From 96e801fd8a8f4a743e2286b9367177ce8f7b3c65 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 18 Apr 2016 09:38:54 -0400
Subject: added okular and gwenview profiles

---
 Makefile.in                |  2 ++
 README                     |  7 ++++---
 README.md                  |  2 +-
 RELNOTES                   |  1 +
 etc/disable-programs.inc   |  5 +++++
 etc/gwenview.profile       | 19 +++++++++++++++++++
 etc/okular.profile         | 21 +++++++++++++++++++++
 platform/debian/conffiles  |  3 +++
 src/firecfg/firecfg.config |  2 ++
 9 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100644 etc/gwenview.profile
 create mode 100644 etc/okular.profile

diff --git a/Makefile.in b/Makefile.in
index 590f2cd5f..bc8061985 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -166,6 +166,8 @@ realinstall:
 	install -c -m 0644 .etc/0ad.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/netsurf.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/warzone2100.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/okular.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
 	rm -fr .etc
diff --git a/README b/README
index 55f9109da..e4ad5a49f 100644
--- a/README
+++ b/README
@@ -18,6 +18,10 @@ License: GPL v2
 Firejail Authors:
 
 netblue30 (netblue30@yahoo.com)
+curiosity-seeker (https://github.com/curiosity-seeker)
+        - tightening unbound and dnscrypt-proxy profiles
+        - dnsmasq profile
+        - okular and gwenview profiles
 Matthew Gyurgyik (https://github.com/pyther)
 	- rpm spec and several fixes
 Joan Figueras (https://github.com/figue)
@@ -86,9 +90,6 @@ Rahiel Kasim (https://github.com/rahiel)
 	- Mathematica profile
 creideiki (https://github.com/creideiki)
 	- make the sandbox process reap all children
-curiosity-seeker (https://github.com/curiosity-seeker)
-	- tightening unbound and dnscrypt-proxy profiles
-	- dnsmasq profile
 sinkuu (https://github.com/sinkuu)
 	- blacklisting kwalletd
 	- fix symlink invocation for programs placing symlinks in $PATH
diff --git a/README.md b/README.md
index ed564e58a..afa1fa35c 100644
--- a/README.md
+++ b/README.md
@@ -282,5 +282,5 @@ $ man firejail-profile
 ## New security profiles
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
-Warzone2100
+Warzone2100, okular, gwenview
 
diff --git a/RELNOTES b/RELNOTES
index 37b4faf47..188f9d513 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -20,6 +20,7 @@ firejail (0.9.40-rc1) baseline; urgency=low
   * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
   * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
   * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100
+  * new profiles: okular, gwenview
   * build rpm packages using "make rpms"
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Sun, 3 Apr 2016 08:00:00 -0500
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 43b9cff38..23dd8e025 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -8,6 +8,11 @@ blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.config/mupen64plus
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/uGet
+blacklist ~/.kde/share/apps/okular
+blacklist ~/.kde/share/config/okularrc
+blacklist ~/.kde/share/config/okularpartrc
+blacklist ~/.kde/share/apps/gwenview
+blacklist ~/.kde/share/config/gwenviewrc
 
 # Media players
 blacklist ${HOME}/.config/cmus
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
new file mode 100644
index 000000000..d61c57adc
--- /dev/null
+++ b/etc/gwenview.profile
@@ -0,0 +1,19 @@
+# KDE gwenview profile
+noblacklist ~/.kde/share/apps/gwenview
+noblacklist ~/.kde/share/config/gwenviewrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix
+noroot
+nogroups
+private-dev
+
+#Experimental:
+#shell none
+#private-bin gwenview
+#private-etc X11
+
diff --git a/etc/okular.profile b/etc/okular.profile
new file mode 100644
index 000000000..7929a8796
--- /dev/null
+++ b/etc/okular.profile
@@ -0,0 +1,21 @@
+# KDE okular profile
+noblacklist ~/.kde/share/apps/okular
+noblacklist ~/.kde/share/config/okularrc
+noblacklist ~/.kde/share/config/okularpartrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+seccomp
+protocol unix
+noroot
+nogroups
+private-dev
+
+#Experimental:
+#net none
+#shell none
+#private-bin okular,kbuildsycoca4,kbuildsycoca5
+#private-etc X11
+
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 2413965ba..1ea112301 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -85,3 +85,6 @@
 /etc/firejail/0ad.profile
 /etc/firejail/netsurf.profile
 /etc/firejail/warzone2100.profile
+/etc/firejail/okular.profile
+/etc/firejail/gwenview.profile
+
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 80433f1e5..d732796e9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -51,6 +51,8 @@ loweb
 lowriter
 Mathematica
 mathematica
+gwenview
+okular
 
 # Media
 vlc
-- 
cgit v1.2.3-54-g00ecf