From 18942dbeed8d959735651e2a2162627f82a5f3fe Mon Sep 17 00:00:00 2001
From: Florian Begusch <26567162+florianbegusch@users.noreply.github.com>
Date: Wed, 29 Jan 2020 12:53:17 +0000
Subject: Add profiles for common (la)tex commands and a latex editor (#3159)

---
 etc/bibtex.profile       | 12 ++++++++++++
 etc/disable-programs.inc |  1 +
 etc/gummi.profile        | 18 ++++++++++++++++++
 etc/latex-common.profile | 39 +++++++++++++++++++++++++++++++++++++++
 etc/latex.profile        | 12 ++++++++++++
 etc/pdflatex.profile     | 12 ++++++++++++
 etc/tex.profile          | 12 ++++++++++++
 7 files changed, 106 insertions(+)
 create mode 100644 etc/bibtex.profile
 create mode 100644 etc/gummi.profile
 create mode 100644 etc/latex-common.profile
 create mode 100644 etc/latex.profile
 create mode 100644 etc/pdflatex.profile
 create mode 100644 etc/tex.profile

(limited to 'etc')

diff --git a/etc/bibtex.profile b/etc/bibtex.profile
new file mode 100644
index 000000000..e868dcbab
--- /dev/null
+++ b/etc/bibtex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for bibtex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include bibtex.local
+# Persistent global definitions
+include globals.local
+
+private-bin bibtex
+
+# Redirect
+include latex-common.profile
+
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 2eac1338e..44982ede0 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -200,6 +200,7 @@ blacklist ${HOME}/.config/google-chrome-beta
 blacklist ${HOME}/.config/google-chrome-unstable
 blacklist ${HOME}/.config/gpicview
 blacklist ${HOME}/.config/gthumb
+blacklist ${HOME}/.config/gummi
 blacklist ${HOME}/.config/gwenviewrc
 blacklist ${HOME}/.config/hexchat
 blacklist ${HOME}/.config/i2p
diff --git a/etc/gummi.profile b/etc/gummi.profile
new file mode 100644
index 000000000..9fb8e3da5
--- /dev/null
+++ b/etc/gummi.profile
@@ -0,0 +1,18 @@
+# Firejail profile for gummi
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gummi.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/gummi
+
+include allow-lua.inc
+include allow-perl.inc
+include allow-python3.inc
+
+private-bin dvipdf,dvips,env,gummi,latex,latexmk,lua*,lualatex,luatex,pdflatex,pdftex,perl,ps2pdf,python3*,rubber,synctex,tex,xelatex,xetex
+
+# Redirect
+include latex-common.profile
+
diff --git a/etc/latex-common.profile b/etc/latex-common.profile
new file mode 100644
index 000000000..712ada722
--- /dev/null
+++ b/etc/latex-common.profile
@@ -0,0 +1,39 @@
+# Firejail profile for latex-common
+# This file is overwritten after every install/update
+# Persistent local customizations
+include latex-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+whitelist /var/lib
+include whitelist-var-common.inc
+
+caps.drop all
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+
+private-cache
+private-dev
+private-tmp
+
diff --git a/etc/latex.profile b/etc/latex.profile
new file mode 100644
index 000000000..2230dd570
--- /dev/null
+++ b/etc/latex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for latex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include latex.local
+# Persistent global definitions
+include globals.local
+
+private-bin latex
+
+# Redirect
+include latex-common.profile
+
diff --git a/etc/pdflatex.profile b/etc/pdflatex.profile
new file mode 100644
index 000000000..caf980d4d
--- /dev/null
+++ b/etc/pdflatex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for pdflatex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pdflatex.local
+# Persistent global definitions
+include globals.local
+
+private-bin pdflatex
+
+# Redirect
+include latex-common.profile
+
diff --git a/etc/tex.profile b/etc/tex.profile
new file mode 100644
index 000000000..f56c3038e
--- /dev/null
+++ b/etc/tex.profile
@@ -0,0 +1,12 @@
+# Firejail profile for tex
+# This file is overwritten after every install/update
+# Persistent local customizations
+include tex.local
+# Persistent global definitions
+include globals.local
+
+private-bin tex
+
+# Redirect
+include latex-common.profile
+
-- 
cgit v1.2.3-70-g09d2