6 files changed, 67 insertions, 1 deletions
diff --git a/etc/audacity.profile b/etc/audacity.profile
new file mode 100644
index 000000000..8971ce1a2
--- /dev/null
+++ b/etc/audacity.profile
@@ -0,0 +1,16 @@
+# Audacity profile
+noblacklist ~/.audacity-data
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+nogroups
+#private-bin audacity
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/cpio.profile b/etc/cpio.profile
new file mode 100644
index 000000000..811d657f2
--- /dev/null
+++ b/etc/cpio.profile
@@ -0,0 +1,8 @@
+include /usr/local/etc/firejail/server.profile
+include /usr/local/etc/firejail/disable-common.inc
+include /usr/local/etc/firejail/disable-programs.inc
+include /usr/local/etc/firejail/disable-passwdmgr.inc
+caps.drop all
+net none
+shell none
+seccomp
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc
index 821aa1ea4..963cf6da0 100644
--- a/etc/disable-devel.inc
+++ b/etc/disable-devel.inc
@@ -2,15 +2,20 @@
 # GCC
 blacklist /usr/include
+blacklist /usr/lib/gcc
 blacklist /usr/bin/gcc*
 blacklist /usr/bin/cpp*
 blacklist /usr/bin/c9*
 blacklist /usr/bin/c8*
 blacklist /usr/bin/c++*
+blacklist /usr/bin/as
 blacklist /usr/bin/ld
 blacklist /usr/bin/gdb
 blacklist /usr/bin/g++*
 blacklist /usr/bin/x86_64-linux-gnu-g++*
+blacklist /usr/bin/x86_64-linux-gnu-gcc*
+blacklist /usr/bin/x86_64-unknown-linux-gnu-g++*
+blacklist /usr/bin/x86_64-unknown-linux-gnu-gcc*
 # clang/llvm
 blacklist /usr/bin/clang*
@@ -18,6 +23,11 @@ blacklist /usr/bin/llvm*
 blacklist /usb/bin/lldb*
 blacklist /usr/lib/llvm*
+# tcc - Tiny C Compiler
+blacklist /usr/bin/tcc
+blacklist /usr/bin/x86_64-tcc
+blacklist /usr/lib/tcc
 # Valgrind
 blacklist /usr/bin/valgrind*
 blacklist /usr/lib/valgrind
@@ -51,4 +61,3 @@ blacklist /usr/lib/ruby
 #blacklist /usr/local/lib/python3*
 #blacklist /usr/share/python3*
 #blacklist /usr/include/python3*
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 70deb2b0c..e9dd331aa 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.config/vlc
 blacklist ${HOME}/.config/mpv
 blacklist ${HOME}/.config/totem
 blacklist ${HOME}/.config/xplayer
+blacklist ${HOME}/.audacity-data
 # HTTP / FTP / Mail
 blacklist ${HOME}/.icedove
diff --git a/etc/gzip.profile b/etc/gzip.profile
new file mode 100644
index 000000000..f231c3780
--- /dev/null
+++ b/etc/gzip.profile
@@ -0,0 +1,19 @@
+################################
+# Gzip profile 
+################################
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+blacklist ${HOME}/.wine
+blacklist ${HOME}/.ssh
+tracelog
+caps.drop all
+seccomp 
+net none
+noroot
+nosound
+nogroups
+nonewprivs
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
new file mode 100644
index 000000000..f29f7360c
--- /dev/null
+++ b/etc/xzdec.profile
@@ -0,0 +1,13 @@
+# Firejail profile for XZ decompressor
+# xzdec.profile
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+seccomp
+tracelog
+noroot
+shell none

diff --git a/etc/audacity.profile b/etc/audacity.profile new file mode 100644 index 000000000..8971ce1a2 --- /dev/null +++ b/etc/audacity.profile
@@ -0,0 +1,16 @@
		1	# Audacity profile
		2	noblacklist ~/.audacity-data
		3
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7	include /etc/firejail/disable-programs.inc
		8
		9	caps.drop all
		10	netfilter
		11	nonewprivs
		12	noroot
		13	nogroups
		14	#private-bin audacity
		15	protocol unix,inet,inet6
		16	seccomp


diff --git a/etc/cpio.profile b/etc/cpio.profile new file mode 100644 index 000000000..811d657f2 --- /dev/null +++ b/etc/cpio.profile
@@ -0,0 +1,8 @@
		1	include /usr/local/etc/firejail/server.profile
		2	include /usr/local/etc/firejail/disable-common.inc
		3	include /usr/local/etc/firejail/disable-programs.inc
		4	include /usr/local/etc/firejail/disable-passwdmgr.inc
		5	caps.drop all
		6	net none
		7	shell none
		8	seccomp


diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index 821aa1ea4..963cf6da0 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc
@@ -2,15 +2,20 @@
2		2
3	# GCC	3	# GCC
4	blacklist /usr/include	4	blacklist /usr/include
		5	blacklist /usr/lib/gcc
5	blacklist /usr/bin/gcc*	6	blacklist /usr/bin/gcc*
6	blacklist /usr/bin/cpp*	7	blacklist /usr/bin/cpp*
7	blacklist /usr/bin/c9*	8	blacklist /usr/bin/c9*
8	blacklist /usr/bin/c8*	9	blacklist /usr/bin/c8*
9	blacklist /usr/bin/c++*	10	blacklist /usr/bin/c++*
		11	blacklist /usr/bin/as
10	blacklist /usr/bin/ld	12	blacklist /usr/bin/ld
11	blacklist /usr/bin/gdb	13	blacklist /usr/bin/gdb
12	blacklist /usr/bin/g++*	14	blacklist /usr/bin/g++*
13	blacklist /usr/bin/x86_64-linux-gnu-g++*	15	blacklist /usr/bin/x86_64-linux-gnu-g++*
		16	blacklist /usr/bin/x86_64-linux-gnu-gcc*
		17	blacklist /usr/bin/x86_64-unknown-linux-gnu-g++*
		18	blacklist /usr/bin/x86_64-unknown-linux-gnu-gcc*
14		19
15	# clang/llvm	20	# clang/llvm
16	blacklist /usr/bin/clang*	21	blacklist /usr/bin/clang*
@@ -18,6 +23,11 @@ blacklist /usr/bin/llvm*
18	blacklist /usb/bin/lldb*	23	blacklist /usb/bin/lldb*
19	blacklist /usr/lib/llvm*	24	blacklist /usr/lib/llvm*
20		25
		26	# tcc - Tiny C Compiler
		27	blacklist /usr/bin/tcc
		28	blacklist /usr/bin/x86_64-tcc
		29	blacklist /usr/lib/tcc
		30
21	# Valgrind	31	# Valgrind
22	blacklist /usr/bin/valgrind*	32	blacklist /usr/bin/valgrind*
23	blacklist /usr/lib/valgrind	33	blacklist /usr/lib/valgrind
@@ -51,4 +61,3 @@ blacklist /usr/lib/ruby
51	#blacklist /usr/local/lib/python3*	61	#blacklist /usr/local/lib/python3*
52	#blacklist /usr/share/python3*	62	#blacklist /usr/share/python3*
53	#blacklist /usr/include/python3*	63	#blacklist /usr/include/python3*
54


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 70deb2b0c..e9dd331aa 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.config/vlc
32	blacklist ${HOME}/.config/mpv	32	blacklist ${HOME}/.config/mpv
33	blacklist ${HOME}/.config/totem	33	blacklist ${HOME}/.config/totem
34	blacklist ${HOME}/.config/xplayer	34	blacklist ${HOME}/.config/xplayer
		35	blacklist ${HOME}/.audacity-data
35		36
36	# HTTP / FTP / Mail	37	# HTTP / FTP / Mail
37	blacklist ${HOME}/.icedove	38	blacklist ${HOME}/.icedove


diff --git a/etc/gzip.profile b/etc/gzip.profile new file mode 100644 index 000000000..f231c3780 --- /dev/null +++ b/etc/gzip.profile
@@ -0,0 +1,19 @@
		1	################################
		2	# Gzip profile
		3	################################
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	blacklist ${HOME}/.wine
		9	blacklist ${HOME}/.ssh
		10
		11	tracelog
		12	caps.drop all
		13	seccomp
		14	net none
		15	noroot
		16	nosound
		17	nogroups
		18	nonewprivs
		19


diff --git a/etc/xzdec.profile b/etc/xzdec.profile new file mode 100644 index 000000000..f29f7360c --- /dev/null +++ b/etc/xzdec.profile
@@ -0,0 +1,13 @@
		1	# Firejail profile for XZ decompressor
		2	# xzdec.profile
		3
		4	include /etc/firejail/disable-mgmt.inc
		5	include /etc/firejail/disable-secret.inc
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-devel.inc
		8
		9	caps.drop all
		10	seccomp
		11	tracelog
		12	noroot
		13	shell none