From 14c7fca7b924fa292b34f30192192c12b99f5ff8 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Fri, 9 Jul 2021 00:55:06 +1200
Subject: [PATCH 1/8] Firefox and Chrome (+flash) images use locked down file
 chooser

---
 dockerfile-kasm-chrome                                    | 3 +++
 dockerfile-kasm-chrome-flash                              | 4 ++++
 dockerfile-kasm-firefox                                   | 3 +++
 dockerfile-kasm-firefox-flash                             | 4 ++++
 src/ubuntu/install/gtk/install_restricted_file_chooser.sh | 6 ++++++
 5 files changed, 20 insertions(+)
 create mode 100755 src/ubuntu/install/gtk/install_restricted_file_chooser.sh

diff --git a/dockerfile-kasm-chrome b/dockerfile-kasm-chrome
index 7b4a24e..3c771d5 100644
--- a/dockerfile-kasm-chrome
+++ b/dockerfile-kasm-chrome
@@ -29,6 +29,9 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
 # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
 
 
 ######### End Customizations ###########
diff --git a/dockerfile-kasm-chrome-flash b/dockerfile-kasm-chrome-flash
index 39e593b..96ceafd 100644
--- a/dockerfile-kasm-chrome-flash
+++ b/dockerfile-kasm-chrome-flash
@@ -29,6 +29,10 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 COPY ./src/ubuntu/install/chrome_flash $INST_SCRIPTS/chrome_flash/
 RUN bash $INST_SCRIPTS/chrome_flash/install_flash.sh  && rm -rf $INST_SCRIPTS/chrome_flash/
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+
 
 ######### End Customizations ###########
 
diff --git a/dockerfile-kasm-firefox b/dockerfile-kasm-firefox
index 175002c..8e8ed53 100644
--- a/dockerfile-kasm-firefox
+++ b/dockerfile-kasm-firefox
@@ -29,6 +29,9 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
 # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
 
 ######### End Customizations ###########
 
diff --git a/dockerfile-kasm-firefox-flash b/dockerfile-kasm-firefox-flash
index 945e272..ba1f618 100644
--- a/dockerfile-kasm-firefox-flash
+++ b/dockerfile-kasm-firefox-flash
@@ -28,6 +28,10 @@ RUN chmod +x $STARTUPDIR/custom_startup.sh
 COPY ./src/ubuntu/install/firefox_flash $INST_SCRIPTS/firefox_flash/
 RUN bash $INST_SCRIPTS/firefox_flash/install_flash.sh  && rm -rf $INST_SCRIPTS/firefox_flash/
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+
 ######### End Customizations ###########
 
 RUN chown 1000:0 $HOME
diff --git a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
new file mode 100755
index 0000000..66d85e3
--- /dev/null
+++ b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+wget https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-gtk-3-restricted-file-chooser/de486e8c3c5f3d3c0f898fb9d6e05755897b1970/output/libgtk-3-0_3.22.30-1ubuntu4_amd64.deb -O libgtk.deb
+apt-get install -y --allow-downgrades ./libgtk.deb

From 76973ef8b6b348e749f4344485c5b4662918dd7c Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 11 Jul 2021 21:22:21 +1200
Subject: [PATCH 2/8] GTK install script refactor

---
 src/ubuntu/install/gtk/install_restricted_file_chooser.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
index 66d85e3..1935f9a 100755
--- a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
+++ b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
@@ -2,5 +2,7 @@
 
 set -e
 
-wget https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-gtk-3-restricted-file-chooser/de486e8c3c5f3d3c0f898fb9d6e05755897b1970/output/libgtk-3-0_3.22.30-1ubuntu4_amd64.deb -O libgtk.deb
-apt-get install -y --allow-downgrades ./libgtk.deb
+libgtk_deb=libgtk.deb
+
+wget https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-gtk-3-restricted-file-chooser/de486e8c3c5f3d3c0f898fb9d6e05755897b1970/output/libgtk-3-0_3.22.30-1ubuntu4_amd64.deb -O $libgtk_deb
+apt-get install -y --allow-downgrades ./$libgtk_deb

From d2bbacb1fe5ccee9f2d0d9734538dfdca56e198c Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 11 Jul 2021 21:22:57 +1200
Subject: [PATCH 3/8] GTK: remove downloaded deb

