12 files changed, 210 insertions, 12 deletions
diff --git a/README.md b/README.md
index 71167c3b8..175ba70b6 100644
--- a/README.md
+++ b/README.md
@@ -330,5 +330,6 @@ Stats:
 ### New profiles:
-vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop.
+vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
-avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop
+avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop,
+pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2
diff --git a/RELNOTES b/RELNOTES
index 57b19d8d5..3b74ebd5a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -15,7 +15,8 @@ firejail (0.9.65) baseline; urgency=low
  * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng
  * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
  * avidemux, calligragemini, vmware-player, vmware-workstation
-  * gget, com.github.phase1geo.minder, nextcloud-desktop
+  * gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr
+  * PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2
 -- netblue30 <netblue30@yahoo.com>  Tue, 9 Feb 2021 09:00:00 -0500
 firejail (0.9.64.4) baseline; urgency=low
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 33cfbf6f0..9dffa750a 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -121,6 +121,7 @@ blacklist ${HOME}/.config/Nathan Osman
 blacklist ${HOME}/.config/Nextcloud
 blacklist ${HOME}/.config/Nylas Mail
 blacklist ${HOME}/.config/PacmanLogViewer
+blacklist ${HOME}/.config/PawelStolowski
 blacklist ${HOME}/.config/PBE
 blacklist ${HOME}/.config/Philipp Schmieder
 blacklist ${HOME}/.config/QGIS
@@ -166,6 +167,7 @@ blacklist ${HOME}/.config/aweather
 blacklist ${HOME}/.config/backintime
 blacklist ${HOME}/.config/baloofilerc
 blacklist ${HOME}/.config/baloorc
+blacklist ${HOME}/.config/bcompare
 blacklist ${HOME}/.config/blender
 blacklist ${HOME}/.config/bless
 blacklist ${HOME}/.config/bnox
@@ -312,6 +314,7 @@ blacklist ${HOME}/.config/mate-calc
 blacklist ${HOME}/.config/mate/eom
 blacklist ${HOME}/.config/mate/mate-dictionary
 blacklist ${HOME}/.config/matrix-mirage
+blacklist ${HOME}/.config/mcomix
 blacklist ${HOME}/.config/meld
 blacklist ${HOME}/.config/meteo-qt
 blacklist ${HOME}/.config/menulibre.cfg
@@ -360,6 +363,7 @@ blacklist ${HOME}/.config/pavucontrol.ini
 blacklist ${HOME}/.config/pcmanfm
 blacklist ${HOME}/.config/pdfmod
 blacklist ${HOME}/.config/Pinta
+blacklist ${HOME}/.config/pipe-viewer
 blacklist ${HOME}/.config/pitivi
 blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.config/pluma
@@ -589,6 +593,7 @@ blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
 blacklist ${HOME}/.local/share/Nextcloud
 blacklist ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/PawelStolowski
 blacklist ${HOME}/.local/share/Psi
 blacklist ${HOME}/.local/share/QGIS
 blacklist ${HOME}/.local/share/QMediathekView
@@ -694,6 +699,7 @@ blacklist ${HOME}/.local/share/man
 blacklist ${HOME}/.local/share/mana
 blacklist ${HOME}/.local/share/maps-places.json
 blacklist ${HOME}/.local/share/matrix-mirage
+blacklist ${HOME}/.local/share/mcomix
 blacklist ${HOME}/.local/share/meld
 blacklist ${HOME}/.local/share/midori
 blacklist ${HOME}/.local/share/minder
@@ -798,6 +804,7 @@ blacklist ${HOME}/.opera-beta
 blacklist ${HOME}/.ostrichriders
 blacklist ${HOME}/.paradoxinteractive
 blacklist ${HOME}/.parallelrealities/blobwars
+blacklist ${HOME}/.pcsxr
 blacklist ${HOME}/.penguin-command
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.pioneer
@@ -900,6 +907,7 @@ blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/MusicBrainz
 blacklist ${HOME}/.cache/NewsFlashGTK
 blacklist ${HOME}/.cache/Otter
+blacklist ${HOME}/.cache/PawelStolowski
 blacklist ${HOME}/.cache/Psi
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/Quotient/quaternion
@@ -1008,6 +1016,7 @@ blacklist ${HOME}/.cache/org.gnome.Maps
 blacklist ${HOME}/.cache/pdfmod
 blacklist ${HOME}/.cache/peek
 blacklist ${HOME}/.cache/pip
+blacklist ${HOME}/.cache/pipe-viewer
 blacklist ${HOME}/.cache/plasmashell
 blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
 blacklist ${HOME}/.cache/psi
