Merge pull request #5631 from glitsj16/inkscape

inkscape: additional hardening and settings saving via D-Bus

1 files changed, 15 insertions, 3 deletions

diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile
index abe75f2ae..c4fc16c87 100644
--- a/etc/profile-a-l/inkscape.profile
+++ b/etc/profile-a-l/inkscape.profile
@@ -16,7 +16,6 @@ noblacklist ${PICTURES}
 noblacklist ${HOME}/.config/GIMP
 noblacklist ${HOME}/.gimp*
 
-
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python2.inc
 include allow-python3.inc
@@ -28,8 +27,19 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.cache/inkscape
+mkdir ${HOME}/.config/inkscape
+mkdir ${HOME}/.inkscape
+whitelist ${DOCUMENTS}
+whitelist ${DOWNLOADS}
+whitelist ${PICTURES}
+whitelist ${HOME}/.cache/inkscape
+whitelist ${HOME}/.config/inkscape
+whitelist ${HOME}/.inkscape
 whitelist /usr/share/inkscape
+include whitelist-common.inc
 include whitelist-run-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
@@ -57,8 +67,10 @@ private-dev
 private-etc @x11,ImageMagick*,python*
 private-tmp
 
-dbus-user none
+dbus-user filter
+dbus-user.own org.inkscape.Inkscape
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.gtk.vfs.*
 dbus-system none
 
-# memory-deny-write-execute
 restrict-namespaces