From dae8e276578abd8b30c25d3a84114d34f8d014ba Mon Sep 17 00:00:00 2001
From: kortewegdevries <kortewegdevries@protonmail.ch>
Date: Sat, 1 Aug 2020 16:47:42 +0530
Subject: [PATCH 1/2] Add profile for otter-browser

Initial
---
 etc/inc/disable-programs.inc          |  2 +
 etc/profile-m-z/otter-browser.profile | 57 +++++++++++++++++++++++++++
 src/firecfg/firecfg.config            |  1 +
 3 files changed, 60 insertions(+)
 create mode 100644 etc/profile-m-z/otter-browser.profile

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 1518464b46d..e911be93a84 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -319,6 +319,7 @@ blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
 blacklist ${HOME}/.config/org.gabmus.gfeeds.json
 blacklist ${HOME}/.config/org.kde.gwenviewrc
+blacklist ${HOME}/.config/otter
 blacklist ${HOME}/.config/pavucontrol-qt
 blacklist ${HOME}/.config/pavucontrol.ini
 blacklist ${HOME}/.config/pcmanfm
@@ -821,6 +822,7 @@ blacklist ${HOME}/.cache/Franz
 blacklist ${HOME}/.cache/INRIA
 blacklist ${HOME}/.cache/MusicBrainz
 blacklist ${HOME}/.cache/NewsFlashGTK
+blacklist ${HOME}/.cache/Otter
 blacklist ${HOME}/.cache/QuiteRss
 blacklist ${HOME}/.cache/Shortwave
 blacklist ${HOME}/.cache/Tox
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
new file mode 100644
index 00000000000..71073a4ee39
--- /dev/null
+++ b/etc/profile-m-z/otter-browser.profile
@@ -0,0 +1,57 @@
+# Firejail profile for otter-browser
+# Description: Lightweight web browser based on Qt5 
+# This file is overwritten after every install/update
+# Persistent local customizations
+include otter-browser.local
+# Persistent global definitions
+include globals.local
+
+?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
+
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.cache/Otter
+noblacklist ${HOME}/.config/otter
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+mkdir ${HOME}/.pki
+mkdir ${HOME}/.cache/Otter
+mkdir ${HOME}/.config/otter
+mkdir ${HOME}/.local/share/pki
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.cache/Otter
+whitelist ${HOME}/.config/otter
+whitelist ${HOME}/.local/share/pki
+whitelist /usr/share/otter-browser
+include whitelist-common.inc
+include whitelist-runuser-common.inc 
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+netfilter
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+?BROWSER_DISABLE_U2F: nou2f
+protocol unix,inet,inet6,netlink
+seccomp !chroot
+shell none
+
+disable-mnt
+private-cache
+?BROWSER_DISABLE_U2F: private-dev
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg
+private-tmp 
+
+dbus-system none
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index f0454d869ef..05c5681d507 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -547,6 +547,7 @@ opera
 opera-beta
 orage
 ostrichriders
+otter-browser
 out123
 palemoon
 #pandoc

From 037d81738b89489e719e4e901da5293946ef2f5b Mon Sep 17 00:00:00 2001
From: kortewegdevries <kortewegdevries@protonmail.ch>
Date: Sun, 2 Aug 2020 12:20:45 +0530
Subject: [PATCH 2/2] private-bin,sorting

---
 etc/profile-m-z/otter-browser.profile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile
index 71073a4ee39..652b6b7cb2b 100644
--- a/etc/profile-m-z/otter-browser.profile
+++ b/etc/profile-m-z/otter-browser.profile
@@ -8,10 +8,10 @@ include globals.local
 
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
 noblacklist ${HOME}/.cache/Otter
 noblacklist ${HOME}/.config/otter
+noblacklist ${HOME}/.pki
+noblacklist ${HOME}/.local/share/pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,15 +19,16 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.cache/Otter
 mkdir ${HOME}/.config/otter
+mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
 whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.cache/Otter
 whitelist ${HOME}/.config/otter
+whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
 whitelist /usr/share/otter-browser
 include whitelist-common.inc
@@ -49,6 +50,7 @@ seccomp !chroot
 shell none
 
 disable-mnt
+private-bin bash,otter-browser,sh,which
 private-cache
 ?BROWSER_DISABLE_U2F: private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg