diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2019-03-06 05:01:01 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-03-06 05:01:01 +0000 |
| commit | 4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214 (patch) | |
| tree | fb725eb4a7a17e75bbb5b36c820512302089d276 /etc | |
| parent | mdwx changes for sysprof profiles (#2526) (diff) | |
| download | firejail-4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214.tar.gz firejail-4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214.tar.zst firejail-4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214.zip | |
Fixes for evince profiles (#2527)
* Update evince.profile
Needs group and password in private-etc on Arch. Took the liberty to change the memory-deny-write-execute comment. Latest firejail from git with the recent mdwx work included now no longer breaks evince on Arch. It might still break on other platforms, so I left mdwe commented.
* Fix including globals.local twice in evince-previewer
* Fix including globals.local twice in evince-thumbnailer
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/evince-previewer.profile | 3 | ||||
| -rw-r--r-- | etc/evince-thumbnailer.profile | 3 | ||||
| -rw-r--r-- | etc/evince.profile | 8 |
3 files changed, 7 insertions, 7 deletions
diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile index e43bb2da8..bd1ea6aa9 100644 --- a/etc/evince-previewer.profile +++ b/etc/evince-previewer.profile | |||
| @@ -3,7 +3,8 @@ | |||
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include evince-previewer.local | 4 | include evince-previewer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include globals.local | 6 | # added by included profile |
| 7 | #include globals.local | ||
| 7 | 8 | ||
| 8 | 9 | ||
| 9 | # Redirect | 10 | # Redirect |
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile index 4036e1ecb..d11d4e1e1 100644 --- a/etc/evince-thumbnailer.profile +++ b/etc/evince-thumbnailer.profile | |||
| @@ -3,7 +3,8 @@ | |||
| 3 | # Persistent local customizations | 3 | # Persistent local customizations |
| 4 | include evince-thumbnailer.local | 4 | include evince-thumbnailer.local |
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include globals.local | 6 | # added by included profile |
| 7 | #include globals.local | ||
| 7 | 8 | ||
| 8 | 9 | ||
| 9 | # Redirect | 10 | # Redirect |
diff --git a/etc/evince.profile b/etc/evince.profile index e9b530ece..b784df57c 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
| @@ -20,7 +20,7 @@ include whitelist-var-common.inc | |||
| 20 | 20 | ||
| 21 | caps.drop all | 21 | caps.drop all |
| 22 | machine-id | 22 | machine-id |
| 23 | # net none breaks AppArmor on Ubuntu systems | 23 | # net none - breaks AppArmor on Ubuntu systems |
| 24 | netfilter | 24 | netfilter |
| 25 | no3d | 25 | no3d |
| 26 | nodbus | 26 | nodbus |
| @@ -39,12 +39,10 @@ tracelog | |||
| 39 | 39 | ||
| 40 | private-bin evince,evince-previewer,evince-thumbnailer | 40 | private-bin evince,evince-previewer,evince-thumbnailer |
| 41 | private-dev | 41 | private-dev |
| 42 | private-etc alternatives,fonts,machine-id | 42 | private-etc alternatives,fonts,group,machine-id,passwd |
| 43 | |||
| 44 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv | 43 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv |
| 45 | |||
| 46 | private-tmp | 44 | private-tmp |
| 47 | 45 | ||
| 48 | #memory-deny-write-execute - breaks application on Archlinux, issue 1803 | 46 | # memory-deny-write-execute - might break application (https://github.com/netblue30/firejail/issues/1803) |
| 49 | noexec ${HOME} | 47 | noexec ${HOME} |
| 50 | noexec /tmp | 48 | noexec /tmp |