diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 92cde6d56..dba60fcba 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -83,6 +83,7 @@ blacklist ${HOME}/.config/Debauchee/Barrier.conf blacklist ${HOME}/.config/Dharkael blacklist ${HOME}/.config/Element blacklist ${HOME}/.config/Element (Riot) +blacklist ${HOME}/.config/ENCOM blacklist ${HOME}/.config/Enox blacklist ${HOME}/.config/Ferdi blacklist ${HOME}/.config/Flavio Tordini @@ -122,6 +123,7 @@ blacklist ${HOME}/.config/QMediathekView blacklist ${HOME}/.config/Qlipper blacklist ${HOME}/.config/QuiteRss blacklist ${HOME}/.config/QuiteRssrc +blacklist ${HOME}/.config/Quotient blacklist ${HOME}/.config/Rambox blacklist ${HOME}/.config/Riot blacklist ${HOME}/.config/Rocket.Chat @@ -292,6 +294,7 @@ blacklist ${HOME}/.config/menulibre.cfg blacklist ${HOME}/.config/mfusion blacklist ${HOME}/.config/Microsoft blacklist ${HOME}/.config/midori +blacklist ${HOME}/.config/mirage blacklist ${HOME}/.config/mono blacklist ${HOME}/.config/mpDris2 blacklist ${HOME}/.config/mpd @@ -639,6 +642,7 @@ blacklist ${HOME}/.local/share/mana blacklist ${HOME}/.local/share/maps-places.json blacklist ${HOME}/.local/share/meld blacklist ${HOME}/.local/share/midori +blacklist ${HOME}/.local/share/mirage blacklist ${HOME}/.local/share/multimc blacklist ${HOME}/.local/share/multimc5 blacklist ${HOME}/.local/share/mupen64plus @@ -817,6 +821,7 @@ blacklist ${HOME}/.cache/8pecxstudios blacklist ${HOME}/.cache/Authenticator blacklist ${HOME}/.cache/BraveSoftware blacklist ${HOME}/.cache/Clementine +blacklist ${HOME}/.cache/ENCOM/Spectral blacklist ${HOME}/.cache/Enox blacklist ${HOME}/.cache/Enpass blacklist ${HOME}/.cache/Ferdi @@ -827,6 +832,7 @@ blacklist ${HOME}/.cache/MusicBrainz blacklist ${HOME}/.cache/NewsFlashGTK blacklist ${HOME}/.cache/Otter blacklist ${HOME}/.cache/QuiteRss +blacklist ${HOME}/.cache/Quotient/quaternion blacklist ${HOME}/.cache/Shortwave blacklist ${HOME}/.cache/Tox blacklist ${HOME}/.cache/Zeal @@ -856,6 +862,7 @@ blacklist ${HOME}/.cache/falkon blacklist ${HOME}/.cache/feedreader blacklist ${HOME}/.cache/font-manager blacklist ${HOME}/.cache/fossamail +blacklist ${HOME}/.cache/fractal blacklist ${HOME}/.cache/freecol blacklist ${HOME}/.cache/gajim blacklist ${HOME}/.cache/gegl-0.4 @@ -897,6 +904,7 @@ blacklist ${HOME}/.cache/liferea blacklist ${HOME}/.cache/Mendeley Ltd. blacklist ${HOME}/.cache/midori blacklist ${HOME}/.cache/minetest +blacklist ${HOME}/.cache/mirage blacklist ${HOME}/.cache/moonchild productions/basilisk blacklist ${HOME}/.cache/moonchild productions/pale moon blacklist ${HOME}/.cache/mozilla diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile new file mode 100644 index 000000000..ab907eb0d --- /dev/null +++ b/etc/profile-a-l/fractal.profile @@ -0,0 +1,54 @@ +# Firejail profile for fractal +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include fractal.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/fractal + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/fractal +whitelist ${HOME}/.cache/fractal +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin fractal +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user filter +dbus-user.own org.gnome.Fractal +dbus-user.talk ca.desrt.dconf +dbus-user.talk org.freedesktop.secrets +dbus-user.talk org.freedesktop.Notifications +dbus-system none diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile new file mode 100644 index 000000000..4a5f12aec --- /dev/null +++ b/etc/profile-m-z/mirage.profile @@ -0,0 +1,59 @@ +# Firejail profile for mirage +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include mirage.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/mirage +noblacklist ${HOME}/.config/mirage +noblacklist ${HOME}/.local/share/mirage + +include allow-python2.inc +include allow-python3.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/mirage +mkdir ${HOME}/.config/mirage +mkdir ${HOME}/.local/share/mirage +whitelist ${HOME}/.cache/mirage +whitelist ${HOME}/.config/mirage +whitelist ${HOME}/.local/share/mirage +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin mirage +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile new file mode 100644 index 000000000..2133c74d3 --- /dev/null +++ b/etc/profile-m-z/quaternion.profile @@ -0,0 +1,54 @@ +# Firejail profile for quaternion +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include quaternion.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/Quotient/quaternion +noblacklist ${HOME}/.config/Quotient + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/Quotient/quaternion +mkdir ${HOME}/.config/Quotient +whitelist ${HOME}/.cache/Quotient/quaternion +whitelist ${HOME}/.config/Quotient +whitelist ${DOWNLOADS} +whitelist /usr/share/Quotient/quaternion +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin quaternion +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile new file mode 100644 index 000000000..d7f94e144 --- /dev/null +++ b/etc/profile-m-z/spectral.profile @@ -0,0 +1,53 @@ +# Firejail profile for spectral +# Description: Desktop client for Matrix +# This file is overwritten after every install/update +# Persistent local customizations +include spectral.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.cache/ENCOM/Spectral +noblacklist ${HOME}/.config/ENCOM + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/ENCOM/Spectral +mkdir ${HOME}/.config/ENCOM +whitelist ${HOME}/.cache/ENCOM/Spectral +whitelist ${HOME}/.config/ENCOM +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +disable-mnt +private-cache +private-bin spectral +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index ce2c6995e..62b27aa06 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -229,6 +229,7 @@ font-manager fontforge fossamail four-in-a-row +fractal franz freecad freecadcmd @@ -464,6 +465,7 @@ mindless minecraft-launcher minetest minitube +mirage mirrormagic mocp mousepad @@ -604,6 +606,7 @@ qt-faststart qtox quadrapassel quassel +quaternion quiterss qupzilla qutebrowser @@ -656,6 +659,7 @@ soffice sol sound-juicer soundconverter +spectral spotify sqlitebrowser ssh