Add profiles for common (la)tex commands and a latex editor (#3159)

author: Florian Begusch <26567162+florianbegusch@users.noreply.github.com> 2020-01-29 12:53:17 +0000
committer: GitHub <noreply@github.com> 2020-01-29 12:53:17 +0000
commit: 18942dbeed8d959735651e2a2162627f82a5f3fe (patch)
tree: 446d4d9a67135dea417e3da9ec80f96a100b210a /etc
parent: disable private-lib in zathura.profile (diff)
download: firejail-18942dbeed8d959735651e2a2162627f82a5f3fe.tar.gz
firejail-18942dbeed8d959735651e2a2162627f82a5f3fe.tar.zst
firejail-18942dbeed8d959735651e2a2162627f82a5f3fe.zip
7 files changed, 106 insertions, 0 deletions
diff --git a/etc/bibtex.profile b/etc/bibtex.profile
new file mode 100644
index 000000000..e868dcbab
--- /dev/null
+++ b/etc/bibtex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for bibtex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include bibtex.local
+# Persistent global definitions
+include globals.local
+private-bin bibtex
+# Redirect
+include latex-common.profile
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 2eac1338e..44982ede0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -200,6 +200,7 @@ blacklist ${HOME}/.config/google-chrome-beta
 blacklist ${HOME}/.config/google-chrome-unstable
 blacklist ${HOME}/.config/gpicview
 blacklist ${HOME}/.config/gthumb
+blacklist ${HOME}/.config/gummi
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/i2p
diff --git a/etc/gummi.profile b/etc/gummi.profile
new file mode 100644
index 000000000..9fb8e3da5
--- /dev/null
+++ b/etc/gummi.profile
@@ -0,0 +1,18 @@
+# Firejail profile for gummi
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gummi.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/gummi
+include allow-lua.inc
+include allow-perl.inc
+include allow-python3.inc
+private-bin dvipdf,dvips,env,gummi,latex,latexmk,lua*,lualatex,luatex,pdflatex,pdftex,perl,ps2pdf,python3*,rubber,synctex,tex,xelatex,xetex
+# Redirect
+include latex-common.profile
diff --git a/etc/latex-common.profile b/etc/latex-common.profile
new file mode 100644
index 000000000..712ada722
--- /dev/null
+++ b/etc/latex-common.profile
@@ -0,0 +1,39 @@
+# Firejail profile for latex-common
+# This file is overwritten after every install/update
+# Persistent local customizations
+include latex-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+whitelist /var/lib
+include whitelist-var-common.inc
+caps.drop all
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+private-cache
+private-dev
+private-tmp
diff --git a/etc/latex.profile b/etc/latex.profile
new file mode 100644
index 000000000..2230dd570
--- /dev/null
+++ b/etc/latex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for latex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include latex.local
+# Persistent global definitions
+include globals.local
+private-bin latex
+# Redirect
+include latex-common.profile
diff --git a/etc/pdflatex.profile b/etc/pdflatex.profile
new file mode 100644
index 000000000..caf980d4d
--- /dev/null
+++ b/etc/pdflatex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for pdflatex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pdflatex.local
+# Persistent global definitions
+include globals.local
+private-bin pdflatex
+# Redirect
+include latex-common.profile
diff --git a/etc/tex.profile b/etc/tex.profile
new file mode 100644
index 000000000..f56c3038e
--- /dev/null
+++ b/etc/tex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for tex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include tex.local
+# Persistent global definitions
+include globals.local
+private-bin tex
+# Redirect
+include latex-common.profile
author	Florian Begusch <26567162+florianbegusch@users.noreply.github.com>	2020-01-29 12:53:17 +0000
committer	GitHub <noreply@github.com>	2020-01-29 12:53:17 +0000
commit	18942dbeed8d959735651e2a2162627f82a5f3fe (patch)
tree	446d4d9a67135dea417e3da9ec80f96a100b210a /etc
parent	disable private-lib in zathura.profile (diff)
download	firejail-18942dbeed8d959735651e2a2162627f82a5f3fe.tar.gz firejail-18942dbeed8d959735651e2a2162627f82a5f3fe.tar.zst firejail-18942dbeed8d959735651e2a2162627f82a5f3fe.zip

diff --git a/etc/bibtex.profile b/etc/bibtex.profile new file mode 100644 index 000000000..e868dcbab --- /dev/null +++ b/etc/bibtex.profile
@@ -0,0 +1,12 @@
		1	# Firejail profile for bibtex
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include bibtex.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	private-bin bibtex
		9
		10	# Redirect
		11	include latex-common.profile
		12


