From 61bfaa69275f881d9ce890f2a15d93325eab110f Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Wed, 16 Oct 2019 15:18:59 +0200 Subject: Update ghostwriter.profile - enable `seccomp`, but allow `chroot` - fix wusc. ==> comment it because of #216 it is broken - fix pdf export [skip ci] --- etc/ghostwriter.profile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 8a9ccabc2..27becf8fe 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile @@ -19,12 +19,11 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc -whitelist /usr/share/ghostwriter -whitelist /usr/share/mozilla-dicts -whitelist /usr/share/texlive -whitelist /usr/share/pandoc -whitelist /usr/share/pandoc-* -include whitelist-usr-share-common.inc +#whitelist /usr/share/ghostwriter +#whitelist /usr/share/mozilla-dicts +#whitelist /usr/share/texlive +#whitelist /usr/share/pandoc* +#include whitelist-usr-share-common.inc apparmor caps.drop all @@ -39,13 +38,13 @@ notv nou2f novideo protocol unix,inet,inet6,netlink -#seccomp -- breaks +seccomp !chroot shell none #tracelog -- breaks -private-bin gettext,ghostwriter,pandoc +private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,prince,weasyprint,wkhtmltopdf private-cache private-dev # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed -private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg +private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg private-tmp -- cgit v1.2.3-54-g00ecf