#!/bin/sh # # Copyright (C) 2025 Luis Guzmán # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # VERSION=4 . ./config # Add custom unconfined profiles for abrowser and icedove, deliberately patch # upon an original upstream profile copy to force track original files and # update patch accordinlgy, as it's an important security feature starting # at upstream 23.10: # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces cp profiles/apparmor.d/{thunderbird,icedove} for i in abrowser icecat do cp profiles/apparmor.d/firefox profiles/apparmor.d/$i done patch_p1 $DATA/002-add-unconfined-profile-firefox-icedove-icecat.patch for i in abrowser icecat do cp profiles/apparmor/profiles/extras/firefox \ profiles/apparmor/profiles/extras/$i done patch_p1 $DATA/003-add-extra-profile-for-abrowser-icecat.patch # Note: look for updates on abrowser.sh profile on each helper/patch change: patch_p1 $DATA/004-update-profile-extra-firefox-sh.patch # Update trasnmission apparmor profile to fix daemon management patch_p1 $DATA/005-update_trasnmission_profile_for_daemon_service_fix.patch changelog "Apply fix LP:2003702 for pidgin like clients. Add unconfined profiles for firefox and icedove. Improve transmission daemon service profile to improve management. Add custom profiles for icecat" package