From a063ddc59e0eb5f61263af984b9a7478924cd2f2 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 24 Jul 2018 21:29:15 -0400
Subject: Add profile for patch and shellcheck

---
 README.md                  |  3 ++-
 RELNOTES                   |  2 +-
 etc/patch.profile          | 39 +++++++++++++++++++++++++++++++++++++++
 etc/shellcheck.profile     | 39 +++++++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config |  2 ++
 5 files changed, 83 insertions(+), 2 deletions(-)
 create mode 100644 etc/patch.profile
 create mode 100644 etc/shellcheck.profile

diff --git a/README.md b/README.md
index fd7d87ecd..9e408ffb2 100644
--- a/README.md
+++ b/README.md
@@ -165,4 +165,5 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 `````
 
 ## New profiles
-Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop
+Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,
+shellcheck, patch
diff --git a/RELNOTES b/RELNOTES
index f91ce203b..e6536ef73 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -11,7 +11,7 @@ firejail (0.9.55) baseline; urgency=low
   * globbing support in private-lib
   * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint
   * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio
-  * new profiles: standardnotes-desktop
+  * new profiles: standardnotes-desktop, shellcheck, patch
  -- netblue30 <netblue30@yahoo.com>  Fri, 25 May 2018 08:00:00 -0500
 
 firejail (0.9.54) baseline; urgency=low
diff --git a/etc/patch.profile b/etc/patch.profile
new file mode 100644
index 000000000..3e8045bd4
--- /dev/null
+++ b/etc/patch.profile
@@ -0,0 +1,39 @@
+# Firejail profile for patch
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/patch.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${DOCUMENTS}
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-xdg.inc
+
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+
+private-bin patch,red
+private-dev
+private-lib
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
new file mode 100644
index 000000000..6827b0baf
--- /dev/null
+++ b/etc/shellcheck.profile
@@ -0,0 +1,39 @@
+# Firejail profile for shellcheck
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/shellcheck.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${DOCUMENTS}
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+
+private-dev
+private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 2c7e21813..44ff7a5c8 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -306,6 +306,7 @@ opera-beta
 orage
 palemoon
 parole
+patch
 pdfchain
 pdfmod
 pdfsam
@@ -354,6 +355,7 @@ scribus
 sdat2img
 seamonkey
 seamonkey-bin
+shellcheck
 shotcut
 signal-desktop
 silentarmy
-- 
cgit v1.2.3-54-g00ecf