5 files changed, 10 insertions, 59 deletions
diff --git a/README.md b/README.md
index d3f5db872..73d9390d9 100644
--- a/README.md
+++ b/README.md
@@ -293,4 +293,4 @@ firefox-common-addons.inc in firefox-common.profile.
 Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
 pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
 tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder,
-gnome-recipes, akonadi_control
+gnome-recipes, akonadi_control, blender-2.8, thunderbird-beta
diff --git a/RELNOTES b/RELNOTES
index 681e2a865..18a4bf346 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -29,7 +29,7 @@ firejail (0.9.53) baseline; urgency=low
  * new profiles: discord-canary, pycharm-community, pycharm-professional,
  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
  * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes
-  * new profiles: akonadi_control
+  * new profiles: akonadi_control, blender-2.8, thunderbird-beta
 -- netblue30 <netblue30@yahoo.com>  Thu, 1 Mar 2018 08:00:00 -0500
 firejail (0.9.52) baseline; urgency=low
diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile
index 29df27759..4b907018e 100644
--- a/etc/blender-2.8.profile
+++ b/etc/blender-2.8.profile
@@ -1,30 +1,6 @@
-# Firejail profile for blender
+# Firejail profile alias for blender
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/blender.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-noblacklist ${HOME}/.config/blender
-include /etc/firejail/disable-common.inc
+# Redirect
-include /etc/firejail/disable-devel.inc
+include /etc/firejail/blender.profile
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-private-dev
-private-tmp
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile
index fb1ee46e2..73d2419da 100644
--- a/etc/thunderbird-beta.profile
+++ b/etc/thunderbird-beta.profile
@@ -1,35 +1,8 @@
-# Firejail profile for thunderbird
+# Firejail profile alias for thunderbird-beta
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/thunderbird.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-# Users have thunderbird set to open a browser by clicking a link in an email
-# We are not allowed to blacklist browser-specific directories
-whitelist /opt/thunderbird-beta
-noblacklist ${HOME}/.cache/thunderbird
-noblacklist ${HOME}/.gnupg
-# noblacklist ${HOME}/.icedove
-noblacklist ${HOME}/.thunderbird
-mkdir ${HOME}/.cache/thunderbird
-mkdir ${HOME}/.gnupg
-# mkdir ${HOME}/.icedove
-mkdir ${HOME}/.thunderbird
-whitelist ${HOME}/.cache/thunderbird
-whitelist ${HOME}/.gnupg
-# whitelist ${HOME}/.icedove
-whitelist ${HOME}/.thunderbird
-# We need the real /tmp for data exchange when xdg-open handles email attachments on KDE
+whitelist /opt/thunderbird-beta
-ignore private-tmp
-# machine-id breaks audio in browsers; enable it when sound is not required
-# machine-id
-read-only ${HOME}/.config/mimeapps.list
-# writable-run-user is needed for signing and encrypting emails
-writable-run-user
-# allow browsers
 # Redirect
-include /etc/firejail/firefox.profile
+include /etc/firejail/thunderbird.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2ffaa8b98..fafbc83d9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -44,6 +44,7 @@ bibletime
 bitlbee
 bleachbit
 blender
+blender-2.8
 bless
 bluefish
 bnox
@@ -350,6 +351,7 @@ telegram
 telegram-desktop
 terasology
 thunderbird
+thunderbird-beta
 tilp
 tor-browser-ar
 tor-browser-en

diff --git a/README.md b/README.md index d3f5db872..73d9390d9 100644 --- a/README.md +++ b/README.md
@@ -293,4 +293,4 @@ firefox-common-addons.inc in firefox-common.profile.
293	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,	293	Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
294	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,	294	pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
295	tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder,	295	tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder,
296	gnome-recipes, akonadi_control	296	gnome-recipes, akonadi_control, blender-2.8, thunderbird-beta


