3 files changed, 96 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 50e4854ac..f3b44ac3e 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -78,6 +78,7 @@ blacklist ${HOME}/.cache/PawelStolowski
 blacklist ${HOME}/.cache/Psi
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/Quotient/quaternion
+blacklist ${HOME}/.cache/RawTherapee
 blacklist ${HOME}/.cache/Shortwave
 blacklist ${HOME}/.cache/Tox
 blacklist ${HOME}/.cache/Zeal
@@ -335,6 +336,7 @@ blacklist ${HOME}/.config/QuiteRssrc
 blacklist ${HOME}/.config/Quotient
 blacklist ${HOME}/.config/RSS Guard 4
 blacklist ${HOME}/.config/Rambox
+blacklist ${HOME}/.config/RawTherapee
 blacklist ${HOME}/.config/Riot
 blacklist ${HOME}/.config/Rocket.Chat
 blacklist ${HOME}/.config/RogueLegacy
@@ -712,6 +714,7 @@ blacklist ${HOME}/.dosbox
 blacklist ${HOME}/.dropbox*
 blacklist ${HOME}/.easystroke
 blacklist ${HOME}/.electron-cache
+blacklist ${HOME}/.electron-cash
 blacklist ${HOME}/.electrum*
 blacklist ${HOME}/.elinks
 blacklist ${HOME}/.emacs
diff --git a/etc/profile-a-l/electron-cash.profile b/etc/profile-a-l/electron-cash.profile
new file mode 100644
index 000000000..bedccf667
--- /dev/null
+++ b/etc/profile-a-l/electron-cash.profile
@@ -0,0 +1,54 @@
+# Firejail profile for electron-cash
+# Description: Lightweight Bitcoin Cash wallet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include electron-cash.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.electron-cash
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.electron-cash
+whitelist ${HOME}/.electron-cash
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+disable-mnt
+private-bin electron-cash,python*
+private-cache
+?HAS_APPIMAGE: ignore private-dev
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl
+private-tmp
+# dbus-user none
+# dbus-system none
+restrict-namespaces
diff --git a/etc/profile-m-z/rawtherapee.profile b/etc/profile-m-z/rawtherapee.profile
new file mode 100644
index 000000000..0cf946eec
--- /dev/null
+++ b/etc/profile-m-z/rawtherapee.profile
@@ -0,0 +1,39 @@
+# Firejail profile for rawtherapee
+# Description: Free cross-platform raw image processing program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include rawtherapee.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/RawTherapee
+noblacklist ${HOME}/.config/RawTherapee
+noblacklist ${PICTURES}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+private-bin rawtherapee
+private-dev
+private-tmp
+restrict-namespaces

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 50e4854ac..f3b44ac3e 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -78,6 +78,7 @@ blacklist ${HOME}/.cache/PawelStolowski
78	blacklist ${HOME}/.cache/Psi	78	blacklist ${HOME}/.cache/Psi
79	blacklist ${HOME}/.cache/QuiteRss	79	blacklist ${HOME}/.cache/QuiteRss
80	blacklist ${HOME}/.cache/Quotient/quaternion	80	blacklist ${HOME}/.cache/Quotient/quaternion
		81	blacklist ${HOME}/.cache/RawTherapee
81	blacklist ${HOME}/.cache/Shortwave	82	blacklist ${HOME}/.cache/Shortwave
82	blacklist ${HOME}/.cache/Tox	83	blacklist ${HOME}/.cache/Tox
83	blacklist ${HOME}/.cache/Zeal	84	blacklist ${HOME}/.cache/Zeal
@@ -335,6 +336,7 @@ blacklist ${HOME}/.config/QuiteRssrc
335	blacklist ${HOME}/.config/Quotient	336	blacklist ${HOME}/.config/Quotient
336	blacklist ${HOME}/.config/RSS Guard 4	337	blacklist ${HOME}/.config/RSS Guard 4
337	blacklist ${HOME}/.config/Rambox	338	blacklist ${HOME}/.config/Rambox
		339	blacklist ${HOME}/.config/RawTherapee
338	blacklist ${HOME}/.config/Riot	340	blacklist ${HOME}/.config/Riot
339	blacklist ${HOME}/.config/Rocket.Chat	341	blacklist ${HOME}/.config/Rocket.Chat
340	blacklist ${HOME}/.config/RogueLegacy	342	blacklist ${HOME}/.config/RogueLegacy
@@ -712,6 +714,7 @@ blacklist ${HOME}/.dosbox
712	blacklist ${HOME}/.dropbox*	714	blacklist ${HOME}/.dropbox*
713	blacklist ${HOME}/.easystroke	715	blacklist ${HOME}/.easystroke
714	blacklist ${HOME}/.electron-cache	716	blacklist ${HOME}/.electron-cache
		717	blacklist ${HOME}/.electron-cash
715	blacklist ${HOME}/.electrum*	718	blacklist ${HOME}/.electrum*
716	blacklist ${HOME}/.elinks	719	blacklist ${HOME}/.elinks
717	blacklist ${HOME}/.emacs	720	blacklist ${HOME}/.emacs


diff --git a/etc/profile-a-l/electron-cash.profile b/etc/profile-a-l/electron-cash.profile new file mode 100644 index 000000000..bedccf667 --- /dev/null +++ b/etc/profile-a-l/electron-cash.profile
@@ -0,0 +1,54 @@
		1	# Firejail profile for electron-cash
		2	# Description: Lightweight Bitcoin Cash wallet
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include electron-cash.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.electron-cash
		10
		11	# Allow python (blacklisted by disable-interpreters.inc)
		12	include allow-python3.inc
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-programs.inc
		19	include disable-shell.inc
		20	include disable-xdg.inc
		21
		22	mkdir ${HOME}/.electron-cash
		23	whitelist ${HOME}/.electron-cash
		24	include whitelist-common.inc
		25	include whitelist-var-common.inc
		26
		27	caps.drop all
		28	ipc-namespace
		29	netfilter
		30	no3d
		31	nodvd
		32	nogroups
		33	noinput
		34	nonewprivs
		35	noroot
		36	nosound
		37	notv
		38	nou2f
		39	novideo
		40	protocol unix,inet,inet6
		41	seccomp
		42
		43	disable-mnt
		44	private-bin electron-cash,python*
		45	private-cache
		46	?HAS_APPIMAGE: ignore private-dev
		47	private-dev
		48	private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl
		49	private-tmp
		50
		51	# dbus-user none
		52	# dbus-system none
		53
		54	restrict-namespaces


diff --git a/etc/profile-m-z/rawtherapee.profile b/etc/profile-m-z/rawtherapee.profile new file mode 100644 index 000000000..0cf946eec --- /dev/null +++ b/etc/profile-m-z/rawtherapee.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for rawtherapee
		2	# Description: Free cross-platform raw image processing program
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include rawtherapee.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/RawTherapee
		10	noblacklist ${HOME}/.config/RawTherapee
		11	noblacklist ${PICTURES}
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-xdg.inc
		20
		21	caps.drop all
		22	netfilter
		23	nodvd
		24	nogroups
		25	noinput
		26	nonewprivs
		27	noroot
		28	nosound
		29	notv
		30	nou2f
		31	novideo
		32	protocol unix,inet,inet6
		33	seccomp
		34
		35	private-bin rawtherapee
		36	private-dev
		37	private-tmp
		38
		39	restrict-namespaces