13 files changed, 217 insertions, 1 deletions
diff --git a/etc/atril.profile b/etc/atril.profile
index e078c1d20..c5b2abc48 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -1,4 +1,5 @@
 # Atril profile
+noblacklist ~/.config/atril
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
@@ -7,6 +8,10 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
-netfilter
+net none
 noroot
 tracelog
+mkdir ~/.config
+mkdir ~/.config/atril
+whitelist ~/.config/atril
diff --git a/etc/aweather.profile b/etc/aweather.profile
new file mode 100644
index 000000000..d7f510a7e
--- /dev/null
+++ b/etc/aweather.profile
@@ -0,0 +1,23 @@
+# Firejail profile for aweather.
+# Noblacklist
+noblacklist ~/.config/aweather
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.config
+mkdir ~/.config/aweather
+whitelist ~/.config/aweather
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 7bcc61e98..77fa79e11 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -1,4 +1,6 @@
 # cherrytree note taking application
+noblacklist /usr/bin/python2*
+noblacklist /usr/lib/python2*
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b1133f28f..9faa2aa6a 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -26,6 +26,14 @@ blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/VirtualBox VMs
 blacklist ${HOME}/.config/VirtualBox
+# VeraCrypt
+blacklist ${PATH}/veracrypt
+blacklist ${PATH}/veracrypt-uninstall.sh
+blacklist /usr/share/veracrypt
+blacklist /usr/share/applications/veracrypt.*
+blacklist /usr/share/pixmaps/veracrypt.*
+blacklist ${HOME}/.VeraCrypt
 # var
 blacklist /var/spool/cron
 blacklist /var/spool/anacron
@@ -133,3 +141,5 @@ blacklist ${PATH}/gnome-terminal
 blacklist ${PATH}/gnome-terminal.wrapper
 blacklist ${PATH}/xfce4-terminal
 blacklist ${PATH}/xfce4-terminal.wrapper
+blacklist ${PATH}/mate-terminal
+blacklist ${PATH}/mate-terminal.wrapper
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7f18aa16f..317ac082f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -5,9 +5,18 @@ blacklist ${HOME}/.FBReader
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.Mathematica
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.stellarium
 blacklist ${HOME}/.config/mupen64plus
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
+blacklist ${HOME}/.config/Gpredict
+blacklist ${HOME}/.config/aweather
+blacklist ${HOME}/.config/stellarium
+blacklist ~/.kde/share/apps/okular
+blacklist ~/.kde/share/config/okularrc
+blacklist ~/.kde/share/config/okularpartrc
+blacklist ~/.kde/share/apps/gwenview
+blacklist ~/.kde/share/config/gwenviewrc
 # Media players
 blacklist ${HOME}/.config/cmus
@@ -54,6 +63,7 @@ blacklist ${HOME}/.hedgewars
 blacklist ${HOME}/.steam
 blacklist ${HOME}/.config/wesnoth
 blacklist ${HOME}/.config/0ad
+blacklist ${HOME}/.warzone2100-3.1
 # Cryptocoins
 blacklist ${HOME}/.*coin
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
new file mode 100644
index 000000000..7fe43f1f6
--- /dev/null
+++ b/etc/google-play-music-desktop-player.profile
@@ -0,0 +1,17 @@
+# Google Play Music desktop player profile
+noblacklist ~/.config/Google Play Music Desktop Player
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6,netlink
+noroot
+netfilter
+#whitelist ~/.pulse
+#whitelist ~/.config/pulse
+whitelist ~/.config/Google Play Music Desktop Player
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
