Merge pull request #924 from valoq/master

Many new profiles
author: netblue30 <netblue30@yahoo.com> 2016-11-20 10:25:29 -0500
committer: GitHub <noreply@github.com> 2016-11-20 10:25:29 -0500
commit: 0c207322206d3882a9ccf2145531a8105885c12e (patch)
tree: 415e8c372c0631b276baf57b0747de79d9d04265
parent: Merge pull request #923 from vn971/seccomp-explain-audit (diff)
parent: fixed mudpf profile for debian (diff)
download: firejail-0c207322206d3882a9ccf2145531a8105885c12e.tar.gz
firejail-0c207322206d3882a9ccf2145531a8105885c12e.tar.zst
firejail-0c207322206d3882a9ccf2145531a8105885c12e.zip
78 files changed, 1118 insertions, 46 deletions
diff --git a/README.md b/README.md
index 56c0c68ec..d653a235c 100644
--- a/README.md
+++ b/README.md
@@ -57,4 +57,9 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 `````
 ## New Profiles
 xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble, zoom,Guayadeque, qemu, keypass2
+amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool, file-roller, gedit
+gjs, gnome-books, gnome-clocks, gnome-documents, gnome-maps, gnome-music, gnome-photos, gnome-weather
+goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext
+simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 4aa18aa90..481301420 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Abrowser
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 include /etc/firejail/disable-common.inc
diff --git a/etc/amarok.profile b/etc/amarok.profile
new file mode 100644
index 000000000..8d5b35d47
--- /dev/null
+++ b/etc/amarok.profile
@@ -0,0 +1,19 @@
+# amarok profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+shell none
+#seccomp
+protocol unix,inet,inet6
+#private-bin amarok
+private-dev
+private-tmp
+#private-etc none
diff --git a/etc/ark.profile b/etc/ark.profile
new file mode 100644
index 000000000..61b4c6f60
--- /dev/null
+++ b/etc/ark.profile
@@ -0,0 +1,23 @@
+# ark profile
+noblacklist ~/.config/arkrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix
+# private-bin
+private-dev
+private-tmp
+# private-etc
diff --git a/etc/atool.profile b/etc/atool.profile
new file mode 100644
index 000000000..3fbfb9fc7
--- /dev/null
+++ b/etc/atool.profile
@@ -0,0 +1,24 @@
+# atool profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+# private-bin atool
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
new file mode 100644
index 000000000..0a71db9f0
--- /dev/null
+++ b/etc/bleachbit.profile
@@ -0,0 +1,21 @@
+# bleachbit profile
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix
+# private-bin
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/brasero.profile b/etc/brasero.profile
new file mode 100644
index 000000000..66de6fa50
--- /dev/null
+++ b/etc/brasero.profile
@@ -0,0 +1,23 @@
+# brasero profile
+noblacklist ~/.config/brasero
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin brasero
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/brave.profile b/etc/brave.profile
index 4fc3a5bb0..21ea7f908 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -1,5 +1,4 @@
 # Profile for Brave browser
 noblacklist ~/.config/brave
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index 1b6d2f645..8921bb25e 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -1,5 +1,4 @@
 # claws-mail profile
 noblacklist ~/.claws-mail
 noblacklist ~/.signature
 noblacklist ~/.gnupg
diff --git a/etc/corebird.profile b/etc/corebird.profile
index 077ae30d0..6fb8219e8 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -1,5 +1,4 @@
 # Firejail corebird profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index ae487fa3c..84021dab3 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Cyberfox (based on Mozilla Firefox)
 noblacklist ~/.8pecxstudios
 noblacklist ~/.cache/8pecxstudios
 include /etc/firejail/disable-common.inc
diff --git a/etc/default.profile b/etc/default.profile
index a2de72695..487e80c64 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -5,11 +5,17 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
-#blacklist ${HOME}/.wine
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+# private-bin program
+# private-etc none
+# private-dev
+# private-tmp
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 2ddd363cb..108787920 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Dillo web browser
