7 files changed, 90 insertions, 0 deletions

diff --git a/etc/profile-a-l/1password.profile b/etc/profile-a-l/1password.profile
new file mode 100644
index 000000000..bc8bfae0d
--- /dev/null
+++ b/etc/profile-a-l/1password.profile
@@ -0,0 +1,20 @@
+# Firejail profile for 1password
+# Description: 1Password is a password manager developed by AgileBits Inc.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include 1password.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/1Password
+
+mkdir ${HOME}/.config/1Password
+whitelist ${HOME}/.config/1Password
+
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
+
+# Needed for keychain things, talking to Firefox, possibly other things?  Not sure how to narrow down
+ignore dbus-user none
+
+# Redirect
+include electron.profile
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile
index f3fb678d1..2f58d9146 100644
--- a/etc/profile-a-l/akonadi_control.profile
+++ b/etc/profile-a-l/akonadi_control.profile
@@ -17,6 +17,7 @@ noblacklist ${HOME}/.local/share/apps/korganizer
 noblacklist ${HOME}/.local/share/contacts
 noblacklist ${HOME}/.local/share/local-mail
 noblacklist ${HOME}/.local/share/notes
+noblacklist ${RUNUSER}/akonadi
 noblacklist /sbin
 noblacklist /tmp/akonadi-*
 noblacklist /usr/sbin
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile
index 075cac967..998ffd9da 100644
--- a/etc/profile-a-l/chromium-common.profile
+++ b/etc/profile-a-l/chromium-common.profile
@@ -57,6 +57,7 @@ private-cache
 
 blacklist ${PATH}/curl
 blacklist ${PATH}/wget
+blacklist ${PATH}/wget2
 
 #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector.
 dbus-system none
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile
new file mode 100644
index 000000000..4349f58fc
--- /dev/null
+++ b/etc/profile-a-l/cointop.profile
@@ -0,0 +1,63 @@
+# Firejail profile for cointop
+# Description: TUI for tracking cryptocurrency stats
+# This file is overwritten after every install/update
+# Persistent local customizations
+include cointop.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/cointop
+
+blacklist ${RUNUSER}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-X11.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/cointop
+whitelist ${HOME}/.config/cointop
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+
+disable-mnt
+private-bin cointop
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-lib
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile
index 2fe12843e..373f41ffe 100644
--- a/etc/profile-a-l/firefox-common.profile
+++ b/etc/profile-a-l/firefox-common.profile
@@ -61,6 +61,7 @@ private-tmp
 
 blacklist ${PATH}/curl
 blacklist ${PATH}/wget
+blacklist ${PATH}/wget2
 
 # 'dbus-user none' breaks various desktop integration features like global menus, native notifications,
 # Gnome connector, KDE connect and power management on KDE Plasma.
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile
index 0796e6876..1bbc141e8 100644
--- a/etc/profile-a-l/kmail.profile
+++ b/etc/profile-a-l/kmail.profile
@@ -29,6 +29,7 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kmail
 noblacklist ${HOME}/.local/share/kxmlgui5/kmail2
 noblacklist ${HOME}/.local/share/local-mail
 noblacklist ${HOME}/.local/share/notes
+noblacklist ${RUNUSER}/akonadi
 noblacklist /tmp/akonadi-*
 
 include disable-common.inc
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile
index bf8ab9e64..71309b48f 100644
--- a/etc/profile-a-l/lutris.profile
+++ b/etc/profile-a-l/lutris.profile
@@ -9,6 +9,7 @@ include globals.local
 noblacklist ${PATH}/llvm*
 noblacklist ${HOME}/Games
 noblacklist ${HOME}/.cache/lutris
+noblacklist ${HOME}/.cache/wine
 noblacklist ${HOME}/.cache/winetricks
 noblacklist ${HOME}/.config/lutris
 noblacklist ${HOME}/.local/share/lutris
@@ -34,6 +35,7 @@ include disable-xdg.inc
 
 mkdir ${HOME}/Games
 mkdir ${HOME}/.cache/lutris
+mkdir ${HOME}/.cache/wine
 mkdir ${HOME}/.cache/winetricks
 mkdir ${HOME}/.config/lutris
 mkdir ${HOME}/.local/share/lutris
@@ -41,6 +43,7 @@ mkdir ${HOME}/.local/share/lutris
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/Games
 whitelist ${HOME}/.cache/lutris
+whitelist ${HOME}/.cache/wine
 whitelist ${HOME}/.cache/winetricks
 whitelist ${HOME}/.config/lutris
 whitelist ${HOME}/.local/share/lutris