Add new profile: ddgtk (#3057)

* Create ddgtk.profile

* Add ddgtk to firecfg.config

2 files changed, 56 insertions, 0 deletions

diff --git a/etc/ddgtk.profile b/etc/ddgtk.profile
new file mode 100644
index 000000000..8727a3cb3
--- /dev/null
+++ b/etc/ddgtk.profile
@@ -0,0 +1,55 @@
+# Firejail profile for ddgtk
+# Description: A frontend GUI to dd for making bootable USB disks
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ddgtk.local
+# Persistent global definitions
+include globals.local
+
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+
+whitelist ${DOWNLOADS}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist /usr/share/ddgtk
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+
+disable-mnt
+private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr
+private-cache
+private-etc alternatives,fonts
+private-tmp
+
+# memory-deny-write-execute - breaks on Arch
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ffedf486f..9a0b6b673 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -134,6 +134,7 @@ cvlc
 cyberfox
 darktable
 dconf-editor
+ddgtk
 deadbeef
 deluge
 devhelp