From 959722e3f5871aa0200620b4c3ab484d4f437d4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Guzm=C3=A1n?= <ark@switnet.org>
Date: Sat, 19 Jul 2025 00:11:41 -0600
Subject: [PATCH] casper: add & enable icecat apparmor profile

---
 helpers/DATA/casper/36apparmor_icecat | 30 +++++++++++++++++++++++++++
 helpers/make-casper                   | 13 +++++++-----
 2 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 helpers/DATA/casper/36apparmor_icecat

diff --git a/helpers/DATA/casper/36apparmor_icecat b/helpers/DATA/casper/36apparmor_icecat
new file mode 100644
index 0000000..6204cee
--- /dev/null
+++ b/helpers/DATA/casper/36apparmor_icecat
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+PREREQ=""
+DESCRIPTION="Enabling IceCat apparmor profile..."
+
+prereqs()
+{
+       echo "$PREREQ"
+}
+
+case $1 in
+# get pre-requisites
+prereqs)
+       prereqs
+       exit 0
+       ;;
+esac
+
+. /scripts/casper-functions
+
+log_begin_msg "$DESCRIPTION"
+
+cat << EOF > /root/etc/rc.local
+#!/bin/sh
+# Enable apparmor profile during live session to allow IceCat to create user namespaces
+[ -d /rofs ] && apparmor_parser -a /etc/apparmor.d/icecat
+EOF
+chmod 755 /root/etc/rc.local
+
+log_end_msg
diff --git a/helpers/make-casper b/helpers/make-casper
index 78b37a2..798fc77 100644
--- a/helpers/make-casper
+++ b/helpers/make-casper
@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 #    Copyright (C) 2012-2025  Ruben Rodriguez <ruben@trisquel.info>
-#    Copyright (C) 2023 Luis Guzmán <ark@switnet.org>
+#    Copyright (C) 2025 Luis Guzmán <ark@switnet.org>
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-VERSION=22
+VERSION=23
 
 . ./config
 
@@ -44,9 +44,12 @@ sed "s/head -n1/sed -n 1p/" -i scripts/casper-functions
 patch --no-backup-if-mismatch -p1 < $DATA/set_trisquel_iso_suggestion.patch
 
 # Enable abrowser apparmor profile
-cp $DATA/35apparmor_abrowser scripts/casper-bottom
-chmod 755 scripts/casper-bottom/35apparmor_abrowser
+for i in 35apparmor_abrowser 36apparmor_icecat
+do
+    cp $DATA/$i scripts/casper-bottom
+    chmod 755 scripts/casper-bottom/$i
+done
 
-changelog "Compiled for Trisquel"
+changelog "Compiled and customized for Trisquel enviroment."
 
 package