4 files changed, 54 insertions, 3 deletions

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 52534a9e9..35f89e11b 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -34,6 +34,7 @@ blacklist ${HOME}/.config/autostart
 blacklist ${HOME}/.config/autostart-scripts
 blacklist ${HOME}/.config/awesome
 blacklist ${HOME}/.config/i3
+blacklist ${HOME}/.config/sway
 blacklist ${HOME}/.config/lxsession/LXDE/autostart
 blacklist ${HOME}/.config/openbox
 blacklist ${HOME}/.config/plasma-workspace
diff --git a/etc/profile-a-l/librewolf-nightly.profile b/etc/profile-a-l/librewolf-nightly.profile
index e6c3da608..72df5a52a 100644
--- a/etc/profile-a-l/librewolf-nightly.profile
+++ b/etc/profile-a-l/librewolf-nightly.profile
@@ -6,5 +6,8 @@ include librewolf-nightly.local
 # added by included profile
 #include globals.local
 
+# Add the next line to your librewolf-nightly.local to enable private-bin.
+#private-bin librewolf-nightly
+
 # Redirect
 include librewolf.profile
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile
index 8e891a930..0934e1271 100644
--- a/etc/profile-a-l/librewolf.profile
+++ b/etc/profile-a-l/librewolf.profile
@@ -18,12 +18,40 @@ whitelist ${HOME}/.librewolf
 #noblacklist ${HOME}/.mozilla
 #whitelist ${HOME}/.mozilla
 
-# librewolf requires a shell to launch on Arch. We can possibly remove sh though.
-# Add the next line to your librewolf.local to enable private-bin.
-#private-bin bash,dbus-launch,dbus-send,env,librewolf,python*,sh,which
+# Uncomment or put in your librewolf.local one of the following whitelist to enable KeePassXC Plugin
+# NOTE: start KeePassXC before Librewolf and keep it open to allow communication between them
+#whitelist ${RUNUSER}/kpxc_server
+#whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer
+
+whitelist /usr/share/doc
+whitelist /usr/share/gtk-doc/html
+whitelist /usr/share/mozilla
+whitelist /usr/share/webext
+include whitelist-usr-share-common.inc
+
+# Add the next line to your librewolf.local to enable private-bin (Arch Linux).
+#private-bin dbus-launch,dbus-send,librewolf,sh
 # Add the next line to your librewolf.local to enable private-etc. Note
 # that private-etc must first be enabled in firefox-common.local.
 #private-etc librewolf
 
+dbus-user filter
+# Uncomment or put in your librewolf.local to enable native notifications.
+#dbus-user.talk org.freedesktop.Notifications
+# Uncomment or put in your librewolf.local to allow to inhibit screensavers
+#dbus-user.talk org.freedesktop.ScreenSaver
+# Uncomment or put in your librewolf.local for plasma browser integration
+#dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration
+#dbus-user.talk org.kde.JobViewServer
+#dbus-user.talk org.kde.kuiserver
+# Uncomment or put in your librewolf.local to allow screen sharing under wayland.
+#whitelist ${RUNUSER}/pipewire-0
+#dbus-user.talk org.freedesktop.portal.*
+# Also uncomment or put in your librewolf.local if screen sharing sharing still
+# does not work with the above lines (might depend on the portal
+# implementation)
+#ignore noroot
+ignore dbus-user none
+
 # Redirect
 include firefox-common.profile
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile
new file mode 100644
index 000000000..4637419bf
--- /dev/null
+++ b/etc/profile-a-l/sway.profile
@@ -0,0 +1,19 @@
+# Firejail profile for Sway
+# Description: i3-compatible Wayland compositor 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sway.local
+# Persistent global definitions
+include globals.local
+
+# all applications started in sway will run in this profile
+noblacklist ${HOME}/.config/sway
+# sway uses ~/.config/i3 as fallback if there is no ~/.config/sway
+noblacklist ${HOME}/.config/i3
+include disable-common.inc
+
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6
+seccomp