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile
new file mode 100644
index 000000000..178e2dc9f
--- /dev/null
+++ b/etc/profile-a-l/bcompare.profile
@@ -0,0 +1,62 @@
+# Firejail profile for Beyond Compare by Scooter Software
+# Description: directory and file compare utility
+# Disables the network, which only impacts checking for updates.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include bcompare.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/bcompare
+# In case the user decides to include disable-programs.inc, still allow
+# KDE's Gwenview to view images via right click -> Open With -> Associated Application
+noblacklist ${HOME}/.config/gwenviewrc
+# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-common.inc
+#include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-programs.inc
+#include disable-programs.inc
+# Uncommenting this breaks launch
+# include disable-shell.inc
+include disable-write-mnt.inc
+# Don't disable ${DOCUMENTS}, ${MUSIC}, ${PICTURES}, ${VIDEOS}
+# include disable-xdg.inc
+# include whitelist-common.inc
+# include whitelist-runuser-common.inc
+# include whitelist-usr-share-common.inc
+# include whitelist-var-common.inc
+apparmor
+caps.drop all
+# Uncommenting might break Pulse Audio
+#machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+# Allow applications launched on sound files to play them
+#nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
+# private-etc alternatives,fonts,machine-id
+# Necessary because of the `include disable-exec.inc` line. Prevents error "Error fstat: fs.c:504 fs_remount_simple: Transport endpoint is not connected ... cannot sync with peer: unexpected EOF Peer [...] unexpectedly exited with status 1"
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile
new file mode 100644
index 000000000..b2687ba3c
--- /dev/null
+++ b/etc/profile-m-z/PCSX2.profile
@@ -0,0 +1,57 @@
+# Firejail profile for PCSX2
+# Description: A PlayStation 2 emulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include PCSX2.local
+# Persistent global definitions
+include globals.local
+# Note: you must whitelist your games folder in a PCSX2.local
+noblacklist ${HOME}/.config/PCSX2
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/PCSX2
+whitelist ${HOME}/.config/PCSX2
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+# Uncomment the following line if not loading games from disc
+#nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+#seccomp - breaks loading with no logs
+shell none
+#tracelog - 32/64 bit incompatibility
+private-bin PCSX2
+private-cache
+# uncomment the following line if you do not need controller support
+#private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
index c6c50cf47..965750bf0 100644
--- a/etc/profile-m-z/man.profile
+++ b/etc/profile-m-z/man.profile
@@ -57,7 +57,7 @@ disable-mnt
 #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim
 private-cache
 private-dev
-private-etc alternatives,fonts,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg
+private-etc alternatives,fonts,groff,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index c12fc9a78..202905631 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -1,5 +1,5 @@
 # Firejail profile for Node.js
-# Description: Common profile for npm/yarn
+# Description: Asynchronous event-driven JavaScript runtime
 # This file is overwritten after every install/update
 # Persistent local customizations
 include nodejs-common.local
@@ -45,7 +45,9 @@ shell none
 disable-mnt
 private-dev
+# May need to add `passwd` to `private-etc` below to enable debugging with some IDEs
 private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg
+# May need to be commented out in order to enable debugging with some IDEs
 private-tmp
 dbus-user none
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile
index 4e3994fb4..270d64c1e 100644
--- a/etc/profile-m-z/openmw.profile
+++ b/etc/profile-m-z/openmw.profile
@@ -23,6 +23,7 @@ mkdir ${HOME}/.config/openmw
 mkdir ${HOME}/.local/share/openmw
 whitelist ${HOME}/.config/openmw