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 2eac1338e..44982ede0 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -200,6 +200,7 @@ blacklist ${HOME}/.config/google-chrome-beta
200	blacklist ${HOME}/.config/google-chrome-unstable	200	blacklist ${HOME}/.config/google-chrome-unstable
201	blacklist ${HOME}/.config/gpicview	201	blacklist ${HOME}/.config/gpicview
202	blacklist ${HOME}/.config/gthumb	202	blacklist ${HOME}/.config/gthumb
		203	blacklist ${HOME}/.config/gummi
203	blacklist ${HOME}/.config/gwenviewrc	204	blacklist ${HOME}/.config/gwenviewrc
204	blacklist ${HOME}/.config/hexchat	205	blacklist ${HOME}/.config/hexchat
205	blacklist ${HOME}/.config/i2p	206	blacklist ${HOME}/.config/i2p


diff --git a/etc/gummi.profile b/etc/gummi.profile new file mode 100644 index 000000000..9fb8e3da5 --- /dev/null +++ b/etc/gummi.profile
@@ -0,0 +1,18 @@
		1	# Firejail profile for gummi
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include gummi.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	noblacklist ${HOME}/.config/gummi
		9
		10	include allow-lua.inc
		11	include allow-perl.inc
		12	include allow-python3.inc
		13
		14	private-bin dvipdf,dvips,env,gummi,latex,latexmk,lua,lualatex,luatex,pdflatex,pdftex,perl,ps2pdf,python3,rubber,synctex,tex,xelatex,xetex
		15
		16	# Redirect
		17	include latex-common.profile
		18


diff --git a/etc/latex-common.profile b/etc/latex-common.profile new file mode 100644 index 000000000..712ada722 --- /dev/null +++ b/etc/latex-common.profile
@@ -0,0 +1,39 @@
		1	# Firejail profile for latex-common
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include latex-common.local
		5	# Persistent global definitions
		6	# added by caller profile
		7	#include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-passwdmgr.inc
		14	include disable-programs.inc
		15
		16	whitelist /var/lib
		17	include whitelist-var-common.inc
		18
		19	caps.drop all
		20	net none
		21	no3d
		22	nodbus
		23	nodvd
		24	nogroups
		25	nonewprivs
		26	noroot
		27	nosound
		28	notv
		29	nou2f
		30	novideo
		31	protocol unix
		32	seccomp
		33	shell none
		34	tracelog
		35
		36	private-cache
		37	private-dev
		38	private-tmp
		39


diff --git a/etc/latex.profile b/etc/latex.profile new file mode 100644 index 000000000..2230dd570 --- /dev/null +++ b/etc/latex.profile
@@ -0,0 +1,12 @@
		1	# Firejail profile for latex
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include latex.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	private-bin latex
		9
		10	# Redirect
		11	include latex-common.profile
		12


diff --git a/etc/pdflatex.profile b/etc/pdflatex.profile new file mode 100644 index 000000000..caf980d4d --- /dev/null +++ b/etc/pdflatex.profile
@@ -0,0 +1,12 @@
		1	# Firejail profile for pdflatex
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include pdflatex.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	private-bin pdflatex
		9
		10	# Redirect
		11	include latex-common.profile
		12


diff --git a/etc/tex.profile b/etc/tex.profile new file mode 100644 index 000000000..f56c3038e --- /dev/null +++ b/etc/tex.profile
@@ -0,0 +1,12 @@
		1	# Firejail profile for tex
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include tex.local
		5	# Persistent global definitions
		6	include globals.local
		7
		8	private-bin tex
		9
		10	# Redirect
		11	include latex-common.profile
		12