 noblacklist ~/.dillo
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
new file mode 100644
index 000000000..1a6abb71d
--- /dev/null
+++ b/etc/dolphin.profile
@@ -0,0 +1,23 @@
+# dolphin profile
+noblacklist ~/.config/dolphinrc
+noblacklist ~/.local/share/dolphin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+shell none
+seccomp
+protocol unix
+# private-bin
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/dragon.profile b/etc/dragon.profile
new file mode 100644
index 000000000..09cb73802
--- /dev/null
+++ b/etc/dragon.profile
@@ -0,0 +1,22 @@
+# dragon player profile
+noblacklist ~/.config/dragonplayerrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+shell none
+seccomp
+protocol unix,inet,inet6
+private-bin dragon
+private-dev
+private-tmp
+# private-etc
diff --git a/etc/elinks.profile b/etc/elinks.profile
new file mode 100644
index 000000000..df817ea56
--- /dev/null
+++ b/etc/elinks.profile
@@ -0,0 +1,24 @@
+# elinks profile
+noblacklist ~/.elinks
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin elinks
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/emacs.profile b/etc/emacs.profile
index cbdba7712..2b9c5805c 100644
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@@ -1,5 +1,4 @@
 # emacs profile
 noblacklist ~/.emacs
 noblacklist ~/.emacs.d
diff --git a/etc/enchant.profile b/etc/enchant.profile
new file mode 100644
index 000000000..cf8288919
--- /dev/null
+++ b/etc/enchant.profile
@@ -0,0 +1,23 @@
+# enchant profile
+noblacklist ~/.config/enchant
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin enchant
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/eog.profile b/etc/eog.profile
index 68e950bd7..d463f3a97 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -1,5 +1,4 @@
 # eog (gnome image viewer) profile
 noblacklist ~/.config/eog
 include /etc/firejail/disable-common.inc
diff --git a/etc/evince.profile b/etc/evince.profile
index cbb2083f4..12ea358be 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -19,4 +19,5 @@ tracelog
 private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
 private-etc fonts
-private-tmp
-\ No newline at end of file
+# evince needs access to /tmp/mozilla* to work in firefox
+# private-tmp
diff --git a/etc/evolution.profile b/etc/evolution.profile
index d63eeed74..ab6dd7a4a 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -1,5 +1,4 @@
 # evolution profile
 noblacklist ~/.config/evolution
 noblacklist ~/.local/share/evolution
 noblacklist ~/.cache/evolution
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
new file mode 100644
index 000000000..384695473
--- /dev/null
+++ b/etc/exiftool.profile
@@ -0,0 +1,28 @@
+# exiftool profile
+noblacklist /usr/bin/perl
+noblacklist /usr/share/perl*
+noblacklist /usr/lib/perl*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+# private-bin exiftool,perl
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
new file mode 100644
index 000000000..6116389db
--- /dev/null
+++ b/etc/file-roller.profile
@@ -0,0 +1,21 @@
+# file-roller profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin file-roller
+# private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/file.profile b/etc/file.profile
index 199a97fad..f709e7f0c 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -1,16 +1,25 @@
 # file profile
-ignore noroot
+include /etc/firejail/disable-common.inc
-include /etc/firejail/default.profile
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
-blacklist /tmp/.X11-unix
+caps.drop all
 hostname file
+netfilter
 net none
 no3d
+nogroups
+nonewprivs
+#noroot
 nosound
-quiet
+protocol unix
+seccomp
 shell none
 tracelog
+quiet
+x11 none
+blacklist /tmp/.X11-unix
 private-dev
 private-bin file
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 6bb581f4f..4f971f330 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Mozilla Firefox (Iceweasel in Debian)
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 noblacklist ~/.config/qpdfview
diff --git a/etc/gajim.profile b/etc/gajim.profile
index 809378ef9..b030a68b4 100644
--- a/etc/gajim.profile
+++ b/etc/gajim.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Gajim
 mkdir ${HOME}/.cache/gajim
 mkdir ${HOME}/.local/share/gajim
 mkdir ${HOME}/.config/gajim