 # Copy Morrowind data files into the following directory or load it from /mnt
+# or whitelist it in a openmw.local
 whitelist ${HOME}/.local/share/openmw
 whitelist /usr/share/openmw
 include whitelist-common.inc
@@ -49,10 +50,10 @@ seccomp.block-secondary
 shell none
 tracelog
-private-bin bsatool,esmtool,niftest,openmw*
+private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard
 private-cache
 private-dev
-private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,pulse,Trolltech.conf,X11,xdg
+private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,passwd,pulse,Trolltech.conf,X11,xdg
 private-opt none
 private-tmp
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile
new file mode 100644
index 000000000..c25c4ae66
--- /dev/null
+++ b/etc/profile-m-z/pcsxr.profile
@@ -0,0 +1,57 @@
+# Firejail profile for pcsxr
+# Description: A PlayStation emulator
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pcsxr.local
+# Persistent global definitions
+include globals.local
+# Note: you must whitelist your games folder in a pcsxr.local
+noblacklist ${HOME}/.pcsxr
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+include disable-xdg.inc
+mkdir ${HOME}/.pcsxr
+whitelist ${HOME}/.pcsxr
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+netfilter
+# Uncomment the following line if not loading games from disc
+#nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,netlink
+seccomp
+shell none
+tracelog
+private-bin pcsxr
+private-cache
+# uncomment the following line if you do not need controller support
+#private-dev
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-opt none
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile
index af6b0ac2a..263d99c83 100644
--- a/etc/profile-m-z/ppsspp.profile
+++ b/etc/profile-m-z/ppsspp.profile
@@ -1,11 +1,13 @@
 # Firejail profile for ppsspp
-# Description: A PSP emulator written in C++
+# Description: A PSP emulator
 # This file is overwritten after every install/update
 # Persistent local customizations
 include ppsspp.local
 # Persistent global definitions
 include globals.local
+# Note: you must whitelist your games folder in a ppsspp.local
 noblacklist ${HOME}/.config/ppsspp
 include disable-common.inc
@@ -17,10 +19,10 @@ include disable-programs.inc
 include disable-write-mnt.inc
 include disable-xdg.inc
-#mkdir ${HOME}/.config/ppsspp
+mkdir ${HOME}/.config/ppsspp
-#whitelist ${HOME}/.config/ppsspp
+whitelist ${HOME}/.config/ppsspp
 whitelist /usr/share/ppsspp
-#include whitelist-common.inc
+include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 3da415b70..6cef32249 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -20,7 +20,9 @@ Maelstrom
 Maps
 Mathematica
 Natron
+PCSX2
 PPSSPPQt
+PPSSPPSDL
 QMediathekView
 QOwnNotes
 Screenshot
@@ -77,6 +79,7 @@ balsa
 baobab
 barrier
 basilisk
+bcompare
 beaker
 bibletime
 bijiben
@@ -582,6 +585,8 @@ openarena
 openarena_ded
 opencity
 openclonk
+openmw
+openmw-launcher
 openoffice.org
 openshot
 openshot-qt
@@ -598,6 +603,7 @@ parole
 patch
 pavucontrol
 pavucontrol-qt
+pcsxr
 pdfchain
 pdfmod
 pdfsam
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index b0b390507..ee685da73 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -666,7 +666,7 @@ Disable DVB (Digital Video Broadcasting) TV devices.
 Disable U2F devices.
 .TP
 \fBnovideo
-Disable video devices.
+Disable video capture devices.
 .TP
 \fBshell none
 Run the program directly, without a shell.

diff --git a/README.md b/README.md index 71167c3b8..175ba70b6 100644 --- a/README.md +++ b/README.md
@@ -330,5 +330,6 @@ Stats:
330		330
331	### New profiles:	331	### New profiles:
332		332
333	vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop.	333	vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
334	avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop	334	avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop,
		335	pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2


diff --git a/RELNOTES b/RELNOTES index 57b19d8d5..3b74ebd5a 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -15,7 +15,8 @@ firejail (0.9.65) baseline; urgency=low
