From 9627229b6ffe1566ffd26f9d3a8be2938784cc21 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 10 Oct 2017 12:39:26 -0400
Subject: Add a profile for ZAProxy

---
 README.md                  |  2 +-
 etc/disable-programs.inc   |  1 +
 etc/zaproxy.profile        | 42 ++++++++++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config |  2 ++
 4 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 etc/zaproxy.profile

diff --git a/README.md b/README.md
index 578ae10e9..549d3fdc4 100644
--- a/README.md
+++ b/README.md
@@ -181,4 +181,4 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e
 imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
 ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
 conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
-aosp, pdfmod, gnome-ring, signal-dekstop, xcalc
+aosp, pdfmod, gnome-ring, signal-dekstop, xcalc, zaproxy
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 064e60294..0e5400dd6 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -20,6 +20,7 @@ blacklist ${HOME}/.TelegramDesktop
 blacklist ${HOME}/.ViberPC
 blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.ZAP
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
 blacklist ${HOME}/.arduino15
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile
new file mode 100644
index 000000000..3cce79a2e
--- /dev/null
+++ b/etc/zaproxy.profile
@@ -0,0 +1,42 @@
+# Firejail profile for zaproxy
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/zaproxy.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.ZAP
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.ZAP
+whitelist ${HOME}/.java
+whitelist ${HOME}/.ZAP
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 3d7d23fe7..600bd8841 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -286,6 +286,7 @@ sdat2img
 seamonkey
 seamonkey-bin
 shotcut
+signal-desktop
 silentarmy
 simple-scan
 simutrans
@@ -365,6 +366,7 @@ xreader
 xviewer
 yandex-browser
 youtube-dl
+zaproxy
 zart
 zathura
 zoom
-- 
cgit v1.2.3-54-g00ecf