4 files changed, 70 insertions, 2 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index a651a2171..976c2dab9 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -587,6 +587,7 @@ blacklist ${HOME}/.local/share/agenda
 blacklist ${HOME}/.local/share/apps/korganizer
 blacklist ${HOME}/.local/share/aspyr-media
 blacklist ${HOME}/.local/share/autokey
+blacklist ${HOME}/.local/share/authenticator-rs 
 blacklist ${HOME}/.local/share/backintime
 blacklist ${HOME}/.local/share/baloo
 blacklist ${HOME}/.local/share/barrier
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile
new file mode 100644
index 000000000..1eb802d9b
--- /dev/null
+++ b/etc/profile-a-l/authenticator-rs.profile
@@ -0,0 +1,55 @@
+# Firejail profile for authenticator-rs
+# Description: Rust based 2FA authentication program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include authenticator-rs.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.local/share/authenticator-rs 
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.local/share/authenticator-rs
+whitelist ${HOME}/.local/share/authenticator-rs 
+whitelist ${DOWNLOADS} 
+whitelist /usr/share/uk.co.grumlimited.authenticator-rs
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc 
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin authenticator-rs
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,pki,resolv.conf,ssl,xdg
+private-tmp
+
+dbus-user filter
+dbus-user.talk ca.desrt.dconf
+dbus-system none
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile
index 0024b6660..640b0e485 100644
--- a/etc/profile-a-l/falkon.profile
+++ b/etc/profile-a-l/falkon.profile
@@ -15,15 +15,20 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
 mkdir ${HOME}/.cache/falkon
 mkdir ${HOME}/.config/falkon
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/falkon
 whitelist ${HOME}/.config/falkon
+whitelist /usr/share/falkon
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
+apparmor
 caps.drop all
 netfilter
 nodvd
@@ -37,7 +42,13 @@ protocol unix,inet,inet6,netlink
 seccomp !chroot
 # tracelog
 
+disable-mnt
+# private-bin falkon
+private-cache
 private-dev
-# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
-# private-tmp - interferes with the opening of downloaded files
+private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-tmp
 
+# dbus-user filter
+# dbus-user.own org.kde.Falkon
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index b10ed26d7..27611ff19 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -63,6 +63,7 @@ audacious
 audacity
 audio-recorder
 authenticator
+authenticator-rs
 autokey-gtk
 autokey-qt
 autokey-run