15	* new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng	15	* new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng
16	* ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,	16	* ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop,
17	* avidemux, calligragemini, vmware-player, vmware-workstation	17	* avidemux, calligragemini, vmware-player, vmware-workstation
18	* gget, com.github.phase1geo.minder, nextcloud-desktop	18	* gget, com.github.phase1geo.minder, nextcloud-desktop, pcsxr
		19	* PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2
19	-- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500	20	-- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500
20		21
21	firejail (0.9.64.4) baseline; urgency=low	22	firejail (0.9.64.4) baseline; urgency=low


diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 33cfbf6f0..9dffa750a 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -121,6 +121,7 @@ blacklist ${HOME}/.config/Nathan Osman
121	blacklist ${HOME}/.config/Nextcloud	121	blacklist ${HOME}/.config/Nextcloud
122	blacklist ${HOME}/.config/Nylas Mail	122	blacklist ${HOME}/.config/Nylas Mail
123	blacklist ${HOME}/.config/PacmanLogViewer	123	blacklist ${HOME}/.config/PacmanLogViewer
		124	blacklist ${HOME}/.config/PawelStolowski
124	blacklist ${HOME}/.config/PBE	125	blacklist ${HOME}/.config/PBE
125	blacklist ${HOME}/.config/Philipp Schmieder	126	blacklist ${HOME}/.config/Philipp Schmieder
126	blacklist ${HOME}/.config/QGIS	127	blacklist ${HOME}/.config/QGIS
@@ -166,6 +167,7 @@ blacklist ${HOME}/.config/aweather
166	blacklist ${HOME}/.config/backintime	167	blacklist ${HOME}/.config/backintime
167	blacklist ${HOME}/.config/baloofilerc	168	blacklist ${HOME}/.config/baloofilerc
168	blacklist ${HOME}/.config/baloorc	169	blacklist ${HOME}/.config/baloorc
		170	blacklist ${HOME}/.config/bcompare
169	blacklist ${HOME}/.config/blender	171	blacklist ${HOME}/.config/blender
170	blacklist ${HOME}/.config/bless	172	blacklist ${HOME}/.config/bless
171	blacklist ${HOME}/.config/bnox	173	blacklist ${HOME}/.config/bnox
@@ -312,6 +314,7 @@ blacklist ${HOME}/.config/mate-calc
312	blacklist ${HOME}/.config/mate/eom	314	blacklist ${HOME}/.config/mate/eom
313	blacklist ${HOME}/.config/mate/mate-dictionary	315	blacklist ${HOME}/.config/mate/mate-dictionary
314	blacklist ${HOME}/.config/matrix-mirage	316	blacklist ${HOME}/.config/matrix-mirage
		317	blacklist ${HOME}/.config/mcomix
315	blacklist ${HOME}/.config/meld	318	blacklist ${HOME}/.config/meld
316	blacklist ${HOME}/.config/meteo-qt	319	blacklist ${HOME}/.config/meteo-qt
317	blacklist ${HOME}/.config/menulibre.cfg	320	blacklist ${HOME}/.config/menulibre.cfg
@@ -360,6 +363,7 @@ blacklist ${HOME}/.config/pavucontrol.ini
360	blacklist ${HOME}/.config/pcmanfm	363	blacklist ${HOME}/.config/pcmanfm
361	blacklist ${HOME}/.config/pdfmod	364	blacklist ${HOME}/.config/pdfmod
362	blacklist ${HOME}/.config/Pinta	365	blacklist ${HOME}/.config/Pinta
		366	blacklist ${HOME}/.config/pipe-viewer
363	blacklist ${HOME}/.config/pitivi	367	blacklist ${HOME}/.config/pitivi
364	blacklist ${HOME}/.config/pix	368	blacklist ${HOME}/.config/pix
365	blacklist ${HOME}/.config/pluma	369	blacklist ${HOME}/.config/pluma
@@ -589,6 +593,7 @@ blacklist ${HOME}/.local/share/Mendeley Ltd.
589	blacklist ${HOME}/.local/share/Mumble	593	blacklist ${HOME}/.local/share/Mumble
590	blacklist ${HOME}/.local/share/Nextcloud	594	blacklist ${HOME}/.local/share/Nextcloud
591	blacklist ${HOME}/.local/share/PBE	595	blacklist ${HOME}/.local/share/PBE
		596	blacklist ${HOME}/.local/share/PawelStolowski
592	blacklist ${HOME}/.local/share/Psi	597	blacklist ${HOME}/.local/share/Psi
593	blacklist ${HOME}/.local/share/QGIS	598	blacklist ${HOME}/.local/share/QGIS
594	blacklist ${HOME}/.local/share/QMediathekView	599	blacklist ${HOME}/.local/share/QMediathekView
@@ -694,6 +699,7 @@ blacklist ${HOME}/.local/share/man
694	blacklist ${HOME}/.local/share/mana	699	blacklist ${HOME}/.local/share/mana
695	blacklist ${HOME}/.local/share/maps-places.json	700	blacklist ${HOME}/.local/share/maps-places.json
