From 970f739e2be202a39ab82f589d5773267b903de6 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 12 Mar 2018 16:44:30 -0400
Subject: bringing back private-lib in evince, and some fixes for Arch Linux

---
 etc/atril.profile      | 2 +-
 etc/default.profile    | 3 +++
 etc/disable-common.inc | 3 +--
 etc/eog.profile        | 2 +-
 etc/eom.profile        | 2 +-
 etc/evince.profile     | 4 ++++
 6 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/etc/atril.profile b/etc/atril.profile
index e13618c0b..215f0ab96 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -37,7 +37,7 @@ private-dev
 private-etc fonts,ld.so.cache
 # atril uses webkit gtk to display epub files
 # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0
-private-lib webkit2gtk-4.0
+#private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit
 private-tmp
 
 # webkit gtk killed by memory-deny-write-execute
diff --git a/etc/default.profile b/etc/default.profile
index 82eded802..226e808ed 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -8,6 +8,9 @@ include /etc/firejail/globals.local
 # generic gui profile
 # depending on your usage, you can enable some of the commands below:
 
+# required under CentOS 7
+noblacklist /etc/profile.d
+
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index cd5ec5d25..19be56f86 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -171,8 +171,7 @@ blacklist /var/spool/mail
 # etc
 blacklist /etc/anacrontab
 blacklist /etc/cron*
-# on CentOS 7 /etc/profile.d/vte.sh is required by bash
-#blacklist /etc/profile.d
+blacklist /etc/profile.d
 blacklist /etc/rc.local
 # rc1.d, rc2.d, ...
 blacklist /etc/rc?.d
diff --git a/etc/eog.profile b/etc/eog.profile
index cf6b1c1c6..6d61dceac 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -39,6 +39,6 @@ private-etc fonts
 private-lib
 private-tmp
 
-memory-deny-write-execute
+#memory-deny-write-execute  - breaks on Arch
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/eom.profile b/etc/eom.profile
index 4edd8fafe..c7af470c6 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -40,6 +40,6 @@ private-etc fonts
 private-lib
 private-tmp
 
-memory-deny-write-execute
+#memory-deny-write-execute - breaks on Arch
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/evince.profile b/etc/evince.profile
index 76aaab233..0a7a28580 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -36,7 +36,11 @@ tracelog
 private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
 private-etc fonts
+
 #private-lib - seems to be breaking on Gnome Shell 3.26.2, Mutter WM, issue 1711
+# testing private-lib all over again - problem with 32bit libraries found and fixed for CentOS
+private-lib
+
 private-tmp
 
 #memory-deny-write-execute - breaks application on Archlinux, issue 1803
-- 
cgit v1.2.3-54-g00ecf