5 files changed, 57 insertions, 0 deletions
diff --git a/etc/audacity.profile b/etc/audacity.profile
new file mode 100644
index 000000000..8971ce1a2
--- /dev/null
+++ b/etc/audacity.profile
@@ -0,0 +1,16 @@
+# Audacity profile
+noblacklist ~/.audacity-data
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+nonewprivs
+noroot
+nogroups
+#private-bin audacity
+protocol unix,inet,inet6
+seccomp
diff --git a/etc/cpio.profile b/etc/cpio.profile
new file mode 100644
index 000000000..811d657f2
--- /dev/null
+++ b/etc/cpio.profile
@@ -0,0 +1,8 @@
+include /usr/local/etc/firejail/server.profile
+include /usr/local/etc/firejail/disable-common.inc
+include /usr/local/etc/firejail/disable-programs.inc
+include /usr/local/etc/firejail/disable-passwdmgr.inc
+caps.drop all
+net none
+shell none
+seccomp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 70deb2b0c..e9dd331aa 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.config/vlc
 blacklist ${HOME}/.config/mpv
 blacklist ${HOME}/.config/totem
 blacklist ${HOME}/.config/xplayer
+blacklist ${HOME}/.audacity-data
 # HTTP / FTP / Mail
 blacklist ${HOME}/.icedove
diff --git a/etc/gzip.profile b/etc/gzip.profile
new file mode 100644
index 000000000..f231c3780
--- /dev/null
+++ b/etc/gzip.profile
@@ -0,0 +1,19 @@
+################################
+# Gzip profile 
+################################
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+blacklist ${HOME}/.wine
+blacklist ${HOME}/.ssh
+tracelog
+caps.drop all
+seccomp 
+net none
+noroot
+nosound
+nogroups
+nonewprivs
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
new file mode 100644
index 000000000..f29f7360c
--- /dev/null
+++ b/etc/xzdec.profile
@@ -0,0 +1,13 @@
+# Firejail profile for XZ decompressor
+# xzdec.profile
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+seccomp
+tracelog
+noroot
+shell none

diff --git a/etc/audacity.profile b/etc/audacity.profile new file mode 100644 index 000000000..8971ce1a2 --- /dev/null +++ b/etc/audacity.profile
@@ -0,0 +1,16 @@
		1	# Audacity profile
		2	noblacklist ~/.audacity-data
		3
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7	include /etc/firejail/disable-programs.inc
		8
		9	caps.drop all
		10	netfilter
		11	nonewprivs
		12	noroot
		13	nogroups
		14	#private-bin audacity
		15	protocol unix,inet,inet6
		16	seccomp


diff --git a/etc/cpio.profile b/etc/cpio.profile new file mode 100644 index 000000000..811d657f2 --- /dev/null +++ b/etc/cpio.profile
@@ -0,0 +1,8 @@
		1	include /usr/local/etc/firejail/server.profile
		2	include /usr/local/etc/firejail/disable-common.inc
		3	include /usr/local/etc/firejail/disable-programs.inc
		4	include /usr/local/etc/firejail/disable-passwdmgr.inc
		5	caps.drop all
		6	net none
		7	shell none
		8	seccomp


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 70deb2b0c..e9dd331aa 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.config/vlc
32	blacklist ${HOME}/.config/mpv	32	blacklist ${HOME}/.config/mpv
33	blacklist ${HOME}/.config/totem	33	blacklist ${HOME}/.config/totem
34	blacklist ${HOME}/.config/xplayer	34	blacklist ${HOME}/.config/xplayer
		35	blacklist ${HOME}/.audacity-data
35		36
36	# HTTP / FTP / Mail	37	# HTTP / FTP / Mail
37	blacklist ${HOME}/.icedove	38	blacklist ${HOME}/.icedove


diff --git a/etc/gzip.profile b/etc/gzip.profile new file mode 100644 index 000000000..f231c3780 --- /dev/null +++ b/etc/gzip.profile
@@ -0,0 +1,19 @@
		1	################################
		2	# Gzip profile
		3	################################
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7
		8	blacklist ${HOME}/.wine
		9	blacklist ${HOME}/.ssh
		10
		11	tracelog
		12	caps.drop all
		13	seccomp
		14	net none
		15	noroot
		16	nosound
		17	nogroups
		18	nonewprivs
		19


diff --git a/etc/xzdec.profile b/etc/xzdec.profile new file mode 100644 index 000000000..f29f7360c --- /dev/null +++ b/etc/xzdec.profile
@@ -0,0 +1,13 @@
		1	# Firejail profile for XZ decompressor
		2	# xzdec.profile
		3
		4	include /etc/firejail/disable-mgmt.inc
		5	include /etc/firejail/disable-secret.inc
		6	include /etc/firejail/disable-common.inc
		7	include /etc/firejail/disable-devel.inc
		8
		9	caps.drop all
		10	seccomp
		11	tracelog
		12	noroot
		13	shell none