From 4a6e7a1bdcf1ee5a4d46517e7d4f8dd2eb5ac214 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 6 Mar 2019 05:01:01 +0000
Subject: Fixes for evince profiles (#2527)

* Update evince.profile

Needs group and password in private-etc on Arch. Took the liberty to change the memory-deny-write-execute comment. Latest firejail from git with the recent mdwx work included now no longer breaks evince on Arch. It might still break on other platforms, so I left mdwe commented.

* Fix including globals.local twice in evince-previewer

* Fix including globals.local twice in evince-thumbnailer
---
 etc/evince-previewer.profile   | 3 ++-
 etc/evince-thumbnailer.profile | 3 ++-
 etc/evince.profile             | 8 +++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'etc')

diff --git a/etc/evince-previewer.profile b/etc/evince-previewer.profile
index e43bb2da8..bd1ea6aa9 100644
--- a/etc/evince-previewer.profile
+++ b/etc/evince-previewer.profile
@@ -3,7 +3,8 @@
 # Persistent local customizations
 include evince-previewer.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
 
 # Redirect
diff --git a/etc/evince-thumbnailer.profile b/etc/evince-thumbnailer.profile
index 4036e1ecb..d11d4e1e1 100644
--- a/etc/evince-thumbnailer.profile
+++ b/etc/evince-thumbnailer.profile
@@ -3,7 +3,8 @@
 # Persistent local customizations
 include evince-thumbnailer.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
 
 # Redirect
diff --git a/etc/evince.profile b/etc/evince.profile
index e9b530ece..b784df57c 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -20,7 +20,7 @@ include whitelist-var-common.inc
 
 caps.drop all
 machine-id
-# net none breaks AppArmor on Ubuntu systems
+# net none - breaks AppArmor on Ubuntu systems
 netfilter
 no3d
 nodbus
@@ -39,12 +39,10 @@ tracelog
 
 private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
-private-etc alternatives,fonts,machine-id
-
+private-etc alternatives,fonts,group,machine-id,passwd
 private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv
-
 private-tmp
 
-#memory-deny-write-execute - breaks application on Archlinux, issue 1803
+# memory-deny-write-execute - might break application (https://github.com/netblue30/firejail/issues/1803)
 noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-54-g00ecf