diff --git a/RELNOTES b/RELNOTES index 681e2a865..18a4bf346 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -29,7 +29,7 @@ firejail (0.9.53) baseline; urgency=low
29	* new profiles: discord-canary, pycharm-community, pycharm-professional,	29	* new profiles: discord-canary, pycharm-community, pycharm-professional,
30	* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,	30	* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
31	* new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes	31	* new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes
32	* new profiles: akonadi_control	32	* new profiles: akonadi_control, blender-2.8, thunderbird-beta
33	-- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500	33	-- netblue30 <netblue30@yahoo.com> Thu, 1 Mar 2018 08:00:00 -0500
34		34
35	firejail (0.9.52) baseline; urgency=low	35	firejail (0.9.52) baseline; urgency=low


diff --git a/etc/blender-2.8.profile b/etc/blender-2.8.profile index 29df27759..4b907018e 100644 --- a/etc/blender-2.8.profile +++ b/etc/blender-2.8.profile
@@ -1,30 +1,6 @@
1	# Firejail profile for blender	1	# Firejail profile alias for blender
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations
4	include /etc/firejail/blender.local
5	# Persistent global definitions
6	include /etc/firejail/globals.local
7		3
8	noblacklist ${HOME}/.config/blender
9		4
10	include /etc/firejail/disable-common.inc	5	# Redirect
11	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/blender.profile
12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc
14
15	caps.drop all
16	netfilter
17	nodvd
18	nogroups
19	nonewprivs
20	noroot
21	notv
22	protocol unix,inet,inet6,netlink
23	seccomp
24	shell none
25
26	private-dev
27	private-tmp
28
29	noexec ${HOME}
30	noexec /tmp


diff --git a/etc/thunderbird-beta.profile b/etc/thunderbird-beta.profile index fb1ee46e2..73d2419da 100644 --- a/etc/thunderbird-beta.profile +++ b/etc/thunderbird-beta.profile
@@ -1,35 +1,8 @@
1	# Firejail profile for thunderbird	1	# Firejail profile alias for thunderbird-beta
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations
4	include /etc/firejail/thunderbird.local
5	# Persistent global definitions
6	include /etc/firejail/globals.local
7		3
8	# Users have thunderbird set to open a browser by clicking a link in an email
9	# We are not allowed to blacklist browser-specific directories
10	whitelist /opt/thunderbird-beta
11	noblacklist ${HOME}/.cache/thunderbird
12	noblacklist ${HOME}/.gnupg
13	# noblacklist ${HOME}/.icedove
14	noblacklist ${HOME}/.thunderbird
15
16	mkdir ${HOME}/.cache/thunderbird
17	mkdir ${HOME}/.gnupg
18	# mkdir ${HOME}/.icedove
19	mkdir ${HOME}/.thunderbird
20	whitelist ${HOME}/.cache/thunderbird
21	whitelist ${HOME}/.gnupg
22	# whitelist ${HOME}/.icedove
23	whitelist ${HOME}/.thunderbird
24		4
25	# We need the real /tmp for data exchange when xdg-open handles email attachments on KDE	5	whitelist /opt/thunderbird-beta
26	ignore private-tmp
27	# machine-id breaks audio in browsers; enable it when sound is not required
28	# machine-id
29	read-only ${HOME}/.config/mimeapps.list
30	# writable-run-user is needed for signing and encrypting emails
31	writable-run-user
32		6
33	# allow browsers
34	# Redirect	7	# Redirect
35	include /etc/firejail/firefox.profile	8	include /etc/firejail/thunderbird.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2ffaa8b98..fafbc83d9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -44,6 +44,7 @@ bibletime
44	bitlbee	44	bitlbee
45	bleachbit	45	bleachbit
46	blender	46	blender
		47	blender-2.8
47	bless	48	bless
48	bluefish	49	bluefish
49	bnox	50	bnox
@@ -350,6 +351,7 @@ telegram
350	telegram-desktop	351	telegram-desktop
351	terasology	352	terasology
352	thunderbird	353	thunderbird
		354	thunderbird-beta
353	tilp	355	tilp
354	tor-browser-ar	356	tor-browser-ar
355	tor-browser-en	357	tor-browser-en