From 35443058b6539e8ed251c40bd342912a7e2c1484 Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Sun, 15 Mar 2020 12:55:09 +0100
Subject: add gnome-screenshot.profile

patch for xdg-dbus-proxy
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -45,3 +45,8 @@ private-bin gnome-screenshot
 private-dev
 private-etc dconf,fonts,gtk-3.0,localtime,machine-id
 private-tmp
+
+dbus-user filter
+dbus-user.own org.gnome.Screenshot
+dbus-user.talk org.gnome.Shell.Screenshot
+dbus-system block
```

patch for whitelist-runuser-common.inc
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -17,11 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

-whitelist ${RUNUSER}/bus
-whitelist ${RUNUSER}/pulse
-whitelist ${RUNUSER}/gdm/Xauthority
-whitelist ${RUNUSER}/wayland-0
 include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
 include whitelist-var-common.inc

 apparmor
```
---
 README.md                    |  2 +-
 RELNOTES                     |  2 +-
 etc/Screenshot.profile       |  6 ++++++
 etc/disable-programs.inc     |  1 +
 etc/gnome-screenshot.profile | 47 ++++++++++++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config   |  2 ++
 6 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 etc/Screenshot.profile
 create mode 100644 etc/gnome-screenshot.profile

diff --git a/README.md b/README.md
index bc2708041..8fc636194 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 
 ### New profiles:
 
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal, gnome-screenshot
diff --git a/RELNOTES b/RELNOTES
index df0e3ec85..664696cce 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,7 +8,7 @@ firejail (0.9.63) baseline; urgency=low
   * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
   * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
   * new profiles: presentations18, presentations18free, textmaker18, teams
-  * new profiles: textmaker18free, xournal
+  * new profiles: textmaker18free, xournal, gnome-screenshot
 
 firejail (0.9.62) baseline; urgency=low
   * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/Screenshot.profile b/etc/Screenshot.profile
new file mode 100644
index 000000000..d4b083736
--- /dev/null
+++ b/etc/Screenshot.profile
@@ -0,0 +1,6 @@
+# Firejail profile for gnome-screenshot
+# This file is overwritten after every install/update
+
+# Temporary fix for https://github.com/netblue30/firejail/issues/2624
+# Redirect
+include gnome-screenshot.profile
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index db257c1b6..0786ba7d2 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -759,6 +759,7 @@ blacklist ${HOME}/.cache/gfeeds
 blacklist ${HOME}/.cache/gimp
 blacklist ${HOME}/.cache/gnome-builder
 blacklist ${HOME}/.cache/gnome-recipes
+blacklist ${HOME}/.cache/gnome-screenshot
 blacklist ${HOME}/.cache/gnome-twitch
 blacklist ${HOME}/.cache/godot
 blacklist ${HOME}/.cache/google-chrome
diff --git a/etc/gnome-screenshot.profile b/etc/gnome-screenshot.profile
new file mode 100644
index 000000000..c00aefdb7
--- /dev/null
+++ b/etc/gnome-screenshot.profile
@@ -0,0 +1,47 @@
+# Firejail profile for gnome-screenshot
+# Description: GNOME screenshot tool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-screenshot.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.cache/gnome-screenshot
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist ${RUNUSER}/bus
+whitelist ${RUNUSER}/pulse
+whitelist ${RUNUSER}/gdm/Xauthority
+whitelist ${RUNUSER}/wayland-0
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin gnome-screenshot
+private-dev
+private-etc dconf,fonts,gtk-3.0,localtime,machine-id
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 4cd4fad6c..c27f78d0f 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -23,6 +23,7 @@ Natron
 PPSSPPQt
 QMediathekView
 QOwnNotes
+Screenshot
 Telegram
 Viber
 VirtualBox
@@ -275,6 +276,7 @@ gnome-passwordsafe
 gnome-photos
 gnome-recipes
 gnome-schedule
+gnome-screenshot
 gnome-system-log
 gnome-twitch
 gnome-weather
-- 
cgit v1.2.3-54-g00ecf