diff --git a/etc/gedit.profile b/etc/gedit.profile
new file mode 100644
index 000000000..a25286bfa
--- /dev/null
+++ b/etc/gedit.profile
@@ -0,0 +1,26 @@
+# gedit profile
+# when gedit is started via gnome-shell, firejail is not applied because systemd will start it
+noblacklist ~/.config/gedit
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gedit
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/git.profile b/etc/git.profile
index 73122d347..edb59ce13 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -1,5 +1,4 @@
 # git profile
 noblacklist ~/.gitconfig
 noblacklist ~/.ssh
 noblacklist ~/.gnupg
diff --git a/etc/gjs.profile b/etc/gjs.profile
new file mode 100644
index 000000000..8d71728a2
--- /dev/null
+++ b/etc/gjs.profile
@@ -0,0 +1,28 @@
+# gjs (gnome javascript bindings) profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/org.gnome.Books
+noblacklist ~/.config/libreoffice
+noblacklist ~/.local/share/gnome-photos
+noblacklist ~/.cache/libgweather
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
new file mode 100644
index 000000000..10b06e173
--- /dev/null
+++ b/etc/gnome-books.profile
@@ -0,0 +1,26 @@
+# gnome-books profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/org.gnome.Books
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-books
+private-tmp
+private-dev
+private-etc fonts
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
new file mode 100644
index 000000000..6cccf9d32
--- /dev/null
+++ b/etc/gnome-clocks.profile
@@ -0,0 +1,21 @@
+# gnome-clocks profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gnome-clocks
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
new file mode 100644
index 000000000..c5def7aff
--- /dev/null
+++ b/etc/gnome-documents.profile
@@ -0,0 +1,24 @@
+# gnome-documents profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.config/libreoffice
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+private-tmp
+private-dev
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
new file mode 100644
index 000000000..f1451506e
--- /dev/null
+++ b/etc/gnome-maps.profile
@@ -0,0 +1,24 @@
+# gnome-maps profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-maps
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
new file mode 100644
index 000000000..4a8adeb22
--- /dev/null
+++ b/etc/gnome-music.profile
@@ -0,0 +1,22 @@
+# gnome-music profile
+noblacklist ~/.local/share/gnome-music
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gnome-music,python3
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
new file mode 100644
index 000000000..8f9d60cb5
--- /dev/null
+++ b/etc/gnome-photos.profile
@@ -0,0 +1,26 @@
+# gnome-photos profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.local/share/gnome-photos
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-photos
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
new file mode 100644
index 000000000..9f93b8f15
--- /dev/null
+++ b/etc/gnome-weather.profile
@@ -0,0 +1,26 @@
+# gnome-weather profile
+# when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
+noblacklist ~/.cache/libgweather
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gjs gnome-weather
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/goobox.profile b/etc/goobox.profile
new file mode 100644
index 000000000..8990943fc
--- /dev/null
+++ b/etc/goobox.profile
@@ -0,0 +1,20 @@
+# goobox profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin goobox
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/gpa.profile b/etc/gpa.profile
new file mode 100644
index 000000000..7d7277190
--- /dev/null
+++ b/etc/gpa.profile
@@ -0,0 +1,23 @@
+# gpa profile
+noblacklist ~/.gnupg
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gpa,gpg
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
new file mode 100644
index 000000000..b0ebdf43c
--- /dev/null
+++ b/etc/gpg-agent.profile
@@ -0,0 +1,23 @@
+# gpg-agent profile
+noblacklist ~/.gnupg
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin gpg-agent,gpg
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/gpg.profile b/etc/gpg.profile
new file mode 100644
index 000000000..31372eb90
--- /dev/null
+++ b/etc/gpg.profile
@@ -0,0 +1,24 @@
+# gpg profile
+noblacklist ~/.gnupg
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+# private-bin gpg,gpg-agent
