From 0f1b7e5ebf3092cc0de52fc84cc5d3c512913093 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 3 Aug 2017 21:56:03 -0400
Subject: Add 12 new profiles

apktool, Baobab, dex2jar, gitg, Hashcat, MusicBrainz Picard, OBS Studio, Remmina, sdat2img, Sound Converter, SQLiteBrowser, Truecraft
---
 etc/apktool.profile        | 29 +++++++++++++++++++++++++++++
 etc/baobab.profile         | 31 +++++++++++++++++++++++++++++++
 etc/dex2jar.profile        | 30 ++++++++++++++++++++++++++++++
 etc/gitg.profile           | 34 ++++++++++++++++++++++++++++++++++
 etc/hashcat.profile        | 32 ++++++++++++++++++++++++++++++++
 etc/obs.profile            | 29 +++++++++++++++++++++++++++++
 etc/picard.profile         | 32 ++++++++++++++++++++++++++++++++
 etc/remmina.profile        | 31 +++++++++++++++++++++++++++++++
 etc/sdat2img.profile       | 30 ++++++++++++++++++++++++++++++
 etc/soundconverter.profile | 30 ++++++++++++++++++++++++++++++
 etc/sqlitebrowser.profile  | 34 ++++++++++++++++++++++++++++++++++
 etc/truecraft.profile      | 37 +++++++++++++++++++++++++++++++++++++
 12 files changed, 379 insertions(+)
 create mode 100644 etc/apktool.profile
 create mode 100644 etc/baobab.profile
 create mode 100644 etc/dex2jar.profile
 create mode 100644 etc/gitg.profile
 create mode 100644 etc/hashcat.profile
 create mode 100644 etc/obs.profile
 create mode 100644 etc/picard.profile
 create mode 100644 etc/remmina.profile
 create mode 100644 etc/sdat2img.profile
 create mode 100644 etc/soundconverter.profile
 create mode 100644 etc/sqlitebrowser.profile
 create mode 100644 etc/truecraft.profile

diff --git a/etc/apktool.profile b/etc/apktool.profile
new file mode 100644
index 000000000..d0905e253
--- /dev/null
+++ b/etc/apktool.profile
@@ -0,0 +1,29 @@
+quiet
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/apktool.local
+
+# Firejail profile for apktool
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+private-dev
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/baobab.profile b/etc/baobab.profile
new file mode 100644
index 000000000..887e271e3
--- /dev/null
+++ b/etc/baobab.profile
@@ -0,0 +1,31 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/baobab.local
+
+# Firejail profile for Baobab
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+#include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
new file mode 100644
index 000000000..6d3aaa224
--- /dev/null
+++ b/etc/dex2jar.profile
@@ -0,0 +1,30 @@
+quiet
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/dex2jar.local
+
+# Firejail profile for dex2jar
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+private-dev
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/gitg.profile b/etc/gitg.profile
new file mode 100644
index 000000000..427cbe92c
--- /dev/null
+++ b/etc/gitg.profile
@@ -0,0 +1,34 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/gitg.local
+
+# Firejail profile for gitg
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.local/share/gitg
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
new file mode 100644
index 000000000..1e9540f87
--- /dev/null
+++ b/etc/hashcat.profile
@@ -0,0 +1,32 @@
+quiet
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/hashcat.local
+
+# Firejail profile for Hashcat
+noblacklist ${HOME}/.hashcat
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+disable-mnt
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/obs.profile b/etc/obs.profile
new file mode 100644
index 000000000..8316551f9
--- /dev/null
+++ b/etc/obs.profile
@@ -0,0 +1,29 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/obs.local
+
+# Firejail profile for OBS Studio
+noblacklist ${HOME}/.config/obs-studio
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/picard.profile b/etc/picard.profile
new file mode 100644
index 000000000..0c99e6b3e
--- /dev/null
+++ b/etc/picard.profile
@@ -0,0 +1,32 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/picard.local
+
+# Firejail profile for MusicBrainz Picard
+noblacklist ${HOME}/.cache/MusicBrainz
+noblacklist ${HOME}/.config/MusicBrainz
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/remmina.profile b/etc/remmina.profile
new file mode 100644
index 000000000..5aff10fe3
--- /dev/null
+++ b/etc/remmina.profile
@@ -0,0 +1,31 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/remmina.local
+
+# Firejail profile for Remmina
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.config/remmina
+noblacklist ${HOME}/.local/share/remmina
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+nogroups
+nonewprivs
+noroot
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
new file mode 100644
index 000000000..855eae5b1
--- /dev/null
+++ b/etc/sdat2img.profile
@@ -0,0 +1,30 @@
+quiet
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/sdat2img.local
+
+# Firejail profile for sdat2img
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+no3d
+net none
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+private-dev
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
new file mode 100644
index 000000000..642612a52
--- /dev/null
+++ b/etc/soundconverter.profile
@@ -0,0 +1,30 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/soundconverter.local
+
+# Firejail profile for Sound Converter
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
new file mode 100644
index 000000000..a08064d8c
--- /dev/null
+++ b/etc/sqlitebrowser.profile
@@ -0,0 +1,34 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/sqlitebrowser.local
+
+# Firejail profile for SQLiteBrowser
+noblacklist ${HOME}/.config/sqlitebrowser
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+net none
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+novideo
+protocol unix
+seccomp
+shell none
+
+private-bin sqlitebrowser
+private-dev
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/truecraft.profile b/etc/truecraft.profile
new file mode 100644
index 000000000..20435c30f
--- /dev/null
+++ b/etc/truecraft.profile
@@ -0,0 +1,37 @@
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/truecraft.local
+
+# Firejail profile for TrueCraft
+noblacklist ${HOME}/.config/mono
+noblacklist ${HOME}/.config/truecraft
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.config/mono
+whitelist ${HOME}/.config/mono
+mkdir ${HOME}/.config/truecraft
+whitelist ${HOME}/.config/truecraft
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+nogroups
+nonewprivs
+noroot
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2