From 45e9061c837e98c63f3c906559b1cab0ac5ac8a3 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Mon, 20 May 2019 15:17:07 -0500
Subject: Add Microsoft Teams for Linux (Electron) profile

---
 etc/teams-for-linux.profile | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 etc/teams-for-linux.profile

diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
new file mode 100644
index 000000000..6acc38661
--- /dev/null
+++ b/etc/teams-for-linux.profile
@@ -0,0 +1,27 @@
+include disable-common.inc
+include disable-devel.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include globals.local
+
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+
+private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux
+private-dev
+private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
+private-tmp
+disable-mnt
+
+noblacklist ${HOME}/.config/teams-for-linux
+whitelist ${HOME}/.config/teams-for-linux
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf


From c2b16c6efcb808fd5d6391ad84922164e7ba1830 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sat, 1 Jun 2019 06:29:34 -0500
Subject: Adding many suggestions from the pull request, including description
 and definition for the teams-for-linux.local

---
 etc/teams-for-linux.profile | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index 6acc38661..96929ce60 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -1,8 +1,17 @@
+# Firejail profile for teams-for-linux
+# Description: Teams for Linux is an Electron application for Microsoft's team collaboration and chat program
+# This file is overwritten after every install/update
+# Persistent local customizations
+include teams-for-linux.local
+# Persistent global definitions
+include globals.local
+
 include disable-common.inc
 include disable-devel.inc
 include disable-passwdmgr.inc
+include disable-interpreters.inc
 include disable-programs.inc
-include globals.local
+
 
 caps.drop all
 netfilter
@@ -15,11 +24,14 @@ nou2f
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
+shell none
+tracelog
 
 private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux
 private-dev
 private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
 private-tmp
+private-cache
 disable-mnt
 
 noblacklist ${HOME}/.config/teams-for-linux
-- 
cgit v1.2.3-54-g00ecf


From c2a22e2a1d4eea6f41b2dee967c95842ad7f8372 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sat, 1 Jun 2019 06:37:04 -0500
Subject: Adding blacklist for teams-for-linux

---
 etc/disable-programs.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index eb0f73ba2..a3fac50bb 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -745,3 +745,6 @@ blacklist /var/games/slashem
 blacklist /var/games/vulturesclaw
 blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
+
+# ${HOME}/.config directory
+blacklist ${HOME}/.config/teams-for-linux
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf


From 00ef6793e21d4b209f7acceaec86d3093273af16 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sat, 1 Jun 2019 06:56:57 -0500
Subject: Disabling the lines for shell none and moving whitelist to the top of
 the file

---
 etc/teams-for-linux.profile | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index 96929ce60..3cbf6f709 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -6,14 +6,16 @@ include teams-for-linux.local
 # Persistent global definitions
 include globals.local
 
+caps.drop all
+whitelist ${HOME}/.config/teams-for-linux
 include disable-common.inc
 include disable-devel.inc
 include disable-passwdmgr.inc
 include disable-interpreters.inc
-include disable-programs.inc
+# include disable-programs.inc
+
 
 
-caps.drop all
 netfilter
 nodvd
 nogroups
@@ -24,8 +26,8 @@ nou2f
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
-shell none
-tracelog
+# shell none
+# tracelog
 
 private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux
 private-dev
@@ -35,5 +37,5 @@ private-cache
 disable-mnt
 
 noblacklist ${HOME}/.config/teams-for-linux
-whitelist ${HOME}/.config/teams-for-linux
+
 noexec /tmp
-- 
cgit v1.2.3-54-g00ecf


From 9f60dc8901be9d2019656645698f7081c0f17984 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sun, 2 Jun 2019 20:49:49 -0500
Subject: Narrowed it down that I can use shell none, but can't use private-tmp

---
 etc/disable-programs.inc    | 2 +-
 etc/teams-for-linux.profile | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index a3fac50bb..debef6523 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -747,4 +747,4 @@ blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
 
 # ${HOME}/.config directory
-blacklist ${HOME}/.config/teams-for-linux
\ No newline at end of file
+blacklist ${HOME}/.config/teams-for-linux
diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index 3cbf6f709..4a3874281 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -26,8 +26,7 @@ nou2f
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
-# shell none
-# tracelog
+shell none
 
 private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux
 private-dev
-- 
cgit v1.2.3-54-g00ecf


