diff options
| author |  rusty-snake <print_hello_world+Public@protonmail.com> | 2019-10-16 15:18:59 +0200 |
|---|---|---|
| committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-10-16 15:22:38 +0200 |
| commit | 61bfaa69275f881d9ce890f2a15d93325eab110f (patch) | |
| tree | 6bf27376927d7d7fba3eebd4df91bc9c68e78f47 | |
| parent | Profiles: add signal-cli profile (#3002) (diff) | |
| download | firejail-61bfaa69275f881d9ce890f2a15d93325eab110f.tar.gz firejail-61bfaa69275f881d9ce890f2a15d93325eab110f.tar.zst firejail-61bfaa69275f881d9ce890f2a15d93325eab110f.zip | |
Update ghostwriter.profile
- enable `seccomp`, but allow `chroot`
- fix wusc. ==> comment it because of #216 it is broken
- fix pdf export
[skip ci]
| -rw-r--r-- | etc/ghostwriter.profile | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 8a9ccabc2..27becf8fe 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
| @@ -19,12 +19,11 @@ include disable-passwdmgr.inc | |||
| 19 | include disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | whitelist /usr/share/ghostwriter | 22 | #whitelist /usr/share/ghostwriter |
| 23 | whitelist /usr/share/mozilla-dicts | 23 | #whitelist /usr/share/mozilla-dicts |
| 24 | whitelist /usr/share/texlive | 24 | #whitelist /usr/share/texlive |
| 25 | whitelist /usr/share/pandoc | 25 | #whitelist /usr/share/pandoc* |
| 26 | whitelist /usr/share/pandoc-* | 26 | #include whitelist-usr-share-common.inc |
| 27 | include whitelist-usr-share-common.inc | ||
| 28 | 27 | ||
| 29 | apparmor | 28 | apparmor |
| 30 | caps.drop all | 29 | caps.drop all |
| @@ -39,13 +38,13 @@ notv | |||
| 39 | nou2f | 38 | nou2f |
| 40 | novideo | 39 | novideo |
| 41 | protocol unix,inet,inet6,netlink | 40 | protocol unix,inet,inet6,netlink |
| 42 | #seccomp -- breaks | 41 | seccomp !chroot |
| 43 | shell none | 42 | shell none |
| 44 | #tracelog -- breaks | 43 | #tracelog -- breaks |
| 45 | 44 | ||
| 46 | private-bin gettext,ghostwriter,pandoc | 45 | private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,prince,weasyprint,wkhtmltopdf |
| 47 | private-cache | 46 | private-cache |
| 48 | private-dev | 47 | private-dev |
| 49 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 48 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
| 50 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | 49 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg |
| 51 | private-tmp | 50 | private-tmp |