void x11_start_xpra(int argc, char **argv) {
 
         // build the start command
         char *server_argv[256] = {                // rest initialyzed to NULL
-                 "xpra", "start", display_str, "--no-daemon",
+                 "xpra", "start", display_str, "--no-daemon", "--use-display",
         };
         unsigned pos = 0;
         while (server_argv[pos] != NULL) pos++;
@@ -736,7 +736,7 @@ void x11_start_xpra(int argc, char **argv) {
         }
 
         // add a small delay, on some systems it takes some time for the server to start
-        sleep(1);
+        sleep(5);
 
         // check X11 socket
         char *fname;