3 files changed, 56 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 5485550a8..6bcb5e46c 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -144,6 +144,7 @@ blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.config/falkon
 blacklist ${HOME}/.config/filezilla
 blacklist ${HOME}/.config/flowblade
+blacklist ${HOME}/.config/font-manager
 blacklist ${HOME}/.config/gajim
 blacklist ${HOME}/.config/galculator
 blacklist ${HOME}/.config/gconf
diff --git a/etc/font-manager.profile b/etc/font-manager.profile
new file mode 100644
index 000000000..fa5ee6105
--- /dev/null
+++ b/etc/font-manager.profile
@@ -0,0 +1,54 @@
+# Firejail profile for font-manager
+# Description: A simple font management application for GTK desktop environments
+# This file is overwritten after every install/update
+# Persistent local customizations
+include font-manager.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/font-manager
+whitelist ${HOME}/.config/font-manager
+# Allow python (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/python2*
+noblacklist ${PATH}/python3*
+noblacklist /usr/lib/python2*
+noblacklist /usr/lib/python3*
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/font-manager
+whitelist ${HOME}/.cache/font-manager
+include whitelist-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin font-manager,python*,yelp
+private-dev
+private-tmp
+#memory-deny-write-execute - Breaks on Arch
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index bd45d7802..bb035445f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -156,6 +156,7 @@ firefox-wayland
 flameshot
 flashpeak-slimjet
 flowblade
+font-manager
 fontforge
 franz
 freecad

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 5485550a8..6bcb5e46c 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -144,6 +144,7 @@ blacklist ${HOME}/.config/evolution
144	blacklist ${HOME}/.config/falkon	144	blacklist ${HOME}/.config/falkon
145	blacklist ${HOME}/.config/filezilla	145	blacklist ${HOME}/.config/filezilla
146	blacklist ${HOME}/.config/flowblade	146	blacklist ${HOME}/.config/flowblade
		147	blacklist ${HOME}/.config/font-manager
147	blacklist ${HOME}/.config/gajim	148	blacklist ${HOME}/.config/gajim
148	blacklist ${HOME}/.config/galculator	149	blacklist ${HOME}/.config/galculator
149	blacklist ${HOME}/.config/gconf	150	blacklist ${HOME}/.config/gconf


diff --git a/etc/font-manager.profile b/etc/font-manager.profile new file mode 100644 index 000000000..fa5ee6105 --- /dev/null +++ b/etc/font-manager.profile
@@ -0,0 +1,54 @@
		1	# Firejail profile for font-manager
		2	# Description: A simple font management application for GTK desktop environments
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include font-manager.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/font-manager
		10	whitelist ${HOME}/.config/font-manager
		11
		12	# Allow python (blacklisted by disable-interpreters.inc)
		13	noblacklist ${PATH}/python2*
		14	noblacklist ${PATH}/python3*
		15	noblacklist /usr/lib/python2*
		16	noblacklist /usr/lib/python3*
		17
		18	include disable-common.inc
		19	include disable-devel.inc
		20	include disable-interpreters.inc
		21	include disable-passwdmgr.inc
		22	include disable-programs.inc
		23	include disable-xdg.inc
		24
		25	mkdir ${HOME}/.cache/font-manager
		26	whitelist ${HOME}/.cache/font-manager
		27	include whitelist-common.inc
		28
		29	apparmor
		30	caps.drop all
		31	machine-id
		32	net none
		33	no3d
		34	nodvd
		35	nogroups
		36	nonewprivs
		37	noroot
		38	nosound
		39	notv
		40	nou2f
		41	novideo
		42	protocol unix
		43	seccomp
		44	shell none
		45	tracelog
		46
		47	disable-mnt
		48	private-bin font-manager,python*,yelp
		49	private-dev
		50	private-tmp
		51
		52	#memory-deny-write-execute - Breaks on Arch
		53	noexec ${HOME}
		54	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index bd45d7802..bb035445f 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -156,6 +156,7 @@ firefox-wayland
156	flameshot	156	flameshot
157	flashpeak-slimjet	157	flashpeak-slimjet
158	flowblade	158	flowblade
		159	font-manager
159	fontforge	160	fontforge
160	franz	161	franz
161	freecad	162	freecad