6 files changed, 44 insertions, 3 deletions
diff --git a/README.md b/README.md
index 82c1a7bff..3eecca941 100644
--- a/README.md
+++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59
 ## New profiles:
-crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss
+crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha
diff --git a/RELNOTES b/RELNOTES
index 14b42e295..d780cc823 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,7 +6,7 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
  * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
  * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
-  * new profiles: code-oss
+  * new profiles: code-oss, pragha
  * memory-deny-write-execute now also blocks memfd_create
 firejail (0.9.58,2) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 54b10acc4..971e00f18 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -239,6 +239,7 @@ blacklist ${HOME}/.config/pitivi
 blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.config/pluma
 blacklist ${HOME}/.config/ppsspp
+blacklist ${HOME}/.config/pragha
 blacklist ${HOME}/.config/psi+
 blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
diff --git a/etc/pragha.profile b/etc/pragha.profile
new file mode 100644
index 000000000..a595caee9
--- /dev/null
+++ b/etc/pragha.profile
@@ -0,0 +1,39 @@
+# Firejail profile for pragha
+# Description: A lightweight GTK music player
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pragha.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/pragha
+noblacklist ${MUSIC}
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+private-dev
+private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index e974e4304..3953de614 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -35,7 +35,7 @@ shell none
 # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
 disable-mnt
-private-bin wire-desktop
+private-bin wire-desktop,bash,sh,env,electron
 private-dev
 private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
 private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 0633d62e9..35dda8393 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -98,6 +98,7 @@ clipit
 cliqz
 cmus
 code
+code-oss
 conkeror
 conky
 corebird

diff --git a/README.md b/README.md index 82c1a7bff..3eecca941 100644 --- a/README.md +++ b/README.md
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
102	## Current development version: 0.9.59	102	## Current development version: 0.9.59
103		103
104	## New profiles:	104	## New profiles:
105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss	105	crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha


diff --git a/RELNOTES b/RELNOTES index 14b42e295..d780cc823 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -6,7 +6,7 @@ firejail (0.9.59) baseline; urgency=low
6	* new profiles: netactview, redshift, devhelp, assogiate, subdownloader	6	* new profiles: netactview, redshift, devhelp, assogiate, subdownloader
7	* new profiles: font-manager, exfalso, gconf-editor, dconf-editor	7	* new profiles: font-manager, exfalso, gconf-editor, dconf-editor
8	* new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings	8	* new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
9	* new profiles: code-oss	9	* new profiles: code-oss, pragha
10	* memory-deny-write-execute now also blocks memfd_create	10	* memory-deny-write-execute now also blocks memfd_create
11		11
12	firejail (0.9.58,2) baseline; urgency=low	12	firejail (0.9.58,2) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 54b10acc4..971e00f18 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -239,6 +239,7 @@ blacklist ${HOME}/.config/pitivi
239	blacklist ${HOME}/.config/pix	239	blacklist ${HOME}/.config/pix
240	blacklist ${HOME}/.config/pluma	240	blacklist ${HOME}/.config/pluma
241	blacklist ${HOME}/.config/ppsspp	241	blacklist ${HOME}/.config/ppsspp
		242	blacklist ${HOME}/.config/pragha
242	blacklist ${HOME}/.config/psi+	243	blacklist ${HOME}/.config/psi+
243	blacklist ${HOME}/.config/qBittorrent	244	blacklist ${HOME}/.config/qBittorrent
244	blacklist ${HOME}/.config/qBittorrentrc	245	blacklist ${HOME}/.config/qBittorrentrc


diff --git a/etc/pragha.profile b/etc/pragha.profile new file mode 100644 index 000000000..a595caee9 --- /dev/null +++ b/etc/pragha.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for pragha
		2	# Description: A lightweight GTK music player
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include pragha.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/pragha
		10	noblacklist ${MUSIC}
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	include whitelist-var-common.inc
		20
		21	caps.drop all
		22	netfilter
		23	no3d
		24	nogroups
		25	nonewprivs
		26	noroot
		27	notv
		28	nou2f
		29	novideo
		30	protocol unix,inet,inet6
		31	seccomp
		32	shell none
		33
		34	private-dev
		35	private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
		36	private-tmp
		37
		38	noexec ${HOME}
		39	noexec /tmp


diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index e974e4304..3953de614 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile
@@ -35,7 +35,7 @@ shell none
35	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"	35	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
36		36
37	disable-mnt	37	disable-mnt
38	private-bin wire-desktop	38	private-bin wire-desktop,bash,sh,env,electron
39	private-dev	39	private-dev
40	private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies	40	private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
41	private-tmp	41	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0633d62e9..35dda8393 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -98,6 +98,7 @@ clipit
98	cliqz	98	cliqz
99	cmus	99	cmus
100	code	100	code
		101	code-oss
101	conkeror	102	conkeror
102	conky	103	conky
103	corebird	104	corebird