Various profiles # 2 (#3566)

* Matrix clients Initial * Add profile for fractal, # 1139 * Fixes
author: kortewegdevries <kortewegdevries@protonmail.ch> 2020-09-02 10:40:51 +0000
committer: GitHub <noreply@github.com> 2020-09-02 10:40:51 +0000
commit: fa28d0ec87146a718219bbd7addf6a6994c6bf37 (patch)
tree: 9213d9d07f5d534613e675e679ae0049e9435c37
parent: Various profiles (#3561) (diff)
download: firejail-fa28d0ec87146a718219bbd7addf6a6994c6bf37.tar.gz
firejail-fa28d0ec87146a718219bbd7addf6a6994c6bf37.tar.zst
firejail-fa28d0ec87146a718219bbd7addf6a6994c6bf37.zip
6 files changed, 232 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 92cde6d56..dba60fcba 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -83,6 +83,7 @@ blacklist ${HOME}/.config/Debauchee/Barrier.conf
 blacklist ${HOME}/.config/Dharkael
 blacklist ${HOME}/.config/Element
 blacklist ${HOME}/.config/Element (Riot)
+blacklist ${HOME}/.config/ENCOM
 blacklist ${HOME}/.config/Enox
 blacklist ${HOME}/.config/Ferdi
 blacklist ${HOME}/.config/Flavio Tordini
@@ -122,6 +123,7 @@ blacklist ${HOME}/.config/QMediathekView
 blacklist ${HOME}/.config/Qlipper
 blacklist ${HOME}/.config/QuiteRss
 blacklist ${HOME}/.config/QuiteRssrc
+blacklist ${HOME}/.config/Quotient
 blacklist ${HOME}/.config/Rambox
 blacklist ${HOME}/.config/Riot
 blacklist ${HOME}/.config/Rocket.Chat
@@ -292,6 +294,7 @@ blacklist ${HOME}/.config/menulibre.cfg
 blacklist ${HOME}/.config/mfusion
 blacklist ${HOME}/.config/Microsoft
 blacklist ${HOME}/.config/midori
+blacklist ${HOME}/.config/mirage
 blacklist ${HOME}/.config/mono
 blacklist ${HOME}/.config/mpDris2
 blacklist ${HOME}/.config/mpd
@@ -639,6 +642,7 @@ blacklist ${HOME}/.local/share/mana
 blacklist ${HOME}/.local/share/maps-places.json
 blacklist ${HOME}/.local/share/meld
 blacklist ${HOME}/.local/share/midori
+blacklist ${HOME}/.local/share/mirage
 blacklist ${HOME}/.local/share/multimc
 blacklist ${HOME}/.local/share/multimc5
 blacklist ${HOME}/.local/share/mupen64plus
@@ -817,6 +821,7 @@ blacklist ${HOME}/.cache/8pecxstudios
 blacklist ${HOME}/.cache/Authenticator
 blacklist ${HOME}/.cache/BraveSoftware
 blacklist ${HOME}/.cache/Clementine
+blacklist ${HOME}/.cache/ENCOM/Spectral
 blacklist ${HOME}/.cache/Enox
 blacklist ${HOME}/.cache/Enpass
 blacklist ${HOME}/.cache/Ferdi
@@ -827,6 +832,7 @@ blacklist ${HOME}/.cache/MusicBrainz
 blacklist ${HOME}/.cache/NewsFlashGTK
 blacklist ${HOME}/.cache/Otter
 blacklist ${HOME}/.cache/QuiteRss
+blacklist ${HOME}/.cache/Quotient/quaternion
 blacklist ${HOME}/.cache/Shortwave
 blacklist ${HOME}/.cache/Tox
 blacklist ${HOME}/.cache/Zeal
@@ -856,6 +862,7 @@ blacklist ${HOME}/.cache/falkon
 blacklist ${HOME}/.cache/feedreader
 blacklist ${HOME}/.cache/font-manager
 blacklist ${HOME}/.cache/fossamail
+blacklist ${HOME}/.cache/fractal
 blacklist ${HOME}/.cache/freecol
 blacklist ${HOME}/.cache/gajim
 blacklist ${HOME}/.cache/gegl-0.4
@@ -897,6 +904,7 @@ blacklist ${HOME}/.cache/liferea
 blacklist ${HOME}/.cache/Mendeley Ltd.
