Create gnome-latex.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-09-20 18:43:53 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-09-20 18:43:53 +0200
commit: 5c7f993216fbe2b0f31845fec86a636f93cc03ec (patch)
tree: 6720aab17eab4f0c479bfd09bc9b5dbd9d7fa7f6
parent: apparmor: permit writing to trace file (diff)
download: firejail-5c7f993216fbe2b0f31845fec86a636f93cc03ec.tar.gz
firejail-5c7f993216fbe2b0f31845fec86a636f93cc03ec.tar.zst
firejail-5c7f993216fbe2b0f31845fec86a636f93cc03ec.zip
5 files changed, 51 insertions, 2 deletions
diff --git a/README.md b/README.md
index b97d73e67..711a970fb 100644
--- a/README.md
+++ b/README.md
@@ -118,4 +118,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
-gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop
+gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, gnome-latex
diff --git a/RELNOTES b/RELNOTES
index 5c50195e0..14b454b87 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -16,7 +16,7 @@ firejail (0.9.61) baseline; urgency=low
  * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
  * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
  * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
-  * new profiles: zstdmt, unzstd, i2p
+  * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex
 -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index e54b651a6..7dbe535fe 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -183,6 +183,7 @@ blacklist ${HOME}/.config/ghostwriter
 blacklist ${HOME}/.config/git
 blacklist ${HOME}/.config/globaltime
 blacklist ${HOME}/.config/gnome-builder
+blacklist ${HOME}/.config/gnome-latex
 blacklist ${HOME}/.config/gnome-mplayer
 blacklist ${HOME}/.config/gnome-mpv
 blacklist ${HOME}/.config/gnome-pie
@@ -502,6 +503,7 @@ blacklist ${HOME}/.local/share/gitg
 blacklist ${HOME}/.local/share/gnome-2048
 blacklist ${HOME}/.local/share/gnome-chess
 blacklist ${HOME}/.local/share/gnome-builder
+blacklist ${HOME}/.local/share/gnome-latex
 blacklist ${HOME}/.local/share/gnome-music
 blacklist ${HOME}/.local/share/gnome-photos
 blacklist ${HOME}/.local/share/gnome-recipes
diff --git a/etc/gnome-latex.profile b/etc/gnome-latex.profile
new file mode 100644
index 000000000..9cef9072c
--- /dev/null
+++ b/etc/gnome-latex.profile
@@ -0,0 +1,46 @@
+# Firejail profile for gnome-latex
+# Description: LaTeX editor for the GNOME desktop
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-latex.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/gnome-latex
+noblacklist ${HOME}/.local/share/gnome-latex
+# Allow perl (blacklisted by disable-interpreters.inc)
+include allow-perl.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+# May cause issues.
+#include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+# passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
+private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,login.defs,passwd,texlive
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 502449839..9c7fd1e4e 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -242,6 +242,7 @@ gnome-clocks
 gnome-contacts
 gnome-documents
 gnome-font-viewer
+gnome-latex
 gnome-logs
 gnome-maps
 gnome-mplayer
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-09-20 18:43:53 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-09-20 18:43:53 +0200
commit	5c7f993216fbe2b0f31845fec86a636f93cc03ec (patch)
tree	6720aab17eab4f0c479bfd09bc9b5dbd9d7fa7f6
parent	apparmor: permit writing to trace file (diff)
download	firejail-5c7f993216fbe2b0f31845fec86a636f93cc03ec.tar.gz firejail-5c7f993216fbe2b0f31845fec86a636f93cc03ec.tar.zst firejail-5c7f993216fbe2b0f31845fec86a636f93cc03ec.zip

diff --git a/README.md b/README.md index b97d73e67..711a970fb 100644 --- a/README.md +++ b/README.md
@@ -118,4 +118,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
118		118
119	## New profiles:	119	## New profiles:
120		120
121	gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop	121	gnome-sound-recorder, godot, jerry, keepassxc-cli, keepassxc-proxy, klatexformula, klatexformula_cmdl, links, newsbeuter, OpenArena, pandoc, qgis, rhythmbox-client, tcpdump, teams-for-linux, tshark, xlinks, zeal, mpg123, conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss, mpg123-portaudio, mpg123-pulse, mpg123-strip, out123, pavucontrol-qt, gnome-characters, gnome-character-map, rsync, Whalebird, tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, kiwix-desktop, ar, gnome-latex


