From 35443058b6539e8ed251c40bd342912a7e2c1484 Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Sun, 15 Mar 2020 12:55:09 +0100
Subject: add gnome-screenshot.profile

patch for xdg-dbus-proxy
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -45,3 +45,8 @@ private-bin gnome-screenshot
 private-dev
 private-etc dconf,fonts,gtk-3.0,localtime,machine-id
 private-tmp
+
+dbus-user filter
+dbus-user.own org.gnome.Screenshot
+dbus-user.talk org.gnome.Shell.Screenshot
+dbus-system block
```

patch for whitelist-runuser-common.inc
```
--- a/etc/gnome-screenshot.profile
+++ b/etc/gnome-screenshot.profile
@@ -17,11 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

-whitelist ${RUNUSER}/bus
-whitelist ${RUNUSER}/pulse
-whitelist ${RUNUSER}/gdm/Xauthority
-whitelist ${RUNUSER}/wayland-0
 include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
 include whitelist-var-common.inc

 apparmor
```
---
 etc/gnome-screenshot.profile | 47 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 etc/gnome-screenshot.profile

(limited to 'etc/gnome-screenshot.profile')

diff --git a/etc/gnome-screenshot.profile b/etc/gnome-screenshot.profile
new file mode 100644
index 000000000..c00aefdb7
--- /dev/null
+++ b/etc/gnome-screenshot.profile
@@ -0,0 +1,47 @@
+# Firejail profile for gnome-screenshot
+# Description: GNOME screenshot tool
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-screenshot.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${PICTURES}
+noblacklist ${HOME}/.cache/gnome-screenshot
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+whitelist ${RUNUSER}/bus
+whitelist ${RUNUSER}/pulse
+whitelist ${RUNUSER}/gdm/Xauthority
+whitelist ${RUNUSER}/wayland-0
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private-bin gnome-screenshot
+private-dev
+private-etc dconf,fonts,gtk-3.0,localtime,machine-id
+private-tmp
-- 
cgit v1.2.3-70-g09d2