 blacklist ${HOME}/.cache/midori
 blacklist ${HOME}/.cache/minetest
+blacklist ${HOME}/.cache/mirage
 blacklist ${HOME}/.cache/moonchild productions/basilisk
 blacklist ${HOME}/.cache/moonchild productions/pale moon
 blacklist ${HOME}/.cache/mozilla
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile
new file mode 100644
index 000000000..ab907eb0d
--- /dev/null
+++ b/etc/profile-a-l/fractal.profile
@@ -0,0 +1,54 @@
+# Firejail profile for fractal
+# Description: Desktop client for Matrix 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include fractal.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/fractal
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/fractal
+whitelist ${HOME}/.cache/fractal
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin fractal
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp
+dbus-user filter
+dbus-user.own org.gnome.Fractal
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.freedesktop.Notifications
+dbus-system none
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile
new file mode 100644
index 000000000..4a5f12aec
--- /dev/null
+++ b/etc/profile-m-z/mirage.profile
@@ -0,0 +1,59 @@
+# Firejail profile for mirage
+# Description: Desktop client for Matrix 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include mirage.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/mirage
+noblacklist ${HOME}/.config/mirage
+noblacklist ${HOME}/.local/share/mirage
+include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/mirage
+mkdir ${HOME}/.config/mirage
+mkdir ${HOME}/.local/share/mirage
+whitelist ${HOME}/.cache/mirage
+whitelist ${HOME}/.config/mirage
+whitelist ${HOME}/.local/share/mirage
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin mirage
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile
new file mode 100644
index 000000000..2133c74d3
--- /dev/null
+++ b/etc/profile-m-z/quaternion.profile
@@ -0,0 +1,54 @@
+# Firejail profile for quaternion
+# Description: Desktop client for Matrix 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include quaternion.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/Quotient/quaternion
+noblacklist ${HOME}/.config/Quotient
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/Quotient/quaternion
+mkdir ${HOME}/.config/Quotient
+whitelist ${HOME}/.cache/Quotient/quaternion
+whitelist ${HOME}/.config/Quotient
+whitelist ${DOWNLOADS}
+whitelist /usr/share/Quotient/quaternion
+include whitelist-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin quaternion
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile
new file mode 100644
index 000000000..d7f94e144
--- /dev/null
+++ b/etc/profile-m-z/spectral.profile
@@ -0,0 +1,53 @@
+# Firejail profile for spectral
+# Description: Desktop client for Matrix 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include spectral.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/ENCOM/Spectral
+noblacklist ${HOME}/.config/ENCOM
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/ENCOM/Spectral
+mkdir ${HOME}/.config/ENCOM
+whitelist ${HOME}/.cache/ENCOM/Spectral
+whitelist ${HOME}/.config/ENCOM
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-bin spectral
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ce2c6995e..62b27aa06 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -229,6 +229,7 @@ font-manager
 fontforge
 fossamail
 four-in-a-row
+fractal
 franz
 freecad
 freecadcmd
@@ -464,6 +465,7 @@ mindless
 minecraft-launcher
 minetest
 minitube
+mirage
 mirrormagic
 mocp
 mousepad
@@ -604,6 +606,7 @@ qt-faststart
 qtox
 quadrapassel
 quassel
+quaternion
 quiterss
 qupzilla
 qutebrowser
@@ -656,6 +659,7 @@ soffice
 sol
 sound-juicer
 soundconverter
+spectral
 spotify
 sqlitebrowser
 ssh
author	kortewegdevries <kortewegdevries@protonmail.ch>	2020-09-02 10:40:51 +0000
