3 files changed, 63 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 623e1efff..5481f976f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -94,6 +94,7 @@ blacklist ${HOME}/.config/Nathan Osman
 blacklist ${HOME}/.config/Nylas Mail
 blacklist ${HOME}/.config/PBE
 blacklist ${HOME}/.config/Qlipper
+blacklist ${HOME}/.config/QGIS
 blacklist ${HOME}/.config/QMediathekView
 blacklist ${HOME}/.config/QuiteRss
 blacklist ${HOME}/.config/QuiteRssrc
@@ -440,6 +441,7 @@ blacklist ${HOME}/.local/share/JetBrains
 blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
 blacklist ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/QGIS
 blacklist ${HOME}/.local/share/QMediathekView
 blacklist ${HOME}/.local/share/QuiteRss
 blacklist ${HOME}/.local/share/Ricochet
@@ -579,6 +581,7 @@ blacklist ${HOME}/.pingus
 blacklist ${HOME}/.pioneer
 blacklist ${HOME}/.purple
 blacklist ${HOME}/.qemu-launcher
+blacklist ${HOME}/.qgis2
 blacklist ${HOME}/.qmmp
 blacklist ${HOME}/.quodlibet
 blacklist ${HOME}/.redeclipse
diff --git a/etc/qgis.profile b/etc/qgis.profile
new file mode 100644
index 000000000..750d006e2
--- /dev/null
+++ b/etc/qgis.profile
@@ -0,0 +1,59 @@
+# Firejail profile for qgis
+# Description: GIS application
+# This file is overwritten after every install/update
+# Persistent local customizations
+include qgis.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/QtProject.conf
+noblacklist ${HOME}/.config/QGIS
+noblacklist ${HOME}/.local/share/QGIS
+noblacklist ${HOME}/.qgis2
+noblacklist ${DOCUMENTS}
+# Allow python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python3*
+noblacklist /usr/local/lib/python3*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.local/share/QGIS
+mkdir ${HOME}/.qgis2
+mkdir ${HOME}/.config/QGIS
+whitelist ${HOME}/.local/share/QGIS
+whitelist ${HOME}/.qgis2
+whitelist ${HOME}/.config/QGIS
+whitelist ${DOCUMENTS}
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+machine-id
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,set_mempolicy,migrate_pages,move_pages,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,vmsplice,umount,userfaultfd,mincore
+protocol unix,inet,inet6,netlink
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl,QGIS,QGIS.conf,Trolltech.conf
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index cc1718486..48789359d 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -450,6 +450,7 @@ pybitmessage
 # pycharm-professional
 qbittorrent
 qemu-launcher
+qgis
 qlipper
 qmmp
 qpdfview

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 623e1efff..5481f976f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -94,6 +94,7 @@ blacklist ${HOME}/.config/Nathan Osman
94	blacklist ${HOME}/.config/Nylas Mail	94	blacklist ${HOME}/.config/Nylas Mail
95	blacklist ${HOME}/.config/PBE	95	blacklist ${HOME}/.config/PBE
96	blacklist ${HOME}/.config/Qlipper	96	blacklist ${HOME}/.config/Qlipper
		97	blacklist ${HOME}/.config/QGIS
97	blacklist ${HOME}/.config/QMediathekView	98	blacklist ${HOME}/.config/QMediathekView
98	blacklist ${HOME}/.config/QuiteRss	99	blacklist ${HOME}/.config/QuiteRss
99	blacklist ${HOME}/.config/QuiteRssrc	100	blacklist ${HOME}/.config/QuiteRssrc
@@ -440,6 +441,7 @@ blacklist ${HOME}/.local/share/JetBrains
440	blacklist ${HOME}/.local/share/Mendeley Ltd.	441	blacklist ${HOME}/.local/share/Mendeley Ltd.
441	blacklist ${HOME}/.local/share/Mumble	442	blacklist ${HOME}/.local/share/Mumble
442	blacklist ${HOME}/.local/share/PBE	443	blacklist ${HOME}/.local/share/PBE
		444	blacklist ${HOME}/.local/share/QGIS
443	blacklist ${HOME}/.local/share/QMediathekView	445	blacklist ${HOME}/.local/share/QMediathekView
444	blacklist ${HOME}/.local/share/QuiteRss	446	blacklist ${HOME}/.local/share/QuiteRss
445	blacklist ${HOME}/.local/share/Ricochet	447	blacklist ${HOME}/.local/share/Ricochet
@@ -579,6 +581,7 @@ blacklist ${HOME}/.pingus
579	blacklist ${HOME}/.pioneer	581	blacklist ${HOME}/.pioneer
580	blacklist ${HOME}/.purple	582	blacklist ${HOME}/.purple
581	blacklist ${HOME}/.qemu-launcher	583	blacklist ${HOME}/.qemu-launcher
		584	blacklist ${HOME}/.qgis2
582	blacklist ${HOME}/.qmmp	585	blacklist ${HOME}/.qmmp
583	blacklist ${HOME}/.quodlibet	586	blacklist ${HOME}/.quodlibet
584	blacklist ${HOME}/.redeclipse	587	blacklist ${HOME}/.redeclipse


diff --git a/etc/qgis.profile b/etc/qgis.profile new file mode 100644 index 000000000..750d006e2 --- /dev/null +++ b/etc/qgis.profile
@@ -0,0 +1,59 @@
		1	# Firejail profile for qgis
		2	# Description: GIS application
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include qgis.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/QtProject.conf
		10	noblacklist ${HOME}/.config/QGIS
		11	noblacklist ${HOME}/.local/share/QGIS
		12	noblacklist ${HOME}/.qgis2
		13	noblacklist ${DOCUMENTS}
		14
		15	# Allow python (blacklisted by disable-interpreters.inc)
		16	noblacklist ${PATH}/python3*
		17	noblacklist /usr/lib/python3*
		18	noblacklist /usr/local/lib/python3*
		19
		20	include disable-common.inc
		21	include disable-devel.inc
		22	include disable-exec.inc
		23	include disable-interpreters.inc
		24	include disable-passwdmgr.inc
		25	include disable-programs.inc
		26	include disable-xdg.inc
		27
		28	mkdir ${HOME}/.local/share/QGIS
		29	mkdir ${HOME}/.qgis2
		30	mkdir ${HOME}/.config/QGIS
		31	whitelist ${HOME}/.local/share/QGIS
		32	whitelist ${HOME}/.qgis2
		33	whitelist ${HOME}/.config/QGIS
		34	whitelist ${DOCUMENTS}
		35	include whitelist-common.inc
		36	include whitelist-var-common.inc
		37
		38	caps.drop all
		39	netfilter
		40	machine-id
		41	nodbus
		42	nodvd
		43	nogroups
		44	nonewprivs
		45	noroot
		46	nosound
		47	notv
		48	nou2f
		49	novideo
		50	seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,set_mempolicy,migrate_pages,move_pages,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,vmsplice,umount,userfaultfd,mincore
		51	protocol unix,inet,inet6,netlink
		52	shell none
		53	tracelog
		54
		55	disable-mnt
		56	private-cache
		57	private-dev
		58	private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl,QGIS,QGIS.conf,Trolltech.conf
		59	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index cc1718486..48789359d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -450,6 +450,7 @@ pybitmessage
450	# pycharm-professional	450	# pycharm-professional
451	qbittorrent	451	qbittorrent
452	qemu-launcher	452	qemu-launcher
		453	qgis
453	qlipper	454	qlipper
454	qmmp	455	qmmp
455	qpdfview	456	qpdfview