new file mode 100644
index 000000000..f53cb1b4f
--- /dev/null
+++ b/etc/gpredict.profile
@@ -0,0 +1,23 @@
+# Firejail profile for gpredict.
+# Noblacklist
+noblacklist ~/.config/Gpredict
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.config
+mkdir ~/.config/Gpredict
+whitelist ~/.config/Gpredict
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
new file mode 100644
index 000000000..d61c57adc
--- /dev/null
+++ b/etc/gwenview.profile
@@ -0,0 +1,19 @@
+# KDE gwenview profile
+noblacklist ~/.kde/share/apps/gwenview
+noblacklist ~/.kde/share/config/gwenviewrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix
+noroot
+nogroups
+private-dev
+#Experimental:
+#shell none
+#private-bin gwenview
+#private-etc X11
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 8f6fd6217..7978960c8 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -1,5 +1,6 @@
 # HexChat instant messaging profile
 noblacklist ${HOME}/.config/hexchat
+noblacklist /usr/lib/python2*
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
@@ -8,3 +9,8 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 noroot
+netfilter
+mkdir ~/.config
+mkdir ~/.config/hexchat
+whitelist ~/.config/hexchat
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
new file mode 100644
index 000000000..26b621126
--- /dev/null
+++ b/etc/netsurf.profile
@@ -0,0 +1,34 @@
+# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
+noblacklist ~/.config/netsurf
+noblacklist ~/.cache/netsurf
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6,netlink
+netfilter
+tracelog
+noroot
+whitelist ${DOWNLOADS}
+mkdir ~/.config
+mkdir ~/.config/netsurf
+whitelist ~/.config/netsurf
+mkdir ~/.cache
+mkdir ~/.cache/netsurf
+whitelist ~/.cache/netsurf
+# lastpass, keepassx
+whitelist ~/.keepassx
+whitelist ~/.config/keepassx
+whitelist ~/keepassx.kdbx
+whitelist ~/.lastpass
+whitelist ~/.config/lastpass
+include /etc/firejail/whitelist-common.inc
diff --git a/etc/okular.profile b/etc/okular.profile
new file mode 100644
index 000000000..7929a8796
--- /dev/null
+++ b/etc/okular.profile
@@ -0,0 +1,21 @@
+# KDE okular profile
+noblacklist ~/.kde/share/apps/okular
+noblacklist ~/.kde/share/config/okularrc
+noblacklist ~/.kde/share/config/okularpartrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix
+noroot
+nogroups
+private-dev
+#Experimental:
+#net none
+#shell none
+#private-bin okular,kbuildsycoca4,kbuildsycoca5
+#private-etc X11
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
new file mode 100644
index 000000000..7cb74eeaa
--- /dev/null
+++ b/etc/stellarium.profile
@@ -0,0 +1,27 @@
+# Firejail profile for Stellarium.
+# Noblacklist
+noblacklist ~/.stellarium
+noblacklist ~/.config/stellarium
+# Include
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.stellarium
+whitelist ~/.stellarium
+mkdir ~/.config
+mkdir ~/.config/stellarium
+whitelist ~/.config/stellarium
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
new file mode 100644
index 000000000..7588da657
--- /dev/null
+++ b/etc/warzone2100.profile
@@ -0,0 +1,19 @@
+# Firejail profile for warzone2100
+# Currently supports warzone2100-3.1
+noblacklist ~/.warzone2100-3.1
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+# Call these options
+caps.drop all
+netfilter
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+tracelog
+# Whitelist
+mkdir ~/.warzone2100-3.1
+whitelist ~/.warzone2100-3.1

