2 files changed, 41 insertions, 0 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 50e4854ac..659245724 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -78,6 +78,7 @@ blacklist ${HOME}/.cache/PawelStolowski
 blacklist ${HOME}/.cache/Psi
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/Quotient/quaternion
+blacklist ${HOME}/.cache/RawTherapee
 blacklist ${HOME}/.cache/Shortwave
 blacklist ${HOME}/.cache/Tox
 blacklist ${HOME}/.cache/Zeal
@@ -335,6 +336,7 @@ blacklist ${HOME}/.config/QuiteRssrc
 blacklist ${HOME}/.config/Quotient
 blacklist ${HOME}/.config/RSS Guard 4
 blacklist ${HOME}/.config/Rambox
+blacklist ${HOME}/.config/RawTherapee
 blacklist ${HOME}/.config/Riot
 blacklist ${HOME}/.config/Rocket.Chat
 blacklist ${HOME}/.config/RogueLegacy
diff --git a/etc/profile-m-z/rawtherapee.profile b/etc/profile-m-z/rawtherapee.profile
new file mode 100644
index 000000000..0cf946eec
--- /dev/null
+++ b/etc/profile-m-z/rawtherapee.profile
@@ -0,0 +1,39 @@
+# Firejail profile for rawtherapee
+# Description: Free cross-platform raw image processing program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include rawtherapee.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/RawTherapee
+noblacklist ${HOME}/.config/RawTherapee
+noblacklist ${PICTURES}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+
+private-bin rawtherapee
+private-dev
+private-tmp
+
+restrict-namespaces