8 files changed, 64 insertions, 1 deletions
diff --git a/README b/README
index 998037e31..915001ec2 100644
--- a/README
+++ b/README
@@ -394,6 +394,7 @@ startx2017 (https://github.com/startx2017)
        - --quiet fixes
        - 0.9.38-LTS branch maintainer
        - firemon --top speed-up
+        - Blender and 2048-qt profiles
 thewisenerd (https://github.com/thewisenerd)
        - allow multiple private-home commands
        - use $SHELL variable if the shell is not specified
diff --git a/README.md b/README.md
index 65ae6457a..fdcca9e6e 100644
--- a/README.md
+++ b/README.md
@@ -219,4 +219,4 @@ Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, Me
 Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
 Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
 mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap,
-knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr 
+knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr, Blender, 2048-qt 
diff --git a/RELNOTES b/RELNOTES
index ccd841e27..be9e35af7 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -49,6 +49,7 @@ firejail (0.9.46-rc1) baseline; urgency=low
  * new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
  * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
  * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr
+  * new profiles: Blender, 2048-qt
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Fri, 7 Apr 2017 08:00:00 -0500
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
new file mode 100644
index 000000000..f0ec90ee7
--- /dev/null
+++ b/etc/2048-qt.profile
@@ -0,0 +1,27 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/2048-qt.local
+noblacklist ~/.config/xiaoyong
+noblacklist ~/.config/2048-qt
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on your usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+# private-dev
+# private-tmp
+nosound
diff --git a/etc/blender.profile b/etc/blender.profile
new file mode 100644
index 000000000..fac6f7731
--- /dev/null
+++ b/etc/blender.profile
@@ -0,0 +1,28 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/blender.local
+noblacklist ~/.config/blender
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+#
+# depending on your usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+# private-dev
+# private-tmp
+# blender uses the sound system
+# nosound
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 29da32bbf..0ee47a89e 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5
 blacklist ${HOME}/.bibletime
 blacklist ${HOME}/.claws-mail
 blacklist ${HOME}/.config/0ad
+blacklist ${HOME}/.config/2048-qt
 blacklist ${HOME}/.config/akregatorrc
 blacklist ${HOME}/.config/Atom
 blacklist ${HOME}/.config/Audaciousrc
@@ -151,6 +152,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
 blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
 blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
 blacklist ${HOME}/.config/xfce4-dict
+blacklist ${HOME}/.config/xiaoyong
 blacklist ${HOME}/.config/xmms2
 blacklist ${HOME}/.config/xplayer
 blacklist ${HOME}/.config/xreader
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index ae7924140..af2f72d01 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -298,3 +298,5 @@
 /etc/firejail/qlipper.profile
 /etc/firejail/Xvfb.profile
 /etc/firejail/Xephyr.profile
+/etc/firejail/blender.profile
+/etc/firejail/2048-qt.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 3869a5bdb..60e414755 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -2,6 +2,7 @@
 # This is the list of programs in alfabetical order handled by firecfg utility
 #
 0ad
+2048-qt
 abrowser
 akregator
 amarok
@@ -19,6 +20,7 @@ bibletime
 bitlbee
 bleachbit
 bless
+blender
 brasero
 brave
 cherrytree

diff --git a/README b/README index 998037e31..915001ec2 100644 --- a/README +++ b/README
@@ -394,6 +394,7 @@ startx2017 (https://github.com/startx2017)
394	- --quiet fixes	394	- --quiet fixes
395	- 0.9.38-LTS branch maintainer	395	- 0.9.38-LTS branch maintainer
396	- firemon --top speed-up	396	- firemon --top speed-up
		397	- Blender and 2048-qt profiles
397	thewisenerd (https://github.com/thewisenerd)	398	thewisenerd (https://github.com/thewisenerd)
398	- allow multiple private-home commands	399	- allow multiple private-home commands
399	- use $SHELL variable if the shell is not specified	400	- use $SHELL variable if the shell is not specified


diff --git a/README.md b/README.md index 65ae6457a..fdcca9e6e 100644 --- a/README.md +++ b/README.md
@@ -219,4 +219,4 @@ Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, Me
219	Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,	219	Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
220	Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,	220	Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
221	mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap,	221	mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap,
222	knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr	222	knotes, clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr, Blender, 2048-qt


