2 files changed, 38 insertions, 1 deletions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e997598af..e8ec20273 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -57,6 +57,7 @@ atril-previewer
 atril-thumbnailer
 audacious
 audacity
+audio-recorder
 authenticator
 autokey-gtk
 autokey-qt
@@ -82,6 +83,10 @@ brackets
 brasero
 brave
 brave-browser
+brave-browser-beta
+brave-browser-dev
+brave-browser-nightly
+brave-browser-stable
 bunzip2
 bzcat
 bzflag
@@ -96,6 +101,7 @@ calligraplanwork
 calligrasheets
 calligrastage
 calligrawords
+cameramonitor
 cantata
 catfish
 celluloid
@@ -132,6 +138,7 @@ cvlc
 cyberfox
 darktable
 dconf-editor
+ddgtk
 deadbeef
 deluge
 devhelp
@@ -151,10 +158,12 @@ dooble
 dooble-qt4
 dosbox
 dragon
+drawio
 dropbox
 d-feet
 easystroke
 ebook-viewer
+electron-mail
 electrum
 elinks
 empathy
@@ -167,6 +176,7 @@ enox
 enpass
 eog
 eom
+ephemeral
 #epiphany
 etr
 evince
@@ -222,16 +232,20 @@ geary
 gedit
 geekbench
 geeqie
+gfeeds
 ghb
 ghostwriter
 gimp
 gimp-2.10
 gimp-2.8
+gist
+gist-paste
 gitg
 github-desktop
 gitter
 gjs
 globaltime
+gmpc
 gnome-2048
 gnome-books
 gnome-builder
@@ -445,9 +459,12 @@ odt2txt
 oggsplt
 okular
 onionshare-gui
+ooffice
+ooviewdoc
 open-invaders
 openarena
 opencity
+openoffice.org
 openshot
 openshot-qt
 openttd
@@ -482,6 +499,7 @@ pngquant
 polari
 ppsspp
 pragha
+profanity
 psi-plus
 pybitmessage
 # pycharm-community - FB note: may enable later
@@ -627,6 +645,7 @@ udiskie
 uefitool
 uget-gtk
 unbound
+unf
 unknown-horizons
 unzstd
 utox
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 3f5921322..9a2efebd2 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -443,15 +443,33 @@ int main(int argc, char **argv) {
        // set new symlinks based on /usr/lib/firejail/firecfg.cfg
        set_links_firecfg();
-        // add user to firejail access database - only for root
        if (getuid() == 0) {
+                // add user to firejail access database - only for root
                printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
                // temporarily set the umask, access database must be world-readable
                mode_t orig_umask = umask(022);
                firejail_user_add(user);
                umask(orig_umask);
+#ifdef HAVE_APPARMOR
+                // enable firejail apparmor profile
+                struct stat s;
+                if (stat("/sbin/apparmor_parser", &s) == 0) {
+                        char *cmd;
+                        // SYSCONFDIR points to /etc/firejail, we have to go on level up (..)
+                        printf("\nLoading AppArmor profile\n");
+                        if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1)
+                                errExit("asprintf");
+                        int rv = system(cmd);
+                        (void) rv;
+                        free(cmd);
+                }
+#endif
        }
        // set new symlinks based on ~/.config/firejail directory
        set_links_homedir(home);

diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e997598af..e8ec20273 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -57,6 +57,7 @@ atril-previewer
57	atril-thumbnailer	57	atril-thumbnailer
58	audacious	58	audacious
59	audacity	59	audacity
		60	audio-recorder
60	authenticator	61	authenticator
61	autokey-gtk	62	autokey-gtk
62	autokey-qt	63	autokey-qt
@@ -82,6 +83,10 @@ brackets
82	brasero	83	brasero
83	brave	84	brave
84	brave-browser	85	brave-browser
		86	brave-browser-beta
		87	brave-browser-dev
		88	brave-browser-nightly
		89	brave-browser-stable
85	bunzip2	90	bunzip2
86	bzcat	91	bzcat
87	bzflag	92	bzflag
@@ -96,6 +101,7 @@ calligraplanwork
96	calligrasheets	101	calligrasheets
97	calligrastage	102	calligrastage
98	calligrawords	103	calligrawords
		104	cameramonitor
