Add a profile for pragha

+ add code-oss to firecfg + potential fix for https://github.com/netblue30/firejail/issues/2051#issuecomment-470665213
2026-05-15 22:01:33 -06:00 · 2019-03-07 16:48:53 -05:00 · 2019-03-07 16:48:53 -05:00 · 2dbbb92d93
commit 2dbbb92d93
parent 1b4e80e356
6 changed files with 44 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## Current development version: 0.9.59

 ## New profiles:
-crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss
+crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings, code-oss, pragha
--- a/2
+++ b/2
@ -6,7 +6,7 @@ firejail (0.9.59) baseline; urgency=low
  * new profiles: netactview, redshift, devhelp, assogiate, subdownloader
  * new profiles: font-manager, exfalso, gconf-editor, dconf-editor
  * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings
-  * new profiles: code-oss
+  * new profiles: code-oss, pragha
  * memory-deny-write-execute now also blocks memfd_create

 firejail (0.9.58,2) baseline; urgency=low
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@ -239,6 +239,7 @@ blacklist ${HOME}/.config/pitivi
 blacklist ${HOME}/.config/pix
 blacklist ${HOME}/.config/pluma
 blacklist ${HOME}/.config/ppsspp
+blacklist ${HOME}/.config/pragha
 blacklist ${HOME}/.config/psi+
 blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
--- a/etc/pragha.profile
+++ b/etc/pragha.profile
@ -0,0 +1,39 @@
+# Firejail profile for pragha
+# Description: A lightweight GTK music player
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pragha.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/pragha
+noblacklist ${MUSIC}
+
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-var-common.inc
+
+caps.drop all
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+private-dev
+private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@ -35,7 +35,7 @@ shell none
 # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"

 disable-mnt
-private-bin wire-desktop
+private-bin wire-desktop,bash,sh,env,electron
 private-dev
 private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies
 private-tmp
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@ -98,6 +98,7 @@ clipit
 cliqz
 cmus
 code
+code-oss
 conkeror
 conky
 corebird