5 files changed, 73 insertions, 3 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 655a44a04..d7ad242bc 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -387,6 +387,7 @@ blacklist ${HOME}/.cache/netsurf
 blacklist ${HOME}/.cache/opera
 blacklist ${HOME}/.cache/opera-beta
 blacklist ${HOME}/.cache/org.gnome.Books
+blacklist ${HOME}/.cache/peek
 blacklist ${HOME}/.cache/qBittorrent
 blacklist ${HOME}/.cache/qutebrowser
 blacklist ${HOME}/.cache/simple-scan
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index deace7898..4a5503944 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -8,8 +8,8 @@ include /etc/firejail/keepassxc.local
 # Firejail profile for KeepassXC
 noblacklist ${HOME}/.config/keepassxc
 noblacklist ${HOME}/.keepassxc
-noblacklist ${HOME}/.*kdbx
+noblacklist ${HOME}/*.kdbx
-noblacklist ${HOME}/.*kdb
+noblacklist ${HOME}/*.kdb
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
@@ -25,6 +25,7 @@ nogroups
 nonewprivs
 noroot
 nosound
+novideo
 protocol unix
 seccomp
 shell none
diff --git a/etc/peek.profile b/etc/peek.profile
new file mode 100644
index 000000000..bac3e0a99
--- /dev/null
+++ b/etc/peek.profile
@@ -0,0 +1,33 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/peek.local
+# Firejail profile for Peek
+noblacklist ${HOME}/.cache/peek
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+#private-bin peek,convert,ffmpeg
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile
new file mode 100644
index 000000000..bcad82b5d
--- /dev/null
+++ b/etc/silentarmy.profile
@@ -0,0 +1,33 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/silentarmy.local
+# Firejail profile for SILENTARMY
+include /etc/firejail/disable-common.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+#private-bin silentarmy,sa-solver,python3
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index e2dc6216b..b26726572 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -29,7 +29,9 @@ noroot
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
-tracelog
+# tracelog disabled as it breaks integrated browser
+#tracelog
 private-dev
 private-tmp

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 655a44a04..d7ad242bc 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -387,6 +387,7 @@ blacklist ${HOME}/.cache/netsurf
387	blacklist ${HOME}/.cache/opera	387	blacklist ${HOME}/.cache/opera
388	blacklist ${HOME}/.cache/opera-beta	388	blacklist ${HOME}/.cache/opera-beta
389	blacklist ${HOME}/.cache/org.gnome.Books	389	blacklist ${HOME}/.cache/org.gnome.Books
		390	blacklist ${HOME}/.cache/peek
390	blacklist ${HOME}/.cache/qBittorrent	391	blacklist ${HOME}/.cache/qBittorrent
391	blacklist ${HOME}/.cache/qutebrowser	392	blacklist ${HOME}/.cache/qutebrowser
392	blacklist ${HOME}/.cache/simple-scan	393	blacklist ${HOME}/.cache/simple-scan


diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index deace7898..4a5503944 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile
@@ -8,8 +8,8 @@ include /etc/firejail/keepassxc.local
8	# Firejail profile for KeepassXC	8	# Firejail profile for KeepassXC
9	noblacklist ${HOME}/.config/keepassxc	9	noblacklist ${HOME}/.config/keepassxc
10	noblacklist ${HOME}/.keepassxc	10	noblacklist ${HOME}/.keepassxc
11	noblacklist ${HOME}/.*kdbx	11	noblacklist ${HOME}/*.kdbx
12	noblacklist ${HOME}/.*kdb	12	noblacklist ${HOME}/*.kdb
13		13
14	include /etc/firejail/disable-common.inc	14	include /etc/firejail/disable-common.inc
15	include /etc/firejail/disable-programs.inc	15	include /etc/firejail/disable-programs.inc
@@ -25,6 +25,7 @@ nogroups
25	nonewprivs	25	nonewprivs
26	noroot	26	noroot
27	nosound	27	nosound
		28	novideo
28	protocol unix	29	protocol unix
29	seccomp	30	seccomp
30	shell none	31	shell none


diff --git a/etc/peek.profile b/etc/peek.profile new file mode 100644 index 000000000..bac3e0a99 --- /dev/null +++ b/etc/peek.profile
@@ -0,0 +1,33 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/peek.local
		7
		8	# Firejail profile for Peek
		9	noblacklist ${HOME}/.cache/peek
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-devel.inc
		13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
		15
		16	caps.drop all
		17	net none
		18	no3d
		19	nogroups
		20	nonewprivs
		21	noroot
		22	nosound
		23	novideo
		24	protocol unix
		25	seccomp
		26	shell none
		27
		28	#private-bin peek,convert,ffmpeg
		29	private-dev
		30	private-tmp
		31
		32	noexec ${HOME}
		33	noexec /tmp


diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile new file mode 100644 index 000000000..bcad82b5d --- /dev/null +++ b/etc/silentarmy.profile
@@ -0,0 +1,33 @@
		1	# Persistent global definitions go here
		2	include /etc/firejail/globals.local
		3
		4	# This file is overwritten during software install.
		5	# Persistent customizations should go in a .local file.
		6	include /etc/firejail/silentarmy.local
		7
		8	# Firejail profile for SILENTARMY
		9
		10	include /etc/firejail/disable-common.inc
		11	#include /etc/firejail/disable-devel.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14
		15	caps.drop all
		16	netfilter
		17	nogroups
		18	nonewprivs
		19	noroot
		20	nosound
		21	novideo
		22	protocol unix,inet,inet6
		23	seccomp
		24	shell none
		25
		26	disable-mnt
		27	private
		28	#private-bin silentarmy,sa-solver,python3
		29	private-dev
		30	private-tmp
		31
		32	noexec ${HOME}
		33	noexec /tmp


diff --git a/etc/steam.profile b/etc/steam.profile index e2dc6216b..b26726572 100644 --- a/etc/steam.profile +++ b/etc/steam.profile
@@ -29,7 +29,9 @@ noroot
29	protocol unix,inet,inet6,netlink	29	protocol unix,inet,inet6,netlink
30	seccomp	30	seccomp
31	shell none	31	shell none
32	tracelog	32
		33	# tracelog disabled as it breaks integrated browser
		34	#tracelog
33		35
34	private-dev	36	private-dev
35	private-tmp	37	private-tmp