4 files changed, 140 insertions, 0 deletions
diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile
new file mode 100644
index 000000000..65e7537bf
--- /dev/null
+++ b/etc/profile-a-l/imv.profile
@@ -0,0 +1,57 @@
+# Firejail profile for imv
+# Description: imv is an image viewer.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include imv.local
+# Persistent global definitions
+include globals.local
+include allow-bin-sh.inc
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-write-mnt.inc
+# Users may want to view images in ${HOME}
+#include disable-xdg.inc
+# Users may want to view images in ${HOME}
+#include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+# Users may want to view images in /usr/share
+#include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+private-bin imv,imv-wayland,imv-x11,sh
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
+read-only ${HOME}
diff --git a/etc/profile-m-z/retroarch.profile b/etc/profile-m-z/retroarch.profile
new file mode 100644
index 000000000..1887a9b72
--- /dev/null
+++ b/etc/profile-m-z/retroarch.profile
@@ -0,0 +1,54 @@
+# Firejail profile for retroarch
+# Description: retroarch is a frontend to libretro emulator cores.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include retroarch.local
+# Persistent global definitions
+include globals.local
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/retroarch
+whitelist ${HOME}/.config/retroarch
+whitelist /run/udev
+whitelist /usr/share/retroarch
+whitelist /usr/share/libretro
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+# If you need access to cameras, add `ignore novideo` to retroarch.local
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin retroarch
+private-cache
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile
new file mode 100644
index 000000000..fc579b973
--- /dev/null
+++ b/etc/profile-m-z/torbrowser.profile
@@ -0,0 +1,26 @@
+# Firejail profile for torbrowser
+# Description: This profile was tested with www-client/torbrowser::torbrowser
+# on Gentoo Linux.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include torbrowser.local
+# Persistent global definitions
+include globals.local
+ignore dbus-user none
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+blacklist /usr/libexec
+mkdir ${HOME}/.cache/mozilla/torbrowser
+mkdir ${HOME}/.mozilla
+whitelist ${HOME}/.cache/mozilla/torbrowser
+whitelist ${HOME}/.mozilla
+include whitelist-usr-share-common.inc
+dbus-user filter
+dbus-user.own org.mozilla.torbrowser.*
+include firefox-common.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index aad22ec7a..1982afdee 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -396,6 +396,7 @@ ideaIC
 imagej
 img2txt
 impressive
+imv
 inkscape
 inkview
 inox
@@ -687,6 +688,7 @@ rednotebook
 redshift
 regextester
 remmina
+retroarch
 rhythmbox
 rhythmbox-client
 ricochet
@@ -804,6 +806,7 @@ tor-browser-tr
 tor-browser-vi
 tor-browser-zh-cn
 tor-browser-zh-tw
+torbrowser
 torbrowser-launcher
 torcs
 totem

diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile new file mode 100644 index 000000000..65e7537bf --- /dev/null +++ b/etc/profile-a-l/imv.profile
@@ -0,0 +1,57 @@
		1	# Firejail profile for imv
		2	# Description: imv is an image viewer.
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include imv.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	include allow-bin-sh.inc
		10
		11	blacklist /usr/libexec
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-programs.inc
		18	include disable-shell.inc
		19	include disable-write-mnt.inc
		20	# Users may want to view images in ${HOME}
		21	#include disable-xdg.inc
		22
		23	# Users may want to view images in ${HOME}
		24	#include whitelist-common.inc
		25	include whitelist-run-common.inc
		26	include whitelist-runuser-common.inc
		27	# Users may want to view images in /usr/share
		28	#include whitelist-usr-share-common.inc
		29	include whitelist-var-common.inc
		30
		31	apparmor
		32	caps.drop all
		33	net none
		34	nodvd
		35	nogroups
		36	noinput
		37	nonewprivs
		38	noroot
		39	nosound
		40	notv
		41	nou2f
		42	novideo
		43	protocol unix
		44	seccomp
		45	seccomp.block-secondary
		46	shell none
		47	tracelog
		48
		49	private-bin imv,imv-wayland,imv-x11,sh
		50	private-cache
		51	private-dev
		52	private-tmp
		53
		54	dbus-user none
		55	dbus-system none
		56
		57	read-only ${HOME}


