9 files changed, 153 insertions, 1 deletions
diff --git a/README.md b/README.md
index 06f7c1c6f..c6b1b0933 100644
--- a/README.md
+++ b/README.md
@@ -196,4 +196,5 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show,
 xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5,
 PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,
 Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,
-Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent
+Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent,
+Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index fbe614b0d..9b84f5e8a 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -76,6 +76,7 @@ blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/gajim
 blacklist ${HOME}/.config/geeqie
 blacklist ${HOME}/.config/gedit
+blacklist ${HOME}/.config/globaltime
 blacklist ${HOME}/.config/google-chrome
 blacklist ${HOME}/.config/google-chrome-beta
 blacklist ${HOME}/.config/google-chrome-unstable
@@ -104,10 +105,12 @@ blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
 blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
+blacklist ${HOME}/.config/orage
 blacklist ${HOME}/.config/org.kde.gwenviewrc
 blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.config/pluma
 blacklist ${HOME}/.config/psi+
+blacklist ${HOME}/.config/ristretto
 blacklist ${HOME}/.config/qpdfview
 blacklist ${HOME}/.config/qt5ct
 blacklist ${HOME}/.config/qutebrowser
@@ -135,6 +138,9 @@ blacklist ${HOME}/.config/xchat
 blacklist ${HOME}/.config/xed
 blacklist ${HOME}/.config/xfburn
 blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
+blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+blacklist ${HOME}/.config/xfce4-dict
 blacklist ${HOME}/.config/xplayer
 blacklist ${HOME}/.config/xreader
 blacklist ${HOME}/.config/xviewer
@@ -242,6 +248,7 @@ blacklist ${HOME}/.local/share/mupen64plus
 blacklist ${HOME}/.local/share/nautilus
 blacklist ${HOME}/.local/share/nemo
 blacklist ${HOME}/.local/share/okular
+blacklist ${HOME}/.local/share/orage
 blacklist ${HOME}/.local/share/org.kde.gwenview
 blacklist ${HOME}/.local/share/pix
 blacklist ${HOME}/.local/share/psi+
@@ -256,6 +263,7 @@ blacklist ${HOME}/.local/share/vpltd
 blacklist ${HOME}/.local/share/vulkan
 blacklist ${HOME}/.local/share/wesnoth
 blacklist ${HOME}/.local/share/xplayer
+blacklist ${HOME}/.local/share/notes
 blacklist ${HOME}/.local/share/xreader
 blacklist ${HOME}/.local/share/zathura
 blacklist ${HOME}/.lv2
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
new file mode 100644
index 000000000..271c331a9
--- /dev/null
+++ b/etc/globaltime.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/globaltime.local
+noblacklist ${HOME}/.config/globaltime
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+# private-tmp
diff --git a/etc/orage.profile b/etc/orage.profile
new file mode 100644
index 000000000..b0bd8b9c3
--- /dev/null
+++ b/etc/orage.profile
@@ -0,0 +1,27 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/orage.local
+noblacklist ${HOME}/.config/orage
+noblacklist ${HOME}/.local/share/orage
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+# private-tmp
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
new file mode 100644
index 000000000..9499febe1
--- /dev/null
+++ b/etc/ristretto.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/risretto.local
+noblacklist ${HOME}/.config/ristretto
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+# private-tmp
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile
new file mode 100644
index 000000000..41544e6b9
--- /dev/null
+++ b/etc/xfce4-dict.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/xfce4-dict.local
+noblacklist ${HOME}/.config/xfce4-dict
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+# private-tmp
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile
new file mode 100644
index 000000000..f2cb9a5f1
--- /dev/null
+++ b/etc/xfce4-notes.profile
@@ -0,0 +1,28 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/xfce4-notes.local
+noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
+noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
+noblacklist ${HOME}/.local/share/notes
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+# private-tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 4169184df..355faf44f 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -271,3 +271,8 @@
 /etc/firejail/akregator.profile
 /etc/firejail/kcalc.profile
 /etc/firejail/ktorrent.profile
+/etc/firejail/globaltime.profile
+/etc/firejail/orage.profile
+/etc/firejail/ristretto.profile
+/etc/firejail/xfce4-dict.profile
+/etc/firejail/xfce4-notes.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2569c36ef..c44d83e7b 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -65,6 +65,7 @@ geeqie
 gimp
 gitter
 gjs
+globaltime
 gnome-2048
 gnome-books
 gnome-calculator
@@ -144,6 +145,7 @@ okular
 openshot
 opera
 opera-beta
+orage
 palemoon
 parole
 pdfsam
@@ -164,6 +166,7 @@ quiterss
 qutebrowser
 ranger
 rhythmbox
+ristretto
 rtorrent
 scribus
 seamonkey
@@ -211,6 +214,8 @@ wireshark
 xchat
 xed
 xfburn
+xfce4-dict
+xfce4-notes
 xiphos
 xmms
 xonotic-glx