---
 src/ubuntu/install/gtk/install_restricted_file_chooser.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
index 1935f9a..7af6a8c 100755
--- a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
+++ b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
@@ -6,3 +6,4 @@ libgtk_deb=libgtk.deb
 
 wget https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-gtk-3-restricted-file-chooser/de486e8c3c5f3d3c0f898fb9d6e05755897b1970/output/libgtk-3-0_3.22.30-1ubuntu4_amd64.deb -O $libgtk_deb
 apt-get install -y --allow-downgrades ./$libgtk_deb
+rm "$libgtk_deb"

From de439118f006ec68323b44b63e75a80f42f28e9e Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 11 Jul 2021 22:01:38 +1200
Subject: [PATCH 4/8] Restricted file chooser: support Brave, Tor, Edge

---
 dockerfile-kasm-brave       | 5 ++++-
 dockerfile-kasm-edge        | 4 ++++
 dockerfile-kasm-tor-browser | 4 ++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/dockerfile-kasm-brave b/dockerfile-kasm-brave
index d6b198d..9e9df6d 100644
--- a/dockerfile-kasm-brave
+++ b/dockerfile-kasm-brave
@@ -25,6 +25,10 @@ ENV LAUNCH_URL  http://kasmweb.com
 COPY ./src/ubuntu/install/brave/custom_startup.sh $STARTUPDIR/custom_startup.sh
 RUN chmod +x $STARTUPDIR/custom_startup.sh
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+
 ######### End Customizations ###########
 
 RUN chown 1000:0 $HOME
@@ -35,4 +39,3 @@ WORKDIR $HOME
 RUN mkdir -p $HOME && chown -R 1000:0 $HOME
 
 USER 1000
-
diff --git a/dockerfile-kasm-edge b/dockerfile-kasm-edge
index 370e4f3..d811c22 100644
--- a/dockerfile-kasm-edge
+++ b/dockerfile-kasm-edge
@@ -19,6 +19,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+
 # Setup the custom startup script that will be invoked when the container starts
 ENV LAUNCH_URL  http://kasmweb.com
 
diff --git a/dockerfile-kasm-tor-browser b/dockerfile-kasm-tor-browser
index 00e0505..6d8430a 100644
--- a/dockerfile-kasm-tor-browser
+++ b/dockerfile-kasm-tor-browser
@@ -19,6 +19,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
 RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
 RUN apt-get remove -y xfce4-panel
 
+ENV KASM_RESTRICTED_FILE_CHOOSER=1
+COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
+RUN $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
+
 # Setup the custom startup script that will be invoked when the container starts
 ENV LAUNCH_URL about:blank
 RUN echo $' \n\

From 6213a487db39a500073bc4f6fc2d7b8f2a38042f Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 11 Jul 2021 22:02:23 +1200
Subject: [PATCH 5/8] Document KASM_RESTRICTED_FILE_CHOOSER in browser READMEs

---
 docs/brave/README.md       | 2 ++
 docs/chrome/README.md      | 2 ++
 docs/edge/README.md        | 2 ++
 docs/firefox/README.md     | 2 ++
 docs/tor-browser/README.md | 4 +++-
 5 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/brave/README.md b/docs/brave/README.md
index a47d9f7..a9d0629 100644
--- a/docs/brave/README.md
+++ b/docs/brave/README.md
@@ -10,3 +10,5 @@ This Image contains a browser-accessible version of [Brave](https://brave.com/).
 
 * `LAUNCH_URL` - The default URL the browser launches to when created.
 * `APP_ARGS` - Additional arguments to pass to the browser when launched.
+* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save"
+  dialogs to ~/Desktop. On by default.
diff --git a/docs/chrome/README.md b/docs/chrome/README.md
index 3f4d9d2..9ae81d3 100644
--- a/docs/chrome/README.md
+++ b/docs/chrome/README.md
@@ -10,3 +10,5 @@ This Image contains a browser-accessible version of [Google Chrome](https://www.
 