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/highlight.profile b/etc/highlight.profile
new file mode 100644
index 000000000..f95f3924a
--- /dev/null
+++ b/etc/highlight.profile
@@ -0,0 +1,24 @@
+# highlight profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin highlight
+private-tmp
+private-dev
diff --git a/etc/icecat.profile b/etc/icecat.profile
index 2f8e2df7f..0348076da 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -1,5 +1,4 @@
 # Firejail profile for GNU Icecat
 noblacklist ~/.mozilla
 noblacklist ~/.cache/mozilla
 include /etc/firejail/disable-common.inc
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
new file mode 100644
index 000000000..d55a31cd0
--- /dev/null
+++ b/etc/img2txt.profile
@@ -0,0 +1,24 @@
+# img2txt profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+#private-bin img2txt
+private-tmp
+private-dev
+#private-etc none
diff --git a/etc/k3b.profile b/etc/k3b.profile
new file mode 100644
index 000000000..8a5fff0c6
--- /dev/null
+++ b/etc/k3b.profile
@@ -0,0 +1,21 @@
+# k3b profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix
+# private-bin 
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/kate.profile b/etc/kate.profile
new file mode 100644
index 000000000..4b07ea6cb
--- /dev/null
+++ b/etc/kate.profile
@@ -0,0 +1,28 @@
+# kate profile
+noblacklist ~/.local/share/kate
+noblacklist ~/.config/katerc
+noblacklist ~/.config/katepartrc
+noblacklist ~/.config/kateschemarc
+noblacklist ~/.config/katesyntaxhighlightingrc
+noblacklist ~/.config/katevirc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin kate
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/etc/keepass.profile b/etc/keepass.profile
index 23f9a7b40..18a5f4ebd 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -1,5 +1,4 @@
 # keepass password manager profile
 noblacklist ${HOME}/.config/keepass
 noblacklist ${HOME}/.keepass
 
diff --git a/etc/keepass2.profile b/etc/keepass2.profile
index fd390f7ed..9daa014e3 100644
--- a/etc/keepass2.profile
+++ b/etc/keepass2.profile
@@ -1,5 +1,4 @@
 # keepass password manager profile
 #noblacklist ${HOME}/.config/KeePass
 #noblacklist ${HOME}/.keepass
 
diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index 415160df3..d8621773f 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -1,5 +1,4 @@
 # keepassx password manager profile
 noblacklist ${HOME}/.config/keepassx
 noblacklist ${HOME}/.keepassx
 noblacklist ${HOME}/keepassx.kdbx
diff --git a/etc/konversation.profile b/etc/konversation.profile
index e9546fd1b..c00b91c18 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -1,5 +1,4 @@
 # Firejail konversation profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
index d1d0b8a0d..12765c299 100644
--- a/etc/lxterminal.profile
+++ b/etc/lxterminal.profile
@@ -1,5 +1,4 @@
 # lxterminal (LXDE) profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/lynx.profile b/etc/lynx.profile
new file mode 100644
index 000000000..6e150f62e
--- /dev/null
+++ b/etc/lynx.profile
@@ -0,0 +1,22 @@
+# lynx profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin lynx
+private-tmp
+private-dev
+# private-etc none
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
new file mode 100644
index 000000000..c07a9a9e8
--- /dev/null
+++ b/etc/mediainfo.profile
@@ -0,0 +1,26 @@
+# mediainfo profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin mediainfo
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index dc23d5840..7116fa1a6 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -18,7 +18,7 @@ tracelog
 #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
-private-bin mupdf
+private-bin mupdf,sh,tempfile,rm
 private-tmp
 private-dev
 private-etc fonts
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 54cf828b1..2718421c5 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -1,5 +1,4 @@
 # mutt email client profile
 noblacklist ~/.muttrc
 noblacklist ~/.mutt
 noblacklist ~/.mutt/muttrc
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
new file mode 100644
index 000000000..264ee0b9d
--- /dev/null
+++ b/etc/nautilus.profile
@@ -0,0 +1,26 @@
+# nautilus profile
+# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there is already a nautilus process running on gnome desktops firejail will have no effect.