diff --git a/etc/atril.profile b/etc/atril.profile index e078c1d20..c5b2abc48 100644 --- a/etc/atril.profile +++ b/etc/atril.profile
@@ -1,4 +1,5 @@
1	# Atril profile	1	# Atril profile
		2	noblacklist ~/.config/atril
2	include /etc/firejail/disable-common.inc	3	include /etc/firejail/disable-common.inc
3	include /etc/firejail/disable-programs.inc	4	include /etc/firejail/disable-programs.inc
4	include /etc/firejail/disable-devel.inc	5	include /etc/firejail/disable-devel.inc
@@ -7,6 +8,10 @@ include /etc/firejail/disable-passwdmgr.inc
7	caps.drop all	8	caps.drop all
8	seccomp	9	seccomp
9	protocol unix,inet,inet6	10	protocol unix,inet,inet6
10	netfilter	11	net none
11	noroot	12	noroot
12	tracelog	13	tracelog
		14
		15	mkdir ~/.config
		16	mkdir ~/.config/atril
		17	whitelist ~/.config/atril


diff --git a/etc/aweather.profile b/etc/aweather.profile new file mode 100644 index 000000000..d7f510a7e --- /dev/null +++ b/etc/aweather.profile
@@ -0,0 +1,23 @@
		1	# Firejail profile for aweather.
		2
		3	# Noblacklist
		4	noblacklist ~/.config/aweather
		5
		6	# Include
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-devel.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10	include /etc/firejail/disable-programs.inc
		11
		12	# Call these options
		13	caps.drop all
		14	netfilter
		15	noroot
		16	protocol unix,inet,inet6,netlink
		17	seccomp
		18	tracelog
		19
		20	# Whitelist
		21	mkdir ~/.config
		22	mkdir ~/.config/aweather
		23	whitelist ~/.config/aweather


diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 7bcc61e98..77fa79e11 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile
@@ -1,4 +1,6 @@
1	# cherrytree note taking application	1	# cherrytree note taking application
		2	noblacklist /usr/bin/python2*
		3	noblacklist /usr/lib/python2*
2	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
3	include /etc/firejail/disable-programs.inc	5	include /etc/firejail/disable-programs.inc
4	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/disable-devel.inc


diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b1133f28f..9faa2aa6a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -26,6 +26,14 @@ blacklist ${HOME}/.VirtualBox
26	blacklist ${HOME}/VirtualBox VMs	26	blacklist ${HOME}/VirtualBox VMs
27	blacklist ${HOME}/.config/VirtualBox	27	blacklist ${HOME}/.config/VirtualBox
28		28
		29	# VeraCrypt
		30	blacklist ${PATH}/veracrypt
		31	blacklist ${PATH}/veracrypt-uninstall.sh
		32	blacklist /usr/share/veracrypt
		33	blacklist /usr/share/applications/veracrypt.*
		34	blacklist /usr/share/pixmaps/veracrypt.*
		35	blacklist ${HOME}/.VeraCrypt
		36
29	# var	37	# var
30	blacklist /var/spool/cron	38	blacklist /var/spool/cron
31	blacklist /var/spool/anacron	39	blacklist /var/spool/anacron
@@ -133,3 +141,5 @@ blacklist ${PATH}/gnome-terminal
133	blacklist ${PATH}/gnome-terminal.wrapper	141	blacklist ${PATH}/gnome-terminal.wrapper
134	blacklist ${PATH}/xfce4-terminal	142	blacklist ${PATH}/xfce4-terminal
135	blacklist ${PATH}/xfce4-terminal.wrapper	143	blacklist ${PATH}/xfce4-terminal.wrapper
		144	blacklist ${PATH}/mate-terminal
		145	blacklist ${PATH}/mate-terminal.wrapper