diff --git a/RELNOTES b/RELNOTES index ccd841e27..be9e35af7 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -49,6 +49,7 @@ firejail (0.9.46-rc1) baseline; urgency=low
49	* new profiles: mate-calc, mate-dictionary, mate-color-select, caja,	49	* new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
50	* new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes	50	* new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
51	* new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr	51	* new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr
		52	* new profiles: Blender, 2048-qt
52	* bugfixes	53	* bugfixes
53	-- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500	54	-- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500
54		55


diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile new file mode 100644 index 000000000..f0ec90ee7 --- /dev/null +++ b/etc/2048-qt.profile
@@ -0,0 +1,27 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/2048-qt.local
		4
		5	noblacklist ~/.config/xiaoyong
		6	noblacklist ~/.config/2048-qt
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-programs.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10
		11	caps.drop all
		12	netfilter
		13	nonewprivs
		14	noroot
		15	protocol unix,inet,inet6
		16	seccomp
		17
		18	#
		19	# depending on your usage, you can enable some of the commands below:
		20	#
		21	nogroups
		22	shell none
		23	# private-bin program
		24	# private-etc none
		25	# private-dev
		26	# private-tmp
		27	nosound


diff --git a/etc/blender.profile b/etc/blender.profile new file mode 100644 index 000000000..fac6f7731 --- /dev/null +++ b/etc/blender.profile
@@ -0,0 +1,28 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/blender.local
		4
		5	noblacklist ~/.config/blender
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6,netlink
		15	seccomp
		16
		17	#
		18	# depending on your usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	# private-dev
		25	# private-tmp
		26
		27	# blender uses the sound system
		28	# nosound


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 29da32bbf..0ee47a89e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -21,6 +21,7 @@ blacklist ${HOME}/.bcast5
21	blacklist ${HOME}/.bibletime	21	blacklist ${HOME}/.bibletime
22	blacklist ${HOME}/.claws-mail	22	blacklist ${HOME}/.claws-mail
23	blacklist ${HOME}/.config/0ad	23	blacklist ${HOME}/.config/0ad
		24	blacklist ${HOME}/.config/2048-qt
24	blacklist ${HOME}/.config/akregatorrc	25	blacklist ${HOME}/.config/akregatorrc
25	blacklist ${HOME}/.config/Atom	26	blacklist ${HOME}/.config/Atom
26	blacklist ${HOME}/.config/Audaciousrc	27	blacklist ${HOME}/.config/Audaciousrc
@@ -151,6 +152,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
151	blacklist ${HOME}/.config/xfce4/xfce4-notes.rc	152	blacklist ${HOME}/.config/xfce4/xfce4-notes.rc
152	blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc	153	blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc
153	blacklist ${HOME}/.config/xfce4-dict	154	blacklist ${HOME}/.config/xfce4-dict
		155	blacklist ${HOME}/.config/xiaoyong
154	blacklist ${HOME}/.config/xmms2	156	blacklist ${HOME}/.config/xmms2
155	blacklist ${HOME}/.config/xplayer	157	blacklist ${HOME}/.config/xplayer
156	blacklist ${HOME}/.config/xreader	158	blacklist ${HOME}/.config/xreader


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ae7924140..af2f72d01 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -298,3 +298,5 @@
298	/etc/firejail/qlipper.profile	298	/etc/firejail/qlipper.profile
299	/etc/firejail/Xvfb.profile	299	/etc/firejail/Xvfb.profile
300	/etc/firejail/Xephyr.profile	300	/etc/firejail/Xephyr.profile
		301	/etc/firejail/blender.profile
		302	/etc/firejail/2048-qt.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3869a5bdb..60e414755 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -2,6 +2,7 @@
2	# This is the list of programs in alfabetical order handled by firecfg utility	2	# This is the list of programs in alfabetical order handled by firecfg utility
3	#	3	#
4	0ad	4	0ad
		5	2048-qt
5	abrowser	6	abrowser
6	akregator	7	akregator
7	amarok	8	amarok
@@ -19,6 +20,7 @@ bibletime
19	bitlbee	20	bitlbee
20	bleachbit	21	bleachbit
21	bless	22	bless
		23	blender
22	brasero	24	brasero
23	brave	25	brave
24	cherrytree	26	cherrytree