+noblacklist ~/.config/nautilus
+include /etc/firejail/disable-common.inc
+# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
+#include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin nautilus
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index 1ed2163c2..2071e5519 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Mozilla Firefox (Iceweasel in Debian)
 noblacklist ~/.config/netsurf
 noblacklist ~/.cache/netsurf
 include /etc/firejail/disable-common.inc
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
new file mode 100644
index 000000000..329275022
--- /dev/null
+++ b/etc/odt2txt.profile
@@ -0,0 +1,24 @@
+# odt2txt profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin odt2txt
+private-tmp
+private-dev
+private-etc none
+read-only ${HOME}
diff --git a/etc/okular.profile b/etc/okular.profile
index b43a5fbea..22e223cea 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -9,17 +9,17 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
-nogroups
+netfilter
 nonewprivs
+nogroups
 noroot
+nosound
 protocol unix
 seccomp
-nosound
+shell none
+tracelog
+# private-bin okular,kbuildsycoca4,kbuildsycoca5  
+# private-etc X11
 private-dev
+private-tmp
-#Experimental:
-#net none
-#shell none
-#private-bin okular,kbuildsycoca4,kbuildsycoca5
-#private-etc X11
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
new file mode 100644
index 000000000..632c9d15e
--- /dev/null
+++ b/etc/pdftotext.profile
@@ -0,0 +1,22 @@
+# pdftotext profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+net none
+shell none
+tracelog
+private-bin pdftotext
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index a9323448b..e4e69b9f6 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Psi+
 noblacklist ${HOME}/.config/psi+
 noblacklist ${HOME}/.local/share/psi+
 include /etc/firejail/disable-common.inc
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index 9fa8a91d4..f9c8e6345 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -1,5 +1,4 @@
 # qemu-launcher profile
 noblacklist ~/.qemu-launcher
 include /etc/firejail/disable-common.inc
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 3d4587fb1..65e1e44ea 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -1,5 +1,4 @@
 # qemu profile
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index 0efb7b629..eabbe0f3e 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -1,5 +1,4 @@
 # Firejail profile for Qutebrowser (Qt5-Webkit+Python) browser
 noblacklist ~/.config/qutebrowser
 noblacklist ~/.cache/qutebrowser
 include /etc/firejail/disable-common.inc
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
new file mode 100644
index 000000000..03089482b
--- /dev/null
+++ b/etc/simple-scan.profile
@@ -0,0 +1,23 @@
+# simple-scan profile
+noblacklist ~/.cache/simple-scan
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+#seccomp
+netfilter
+shell none
+tracelog
+# private-bin simple-scan
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
new file mode 100644
index 000000000..4dcfa64d9
--- /dev/null
+++ b/etc/skanlite.profile
@@ -0,0 +1,21 @@
+# skanlite profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+#seccomp
+protocol unix,inet,inet6
+private-bin skanlite
+# private-dev
+# private-tmp
+# private-etc
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
new file mode 100644
index 000000000..485bd8f3b
--- /dev/null
+++ b/etc/ssh-agent.profile
@@ -0,0 +1,15 @@
+# ssh-agent
+quiet
+noblacklist ~/.ssh
+noblacklist /tmp/ssh-*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/tracker.profile b/etc/tracker.profile