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7f18aa16f..317ac082f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -5,9 +5,18 @@ blacklist ${HOME}/.FBReader
5	blacklist ${HOME}/.wine	5	blacklist ${HOME}/.wine
6	blacklist ${HOME}/.Mathematica	6	blacklist ${HOME}/.Mathematica
7	blacklist ${HOME}/.Wolfram Research	7	blacklist ${HOME}/.Wolfram Research
		8	blacklist ${HOME}/.stellarium
8	blacklist ${HOME}/.config/mupen64plus	9	blacklist ${HOME}/.config/mupen64plus
9	blacklist ${HOME}/.config/transmission	10	blacklist ${HOME}/.config/transmission
10	blacklist ${HOME}/.config/uGet	11	blacklist ${HOME}/.config/uGet
		12	blacklist ${HOME}/.config/Gpredict
		13	blacklist ${HOME}/.config/aweather
		14	blacklist ${HOME}/.config/stellarium
		15	blacklist ~/.kde/share/apps/okular
		16	blacklist ~/.kde/share/config/okularrc
		17	blacklist ~/.kde/share/config/okularpartrc
		18	blacklist ~/.kde/share/apps/gwenview
		19	blacklist ~/.kde/share/config/gwenviewrc
11		20
12	# Media players	21	# Media players
13	blacklist ${HOME}/.config/cmus	22	blacklist ${HOME}/.config/cmus
@@ -54,6 +63,7 @@ blacklist ${HOME}/.hedgewars
54	blacklist ${HOME}/.steam	63	blacklist ${HOME}/.steam
55	blacklist ${HOME}/.config/wesnoth	64	blacklist ${HOME}/.config/wesnoth
56	blacklist ${HOME}/.config/0ad	65	blacklist ${HOME}/.config/0ad
		66	blacklist ${HOME}/.warzone2100-3.1
57		67
58	# Cryptocoins	68	# Cryptocoins
59	blacklist ${HOME}/.*coin	69	blacklist ${HOME}/.*coin


diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile new file mode 100644 index 000000000..7fe43f1f6 --- /dev/null +++ b/etc/google-play-music-desktop-player.profile
@@ -0,0 +1,17 @@
		1	# Google Play Music desktop player profile
		2	noblacklist ~/.config/Google Play Music Desktop Player
		3
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-devel.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8
		9	caps.drop all
		10	seccomp
		11	protocol unix,inet,inet6,netlink
		12	noroot
		13	netfilter
		14
		15	#whitelist ~/.pulse
		16	#whitelist ~/.config/pulse
		17	whitelist ~/.config/Google Play Music Desktop Player


diff --git a/etc/gpredict.profile b/etc/gpredict.profile new file mode 100644 index 000000000..f53cb1b4f --- /dev/null +++ b/etc/gpredict.profile
@@ -0,0 +1,23 @@
		1	# Firejail profile for gpredict.
		2
		3	# Noblacklist
		4	noblacklist ~/.config/Gpredict
		5
		6	# Include
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-devel.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10	include /etc/firejail/disable-programs.inc
		11
		12	# Call these options
		13	caps.drop all
		14	netfilter
		15	noroot
		16	protocol unix,inet,inet6,netlink
		17	seccomp
		18	tracelog
		19
		20	# Whitelist
		21	mkdir ~/.config
		22	mkdir ~/.config/Gpredict
		23	whitelist ~/.config/Gpredict


diff --git a/etc/gwenview.profile b/etc/gwenview.profile new file mode 100644 index 000000000..d61c57adc --- /dev/null +++ b/etc/gwenview.profile
@@ -0,0 +1,19 @@
		1	# KDE gwenview profile
		2	noblacklist ~/.kde/share/apps/gwenview
		3	noblacklist ~/.kde/share/config/gwenviewrc
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-devel.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8	caps.drop all
		9	seccomp
		10	protocol unix
		11	noroot
		12	nogroups
		13	private-dev
		14
		15	#Experimental:
		16	#shell none
		17	#private-bin gwenview
		18	#private-etc X11
		19


diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 8f6fd6217..7978960c8 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile
@@ -1,5 +1,6 @@
1	# HexChat instant messaging profile	1	# HexChat instant messaging profile
2	noblacklist ${HOME}/.config/hexchat	2	noblacklist ${HOME}/.config/hexchat
		3	noblacklist /usr/lib/python2*
3	include /etc/firejail/disable-common.inc	4	include /etc/firejail/disable-common.inc
4	include /etc/firejail/disable-programs.inc	5	include /etc/firejail/disable-programs.inc
5	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/disable-devel.inc
@@ -8,3 +9,8 @@ caps.drop all
8	seccomp	9	seccomp
9	protocol unix,inet,inet6	10	protocol unix,inet,inet6
10	noroot	11	noroot
		12	netfilter
		13
		14	mkdir ~/.config
		15	mkdir ~/.config/hexchat
		16	whitelist ~/.config/hexchat


