3 files changed, 63 insertions, 1 deletions
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index 34cb3631a..41de746dd 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -163,7 +163,7 @@ protocol unix,inet,inet6,netlink
 # Add 'ignore seccomp' to your steam.local if you experience this.
 # mount, name_to_handle_at, pivot_root and umount2 are used by Proton >= 5.13
 # (see #4366).
-seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!ptrace,!umount2
+seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!process_vm_readv,!ptrace,!umount2
 # process_vm_readv is used by GE-Proton7-18 (see #5185).
 seccomp.32 !process_vm_readv
 # tracelog breaks integrated browser
diff --git a/etc/profile-m-z/tesseract.profile b/etc/profile-m-z/tesseract.profile
index 5babfb8d2..c0293406d 100644
--- a/etc/profile-m-z/tesseract.profile
+++ b/etc/profile-m-z/tesseract.profile
@@ -26,6 +26,7 @@ include whitelist-common.inc
 include whitelist-run-common.inc
 include whitelist-runuser-common.inc
 whitelist /usr/share/tessdata
+whitelist /usr/share/tesseract-ocr
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-m-z/tiny-rdm.profile b/etc/profile-m-z/tiny-rdm.profile
new file mode 100644
index 000000000..4134d666c
--- /dev/null
+++ b/etc/profile-m-z/tiny-rdm.profile
@@ -0,0 +1,61 @@
+# Firejail profile for tiny-rdm
+# Description: A Modern Redis GUI Client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include tiny-rdm.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/tiny-rdm
+noblacklist ${HOME}/.config/TinyRDM
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-proc.inc
+include disable-shell.inc
+include disable-xdg.inc
+mkdir ${HOME}/.cache/tiny-rdm
+mkdir ${HOME}/.config/TinyRDM
+whitelist ${HOME}/.cache/tiny-rdm
+whitelist ${HOME}/.config/TinyRDM
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+novideo
+nosound
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-bin tiny-rdm
+private-cache
+private-dev
+private-etc @network,@tls-ca,@x11
+private-tmp
+dbus-user none
+dbus-system none
+restrict-namespaces

diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 34cb3631a..41de746dd 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile
@@ -163,7 +163,7 @@ protocol unix,inet,inet6,netlink
163	# Add 'ignore seccomp' to your steam.local if you experience this.	163	# Add 'ignore seccomp' to your steam.local if you experience this.
164	# mount, name_to_handle_at, pivot_root and umount2 are used by Proton >= 5.13	164	# mount, name_to_handle_at, pivot_root and umount2 are used by Proton >= 5.13
165	# (see #4366).	165	# (see #4366).
166	seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!ptrace,!umount2	166	seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!process_vm_readv,!ptrace,!umount2
167	# process_vm_readv is used by GE-Proton7-18 (see #5185).	167	# process_vm_readv is used by GE-Proton7-18 (see #5185).
168	seccomp.32 !process_vm_readv	168	seccomp.32 !process_vm_readv
169	# tracelog breaks integrated browser	169	# tracelog breaks integrated browser


diff --git a/etc/profile-m-z/tesseract.profile b/etc/profile-m-z/tesseract.profile index 5babfb8d2..c0293406d 100644 --- a/etc/profile-m-z/tesseract.profile +++ b/etc/profile-m-z/tesseract.profile
@@ -26,6 +26,7 @@ include whitelist-common.inc
26	include whitelist-run-common.inc	26	include whitelist-run-common.inc
27	include whitelist-runuser-common.inc	27	include whitelist-runuser-common.inc
28	whitelist /usr/share/tessdata	28	whitelist /usr/share/tessdata
		29	whitelist /usr/share/tesseract-ocr
29	include whitelist-usr-share-common.inc	30	include whitelist-usr-share-common.inc
30	include whitelist-var-common.inc	31	include whitelist-var-common.inc
31		32


diff --git a/etc/profile-m-z/tiny-rdm.profile b/etc/profile-m-z/tiny-rdm.profile new file mode 100644 index 000000000..4134d666c --- /dev/null +++ b/etc/profile-m-z/tiny-rdm.profile
@@ -0,0 +1,61 @@
		1	# Firejail profile for tiny-rdm
		2	# Description: A Modern Redis GUI Client
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include tiny-rdm.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.cache/tiny-rdm
		10	noblacklist ${HOME}/.config/TinyRDM
		11
		12	include disable-common.inc
		13	include disable-devel.inc
		14	include disable-exec.inc
		15	include disable-interpreters.inc
		16	include disable-programs.inc
		17	include disable-proc.inc
		18	include disable-shell.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.cache/tiny-rdm
		22	mkdir ${HOME}/.config/TinyRDM
		23	whitelist ${HOME}/.cache/tiny-rdm
		24	whitelist ${HOME}/.config/TinyRDM
		25	include whitelist-common.inc
		26	include whitelist-run-common.inc
		27	include whitelist-runuser-common.inc
		28	include whitelist-usr-share-common.inc
		29	include whitelist-var-common.inc
		30
		31	apparmor
		32	caps.drop all
		33	ipc-namespace
		34	netfilter
		35	no3d
		36	nodvd
		37	nogroups
		38	noinput
		39	nonewprivs
		40	noprinters
		41	noroot
		42	notv
		43	nou2f
		44	novideo
		45	nosound
		46	protocol unix,inet,inet6
		47	seccomp
		48	seccomp.block-secondary
		49	tracelog
		50
		51	disable-mnt
		52	private-bin tiny-rdm
		53	private-cache
		54	private-dev
		55	private-etc @network,@tls-ca,@x11
		56	private-tmp
		57
		58	dbus-user none
		59	dbus-system none
		60
		61	restrict-namespaces