From dd55390120efe17550ddcec1b336d8c1c44806a4 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 23 Sep 2023 01:42:08 +0000 Subject: profiles: refactor log viewers (#5996) * profiles: refactor log viewers Introduces system-log-common.profile as a common profile for existing GUI log viewer applications. * system-log-common: enable no3d --- etc/profile-a-l/gnome-system-log.profile | 48 ++++---------------------------- 1 file changed, 5 insertions(+), 43 deletions(-) (limited to 'etc/profile-a-l/gnome-system-log.profile') diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index b3bc7499c..0d6116f4f 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile @@ -6,51 +6,13 @@ include gnome-system-log.local # Persistent global definitions include globals.local -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-programs.inc -include disable-shell.inc -include disable-xdg.inc +# 'net none' breaks dbus +ignore net none -whitelist /var/log -include whitelist-common.inc -include whitelist-usr-share-common.inc -include whitelist-var-common.inc - -apparmor -caps.drop all -ipc-namespace -#net none # breaks dbus -no3d -nodvd -# When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html), -# put 'ignore nogroups' and 'ignore noroot' in your gnome-system-log.local. -nogroups -noinput -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix -seccomp - -disable-mnt private-bin gnome-system-log -private-cache -private-dev -private-etc private-lib -private-tmp -writable-var-log - -#dbus-user none -#dbus-system none memory-deny-write-execute -# Add 'ignore read-only ${HOME}' to your gnome-system-log.local if you export logs to a file under your ${HOME}. -read-only ${HOME} -restrict-namespaces + +# Redirect +include system-log-common.profile -- cgit v1.2.3-70-g09d2