diff --git a/RELNOTES b/RELNOTES index 5c50195e0..14b454b87 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -16,7 +16,7 @@ firejail (0.9.61) baseline; urgency=low
16	* new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,	16	* new profiles: gnome-characters, gnome-character-map, rsync, Whalebird,
17	* new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,	17	* new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat,
18	* new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless	18	* new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless
19	* new profiles: zstdmt, unzstd, i2p	19	* new profiles: zstdmt, unzstd, i2p, ar, gnome-latex
20	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500	20	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
21		21
22	firejail (0.9.60) baseline; urgency=low	22	firejail (0.9.60) baseline; urgency=low


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index e54b651a6..7dbe535fe 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -183,6 +183,7 @@ blacklist ${HOME}/.config/ghostwriter
183	blacklist ${HOME}/.config/git	183	blacklist ${HOME}/.config/git
184	blacklist ${HOME}/.config/globaltime	184	blacklist ${HOME}/.config/globaltime
185	blacklist ${HOME}/.config/gnome-builder	185	blacklist ${HOME}/.config/gnome-builder
		186	blacklist ${HOME}/.config/gnome-latex
186	blacklist ${HOME}/.config/gnome-mplayer	187	blacklist ${HOME}/.config/gnome-mplayer
187	blacklist ${HOME}/.config/gnome-mpv	188	blacklist ${HOME}/.config/gnome-mpv
188	blacklist ${HOME}/.config/gnome-pie	189	blacklist ${HOME}/.config/gnome-pie
@@ -502,6 +503,7 @@ blacklist ${HOME}/.local/share/gitg
502	blacklist ${HOME}/.local/share/gnome-2048	503	blacklist ${HOME}/.local/share/gnome-2048
503	blacklist ${HOME}/.local/share/gnome-chess	504	blacklist ${HOME}/.local/share/gnome-chess
504	blacklist ${HOME}/.local/share/gnome-builder	505	blacklist ${HOME}/.local/share/gnome-builder
		506	blacklist ${HOME}/.local/share/gnome-latex
505	blacklist ${HOME}/.local/share/gnome-music	507	blacklist ${HOME}/.local/share/gnome-music
506	blacklist ${HOME}/.local/share/gnome-photos	508	blacklist ${HOME}/.local/share/gnome-photos
507	blacklist ${HOME}/.local/share/gnome-recipes	509	blacklist ${HOME}/.local/share/gnome-recipes


diff --git a/etc/gnome-latex.profile b/etc/gnome-latex.profile new file mode 100644 index 000000000..9cef9072c --- /dev/null +++ b/etc/gnome-latex.profile
@@ -0,0 +1,46 @@
		1	# Firejail profile for gnome-latex
		2	# Description: LaTeX editor for the GNOME desktop
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gnome-latex.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/gnome-latex
		10	noblacklist ${HOME}/.local/share/gnome-latex
		11
		12	# Allow perl (blacklisted by disable-interpreters.inc)
		13	include allow-perl.inc
		14
		15	include disable-common.inc
		16	include disable-devel.inc
		17	include disable-exec.inc
		18	include disable-interpreters.inc
		19	include disable-passwdmgr.inc
		20	include disable-programs.inc
		21
		22	# May cause issues.
		23	#include whitelist-var-common.inc
		24
		25	apparmor
		26	caps.drop all
		27	machine-id
		28	net none
		29	no3d
		30	nodvd
		31	nogroups
		32	nonewprivs
		33	noroot
		34	nosound
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix
		39	seccomp
		40	shell none
		41	tracelog
		42
		43	private-cache
		44	private-dev
		45	# passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
		46	private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,login.defs,passwd,texlive


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 502449839..9c7fd1e4e 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -242,6 +242,7 @@ gnome-clocks
242	gnome-contacts	242	gnome-contacts
243	gnome-documents	243	gnome-documents
244	gnome-font-viewer	244	gnome-font-viewer
		245	gnome-latex
245	gnome-logs	246	gnome-logs
246	gnome-maps	247	gnome-maps
247	gnome-mplayer	248	gnome-mplayer