From 0f58750321313e978937bf8fcdc6a627c40f7e6a Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Fri, 26 Jan 2018 00:28:09 -0500
Subject: Add a profile for Red Eclipse

---
 etc/disable-programs.inc   |  1 +
 etc/redeclipse.profile     | 37 +++++++++++++++++++++++++++++++++++++
 etc/xonotic.profile        |  1 +
 src/firecfg/firecfg.config |  1 +
 4 files changed, 40 insertions(+)
 create mode 100644 etc/redeclipse.profile

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 6288f14e2..4d9c4d85f 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -416,6 +416,7 @@ blacklist ${HOME}/.passwd-s3fs
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.purple
 blacklist ${HOME}/.qemu-launcher
+blacklist ${HOME}/.redeclipse
 blacklist ${HOME}/.remmina
 blacklist ${HOME}/.repo_.gitconfig.json
 blacklist ${HOME}/.repoconfig
diff --git a/etc/redeclipse.profile b/etc/redeclipse.profile
new file mode 100644
index 000000000..f0a993c54
--- /dev/null
+++ b/etc/redeclipse.profile
@@ -0,0 +1,37 @@
+# Firejail profile for redeclipse
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/redeclipse.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.redeclipse
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.redeclipse
+whitelist ${HOME}/.redeclipse
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index d17d2b612..7a466db9b 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc
 mkdir ${HOME}/.xonotic
 whitelist ${HOME}/.xonotic
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 netfilter
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index aff20d998..e9e1db287 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -293,6 +293,7 @@ qupzilla
 qutebrowser
 rambox
 ranger
+redeclipse
 remmina
 rhythmbox
 ricochet
-- 
cgit v1.2.3-70-g09d2