6 files changed, 76 insertions, 4 deletions
diff --git a/README.md b/README.md
index 1ac6988ab..8f37aca08 100644
--- a/README.md
+++ b/README.md
@@ -64,9 +64,16 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 `````
 # Current development version: 0.9.47
-Release 0.9.46 was moved on 0.9.46-bugfixes branch: https://github.com/netblue30/firejail/tree/0.9.46-bugfixes
+## Profile changes
-# Global customizations
 All profiles include /etc/firejail/globals.local for persistent customizations across all applications. For example, you
-can set here a global DNS "dns 8.8.8.8". The file is not overwritten during install.
+can set here a global DNS "dns 8.8.8.8". The file is not overwritten during software install.
+** The following BitTorrent clients have been whitelisted: Transmission, Deluge, qBitTorrent, KTorrent. Configuration files and
+~/Downloads directory are real, everything else is placed on a temporary filesystem and discarded when the
+sandboxed is closed. Please configure your client to put downloaded files in ~/Download directory. 
+The plan is to have all bittorrent clients whitelisted in the next release.**
+## New profiles
+vym, darktable
diff --git a/etc/darktable.profile b/etc/darktable.profile
new file mode 100644
index 000000000..29630a746
--- /dev/null
+++ b/etc/darktable.profile
@@ -0,0 +1,30 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/darktable.local
+noblacklist ~/.cache/darktable
+noblacklist ~/.config/darktable
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+# nogroups
+shell none
+# private-bin program
+# private-etc none
+# private-dev
+private-tmp
+nosound
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 12f6d6d6d..af0bbfce6 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -35,6 +35,7 @@ blacklist ${HOME}/.config/Gitter
 blacklist ${HOME}/.config/Google
 blacklist ${HOME}/.config/Gpredict
 blacklist ${HOME}/.config/INRIA
+blacklist ${HOME}/.config/InSilmaril
 blacklist ${HOME}/.config/Luminance
 blacklist ${HOME}/.config/Meltytech
 blacklist ${HOME}/.config/Mousepad
diff --git a/etc/vym.profile b/etc/vym.profile
new file mode 100644
index 000000000..4139ea901
--- /dev/null
+++ b/etc/vym.profile
@@ -0,0 +1,30 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/vym.local
+noblacklist ./.config/InSilmaril
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+# no network connectivity
+protocol unix
+seccomp
+#
+# depending on your usage, you can enable some of the commands below:
+#
+nogroups
+shell none
+# private-bin vym
+# private-etc none
+private-dev
+private-tmp
+nosound
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 3293f692d..9c99a918a 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -301,3 +301,5 @@
 /etc/firejail/youtube-dl.profile
 /etc/firejail/zathura.profile
 /etc/firejail/zoom.profile
+/etc/firejail/vym.profile
+/etc/firejail/darktable.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index f46fdea35..e58c8ee52 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -35,6 +35,7 @@ corebird
 # Cryptocat is added but commented since isn't installed to a */bin... keep an eye on this
 cvlc
 cyberfox
+darktable
 deadbeef
 deluge
 dia
@@ -220,6 +221,7 @@ vivaldi
 vivaldi-beta
 vivaldi-stable
 vlc
+vym
 w3m
 warzone2100
 weechat

diff --git a/README.md b/README.md index 1ac6988ab..8f37aca08 100644 --- a/README.md +++ b/README.md
@@ -64,9 +64,16 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
64	`````	64	`````
65	# Current development version: 0.9.47	65	# Current development version: 0.9.47
66		66
67	Release 0.9.46 was moved on 0.9.46-bugfixes branch: https://github.com/netblue30/firejail/tree/0.9.46-bugfixes	67	## Profile changes
68
69	# Global customizations
70		68
71	All profiles include /etc/firejail/globals.local for persistent customizations across all applications. For example, you	69	All profiles include /etc/firejail/globals.local for persistent customizations across all applications. For example, you
72	can set here a global DNS "dns 8.8.8.8". The file is not overwritten during install.	70	can set here a global DNS "dns 8.8.8.8". The file is not overwritten during software install.
		71
		72	** The following BitTorrent clients have been whitelisted: Transmission, Deluge, qBitTorrent, KTorrent. Configuration files and
		73	~/Downloads directory are real, everything else is placed on a temporary filesystem and discarded when the
		74	sandboxed is closed. Please configure your client to put downloaded files in ~/Download directory.
		75	The plan is to have all bittorrent clients whitelisted in the next release.**
		76
		77	## New profiles
		78
		79	vym, darktable


