From 204ff035e7f9931e18eee98d7add8d9f5c972428 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 15 Sep 2021 20:43:17 +0100
Subject: [PATCH] Add firecfg.

---
 apparmor.d/profiles-a-f/firecfg | 36 +++++++++++++++++++++++++++++++++
 profiles.flags                  |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/firecfg

diff --git a/apparmor.d/profiles-a-f/firecfg b/apparmor.d/profiles-a-f/firecfg
new file mode 100644
index 00000000..5ceef54c
--- /dev/null
+++ b/apparmor.d/profiles-a-f/firecfg
@@ -0,0 +1,36 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/firecfg
+profile firecfg @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  capability dac_read_search,
+  capability mknod,
+  capability setgid,
+  capability setuid,
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/{,ba,da}sh  rix,
+  /{usr/,}bin/apparmor_parser rPx,
+
+  /etc/login.defs r,
+  /etc/firejail/firejail.users r,
+
+  /usr/local/bin/ r,
+  /usr/local/bin/* rw,
+
+  /usr/share/applications/ r,
+  /usr/share/applications/*.desktop r,
+
+  /dev/tty rw,
+
+  include if exists <local/firecfg>
+}
\ No newline at end of file
diff --git a/profiles.flags b/profiles.flags
index a1544940..df17a855 100644
--- a/profiles.flags
+++ b/profiles.flags
@@ -24,6 +24,7 @@ fatlabel complain
 fc-cache complain
 fc-list complain
 fdisk complain
+firecfg complain
 fsck-ext4 complain
 gdisk complain
 gdk-pixbuf-query-loaders complain