From 2ee8f947ba9b4ff53478012c3353679bfc6fb333 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 01:06:44 +1000
Subject: correction no. 2

---
 platform/debian/conffiles | 2 --
 1 file changed, 2 deletions(-)

diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 3ae366541..ae495ec6d 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -1,5 +1,3 @@
-# Do not have a new/empty line on the end of this file or dpkg-deb will warn
-# that "conffile '' is not a plain file." 
 /etc/firejail/evince.profile
 /etc/firejail/chromium.profile
 /etc/firejail/chromium-browser.profile
-- 
cgit v1.2.3-70-g09d2


From ec0483b9cecab6b654e7b0281b9cc6f9e4c7d98e Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 02:52:01 +1000
Subject: private-bin conversion

---
 etc/qtox.profile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/qtox.profile b/etc/qtox.profile
index 39f900748..0cac18573 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -8,14 +8,15 @@ include /etc/firejail/disable-passwdmgr.inc
 mkdir ${HOME}/.config/tox
 whitelist ${HOME}/.config/tox
 whitelist ${DOWNLOADS}
-include /etc/firejail/whitelist-common.inc
 
 caps.drop all
 netfilter
 nonewprivs
+nogroups
 noroot
 protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
 
+private-bin qtox
-- 
cgit v1.2.3-70-g09d2


From 4b3bc7b61d9f357def05aa747e37e61b38c7af9c Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 02:54:19 +1000
Subject: missed a file...

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 877d2b556..e783ae33f 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,8 @@ Media: vlc, mpv, gnome-mplayer
 
 Office: evince, gthumb, fbreader, pix
 
+Chat/messaging: qtox
+
 ## New security profiles
 
 Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom
-- 
cgit v1.2.3-70-g09d2


From c99ddd579d823dae018e1f65ad28b3234e8e51bb Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 05:27:38 +1000
Subject: tightened and fixed permissions warning

---
 etc/0ad.profile | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/etc/0ad.profile b/etc/0ad.profile
index 3797ae5cd..11fb45463 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -1,21 +1,13 @@
 # Firejail profile for 0ad.
+noblacklist ~/.cache/0ad
 noblacklist ~/.config/0ad
+noblacklist ~/.local/share/0ad
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-# Call these options
-caps.drop all
-netfilter
-noroot
-nonewprivs
-protocol unix,inet,inet6,netlink
-seccomp
-tracelog
-
 # Whitelists
-noblacklist ~/.cache/0ad
 mkdir ~/.cache
 mkdir ~/.cache/0ad
 whitelist ~/.cache/0ad
@@ -24,8 +16,20 @@ mkdir ~/.config
 mkdir ~/.config/0ad
 whitelist ~/.config/0ad
 
-noblacklist ~/.local/share/0ad
 mkdir ~/.local
 mkdir ~/.local/share
 mkdir ~/.local/share/0ad
 whitelist ~/.local/share/0ad
+
+caps.drop all
+netfilter
+nonewprivs
+nogroups
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-dev
+
-- 
cgit v1.2.3-70-g09d2


From 56a34f63f22d20e2dd51f3a0932dc07f2647f252 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 05:28:39 +1000
Subject: If you give a mouse a cookie...

---
 etc/atril.profile   | 8 ++++++--
 etc/evince.profile  | 3 ++-
 etc/xreader.profile | 8 ++++++--
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/etc/atril.profile b/etc/atril.profile
index 8ee7da173..bfe731bec 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -7,10 +7,14 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
 nonewprivs
+nogroups
 noroot
 nosound
-protocol unix,inet,inet6
+protocol unix
 seccomp
+shell none
 tracelog
+
+private-bin atril, atril-previewer, atril-thumbnailer
+private-dev
diff --git a/etc/evince.profile b/etc/evince.profile
index 9899da84d..530ce959a 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -6,9 +6,10 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 nonewprivs
+nogroups
 noroot
 nosound
-protocol unix,inet,inet6
+protocol unix
 seccomp
 
 shell none
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 2cf109f09..fed9d4db5 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -9,10 +9,14 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
 nonewprivs
+nogroups
 noroot
 nosound
-protocol unix,inet,inet6
+protocol unix
 seccomp
+shell none
 tracelog
+
+private-bin xreader, xreader-previewer, xreader-thumbnailer
+private-dev
-- 
cgit v1.2.3-70-g09d2


From 741bd754b70c5020b2c21681879ead4d1910e4ff Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 05:29:23 +1000
Subject: ...he'll probably want to hack Firejail profiles.

---
 etc/gthumb.profile | 9 +++++----
 etc/pix.profile    | 9 +++++----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index c673a1297..3c02576aa 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -7,14 +7,15 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
 nonewprivs
+nogroups
 noroot
-protocol unix,inet,inet6
+nosound
+protocol unix
 seccomp
-
 shell none
+tracelog
+
 private-bin gthumb
 whitelist /tmp/.X11-unix
 private-dev
-nosound
diff --git a/etc/pix.profile b/etc/pix.profile
index 81ab7486f..80c05fd09 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -8,15 +8,16 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
 nonewprivs
+nogroups
 noroot
-protocol unix,inet,inet6
+nosound
+protocol unix
 seccomp
-
 shell none
+tracelog
+
 private-bin pix
 whitelist /tmp/.X11-unix
 private-dev
-nosound
 
-- 
cgit v1.2.3-70-g09d2


From 225c68fd3b19e49a1dcf0e234a75211d51b63737 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 05:38:01 +1000
Subject: Extra files (the mouse forgot a few crumbs).

---
 README    | 1 +
 README.md | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README b/README
index f00e7b377..9d1732108 100644
--- a/README
+++ b/README
@@ -55,6 +55,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
 	- added audacity profile
 	- fixed Telegram and qtox profiles
 	- added Atom Beta and Atom profiles
+	- tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles.
 Jaykishan Mutkawoa (https://github.com/jmutkawoa)
 	- cpio profile
 Paupiah Yash (https://github.com/CaffeinatedStud)
diff --git a/README.md b/README.md
index e783ae33f..d71b27c61 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,7 @@ File transfer: filezilla
 
 Media: vlc, mpv, gnome-mplayer
 
-Office: evince, gthumb, fbreader, pix
+Office: evince, gthumb, fbreader, pix, atril, xreader
 
 Chat/messaging: qtox
 
-- 
cgit v1.2.3-70-g09d2