3 files changed, 81 insertions, 0 deletions

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 36033224a..7bc708623 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -157,6 +157,7 @@ blacklist ${HOME}/.cache/ksplashqml
 blacklist ${HOME}/.cache/kube
 blacklist ${HOME}/.cache/kwin
 blacklist ${HOME}/.cache/lbry-viewer
+blacklist ${HOME}/.cache/lettura
 blacklist ${HOME}/.cache/libgweather
 blacklist ${HOME}/.cache/librewolf
 blacklist ${HOME}/.cache/liferea
@@ -406,6 +407,7 @@ blacklist ${HOME}/.config/cliqz
 blacklist ${HOME}/.config/cmus
 blacklist ${HOME}/.config/cointop
 blacklist ${HOME}/.config/com.github.bleakgrey.tootle
+blacklist ${HOME}/.config/com.lettura.dev
 blacklist ${HOME}/.config/corebird
 blacklist ${HOME}/.config/coyim
 blacklist ${HOME}/.config/d-feet
@@ -833,6 +835,7 @@ blacklist ${HOME}/.klatexformula
 blacklist ${HOME}/.klei
 blacklist ${HOME}/.kodi
 blacklist ${HOME}/.lastpass
+blacklist ${HOME}/.lettura
 blacklist ${HOME}/.librewolf
 blacklist ${HOME}/.lincity-ng
 blacklist ${HOME}/.links
@@ -903,6 +906,7 @@ blacklist ${HOME}/.local/share/cdprojektred
 blacklist ${HOME}/.local/share/chatterino
 blacklist ${HOME}/.local/share/clipit
 blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate
+blacklist ${HOME}/.local/share/com.lettura.dev
 blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer
 blacklist ${HOME}/.local/share/contacts
 blacklist ${HOME}/.local/share/cor-games
diff --git a/etc/profile-a-l/lettura.profile b/etc/profile-a-l/lettura.profile
new file mode 100644
index 000000000..94a455355
--- /dev/null
+++ b/etc/profile-a-l/lettura.profile
@@ -0,0 +1,76 @@
+# Firejail profile for lettura
+# Description: Another free and open-source feed reader
+# This file is overwritten after every install/update
+# Persistent local customizations
+include lettura.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/lettura
+noblacklist ${HOME}/.config/com.lettura.dev
+noblacklist ${HOME}/.lettura
+noblacklist ${HOME}/.local/share/com.lettura.dev
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/lettura
+mkdir ${HOME}/.config/com.lettura.dev
+mkdir ${HOME}/.lettura
+mkdir ${HOME}/.local/share/com.lettura.dev
+whitelist ${HOME}/.cache/lettura
+whitelist ${HOME}/.config/com.lettura.dev
+whitelist ${HOME}/.lettura
+whitelist ${HOME}/.local/share/com.lettura.dev
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+# The lines below are needed to find the default Firefox profile name, to allow
+# opening links in an existing instance of Firefox (note that it still fails if
+# there isn't a Firefox instance running with the default profile; see #5352)
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+#nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+
+disable-mnt
+private-bin lettura
+private-cache
+private-dev
+private-etc @network,@sound,@tls-ca,@x11,mime.types
+private-tmp
+
+dbus-user filter
+dbus-user.talk org.freedesktop.Notifications
+?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.*
+dbus-system none
+
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index ce606efc3..2fff32f4b 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -482,6 +482,7 @@ kwrite
 lbry-viewer
 leafpad
 #less # breaks man
+lettura
 librecad
 libreoffice
 librewolf