From dd55390120efe17550ddcec1b336d8c1c44806a4 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 23 Sep 2023 01:42:08 +0000
Subject: profiles: refactor log viewers (#5996)

* profiles: refactor log viewers

Introduces system-log-common.profile as a common profile for existing
GUI log viewer applications.

* system-log-common: enable no3d
---
 etc/profile-a-l/gnome-logs.profile       | 42 +++------------------------
 etc/profile-a-l/gnome-system-log.profile | 48 ++++--------------------------
 etc/profile-a-l/journal-viewer.profile   | 50 ++------------------------------
 3 files changed, 12 insertions(+), 128 deletions(-)

(limited to 'etc/profile-a-l')

diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile
index 61f4f4107..4d2681fbc 100644
--- a/etc/profile-a-l/gnome-logs.profile
+++ b/etc/profile-a-l/gnome-logs.profile
@@ -6,49 +6,15 @@ include gnome-logs.local
 # Persistent global definitions
 include globals.local
 
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
+whitelist /usr/share/gnome-logs
 
-whitelist /var/log/journal
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-
-apparmor
-caps.drop all
-ipc-namespace
-net none
-no3d
-nodvd
-noinput
-nonewprivs
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-tracelog
-
-disable-mnt
 private-bin gnome-logs
-private-cache
-private-dev
-private-etc
 private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
-private-tmp
-writable-var-log
 
 dbus-user filter
 dbus-user.own org.gnome.Logs
 dbus-user.talk ca.desrt.dconf
-dbus-system none
+ignore dbus-user none
 
-# Add 'ignore read-only ${HOME}' to your gnome-logs.local if you export logs to a file under your ${HOME}.
-read-only ${HOME}
-restrict-namespaces
+# Redirect
+include system-log-common.profile
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile
index b3bc7499c..0d6116f4f 100644
--- a/etc/profile-a-l/gnome-system-log.profile
+++ b/etc/profile-a-l/gnome-system-log.profile
@@ -6,51 +6,13 @@ include gnome-system-log.local
 # Persistent global definitions
 include globals.local
 
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
+# 'net none' breaks dbus
+ignore net none
 
-whitelist /var/log
-include whitelist-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-
-apparmor
-caps.drop all
-ipc-namespace
-#net none # breaks dbus
-no3d
-nodvd
-# When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html),
-# put 'ignore nogroups' and 'ignore noroot' in your gnome-system-log.local.
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-
-disable-mnt
 private-bin gnome-system-log
-private-cache
-private-dev
-private-etc
 private-lib
-private-tmp
-writable-var-log
-
-#dbus-user none
-#dbus-system none
 
 memory-deny-write-execute
-# Add 'ignore read-only ${HOME}' to your gnome-system-log.local if you export logs to a file under your ${HOME}.
-read-only ${HOME}
-restrict-namespaces
+
+# Redirect
+include system-log-common.profile
diff --git a/etc/profile-a-l/journal-viewer.profile b/etc/profile-a-l/journal-viewer.profile
index f73595fb1..eb007b765 100644
--- a/etc/profile-a-l/journal-viewer.profile
+++ b/etc/profile-a-l/journal-viewer.profile
@@ -9,60 +9,16 @@ include globals.local
 noblacklist ${HOME}/.cache/journal-viewer
 noblacklist ${HOME}/.local/share/com.vmingueza.journal-viewer
 
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-proc.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
-
 mkdir ${HOME}/.cache/journal-viewer
 mkdir ${HOME}/.local/share/com.vmingueza.journal-viewer
 whitelist ${HOME}/.cache/journal-viewer
 whitelist ${HOME}/.local/share/com.vmingueza.journal-viewer
-whitelist /run/log/journal
-whitelist /var/log/journal
-include whitelist-common.inc
-include whitelist-run-common.inc
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-
-apparmor
-caps.drop all
-ipc-namespace
-net none
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noprinters
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-seccomp.block-secondary
-tracelog
 
-disable-mnt
 private-bin journal-viewer
-private-cache
-private-dev
-private-etc machine-id
 private-lib webkit2gtk-*
-private-tmp
 
-dbus-user none
-dbus-system none
-
-restrict-namespaces
-read-only ${HOME}
 read-write ${HOME}/.cache/journal-viewer
 read-write ${HOME}/.local/share/com.vmingueza.journal-viewer
-writable-var-log
+
+# Redirect
+include system-log-common.profile
-- 
cgit v1.2.3-70-g09d2