From 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 7 Aug 2017 01:22:08 -0400
Subject: Unify all profiles

---
 etc/mupdf.profile | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

(limited to 'etc/mupdf.profile')

diff --git a/etc/mupdf.profile b/etc/mupdf.profile
index ca61edfdd..a55a01206 100644
--- a/etc/mupdf.profile
+++ b/etc/mupdf.profile
@@ -1,15 +1,15 @@
-# Persistent global definitions go here
+# Firejail profile for mupdf
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/mupdf.local
+# Persistent global definitions
 include /etc/firejail/globals.local
 
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
-include /etc/firejail/mupdf.local
 
-# mupdf reader profile
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 
 caps.drop all
 net none
@@ -22,15 +22,13 @@ seccomp
 shell none
 tracelog
 
-private-tmp
+# private-bin mupdf,sh,tempfile,rm
 private-dev
 private-etc fonts
-
-# mupdf will never write anything
+private-tmp
 read-only ${HOME}
 
-#
+# CLOBBERED COMMENTS
 # Experimental:
-#
-#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
-# private-bin mupdf,sh,tempfile,rm
+# mupdf will never write anything
+# seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev
-- 
cgit v1.2.3-70-g09d2