netblue30 · rusty-snake · Sep 2, 2020 · Jul 30, 2020 · Jul 31, 2020 · rusty-snake
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
@@ -255,6 +255,7 @@ blacklist ${HOME}/.config/katerc
 blacklist ${HOME}/.config/kateschemarc
 blacklist ${HOME}/.config/katesyntaxhighlightingrc
 blacklist ${HOME}/.config/katevirc
+blacklist ${HOME}/.config/kazam
 blacklist ${HOME}/.config/kdeconnect
 blacklist ${HOME}/.config/kdenliverc
 blacklist ${HOME}/.config/kfindrc
@@ -308,6 +309,7 @@ blacklist ${HOME}/.config/nomacs
 blacklist ${HOME}/.config/obs-studio
 blacklist ${HOME}/.config/okularpartrc
 blacklist ${HOME}/.config/okularrc
+blacklist ${HOME}/.config/onboard
 blacklist ${HOME}/.config/onionshare
 blacklist ${HOME}/.config/onlyoffice
 blacklist ${HOME}/.config/opera

diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile
@@ -0,0 +1,54 @@
+# Firejail profile for kazam
+# Description: Screen capture tool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include kazam.local
+# Persistent global definitions
+include globals.local
+
+ignore noexec ${HOME}
+
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
+noblacklist ${HOME}/.config/kazam
+
+include allow-python2.inc 
+include allow-python3.inc 
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc 
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+whitelist /usr/share/kazam
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+# private-bin kazam,python*
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,machine-id,pulse,selinux,X11,xdg
+private-tmp
+
+dbus-system none
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile
@@ -0,0 +1,65 @@
+# Firejail profile for menulibre
+# Description: Create desktop and menu launchers easily
+# This file is overwritten after every install/update
+# Persistent local customizations
+include menulibre.local
+# Persistent global definitions
+include globals.local
+
+include allow-python2.inc
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc 
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+include disable-xdg.inc
+
+# Whitelist your system icon directory,varies by distro
+whitelist /usr/share/app-info
+whitelist /usr/share/desktop-directories
+whitelist /usr/share/icons
+whitelist /usr/share/menulibre
+whitelist /var/lib/app-info/icons
+# Flatpak desktop directory
+whitelist /var/lib/flatpak/exports/share/applications
+whitelist /var/lib/flatpak/exports/share/icons
+# Snap desktop directory
+
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,dconf,fonts,gtk-3.0,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg
+private-tmp
+
+dbus-user none
+dbus-system none
+
+read-write ${HOME}/.config/menus
+read-write ${HOME}/.gnome/apps
+read-write ${HOME}/.local/share/applications
+read-write ${HOME}/.local/share/flatpak/exports
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile
@@ -0,0 +1,57 @@
+# Firejail profile for musictube
+# Description: Stream music 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include musictube.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/Flavio Tordini
+noblacklist ${HOME}/.config/Flavio Tordini
+noblacklist ${HOME}/.local/share/Flavio Tordini
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc 
+include disable-xdg.inc
+
+mkdir ${HOME}/.cache/Flavio Tordini
+mkdir ${HOME}/.config/Flavio Tordini
+mkdir ${HOME}/.local/share/Flavio Tordini
+whitelist ${HOME}/.cache/Flavio Tordini
+whitelist ${HOME}/.config/Flavio Tordini
+whitelist ${HOME}/.local/share/Flavio Tordini
+whitelist /usr/share/musictube
+include whitelist-common.inc 
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin musictube
+private-cache
+private-dev
+private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp
+
+dbus-user none
+dbus-system none
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile
@@ -0,0 +1,55 @@
+# Firejail profile for onboard
+# Description: On-screen keyboard
+# This file is overwritten after every install/update
+# Persistent local customizations
+include onboard.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/onboard
+
+include allow-python2.inc
+include allow-python3.inc
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc 
+include disable-interpreters.inc
+include disable-programs.inc
+include disable-passwdmgr.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/onboard
+whitelist ${HOME}/.config/onboard
+whitelist /usr/share/onboard
+include whitelist-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+nodvd
+no3d
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-cache
+private-bin onboard,python*,tput
+private-dev
+private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg
+private-tmp
+
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
@@ -368,6 +368,7 @@ kalgebra
 kalgebramobile
 karbon
 kate
+kazam
 kcalc
 # kdeinit4
 kdenlive
@@ -449,6 +450,7 @@ megaglest_editor
 meld
 mencoder
 mendeleydesktop
+menulibre
 meteo-qt
 midori
 min
@@ -494,6 +496,7 @@ mupdf-x11-curl
 mupen64plus
 muraster
 musescore
+musictube
 musixmatch
 mutool
 mutt
@@ -525,6 +528,7 @@ ocenaudio
 odt2txt
 oggsplt
 okular
+onboard
 onionshare-gui
 ooffice
 ooviewdoc