committer	GitHub <noreply@github.com>	2020-09-02 10:40:51 +0000
commit	fa28d0ec87146a718219bbd7addf6a6994c6bf37 (patch)
tree	9213d9d07f5d534613e675e679ae0049e9435c37
parent	Various profiles (#3561) (diff)
download	firejail-fa28d0ec87146a718219bbd7addf6a6994c6bf37.tar.gz firejail-fa28d0ec87146a718219bbd7addf6a6994c6bf37.tar.zst firejail-fa28d0ec87146a718219bbd7addf6a6994c6bf37.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 92cde6d56..dba60fcba 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -83,6 +83,7 @@ blacklist ${HOME}/.config/Debauchee/Barrier.conf
83	blacklist ${HOME}/.config/Dharkael	83	blacklist ${HOME}/.config/Dharkael
84	blacklist ${HOME}/.config/Element	84	blacklist ${HOME}/.config/Element
85	blacklist ${HOME}/.config/Element (Riot)	85	blacklist ${HOME}/.config/Element (Riot)
		86	blacklist ${HOME}/.config/ENCOM
86	blacklist ${HOME}/.config/Enox	87	blacklist ${HOME}/.config/Enox
87	blacklist ${HOME}/.config/Ferdi	88	blacklist ${HOME}/.config/Ferdi
88	blacklist ${HOME}/.config/Flavio Tordini	89	blacklist ${HOME}/.config/Flavio Tordini
@@ -122,6 +123,7 @@ blacklist ${HOME}/.config/QMediathekView
122	blacklist ${HOME}/.config/Qlipper	123	blacklist ${HOME}/.config/Qlipper
123	blacklist ${HOME}/.config/QuiteRss	124	blacklist ${HOME}/.config/QuiteRss
124	blacklist ${HOME}/.config/QuiteRssrc	125	blacklist ${HOME}/.config/QuiteRssrc
		126	blacklist ${HOME}/.config/Quotient
125	blacklist ${HOME}/.config/Rambox	127	blacklist ${HOME}/.config/Rambox
126	blacklist ${HOME}/.config/Riot	128	blacklist ${HOME}/.config/Riot
127	blacklist ${HOME}/.config/Rocket.Chat	129	blacklist ${HOME}/.config/Rocket.Chat
@@ -292,6 +294,7 @@ blacklist ${HOME}/.config/menulibre.cfg
292	blacklist ${HOME}/.config/mfusion	294	blacklist ${HOME}/.config/mfusion
293	blacklist ${HOME}/.config/Microsoft	295	blacklist ${HOME}/.config/Microsoft
294	blacklist ${HOME}/.config/midori	296	blacklist ${HOME}/.config/midori
		297	blacklist ${HOME}/.config/mirage
295	blacklist ${HOME}/.config/mono	298	blacklist ${HOME}/.config/mono
296	blacklist ${HOME}/.config/mpDris2	299	blacklist ${HOME}/.config/mpDris2
297	blacklist ${HOME}/.config/mpd	300	blacklist ${HOME}/.config/mpd
@@ -639,6 +642,7 @@ blacklist ${HOME}/.local/share/mana
639	blacklist ${HOME}/.local/share/maps-places.json	642	blacklist ${HOME}/.local/share/maps-places.json
640	blacklist ${HOME}/.local/share/meld	643	blacklist ${HOME}/.local/share/meld
641	blacklist ${HOME}/.local/share/midori	644	blacklist ${HOME}/.local/share/midori
		645	blacklist ${HOME}/.local/share/mirage
642	blacklist ${HOME}/.local/share/multimc	646	blacklist ${HOME}/.local/share/multimc
643	blacklist ${HOME}/.local/share/multimc5	647	blacklist ${HOME}/.local/share/multimc5
644	blacklist ${HOME}/.local/share/mupen64plus	648	blacklist ${HOME}/.local/share/mupen64plus
@@ -817,6 +821,7 @@ blacklist ${HOME}/.cache/8pecxstudios
817	blacklist ${HOME}/.cache/Authenticator	821	blacklist ${HOME}/.cache/Authenticator
818	blacklist ${HOME}/.cache/BraveSoftware	822	blacklist ${HOME}/.cache/BraveSoftware
819	blacklist ${HOME}/.cache/Clementine	823	blacklist ${HOME}/.cache/Clementine
		824	blacklist ${HOME}/.cache/ENCOM/Spectral
820	blacklist ${HOME}/.cache/Enox	825	blacklist ${HOME}/.cache/Enox
821	blacklist ${HOME}/.cache/Enpass	826	blacklist ${HOME}/.cache/Enpass
822	blacklist ${HOME}/.cache/Ferdi	827	blacklist ${HOME}/.cache/Ferdi
@@ -827,6 +832,7 @@ blacklist ${HOME}/.cache/MusicBrainz
827	blacklist ${HOME}/.cache/NewsFlashGTK	832	blacklist ${HOME}/.cache/NewsFlashGTK
828	blacklist ${HOME}/.cache/Otter	833	blacklist ${HOME}/.cache/Otter
829	blacklist ${HOME}/.cache/QuiteRss	834	blacklist ${HOME}/.cache/QuiteRss
		835	blacklist ${HOME}/.cache/Quotient/quaternion
830	blacklist ${HOME}/.cache/Shortwave	836	blacklist ${HOME}/.cache/Shortwave
