From 78724915315d3d6120b813e45a4543d1be42a56a Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 23 Mar 2018 08:35:20 -0400
Subject: added java support for libreoffice

---
 etc/libreoffice.profile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 8b801f11e..ceb680951 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -10,7 +10,8 @@ noblacklist /usr/local/sbin
 noblacklist ${HOME}/.config/libreoffice
 
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
+# libreoffice uses java; if you don't care about java functionality, uncomment this line;
+#include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-- 
cgit v1.2.3-54-g00ecf


From 2064c3c871bba96cc71abf20dfbf9cab66b3f42c Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 24 Mar 2018 12:25:14 +0000
Subject: Create gnome-recipes.profile

This needs an additional change in `disable-programs.inc` to blacklist ${HOME}/.local/share/gnome-recipes. Note: `private-lib` seems to be a WIP, especially for GNOMA apps. Hence I left it out here, although it works for me. Will come back to that issue later.
---
 etc/gnome-recipes.profile | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 etc/gnome-recipes.profile

(limited to 'etc')

diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
new file mode 100644
index 000000000..a546a60d2
--- /dev/null
+++ b/etc/gnome-recipes.profile
@@ -0,0 +1,43 @@
+# Firejail profile for gnome-recipes
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/gnome-recipes.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+mkdir ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
+
+noblacklist ${HOME}/.local/share/gnome-recipes
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-common.inc
+
+caps.drop all
+ipc-namespace
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private-bin gnome-recipes,tar
+private-dev
+private-etc ca-certificates,fonts,ssl
+# private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux)
+# not widely tested though, leaving it to devs discretion to enable it later
+#private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf


From e203d6353a5566e7a2ccdae25309c636b1fb76a0 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 24 Mar 2018 12:27:47 +0000
Subject: gnome-recipes profile

---
 etc/disable-programs.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc')

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 0d542c6d8..30ab75d03 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -369,6 +369,7 @@ blacklist ${HOME}/.local/share/gnome-2048
 blacklist ${HOME}/.local/share/gnome-chess
 blacklist ${HOME}/.local/share/gnome-music
 blacklist ${HOME}/.local/share/gnome-photos
+blacklist ${HOME}/.local/share/gnome-recipes
 blacklist ${HOME}/.local/share/gnome-ring
 blacklist ${HOME}/.local/share/gnome-twitch
 blacklist ${HOME}/.local/share/gwenview
-- 
cgit v1.2.3-54-g00ecf


From 155c5c54b2a59e547480c77962d2cbd32fdfa547 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 24 Mar 2018 09:17:16 -0400
Subject: Fixup gnome-recipes and add it to firecfg

---
 README.md                  | 3 ++-
 RELNOTES                   | 2 +-
 etc/gnome-recipes.profile  | 6 ++++--
 src/firecfg/firecfg.config | 1 +
 4 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'etc')

diff --git a/README.md b/README.md
index 90e3f7fcc..5d2c88bbf 100644
--- a/README.md
+++ b/README.md
@@ -246,4 +246,5 @@ firefox-common-addons.inc in firefox-common.profile.
 
 Basilisk browser, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary,
 pycharm-community, pycharm-professional, Pitivi, OnionShare, Fritzing, Kaffeine, pdfchain,
-tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder
+tilp, vivaldi-snapshot, bitcoin-qt, VS Code, falkon, gnome-builder, lobase, asunder,
+gnome-recipes
diff --git a/RELNOTES b/RELNOTES
index a031e697e..be196b1e3 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -27,7 +27,7 @@ firejail (0.9.53) baseline; urgency=low
   * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
   * new profiles: discord-canary, pycharm-community, pycharm-professional,
   * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
-  * new profiles: falkon, gnome-builder, asunder, VS Code,
+  * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes
  -- netblue30 <netblue30@yahoo.com>  Thu, 1 Mar 2018 08:00:00 -0500
 
 firejail (0.9.52) baseline; urgency=low
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index a546a60d2..2392440a6 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -5,8 +5,6 @@ include /etc/firejail/gnome-recipes.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-mkdir ${HOME}/.cache/gnome-recipes
-whitelist ${HOME}/.cache/gnome-recipes
 
 noblacklist ${HOME}/.local/share/gnome-recipes
 
@@ -14,7 +12,11 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+
+mkdir ${HOME}/.cache/gnome-recipes
+whitelist ${HOME}/.cache/gnome-recipes
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 ipc-namespace
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e29f95886..2f9f4fb44 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -154,6 +154,7 @@ gnome-maps
 gnome-mplayer
 gnome-music
 gnome-photos
+gnome-recipes
 gnome-twitch
 gnome-weather
 goobox
-- 
cgit v1.2.3-54-g00ecf