7 files changed, 20 insertions, 3 deletions
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
index fe3202cea..7b2d344e5 100644
--- a/etc/checkbashisms.profile
+++ b/etc/checkbashisms.profile
@@ -44,7 +44,7 @@ x11 none
 private-cache
 private-dev
-private-lib perl*
+private-lib libfreebl3.so,perl*
 private-tmp
 memory-deny-write-execute
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index a1f78e3fe..c0bf1f8d4 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -369,6 +369,7 @@ blacklist ${HOME}/.hugin
 blacklist ${HOME}/.icedove
 blacklist ${HOME}/.imagej
 blacklist ${HOME}/.inkscape
+blacklist ${HOME}/.itch
 blacklist ${HOME}/.jack-server
 blacklist ${HOME}/.jack-settings
 blacklist ${HOME}/.jak
@@ -628,6 +629,7 @@ blacklist ${HOME}/.teeworlds
 blacklist ${HOME}/.thunderbird
 blacklist ${HOME}/.tilp
 blacklist ${HOME}/.tooling
+blacklist ${HOME}/.tor-browser
 blacklist ${HOME}/.tor-browser-*
 blacklist ${HOME}/.tor-browser_*
 blacklist ${HOME}/.torcs
diff --git a/etc/itch.profile b/etc/itch.profile
index c0b4fe6ce..b3c78c810 100644
--- a/etc/itch.profile
+++ b/etc/itch.profile
@@ -8,6 +8,7 @@ include globals.local
 # itch.io has native firejail/sandboxing support bundled in
 # See https://itch.io/docs/itch/using/sandbox/linux.html
+noblacklist ${HOME}/.itch
 noblacklist ${HOME}/.config/itch
 include disable-common.inc
@@ -16,7 +17,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+mkdir ${HOME}/.itch
 mkdir ${HOME}/.config/itch
+whitelist ${HOME}/.itch
 whitelist ${HOME}/.config/itch
 include whitelist-common.inc
diff --git a/etc/pluma.profile b/etc/pluma.profile
index 81b2b1481..1e0512fd8 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -6,6 +6,7 @@ include pluma.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.config/enchant
 noblacklist ${HOME}/.config/pluma
 noblacklist ${HOME}/.python-history
 noblacklist ${HOME}/.python_history
@@ -42,7 +43,7 @@ tracelog
 private-bin pluma
 private-dev
-private-lib pluma
+private-lib aspell,gconv,libgspell-1.so.*,libreadline.so.*,libtinfo.so.*,pluma
 private-tmp
 memory-deny-write-execute
diff --git a/etc/tor-browser.profile b/etc/tor-browser.profile
new file mode 100644
index 000000000..0cd84abf5
--- /dev/null
+++ b/etc/tor-browser.profile
@@ -0,0 +1,10 @@
+# Firejail profile alias for torbrowser-launcher
+# This file is overwritten after every install/update
+noblacklist ${HOME}/.tor-browser
+mkdir ${HOME}/.tor-browser
+whitelist ${HOME}/.tor-browser
+# Redirect
+include torbrowser-launcher.profile
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 75bcb04b4..00b82e852 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -48,7 +48,7 @@ shell none
 #tracelog
 disable-mnt
-private-bin bash,cat,cp,cut,dirname,env,expr,file,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,pwd,python*,readlink,realpath,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity
+private-bin bash,cat,cp,cut,dirname,env,expr,file,getconf,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,pwd,python*,readlink,realpath,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity
 private-dev
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl
 private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 4ee6eea4f..a6f259466 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -561,6 +561,7 @@ thunderbird
 thunderbird-beta
 thunderbird-wayland
 tilp
+tor-browser
 tor-browser-ar
 tor-browser-ca
 tor-browser-cs