From ac8c2191ec43cbebc57f4eee9fb09f782092493c Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 3 Oct 2023 20:08:17 +0000 Subject: New profile: lettura (#6027) * disable-programs.inc: add lettura support * Create lettura.profile * firecfg.config: add lettura --- etc/inc/disable-programs.inc | 4 +++ etc/profile-a-l/lettura.profile | 76 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 etc/profile-a-l/lettura.profile (limited to 'etc') diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 36033224a..7bc708623 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -157,6 +157,7 @@ blacklist ${HOME}/.cache/ksplashqml blacklist ${HOME}/.cache/kube blacklist ${HOME}/.cache/kwin blacklist ${HOME}/.cache/lbry-viewer +blacklist ${HOME}/.cache/lettura blacklist ${HOME}/.cache/libgweather blacklist ${HOME}/.cache/librewolf blacklist ${HOME}/.cache/liferea @@ -406,6 +407,7 @@ blacklist ${HOME}/.config/cliqz blacklist ${HOME}/.config/cmus blacklist ${HOME}/.config/cointop blacklist ${HOME}/.config/com.github.bleakgrey.tootle +blacklist ${HOME}/.config/com.lettura.dev blacklist ${HOME}/.config/corebird blacklist ${HOME}/.config/coyim blacklist ${HOME}/.config/d-feet @@ -833,6 +835,7 @@ blacklist ${HOME}/.klatexformula blacklist ${HOME}/.klei blacklist ${HOME}/.kodi blacklist ${HOME}/.lastpass +blacklist ${HOME}/.lettura blacklist ${HOME}/.librewolf blacklist ${HOME}/.lincity-ng blacklist ${HOME}/.links @@ -903,6 +906,7 @@ blacklist ${HOME}/.local/share/cdprojektred blacklist ${HOME}/.local/share/chatterino blacklist ${HOME}/.local/share/clipit blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate +blacklist ${HOME}/.local/share/com.lettura.dev blacklist ${HOME}/.local/share/com.vmingueza.journal-viewer blacklist ${HOME}/.local/share/contacts blacklist ${HOME}/.local/share/cor-games diff --git a/etc/profile-a-l/lettura.profile b/etc/profile-a-l/lettura.profile new file mode 100644 index 000000000..94a455355 --- /dev/null +++ b/etc/profile-a-l/lettura.profile @@ -0,0 +1,76 @@ +# Firejail profile for lettura +# Description: Another free and open-source feed reader +# This file is overwritten after every install/update +# Persistent local customizations +include lettura.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/lettura +noblacklist ${HOME}/.config/com.lettura.dev +noblacklist ${HOME}/.lettura +noblacklist ${HOME}/.local/share/com.lettura.dev + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-proc.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/lettura +mkdir ${HOME}/.config/com.lettura.dev +mkdir ${HOME}/.lettura +mkdir ${HOME}/.local/share/com.lettura.dev +whitelist ${HOME}/.cache/lettura +whitelist ${HOME}/.config/com.lettura.dev +whitelist ${HOME}/.lettura +whitelist ${HOME}/.local/share/com.lettura.dev +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-run-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +# The lines below are needed to find the default Firefox profile name, to allow +# opening links in an existing instance of Firefox (note that it still fails if +# there isn't a Firefox instance running with the default profile; see #5352) +noblacklist ${HOME}/.mozilla +whitelist ${HOME}/.mozilla/firefox/profiles.ini + +apparmor +caps.drop all +netfilter +nodvd +nogroups +noinput +nonewprivs +noprinters +noroot +#nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +seccomp.block-secondary +tracelog + +disable-mnt +private-bin lettura +private-cache +private-dev +private-etc @network,@sound,@tls-ca,@x11,mime.types +private-tmp + +dbus-user filter +dbus-user.talk org.freedesktop.Notifications +?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher +# allow D-Bus communication with firefox for opening links +dbus-user.talk org.mozilla.* +dbus-system none + +restrict-namespaces -- cgit v1.2.3-54-g00ecf