6 files changed, 63 insertions, 3 deletions
diff --git a/README b/README
index 55edc0ebe..5e7541903 100644
--- a/README
+++ b/README
@@ -575,6 +575,7 @@ rusty-snake (https://github.com/rusty-snake)
        - added profiles: ktouch, yelp, klatexformula, klatexformula_cmdl
        - added profiles: pandoc, gnome-sound-recorder, godot, newsbeuter
        - added profiles: keepassxc-cli, keepassxc-proxy, rhythmbox-client
+        - added profiles: zeal
        - many profile fixing and hardening
        - some typo fixes
        - added profile templates
diff --git a/README.md b/README.md
index e1a79120a..0694d51a1 100644
--- a/README.md
+++ b/README.md
@@ -115,5 +115,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
-klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client,
+gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal
-jerry
diff --git a/RELNOTES b/RELNOTES
index a00a27b32..c35b2971a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low
  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
  * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
-  * new profiles: keepassxc-proxy, rhythmbox-client, jerry
+  * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal
 -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 679a8c0a0..b3c83045b 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -110,6 +110,7 @@ blacklist ${HOME}/.config/SubDownloader
 blacklist ${HOME}/.config/Thunar
 blacklist ${HOME}/.config/VirtualBox
 blacklist ${HOME}/.config/Wire
+blacklist ${HOME}/.config/Zeal
 blacklist ${HOME}/.config/akonadi*
 blacklist ${HOME}/.config/akregatorrc
 blacklist ${HOME}/.config/ardour4
@@ -458,6 +459,7 @@ blacklist ${HOME}/.local/share/SuperHexagon
 blacklist ${HOME}/.local/share/TelegramDesktop
 blacklist ${HOME}/.local/share/Terraria
 blacklist ${HOME}/.local/share/TpLogger
+blacklist ${HOME}/.local/share/Zeal
 blacklist ${HOME}/.local/share/akonadi*
 blacklist ${HOME}/.local/share/akregator
 blacklist ${HOME}/.local/share/apps/korganizer
@@ -665,6 +667,7 @@ blacklist ${HOME}/.cache/Franz
 blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/MusicBrainz
 blacklist ${HOME}/.cache/QuiteRss
+blacklist ${HOME}/.cache/Zeal
 blacklist ${HOME}/.cache/akonadi*
 blacklist ${HOME}/.cache/atril
 blacklist ${HOME}/.cache/attic
diff --git a/etc/zeal.profile b/etc/zeal.profile
new file mode 100644
index 000000000..f0fa29aa3
--- /dev/null
+++ b/etc/zeal.profile
@@ -0,0 +1,56 @@
+# Firejail profile for zeal
+# Description: Offline documentation browser
+# This file is overwritten after every install/update
+# Persistent local customizations
+include zeal.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/Zeal
+noblacklist ${HOME}/.cache/Zeal
+noblacklist ${HOME}/.local/share/Zeal
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/Zeal
+mkdir ${HOME}/.cache/Zeal
+mkdir ${HOME}/.local/share/Zeal
+whitelist ${HOME}/.config/Zeal
+whitelist ${HOME}/.cache/Zeal
+whitelist ${HOME}/.local/share/Zeal
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin zeal
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
+private-tmp
+memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 10293cb8f..10a3340bd 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -659,5 +659,6 @@ youtube-dl
 zaproxy
 zart
 zathura
+zeal
 zoom
 zpaq

diff --git a/README b/README index 55edc0ebe..5e7541903 100644 --- a/README +++ b/README
@@ -575,6 +575,7 @@ rusty-snake (https://github.com/rusty-snake)
575	- added profiles: ktouch, yelp, klatexformula, klatexformula_cmdl	575	- added profiles: ktouch, yelp, klatexformula, klatexformula_cmdl
576	- added profiles: pandoc, gnome-sound-recorder, godot, newsbeuter	576	- added profiles: pandoc, gnome-sound-recorder, godot, newsbeuter
577	- added profiles: keepassxc-cli, keepassxc-proxy, rhythmbox-client	577	- added profiles: keepassxc-cli, keepassxc-proxy, rhythmbox-client
		578	- added profiles: zeal
578	- many profile fixing and hardening	579	- many profile fixing and hardening
579	- some typo fixes	580	- some typo fixes
580	- added profile templates	581	- added profile templates


diff --git a/README.md b/README.md index e1a79120a..0694d51a1 100644 --- a/README.md +++ b/README.md
@@ -115,5 +115,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
115		115
116	## New profiles:	116	## New profiles:
117		117
118	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark, keepassxc-cli, keepassxc-proxy, newsbeuter, rhythmbox-client,	118	gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal
119	jerry