diff --git a/README.md b/README.md index 06f7c1c6f..c6b1b0933 100644 --- a/README.md +++ b/README.md
@@ -196,4 +196,5 @@ simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show,
196	xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5,	196	xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5,
197	PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,	197	PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,
198	Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,	198	Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,
199	Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent	199	Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, akregator, kcalc, ktorrent,
		200	Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fbe614b0d..9b84f5e8a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -76,6 +76,7 @@ blacklist ${HOME}/.config/flowblade
76	blacklist ${HOME}/.config/gajim	76	blacklist ${HOME}/.config/gajim
77	blacklist ${HOME}/.config/geeqie	77	blacklist ${HOME}/.config/geeqie
78	blacklist ${HOME}/.config/gedit	78	blacklist ${HOME}/.config/gedit
		79	blacklist ${HOME}/.config/globaltime
79	blacklist ${HOME}/.config/google-chrome	80	blacklist ${HOME}/.config/google-chrome
80	blacklist ${HOME}/.config/google-chrome-beta	81	blacklist ${HOME}/.config/google-chrome-beta
81	blacklist ${HOME}/.config/google-chrome-unstable	82	blacklist ${HOME}/.config/google-chrome-unstable
@@ -104,10 +105,12 @@ blacklist ${HOME}/.config/okularpartrc
104	blacklist ${HOME}/.config/okularrc	105	blacklist ${HOME}/.config/okularrc
105	blacklist ${HOME}/.config/opera	106	blacklist ${HOME}/.config/opera
106	blacklist ${HOME}/.config/opera-beta	107	blacklist ${HOME}/.config/opera-beta
		108	blacklist ${HOME}/.config/orage
107	blacklist ${HOME}/.config/org.kde.gwenviewrc	109	blacklist ${HOME}/.config/org.kde.gwenviewrc
108	blacklist ${HOME}/.config/pix	110	blacklist ${HOME}/.config/pix
109	blacklist ${HOME}/.config/pluma	111	blacklist ${HOME}/.config/pluma
110	blacklist ${HOME}/.config/psi+	112	blacklist ${HOME}/.config/psi+
		113	blacklist ${HOME}/.config/ristretto
111	blacklist ${HOME}/.config/qpdfview	114	blacklist ${HOME}/.config/qpdfview
112	blacklist ${HOME}/.config/qt5ct	115	blacklist ${HOME}/.config/qt5ct
113	blacklist ${HOME}/.config/qutebrowser	116	blacklist ${HOME}/.config/qutebrowser
@@ -135,6 +138,9 @@ blacklist ${HOME}/.config/xchat
135	blacklist ${HOME}/.config/xed	138	blacklist ${HOME}/.config/xed
136	blacklist ${HOME}/.config/xfburn	139	blacklist ${HOME}/.config/xfburn
137	blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml	140	blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
		141	blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
		142	blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
		143	blacklist ${HOME}/.config/xfce4-dict
138	blacklist ${HOME}/.config/xplayer	144	blacklist ${HOME}/.config/xplayer
139	blacklist ${HOME}/.config/xreader	145	blacklist ${HOME}/.config/xreader
140	blacklist ${HOME}/.config/xviewer	146	blacklist ${HOME}/.config/xviewer
@@ -242,6 +248,7 @@ blacklist ${HOME}/.local/share/mupen64plus
242	blacklist ${HOME}/.local/share/nautilus	248	blacklist ${HOME}/.local/share/nautilus
243	blacklist ${HOME}/.local/share/nemo	249	blacklist ${HOME}/.local/share/nemo
244	blacklist ${HOME}/.local/share/okular	250	blacklist ${HOME}/.local/share/okular
		251	blacklist ${HOME}/.local/share/orage
245	blacklist ${HOME}/.local/share/org.kde.gwenview	252	blacklist ${HOME}/.local/share/org.kde.gwenview
246	blacklist ${HOME}/.local/share/pix	253	blacklist ${HOME}/.local/share/pix
247	blacklist ${HOME}/.local/share/psi+	254	blacklist ${HOME}/.local/share/psi+
@@ -256,6 +263,7 @@ blacklist ${HOME}/.local/share/vpltd
256	blacklist ${HOME}/.local/share/vulkan	263	blacklist ${HOME}/.local/share/vulkan
257	blacklist ${HOME}/.local/share/wesnoth	264	blacklist ${HOME}/.local/share/wesnoth
258	blacklist ${HOME}/.local/share/xplayer	265	blacklist ${HOME}/.local/share/xplayer
		266	blacklist ${HOME}/.local/share/notes
259	blacklist ${HOME}/.local/share/xreader	267	blacklist ${HOME}/.local/share/xreader
260	blacklist ${HOME}/.local/share/zathura	268	blacklist ${HOME}/.local/share/zathura
261	blacklist ${HOME}/.lv2	269	blacklist ${HOME}/.lv2


