From 72f5e973273e8052ea18825a8b31e30c03c36038 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 27 Feb 2020 14:13:24 +0100 Subject: add xournal.profile --- README.md | 2 +- RELNOTES | 2 +- etc/xournal.profile | 47 ++++++++++++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 4 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 etc/xournal.profile diff --git a/README.md b/README.md index f90cdb7d4..bc2708041 100644 --- a/README.md +++ b/README.md @@ -151,4 +151,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe ### New profiles: -gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams +gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, gnome-passwordsafe, bibtex, gummi, latex, pdflatex, tex, wpp, wpspdf, wps, et, multimc, gnome-hexgl, com.github.johnfactotum.Foliate, desktopeditors, impressive, mupdf-gl, mupdf-x11, mupdf-x11-curl, muraster, mutool, planmaker18, planmaker18free, presentations18, presentations18free, textmaker18, textmaker18free, teams, xournal diff --git a/RELNOTES b/RELNOTES index ab0dc481d..df0e3ec85 100644 --- a/RELNOTES +++ b/RELNOTES @@ -8,7 +8,7 @@ firejail (0.9.63) baseline; urgency=low * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams - * new profiles: textmaker18free + * new profiles: textmaker18free, xournal firejail (0.9.62) baseline; urgency=low * added file-copy-limit in /etc/firejail/firejail.config diff --git a/etc/xournal.profile b/etc/xournal.profile new file mode 100644 index 000000000..fa5200ea3 --- /dev/null +++ b/etc/xournal.profile @@ -0,0 +1,47 @@ +# Firejail profile for xournal +# Description: Note taking and PDF editing +# This file is overwritten after every install/update +# Persistent local customizations +include xournal.local +# Persistent global definitions +include globals.local + +noblacklist ${DOCUMENTS} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +whitelist /usr/share/xournal +whitelist /usr/share/poppler +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +caps.drop all +machine-id +net none +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +shell none +tracelog + +private-bin xournal +private-cache +private-dev +private-etc alternatives,fonts,group,machine-id,passwd +# TODO should use private-lib +private-tmp diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index adf66f008..4cd4fad6c 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -722,6 +722,7 @@ xmr-stak xonotic xonotic-glx xonotic-sdl +xournal xpdf xplayer xplayer-audio-preview -- cgit v1.2.3-54-g00ecf