696	blacklist ${HOME}/.local/share/matrix-mirage	701	blacklist ${HOME}/.local/share/matrix-mirage
		702	blacklist ${HOME}/.local/share/mcomix
697	blacklist ${HOME}/.local/share/meld	703	blacklist ${HOME}/.local/share/meld
698	blacklist ${HOME}/.local/share/midori	704	blacklist ${HOME}/.local/share/midori
699	blacklist ${HOME}/.local/share/minder	705	blacklist ${HOME}/.local/share/minder
@@ -798,6 +804,7 @@ blacklist ${HOME}/.opera-beta
798	blacklist ${HOME}/.ostrichriders	804	blacklist ${HOME}/.ostrichriders
799	blacklist ${HOME}/.paradoxinteractive	805	blacklist ${HOME}/.paradoxinteractive
800	blacklist ${HOME}/.parallelrealities/blobwars	806	blacklist ${HOME}/.parallelrealities/blobwars
		807	blacklist ${HOME}/.pcsxr
801	blacklist ${HOME}/.penguin-command	808	blacklist ${HOME}/.penguin-command
802	blacklist ${HOME}/.pingus	809	blacklist ${HOME}/.pingus
803	blacklist ${HOME}/.pioneer	810	blacklist ${HOME}/.pioneer
@@ -900,6 +907,7 @@ blacklist ${HOME}/.cache/INRIA
900	blacklist ${HOME}/.cache/MusicBrainz	907	blacklist ${HOME}/.cache/MusicBrainz
901	blacklist ${HOME}/.cache/NewsFlashGTK	908	blacklist ${HOME}/.cache/NewsFlashGTK
902	blacklist ${HOME}/.cache/Otter	909	blacklist ${HOME}/.cache/Otter
		910	blacklist ${HOME}/.cache/PawelStolowski
903	blacklist ${HOME}/.cache/Psi	911	blacklist ${HOME}/.cache/Psi
904	blacklist ${HOME}/.cache/QuiteRss	912	blacklist ${HOME}/.cache/QuiteRss
905	blacklist ${HOME}/.cache/Quotient/quaternion	913	blacklist ${HOME}/.cache/Quotient/quaternion
@@ -1008,6 +1016,7 @@ blacklist ${HOME}/.cache/org.gnome.Maps
1008	blacklist ${HOME}/.cache/pdfmod	1016	blacklist ${HOME}/.cache/pdfmod
1009	blacklist ${HOME}/.cache/peek	1017	blacklist ${HOME}/.cache/peek
1010	blacklist ${HOME}/.cache/pip	1018	blacklist ${HOME}/.cache/pip
		1019	blacklist ${HOME}/.cache/pipe-viewer
1011	blacklist ${HOME}/.cache/plasmashell	1020	blacklist ${HOME}/.cache/plasmashell
1012	blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*	1021	blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
1013	blacklist ${HOME}/.cache/psi	1022	blacklist ${HOME}/.cache/psi


diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile new file mode 100644 index 000000000..178e2dc9f --- /dev/null +++ b/etc/profile-a-l/bcompare.profile
@@ -0,0 +1,62 @@
		1	# Firejail profile for Beyond Compare by Scooter Software
		2	# Description: directory and file compare utility
		3	# Disables the network, which only impacts checking for updates.
		4	# This file is overwritten after every install/update
		5	# Persistent local customizations
		6	include bcompare.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist ${HOME}/.config/bcompare
		11	# In case the user decides to include disable-programs.inc, still allow
		12	# KDE's Gwenview to view images via right click -> Open With -> Associated Application
		13	noblacklist ${HOME}/.config/gwenviewrc
		14
		15	# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-common.inc
		16	#include disable-common.inc
		17	include disable-devel.inc
		18	include disable-exec.inc
		19	include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	# Uncomment the next line (or put it into your bcompare.local) if you don't need to compare files in disable-programs.inc
		22	#include disable-programs.inc
		23	# Uncommenting this breaks launch
		24	# include disable-shell.inc
		25	include disable-write-mnt.inc
		26	# Don't disable ${DOCUMENTS}, ${MUSIC}, ${PICTURES}, ${VIDEOS}
		27	# include disable-xdg.inc
		28
		29	# include whitelist-common.inc
		30	# include whitelist-runuser-common.inc
		31	# include whitelist-usr-share-common.inc
		32	# include whitelist-var-common.inc
		33
		34	apparmor
		35	caps.drop all
		36	# Uncommenting might break Pulse Audio
		37	#machine-id
		38	net none
		39	no3d
		40	nodvd
		41	nogroups
		42	nonewprivs
		43	noroot
		44	# Allow applications launched on sound files to play them
		45	#nosound
		46	notv
		47	nou2f
		48	novideo
		49	protocol unix
		50	seccomp
		51	shell none
		52	tracelog
		53
		54	private-cache
		55	private-dev
		56	# see /usr/share/doc/firejail/profile.template for more common private-etc paths.
