Profile fixes

- Fix #4157 -- [Feature] Should rmenv GitHub auth tokens
  There are still more token variables from other program that should be
  added.
- Fix #4093 -- darktable needs read access to liblua*
- Fix #4383 -- move noblacklist ${HOME}/.bogofilter to email-common.profile for claws-mail (and other mailers)
- Fix xournalpp.profile
- syscalls.txt: ausyscall i386 -> firejail --debug-syscalls32

2 files changed, 10 insertions, 0 deletions

diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc
index 3ed9a1b14..5876e2763 100644
--- a/etc/inc/disable-passwdmgr.inc
+++ b/etc/inc/disable-passwdmgr.inc
@@ -17,3 +17,11 @@ blacklist ${HOME}/.lastpass
 blacklist ${HOME}/.local/share/KeePass
 blacklist ${HOME}/.local/share/keepass
 blacklist ${HOME}/.password-store
+
+# Remove environment variables with auth tokens.
+# Note however that the sandbox might still have access to the
+# files where these variables are set.
+rmenv GH_TOKEN
+rmenv GITHUB_TOKEN
+rmenv GH_ENTERPRISE_TOKEN
+rmenv GITHUB_ENTERPRISE_TOKEN
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index cdc5f622c..f8a94e498 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -438,6 +438,7 @@ blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
 blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
 blacklist ${HOME}/.config/xiaoyong
 blacklist ${HOME}/.config/xmms2
+blacklist ${HOME}/.config/xournalpp
 blacklist ${HOME}/.config/xplayer
 blacklist ${HOME}/.config/xreader
 blacklist ${HOME}/.config/xviewer
@@ -1099,6 +1100,7 @@ blacklist ${HOME}/.cache/waterfox
 blacklist ${HOME}/.cache/wesnoth
 blacklist ${HOME}/.cache/winetricks
 blacklist ${HOME}/.cache/xmms2
+blacklist ${HOME}/.cache/xournalpp
 blacklist ${HOME}/.cache/xreader
 blacklist ${HOME}/.cache/yandex-browser
 blacklist ${HOME}/.cache/yandex-browser-beta