99	cantata	105	cantata
100	catfish	106	catfish
101	celluloid	107	celluloid
@@ -132,6 +138,7 @@ cvlc
132	cyberfox	138	cyberfox
133	darktable	139	darktable
134	dconf-editor	140	dconf-editor
		141	ddgtk
135	deadbeef	142	deadbeef
136	deluge	143	deluge
137	devhelp	144	devhelp
@@ -151,10 +158,12 @@ dooble
151	dooble-qt4	158	dooble-qt4
152	dosbox	159	dosbox
153	dragon	160	dragon
		161	drawio
154	dropbox	162	dropbox
155	d-feet	163	d-feet
156	easystroke	164	easystroke
157	ebook-viewer	165	ebook-viewer
		166	electron-mail
158	electrum	167	electrum
159	elinks	168	elinks
160	empathy	169	empathy
@@ -167,6 +176,7 @@ enox
167	enpass	176	enpass
168	eog	177	eog
169	eom	178	eom
		179	ephemeral
170	#epiphany	180	#epiphany
171	etr	181	etr
172	evince	182	evince
@@ -222,16 +232,20 @@ geary
222	gedit	232	gedit
223	geekbench	233	geekbench
224	geeqie	234	geeqie
		235	gfeeds
225	ghb	236	ghb
226	ghostwriter	237	ghostwriter
227	gimp	238	gimp
228	gimp-2.10	239	gimp-2.10
229	gimp-2.8	240	gimp-2.8
		241	gist
		242	gist-paste
230	gitg	243	gitg
231	github-desktop	244	github-desktop
232	gitter	245	gitter
233	gjs	246	gjs
234	globaltime	247	globaltime
		248	gmpc
235	gnome-2048	249	gnome-2048
236	gnome-books	250	gnome-books
237	gnome-builder	251	gnome-builder
@@ -445,9 +459,12 @@ odt2txt
445	oggsplt	459	oggsplt
446	okular	460	okular
447	onionshare-gui	461	onionshare-gui
		462	ooffice
		463	ooviewdoc
448	open-invaders	464	open-invaders
449	openarena	465	openarena
450	opencity	466	opencity
		467	openoffice.org
451	openshot	468	openshot
452	openshot-qt	469	openshot-qt
453	openttd	470	openttd
@@ -482,6 +499,7 @@ pngquant
482	polari	499	polari
483	ppsspp	500	ppsspp
484	pragha	501	pragha
		502	profanity
485	psi-plus	503	psi-plus
486	pybitmessage	504	pybitmessage
487	# pycharm-community - FB note: may enable later	505	# pycharm-community - FB note: may enable later
@@ -627,6 +645,7 @@ udiskie
627	uefitool	645	uefitool
628	uget-gtk	646	uget-gtk
629	unbound	647	unbound
		648	unf
630	unknown-horizons	649	unknown-horizons
631	unzstd	650	unzstd
632	utox	651	utox


diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 3f5921322..9a2efebd2 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -443,15 +443,33 @@ int main(int argc, char **argv) {
443	// set new symlinks based on /usr/lib/firejail/firecfg.cfg	443	// set new symlinks based on /usr/lib/firejail/firecfg.cfg
444	set_links_firecfg();	444	set_links_firecfg();
445		445
446	// add user to firejail access database - only for root
447	if (getuid() == 0) {	446	if (getuid() == 0) {
		447	// add user to firejail access database - only for root
448	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);	448	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
449	// temporarily set the umask, access database must be world-readable	449	// temporarily set the umask, access database must be world-readable
450	mode_t orig_umask = umask(022);	450	mode_t orig_umask = umask(022);
451	firejail_user_add(user);	451	firejail_user_add(user);
452	umask(orig_umask);	452	umask(orig_umask);
		453
		454	#ifdef HAVE_APPARMOR
		455	// enable firejail apparmor profile
		456	struct stat s;
		457	if (stat("/sbin/apparmor_parser", &s) == 0) {
		458	char *cmd;
		459
		460	// SYSCONFDIR points to /etc/firejail, we have to go on level up (..)
		461	printf("\nLoading AppArmor profile\n");
		462	if (asprintf(&cmd, "/sbin/apparmor_parser -r /etc/apparmor.d/firejail-default %s/../apparmor.d/firejail-default", SYSCONFDIR) == -1)
		463	errExit("asprintf");
		464	int rv = system(cmd);
		465	(void) rv;
		466	free(cmd);
		467	}
		468	#endif
453	}	469	}
454		470
		471
		472
455	// set new symlinks based on ~/.config/firejail directory	473	// set new symlinks based on ~/.config/firejail directory
456	set_links_homedir(home);	474	set_links_homedir(home);
457		475