12 files changed, 153 insertions, 7 deletions
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile
index f73ef0935..f0ef7d010 100644
--- a/etc/profile-m-z/mediathekview.profile
+++ b/etc/profile-m-z/mediathekview.profile
@@ -17,6 +17,8 @@ noblacklist ${HOME}/.mediathek3
 noblacklist ${HOME}/.mplayer
 noblacklist ${VIDEOS}
+ignore noexec /tmp
 # Allow java (blacklisted by disable-devel.inc)
 include allow-java.inc
@@ -27,6 +29,8 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.mediathek3
+whitelist ${HOME}/.mediathek3
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile
new file mode 100644
index 000000000..104577bdb
--- /dev/null
+++ b/etc/profile-m-z/raincat.profile
@@ -0,0 +1,49 @@
+# Firejail profile for raincat
+# This file is overwritten after every install/update
+# Persistent local customizations
+include raincat.local
+# Persistent global definitions
+include globals.local
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist /usr/share/games
+whitelist /usr/share/timidity
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+net none
+seccomp
+shell none
+tracelog
+disable-mnt
+private
+private-bin raincat
+private-cache
+private-dev
+private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,timidity,timidity.cfg
+#private-lib
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile
new file mode 100644
index 000000000..79e072475
--- /dev/null
+++ b/etc/profile-m-z/seafile-applet.profile
@@ -0,0 +1,62 @@
+# Firejail profile for Seafile
+# Description: Seafile desktop client.
+# This file is overwritten after every install/update
+# Persistent local customizations
+include seafile-applet.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/Seafile
+noblacklist ${HOME}/Seafile/.seafile-data
+blacklist /usr/libexec
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.ccnet
+mkdir ${HOME}/.config/Seafile
+mkdir ${HOME}/Seafile
+whitelist ${HOME}/.ccnet
+whitelist ${HOME}/.config/Seafile
+whitelist ${HOME}/Seafile
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin seaf-cli,seaf-daemon,seafile-applet
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+#private-opt none
+private-tmp
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile
index 77a7f5b38..1166f378b 100644
--- a/etc/profile-m-z/signal-desktop.profile
+++ b/etc/profile-m-z/signal-desktop.profile
@@ -21,9 +21,15 @@ whitelist ${HOME}/.config/Signal
 private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
-# allow D-Bus notifications
 dbus-user filter
+# allow D-Bus notifications
 dbus-user.talk org.freedesktop.Notifications
+# allow D-Bus communication with firefox for opening links
+dbus-user.talk org.mozilla.Firefox.*
+dbus-user.talk org.mozilla.firefox.*
 ignore dbus-user none
 # Redirect
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index 9295013e7..4da0db517 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -50,4 +50,5 @@ writable-run-user
 dbus-user none
 dbus-system none
+deterministic-shutdown
 memory-deny-write-execute
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index bcf94de51..b31818274 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -147,7 +147,7 @@ shell none
 # private-bin is disabled while in testing, but is known to work with multiple games.
 # Add the next line to your steam.local to enable private-bin.
-#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity
+#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,wget2,which,whoami,xterm,xz,zenity
 # Extra programs are available which might be needed for select games.
 # Add the next line to your steam.local to enable support for these programs.
 #private-bin java,java-config,mono
@@ -157,7 +157,7 @@ shell none
 private-dev
 # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc'
 # to your steam.local to support those.
-private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl
+private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan
 private-tmp
 # dbus-user none
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile
index 473472251..23c8a6c58 100644
--- a/etc/profile-m-z/supertuxkart.profile
+++ b/etc/profile-m-z/supertuxkart.profile
@@ -43,7 +43,7 @@ noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6,bluetooth
+protocol unix,inet,inet6,netlink,bluetooth
 seccomp
 seccomp.block-secondary
 shell none
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile
index 41487a8f2..dcdae279f 100644
--- a/etc/profile-m-z/uzbl-browser.profile
+++ b/etc/profile-m-z/uzbl-browser.profile
@@ -8,6 +8,7 @@ include globals.local
 noblacklist ${HOME}/.config/uzbl
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.local/share/uzbl
+noblacklist ${HOME}/.password-store
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile
index 46dca0547..5519c3c1e 100644
--- a/etc/profile-m-z/warzone2100.profile
+++ b/etc/profile-m-z/warzone2100.profile
@@ -7,19 +7,22 @@ include warzone2100.local
 include globals.local
 noblacklist ${HOME}/.warzone2100-3.*
+noblacklist ${HOME}/.local/share/warzone2100-3.*
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
-include disable-shell.inc
+#include disable-shell.inc - problems on Debian 11
 mkdir ${HOME}/.warzone2100-3.1
 mkdir ${HOME}/.warzone2100-3.2
+whitelist ${HOME}/.local/share/warzone2100-3.3.0 # config dir moved under .local/share
 whitelist ${HOME}/.warzone2100-3.1
 whitelist ${HOME}/.warzone2100-3.2
 whitelist /usr/share/games
+whitelist /usr/share/gdm
 include whitelist-common.inc
 include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
@@ -42,6 +45,6 @@ shell none
 tracelog
 disable-mnt
-private-bin warzone2100
+private-bin bash,dash,sh,warzone2100,which
 private-dev
 private-tmp
diff --git a/etc/profile-m-z/wget2.profile b/etc/profile-m-z/wget2.profile
new file mode 100644
index 000000000..18918c6af
--- /dev/null
+++ b/etc/profile-m-z/wget2.profile
@@ -0,0 +1,19 @@
+# Firejail profile for wget2
+# Description: Updated version of the popular wget URL retrieval tool
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include wget2.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+noblacklist ${HOME}/.config/wget
+ignore noblacklist ${HOME}/.wgetrc
+private-bin wget2
+# Depending on workflow you can add the next line to your wget2.local.
+#private-etc wget2rc
+# Redirect
+include wget.profile
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile
index 1e9b9341b..f30fc971f 100644
--- a/etc/profile-m-z/wine.profile
+++ b/etc/profile-m-z/wine.profile
@@ -6,6 +6,7 @@ include wine.local
 # Persistent global definitions
 include globals.local
+noblacklist ${HOME}/.cache/wine
 noblacklist ${HOME}/.cache/winetricks
 noblacklist ${HOME}/.Steam
 noblacklist ${HOME}/.local/share/Steam
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile
index 80d551038..f212a6721 100644
--- a/etc/profile-m-z/youtube-viewers-common.profile
+++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -50,7 +50,7 @@ shell none
 tracelog
 disable-mnt
-private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,which,xterm,youtube-dl,yt-dlp
+private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp
 private-cache
 private-dev
 private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg

diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index f73ef0935..f0ef7d010 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile
@@ -17,6 +17,8 @@ noblacklist ${HOME}/.mediathek3
17	noblacklist ${HOME}/.mplayer	17	noblacklist ${HOME}/.mplayer
18	noblacklist ${VIDEOS}	18	noblacklist ${VIDEOS}
19		19
		20	ignore noexec /tmp
		21
20	# Allow java (blacklisted by disable-devel.inc)	22	# Allow java (blacklisted by disable-devel.inc)
21	include allow-java.inc	23	include allow-java.inc
22		24
@@ -27,6 +29,8 @@ include disable-interpreters.inc
27	include disable-programs.inc	29	include disable-programs.inc
28	include disable-xdg.inc	30	include disable-xdg.inc
29		31
		32	mkdir ${HOME}/.mediathek3
		33	whitelist ${HOME}/.mediathek3
30	include whitelist-var-common.inc	34	include whitelist-var-common.inc
31		35
32	caps.drop all	36	caps.drop all


diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile new file mode 100644 index 000000000..104577bdb --- /dev/null +++ b/etc/profile-m-z/raincat.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for raincat
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include raincat.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	include disable-devel.inc
		9	include disable-exec.inc
		10	include disable-interpreters.inc
		11	include disable-programs.inc
		12	include disable-shell.inc
		13	include disable-xdg.inc
		14
		15	whitelist /usr/share/games
		16	whitelist /usr/share/timidity
		17	include whitelist-usr-share-common.inc
		18	include whitelist-var-common.inc
		19
		20	apparmor
		21	caps.drop all
		22	ipc-namespace
		23	netfilter
		24	nodvd
		25	nogroups
		26	noinput
		27	nonewprivs
		28	noroot
		29	notv
		30	nou2f
		31	novideo
		32	protocol unix
		33	net none
		34	seccomp
		35	shell none
		36	tracelog
		37
		38	disable-mnt
		39	private
		40	private-bin raincat
		41	private-cache
		42	private-dev
		43	private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,timidity,timidity.cfg
		44	#private-lib
		45	private-tmp
		46
		47	dbus-user none
		48	dbus-system none
		49


diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile new file mode 100644 index 000000000..79e072475 --- /dev/null +++ b/etc/profile-m-z/seafile-applet.profile
@@ -0,0 +1,62 @@
		1	# Firejail profile for Seafile
		2	# Description: Seafile desktop client.
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include seafile-applet.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/Seafile
		10	noblacklist ${HOME}/Seafile/.seafile-data
		11
		12	blacklist /usr/libexec
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.ccnet
		22	mkdir ${HOME}/.config/Seafile
		23	mkdir ${HOME}/Seafile
		24	whitelist ${HOME}/.ccnet
		25	whitelist ${HOME}/.config/Seafile
		26	whitelist ${HOME}/Seafile
		27
		28	include whitelist-common.inc
		29	include whitelist-run-common.inc
		30	include whitelist-runuser-common.inc
		31	include whitelist-usr-share-common.inc
		32	include whitelist-var-common.inc
		33
		34	apparmor
		35	caps.drop all
		36	netfilter
		37	nodvd
		38	nogroups
		39	noinput
		40	nonewprivs
		41	noprinters
		42	noroot
		43	nosound
		44	notv
		45	nou2f
		46	novideo
		47	protocol unix,inet,inet6
		48	seccomp
		49	seccomp.block-secondary
		50	shell none
		51	tracelog
		52
		53	disable-mnt
		54	private-bin seaf-cli,seaf-daemon,seafile-applet
		55	private-cache
		56	private-dev
		57	private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
		58	#private-opt none
		59	private-tmp
		60
		61	dbus-user none
		62	dbus-system none


diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index 77a7f5b38..1166f378b 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile
@@ -21,9 +21,15 @@ whitelist ${HOME}/.config/Signal
21		21
22	private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl	22	private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl
23		23
24	# allow D-Bus notifications
25	dbus-user filter	24	dbus-user filter
		25
		26	# allow D-Bus notifications
26	dbus-user.talk org.freedesktop.Notifications	27	dbus-user.talk org.freedesktop.Notifications
		28
		29	# allow D-Bus communication with firefox for opening links
		30	dbus-user.talk org.mozilla.Firefox.*
		31	dbus-user.talk org.mozilla.firefox.*
		32
27	ignore dbus-user none	33	ignore dbus-user none
28		34
29	# Redirect	35	# Redirect


diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 9295013e7..4da0db517 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile
@@ -50,4 +50,5 @@ writable-run-user
50	dbus-user none	50	dbus-user none
51	dbus-system none	51	dbus-system none
52		52
		53	deterministic-shutdown
53	memory-deny-write-execute	54	memory-deny-write-execute


diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index bcf94de51..b31818274 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile
@@ -147,7 +147,7 @@ shell none
147		147
148	# private-bin is disabled while in testing, but is known to work with multiple games.	148	# private-bin is disabled while in testing, but is known to work with multiple games.
149	# Add the next line to your steam.local to enable private-bin.	149	# Add the next line to your steam.local to enable private-bin.
150	#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,which,whoami,xterm,xz,zenity	150	#private-bin awk,basename,bash,bsdtar,bzip2,cat,chmod,cksum,cmp,comm,compress,cp,curl,cut,date,dbus-launch,dbus-send,desktop-file-edit,desktop-file-install,desktop-file-validate,dirname,echo,env,expr,file,find,getopt,grep,gtar,gzip,head,hostname,id,lbzip2,ldconfig,ldd,ln,ls,lsb_release,lsof,lspci,lz4,lzip,lzma,lzop,md5sum,mkdir,mktemp,mv,netstat,ps,pulseaudio,python*,readlink,realpath,rm,sed,sh,sha1sum,sha256sum,sha512sum,sleep,sort,steam,steamdeps,steam-native,steam-runtime,sum,tail,tar,tclsh,test,touch,tr,umask,uname,update-desktop-database,wc,wget,wget2,which,whoami,xterm,xz,zenity
151	# Extra programs are available which might be needed for select games.	151	# Extra programs are available which might be needed for select games.
152	# Add the next line to your steam.local to enable support for these programs.	152	# Add the next line to your steam.local to enable support for these programs.
153	#private-bin java,java-config,mono	153	#private-bin java,java-config,mono
@@ -157,7 +157,7 @@ shell none
157	private-dev	157	private-dev
158	# private-etc breaks a small selection of games on some systems. Add 'ignore private-etc'	158	# private-etc breaks a small selection of games on some systems. Add 'ignore private-etc'
159	# to your steam.local to support those.	159	# to your steam.local to support those.
160	private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl	160	private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan
161	private-tmp	161	private-tmp
162		162
163	# dbus-user none	163	# dbus-user none


diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 473472251..23c8a6c58 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile
@@ -43,7 +43,7 @@ noroot
43	notv	43	notv
44	nou2f	44	nou2f
45	novideo	45	novideo
46	protocol unix,inet,inet6,bluetooth	46	protocol unix,inet,inet6,netlink,bluetooth
47	seccomp	47	seccomp
48	seccomp.block-secondary	48	seccomp.block-secondary
49	shell none	49	shell none


diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index 41487a8f2..dcdae279f 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile
@@ -8,6 +8,7 @@ include globals.local
8	noblacklist ${HOME}/.config/uzbl	8	noblacklist ${HOME}/.config/uzbl
9	noblacklist ${HOME}/.gnupg	9	noblacklist ${HOME}/.gnupg
10	noblacklist ${HOME}/.local/share/uzbl	10	noblacklist ${HOME}/.local/share/uzbl
		11	noblacklist ${HOME}/.password-store
11		12
12	# Allow python (blacklisted by disable-interpreters.inc)	13	# Allow python (blacklisted by disable-interpreters.inc)
13	include allow-python2.inc	14	include allow-python2.inc


diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 46dca0547..5519c3c1e 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile
@@ -7,19 +7,22 @@ include warzone2100.local
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${HOME}/.warzone2100-3.*	9	noblacklist ${HOME}/.warzone2100-3.*
		10	noblacklist ${HOME}/.local/share/warzone2100-3.*
10		11
11	include disable-common.inc	12	include disable-common.inc
12	include disable-devel.inc	13	include disable-devel.inc
13	include disable-exec.inc	14	include disable-exec.inc
14	include disable-interpreters.inc	15	include disable-interpreters.inc
15	include disable-programs.inc	16	include disable-programs.inc
16	include disable-shell.inc	17	#include disable-shell.inc - problems on Debian 11
17		18
18	mkdir ${HOME}/.warzone2100-3.1	19	mkdir ${HOME}/.warzone2100-3.1
19	mkdir ${HOME}/.warzone2100-3.2	20	mkdir ${HOME}/.warzone2100-3.2
		21	whitelist ${HOME}/.local/share/warzone2100-3.3.0 # config dir moved under .local/share
20	whitelist ${HOME}/.warzone2100-3.1	22	whitelist ${HOME}/.warzone2100-3.1
21	whitelist ${HOME}/.warzone2100-3.2	23	whitelist ${HOME}/.warzone2100-3.2
22	whitelist /usr/share/games	24	whitelist /usr/share/games
		25	whitelist /usr/share/gdm
23	include whitelist-common.inc	26	include whitelist-common.inc
24	include whitelist-runuser-common.inc	27	include whitelist-runuser-common.inc
25	include whitelist-usr-share-common.inc	28	include whitelist-usr-share-common.inc
@@ -42,6 +45,6 @@ shell none
42	tracelog	45	tracelog
43		46
44	disable-mnt	47	disable-mnt
45	private-bin warzone2100	48	private-bin bash,dash,sh,warzone2100,which
46	private-dev	49	private-dev
47	private-tmp	50	private-tmp


diff --git a/etc/profile-m-z/wget2.profile b/etc/profile-m-z/wget2.profile new file mode 100644 index 000000000..18918c6af --- /dev/null +++ b/etc/profile-m-z/wget2.profile
@@ -0,0 +1,19 @@
		1	# Firejail profile for wget2
		2	# Description: Updated version of the popular wget URL retrieval tool
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include wget2.local
		7	# Persistent global definitions
		8	# added by included profile
		9	#include globals.local
		10
		11	noblacklist ${HOME}/.config/wget
		12	ignore noblacklist ${HOME}/.wgetrc
		13
		14	private-bin wget2
		15	# Depending on workflow you can add the next line to your wget2.local.
		16	#private-etc wget2rc
		17
		18	# Redirect
		19	include wget.profile


diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index 1e9b9341b..f30fc971f 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile
@@ -6,6 +6,7 @@ include wine.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
		9	noblacklist ${HOME}/.cache/wine
9	noblacklist ${HOME}/.cache/winetricks	10	noblacklist ${HOME}/.cache/winetricks
10	noblacklist ${HOME}/.Steam	11	noblacklist ${HOME}/.Steam
11	noblacklist ${HOME}/.local/share/Steam	12	noblacklist ${HOME}/.local/share/Steam


diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 80d551038..f212a6721 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile
@@ -50,7 +50,7 @@ shell none
50	tracelog	50	tracelog
51		51
52	disable-mnt	52	disable-mnt
53	private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,which,xterm,youtube-dl,yt-dlp	53	private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp
54	private-cache	54	private-cache
55	private-dev	55	private-dev
56	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg	56	private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg