5 files changed, 49 insertions, 3 deletions
diff --git a/README.md b/README.md
index 6a0ddd822..2bf935e6f 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ### New profiles:
-firefox-x11, tvbrowser, rtv
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
diff --git a/RELNOTES b/RELNOTES
index ccc3d766d..708f5b297 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,7 +1,7 @@
 firejail (0.9.63) baseline; urgency=low
  * work in progress
  * DHCP client support
-  * new profiles: firefox-x11, tvbrowser, rtv
+  * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/clipgrab.profile b/etc/clipgrab.profile
new file mode 100644
index 000000000..786d1c866
--- /dev/null
+++ b/etc/clipgrab.profile
@@ -0,0 +1,45 @@
+# Firejail profile for clipgrab
+# Description: A free video downloader and converter
+# This file is overwritten after every install/update
+# Persistent local customizations
+include clipgrab.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/Philipp Schmieder
+noblacklist ${HOME}/.pki
+noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+# Breaks tray-icon, uncommend or add to clipgrab.local if you don't need it.
+#nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+shell none
+disable-mnt
+private-cache
+private-dev
+private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index f46294a25..2eac1338e 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -97,6 +97,7 @@ blacklist ${HOME}/.config/MusicBrainz
 blacklist ${HOME}/.config/Nathan Osman
 blacklist ${HOME}/.config/Nylas Mail
 blacklist ${HOME}/.config/PBE
+blacklist ${HOME}/.config/Philipp Schmieder
 blacklist ${HOME}/.config/QGIS
 blacklist ${HOME}/.config/QMediathekView
 blacklist ${HOME}/.config/Qlipper
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc
index 78b947750..4115dbfeb 100644
--- a/etc/whitelist-usr-share-common.inc
+++ b/etc/whitelist-usr-share-common.inc
@@ -26,8 +26,8 @@ whitelist /usr/share/gtksourceview-4
 whitelist /usr/share/hunspell
 whitelist /usr/share/hwdata
 whitelist /usr/share/icons
-whitelist /usr/share/knotifications5
 whitelist /usr/share/icu
+whitelist /usr/share/knotifications5
 whitelist /usr/share/kservices5
 whitelist /usr/share/Kvantum
 whitelist /usr/share/kxmlgui5

diff --git a/README.md b/README.md index 6a0ddd822..2bf935e6f 100644 --- a/README.md +++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
151		151
152	### New profiles:	152	### New profiles:
153		153
154	firefox-x11, tvbrowser, rtv	154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab


diff --git a/RELNOTES b/RELNOTES index ccc3d766d..708f5b297 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,7 +1,7 @@
1	firejail (0.9.63) baseline; urgency=low	1	firejail (0.9.63) baseline; urgency=low
2	* work in progress	2	* work in progress
3	* DHCP client support	3	* DHCP client support
4	* new profiles: firefox-x11, tvbrowser, rtv	4	* new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab
5		5
6	firejail (0.9.62) baseline; urgency=low	6	firejail (0.9.62) baseline; urgency=low
7	* added file-copy-limit in /etc/firejail/firejail.config	7	* added file-copy-limit in /etc/firejail/firejail.config


diff --git a/etc/clipgrab.profile b/etc/clipgrab.profile new file mode 100644 index 000000000..786d1c866 --- /dev/null +++ b/etc/clipgrab.profile
@@ -0,0 +1,45 @@
		1	# Firejail profile for clipgrab
		2	# Description: A free video downloader and converter
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include clipgrab.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/Philipp Schmieder
		10	noblacklist ${HOME}/.pki
		11	noblacklist ${VIDEOS}
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	include whitelist-usr-share-common.inc
		22	include whitelist-var-common.inc
		23
		24	apparmor
		25	caps.drop all
		26	machine-id
		27	netfilter
		28	# Breaks tray-icon, uncommend or add to clipgrab.local if you don't need it.
		29	#nodbus
		30	nodvd
		31	nogroups
		32	nonewprivs
		33	noroot
		34	nosound
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix,inet,inet6,netlink
		39	seccomp !chroot
		40	shell none
		41
		42	disable-mnt
		43	private-cache
		44	private-dev
		45	private-tmp


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index f46294a25..2eac1338e 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -97,6 +97,7 @@ blacklist ${HOME}/.config/MusicBrainz
97	blacklist ${HOME}/.config/Nathan Osman	97	blacklist ${HOME}/.config/Nathan Osman
98	blacklist ${HOME}/.config/Nylas Mail	98	blacklist ${HOME}/.config/Nylas Mail
99	blacklist ${HOME}/.config/PBE	99	blacklist ${HOME}/.config/PBE
		100	blacklist ${HOME}/.config/Philipp Schmieder
100	blacklist ${HOME}/.config/QGIS	101	blacklist ${HOME}/.config/QGIS
101	blacklist ${HOME}/.config/QMediathekView	102	blacklist ${HOME}/.config/QMediathekView
102	blacklist ${HOME}/.config/Qlipper	103	blacklist ${HOME}/.config/Qlipper


diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc index 78b947750..4115dbfeb 100644 --- a/etc/whitelist-usr-share-common.inc +++ b/etc/whitelist-usr-share-common.inc
@@ -26,8 +26,8 @@ whitelist /usr/share/gtksourceview-4
26	whitelist /usr/share/hunspell	26	whitelist /usr/share/hunspell
27	whitelist /usr/share/hwdata	27	whitelist /usr/share/hwdata
28	whitelist /usr/share/icons	28	whitelist /usr/share/icons
29	whitelist /usr/share/knotifications5
30	whitelist /usr/share/icu	29	whitelist /usr/share/icu
		30	whitelist /usr/share/knotifications5
31	whitelist /usr/share/kservices5	31	whitelist /usr/share/kservices5
32	whitelist /usr/share/Kvantum	32	whitelist /usr/share/Kvantum
33	whitelist /usr/share/kxmlgui5	33	whitelist /usr/share/kxmlgui5