From b01b0b39973154a7f7c05b6d7bf5b2e10ed6f577 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 2 May 2017 07:56:29 -0400
Subject: adding knotes profile

---
 README.md                  | 11 ++++++-----
 RELNOTES                   |  2 +-
 etc/disable-programs.inc   |  1 +
 etc/dolphin.profile        |  1 +
 etc/knotes.profile         | 27 +++++++++++++++++++++++++++
 platform/debian/conffiles  |  1 +
 src/firecfg/firecfg.config |  1 +
 7 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 etc/knotes.profile

diff --git a/README.md b/README.md
index 49291181c..4633ff894 100644
--- a/README.md
+++ b/README.md
@@ -69,14 +69,14 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 ## Desktop integration
 
 All --fix functionality is done by default in firecfg, --fix option was removed. Clicking on a program
-in desktop manager menu should start the program automatically in a sandbox, if a profile
-is available in /etc/firejail. We cover about 270 different applications in this moment on all major desktop managers.
+in desktop manager menu should start the program automatically in a sandbox if a profile
+is available in /etc/firejail. We cover about 300 different applications in this moment on all major desktop managers.
 
-Thunar (XFCE) and PCManFM (LXDE) file managers symlinks are installed in /usr/local/bin by firecfg. 
+Symlinks for the common file managers are installed in /usr/local/bin by firecfg. 
 File managers are usually started by default at login time, and will be sandboxed.
 Clicking on a file in the file manager will start the corresponding program in the same sandbox as the file manager.
 For example, clicking on a video file will start a sandboxed VLC running the video.
-We support in this moment XFCE, LXDE, MATE and Cinnamon.
+We support in this moment XFCE, LXDE, MATE, Cinnamon and KDE.
 
 ## AppImage
 
@@ -218,4 +218,5 @@ PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser
 Kino, Thunar, Geeqie, Engrampa, Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, baloo_file,
 Nylas, dino, BibleTime, viewnior, Kodi, viking, youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
 Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
-mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap
+mate-calc, mate-dictionary, mate-color-select, caja, galculator, Nemo, gnome-font-viewer, gucharmap,
+knotes
diff --git a/RELNOTES b/RELNOTES
index 0b2f0ce5b..d25230227 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -43,7 +43,7 @@ firejail (0.9.46-rc1) baseline; urgency=low
   * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
   * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
   * new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
-  * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap
+  * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Fri, 7 Apr 2017 08:00:00 -0500
 
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 89abbafd8..ddbc3f1fb 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -95,6 +95,7 @@ blacklist ${HOME}/.config/kateschemarc
 blacklist ${HOME}/.config/katesyntaxhighlightingrc
 blacklist ${HOME}/.config/katevirc
 blacklist ${HOME}/.config/kdeconnect
+blacklist ${HOME}/.config/knotesrc
 blacklist ${HOME}/.config/libreoffice
 blacklist ${HOME}/.config/mate/eom
 blacklist ${HOME}/.config/mate/mate-dictionary
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index 3c9056f62..1a718c87f 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -10,6 +10,7 @@ noblacklist ~/.config/dolphinrc
 noblacklist ~/.local/share/dolphin
 noblacklist ~/.kde4/share/kde4/services
 noblacklist ~/.kde/share/kde4/services
+noblacklist ${HOME}/.local/share/Trash
 
 include /etc/firejail/disable-common.inc
 # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files
diff --git a/etc/knotes.profile b/etc/knotes.profile
new file mode 100644
index 000000000..8fa88a261
--- /dev/null
+++ b/etc/knotes.profile
@@ -0,0 +1,27 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/knotes.local
+
+# kate profile
+noblacklist ~/.config/knotesrc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix
+seccomp
+netfilter
+shell none
+tracelog
+
+# private-bin kate
+private-tmp
+private-dev
+# private-etc fonts
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 8bbd6ea6e..7353aa436 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -290,4 +290,5 @@
 /etc/firejail/nemo.profile
 /etc/firejail/gnome-font-viewer.profile
 /etc/firejail/gucharmap.profile
+/etc/firejail/knotes.profile
 
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 199a61fe4..946b75f80 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -117,6 +117,7 @@ keepassx
 keepassx2
 keepassxc
 kmail
+knotes
 kodi
 konversation
 ktorrent
-- 
cgit v1.2.3-54-g00ecf