New profile for man,psi,smuxi; fix pidgin (#3590)

* Profile for Psi * Fix pidgin buddy icon * Profile for man * Add profile for smuxi * Comment man in firecfg * Add pinentry programs * Update etc/profile-m-z/psi.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
netblue30 · Sep 2, 2020 · c542881 · c542881
1 parent 3801eb3
commit c542881
Show file tree

Hide file tree

Showing 6 changed files with 213 additions and 0 deletions.
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
@@ -285,6 +285,7 @@ blacklist ${HOME}/.config/liferea
 blacklist ${HOME}/.config/lugaru
 blacklist ${HOME}/.config/lximage-qt
 blacklist ${HOME}/.config/mailtransports
+blacklist ${HOME}/.local/share/man
 blacklist ${HOME}/.config/mana
 blacklist ${HOME}/.config/mate-calc
 blacklist ${HOME}/.config/mate/eom
@@ -337,6 +338,7 @@ blacklist ${HOME}/.config/pluma
 blacklist ${HOME}/.config/ppsspp
 blacklist ${HOME}/.config/pragha
 blacklist ${HOME}/.config/profanity
+blacklist ${HOME}/.config/psi
 blacklist ${HOME}/.config/psi+
 blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
@@ -356,6 +358,7 @@ blacklist ${HOME}/.config/skypeforlinux
 blacklist ${HOME}/.config/slimjet
 blacklist ${HOME}/.config/smplayer
 blacklist ${HOME}/.config/smtube
+blacklist ${HOME}/.config/smuxi
 blacklist ${HOME}/.config/snox
 blacklist ${HOME}/.config/sound-juicer
 blacklist ${HOME}/.config/specialmailcollectionsrc
@@ -547,6 +550,7 @@ blacklist ${HOME}/.local/share/Kingsoft
 blacklist ${HOME}/.local/share/Mendeley Ltd.
 blacklist ${HOME}/.local/share/Mumble
 blacklist ${HOME}/.local/share/PBE
+blacklist ${HOME}/.local/share/Psi
 blacklist ${HOME}/.local/share/QGIS
 blacklist ${HOME}/.local/share/QMediathekView
 blacklist ${HOME}/.local/share/QuiteRss
@@ -664,6 +668,7 @@ blacklist ${HOME}/.local/share/Paradox Interactive
 blacklist ${HOME}/.local/share/pix
 blacklist ${HOME}/.local/share/plasma_notes
 blacklist ${HOME}/.local/share/profanity
+blacklist ${HOME}/.local/share/psi
 blacklist ${HOME}/.local/share/psi+
 blacklist ${HOME}/.local/share/quadrapassel
 blacklist ${HOME}/.local/share/qpdfview
@@ -673,6 +678,7 @@ blacklist ${HOME}/.local/share/rhythmbox
 blacklist ${HOME}/.local/share/rtv
 blacklist ${HOME}/.local/share/scribus
 blacklist ${HOME}/.local/share/signal-cli
+blacklist ${HOME}/.local/share/smuxi
 blacklist ${HOME}/.local/share/spotify
 blacklist ${HOME}/.local/share/steam
 blacklist ${HOME}/.local/share/strawberry
@@ -832,6 +838,7 @@ blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/MusicBrainz
 blacklist ${HOME}/.cache/NewsFlashGTK
 blacklist ${HOME}/.cache/Otter
+blacklist ${HOME}/.cache/Psi
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/Quotient/quaternion
 blacklist ${HOME}/.cache/Shortwave
@@ -932,12 +939,14 @@ blacklist ${HOME}/.cache/peek
 blacklist ${HOME}/.cache/pip
 blacklist ${HOME}/.cache/plasmashell
 blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite*
+blacklist ${HOME}/.cache/psi
 blacklist ${HOME}/.cache/qBittorrent
 blacklist ${HOME}/.cache/qupzilla
 blacklist ${HOME}/.cache/qutebrowser
 blacklist ${HOME}/.cache/rhythmbox
 blacklist ${HOME}/.cache/simple-scan
 blacklist ${HOME}/.cache/slimjet
+blacklist ${HOME}/.cache/smuxi
 blacklist ${HOME}/.cache/snox
 blacklist ${HOME}/.cache/spotify
 blacklist ${HOME}/.cache/strawberry

diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile
@@ -0,0 +1,66 @@
+# Firejail profile for man
+# Description: manpage viewer
+quiet
+# This file is overwritten after every install/update
+# Persistent local customizations
+include man.local
+# Persistent global definitions
+include globals.local
+
+blacklist ${RUNUSER}
+
+noblacklist ${HOME}/.local/share/man
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.local/share/man
+whitelist ${HOME}/.local/share/man
+whitelist ${HOME}/.manpath
+whitelist /usr/share/groff
+whitelist /usr/share/info
+whitelist /usr/share/lintian
+whitelist /usr/share/locale
+whitelist /usr/share/man
+whitelist /var/cache/man
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+nou2f
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+
+disable-mnt
+private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,
+zcat,zsoelim
+private-cache
+private-dev
+private-etc alternatives,fonts,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile
@@ -21,6 +21,8 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.purple
 whitelist ${HOME}/.purple
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc

diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile
@@ -0,0 +1,78 @@
+# Firejail profile for psi
+# Description: Native XMPP client with GPG support
+# This file is overwritten after every install/update
+# Persistent local customizations
+include psi.local
+# Persistent global definitions
+include globals.local
+
+# Uncomment for GPG
+# noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.cache/psi
+noblacklist ${HOME}/.cache/Psi
+noblacklist ${HOME}/.config/psi
+noblacklist ${HOME}/.local/share/psi
+noblacklist ${HOME}/.local/share/Psi
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+# Uncomment for GPG
+# mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.cache/psi
+mkdir ${HOME}/.cache/Psi
+mkdir ${HOME}/.config/psi
+mkdir ${HOME}/.local/share/psi
+mkdir ${HOME}/.local/share/Psi
+# Uncomment for GPG
+# whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.cache/psi
+whitelist ${HOME}/.cache/Psi
+whitelist ${HOME}/.config/psi
+whitelist ${HOME}/.local/share/psi
+whitelist ${HOME}/.local/share/Psi
+whitelist ${DOWNLOADS}
+# Uncomment for GPG
+# whitelist /usr/share/gnupg
+# whitelist /usr/share/gnupg2
+whitelist /usr/share/psi
+# Uncomment for GPG
+# whitelist ${RUNUSER}/gnupg
+# whitelist ${RUNUSER}/keyring
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+shell none
+# breaks on Arch
+# tracelog
+
+disable-mnt
+# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG
+private-bin getopt,psi
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-tmp
+
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile
@@ -0,0 +1,55 @@
+# Firejail profile for smuxi-frontend-gnome
+# Description: Multi protocol chat client with Twitter support
+# This file is overwritten after every install/update
+# Persistent local customizations
+include smuxi-frontend-gnome.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/smuxi
+noblacklist ${HOME}/.config/smuxi
+noblacklist ${HOME}/.local/share/smuxi
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/smuxi
+mkdir ${HOME}/.config/smuxi
+mkdir ${HOME}/.local/share/smuxi
+whitelist ${HOME}/.cache/smuxi
+whitelist ${HOME}/.config/smuxi
+whitelist ${HOME}/.local/share/smuxi
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,mono,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg
+private-tmp
+
+dbus-user none
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
@@ -439,6 +439,7 @@ lynx
 lyx
 macrofusion
 magicor
+# man
 manaplus
 masterpdfeditor
 masterpdfeditor4
@@ -591,6 +592,7 @@ pragha
 presentations18
 presentations18free
 profanity
+psi
 psi-plus
 pybitmessage
 # pycharm-community - FB note: may enable later
@@ -654,6 +656,7 @@ slack
 slashem
 smplayer
 smtube
+smuxi-frontend-gnome
 snox
 soffice
 sol