3 files changed, 75 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index ad7480e2d..36033224a 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -921,6 +921,7 @@ blacklist ${HOME}/.local/share/evolution
 blacklist ${HOME}/.local/share/feedreader
 blacklist ${HOME}/.local/share/feral-interactive
 blacklist ${HOME}/.local/share/five-or-more
+blacklist ${HOME}/.local/share/fluffychat
 blacklist ${HOME}/.local/share/freecol
 blacklist ${HOME}/.local/share/gajim
 blacklist ${HOME}/.local/share/gdfuse
diff --git a/etc/profile-a-l/fluffychat.profile b/etc/profile-a-l/fluffychat.profile
new file mode 100644
index 000000000..abc5979da
--- /dev/null
+++ b/etc/profile-a-l/fluffychat.profile
@@ -0,0 +1,73 @@
+# Firejail profile for fluffychat
+# Description: Easy to use matrix messenger
+# This file is overwritten after every install/update
+# Persistent local customizations
+include fluffychat.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.local/share/fluffychat
+# Allow /bin/sh (blacklisted by disable-shell.inc)
+include allow-bin-sh.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+# The lines below are needed to find the default Firefox profile name, to allow
+# opening links in an existing instance of Firefox (note that it still fails if
+# there isn't a Firefox instance running with the default profile; see #5352)
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+read-only ${HOME}/.mozilla/firefox/profiles.ini
+mkdir ${HOME}/.local/share/fluffychat
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.local/share/fluffychat
+whitelist /opt/fluffychat
+whitelist /usr/share/fluffychat
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin firefox,fluffychat,sh,which,zenity
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
+private-tmp
+dbus-user filter
+dbus-user.talk org.freedesktop.secrets
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.*
+dbus-system filter
+dbus-system.talk org.freedesktop.NetworkManager
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 33655d890..ce606efc3 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -275,6 +275,7 @@ flacsplt
 flameshot
 flashpeak-slimjet
 flowblade
+fluffychat
 font-manager
 fontforge
 fossamail

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index ad7480e2d..36033224a 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -921,6 +921,7 @@ blacklist ${HOME}/.local/share/evolution
921	blacklist ${HOME}/.local/share/feedreader	921	blacklist ${HOME}/.local/share/feedreader
922	blacklist ${HOME}/.local/share/feral-interactive	922	blacklist ${HOME}/.local/share/feral-interactive
923	blacklist ${HOME}/.local/share/five-or-more	923	blacklist ${HOME}/.local/share/five-or-more
		924	blacklist ${HOME}/.local/share/fluffychat
924	blacklist ${HOME}/.local/share/freecol	925	blacklist ${HOME}/.local/share/freecol
925	blacklist ${HOME}/.local/share/gajim	926	blacklist ${HOME}/.local/share/gajim
926	blacklist ${HOME}/.local/share/gdfuse	927	blacklist ${HOME}/.local/share/gdfuse


diff --git a/etc/profile-a-l/fluffychat.profile b/etc/profile-a-l/fluffychat.profile new file mode 100644 index 000000000..abc5979da --- /dev/null +++ b/etc/profile-a-l/fluffychat.profile
@@ -0,0 +1,73 @@
		1	# Firejail profile for fluffychat
		2	# Description: Easy to use matrix messenger
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include fluffychat.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.local/share/fluffychat
		10
		11	# Allow /bin/sh (blacklisted by disable-shell.inc)
		12	include allow-bin-sh.inc
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-proc.inc
		19	include disable-programs.inc
		20	include disable-shell.inc
		21	include disable-xdg.inc
		22
		23	# The lines below are needed to find the default Firefox profile name, to allow
		24	# opening links in an existing instance of Firefox (note that it still fails if
		25	# there isn't a Firefox instance running with the default profile; see #5352)
		26	noblacklist ${HOME}/.mozilla
		27	whitelist ${HOME}/.mozilla/firefox/profiles.ini
		28	read-only ${HOME}/.mozilla/firefox/profiles.ini
		29
		30	mkdir ${HOME}/.local/share/fluffychat
		31	whitelist ${DOWNLOADS}
		32	whitelist ${HOME}/.local/share/fluffychat
		33	whitelist /opt/fluffychat
		34	whitelist /usr/share/fluffychat
		35	include whitelist-common.inc
		36	include whitelist-run-common.inc
		37	include whitelist-runuser-common.inc
		38	include whitelist-usr-share-common.inc
		39	include whitelist-var-common.inc
		40
		41	apparmor
		42	caps.drop all
		43	netfilter
		44	no3d
		45	nodvd
		46	nogroups
		47	noinput
		48	nonewprivs
		49	noprinters
		50	noroot
		51	notv
		52	nou2f
		53	novideo
		54	protocol unix,inet,inet6
		55	seccomp
		56	seccomp.block-secondary
		57	tracelog
		58
		59	disable-mnt
		60	private-bin firefox,fluffychat,sh,which,zenity
		61	private-cache
		62	private-dev
		63	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
		64	private-tmp
		65
		66	dbus-user filter
		67	dbus-user.talk org.freedesktop.secrets
		68	# allow D-Bus communication with firefox for opening links
		69	dbus-user.talk org.mozilla.*
		70	dbus-system filter
		71	dbus-system.talk org.freedesktop.NetworkManager
		72
		73	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 33655d890..ce606efc3 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -275,6 +275,7 @@ flacsplt
275	flameshot	275	flameshot
276	flashpeak-slimjet	276	flashpeak-slimjet
277	flowblade	277	flowblade
		278	fluffychat
278	font-manager	279	font-manager
279	fontforge	280	fontforge
280	fossamail	281	fossamail