Merge pull request #7100 from powerjungle/master

new profile: halloy IRC client

etc/inc/disable-programs.inc

@@ -143,6 +143,7 @@ blacklist ${HOME}/.cache/google-chrome-beta
 blacklist ${HOME}/.cache/google-chrome-unstable
 blacklist ${HOME}/.cache/gradio
 blacklist ${HOME}/.cache/gummi
+blacklist ${HOME}/.cache/halloy
 blacklist ${HOME}/.cache/hashcat
 blacklist ${HOME}/.cache/icedove
 blacklist ${HOME}/.cache/inkscape
@@ -507,6 +508,7 @@ blacklist ${HOME}/.config/gummi
 blacklist ${HOME}/.config/guvcview2
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/gzdoom
+blacklist ${HOME}/.config/halloy
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/homebank
 blacklist ${HOME}/.config/i2p
@@ -1010,6 +1012,7 @@ blacklist ${HOME}/.local/share/gnote
 blacklist ${HOME}/.local/share/godot
 blacklist ${HOME}/.local/share/gradio
 blacklist ${HOME}/.local/share/gwenview
+blacklist ${HOME}/.local/share/halloy
 blacklist ${HOME}/.local/share/hashcat
 blacklist ${HOME}/.local/share/i2p
 blacklist ${HOME}/.local/share/io.github.lainsce.Notejot

etc/profile-a-l/halloy.profile

@@ -0,0 +1,63 @@
+# Firejail profile for Halloy
+# Description: Modern IRC client
+# This file is overwritten after every install/update
+# Persistent local customizations
+include halloy.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/halloy
+noblacklist ${HOME}/.config/halloy
+noblacklist ${HOME}/.local/share/halloy
+
+blacklist /usr/libexec
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/halloy
+mkdir ${HOME}/.config/halloy
+mkdir ${HOME}/.local/share/halloy
+whitelist ${HOME}/.cache/halloy
+whitelist ${HOME}/.config/halloy
+whitelist ${HOME}/.local/share/halloy
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+netfilter
+# Currently hardware acceleration is on by default.
+# There is no option to turn it off:
+# https://github.com/squidowl/halloy/issues/669
+#no3d
+nodvd
+nogroups
+nonewprivs
+noprinters
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+tracelog
+
+disable-mnt
+private-cache
+private-dev
+private-tmp
+
+dbus-system none
+
+restrict-namespaces

src/firecfg/firecfg.config

@@ -434,6 +434,7 @@ gucharmap
 gummi
 gwenview
 gzdoom
+halloy
 handbrake
 handbrake-gtk
 hashcat