10 files changed, 120 insertions, 3 deletions
diff --git a/README.md b/README.md
index 67beef83b..9457da983 100644
--- a/README.md
+++ b/README.md
@@ -217,4 +217,4 @@ xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-G
 PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,
 Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,
 Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
-Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM
+Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin
diff --git a/RELNOTES b/RELNOTES
index a4615b240..7e92deed2 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -39,7 +39,7 @@ firejail (0.9.46-rc1) baseline; urgency=low
  * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
  * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
  * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
-  * new profiles: Ristretto, PCManFM
+  * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Fri, 7 Apr 2017 08:00:00 -0500
diff --git a/etc/default.profile b/etc/default.profile
index 66b04896f..484c1cd8e 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -25,4 +25,4 @@ seccomp
 # private-etc none
 # private-dev
 # private-tmp
+# nosound
diff --git a/etc/dia.profile b/etc/dia.profile
new file mode 100644
index 000000000..3c01e9a0b
--- /dev/null
+++ b/etc/dia.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/dia.local
+noblacklist ~/.dia
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 18b644987..285a7f7e3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.config/filezilla
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/gajim
+blacklist ${HOME}/.config/geany
 blacklist ${HOME}/.config/geeqie
 blacklist ${HOME}/.config/gedit
 blacklist ${HOME}/.config/globaltime
@@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
 blacklist ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.dia
 blacklist ${HOME}/.dillo
 blacklist ${HOME}/.dosbox
 blacklist ${HOME}/.dropbox-dist
@@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d
 blacklist ${HOME}/.filezilla
 blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
+blacklist ${HOME}/.FontForge
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.git-credential-cache
 blacklist ${HOME}/.gitconfig
@@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml
 blacklist ${HOME}/.googleearth/myplaces.kml
 blacklist ${HOME}/.guayadeque
 blacklist ${HOME}/.hedgewars
+blacklist ${HOME}/.hugin
 blacklist ${HOME}/.icedove
 blacklist ${HOME}/.inkscape
 blacklist ${HOME}/.jitsi
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
new file mode 100644
index 000000000..014d15650
--- /dev/null
+++ b/etc/fontforge.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/fontforge.local
+noblacklist ${HOME}/.FontForge
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/geany.profile b/etc/geany.profile
new file mode 100644
index 000000000..8ccc44dc1
--- /dev/null
+++ b/etc/geany.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/geany.local
+noblacklist ${HOME}/.config/geany
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/hugin.profile b/etc/hugin.profile
new file mode 100644
index 000000000..d2ad16c0e
--- /dev/null
+++ b/etc/hugin.profile
@@ -0,0 +1,27 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/hugin.local
+noblacklist ${HOME}/.hugin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
+nosound
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 2f0da51ce..fa910f957 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -277,3 +277,7 @@
 /etc/firejail/xfce4-dict.profile
 /etc/firejail/xfce4-notes.profile
 /etc/firejail/pcmanfm.profile
+/etc/firejail/dia.profile
+/etc/firejail/fontforge.profile
+/etc/firejail/geany.profile
+/etc/firejail/hugin.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 93744f671..db3b525ff 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -34,6 +34,7 @@ cvlc
 cyberfox
 deadbeef
 deluge
+dia
 dillo
 dino
 display
@@ -59,7 +60,9 @@ firefox
 firefox-esr
 flashpeak-slimjet
 flowblade
+fontforge
 gajim
+geany
 gedit
 geeqie
 gimp
@@ -90,6 +93,7 @@ gwenview
 hedgewars
 hexchat
 highlight
+hugin
 icecat
 icedove
 iceweasel

diff --git a/README.md b/README.md index 67beef83b..9457da983 100644 --- a/README.md +++ b/README.md
@@ -217,4 +217,4 @@ xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-G
217	PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,	217	PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,
218	Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,	218	Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,
219	Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,	219	Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
220	Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM	220	Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin


diff --git a/RELNOTES b/RELNOTES index a4615b240..7e92deed2 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -39,7 +39,7 @@ firejail (0.9.46-rc1) baseline; urgency=low
39	* new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,	39	* new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
40	* new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,	40	* new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
41	* new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,	41	* new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
42	* new profiles: Ristretto, PCManFM	42	* new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin
43	* bugfixes	43	* bugfixes
44	-- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500	44	-- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500
45		45


diff --git a/etc/default.profile b/etc/default.profile index 66b04896f..484c1cd8e 100644 --- a/etc/default.profile +++ b/etc/default.profile
@@ -25,4 +25,4 @@ seccomp
25	# private-etc none	25	# private-etc none
26	# private-dev	26	# private-dev
27	# private-tmp	27	# private-tmp
28		28	# nosound