		57	# private-etc alternatives,fonts,machine-id
		58	# Necessary because of the `include disable-exec.inc` line. Prevents error "Error fstat: fs.c:504 fs_remount_simple: Transport endpoint is not connected ... cannot sync with peer: unexpected EOF Peer [...] unexpectedly exited with status 1"
		59	private-tmp
		60
		61	dbus-user none
		62	dbus-system none


diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile new file mode 100644 index 000000000..b2687ba3c --- /dev/null +++ b/etc/profile-m-z/PCSX2.profile
@@ -0,0 +1,57 @@
		1	# Firejail profile for PCSX2
		2	# Description: A PlayStation 2 emulator
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include PCSX2.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	# Note: you must whitelist your games folder in a PCSX2.local
		10
		11	noblacklist ${HOME}/.config/PCSX2
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-shell.inc
		20	include disable-write-mnt.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.config/PCSX2
		24	whitelist ${HOME}/.config/PCSX2
		25	include whitelist-common.inc
		26	include whitelist-runuser-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
		29
		30	apparmor
		31	caps.drop all
		32	ipc-namespace
		33	net none
		34	netfilter
		35	# Uncomment the following line if not loading games from disc
		36	#nodvd
		37	nogroups
		38	nonewprivs
		39	noroot
		40	notv
		41	nou2f
		42	novideo
		43	protocol unix,netlink
		44	#seccomp - breaks loading with no logs
		45	shell none
		46	#tracelog - 32/64 bit incompatibility
		47
		48	private-bin PCSX2
		49	private-cache
		50	# uncomment the following line if you do not need controller support
		51	#private-dev
		52	private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
		53	private-opt none
		54	private-tmp
		55
		56	dbus-user none
		57	dbus-system none


diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index c6c50cf47..965750bf0 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile
@@ -57,7 +57,7 @@ disable-mnt
57	#private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim	57	#private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim
58	private-cache	58	private-cache
59	private-dev	59	private-dev
60	private-etc alternatives,fonts,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg	60	private-etc alternatives,fonts,groff,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg
61	private-tmp	61	private-tmp
62		62
63	dbus-user none	63	dbus-user none


diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index c12fc9a78..202905631 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile
@@ -1,5 +1,5 @@
1	# Firejail profile for Node.js	1	# Firejail profile for Node.js
2	# Description: Common profile for npm/yarn	2	# Description: Asynchronous event-driven JavaScript runtime
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include nodejs-common.local	5	include nodejs-common.local
@@ -45,7 +45,9 @@ shell none
45		45
46	disable-mnt	46	disable-mnt
47	private-dev	47	private-dev
		48	# May need to add `passwd` to `private-etc` below to enable debugging with some IDEs
48	private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg	49	private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg
		50	# May need to be commented out in order to enable debugging with some IDEs
49	private-tmp	51	private-tmp
50		52
51	dbus-user none	53	dbus-user none


diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 4e3994fb4..270d64c1e 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile
@@ -23,6 +23,7 @@ mkdir ${HOME}/.config/openmw
23	mkdir ${HOME}/.local/share/openmw	23	mkdir ${HOME}/.local/share/openmw
24	whitelist ${HOME}/.config/openmw	24	whitelist ${HOME}/.config/openmw
25	# Copy Morrowind data files into the following directory or load it from /mnt	25	# Copy Morrowind data files into the following directory or load it from /mnt
		26	# or whitelist it in a openmw.local
26	whitelist ${HOME}/.local/share/openmw	27	whitelist ${HOME}/.local/share/openmw
27	whitelist /usr/share/openmw	28	whitelist /usr/share/openmw
28	include whitelist-common.inc	29	include whitelist-common.inc
@@ -49,10 +50,10 @@ seccomp.block-secondary
49	shell none	50	shell none
50	tracelog	51	tracelog
51		52
52	private-bin bsatool,esmtool,niftest,openmw*	53	private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard
53	private-cache	54	private-cache
54	private-dev	55	private-dev
