6 files changed, 110 insertions, 1 deletions
diff --git a/etc/default.profile b/etc/default.profile
index 66b04896f..484c1cd8e 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -25,4 +25,4 @@ seccomp
 # private-etc none
 # private-dev
 # private-tmp
+# nosound
diff --git a/etc/dia.profile b/etc/dia.profile
new file mode 100644
index 000000000..3c01e9a0b
--- /dev/null
+++ b/etc/dia.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/dia.local
+noblacklist ~/.dia
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 18b644987..285a7f7e3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.config/filezilla
 blacklist ${HOME}/.config/flowblade
 blacklist ${HOME}/.config/gajim
+blacklist ${HOME}/.config/geany
 blacklist ${HOME}/.config/geeqie
 blacklist ${HOME}/.config/gedit
 blacklist ${HOME}/.config/globaltime
@@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
 blacklist ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.dia
 blacklist ${HOME}/.dillo
 blacklist ${HOME}/.dosbox
 blacklist ${HOME}/.dropbox-dist
@@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d
 blacklist ${HOME}/.filezilla
 blacklist ${HOME}/.flowblade
 blacklist ${HOME}/.fltk
+blacklist ${HOME}/.FontForge
 blacklist ${HOME}/.gimp*
 blacklist ${HOME}/.git-credential-cache
 blacklist ${HOME}/.gitconfig
@@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml
 blacklist ${HOME}/.googleearth/myplaces.kml
 blacklist ${HOME}/.guayadeque
 blacklist ${HOME}/.hedgewars
+blacklist ${HOME}/.hugin
 blacklist ${HOME}/.icedove
 blacklist ${HOME}/.inkscape
 blacklist ${HOME}/.jitsi
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
new file mode 100644
index 000000000..014d15650
--- /dev/null
+++ b/etc/fontforge.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/fontforge.local
+noblacklist ${HOME}/.FontForge
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/geany.profile b/etc/geany.profile
new file mode 100644
index 000000000..8ccc44dc1
--- /dev/null
+++ b/etc/geany.profile
@@ -0,0 +1,26 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/geany.local
+noblacklist ${HOME}/.config/geany
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
diff --git a/etc/hugin.profile b/etc/hugin.profile
new file mode 100644
index 000000000..d2ad16c0e
--- /dev/null
+++ b/etc/hugin.profile
@@ -0,0 +1,27 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/hugin.local
+noblacklist ${HOME}/.hugin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+#
+# depending on you usage, you can enable some of the commands below: 
+#
+nogroups
+shell none
+# private-bin program
+# private-etc none
+private-dev
+private-tmp
+nosound

diff --git a/etc/default.profile b/etc/default.profile index 66b04896f..484c1cd8e 100644 --- a/etc/default.profile +++ b/etc/default.profile
@@ -25,4 +25,4 @@ seccomp
25	# private-etc none	25	# private-etc none
26	# private-dev	26	# private-dev
27	# private-tmp	27	# private-tmp
28		28	# nosound


diff --git a/etc/dia.profile b/etc/dia.profile new file mode 100644 index 000000000..3c01e9a0b --- /dev/null +++ b/etc/dia.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/dia.local
		4
		5	noblacklist ~/.dia
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 18b644987..285a7f7e3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -74,6 +74,7 @@ blacklist ${HOME}/.config/evolution
74	blacklist ${HOME}/.config/filezilla	74	blacklist ${HOME}/.config/filezilla
75	blacklist ${HOME}/.config/flowblade	75	blacklist ${HOME}/.config/flowblade
76	blacklist ${HOME}/.config/gajim	76	blacklist ${HOME}/.config/gajim
		77	blacklist ${HOME}/.config/geany
77	blacklist ${HOME}/.config/geeqie	78	blacklist ${HOME}/.config/geeqie
78	blacklist ${HOME}/.config/gedit	79	blacklist ${HOME}/.config/gedit
79	blacklist ${HOME}/.config/globaltime	80	blacklist ${HOME}/.config/globaltime
@@ -148,6 +149,7 @@ blacklist ${HOME}/.config/xviewer
148	blacklist ${HOME}/.config/zathura	149	blacklist ${HOME}/.config/zathura
149	blacklist ${HOME}/.config/zoomus.conf	150	blacklist ${HOME}/.config/zoomus.conf
150	blacklist ${HOME}/.conkeror.mozdev.org	151	blacklist ${HOME}/.conkeror.mozdev.org
		152	blacklist ${HOME}/.dia
151	blacklist ${HOME}/.dillo	153	blacklist ${HOME}/.dillo
152	blacklist ${HOME}/.dosbox	154	blacklist ${HOME}/.dosbox
153	blacklist ${HOME}/.dropbox-dist	155	blacklist ${HOME}/.dropbox-dist
@@ -158,6 +160,7 @@ blacklist ${HOME}/.emacs.d
158	blacklist ${HOME}/.filezilla	160	blacklist ${HOME}/.filezilla
159	blacklist ${HOME}/.flowblade	161	blacklist ${HOME}/.flowblade
160	blacklist ${HOME}/.fltk	162	blacklist ${HOME}/.fltk
		163	blacklist ${HOME}/.FontForge
161	blacklist ${HOME}/.gimp*	164	blacklist ${HOME}/.gimp*
162	blacklist ${HOME}/.git-credential-cache	165	blacklist ${HOME}/.git-credential-cache
163	blacklist ${HOME}/.gitconfig	166	blacklist ${HOME}/.gitconfig
@@ -167,6 +170,7 @@ blacklist ${HOME}/.googleearth/myplaces.backup.kml
167	blacklist ${HOME}/.googleearth/myplaces.kml	170	blacklist ${HOME}/.googleearth/myplaces.kml
168	blacklist ${HOME}/.guayadeque	171	blacklist ${HOME}/.guayadeque
169	blacklist ${HOME}/.hedgewars	172	blacklist ${HOME}/.hedgewars
		173	blacklist ${HOME}/.hugin
170	blacklist ${HOME}/.icedove	174	blacklist ${HOME}/.icedove
171	blacklist ${HOME}/.inkscape	175	blacklist ${HOME}/.inkscape
172	blacklist ${HOME}/.jitsi	176	blacklist ${HOME}/.jitsi


diff --git a/etc/fontforge.profile b/etc/fontforge.profile new file mode 100644 index 000000000..014d15650 --- /dev/null +++ b/etc/fontforge.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/fontforge.local
		4
		5	noblacklist ${HOME}/.FontForge
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26


diff --git a/etc/geany.profile b/etc/geany.profile new file mode 100644 index 000000000..8ccc44dc1 --- /dev/null +++ b/etc/geany.profile
@@ -0,0 +1,26 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/geany.local
		4
		5	noblacklist ${HOME}/.config/geany
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26


diff --git a/etc/hugin.profile b/etc/hugin.profile new file mode 100644 index 000000000..d2ad16c0e --- /dev/null +++ b/etc/hugin.profile
@@ -0,0 +1,27 @@
		1	# This file is overwritten during software install.
		2	# Persistent customizations should go in a .local file.
		3	include /etc/firejail/hugin.local
		4
		5	noblacklist ${HOME}/.hugin
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-programs.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9
		10	caps.drop all
		11	netfilter
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16
		17	#
		18	# depending on you usage, you can enable some of the commands below:
		19	#
		20	nogroups
		21	shell none
		22	# private-bin program
		23	# private-etc none
		24	private-dev
		25	private-tmp
		26	nosound
		27