4 files changed, 91 insertions, 2 deletions
diff --git a/README.md b/README.md
index fc809a7c2..643839b1d 100644
--- a/README.md
+++ b/README.md
@@ -236,7 +236,7 @@ imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natro
 ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
 conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
 aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass,
-kwin_x11, krunner, ping, bsdtar, makepkg (Arch), 
+kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch)
 Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,
 https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.
diff --git a/RELNOTES b/RELNOTES
index 8010c0bfc..3c878520d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -41,7 +41,8 @@ firejail (0.9.51) baseline; urgency=low
      Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,
      cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,
      xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass,
-      kwin_x11, krunner, ping, bsdtar, makepkg (Arch)
+      kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report
+      cower (Arch)
 -- netblue30 <netblue30@yahoo.com>  Thu, 9 Nov 2017 08:00:00 -0500
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile
new file mode 100644
index 000000000..3d0d1d356
--- /dev/null
+++ b/etc/archaudit-report.profile
@@ -0,0 +1,41 @@
+# Firejail profile for archaudit-report
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/archaudit-report.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist /var/lib/pacman
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
+#private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/cower.profile b/etc/cower.profile
new file mode 100644
index 000000000..5e5c367c4
--- /dev/null
+++ b/etc/cower.profile
@@ -0,0 +1,47 @@
+# Firejail profile for cower
+# This file is overwritten after every install/update
+# This profile could be significantly strengthened by adding the following to cower.local
+# whitelist ~/<Your Build Folder>
+# whitelist ~/.config/cower/
+quiet
+# Persistent local customizations
+include /etc/firejail/cower.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ~/.config/cower/config
+read-only ~/.config/cower/config
+noblacklist /var/lib/pacman
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin cower
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/README.md b/README.md index fc809a7c2..643839b1d 100644 --- a/README.md +++ b/README.md
@@ -236,7 +236,7 @@ imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natro
236	ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,	236	ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
237	conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,	237	conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
238	aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass,	238	aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass,
239	kwin_x11, krunner, ping, bsdtar, makepkg (Arch),	239	kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch)
240		240
241	Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,	241	Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,
242	https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.	242	https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.


diff --git a/RELNOTES b/RELNOTES index 8010c0bfc..3c878520d 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -41,7 +41,8 @@ firejail (0.9.51) baseline; urgency=low
41	Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,	41	Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,
42	cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,	42	cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,
43	xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass,	43	xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass,
44	kwin_x11, krunner, ping, bsdtar, makepkg (Arch)	44	kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report
		45	cower (Arch)
45		46
46	-- netblue30 <netblue30@yahoo.com> Thu, 9 Nov 2017 08:00:00 -0500	47	-- netblue30 <netblue30@yahoo.com> Thu, 9 Nov 2017 08:00:00 -0500
47		48


diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile new file mode 100644 index 000000000..3d0d1d356 --- /dev/null +++ b/etc/archaudit-report.profile
@@ -0,0 +1,41 @@
		1	# Firejail profile for archaudit-report
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include /etc/firejail/archaudit-report.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9
		10	noblacklist /var/lib/pacman
		11
		12	include /etc/firejail/disable-common.inc
		13	include /etc/firejail/disable-devel.inc
		14	include /etc/firejail/disable-passwdmgr.inc
		15	include /etc/firejail/disable-programs.inc
		16	include /etc/firejail/whitelist-common.inc
		17
		18	caps.drop all
		19	ipc-namespace
		20	netfilter
		21	no3d
		22	nodvd
		23	nogroups
		24	nonewprivs
		25	noroot
		26	nosound
		27	notv
		28	novideo
		29	protocol unix,inet,inet6
		30	seccomp
		31	shell none
		32
		33	disable-mnt
		34	private
		35	private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
		36	#private-dev
		37	private-tmp
		38
		39	memory-deny-write-execute
		40	noexec ${HOME}
		41	noexec /tmp


diff --git a/etc/cower.profile b/etc/cower.profile new file mode 100644 index 000000000..5e5c367c4 --- /dev/null +++ b/etc/cower.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for cower
		2	# This file is overwritten after every install/update
		3
		4	# This profile could be significantly strengthened by adding the following to cower.local
		5	# whitelist ~/<Your Build Folder>
		6	# whitelist ~/.config/cower/
		7
		8	quiet
		9
		10	# Persistent local customizations
		11	include /etc/firejail/cower.local
		12	# Persistent global definitions
		13	include /etc/firejail/globals.local
		14
		15	noblacklist ~/.config/cower/config
		16	read-only ~/.config/cower/config
		17
		18	noblacklist /var/lib/pacman
		19
		20	include /etc/firejail/disable-common.inc
		21	include /etc/firejail/disable-devel.inc
		22	include /etc/firejail/disable-passwdmgr.inc
		23	include /etc/firejail/disable-programs.inc
		24
		25	caps.drop all
		26	ipc-namespace
		27	netfilter
		28	no3d
		29	nodvd
		30	nogroups
		31	nonewprivs
		32	noroot
		33	nosound
		34	notv
		35	novideo
		36	protocol unix,inet,inet6
		37	seccomp
		38	shell none
		39
		40	disable-mnt
		41	private-bin cower
		42	private-dev
		43	private-tmp
		44
		45	memory-deny-write-execute
		46	noexec ${HOME}
		47	noexec /tmp