new file mode 100644
index 000000000..217631216
--- /dev/null
+++ b/etc/tracker.profile
@@ -0,0 +1,24 @@
+# tracker profile
+# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin tracker
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
new file mode 100644
index 000000000..88ded649c
--- /dev/null
+++ b/etc/transmission-cli.profile
@@ -0,0 +1,24 @@
+# transmission-cli bittorrent profile
+noblacklist ${HOME}/.config/transmission
+noblacklist ${HOME}/.cache/transmission
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+net none
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+#private-bin transmission-cli
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
new file mode 100644
index 000000000..5e5284b34
--- /dev/null
+++ b/etc/transmission-show.profile
@@ -0,0 +1,24 @@
+# transmission-show profile
+noblacklist ${HOME}/.config/transmission
+noblacklist ${HOME}/.cache/transmission
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+net none
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+# private-bin
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index 49f8f8b24..36a1e0704 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -1,5 +1,4 @@
 # VirtualBox profile
 noblacklist ${HOME}/.VirtualBox
 noblacklist ${HOME}/VirtualBox VMs
 noblacklist ${HOME}/.config/VirtualBox
diff --git a/etc/w3m.profile b/etc/w3m.profile
new file mode 100644
index 000000000..d765217cf
--- /dev/null
+++ b/etc/w3m.profile
@@ -0,0 +1,23 @@
+# w3m profile
+noblacklist ~/.w3m
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin w3m
+private-tmp
+private-dev
+private-etc none
diff --git a/etc/wire.profile b/etc/wire.profile
index c84b4cc28..ec8ed8771 100644
--- a/etc/wire.profile
+++ b/etc/wire.profile
@@ -1,5 +1,4 @@
 # wire messenger profile
 noblacklist ~/.config/Wire
 noblacklist ~/.config/wire
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
new file mode 100644
index 000000000..1dd24aa61
--- /dev/null
+++ b/etc/xfburn.profile
@@ -0,0 +1,23 @@
+# xfburn profile
+noblacklist ~/.config/xfburn
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+# private-bin xfburn
+# private-tmp
+# private-dev
+# private-etc fonts
diff --git a/etc/xpra.profile b/etc/xpra.profile
new file mode 100644
index 000000000..8584e4e5b
--- /dev/null
+++ b/etc/xpra.profile
@@ -0,0 +1,21 @@
+# xpra profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+shell none
+seccomp
+protocol unix,inet,inet6
+# private-bin 
+private-dev
+private-tmp
+# private-etc
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index cbb59d16e..ca380b4c7 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -1,3 +1,4 @@
+# xviewer profile
 noblacklist ~/.config/xviewer
 include /etc/firejail/disable-common.inc
diff --git a/etc/zoom.profile b/etc/zoom.profile
index f5831dd88..4c08868cf 100644
--- a/etc/zoom.profile
+++ b/etc/zoom.profile
@@ -1,5 +1,4 @@
 # Firejail profile for zoom.us
 noblacklist ~/.config/zoomus.conf
 include /etc/firejail/disable-common.inc
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 6377c7426..60b4e0508 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -5,13 +5,18 @@
 /etc/firejail/Telegram.profile
 /etc/firejail/Wire.profile
 /etc/firejail/abrowser.profile
+/etc/firejail/amarok.profile
+/etc/firejail/ark.profile
 /etc/firejail/atom-beta.profile
 /etc/firejail/atom.profile
+/etc/firejail/atool.profile
 /etc/firejail/atril.profile
 /etc/firejail/audacious.profile