 * `LAUNCH_URL` - The default URL the browser launches to when created.
 * `APP_ARGS` - Additional arguments to pass to the browser when launched.
+* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save"
+  dialogs to ~/Desktop. On by default.
diff --git a/docs/edge/README.md b/docs/edge/README.md
index 171a853..61f4d8e 100644
--- a/docs/edge/README.md
+++ b/docs/edge/README.md
@@ -10,3 +10,5 @@ This Image contains a browser-accessible version of [Microsoft Edge Insider Prev
 
 * `LAUNCH_URL` - The default URL the browser launches to when created.
 * `APP_ARGS` - Additional arguments to pass to the browser when launched.
+* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save"
+  dialogs to ~/Desktop. On by default.
diff --git a/docs/firefox/README.md b/docs/firefox/README.md
index 99b15d7..af5eb8a 100644
--- a/docs/firefox/README.md
+++ b/docs/firefox/README.md
@@ -10,3 +10,5 @@ This Image contains a browser-accessible version of [Mozilla Firefox](https://ww
 
 * `LAUNCH_URL` - The default URL the browser launches to when created.
 * `APP_ARGS` - Additional arguments to pass to the browser when launched.
+* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save"
+  dialogs to ~/Desktop. On by default.
diff --git a/docs/tor-browser/README.md b/docs/tor-browser/README.md
index 560f5d3..a0873ed 100644
--- a/docs/tor-browser/README.md
+++ b/docs/tor-browser/README.md
@@ -8,4 +8,6 @@ This Image contains a browser-accessible version of [Tor Browser](https://www.to
 
 # Environment Variables
 
-* `APP_ARGS` - Additional arguments to pass to the application when launched.
\ No newline at end of file
+* `APP_ARGS` - Additional arguments to pass to the application when launched.
+* `KASM_RESTRICTED_FILE_CHOOSER` - Confine "File Upload" and "File Save"
+  dialogs to ~/Desktop. On by default.

From fa9ddab929636299db840f3ec613ab5469b2ba13 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 11 Jul 2021 23:12:10 +1200
Subject: [PATCH 6/8] Add run-browser-image to build and run browser images

---
 run-browser-image | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100755 run-browser-image

diff --git a/run-browser-image b/run-browser-image
new file mode 100755
index 0000000..3f587e6
--- /dev/null
+++ b/run-browser-image
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+browser="$1"
+if [[ -z "$browser" ]]; then
+  echo "Usage $(basename "$0") <browser_name>"
+  echo "  Example: $(basename "$0") edge"
+  exit 1
+fi
+
+docker build -t kasmweb/"$browser":dev -f dockerfile-kasm-"$browser" .
+docker run --rm -it --shm-size=512m -p 6901:6901 -e VNC_PW=password kasmweb/"$browser":dev

From f373c0afb1e07ee0033cf8b1523abb12527a6ca1 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Tue, 13 Jul 2021 21:56:06 +1200
Subject: [PATCH 7/8] Refactor

---
 src/ubuntu/install/gtk/install_restricted_file_chooser.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
index 7af6a8c..0543205 100755
--- a/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
+++ b/src/ubuntu/install/gtk/install_restricted_file_chooser.sh
@@ -5,5 +5,5 @@ set -e
 libgtk_deb=libgtk.deb
 
 wget https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-gtk-3-restricted-file-chooser/de486e8c3c5f3d3c0f898fb9d6e05755897b1970/output/libgtk-3-0_3.22.30-1ubuntu4_amd64.deb -O $libgtk_deb
-apt-get install -y --allow-downgrades ./$libgtk_deb
+apt-get install -y --allow-downgrades ./"$libgtk_deb"
 rm "$libgtk_deb"

From b443174286fcdcb64c40520b168ed0d76867513b Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Fri, 16 Jul 2021 07:43:15 +1200
Subject: [PATCH 8/8] Remove run-browser-image

---
 run-browser-image | 13 -------------
 1 file changed, 13 deletions(-)
 delete mode 100755 run-browser-image

diff --git a/run-browser-image b/run-browser-image
deleted file mode 100755
index 3f587e6..0000000
--- a/run-browser-image
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-set -e
-
-browser="$1"
-if [[ -z "$browser" ]]; then
-  echo "Usage $(basename "$0") <browser_name>"
-  echo "  Example: $(basename "$0") edge"
-  exit 1
-fi
-
-docker build -t kasmweb/"$browser":dev -f dockerfile-kasm-"$browser" .
-docker run --rm -it --shm-size=512m -p 6901:6901 -e VNC_PW=password kasmweb/"$browser":dev