From 195c1a6bbdaad705f92303832a1a73d05f053b71 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 4 Oct 2017 09:47:11 -0400
Subject: various profile fixes

---
 etc/akregator.profile | 4 +++-
 etc/display.profile   | 8 +++++---
 etc/knotes.profile    | 6 +++---
 etc/pdftotext.profile | 2 ++
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/etc/akregator.profile b/etc/akregator.profile
index 55434e45b..f2e5ea341 100644
--- a/etc/akregator.profile
+++ b/etc/akregator.profile
@@ -19,6 +19,8 @@ whitelist ${HOME}/.config/akregatorrc
 whitelist ${HOME}/.local/share/akregator
 include /etc/firejail/whitelist-common.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 netfilter
 no3d
@@ -28,7 +30,7 @@ nonewprivs
 noroot
 notv
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
diff --git a/etc/display.profile b/etc/display.profile
index 44d37d5b2..eca749cec 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 net none
 nodvd
@@ -22,9 +24,9 @@ notv
 protocol unix
 seccomp
 shell none
-x11 xorg
+# x11 xorg - problems on kubuntu 17.04
 
-private-bin display
+# private-bin display - requires python
 private-dev
-private-etc none
+# private-etc none - on Debian-based systems display is a symlink in /etc/alternatives
 private-tmp
diff --git a/etc/knotes.profile b/etc/knotes.profile
index a1d303ded..039f1b057 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 netfilter
 nodvd
@@ -25,7 +27,5 @@ seccomp
 shell none
 tracelog
 
-# private-bin kate
 private-dev
-# private-etc fonts
-private-tmp
+#private-tmp - problems on kubuntu 17.04
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 540a428cc..0c6bf9cde 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 net none
 no3d
-- 
cgit v1.2.3-70-g09d2