casper: add & enable icecat apparmor profile

helpers/DATA/casper/36apparmor_icecat

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+PREREQ=""
+DESCRIPTION="Enabling IceCat apparmor profile..."
+
+prereqs()
+{
+       echo "$PREREQ"
+}
+
+case $1 in
+# get pre-requisites
+prereqs)
+       prereqs
+       exit 0
+       ;;
+esac
+
+. /scripts/casper-functions
+
+log_begin_msg "$DESCRIPTION"
+
+cat << EOF > /root/etc/rc.local
+#!/bin/sh
+# Enable apparmor profile during live session to allow IceCat to create user namespaces
+[ -d /rofs ] && apparmor_parser -a /etc/apparmor.d/icecat
+EOF
+chmod 755 /root/etc/rc.local
+
+log_end_msg

helpers/make-casper

@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 #    Copyright (C) 2012-2025  Ruben Rodriguez <ruben@trisquel.info>
-#    Copyright (C) 2023 Luis Guzmán <ark@switnet.org>
+#    Copyright (C) 2025 Luis Guzmán <ark@switnet.org>
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-VERSION=22
+VERSION=23
 
 . ./config
 
@@ -44,9 +44,12 @@ sed "s/head -n1/sed -n 1p/" -i scripts/casper-functions
 patch --no-backup-if-mismatch -p1 < $DATA/set_trisquel_iso_suggestion.patch
 
 # Enable abrowser apparmor profile
-cp $DATA/35apparmor_abrowser scripts/casper-bottom
-chmod 755 scripts/casper-bottom/35apparmor_abrowser
+for i in 35apparmor_abrowser 36apparmor_icecat
+do
+    cp $DATA/$i scripts/casper-bottom
+    chmod 755 scripts/casper-bottom/$i
+done
 
-changelog "Compiled for Trisquel"
+changelog "Compiled and customized for Trisquel enviroment."
 
 package