diff --git a/etc/dia.profile b/etc/dia.profile new file mode 100644 index 000000000..3c01e9a0b --- /dev/null +++ b/etc/dia.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/dia.local
		4
		5	noblacklist ~/.dia
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 18b644987..285a7f7e3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution
74	blacklist ${HOME}/.config/filezilla	74	blacklist ${HOME}/.config/filezilla
75	blacklist ${HOME}/.config/flowblade	75	blacklist ${HOME}/.config/flowblade
76	blacklist ${HOME}/.config/gajim	76	blacklist ${HOME}/.config/gajim
		77	blacklist ${HOME}/.config/geany
77	blacklist ${HOME}/.config/geeqie	78	blacklist ${HOME}/.config/geeqie
78	blacklist ${HOME}/.config/gedit	79	blacklist ${HOME}/.config/gedit
79	blacklist ${HOME}/.config/globaltime	80	blacklist ${HOME}/.config/globaltime
@@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer
148	blacklist ${HOME}/.config/zathura	149	blacklist ${HOME}/.config/zathura
149	blacklist ${HOME}/.config/zoomus.conf	150	blacklist ${HOME}/.config/zoomus.conf
150	blacklist ${HOME}/.conkeror.mozdev.org	151	blacklist ${HOME}/.conkeror.mozdev.org
		152	blacklist ${HOME}/.dia
151	blacklist ${HOME}/.dillo	153	blacklist ${HOME}/.dillo
152	blacklist ${HOME}/.dosbox	154	blacklist ${HOME}/.dosbox
153	blacklist ${HOME}/.dropbox-dist	155	blacklist ${HOME}/.dropbox-dist
@@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d
158	blacklist ${HOME}/.filezilla	160	blacklist ${HOME}/.filezilla
159	blacklist ${HOME}/.flowblade	161	blacklist ${HOME}/.flowblade
160	blacklist ${HOME}/.fltk	162	blacklist ${HOME}/.fltk
		163	blacklist ${HOME}/.FontForge
161	blacklist ${HOME}/.gimp*	164	blacklist ${HOME}/.gimp*
162	blacklist ${HOME}/.git-credential-cache	165	blacklist ${HOME}/.git-credential-cache
163	blacklist ${HOME}/.gitconfig	166	blacklist ${HOME}/.gitconfig
@@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml
167	blacklist ${HOME}/.googleearth/myplaces.kml	170	blacklist ${HOME}/.googleearth/myplaces.kml
168	blacklist ${HOME}/.guayadeque	171	blacklist ${HOME}/.guayadeque
169	blacklist ${HOME}/.hedgewars	172	blacklist ${HOME}/.hedgewars
		173	blacklist ${HOME}/.hugin
170	blacklist ${HOME}/.icedove	174	blacklist ${HOME}/.icedove
171	blacklist ${HOME}/.inkscape	175	blacklist ${HOME}/.inkscape
172	blacklist ${HOME}/.jitsi	176	blacklist ${HOME}/.jitsi


diff --git a/etc/fontforge.profile b/etc/fontforge.profile new file mode 100644 index 000000000..014d15650 --- /dev/null +++ b/etc/fontforge.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/fontforge.local
		4
		5	noblacklist ${HOME}/.FontForge
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26


diff --git a/etc/geany.profile b/etc/geany.profile new file mode 100644 index 000000000..8ccc44dc1 --- /dev/null +++ b/etc/geany.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/geany.local
		4
		5	noblacklist ${HOME}/.config/geany
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26


diff --git a/etc/hugin.profile b/etc/hugin.profile new file mode 100644 index 000000000..d2ad16c0e --- /dev/null +++ b/etc/hugin.profile
@@ -0,0 +1,27 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/hugin.local
		4
		5	noblacklist ${HOME}/.hugin
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26	nosound
		27


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 2f0da51ce..fa910f957 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -277,3 +277,7 @@
277	/etc/firejail/xfce4-dict.profile	277	/etc/firejail/xfce4-dict.profile
278	/etc/firejail/xfce4-notes.profile	278	/etc/firejail/xfce4-notes.profile
279	/etc/firejail/pcmanfm.profile	279	/etc/firejail/pcmanfm.profile
		280	/etc/firejail/dia.profile
		281	/etc/firejail/fontforge.profile
		282	/etc/firejail/geany.profile
		283	/etc/firejail/hugin.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 93744f671..db3b525ff 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -34,6 +34,7 @@ cvlc
34	cyberfox	34	cyberfox
35	deadbeef	35	deadbeef
36	deluge	36	deluge
		37	dia
37	dillo	38	dillo
38	dino	39	dino
39	display	40	display
@@ -59,7 +60,9 @@ firefox
59	firefox-esr	60	firefox-esr
60	flashpeak-slimjet	61	flashpeak-slimjet
61	flowblade	62	flowblade
		63	fontforge
62	gajim	64	gajim
		65	geany
63	gedit	66	gedit
64	geeqie	67	geeqie
65	gimp	68	gimp
@@ -90,6 +93,7 @@ gwenview
90	hedgewars	93	hedgewars
91	hexchat	94	hexchat
92	highlight	95	highlight
		96	hugin
93	icecat	97	icecat
94	icedove	98	icedove
95	iceweasel	99	iceweasel