add xournal.profile

author: Hans-Christoph Steiner <hans@eds.org> 2020-02-27 14:13:24 +0100
committer: Hans-Christoph Steiner <hans@eds.org> 2020-02-27 14:13:24 +0100
commit: 72f5e973273e8052ea18825a8b31e30c03c36038 (patch)
tree: a480c7ddc7811320dc60aaa2a19033ad71ee3e33
parent: revive 'net none' in openshot.profile (diff)
download: firejail-72f5e973273e8052ea18825a8b31e30c03c36038.tar.gz
firejail-72f5e973273e8052ea18825a8b31e30c03c36038.tar.zst
firejail-72f5e973273e8052ea18825a8b31e30c03c36038.zip
4 files changed, 50 insertions, 2 deletions
diff --git a/README.md b/README.md
index f90cdb7d4..bc2708041 100644
--- a/README.md
+++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ### New profiles:
-gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams
+gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal
diff --git a/RELNOTES b/RELNOTES
index ab0dc481d..df0e3ec85 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -8,7 +8,7 @@ firejail (0.9.63) baseline; urgency=low
  * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
  * new profiles: desktopeditors, impressive, planmaker18, planmaker18free
  * new profiles: presentations18, presentations18free, textmaker18, teams
-  * new profiles: textmaker18free
+  * new profiles: textmaker18free, xournal
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
diff --git a/etc/xournal.profile b/etc/xournal.profile
new file mode 100644
index 000000000..fa5200ea3
--- /dev/null
+++ b/etc/xournal.profile
@@ -0,0 +1,47 @@
+# Firejail profile for xournal
+# Description: Note taking and PDF editing
+# This file is overwritten after every install/update
+# Persistent local customizations
+include xournal.local
+# Persistent global definitions
+include globals.local
+noblacklist ${DOCUMENTS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /usr/share/xournal
+whitelist /usr/share/poppler
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+caps.drop all
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-bin xournal
+private-cache
+private-dev
+private-etc alternatives,fonts,group,machine-id,passwd
+# TODO should use private-lib
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index adf66f008..4cd4fad6c 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -722,6 +722,7 @@ xmr-stak
 xonotic
 xonotic-glx
 xonotic-sdl
+xournal
 xpdf
 xplayer
 xplayer-audio-preview
author	Hans-Christoph Steiner <hans@eds.org>	2020-02-27 14:13:24 +0100
committer	Hans-Christoph Steiner <hans@eds.org>	2020-02-27 14:13:24 +0100
commit	72f5e973273e8052ea18825a8b31e30c03c36038 (patch)
tree	a480c7ddc7811320dc60aaa2a19033ad71ee3e33
parent	revive 'net none' in openshot.profile (diff)
download	firejail-72f5e973273e8052ea18825a8b31e30c03c36038.tar.gz firejail-72f5e973273e8052ea18825a8b31e30c03c36038.tar.zst firejail-72f5e973273e8052ea18825a8b31e30c03c36038.zip

diff --git a/README.md b/README.md index f90cdb7d4..bc2708041 100644 --- a/README.md +++ b/README.md
@@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
151		151
152	### New profiles:	152	### New profiles:
153		153
154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams	154	gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal


diff --git a/RELNOTES b/RELNOTES index ab0dc481d..df0e3ec85 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -8,7 +8,7 @@ firejail (0.9.63) baseline; urgency=low
8	* new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool	8	* new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool
9	* new profiles: desktopeditors, impressive, planmaker18, planmaker18free	9	* new profiles: desktopeditors, impressive, planmaker18, planmaker18free
10	* new profiles: presentations18, presentations18free, textmaker18, teams	10	* new profiles: presentations18, presentations18free, textmaker18, teams
11	* new profiles: textmaker18free	11	* new profiles: textmaker18free, xournal
12		12
13	firejail (0.9.62) baseline; urgency=low	13	firejail (0.9.62) baseline; urgency=low
14	* added file-copy-limit in /etc/firejail/firejail.config	14	* added file-copy-limit in /etc/firejail/firejail.config


diff --git a/etc/xournal.profile b/etc/xournal.profile new file mode 100644 index 000000000..fa5200ea3 --- /dev/null +++ b/etc/xournal.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for xournal
		2	# Description: Note taking and PDF editing
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include xournal.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${DOCUMENTS}
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18
		19	whitelist /usr/share/xournal
		20	whitelist /usr/share/poppler
		21	include whitelist-usr-share-common.inc
		22	include whitelist-var-common.inc
		23
		24	caps.drop all
		25	machine-id
		26	net none
		27	no3d
		28	nodbus
		29	nodvd
		30	nogroups
		31	nonewprivs
		32	noroot
		33	nosound
		34	notv
		35	nou2f
		36	novideo
		37	protocol unix
		38	seccomp
		39	shell none
		40	tracelog
		41
		42	private-bin xournal
		43	private-cache
		44	private-dev
		45	private-etc alternatives,fonts,group,machine-id,passwd
		46	# TODO should use private-lib
		47	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index adf66f008..4cd4fad6c 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -722,6 +722,7 @@ xmr-stak
722	xonotic	722	xonotic
723	xonotic-glx	723	xonotic-glx
724	xonotic-sdl	724	xonotic-sdl
		725	xournal
725	xpdf	726	xpdf
726	xplayer	727	xplayer
727	xplayer-audio-preview	728	xplayer-audio-preview