7 files changed, 53 insertions, 0 deletions
diff --git a/README.md b/README.md
index 64a67bf63..9db50d5ba 100644
--- a/README.md
+++ b/README.md
@@ -64,3 +64,8 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
 ## New profile commands
 x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
+## New profiles
+qpdfview, mupdf
diff --git a/RELNOTES b/RELNOTES
index f0528b28c..492bd007a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -10,6 +10,7 @@ firejail (0.9.43) baseline; urgency=low
  * feature: add files to sandbox container (--put)
  * feature: blocking x11 (--x11=block)
  * feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands
+  * new profiles: qpdfview, mupdf
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Fri, 9 Sept 2016 08:00:00 -0500
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index fb0f5a669..54c53e794 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -26,6 +26,7 @@ blacklist ${HOME}/.kde/share/config/okularrc
 blacklist ${HOME}/.kde/share/config/okularpartrc
 blacklist ${HOME}/.kde/share/apps/gwenview
 blacklist ${HOME}/.kde/share/config/gwenviewrc
+blacklist ${HOME}/.config/qpdfview
 # Media players
 blacklist ${HOME}/.config/cmus
@@ -135,6 +136,7 @@ blacklist ${HOME}/.local/share/totem
 blacklist ${HOME}/.local/share/psi+
 blacklist ${HOME}/.local/share/pix
 blacklist ${HOME}/.local/share/gnome-chess
+blacklist ${HOME}/.local/share/qpdfview
 # ssh
 blacklist /tmp/ssh-*
diff --git a/etc/mupdf.profile b/etc/mupdf.profile
new file mode 100644
index 000000000..6f2db511b
--- /dev/null
+++ b/etc/mupdf.profile
@@ -0,0 +1,18 @@
+# mupdf reader profile
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+private-tmp
+private-dev
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile
new file mode 100644
index 000000000..07ea173e6
--- /dev/null
+++ b/etc/qpdfview.profile
@@ -0,0 +1,22 @@
+# qpdfview profile
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.local/share/qpdfview
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+shell none
+tracelog
+private-bin qpdfview
+private-tmp
+private-dev
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 691c536df..0c494c042 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -143,3 +143,6 @@
 /etc/firejail/xzdec.profile
 /etc/firejail/strings.profile
 /etc/firejail/dosbox.profile
+/etc/firejail/mupdf.profile
+/etc/firejail/qpdfview.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index dd876c87c..ca28d025b 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -128,6 +128,8 @@ mathematica
 okular
 pix
 xreader
+mupdf
+qpdfview
 # other
 ssh

diff --git a/README.md b/README.md index 64a67bf63..9db50d5ba 100644 --- a/README.md +++ b/README.md
@@ -64,3 +64,8 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
64	## New profile commands	64	## New profile commands
65		65
66	x11 xpra, x11 xephyr, x11 block, allusers, join-or-start	66	x11 xpra, x11 xephyr, x11 block, allusers, join-or-start
		67
		68	## New profiles
		69
		70	qpdfview, mupdf
		71


diff --git a/RELNOTES b/RELNOTES index f0528b28c..492bd007a 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -10,6 +10,7 @@ firejail (0.9.43) baseline; urgency=low
10	* feature: add files to sandbox container (--put)	10	* feature: add files to sandbox container (--put)
11	* feature: blocking x11 (--x11=block)	11	* feature: blocking x11 (--x11=block)
12	* feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands	12	* feature: x11 xpra, x11 xephyr, x11 block, allusers profile commands
		13	* new profiles: qpdfview, mupdf
13	* bugfixes	14	* bugfixes
14	-- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500	15	-- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500
15		16


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index fb0f5a669..54c53e794 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -26,6 +26,7 @@ blacklist ${HOME}/.kde/share/config/okularrc
26	blacklist ${HOME}/.kde/share/config/okularpartrc	26	blacklist ${HOME}/.kde/share/config/okularpartrc
27	blacklist ${HOME}/.kde/share/apps/gwenview	27	blacklist ${HOME}/.kde/share/apps/gwenview
28	blacklist ${HOME}/.kde/share/config/gwenviewrc	28	blacklist ${HOME}/.kde/share/config/gwenviewrc
		29	blacklist ${HOME}/.config/qpdfview
29		30
30	# Media players	31	# Media players
31	blacklist ${HOME}/.config/cmus	32	blacklist ${HOME}/.config/cmus
@@ -135,6 +136,7 @@ blacklist ${HOME}/.local/share/totem
135	blacklist ${HOME}/.local/share/psi+	136	blacklist ${HOME}/.local/share/psi+
136	blacklist ${HOME}/.local/share/pix	137	blacklist ${HOME}/.local/share/pix
137	blacklist ${HOME}/.local/share/gnome-chess	138	blacklist ${HOME}/.local/share/gnome-chess
		139	blacklist ${HOME}/.local/share/qpdfview
138		140
139	# ssh	141	# ssh
140	blacklist /tmp/ssh-*	142	blacklist /tmp/ssh-*


diff --git a/etc/mupdf.profile b/etc/mupdf.profile new file mode 100644 index 000000000..6f2db511b --- /dev/null +++ b/etc/mupdf.profile
@@ -0,0 +1,18 @@
		1	# mupdf reader profile
		2	include /etc/firejail/disable-common.inc
		3	include /etc/firejail/disable-programs.inc
		4	include /etc/firejail/disable-devel.inc
		5	include /etc/firejail/disable-passwdmgr.inc
		6
		7	caps.drop all
		8	nogroups
		9	nonewprivs
		10	noroot
		11	nosound
		12	protocol unix
		13	seccomp
		14	shell none
		15	tracelog
		16
		17	private-tmp
		18	private-dev


diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile new file mode 100644 index 000000000..07ea173e6 --- /dev/null +++ b/etc/qpdfview.profile
@@ -0,0 +1,22 @@
		1	# qpdfview profile
		2	noblacklist ${HOME}/.config/qpdfview
		3	noblacklist ${HOME}/.local/share/qpdfview
		4
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	nogroups
		12	nonewprivs
		13	noroot
		14	nosound
		15	protocol unix
		16	seccomp
		17	shell none
		18	tracelog
		19
		20	private-bin qpdfview
		21	private-tmp
		22	private-dev


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 691c536df..0c494c042 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -143,3 +143,6 @@
143	/etc/firejail/xzdec.profile	143	/etc/firejail/xzdec.profile
144	/etc/firejail/strings.profile	144	/etc/firejail/strings.profile
145	/etc/firejail/dosbox.profile	145	/etc/firejail/dosbox.profile
		146	/etc/firejail/mupdf.profile
		147	/etc/firejail/qpdfview.profile
		148


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index dd876c87c..ca28d025b 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -128,6 +128,8 @@ mathematica
128	okular	128	okular
129	pix	129	pix
130	xreader	130	xreader
		131	mupdf
		132	qpdfview
131		133
132	# other	134	# other
133	ssh	135	ssh