 /etc/firejail/audacity.profile
 /etc/firejail/aweather.profile
 /etc/firejail/bitlbee.profile
+/etc/firejail/bleachbit.profile
+/etc/firejail/brasero.profile
 /etc/firejail/brave.profile
 /etc/firejail/cherrytree.profile
 /etc/firejail/chromium-browser.profile
@@ -34,17 +39,23 @@
 /etc/firejail/display.profile
 /etc/firejail/dnscrypt-proxy.profile
 /etc/firejail/dnsmasq.profile
+/etc/firejail/dolphin.profile
 /etc/firejail/dosbox.profile
+/etc/firejail/dragon.profile
 /etc/firejail/dropbox.profile
+/etc/firejail/elinks.profile
 /etc/firejail/emacs.profile
 /etc/firejail/empathy.profile
+/etc/firejail/enchant.profile
 /etc/firejail/eog.profile
 /etc/firejail/eom.profile
 /etc/firejail/epiphany.profile
 /etc/firejail/evince.profile
 /etc/firejail/evolution.profile
+/etc/firejail/exiftool.profile
 /etc/firejail/fbreader.profile
 /etc/firejail/feh.profile
+/etc/firejail/file-roller.profile
 /etc/firejail/file.profile
 /etc/firejail/filezilla.profile
 /etc/firejail/firefox-esr.profile
@@ -54,16 +65,29 @@
 /etc/firejail/flowblade.profile
 /etc/firejail/franz.profile
 /etc/firejail/gajim.profile
+/etc/firejail/gedit.profile
 /etc/firejail/gimp.profile
 /etc/firejail/git.profile
 /etc/firejail/gitter.profile
+/etc/firejail/gjs.profile
+/etc/firejail/gnome-books.profile
 /etc/firejail/gnome-chess.profile
+/etc/firejail/gnome-clocks.profile
+/etc/firejail/gnome-documents.profile
+/etc/firejail/gnome-maps.profile
 /etc/firejail/gnome-mplayer.profile
+/etc/firejail/gnome-music.profile
+/etc/firejail/gnome-photos.profile
+/etc/firejail/gnome-weather.profile
+/etc/firejail/goobox.profile
 /etc/firejail/google-chrome-beta.profile
 /etc/firejail/google-chrome-stable.profile
 /etc/firejail/google-chrome-unstable.profile
 /etc/firejail/google-chrome.profile
 /etc/firejail/google-play-music-desktop-player.profile
+/etc/firejail/gpa.profile
+/etc/firejail/gpg-agent.profile
+/etc/firejail/gpg.profile
 /etc/firejail/gpredict.profile
 /etc/firejail/gtar.profile
 /etc/firejail/gthumb.profile
@@ -72,12 +96,16 @@
 /etc/firejail/gzip.profile
 /etc/firejail/hedgewars.profile
 /etc/firejail/hexchat.profile
+/etc/firejail/highlight.profile
 /etc/firejail/icecat.profile
 /etc/firejail/icedove.profile
 /etc/firejail/iceweasel.profile
+/etc/firejail/img2txt.profile
 /etc/firejail/inkscape.profile
 /etc/firejail/inox.profile
 /etc/firejail/jitsi.profile
+/etc/firejail/k3b.profile
+/etc/firejail/kate.profile
 /etc/firejail/keepass.profile
 /etc/firejail/keepass2.profile
 /etc/firejail/keepassx.profile
@@ -96,16 +124,20 @@
 /etc/firejail/lowriter.profile
 /etc/firejail/luminance-hdr.profile
 /etc/firejail/lxterminal.profile
+/etc/firejail/lynx.profile
 /etc/firejail/mathematica.profile
 /etc/firejail/mcabber.profile
+/etc/firejail/mediainfo.profile
 /etc/firejail/midori.profile
 /etc/firejail/mpv.profile
 /etc/firejail/mumble.profile
 /etc/firejail/mupdf.profile
 /etc/firejail/mupen64plus.profile
 /etc/firejail/mutt.profile
+/etc/firejail/nautilus.profile
 /etc/firejail/netsurf.profile
 /etc/firejail/nolocal.net
+/etc/firejail/odt2txt.profile
 /etc/firejail/okular.profile
 /etc/firejail/openbox.profile
 /etc/firejail/openshot.profile
@@ -113,6 +145,7 @@
 /etc/firejail/opera.profile
 /etc/firejail/palemoon.profile
 /etc/firejail/parole.profile
+/etc/firejail/pdftotext.profile
 /etc/firejail/pidgin.profile
 /etc/firejail/pix.profile
 /etc/firejail/polari.profile
@@ -131,12 +164,15 @@
 /etc/firejail/seamonkey-bin.profile
 /etc/firejail/seamonkey.profile
 /etc/firejail/server.profile
