5 files changed, 61 insertions, 1 deletions
diff --git a/README.md b/README.md
index c370368d7..1cbe84a62 100644
--- a/README.md
+++ b/README.md
@@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom
 penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,
 four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
 hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
-seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop
+seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer
diff --git a/RELNOTES b/RELNOTES
index d0cf88d4d..e77db8cf8 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -39,6 +39,7 @@ firejail (0.9.63) baseline; urgency=low
  * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper
  * new profiles: gapplication, openarena_ded, element-desktop, cawbird, freetube
  * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash
+  * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer
 -- netblue30 <netblue30@yahoo.com>  Tue, 21 Apr 2020 08:00:00 -0500
 firejail (0.9.62) baseline; urgency=low
diff --git a/etc/profile-m-z/org.gnome.NautilusPreviewer.profile b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile
new file mode 100644
index 000000000..eb75add58
--- /dev/null
+++ b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile
@@ -0,0 +1,10 @@
+# Firejail profile alias for sushi
+# This file is overwritten after every install/update
+# Persistent local customizations
+include org.gnome.NautilusPreviewer.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+# Redirect
+include sushi.profile
diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile
new file mode 100644
index 000000000..68abd8c94
--- /dev/null
+++ b/etc/profile-m-z/sushi.profile
@@ -0,0 +1,48 @@
+# Firejail profile for sushi
+# Description: A quick previewer for Nautilus
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sushi.local
+# Persistent global definitions
+include globals.local
+# Allow gjs (blacklisted by disable-interpreters.inc)
+include allow-gjs.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# include disable-programs.inc
+include disable-shell.inc
+include whitelist-runuser-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-bin gjs,sushi
+private-dev
+private-tmp
+dbus-system none
+read-only /
+read-only /mnt
+read-only /media
+read-only /run/mount
+read-only /run/media
+read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ee0def5aa..77b0596e9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -663,6 +663,7 @@ subdownloader
 supertux2
 supertuxkart
 surf
+sushi
 swell-foop
 sylpheed
 synfigstudio

diff --git a/README.md b/README.md index c370368d7..1cbe84a62 100644 --- a/README.md +++ b/README.md
@@ -196,4 +196,4 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom
196	penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,	196	penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,
197	four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,	197	four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
198	hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,	198	hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
199	seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop	199	seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer


diff --git a/RELNOTES b/RELNOTES index d0cf88d4d..e77db8cf8 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -39,6 +39,7 @@ firejail (0.9.63) baseline; urgency=low
39	* new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper	39	* new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper
40	* new profiles: gapplication, openarena_ded, element-desktop, cawbird, freetube	40	* new profiles: gapplication, openarena_ded, element-desktop, cawbird, freetube
41	* new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash	41	* new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash
		42	* new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer
42	-- netblue30 <netblue30@yahoo.com> Tue, 21 Apr 2020 08:00:00 -0500	43	-- netblue30 <netblue30@yahoo.com> Tue, 21 Apr 2020 08:00:00 -0500
43		44
44	firejail (0.9.62) baseline; urgency=low	45	firejail (0.9.62) baseline; urgency=low


diff --git a/etc/profile-m-z/org.gnome.NautilusPreviewer.profile b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile new file mode 100644 index 000000000..eb75add58 --- /dev/null +++ b/etc/profile-m-z/org.gnome.NautilusPreviewer.profile
@@ -0,0 +1,10 @@
		1	# Firejail profile alias for sushi
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include org.gnome.NautilusPreviewer.local
		5	# Persistent global definitions
		6	# added by included profile
		7	#include globals.local
		8
		9	# Redirect
		10	include sushi.profile


diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile new file mode 100644 index 000000000..68abd8c94 --- /dev/null +++ b/etc/profile-m-z/sushi.profile
@@ -0,0 +1,48 @@
		1	# Firejail profile for sushi
		2	# Description: A quick previewer for Nautilus
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include sushi.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	# Allow gjs (blacklisted by disable-interpreters.inc)
		10	include allow-gjs.inc
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-passwdmgr.inc
		17	# include disable-programs.inc
		18	include disable-shell.inc
		19
		20	include whitelist-runuser-common.inc
		21
		22	apparmor
		23	caps.drop all
		24	net none
		25	nodvd
		26	nogroups
		27	nonewprivs
		28	noroot
		29	notv
		30	nou2f
		31	novideo
		32	protocol unix
		33	seccomp
		34	shell none
		35	tracelog
		36
		37	private-bin gjs,sushi
		38	private-dev
		39	private-tmp
		40
		41	dbus-system none
		42
		43	read-only /
		44	read-only /mnt
		45	read-only /media
		46	read-only /run/mount
		47	read-only /run/media
		48	read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ee0def5aa..77b0596e9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -663,6 +663,7 @@ subdownloader
663	supertux2	663	supertux2
664	supertuxkart	664	supertuxkart
665	surf	665	surf
		666	sushi
666	swell-foop	667	swell-foop
667	sylpheed	668	sylpheed
668	synfigstudio	669	synfigstudio