Add profile for twitch,youtube,youtube-music; fix git-cola ,add cola (#3577)

* Add profile for twitch,youtube wrappers

* Fix git-cola, add Youtube music wrapper profiles

* Fixes for git-cola again

* Add profile for alternative name for git-cola

* Fixes

* Fix

etc/inc/disable-programs.inc

@@ -135,9 +135,11 @@ blacklist ${HOME}/.config/Slack
 blacklist ${HOME}/.config/Standard Notes
 blacklist ${HOME}/.config/SubDownloader
 blacklist ${HOME}/.config/Thunar
+blacklist ${HOME}/.config/Twitch
 blacklist ${HOME}/.config/Unknown Organization
 blacklist ${HOME}/.config/VirtualBox
 blacklist ${HOME}/.config/Wire
+blacklist ${HOME}/.config/Youtube
 blacklist ${HOME}/.config/Zeal
 blacklist ${HOME}/.config/ZeGrapher Project
 blacklist ${HOME}/.config/abiword
@@ -410,6 +412,8 @@ blacklist ${HOME}/.config/yandex-browser
 blacklist ${HOME}/.config/yandex-browser-beta
 blacklist ${HOME}/.config/yelp
 blacklist ${HOME}/.config/youtube-dl
+blacklist ${HOME}/.config/youtubemusic-nativefier-040164
+blacklist ${HOME}/.config/youtube-music-desktop-app
 blacklist ${HOME}/.config/youtube-viewer
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf

etc/profile-a-l/cola.profile

@@ -0,0 +1,10 @@
+# Firejail profile for cola
+# Description: Linux native frontend for Git,alternative call for git-cola
+# This file is overwritten after every install/update
+# Persistent local customizations
+include cola.local
+# Persistent global definitions
+include globals.local
+
+# Redirect
+include git-cola.profile

etc/profile-a-l/git-cola.profile

@@ -12,6 +12,7 @@ noblacklist ${HOME}/.gitconfig
 noblacklist ${HOME}/.git-credentials
 noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.subversion
 noblacklist ${HOME}/.config/git
 noblacklist ${HOME}/.config/git-cola
 # Put your editor,diff viewer config path below and uncomment to load settings
@@ -28,7 +29,19 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+whitelist ${RUNUSER}/gnupg
+whitelist ${RUNUSER}/keyring
+# Whitelist your editor, diff viewer, gnupg path below in /usr/share/
+whitelist /usr/share/git
+whitelist /usr/share/git-cola
+whitelist /usr/share/git-core
+whitelist /usr/share/git-gui
+whitelist /usr/share/gitk
+whitelist /usr/share/gitweb
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 apparmor
@@ -49,18 +62,22 @@ seccomp
 shell none
 tracelog
 
-# private-bin atom,bash,colordiff,emacs,fldiff,geany,gedit,git,git gui,git-cola,git-dag,gitk,gpg,gvim,leafpad,meld,mousepad,nano,notepadqq,python*,sh,ssh,vim,vimdiff,which,xed
+# Add your own diff viewer,editor,pinentry program
+# pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for gpg
+private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed
 private-cache
 private-dev
-# Comment if you sign commits with GPG
-private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,X11,xdg
+private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg
 private-tmp
+writable-run-user
 
-dbus-user filter
+# Breaks meld as diff viewer
+# dbus-user filter
 # Uncomment if you need keyring access
 # dbus-user.talk org.freedesktop.secrets
 dbus-system none
 
-read-only ${HOME}/.ssh
-read-only ${HOME}/.gnupg
 read-only ${HOME}/.git-credentials
+
+# Comment if you need to allow hosts
+read-only ${HOME}/.ssh

etc/profile-m-z/twitch.profile

@@ -0,0 +1,36 @@
+# Firejail profile for twitch
+# Description: Unofficial electron based desktop warpper for Twitch
+# This file is overwritten after every install/update
+# Persistent local customizations
+include twitch.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/Twitch
+
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-shell.inc 
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/Twitch
+whitelist ${HOME}/.config/Twitch
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+seccomp !chroot
+shell none
+
+disable-mnt
+private-bin twitch
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-opt Twitch
+private-tmp
+
+# Redirect
+include electron.profile

etc/profile-m-z/youtube.profile

@@ -0,0 +1,37 @@
+# Firejail profile for youtube
+# Description: Unofficial electron based desktop warpper for YouTube
+# This file is overwritten after every install/update
+# Persistent local customizations
+include youtube.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/Youtube
+
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-shell.inc 
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/Youtube
+whitelist ${HOME}/.config/Youtube
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+novideo
+seccomp !chroot
+shell none
+
+disable-mnt
+private-bin youtube
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-opt Youtube
+private-tmp
+
+# Redirect
+include electron.profile

etc/profile-m-z/youtubemusic-nativefier.profile

@@ -0,0 +1,38 @@
+# Firejail profile for youtubemusic-nativefier
+# Description: Unofficial electron based desktop warpper for YouTube Music
+# This file is overwritten after every install/update
+# Persistent local customizations
+include youtube.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/youtubemusic-nativefier-040164
+
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-shell.inc 
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/youtubemusic-nativefier-040164
+whitelist ${HOME}/.config/youtubemusic-nativefier-040164
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+nou2f
+novideo
+seccomp !chroot
+shell none
+
+disable-mnt
+private-bin youtubemusic-nativefier
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-opt youtubemusic-nativefier
+private-tmp
+
+# Redirect
+include electron.profile

etc/profile-m-z/ytmdesktop.profile

@@ -0,0 +1,39 @@
+# Firejail profile for ytmdesktop
+# Description: Unofficial electron based desktop warpper for YouTube Music
+# This file is overwritten after every install/update
+# Persistent local customizations
+include youtube.local
+# Persistent global definitions
+include globals.local
+
+ignore dbus-user none
+
+noblacklist ${HOME}/.config/youtube-music-desktop-app
+
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/youtube-music-desktop-app
+whitelist ${HOME}/.config/youtube-music-desktop-app
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+nou2f
+novideo
+seccomp !chroot
+shell none
+
+disable-mnt
+# private-bin env,ytmdesktop
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+# private-opt 
+private-tmp
+
+# Redirect
+include electron.profile

src/firecfg/firecfg.config

@@ -136,6 +136,7 @@ clocks
 cmus
 code
 code-oss
+cola
 com.github.dahenson.agenda
 com.github.johnfactotum.Foliate
 com.gitlab.newsflash
@@ -755,6 +756,7 @@ truecraft
 tshark
 tuxguitar
 tvbrowser
+twitch
 udiskie
 uefitool
 uget-gtk
@@ -832,8 +834,11 @@ xreader-thumbnailer
 xviewer
 yandex-browser
 yelp
+youtube
 youtube-dl
 youtube-viewer
+youtubemusic-nativefier
+ytmdesktop
 zaproxy
 zart
 zathura