4 files changed, 53 insertions, 2 deletions
diff --git a/README.md b/README.md
index f6ce3b68f..8d2fb534b 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ### New profiles:
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl
diff --git a/RELNOTES b/RELNOTES
index 9541cef74..09e43e090 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,7 +3,8 @@ firejail (0.9.63) baseline; urgency=low
  * DHCP client support
  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
  * new profiles: gnome-passwordsafe, bibtex, gummi, latex
-  * new profiles: pdflatex, tex, wpp, wpspdf, wps, et
+  * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc
+  * new profiles: gnome-hexgl
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/gnome-hexgl.profile b/etc/gnome-hexgl.profile
new file mode 100644
index 000000000..386c33d7f
--- /dev/null
+++ b/etc/gnome-hexgl.profile
@@ -0,0 +1,49 @@
+# Firejail profile for gnome-hexgl
+# Description: Gthree port of HexGL
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-hexgl.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/mesa_shader_cache
+whitelist ${RUNUSER}/pulse
+whitelist ${RUNUSER}/wayland-0
+whitelist /usr/share/gnome-hexgl
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private
+private-bin gnome-hexgl
+private-cache
+private-dev
+private-etc machine-id
+private-tmp
+read-only ${HOME}
+read-write ${HOME}/.cache/mesa_shader_cache
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 040ad3827..51ec06402 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -261,6 +261,7 @@ gnome-clocks
 gnome-contacts
 gnome-documents
 gnome-font-viewer
+gnome-hexgl
 gnome-latex
 gnome-logs
 gnome-maps

diff --git a/README.md b/README.md index f6ce3b68f..8d2fb534b 100644 --- a/README.md +++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
151		151
152	### New profiles:	152	### New profiles:
153		153
154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et	154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl


diff --git a/RELNOTES b/RELNOTES index 9541cef74..09e43e090 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -3,7 +3,8 @@ firejail (0.9.63) baseline; urgency=low
3	* DHCP client support	3	* DHCP client support
4	* new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab	4	* new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
5	* new profiles: gnome-passwordsafe, bibtex, gummi, latex	5	* new profiles: gnome-passwordsafe, bibtex, gummi, latex
6	* new profiles: pdflatex, tex, wpp, wpspdf, wps, et	6	* new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc
		7	* new profiles: gnome-hexgl
7		8
8	firejail (0.9.62) baseline; urgency=low	9	firejail (0.9.62) baseline; urgency=low
9	* added file-copy-limit in /etc/firejail/firejail.config	10	* added file-copy-limit in /etc/firejail/firejail.config


diff --git a/etc/gnome-hexgl.profile b/etc/gnome-hexgl.profile new file mode 100644 index 000000000..386c33d7f --- /dev/null +++ b/etc/gnome-hexgl.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for gnome-hexgl
		2	# Description: Gthree port of HexGL
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gnome-hexgl.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-passwdmgr.inc
		14	include disable-programs.inc
		15	include disable-xdg.inc
		16
		17	mkdir ${HOME}/.cache/mesa_shader_cache
		18	whitelist ${RUNUSER}/pulse
		19	whitelist ${RUNUSER}/wayland-0
		20	whitelist /usr/share/gnome-hexgl
		21	include whitelist-usr-share-common.inc
		22	include whitelist-var-common.inc
		23
		24	apparmor
		25	caps.drop all
		26	net none
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	notv
		33	nou2f
		34	novideo
		35	protocol unix
		36	seccomp
		37	shell none
		38	tracelog
		39
		40	disable-mnt
		41	private
		42	private-bin gnome-hexgl
		43	private-cache
		44	private-dev
		45	private-etc machine-id
		46	private-tmp
		47
		48	read-only ${HOME}
		49	read-write ${HOME}/.cache/mesa_shader_cache


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 040ad3827..51ec06402 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -261,6 +261,7 @@ gnome-clocks
261	gnome-contacts	261	gnome-contacts
262	gnome-documents	262	gnome-documents
263	gnome-font-viewer	263	gnome-font-viewer
		264	gnome-hexgl
264	gnome-latex	265	gnome-latex
265	gnome-logs	266	gnome-logs
266	gnome-maps	267	gnome-maps