diff --git a/etc/profile-m-z/retroarch.profile b/etc/profile-m-z/retroarch.profile new file mode 100644 index 000000000..1887a9b72 --- /dev/null +++ b/etc/profile-m-z/retroarch.profile
@@ -0,0 +1,54 @@
		1	# Firejail profile for retroarch
		2	# Description: retroarch is a frontend to libretro emulator cores.
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include retroarch.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	blacklist /usr/libexec
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-programs.inc
		16	include disable-shell.inc
		17	include disable-xdg.inc
		18
		19	mkdir ${HOME}/.config/retroarch
		20	whitelist ${HOME}/.config/retroarch
		21	whitelist /run/udev
		22	whitelist /usr/share/retroarch
		23	whitelist /usr/share/libretro
		24	include whitelist-common.inc
		25	include whitelist-run-common.inc
		26	include whitelist-runuser-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
		29
		30	apparmor
		31	caps.drop all
		32	netfilter
		33	nodvd
		34	nogroups
		35	nonewprivs
		36	noroot
		37	notv
		38	nou2f
		39	# If you need access to cameras, add `ignore novideo` to retroarch.local
		40	novideo
		41	protocol unix,inet,inet6,netlink
		42	seccomp
		43	seccomp.block-secondary
		44	shell none
		45	tracelog
		46
		47	disable-mnt
		48	private-bin retroarch
		49	private-cache
		50	private-dev
		51	private-tmp
		52
		53	dbus-user none
		54	dbus-system none


diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile new file mode 100644 index 000000000..fc579b973 --- /dev/null +++ b/etc/profile-m-z/torbrowser.profile
@@ -0,0 +1,26 @@
		1	# Firejail profile for torbrowser
		2	# Description: This profile was tested with www-client/torbrowser::torbrowser
		3	# on Gentoo Linux.
		4	# This file is overwritten after every install/update
		5	# Persistent local customizations
		6	include torbrowser.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	ignore dbus-user none
		11
		12	noblacklist ${HOME}/.cache/mozilla
		13	noblacklist ${HOME}/.mozilla
		14
		15	blacklist /usr/libexec
		16
		17	mkdir ${HOME}/.cache/mozilla/torbrowser
		18	mkdir ${HOME}/.mozilla
		19	whitelist ${HOME}/.cache/mozilla/torbrowser
		20	whitelist ${HOME}/.mozilla
		21	include whitelist-usr-share-common.inc
		22
		23	dbus-user filter
		24	dbus-user.own org.mozilla.torbrowser.*
		25
		26	include firefox-common.profile


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index aad22ec7a..1982afdee 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -396,6 +396,7 @@ ideaIC
396	imagej	396	imagej
397	img2txt	397	img2txt
398	impressive	398	impressive
		399	imv
399	inkscape	400	inkscape
400	inkview	401	inkview
401	inox	402	inox
@@ -687,6 +688,7 @@ rednotebook
687	redshift	688	redshift
688	regextester	689	regextester
689	remmina	690	remmina
		691	retroarch
690	rhythmbox	692	rhythmbox
691	rhythmbox-client	693	rhythmbox-client
692	ricochet	694	ricochet
@@ -804,6 +806,7 @@ tor-browser-tr
804	tor-browser-vi	806	tor-browser-vi
805	tor-browser-zh-cn	807	tor-browser-zh-cn
806	tor-browser-zh-tw	808	tor-browser-zh-tw
		809	torbrowser
807	torbrowser-launcher	810	torbrowser-launcher
808	torcs	811	torcs
809	totem	812	totem