From bd3c6113714ca4b49d4894674c1d8e605671e6cb Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Tue, 7 May 2024 23:22:49 -0300
Subject: [PATCH] profiles: loupe: add warning and disable in firecfg

The profile currently does not include disable-common nor makes
`${HOME}` read-only, so the program can simply write to ~/.bashrc
directly[1].

This amends commit 9a0db13e1 ("profiles: add loupe", 2024-04-30) /
PR #6327.

[1] https://github.com/netblue30/firejail/pull/6327#pullrequestreview-2033860865
---
 etc/profile-a-l/loupe.profile | 2 ++
 src/firecfg/firecfg.config    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/etc/profile-a-l/loupe.profile b/etc/profile-a-l/loupe.profile
index 5d39341f55..8ea5e0aa99 100644
--- a/etc/profile-a-l/loupe.profile
+++ b/etc/profile-a-l/loupe.profile
@@ -6,6 +6,8 @@ include loupe.local
 # Persistent global definitions
 include globals.local
 
+# Warning: This profile is currently WIP and is not very secure (see #6327).
+
 noblacklist ${HOME}/.local/share/Trash
 noblacklist ${HOME}/.Steam
 noblacklist ${HOME}/.steam
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 8a20d939f8..2f99dd8615 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -526,7 +526,7 @@ lofromtemplate
 loimpress
 lollypop
 lomath
-loupe
+#loupe # currently WIP (see #6327)
 loweb
 lowriter
 #lrunzip # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095)