add new profile: shotwell (#3889)

* new profile: shotwell * Create shotwell.profile * new profile: shotwell * add shotwell blacklists
2026-05-15 14:16:14 -06:00 · 2021-01-13 08:06:37 +00:00 · 2021-01-13 08:06:37 +00:00 · 7fbe43ec20
commit 7fbe43ec20
parent 662ebd214b
4 changed files with 64 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -195,4 +195,4 @@ Stats:

 ### New profiles:

-spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsar, unar, agetpkg, mdr
+spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@ -710,6 +710,7 @@ blacklist ${HOME}/.local/share/remmina
 blacklist ${HOME}/.local/share/rhythmbox
 blacklist ${HOME}/.local/share/rtv
 blacklist ${HOME}/.local/share/scribus
+blacklist ${HOME}/.local/share/shotwell
 blacklist ${HOME}/.local/share/signal-cli
 blacklist ${HOME}/.local/share/sink
 blacklist ${HOME}/.local/share/smuxi
@ -994,6 +995,7 @@ blacklist ${HOME}/.cache/qBittorrent
 blacklist ${HOME}/.cache/qupzilla
 blacklist ${HOME}/.cache/qutebrowser
 blacklist ${HOME}/.cache/rhythmbox
+blacklist ${HOME}/.cache/shotwell
 blacklist ${HOME}/.cache/simple-scan
 blacklist ${HOME}/.cache/slimjet
 blacklist ${HOME}/.cache/smuxi
--- a/etc/profile-m-z/shotwell.profile
+++ b/etc/profile-m-z/shotwell.profile
@ -0,0 +1,60 @@
+# Firejail profile for shotwell
+# Description: A digital photo organizer designed for the GNOME desktop environment
+# This file is overwritten after every install/update
+# Persistent local customizations
+include shotwell.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/shotwell
+noblacklist ${HOME}/.local/share/shotwell
+
+noblacklist ${PICTURES}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/shotwell
+mkdir ${HOME}/.local/share/shotwell
+whitelist ${HOME}/.cache/shotwell
+whitelist ${HOME}/.local/share/shotwell
+whitelist ${PICTURES}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+private-bin shotwell
+private-cache
+private-dev
+private-etc alternatives,fonts,machine-id
+private-opt none
+private-tmp
+
+dbus-user filter
+dbus-user.own org.gnome.Shotwell
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.gtk.vfs.UDisks2VolumeMonitor
+dbus-system none
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@ -663,6 +663,7 @@ secret-tool
 shellcheck
 shortwave
 shotcut
+shotwell
 signal-cli
 signal-desktop
 silentarmy