diff --git a/etc/darktable.profile b/etc/darktable.profile new file mode 100644 index 000000000..29630a746 --- /dev/null +++ b/etc/darktable.profile
@@ -0,0 +1,30 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/darktable.local
		7
		8	noblacklist ~/.cache/darktable
		9	noblacklist ~/.config/darktable
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-programs.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13
		14	caps.drop all
		15	netfilter
		16	nonewprivs
		17	noroot
		18	protocol unix,inet,inet6
		19	seccomp
		20
		21	#
		22	# depending on your usage, you can enable some of the commands below:
		23	#
		24	# nogroups
		25	shell none
		26	# private-bin program
		27	# private-etc none
		28	# private-dev
		29	private-tmp
		30	nosound


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 12f6d6d6d..af0bbfce6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -35,6 +35,7 @@ blacklist ${HOME}/.config/Gitter
35	blacklist ${HOME}/.config/Google	35	blacklist ${HOME}/.config/Google
36	blacklist ${HOME}/.config/Gpredict	36	blacklist ${HOME}/.config/Gpredict
37	blacklist ${HOME}/.config/INRIA	37	blacklist ${HOME}/.config/INRIA
		38	blacklist ${HOME}/.config/InSilmaril
38	blacklist ${HOME}/.config/Luminance	39	blacklist ${HOME}/.config/Luminance
39	blacklist ${HOME}/.config/Meltytech	40	blacklist ${HOME}/.config/Meltytech
40	blacklist ${HOME}/.config/Mousepad	41	blacklist ${HOME}/.config/Mousepad


diff --git a/etc/vym.profile b/etc/vym.profile new file mode 100644 index 000000000..4139ea901 --- /dev/null +++ b/etc/vym.profile
@@ -0,0 +1,30 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/vym.local
		7
		8	noblacklist ./.config/InSilmaril
		9	include /etc/firejail/disable-common.inc
		10	include /etc/firejail/disable-programs.inc
		11	include /etc/firejail/disable-passwdmgr.inc
		12
		13	caps.drop all
		14	netfilter
		15	nonewprivs
		16	noroot
		17	# no network connectivity
		18	protocol unix
		19	seccomp
		20
		21	#
		22	# depending on your usage, you can enable some of the commands below:
		23	#
		24	nogroups
		25	shell none
		26	# private-bin vym
		27	# private-etc none
		28	private-dev
		29	private-tmp
		30	nosound


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 3293f692d..9c99a918a 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -301,3 +301,5 @@
301	/etc/firejail/youtube-dl.profile	301	/etc/firejail/youtube-dl.profile
302	/etc/firejail/zathura.profile	302	/etc/firejail/zathura.profile
303	/etc/firejail/zoom.profile	303	/etc/firejail/zoom.profile
		304	/etc/firejail/vym.profile
		305	/etc/firejail/darktable.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f46fdea35..e58c8ee52 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -35,6 +35,7 @@ corebird
35	# Cryptocat is added but commented since isn't installed to a */bin... keep an eye on this	35	# Cryptocat is added but commented since isn't installed to a */bin... keep an eye on this
36	cvlc	36	cvlc
37	cyberfox	37	cyberfox
		38	darktable
38	deadbeef	39	deadbeef
39	deluge	40	deluge
40	dia	41	dia
@@ -220,6 +221,7 @@ vivaldi
220	vivaldi-beta	221	vivaldi-beta
221	vivaldi-stable	222	vivaldi-stable
222	vlc	223	vlc
		224	vym
223	w3m	225	w3m
224	warzone2100	226	warzone2100
225	weechat	227	weechat