55	private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,pulse,Trolltech.conf,X11,xdg	56	private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,passwd,pulse,Trolltech.conf,X11,xdg
56	private-opt none	57	private-opt none
57	private-tmp	58	private-tmp
58		59


diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile new file mode 100644 index 000000000..c25c4ae66 --- /dev/null +++ b/etc/profile-m-z/pcsxr.profile
@@ -0,0 +1,57 @@
		1	# Firejail profile for pcsxr
		2	# Description: A PlayStation emulator
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include pcsxr.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	# Note: you must whitelist your games folder in a pcsxr.local
		10
		11	noblacklist ${HOME}/.pcsxr
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-shell.inc
		20	include disable-write-mnt.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.pcsxr
		24	whitelist ${HOME}/.pcsxr
		25	include whitelist-common.inc
		26	include whitelist-runuser-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
		29
		30	apparmor
		31	caps.drop all
		32	ipc-namespace
		33	net none
		34	netfilter
		35	# Uncomment the following line if not loading games from disc
		36	#nodvd
		37	nogroups
		38	nonewprivs
		39	noroot
		40	notv
		41	nou2f
		42	novideo
		43	protocol unix,netlink
		44	seccomp
		45	shell none
		46	tracelog
		47
		48	private-bin pcsxr
		49	private-cache
		50	# uncomment the following line if you do not need controller support
		51	#private-dev
		52	private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
		53	private-opt none
		54	private-tmp
		55
		56	dbus-user none
		57	dbus-system none


diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index af6b0ac2a..263d99c83 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile
@@ -1,11 +1,13 @@
1	# Firejail profile for ppsspp	1	# Firejail profile for ppsspp
2	# Description: A PSP emulator written in C++	2	# Description: A PSP emulator
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include ppsspp.local	5	include ppsspp.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
		9	# Note: you must whitelist your games folder in a ppsspp.local
		10
9	noblacklist ${HOME}/.config/ppsspp	11	noblacklist ${HOME}/.config/ppsspp
10		12
11	include disable-common.inc	13	include disable-common.inc
@@ -17,10 +19,10 @@ include disable-programs.inc
17	include disable-write-mnt.inc	19	include disable-write-mnt.inc
18	include disable-xdg.inc	20	include disable-xdg.inc
19		21
20	#mkdir ${HOME}/.config/ppsspp	22	mkdir ${HOME}/.config/ppsspp
21	#whitelist ${HOME}/.config/ppsspp	23	whitelist ${HOME}/.config/ppsspp
22	whitelist /usr/share/ppsspp	24	whitelist /usr/share/ppsspp
23	#include whitelist-common.inc	25	include whitelist-common.inc
24	include whitelist-runuser-common.inc	26	include whitelist-runuser-common.inc
25	include whitelist-usr-share-common.inc	27	include whitelist-usr-share-common.inc
26	include whitelist-var-common.inc	28	include whitelist-var-common.inc


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3da415b70..6cef32249 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -20,7 +20,9 @@ Maelstrom
20	Maps	20	Maps
21	Mathematica	21	Mathematica
22	Natron	22	Natron
		23	PCSX2
23	PPSSPPQt	24	PPSSPPQt
		25	PPSSPPSDL
24	QMediathekView	26	QMediathekView
25	QOwnNotes	27	QOwnNotes
26	Screenshot	28	Screenshot
@@ -77,6 +79,7 @@ balsa
77	baobab	79	baobab
78	barrier	80	barrier
79	basilisk	81	basilisk
		82	bcompare
80	beaker	83	beaker
81	bibletime	84	bibletime
82	bijiben	85	bijiben
@@ -582,6 +585,8 @@ openarena
582	openarena_ded	585	openarena_ded
583	opencity	586	opencity
584	openclonk	587	openclonk
		588	openmw
		589	openmw-launcher
585	openoffice.org	590	openoffice.org
586	openshot	591	openshot
587	openshot-qt	592	openshot-qt
@@ -598,6 +603,7 @@ parole
598	patch	603	patch
599	pavucontrol	604	pavucontrol
600	pavucontrol-qt	605	pavucontrol-qt
		606	pcsxr
601	pdfchain	607	pdfchain
602	pdfmod	608	pdfmod
603	pdfsam	609	pdfsam


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index b0b390507..ee685da73 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -666,7 +666,7 @@ Disable DVB (Digital Video Broadcasting) TV devices.
666	Disable U2F devices.	666	Disable U2F devices.
667	.TP	667	.TP
668	\fBnovideo	668	\fBnovideo
669	Disable video devices.	669	Disable video capture devices.
670	.TP	670	.TP
671	\fBshell none	671	\fBshell none
672	Run the program directly, without a shell.	672	Run the program directly, without a shell.