diff --git a/RELNOTES b/RELNOTES index a00a27b32..c35b2971a 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -4,7 +4,7 @@ firejail (0.9.61) baseline; urgency=low
4	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks	4	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
5	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder	5	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
6	* new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli	6	* new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli
7	* new profiles: keepassxc-proxy, rhythmbox-client, jerry	7	* new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal
8	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500	8	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
9		9
10	firejail (0.9.60) baseline; urgency=low	10	firejail (0.9.60) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 679a8c0a0..b3c83045b 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -110,6 +110,7 @@ blacklist ${HOME}/.config/SubDownloader
110	blacklist ${HOME}/.config/Thunar	110	blacklist ${HOME}/.config/Thunar
111	blacklist ${HOME}/.config/VirtualBox	111	blacklist ${HOME}/.config/VirtualBox
112	blacklist ${HOME}/.config/Wire	112	blacklist ${HOME}/.config/Wire
		113	blacklist ${HOME}/.config/Zeal
113	blacklist ${HOME}/.config/akonadi*	114	blacklist ${HOME}/.config/akonadi*
114	blacklist ${HOME}/.config/akregatorrc	115	blacklist ${HOME}/.config/akregatorrc
115	blacklist ${HOME}/.config/ardour4	116	blacklist ${HOME}/.config/ardour4
@@ -458,6 +459,7 @@ blacklist ${HOME}/.local/share/SuperHexagon
458	blacklist ${HOME}/.local/share/TelegramDesktop	459	blacklist ${HOME}/.local/share/TelegramDesktop
459	blacklist ${HOME}/.local/share/Terraria	460	blacklist ${HOME}/.local/share/Terraria
460	blacklist ${HOME}/.local/share/TpLogger	461	blacklist ${HOME}/.local/share/TpLogger
		462	blacklist ${HOME}/.local/share/Zeal
461	blacklist ${HOME}/.local/share/akonadi*	463	blacklist ${HOME}/.local/share/akonadi*
462	blacklist ${HOME}/.local/share/akregator	464	blacklist ${HOME}/.local/share/akregator
463	blacklist ${HOME}/.local/share/apps/korganizer	465	blacklist ${HOME}/.local/share/apps/korganizer
@@ -665,6 +667,7 @@ blacklist ${HOME}/.cache/Franz
665	blacklist ${HOME}/.cache/INRIA	667	blacklist ${HOME}/.cache/INRIA
666	blacklist ${HOME}/.cache/MusicBrainz	668	blacklist ${HOME}/.cache/MusicBrainz
667	blacklist ${HOME}/.cache/QuiteRss	669	blacklist ${HOME}/.cache/QuiteRss
		670	blacklist ${HOME}/.cache/Zeal
668	blacklist ${HOME}/.cache/akonadi*	671	blacklist ${HOME}/.cache/akonadi*
669	blacklist ${HOME}/.cache/atril	672	blacklist ${HOME}/.cache/atril
670	blacklist ${HOME}/.cache/attic	673	blacklist ${HOME}/.cache/attic


diff --git a/etc/zeal.profile b/etc/zeal.profile new file mode 100644 index 000000000..f0fa29aa3 --- /dev/null +++ b/etc/zeal.profile
@@ -0,0 +1,56 @@
		1	# Firejail profile for zeal
		2	# Description: Offline documentation browser
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include zeal.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/Zeal
		10	noblacklist ${HOME}/.cache/Zeal
		11	noblacklist ${HOME}/.local/share/Zeal
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.config/Zeal
		22	mkdir ${HOME}/.cache/Zeal
		23	mkdir ${HOME}/.local/share/Zeal
		24	whitelist ${HOME}/.config/Zeal
		25	whitelist ${HOME}/.cache/Zeal
		26	whitelist ${HOME}/.local/share/Zeal
		27	include whitelist-common.inc
		28	include whitelist-var-common.inc
		29
		30	apparmor
		31	caps.drop all
		32	machine-id
		33	netfilter
		34	no3d
		35	nodbus
		36	nodvd
		37	nogroups
		38	nonewprivs
		39	noroot
		40	nosound
		41	notv
		42	nou2f
		43	novideo
		44	protocol unix,inet,inet6
		45	seccomp
		46	shell none
		47	tracelog
		48
		49	disable-mnt
		50	private-bin zeal
		51	private-cache
		52	private-dev
		53	private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg
		54	private-tmp
		55
		56	memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 10293cb8f..10a3340bd 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -659,5 +659,6 @@ youtube-dl
659	zaproxy	659	zaproxy
660	zart	660	zart
661	zathura	661	zathura
		662	zeal
662	zoom	663	zoom
663	zpaq	664	zpaq