From 78b6a1d4b0815770c09fe4db3a37ca6ce3149261 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Wed, 8 Nov 2017 13:20:03 -0600
Subject: Add Enpass profile (see #1139 profile requests)

---
 README.md                  |  2 +-
 RELNOTES                   |  8 ++++----
 etc/disable-passwdmgr.inc  |  1 +
 etc/enpass.profile         | 39 +++++++++++++++++++++++++++++++++++++++
 etc/runenpass.sh.profile   |  6 ++++++
 src/firecfg/firecfg.config |  1 +
 6 files changed, 52 insertions(+), 5 deletions(-)
 create mode 100644 etc/enpass.profile
 create mode 100644 etc/runenpass.sh.profile

diff --git a/README.md b/README.md
index c65e7f1fe..b1e3cbbca 100644
--- a/README.md
+++ b/README.md
@@ -221,7 +221,7 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e
 imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
 ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
 conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
-aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko
+aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass
 
 Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,
 https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.
diff --git a/RELNOTES b/RELNOTES
index e5adc0fa5..2f9206518 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -30,15 +30,15 @@ firejail (0.9.51) baseline; urgency=low
      https://aur.archlinux.org/packages/firejail-profiles.
   * new profiles: terasology, surf, rocketchat, clamscan, clamdscan,
       clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5,
-      brackets, calligra, calligraauthor, calligraconverter, calligraflow, 
+      brackets, calligra, calligraauthor, calligraconverter, calligraflow,
       calligraplan, calligraplanwork, calligrasheets, calligrastage,
       calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd,
       google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion,
-      mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, 
+      mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en,
       Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,
       cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,
-      xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko
-   
+      xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass
+
  -- netblue30 <netblue30@yahoo.com>  Thu, 14 Sep 2017 20:00:00 -0500
 
 firejail (0.9.50~rc1) baseline; urgency=low
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 9507d3feb..8ed87eefb 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -6,6 +6,7 @@ blacklist ${HOME}/.config/KeePass
 blacklist ${HOME}/.config/keepass
 blacklist ${HOME}/.config/keepassx
 blacklist ${HOME}/.config/keepassxc
+blacklist ${HOME}/.config/Sinew Software Systems
 blacklist ${HOME}/.keepass
 blacklist ${HOME}/.keepassx
 blacklist ${HOME}/.keepassxc
diff --git a/etc/enpass.profile b/etc/enpass.profile
new file mode 100644
index 000000000..4c19d5825
--- /dev/null
+++ b/etc/enpass.profile
@@ -0,0 +1,39 @@
+# This file is overwritten after every install/update.
+# Persistent local customisations
+include /etc/firejail/enpass.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+noblacklist ${HOME}/.config/Sinew Software Systems
+
+include /etc/firejail/whitelist-var-common.inc
+
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+private-bin sh,readlink,dirname
+private-dev
+private-opt Enpass
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/runenpass.sh.profile b/etc/runenpass.sh.profile
new file mode 100644
index 000000000..05ffbfe20
--- /dev/null
+++ b/etc/runenpass.sh.profile
@@ -0,0 +1,6 @@
+# Firejail alias profile for enpass
+# This file is overwritten after every install/update
+
+
+# Redirect
+include /etc/firejail/enpass.profile
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 56ff9a15b..28d3aab67 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -284,6 +284,7 @@ riot-web
 ristretto
 rocketchat
 rtorrent
+runenpass.sh
 scribus
 sdat2img
 seamonkey
-- 
cgit v1.2.3-70-g09d2