diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-10-16 15:18:59 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-10-16 15:22:38 +0200 |
commit | 61bfaa69275f881d9ce890f2a15d93325eab110f (patch) | |
tree | 6bf27376927d7d7fba3eebd4df91bc9c68e78f47 | |
parent | Profiles: add signal-cli profile (#3002) (diff) | |
download | firejail-61bfaa69275f881d9ce890f2a15d93325eab110f.tar.gz firejail-61bfaa69275f881d9ce890f2a15d93325eab110f.tar.zst firejail-61bfaa69275f881d9ce890f2a15d93325eab110f.zip |
Update ghostwriter.profile
- enable `seccomp`, but allow `chroot`
- fix wusc. ==> comment it because of #216 it is broken
- fix pdf export
[skip ci]
-rw-r--r-- | etc/ghostwriter.profile | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 8a9ccabc2..27becf8fe 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -19,12 +19,11 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/ghostwriter | 22 | #whitelist /usr/share/ghostwriter |
23 | whitelist /usr/share/mozilla-dicts | 23 | #whitelist /usr/share/mozilla-dicts |
24 | whitelist /usr/share/texlive | 24 | #whitelist /usr/share/texlive |
25 | whitelist /usr/share/pandoc | 25 | #whitelist /usr/share/pandoc* |
26 | whitelist /usr/share/pandoc-* | 26 | #include whitelist-usr-share-common.inc |
27 | include whitelist-usr-share-common.inc | ||
28 | 27 | ||
29 | apparmor | 28 | apparmor |
30 | caps.drop all | 29 | caps.drop all |
@@ -39,13 +38,13 @@ notv | |||
39 | nou2f | 38 | nou2f |
40 | novideo | 39 | novideo |
41 | protocol unix,inet,inet6,netlink | 40 | protocol unix,inet,inet6,netlink |
42 | #seccomp -- breaks | 41 | seccomp !chroot |
43 | shell none | 42 | shell none |
44 | #tracelog -- breaks | 43 | #tracelog -- breaks |
45 | 44 | ||
46 | private-bin gettext,ghostwriter,pandoc | 45 | private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,prince,weasyprint,wkhtmltopdf |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 48 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
50 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | 49 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg |
51 | private-tmp | 50 | private-tmp |