diff --git a/etc/netsurf.profile b/etc/netsurf.profile new file mode 100644 index 000000000..26b621126 --- /dev/null +++ b/etc/netsurf.profile
@@ -0,0 +1,34 @@
		1	# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
		2
		3	noblacklist ~/.config/netsurf
		4	noblacklist ~/.cache/netsurf
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8
		9	caps.drop all
		10	seccomp
		11	protocol unix,inet,inet6,netlink
		12	netfilter
		13	tracelog
		14	noroot
		15
		16	whitelist ${DOWNLOADS}
		17	mkdir ~/.config
		18	mkdir ~/.config/netsurf
		19	whitelist ~/.config/netsurf
		20	mkdir ~/.cache
		21	mkdir ~/.cache/netsurf
		22	whitelist ~/.cache/netsurf
		23
		24	# lastpass, keepassx
		25	whitelist ~/.keepassx
		26	whitelist ~/.config/keepassx
		27	whitelist ~/keepassx.kdbx
		28	whitelist ~/.lastpass
		29	whitelist ~/.config/lastpass
		30
		31	include /etc/firejail/whitelist-common.inc
		32
		33
		34


diff --git a/etc/okular.profile b/etc/okular.profile new file mode 100644 index 000000000..7929a8796 --- /dev/null +++ b/etc/okular.profile
@@ -0,0 +1,21 @@
		1	# KDE okular profile
		2	noblacklist ~/.kde/share/apps/okular
		3	noblacklist ~/.kde/share/config/okularrc
		4	noblacklist ~/.kde/share/config/okularpartrc
		5	include /etc/firejail/disable-common.inc
		6	include /etc/firejail/disable-programs.inc
		7	include /etc/firejail/disable-devel.inc
		8	include /etc/firejail/disable-passwdmgr.inc
		9	caps.drop all
		10	seccomp
		11	protocol unix
		12	noroot
		13	nogroups
		14	private-dev
		15
		16	#Experimental:
		17	#net none
		18	#shell none
		19	#private-bin okular,kbuildsycoca4,kbuildsycoca5
		20	#private-etc X11
		21


diff --git a/etc/stellarium.profile b/etc/stellarium.profile new file mode 100644 index 000000000..7cb74eeaa --- /dev/null +++ b/etc/stellarium.profile
@@ -0,0 +1,27 @@
		1	# Firejail profile for Stellarium.
		2
		3	# Noblacklist
		4	noblacklist ~/.stellarium
		5	noblacklist ~/.config/stellarium
		6
		7	# Include
		8	include /etc/firejail/disable-common.inc
		9	include /etc/firejail/disable-devel.inc
		10	include /etc/firejail/disable-passwdmgr.inc
		11	include /etc/firejail/disable-programs.inc
		12
		13	# Call these options
		14	caps.drop all
		15	netfilter
		16	noroot
		17	protocol unix,inet,inet6,netlink
		18	seccomp
		19	tracelog
		20
		21	# Whitelist
		22	mkdir ~/.stellarium
		23	whitelist ~/.stellarium
		24
		25	mkdir ~/.config
		26	mkdir ~/.config/stellarium
		27	whitelist ~/.config/stellarium


diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile new file mode 100644 index 000000000..7588da657 --- /dev/null +++ b/etc/warzone2100.profile
@@ -0,0 +1,19 @@
		1	# Firejail profile for warzone2100
		2	# Currently supports warzone2100-3.1
		3	noblacklist ~/.warzone2100-3.1
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-devel.inc
		6	include /etc/firejail/disable-passwdmgr.inc
		7	include /etc/firejail/disable-programs.inc
		8
		9	# Call these options
		10	caps.drop all
		11	netfilter
		12	noroot
		13	protocol unix,inet,inet6,netlink
		14	seccomp
		15	tracelog
		16
		17	# Whitelist
		18	mkdir ~/.warzone2100-3.1
		19	whitelist ~/.warzone2100-3.1