From 4b9174a110cb31bacfcd477c5fcda5b124114ba4 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 30 Jan 2018 22:39:06 +0100
Subject: kaffeine profile

---
 README.md                  |  2 +-
 RELNOTES                   |  2 +-
 etc/disable-programs.inc   |  6 ++++++
 etc/kaffeine.profile       | 37 +++++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config |  1 +
 5 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 etc/kaffeine.profile

diff --git a/README.md b/README.md
index 7bd691ba8..5438db4ac 100644
--- a/README.md
+++ b/README.md
@@ -101,4 +101,4 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
 ## New profiles
 
 Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
-pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing
+pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine
diff --git a/RELNOTES b/RELNOTES
index fe871134b..4e4b7e085 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,7 +6,7 @@ firejail (0.9.53) baseline; urgency=low
   * private-dev support for overlay and chroot sandboxes
   * private-tmp support for overlay and chroot sandboxes
   * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary
-  * new profiles: pycharm-community, pycharm-professional
+  * new profiles: pycharm-community, pycharm-professional, kaffeine
  -- netblue30 <netblue30@yahoo.com>  Tue, 12 Dec 2017 08:00:00 -0500
 
 firejail (0.9.52) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 5a75974ac..6a8e580a3 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -129,6 +129,7 @@ blacklist ${HOME}/.config/iridium
 blacklist ${HOME}/.config/itch
 blacklist ${HOME}/.config/jd-gui.cfg
 blacklist ${HOME}/.config/k3brc
+blacklist ${HOME}/.config/kaffeinerc
 blacklist ${HOME}/.config/katepartrc
 blacklist ${HOME}/.config/katerc
 blacklist ${HOME}/.config/kateschemarc
@@ -258,6 +259,7 @@ blacklist ${HOME}/.java
 blacklist ${HOME}/.jitsi
 blacklist ${HOME}/.kde/share/apps/digikam
 blacklist ${HOME}/.kde/share/apps/gwenview
+blacklist ${HOME}/.kde/share/apps/kaffeine
 blacklist ${HOME}/.kde/share/apps/kcookiejar
 blacklist ${HOME}/.kde/share/apps/kget
 blacklist ${HOME}/.kde/share/apps/khtml
@@ -272,6 +274,7 @@ blacklist ${HOME}/.kde/share/config/baloorc
 blacklist ${HOME}/.kde/share/config/digikam
 blacklist ${HOME}/.kde/share/config/gwenviewrc
 blacklist ${HOME}/.kde/share/config/k3brc
+blacklist ${HOME}/.kde/share/config/kaffeinerc
 blacklist ${HOME}/.kde/share/config/kcookiejarrc
 blacklist ${HOME}/.kde/share/config/kgetrc
 blacklist ${HOME}/.kde/share/config/khtmlrc
@@ -285,6 +288,7 @@ blacklist ${HOME}/.kde/share/config/okularpartrc
 blacklist ${HOME}/.kde/share/config/okularrc
 blacklist ${HOME}/.kde4/share/apps/digikam
 blacklist ${HOME}/.kde4/share/apps/gwenview
+blacklist ${HOME}/.kde4/share/apps/kaffeine
 blacklist ${HOME}/.kde4/share/apps/kcookiejar
 blacklist ${HOME}/.kde4/share/apps/kget
 blacklist ${HOME}/.kde4/share/apps/khtml
@@ -298,6 +302,7 @@ blacklist ${HOME}/.kde4/share/config/baloofilerc
 blacklist ${HOME}/.kde4/share/config/digikam
 blacklist ${HOME}/.kde4/share/config/gwenviewrc
 blacklist ${HOME}/.kde4/share/config/k3brc
+blacklist ${HOME}/.kde4/share/config/kaffeinerc
 blacklist ${HOME}/.kde4/share/config/kcookiejarrc
 blacklist ${HOME}/.kde4/share/config/kgetrc
 blacklist ${HOME}/.kde4/share/config/khtmlrc
@@ -354,6 +359,7 @@ blacklist ${HOME}/.local/share/gnome-photos
 blacklist ${HOME}/.local/share/gnome-ring
 blacklist ${HOME}/.local/share/gnome-twitch
 blacklist ${HOME}/.local/share/gwenview
+blacklist ${HOME}/.local/share/kaffeine
 blacklist ${HOME}/.local/share/kate
 blacklist ${HOME}/.local/share/ktorrentrc
 blacklist ${HOME}/.local/share/ktorrent
diff --git a/etc/kaffeine.profile b/etc/kaffeine.profile
new file mode 100644
index 000000000..361010ce0
--- /dev/null
+++ b/etc/kaffeine.profile
@@ -0,0 +1,37 @@
+# Firejail profile for kaffeine
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/kaffeine.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ~/.config/kaffeinerc
+noblacklist ~/.kde/share/apps/kaffeine
+noblacklist ~/.kde/share/config/kaffeinerc
+noblacklist ~/.kde4/share/apps/kaffeine
+noblacklist ~/.kde4/share/config/kaffeinerc
+noblacklist ~/.local/share/kaffeine
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+include /etc/firejail/whitelist-var-common.inc
+
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+# private-bin kaffeine
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e9e1db287..6c4c9faa9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -185,6 +185,7 @@ iridium-browser
 jd-gui
 jitsi
 k3b
+kaffeine
 karbon
 kate
 kcalc
-- 
cgit v1.2.3-70-g09d2