7 files changed, 42 insertions, 7 deletions

diff --git a/README b/README
index 4284fb07d..e402ffe9b 100644
--- a/README
+++ b/README
@@ -96,6 +96,8 @@ BogDan Vatra (https://github.com/bog-dan-ro)
 Bruno Nova (https://github.com/brunonova)
         - whitelist fix
         - bash arguments fix
+BytesTuner (https://github.com/BytesTuner)
+        - provided keepassxc profile
 Cat (https://github.com/ecat3)
         - prevent tmux connecting to an existing session
 creideiki (https://github.com/creideiki)
diff --git a/README.md b/README.md
index 6efa2ed69..6a0448c16 100644
--- a/README.md
+++ b/README.md
@@ -195,4 +195,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau
 simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget,
 xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5,
 PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser,
-Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview
+Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc
diff --git a/RELNOTES b/RELNOTES
index 4766fdceb..2bae5f254 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -41,7 +41,7 @@ firejail (0.9.45) baseline; urgency=low
   * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
   * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
   * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa
-  * new profiles: Scribus, mousepad, gpicview
+  * new profiles: Scribus, mousepad, gpicview, keepassxc
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Sun, 23 Oct 2016 08:00:00 -0500
 
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index b5260e897..a61516771 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -2,10 +2,12 @@
 # Persistent customizations should go in a .local file.
 include /etc/firejail/disable-passwdmgr.local
 
-blacklist ${HOME}/.lastpass
-blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.config/KeePass
+blacklist ${HOME}/.config/keepass
+blacklist ${HOME}/.config/keepassx
+blacklist ${HOME}/.config/keepassxc
 blacklist ${HOME}/.keepass
+blacklist ${HOME}/.keepassx
+blacklist ${HOME}/.keepassxc
+blacklist ${HOME}/.lastpass
 blacklist ${HOME}/.password-store
-blacklist ${HOME}/.config/keepassx
-blacklist ${HOME}/.config/keepass
-blacklist ${HOME}/.config/KeePass
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
new file mode 100644
index 000000000..b11a0cc5d
--- /dev/null
+++ b/etc/keepassxc.profile
@@ -0,0 +1,29 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/keepassxc.local
+
+# Firejail profile for KeepassXC
+noblacklist ${HOME}/.config/keepassxc
+noblacklist ${HOME}/.keepassxc
+noblacklist ${HOME}/.*kdbx
+noblacklist ${HOME}/.*kdb
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+net none
+nogroups
+nonewprivs
+noroot
+nosound
+#protocol unix
+seccomp
+shell none
+
+private-bin keepassxc
+#private-etc fonts
+#private-dev
+private-tmp
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index a31f13200..414d1bb93 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -113,6 +113,7 @@
 /etc/firejail/keepass2.profile
 /etc/firejail/keepassx.profile
 /etc/firejail/keepassx2.profile
+/etc/firejail/keepassxc.profile
 /etc/firejail/kmail.profile
 /etc/firejail/konversation.profile
 /etc/firejail/less.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 5bfd94736..d85d751f4 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -193,6 +193,7 @@ keepass
 keepass2
 keepassx
 keepassx2
+keepassxc
 mousepad
 pluma
 Thunar