4 files changed, 40 insertions, 1 deletions
diff --git a/etc/XMind.profile b/etc/XMind.profile
new file mode 100644
index 000000000..ff6258ca2
--- /dev/null
+++ b/etc/XMind.profile
@@ -0,0 +1,38 @@
+# Firejail profile for XMind
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/XMind.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.xmind
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.xmind
+whitelist ${HOME}/.xmind
+whitelist ${DOWNLOADS}
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin XMind,sh,cp
+private-tmp
+private-dev
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index b87635ce3..5ff0b7c3a 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -32,7 +32,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
-private-dev
 # private-tmp
 # noexec /tmp breaks 'Android Profiler'
diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile
index 027eeef82..87f2949e6 100644
--- a/etc/baloo_filemetadata_temp_extractor.profile
+++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -6,6 +6,7 @@ include /etc/firejail/baloo_filemetadata_temp_extractor.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+ignore read-write
 read-only ${HOME}
 # Redirect
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 87f151a9a..ea334c289 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -505,6 +505,7 @@ blacklist ${HOME}/.wine
 blacklist ${HOME}/.wireshark
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.xiphos
+blacklist ${HOME}/.xmind
 blacklist ${HOME}/.xmms
 blacklist ${HOME}/.xmr-stak
 blacklist ${HOME}/.xonotic

diff --git a/etc/XMind.profile b/etc/XMind.profile new file mode 100644 index 000000000..ff6258ca2 --- /dev/null +++ b/etc/XMind.profile
@@ -0,0 +1,38 @@
		1	# Firejail profile for XMind
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/XMind.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.xmind
		9
		10	include /etc/firejail/disable-common.inc
		11	include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-interpreters.inc
		13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
		15
		16	mkdir ${HOME}/.xmind
		17	whitelist ${HOME}/.xmind
		18	whitelist ${DOWNLOADS}
		19	include /etc/firejail/whitelist-common.inc
		20
		21	caps.drop all
		22	netfilter
		23	nodvd
		24	nogroups
		25	nonewprivs
		26	noroot
		27	notv
		28	protocol unix,inet,inet6
		29	seccomp
		30	shell none
		31
		32	disable-mnt
		33	private-bin XMind,sh,cp
		34	private-tmp
		35	private-dev
		36
		37	noexec ${HOME}
		38	noexec /tmp


diff --git a/etc/android-studio.profile b/etc/android-studio.profile index b87635ce3..5ff0b7c3a 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile
@@ -32,7 +32,6 @@ protocol unix,inet,inet6
32	seccomp	32	seccomp
33	shell none	33	shell none
34		34
35	private-dev
36	# private-tmp	35	# private-tmp
37		36
38	# noexec /tmp breaks 'Android Profiler'	37	# noexec /tmp breaks 'Android Profiler'


diff --git a/etc/baloo_filemetadata_temp_extractor.profile b/etc/baloo_filemetadata_temp_extractor.profile index 027eeef82..87f2949e6 100644 --- a/etc/baloo_filemetadata_temp_extractor.profile +++ b/etc/baloo_filemetadata_temp_extractor.profile
@@ -6,6 +6,7 @@ include /etc/firejail/baloo_filemetadata_temp_extractor.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include /etc/firejail/globals.local	7	include /etc/firejail/globals.local
8		8
		9	ignore read-write
9	read-only ${HOME}	10	read-only ${HOME}
10		11
11	# Redirect	12	# Redirect


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 87f151a9a..ea334c289 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -505,6 +505,7 @@ blacklist ${HOME}/.wine
505	blacklist ${HOME}/.wireshark	505	blacklist ${HOME}/.wireshark
506	blacklist ${HOME}/.wine64	506	blacklist ${HOME}/.wine64
507	blacklist ${HOME}/.xiphos	507	blacklist ${HOME}/.xiphos
		508	blacklist ${HOME}/.xmind
508	blacklist ${HOME}/.xmms	509	blacklist ${HOME}/.xmms
509	blacklist ${HOME}/.xmr-stak	510	blacklist ${HOME}/.xmr-stak
510	blacklist ${HOME}/.xonotic	511	blacklist ${HOME}/.xonotic