From af0f2ed9d67c8a7e8ce332baee0e9690df8a8367 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Sat, 3 Oct 2020 14:46:55 +0200
Subject: chromium-freeworld profile (#3633)

---
 README.md                                  | 4 ++--
 RELNOTES                                   | 2 +-
 etc/profile-a-l/chromium-freeworld.profile | 5 +++++
 src/firecfg/firecfg.config                 | 1 +
 4 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 etc/profile-a-l/chromium-freeworld.profile

diff --git a/README.md b/README.md
index 9ebcb3232..1b6b59f90 100644
--- a/README.md
+++ b/README.md
@@ -198,5 +198,5 @@ gnome-screenshot, ripperX, sound-juicer, iagno, com.github.dahenson.agenda, gnom
 penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts3client_runscript.sh, warmux, ferdi, abiword,
 four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
 hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
-seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx, minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar, vmware, git-cola, otter-browser, kazam, menulibre, musictube, onboard, fractal, mirage, quaternion, spectral, man, psi, smuxi-frontend-gnome, balsa, kube, trojita, cola, twitch, youtube, youtubemusic-nativefier, ytmdesktop, dbus-send, notify-send, qrencode
-xournalpp
+seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx, minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar, vmware, git-cola, otter-browser, kazam, menulibre, musictube, onboard, fractal, mirage, quaternion, spectral, man, psi, smuxi-frontend-gnome, balsa, kube, trojita, cola, twitch, youtube, youtubemusic-nativefier, ytmdesktop, dbus-send, notify-send, qrencode,
+xournalpp, chromium-freeworld
diff --git a/RELNOTES b/RELNOTES
index b24475288..f5189fd58 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -49,7 +49,7 @@ firejail (0.9.63) baseline; urgency=low
   * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi, twitch
   * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube, ytmdesktop
   * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send, qrencode
-  * new profiles: xournalpp
+  * new profiles: xournalpp, chromium-freeworld
  -- netblue30 <netblue30@yahoo.com>  Tue, 21 Apr 2020 08:00:00 -0500
 
 firejail (0.9.62) baseline; urgency=low
diff --git a/etc/profile-a-l/chromium-freeworld.profile b/etc/profile-a-l/chromium-freeworld.profile
new file mode 100644
index 000000000..a1de85afa
--- /dev/null
+++ b/etc/profile-a-l/chromium-freeworld.profile
@@ -0,0 +1,5 @@
+# Firejail profile for chromium-freeworld
+# This file is overwritten after every install/update
+
+# Redirect
+include chromium.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 9e0179aff..9f4f478c5 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -119,6 +119,7 @@ cheese
 cherrytree
 chromium
 chromium-browser
+chromium-freeworld
 cin
 cinelerra
 clamdscan
-- 
cgit v1.2.3-54-g00ecf


From 9ae80f5f4ebbdd5fbcc499d0bd598d6fb16e53b4 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Sat, 3 Oct 2020 14:50:32 +0200
Subject: New profile: equalx

---
 README.md                      |  2 +-
 RELNOTES                       |  2 +-
 etc/inc/disable-programs.inc   |  2 ++
 etc/profile-a-l/equalx.profile | 63 ++++++++++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config     |  1 +
 5 files changed, 68 insertions(+), 2 deletions(-)
 create mode 100644 etc/profile-a-l/equalx.profile

diff --git a/README.md b/README.md
index 1b6b59f90..ac91df682 100644
--- a/README.md
+++ b/README.md
@@ -199,4 +199,4 @@ penguin-command, x2goclient, frogatto, gnome-mines, gnome-nibbles, lightsoff, ts
 four-in-a-row, gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin, gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars,
 hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless, mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers,
 seahorse-adventures, wordwarvi, xbill, gnome-klotski, five-or-more, swell-foop, fdns, jitsi-meet-desktop, nicontine, steam-runtime, apostrophe, quadrapassel, dino-im, strawberry, hitori, bijiben, gnote, gnubik, ZeGrapher, gapplication, xonotic-sdl-wrapper, openarena_ded, cawbird, freetube, homebank, mattermost-desktop, newsflash, com.gitlab.newsflash, element-desktop, sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx, minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar, vmware, git-cola, otter-browser, kazam, menulibre, musictube, onboard, fractal, mirage, quaternion, spectral, man, psi, smuxi-frontend-gnome, balsa, kube, trojita, cola, twitch, youtube, youtubemusic-nativefier, ytmdesktop, dbus-send, notify-send, qrencode,
-xournalpp, chromium-freeworld
+xournalpp, chromium-freeworld, equalx
diff --git a/RELNOTES b/RELNOTES
index f5189fd58..90748ca7c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -49,7 +49,7 @@ firejail (0.9.63) baseline; urgency=low
   * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi, twitch
   * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube, ytmdesktop
   * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send, qrencode
-  * new profiles: xournalpp, chromium-freeworld
+  * new profiles: xournalpp, chromium-freeworld, equalx
  -- netblue30 <netblue30@yahoo.com>  Tue, 21 Apr 2020 08:00:00 -0500
 
 firejail (0.9.62) baseline; urgency=low
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 92a87352b..4f90e6413 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -209,6 +209,7 @@ blacklist ${HOME}/.config/emailidentities
 blacklist ${HOME}/.config/enchant
 blacklist ${HOME}/.config/eog
 blacklist ${HOME}/.config/epiphany
+blacklist ${HOME}/.config/equalx
 blacklist ${HOME}/.config/evince
 blacklist ${HOME}/.config/evolution
 blacklist ${HOME}/.config/falkon
@@ -436,6 +437,7 @@ blacklist ${HOME}/.electrum*
 blacklist ${HOME}/.elinks
 blacklist ${HOME}/.emacs
 blacklist ${HOME}/.emacs.d
+blacklist ${HOME}/.equalx
 blacklist ${HOME}/.ethereum
 blacklist ${HOME}/.etr
 blacklist ${HOME}/.filezilla
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile
new file mode 100644
index 000000000..58b053041
--- /dev/null
+++ b/etc/profile-a-l/equalx.profile
@@ -0,0 +1,63 @@
+# Firejail profile for equalx
+# Description: A graphical editor for writing LaTeX equations
+# This file is overwritten after every install/update
+# Persistent local customizations
+include equalx.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/equalx
+noblacklist ${HOME}/.equalx
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/equalx
+mkdir ${HOME}/.equalx
+whitelist ${HOME}/.config/equalx
+whitelist ${HOME}/.equalx
+whitelist /usr/share/poppler
+whitelist /usr/share/ghostscript
+whitelist /usr/share/texlive
+whitelist /usr/share/equalx
+whitelist /var/lib/texmf
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin equalx,gs,pdflatex,pdftocairo
+private-cache
+private-dev
+private-etc equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,machine-id,papersize,passwd,texlive,Trolltech.conf
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 9f4f478c5..d16aa2ee9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -197,6 +197,7 @@ eog
 eom
 ephemeral
 #epiphany
+equalx
 et
 etr
 evince
-- 
cgit v1.2.3-54-g00ecf