+/etc/firejail/simple-scan.profile
+/etc/firejail/skanlite.profile
 /etc/firejail/skype.profile
 /etc/firejail/skypeforlinux.profile
 /etc/firejail/slack.profile
 /etc/firejail/snap.profile
 /etc/firejail/soffice.profile
 /etc/firejail/spotify.profile
+/etc/firejail/ssh-agent.profile
 /etc/firejail/ssh.profile
 /etc/firejail/start-tor-browser.profile
 /etc/firejail/steam.profile
@@ -147,8 +183,11 @@
 /etc/firejail/telegram.profile
 /etc/firejail/thunderbird.profile
 /etc/firejail/totem.profile
+/etc/firejail/tracker.profile
+/etc/firejail/transmission-cli.profile
 /etc/firejail/transmission-gtk.profile
 /etc/firejail/transmission-qt.profile
+/etc/firejail/transmission-show.profile
 /etc/firejail/uget-gtk.profile
 /etc/firejail/unbound.profile
 /etc/firejail/unrar.profile
@@ -159,6 +198,7 @@
 /etc/firejail/vivaldi-beta.profile
 /etc/firejail/vivaldi.profile
 /etc/firejail/vlc.profile
+/etc/firejail/w3m.profile
 /etc/firejail/warzone2100.profile
 /etc/firejail/webserver.net
 /etc/firejail/weechat-curses.profile
@@ -168,9 +208,11 @@
 /etc/firejail/wine.profile
 /etc/firejail/wire.profile
 /etc/firejail/xchat.profile
+/etc/firejail/xfburn.profile
 /etc/firejail/xiphos.profile
 /etc/firejail/xpdf.profile
 /etc/firejail/xplayer.profile
+/etc/firejail/xpra.profile
 /etc/firejail/xreader.profile
 /etc/firejail/xviewer.profile
 /etc/firejail/xz.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index d10d59657..7d7fad0a6 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -14,6 +14,8 @@ qbittorrent
 rtorrent
 transmission-gtk
 transmission-qt
+transmission-cli
+transmission-show
 uget-gtk
 # browsers/email
@@ -51,6 +53,9 @@ thunderbird
 vivaldi-beta
 vivaldi
 evolution
+elinks
+lynx
+w3m
 # chat/messaging
 bitlbee
@@ -94,21 +99,41 @@ wesnot
 warzone2100
 # Media
+amarok
 audacious
 audacity
+bleachbit
+brasero
 clementine
 cmus
 deadbeef
 display
+dolphin
+dragon
+exiftool
 feh
+gjs
+gnome-books
+gnome-clocks
+gnome-documents
+gnome-maps
 gnome-mplayer
+gnome-music
+goobox
 google-play-music-desktop-player
+img2txt
+k3b
+mediainfo
 mpv
+nautilus
 parole
 rhythmbox
+simple-scan
+skanlite
 spotify
 totem
 vlc
+xfburn
 xplayer
 xviewer
 eom
@@ -121,10 +146,13 @@ atril
 cherrytree
 evince
 fbreader
+gedit
 gimp
 gthumb
 gwenview
+highlight
 inkscape
+kate
 libreoffice
 localc
 lodraw
@@ -141,7 +169,9 @@ soffice
 synfigstudio
 Mathematica
 mathematica
+odt2txt
 okular
+pdftotext
 pix
 xpdf
 xreader
@@ -151,14 +181,40 @@ flowblade
 eog
 # other
-ssh
-atom-beta
 atom
+atom-beta
+gpa
+gpg
+# don't run ssh-agent and gpg-agent with firejail by default
+# this will break many processes using them in the background 
+# ssh-agent
+# gpg-agent
+git
 ranger
 keepass
 keepass2
 keepassx
+ssh
+tracker
 xiphos
+xpra
 # weather/climate
 aweather
+gnome-weather
+# compressing tools
+ark
+atool
+file-roller
+# when used by other processes in the background, it will break stuff
+#7z
+#cpio
+#gtar
+#gzip
+#tar
+#unrar
+#unzip
+#xz
+#xzdec
author	netblue30 <netblue30@yahoo.com>	2016-11-20 10:25:29 -0500
committer	GitHub <noreply@github.com>	2016-11-20 10:25:29 -0500
commit	0c207322206d3882a9ccf2145531a8105885c12e (patch)
tree	415e8c372c0631b276baf57b0747de79d9d04265
parent	Merge pull request #923 from vn971/seccomp-explain-audit (diff)
parent	fixed mudpf profile for debian (diff)
download	firejail-0c207322206d3882a9ccf2145531a8105885c12e.tar.gz firejail-0c207322206d3882a9ccf2145531a8105885c12e.tar.zst firejail-0c207322206d3882a9ccf2145531a8105885c12e.zip