diff --git a/etc/globaltime.profile b/etc/globaltime.profile new file mode 100644 index 000000000..271c331a9 --- /dev/null +++ b/etc/globaltime.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/globaltime.local
		4
		5	noblacklist ${HOME}/.config/globaltime
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	# private-tmp
		26


diff --git a/etc/orage.profile b/etc/orage.profile new file mode 100644 index 000000000..b0bd8b9c3 --- /dev/null +++ b/etc/orage.profile
@@ -0,0 +1,27 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/orage.local
		4
		5	noblacklist ${HOME}/.config/orage
		6	noblacklist ${HOME}/.local/share/orage
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-programs.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10
		11	caps.drop all
		12	netfilter
		13	nonewprivs
		14	noroot
		15	protocol unix,inet,inet6
		16	seccomp
		17
		18	#
		19	# depending on you usage, you can enable some of the commands below:
		20	#
		21	nogroups
		22	shell none
		23	# private-bin program
		24	# private-etc none
		25	private-dev
		26	# private-tmp
		27


diff --git a/etc/ristretto.profile b/etc/ristretto.profile new file mode 100644 index 000000000..9499febe1 --- /dev/null +++ b/etc/ristretto.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/risretto.local
		4
		5	noblacklist ${HOME}/.config/ristretto
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	# private-tmp
		26


diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile new file mode 100644 index 000000000..41544e6b9 --- /dev/null +++ b/etc/xfce4-dict.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/xfce4-dict.local
		4
		5	noblacklist ${HOME}/.config/xfce4-dict
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	# private-tmp
		26


diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile new file mode 100644 index 000000000..f2cb9a5f1 --- /dev/null +++ b/etc/xfce4-notes.profile
@@ -0,0 +1,28 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/xfce4-notes.local
		4
		5	noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc
		6	noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
		7	noblacklist ${HOME}/.local/share/notes
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-programs.inc
		10	include /etc/firejail/disable-passwdmgr.inc
		11
		12	caps.drop all
		13	netfilter
		14	nonewprivs
		15	noroot
		16	protocol unix,inet,inet6
		17	seccomp
		18
		19	#
		20	# depending on you usage, you can enable some of the commands below:
		21	#
		22	nogroups
		23	shell none
		24	# private-bin program
		25	# private-etc none
		26	private-dev
		27	# private-tmp
		28


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 4169184df..355faf44f 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -271,3 +271,8 @@
271	/etc/firejail/akregator.profile	271	/etc/firejail/akregator.profile
272	/etc/firejail/kcalc.profile	272	/etc/firejail/kcalc.profile
273	/etc/firejail/ktorrent.profile	273	/etc/firejail/ktorrent.profile
		274	/etc/firejail/globaltime.profile
		275	/etc/firejail/orage.profile
		276	/etc/firejail/ristretto.profile
		277	/etc/firejail/xfce4-dict.profile
		278	/etc/firejail/xfce4-notes.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2569c36ef..c44d83e7b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -65,6 +65,7 @@ geeqie
65	gimp	65	gimp
66	gitter	66	gitter
67	gjs	67	gjs
		68	globaltime
68	gnome-2048	69	gnome-2048
69	gnome-books	70	gnome-books
70	gnome-calculator	71	gnome-calculator
@@ -144,6 +145,7 @@ okular
144	openshot	145	openshot
145	opera	146	opera
146	opera-beta	147	opera-beta
		148	orage
147	palemoon	149	palemoon
148	parole	150	parole
149	pdfsam	151	pdfsam
@@ -164,6 +166,7 @@ quiterss
164	qutebrowser	166	qutebrowser
165	ranger	167	ranger
166	rhythmbox	168	rhythmbox
		169	ristretto
167	rtorrent	170	rtorrent
168	scribus	171	scribus
169	seamonkey	172	seamonkey
@@ -211,6 +214,8 @@ wireshark
211	xchat	214	xchat
212	xed	215	xed
213	xfburn	216	xfburn
		217	xfce4-dict
		218	xfce4-notes
214	xiphos	219	xiphos
215	xmms	220	xmms
216	xonotic-glx	221	xonotic-glx