From a8503fb9a3919b674e4a31d960e043a59b236bff Mon Sep 17 00:00:00 2001
From: Janik Rabe <jrabe@openmailbox.org>
Date: Wed, 23 Mar 2016 11:14:12 +0200
Subject: Add qTox profile

---
 Makefile.in               |  1 +
 README                    |  1 +
 README.md                 |  2 +-
 etc/qtox.profile          | 15 +++++++++++++++
 platform/debian/conffiles |  1 +
 5 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 etc/qtox.profile

diff --git a/Makefile.in b/Makefile.in
index 29d8004f3..90b238752 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -78,6 +78,7 @@ realinstall:
 	install -c -m 0644 .etc/audacious.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/clementine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/epiphany.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/qtox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/polari.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/gnome-mplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
 	install -c -m 0644 .etc/rhythmbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
diff --git a/README b/README
index bfbbc5c6b..07b73232e 100644
--- a/README
+++ b/README
@@ -41,6 +41,7 @@ jrabe (https://github.com/jrabe)
 	- disallow access to kdbx files
 	- Epiphany profile
 	- Polari profile
+	- qTox profile
 jgriffiths (https://github.com/jgriffiths)
 	- make rpm packages support
 Tom Mellor (https://github.com/kalegrill)
diff --git a/README.md b/README.md
index 2406cfc49..9b045d50c 100644
--- a/README.md
+++ b/README.md
@@ -189,5 +189,5 @@ $ man firejail-profile
 
 ## New security profiles
 
-lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet
+lxterminal, Epiphany, cherrytree, Battle for Wesnoth, Hedgewars, qutebrowser, SlimJet, qTox
 
diff --git a/etc/qtox.profile b/etc/qtox.profile
new file mode 100644
index 000000000..8e75f01e6
--- /dev/null
+++ b/etc/qtox.profile
@@ -0,0 +1,15 @@
+# qTox instant messaging profile
+noblacklist ${HOME}/.config/tox
+include /etc/firejail/disable-mgmt.inc
+include /etc/firejail/disable-secret.inc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-terminals.inc
+mkdir ${HOME}/.config/tox
+whitelist ${HOME}/.config/tox
+whitelist ${DOWNLOADS}
+include /etc/firejail/whitelist-common.inc
+caps.drop all
+seccomp
+protocol unix,inet,inet6
+noroot
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 9f324c59f..a40ca2fdf 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -22,6 +22,7 @@
 /etc/firejail/audacious.profile
 /etc/firejail/clementine.profile
 /etc/firejail/epiphany.profile
+/etc/firejail/qtox.profile
 /etc/firejail/polari.profile
 /etc/firejail/gnome-mplayer.profile
 /etc/firejail/rhythmbox.profile
-- 
cgit v1.2.3-54-g00ecf