From 301826a67446052f46eeb80611ecef650bb8e2ac Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Tue, 5 Mar 2024 08:59:11 +0000
Subject: [PATCH] New profile: qt5ct (#6249)

---
 etc/inc/disable-programs.inc  |  2 ++
 etc/profile-m-z/qt5ct.profile | 68 +++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config    |  1 +
 3 files changed, 71 insertions(+)
 create mode 100644 etc/profile-m-z/qt5ct.profile

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index aa83691eb..c9e566948 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -613,6 +613,7 @@ blacklist ${HOME}/.config/qBittorrent
 blacklist ${HOME}/.config/qBittorrentrc
 blacklist ${HOME}/.config/qnapi.ini
 blacklist ${HOME}/.config/qpdfview
+blacklist ${HOME}/.config/qt5ct
 blacklist ${HOME}/.config/quodlibet
 blacklist ${HOME}/.config/qupzilla
 blacklist ${HOME}/.config/qutebrowser
@@ -1027,6 +1028,7 @@ blacklist ${HOME}/.local/share/psi
 blacklist ${HOME}/.local/share/psi+
 blacklist ${HOME}/.local/share/qBittorrent
 blacklist ${HOME}/.local/share/qpdfview
+blacklist ${HOME}/.local/share/qt5ct
 blacklist ${HOME}/.local/share/quadrapassel
 blacklist ${HOME}/.local/share/qutebrowser
 blacklist ${HOME}/.local/share/remmina
diff --git a/etc/profile-m-z/qt5ct.profile b/etc/profile-m-z/qt5ct.profile
new file mode 100644
index 000000000..851dc651a
--- /dev/null
+++ b/etc/profile-m-z/qt5ct.profile
@@ -0,0 +1,68 @@
+# Firejail profile for qt5ct
+# Description: Qt5 Configuration Utility
+# This file is overwritten after every install/update
+# Persistent local customizations
+include qt5ct.local
+# Persistent global definitions
+include globals.local
+
+blacklist /usr/libexec
+
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.local/share/qt5ct
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+mkdir ${HOME}/.config/qt5ct
+mkdir ${HOME}/.local/share/qt5ct
+whitelist ${HOME}/.config/qt5ct
+whitelist ${HOME}/.local/share/qt5ct
+
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+tracelog
+
+disable-mnt
+private-bin qt5ct
+private-cache
+private-dev
+private-etc dbus-1,machine-id
+private-tmp
+
+dbus-user none
+dbus-system none
+
+memory-deny-write-execute
+read-only ${HOME}
+read-write ${HOME}/.config/qt5ct
+read-write ${HOME}/.local/share/qt5ct
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 8d1867ca3..f1c9507d7 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -727,6 +727,7 @@ qpdf
 qpdfview
 qq
 qt-faststart
+qt5ct
 qtox
 quadrapassel
 quassel