831	blacklist ${HOME}/.cache/Tox	837	blacklist ${HOME}/.cache/Tox
832	blacklist ${HOME}/.cache/Zeal	838	blacklist ${HOME}/.cache/Zeal
@@ -856,6 +862,7 @@ blacklist ${HOME}/.cache/falkon
856	blacklist ${HOME}/.cache/feedreader	862	blacklist ${HOME}/.cache/feedreader
857	blacklist ${HOME}/.cache/font-manager	863	blacklist ${HOME}/.cache/font-manager
858	blacklist ${HOME}/.cache/fossamail	864	blacklist ${HOME}/.cache/fossamail
		865	blacklist ${HOME}/.cache/fractal
859	blacklist ${HOME}/.cache/freecol	866	blacklist ${HOME}/.cache/freecol
860	blacklist ${HOME}/.cache/gajim	867	blacklist ${HOME}/.cache/gajim
861	blacklist ${HOME}/.cache/gegl-0.4	868	blacklist ${HOME}/.cache/gegl-0.4
@@ -897,6 +904,7 @@ blacklist ${HOME}/.cache/liferea
897	blacklist ${HOME}/.cache/Mendeley Ltd.	904	blacklist ${HOME}/.cache/Mendeley Ltd.
898	blacklist ${HOME}/.cache/midori	905	blacklist ${HOME}/.cache/midori
899	blacklist ${HOME}/.cache/minetest	906	blacklist ${HOME}/.cache/minetest
		907	blacklist ${HOME}/.cache/mirage
900	blacklist ${HOME}/.cache/moonchild productions/basilisk	908	blacklist ${HOME}/.cache/moonchild productions/basilisk
901	blacklist ${HOME}/.cache/moonchild productions/pale moon	909	blacklist ${HOME}/.cache/moonchild productions/pale moon
902	blacklist ${HOME}/.cache/mozilla	910	blacklist ${HOME}/.cache/mozilla


diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile new file mode 100644 index 000000000..ab907eb0d --- /dev/null +++ b/etc/profile-a-l/fractal.profile
@@ -0,0 +1,54 @@
		1	# Firejail profile for fractal
		2	# Description: Desktop client for Matrix
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include fractal.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/fractal
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-shell.inc
		18	include disable-xdg.inc
		19
		20	mkdir ${HOME}/.cache/fractal
		21	whitelist ${HOME}/.cache/fractal
		22	whitelist ${DOWNLOADS}
		23	include whitelist-common.inc
		24	include whitelist-runuser-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	netfilter
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	protocol unix,inet,inet6
		38	seccomp
		39	shell none
		40	tracelog
		41
		42	disable-mnt
		43	private-bin fractal
		44	private-cache
		45	private-dev
		46	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
		47	private-tmp
		48
		49	dbus-user filter
		50	dbus-user.own org.gnome.Fractal
		51	dbus-user.talk ca.desrt.dconf
		52	dbus-user.talk org.freedesktop.secrets
		53	dbus-user.talk org.freedesktop.Notifications
		54	dbus-system none


diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile new file mode 100644 index 000000000..4a5f12aec --- /dev/null +++ b/etc/profile-m-z/mirage.profile
@@ -0,0 +1,59 @@
		1	# Firejail profile for mirage
		2	# Description: Desktop client for Matrix
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include mirage.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/mirage
		10	noblacklist ${HOME}/.config/mirage
		11	noblacklist ${HOME}/.local/share/mirage
		12
		13	include allow-python2.inc
		14	include allow-python3.inc
		15
		16	include disable-common.inc
		17	include disable-devel.inc
		18	include disable-exec.inc
		19	include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	include disable-programs.inc
		22	include disable-shell.inc
		23	include disable-xdg.inc
		24
		25	mkdir ${HOME}/.cache/mirage
		26	mkdir ${HOME}/.config/mirage
		27	mkdir ${HOME}/.local/share/mirage
		28	whitelist ${HOME}/.cache/mirage
		29	whitelist ${HOME}/.config/mirage
		30	whitelist ${HOME}/.local/share/mirage
		31	whitelist ${DOWNLOADS}
		32	include whitelist-common.inc
		33	include whitelist-runuser-common.inc
		34	include whitelist-usr-share-common.inc
		35	include whitelist-var-common.inc
		36
		37	apparmor
		38	caps.drop all
		39	netfilter
		40	nodvd
		41	nogroups
		42	nonewprivs
		43	noroot
		44	notv
		45	nou2f
		46	protocol unix,inet,inet6
		47	seccomp
		48	shell none
		49	tracelog
		50
		51	disable-mnt
		52	private-bin mirage
		53	private-cache
		54	private-dev
		55	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
		56	private-tmp
		57
		58	dbus-user none
		59	dbus-system none


diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile new file mode 100644 index 000000000..2133c74d3 --- /dev/null +++ b/etc/profile-m-z/quaternion.profile
@@ -0,0 +1,54 @@
		1	# Firejail profile for quaternion
		2	# Description: Desktop client for Matrix
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include quaternion.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/Quotient/quaternion
		10	noblacklist ${HOME}/.config/Quotient
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.cache/Quotient/quaternion
		22	mkdir ${HOME}/.config/Quotient
		23	whitelist ${HOME}/.cache/Quotient/quaternion
		24	whitelist ${HOME}/.config/Quotient
		25	whitelist ${DOWNLOADS}
		26	whitelist /usr/share/Quotient/quaternion
		27	include whitelist-common.inc
		28	include whitelist-runuser-common.inc
		29	include whitelist-usr-share-common.inc
		30	include whitelist-var-common.inc
		31
		32	apparmor
		33	caps.drop all
		34	netfilter
		35	nodvd
		36	nogroups
		37	nonewprivs
		38	noroot
		39	notv
		40	nou2f
		41	protocol unix,inet,inet6,netlink
		42	seccomp
		43	shell none
		44	tracelog
		45
		46	disable-mnt
		47	private-bin quaternion
		48	private-cache
		49	private-dev
		50	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
		51	private-tmp
		52
		53	dbus-user none
		54	dbus-system none


diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile new file mode 100644 index 000000000..d7f94e144 --- /dev/null +++ b/etc/profile-m-z/spectral.profile
@@ -0,0 +1,53 @@
		1	# Firejail profile for spectral
		2	# Description: Desktop client for Matrix
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include spectral.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/ENCOM/Spectral
		10	noblacklist ${HOME}/.config/ENCOM
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.cache/ENCOM/Spectral
		22	mkdir ${HOME}/.config/ENCOM
		23	whitelist ${HOME}/.cache/ENCOM/Spectral
		24	whitelist ${HOME}/.config/ENCOM
		25	whitelist ${DOWNLOADS}
		26	include whitelist-common.inc
		27	include whitelist-runuser-common.inc
		28	include whitelist-usr-share-common.inc
		29	include whitelist-var-common.inc
		30
		31	apparmor
		32	caps.drop all
		33	netfilter
		34	nodvd
		35	nogroups
		36	nonewprivs
		37	noroot
		38	notv
		39	nou2f
		40	protocol unix,inet,inet6,netlink
		41	seccomp
		42	shell none
		43	tracelog
		44
		45	disable-mnt
		46	private-cache
		47	private-bin spectral
		48	private-dev
		49	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
		50	private-tmp
		51
		52	dbus-user none
		53	dbus-system none


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ce2c6995e..62b27aa06 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -229,6 +229,7 @@ font-manager
229	fontforge	229	fontforge
230	fossamail	230	fossamail
231	four-in-a-row	231	four-in-a-row
		232	fractal
232	franz	233	franz
233	freecad	234	freecad
234	freecadcmd	235	freecadcmd
@@ -464,6 +465,7 @@ mindless
464	minecraft-launcher	465	minecraft-launcher
465	minetest	466	minetest
466	minitube	467	minitube
		468	mirage
467	mirrormagic	469	mirrormagic
468	mocp	470	mocp
469	mousepad	471	mousepad
@@ -604,6 +606,7 @@ qt-faststart
604	qtox	606	qtox
605	quadrapassel	607	quadrapassel
606	quassel	608	quassel
		609	quaternion
607	quiterss	610	quiterss
608	qupzilla	611	qupzilla
609	qutebrowser	612	qutebrowser
@@ -656,6 +659,7 @@ soffice
656	sol	659	sol
657	sound-juicer	660	sound-juicer
658	soundconverter	661	soundconverter
		662	spectral
659	spotify	663	spotify
660	sqlitebrowser	664	sqlitebrowser
661	ssh	665	ssh