8 files changed, 54 insertions, 2 deletions
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 371100814..2a0a6389c 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -6,5 +6,7 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 netfilter
 nonewprivs
+nogroups
+noroot
 protocol unix,inet,inet6
 seccomp
diff --git a/etc/keepass2.profile b/etc/keepass2.profile
new file mode 100644
index 000000000..fd390f7ed
--- /dev/null
+++ b/etc/keepass2.profile
@@ -0,0 +1,6 @@
+# keepass password manager profile
+#noblacklist ${HOME}/.config/KeePass
+#noblacklist ${HOME}/.keepass
+ 
+include /etc/firejail/keepass.profile
diff --git a/etc/kmail.profile b/etc/kmail.profile
index bc21ba604..410ff36c6 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -16,4 +16,4 @@ seccomp
 tracelog
 private-dev
-private-tmp
+# private-tmp
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index e022866e8..dc23d5840 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -16,7 +16,7 @@ net none
 shell none
 tracelog
-#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
+#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
 private-bin mupdf
 private-tmp
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
new file mode 100644
index 000000000..9fa8a91d4
--- /dev/null
+++ b/etc/qemu-launcher.profile
@@ -0,0 +1,20 @@
+# qemu-launcher profile
+noblacklist ~/.qemu-launcher
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-tmp
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
new file mode 100644
index 000000000..3d4587fb1
--- /dev/null
+++ b/etc/qemu-system-x86_64.profile
@@ -0,0 +1,18 @@
+# qemu profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index c6187628c..6377c7426 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -79,6 +79,7 @@
 /etc/firejail/inox.profile
 /etc/firejail/jitsi.profile
 /etc/firejail/keepass.profile
+/etc/firejail/keepass2.profile
 /etc/firejail/keepassx.profile
 /etc/firejail/kmail.profile
 /etc/firejail/konversation.profile
@@ -117,6 +118,8 @@
 /etc/firejail/polari.profile
 /etc/firejail/psi-plus.profile
 /etc/firejail/qbittorrent.profile
+/etc/firejail/qemu-launcher.profile
+/etc/firejail/qemu-system-x86_64.profile
 /etc/firejail/qpdfview.profile
 /etc/firejail/qtox.profile
 /etc/firejail/quassel.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index f18bf8c86..d10d59657 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -82,6 +82,8 @@ mupen64plus
 wine
 dosbox
 virtualbox
+qemu-launcher
+qemu-system-x86_64
 # games
 0ad
@@ -154,6 +156,7 @@ atom-beta
 atom
 ranger
 keepass
+keepass2
 keepassx
 xiphos

diff --git a/etc/empathy.profile b/etc/empathy.profile index 371100814..2a0a6389c 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile
@@ -6,5 +6,7 @@ include /etc/firejail/disable-devel.inc
6	caps.drop all	6	caps.drop all
7	netfilter	7	netfilter
8	nonewprivs	8	nonewprivs
		9	nogroups
		10	noroot
9	protocol unix,inet,inet6	11	protocol unix,inet,inet6
10	seccomp	12	seccomp


diff --git a/etc/keepass2.profile b/etc/keepass2.profile new file mode 100644 index 000000000..fd390f7ed --- /dev/null +++ b/etc/keepass2.profile
@@ -0,0 +1,6 @@
		1	# keepass password manager profile
		2
		3	#noblacklist ${HOME}/.config/KeePass
		4	#noblacklist ${HOME}/.keepass
		5
		6	include /etc/firejail/keepass.profile


diff --git a/etc/kmail.profile b/etc/kmail.profile index bc21ba604..410ff36c6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile
@@ -16,4 +16,4 @@ seccomp
16	tracelog	16	tracelog
17		17
18	private-dev	18	private-dev
19	private-tmp	19	# private-tmp


diff --git a/etc/mupdf.profile b/etc/mupdf.profile index e022866e8..dc23d5840 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile
@@ -16,7 +16,7 @@ net none
16	shell none	16	shell none
17	tracelog	17	tracelog
18		18
19	#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev	19	#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
20		20
21	private-bin mupdf	21	private-bin mupdf
22	private-tmp	22	private-tmp


diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile new file mode 100644 index 000000000..9fa8a91d4 --- /dev/null +++ b/etc/qemu-launcher.profile
@@ -0,0 +1,20 @@
		1	# qemu-launcher profile
		2
		3	noblacklist ~/.qemu-launcher
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8
		9	caps.drop all
		10	netfilter
		11	nogroups
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16	shell none
		17	tracelog
		18
		19	private-tmp
		20


diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile new file mode 100644 index 000000000..3d4587fb1 --- /dev/null +++ b/etc/qemu-system-x86_64.profile
@@ -0,0 +1,18 @@
		1	# qemu profile
		2
		3	include /etc/firejail/disable-common.inc
		4	include /etc/firejail/disable-programs.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6
		7	caps.drop all
		8	netfilter
		9	nogroups
		10	nonewprivs
		11	noroot
		12	protocol unix,inet,inet6
		13	seccomp
		14	shell none
		15	tracelog
		16
		17	private-tmp
		18


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index c6187628c..6377c7426 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -79,6 +79,7 @@
79	/etc/firejail/inox.profile	79	/etc/firejail/inox.profile
80	/etc/firejail/jitsi.profile	80	/etc/firejail/jitsi.profile
81	/etc/firejail/keepass.profile	81	/etc/firejail/keepass.profile
		82	/etc/firejail/keepass2.profile
82	/etc/firejail/keepassx.profile	83	/etc/firejail/keepassx.profile
83	/etc/firejail/kmail.profile	84	/etc/firejail/kmail.profile
84	/etc/firejail/konversation.profile	85	/etc/firejail/konversation.profile
@@ -117,6 +118,8 @@
117	/etc/firejail/polari.profile	118	/etc/firejail/polari.profile
118	/etc/firejail/psi-plus.profile	119	/etc/firejail/psi-plus.profile
119	/etc/firejail/qbittorrent.profile	120	/etc/firejail/qbittorrent.profile
		121	/etc/firejail/qemu-launcher.profile
		122	/etc/firejail/qemu-system-x86_64.profile
120	/etc/firejail/qpdfview.profile	123	/etc/firejail/qpdfview.profile
121	/etc/firejail/qtox.profile	124	/etc/firejail/qtox.profile
122	/etc/firejail/quassel.profile	125	/etc/firejail/quassel.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f18bf8c86..d10d59657 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -82,6 +82,8 @@ mupen64plus
82	wine	82	wine
83	dosbox	83	dosbox
84	virtualbox	84	virtualbox
		85	qemu-launcher
		86	qemu-system-x86_64
85		87
86	# games	88	# games
87	0ad	89	0ad
@@ -154,6 +156,7 @@ atom-beta
154	atom	156	atom
155	ranger	157	ranger
156	keepass	158	keepass
		159	keepass2
157	keepassx	160	keepassx
158	xiphos	161	xiphos
159		162