From 0b3e3c2d83bcb01557b6e1587c3bfa2565400622 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sun, 2 Jun 2019 20:58:23 -0500
Subject: Moving up the noblacklist, and uncommenting out the disable-programs
 again.  Also adding disable-exec instead of the noexec /tmp block

---
 etc/teams-for-linux.profile | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index 4a3874281..e36b1e26e 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -8,13 +8,13 @@ include globals.local
 
 caps.drop all
 whitelist ${HOME}/.config/teams-for-linux
+noblacklist ${HOME}/.config/teams-for-linux
 include disable-common.inc
 include disable-devel.inc
 include disable-passwdmgr.inc
 include disable-interpreters.inc
-# include disable-programs.inc
-
-
+include disable-exec.inc
+include disable-programs.inc
 
 netfilter
 nodvd
@@ -35,6 +35,4 @@ private-tmp
 private-cache
 disable-mnt
 
-noblacklist ${HOME}/.config/teams-for-linux
 
-noexec /tmp
-- 
cgit v1.2.3-54-g00ecf


From 2890fa442ad1bd94606c7d061df5260012f381e2 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sun, 2 Jun 2019 21:04:16 -0500
Subject: Adding the mkdir and include whitelist* as mentioned

---
 etc/teams-for-linux.profile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index e36b1e26e..3df0e6027 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -7,8 +7,13 @@ include teams-for-linux.local
 include globals.local
 
 caps.drop all
+
+mkdir ${HOME}/.config/teams-for-linux
 whitelist ${HOME}/.config/teams-for-linux
 noblacklist ${HOME}/.config/teams-for-linux
+
+include whitelist-common.inc
+include whitelist-var-common.inc
 include disable-common.inc
 include disable-devel.inc
 include disable-passwdmgr.inc
-- 
cgit v1.2.3-54-g00ecf


From 8bdbbefb12380f5ef54531ea0b0a382aff56809a Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Sun, 2 Jun 2019 21:05:27 -0500
Subject: Adding teams-for-linux to the config

---
 src/firecfg/firecfg.config | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 59ab73128..65605edb3 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -520,6 +520,7 @@ sylpheed
 synfigstudio
 sysprof
 sysprof-cli
+teams-for-linux
 teamspeak3
 teeworlds
 telegram
-- 
cgit v1.2.3-54-g00ecf


From 46c8b9377bc698e0662644aa6dcef0e7f9bf45e6 Mon Sep 17 00:00:00 2001
From: David Thole <david@thedarktrumpet.com>
Date: Mon, 3 Jun 2019 19:52:57 -0500
Subject: Applying recent changes requested

---
 etc/disable-programs.inc    |  3 +--
 etc/teams-for-linux.profile | 23 +++++++++++------------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index debef6523..aa1205549 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -597,6 +597,7 @@ blacklist ${HOME}/.surf
 blacklist ${HOME}/.sword
 blacklist ${HOME}/.sylpheed-2.0
 blacklist ${HOME}/.synfig
+blacklist ${HOME}/.config/teams-for-linux
 blacklist ${HOME}/.tconn
 blacklist ${HOME}/.teeworlds
 blacklist ${HOME}/.thunderbird
@@ -746,5 +747,3 @@ blacklist /var/games/vulturesclaw
 blacklist /var/games/vultureseye
 blacklist /var/lib/games/Maelstrom-Scores
 
-# ${HOME}/.config directory
-blacklist ${HOME}/.config/teams-for-linux
diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile
index 3df0e6027..51a76bad4 100644
--- a/etc/teams-for-linux.profile
+++ b/etc/teams-for-linux.profile
@@ -6,21 +6,22 @@ include teams-for-linux.local
 # Persistent global definitions
 include globals.local
 
-caps.drop all
-
-mkdir ${HOME}/.config/teams-for-linux
-whitelist ${HOME}/.config/teams-for-linux
 noblacklist ${HOME}/.config/teams-for-linux
 
-include whitelist-common.inc
-include whitelist-var-common.inc
 include disable-common.inc
 include disable-devel.inc
-include disable-passwdmgr.inc
-include disable-interpreters.inc
 include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
 include disable-programs.inc
 
+mkdir ${HOME}/.config/teams-for-linux
+whitelist ${HOME}/.config/teams-for-linux
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
 netfilter
 nodvd
 nogroups
@@ -33,11 +34,9 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
+disable-mnt
 private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux
+private-cache
 private-dev
 private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf
 private-tmp
-private-cache
-disable-mnt
-
-
-- 
cgit v1.2.3-54-g00ecf