diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-03-06 05:01:01 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-06 05:01:01 +0000 |
commit | 4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214 (patch) | |
tree | fb725eb4a7a17e75bbb5b36c820512302089d276 /etc/evince.profile | |
parent | mdwx changes for sysprof profiles (#2526) (diff) | |
download | firejail-4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214.tar.gz firejail-4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214.tar.zst firejail-4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214.zip |
Fixes for evince profiles (#2527)
* Update evince.profile
Needs group and password in private-etc on Arch. Took the liberty to change the memory-deny-write-execute comment. Latest firejail from git with the recent mdwx work included now no longer breaks evince on Arch. It might still break on other platforms, so I left mdwe commented.
* Fix including globals.local twice in evince-previewer
* Fix including globals.local twice in evince-thumbnailer
Diffstat (limited to 'etc/evince.profile')
-rw-r--r-- | etc/evince.profile | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/etc/evince.profile b/etc/evince.profile index e9b530ece..b784df57c 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -20,7 +20,7 @@ include whitelist-var-common.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | machine-id | 22 | machine-id |
23 | # net none breaks AppArmor on Ubuntu systems | 23 | # net none - breaks AppArmor on Ubuntu systems |
24 | netfilter | 24 | netfilter |
25 | no3d | 25 | no3d |
26 | nodbus | 26 | nodbus |
@@ -39,12 +39,10 @@ tracelog | |||
39 | 39 | ||
40 | private-bin evince,evince-previewer,evince-thumbnailer | 40 | private-bin evince,evince-previewer,evince-thumbnailer |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,fonts,machine-id | 42 | private-etc alternatives,fonts,group,machine-id,passwd |
43 | |||
44 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv | 43 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv |
45 | |||
46 | private-tmp | 44 | private-tmp |
47 | 45 | ||
48 | #memory-deny-write-execute - breaks application on Archlinux, issue 1803 | 46 | # memory-deny-write-execute - might break application (https://github.com/netblue30/firejail/issues/1803) |
49 | noexec ${HOME} | 47 | noexec ${HOME} |
50 | noexec /tmp | 48 | noexec /tmp |