From d01b93bbbdb195c12ba3d0078a2a30a56880b89b Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 18 May 2019 17:05:32 +0000 Subject: Refactor eog and eom profiles with common redirect (#2708) * Create eo-common.profile * Refactor eog.profile * Refactor eom.profile * Keep private-bin in eog.profile * Keep private-bin in eom.profile * Place private-bin back in eog/eom profiles --- etc/eo-common.profile | 47 +++++++++++++++++++++++++++++++++++++++++++++++ etc/eog.profile | 38 ++------------------------------------ etc/eom.profile | 34 ++-------------------------------- 3 files changed, 51 insertions(+), 68 deletions(-) create mode 100644 etc/eo-common.profile (limited to 'etc') diff --git a/etc/eo-common.profile b/etc/eo-common.profile new file mode 100644 index 000000000..ad18e10c4 --- /dev/null +++ b/etc/eo-common.profile @@ -0,0 +1,47 @@ +# Firejail profile for eo-common +# Description: Common profile for Eye of GNOME/MATE graphics viewer program +# This file is overwritten after every install/update +# Persistent local customizations +include eo-common.local +# Persistent global definitions +# already included by caller profile +#include globals.local + +noblacklist ${HOME}/.local/share/Trash +noblacklist ${HOME}/.Steam +noblacklist ${HOME}/.steam + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc + +include whitelist-var-common.inc + +apparmor +caps.drop all +ipc-namespace +machine-id +no3d +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,netlink +seccomp +shell none +tracelog + +private-cache +private-dev +private-etc alternatives,dconf,fonts,gtk-3.0 +private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* +private-tmp + +#memory-deny-write-execute - breaks on Arch diff --git a/etc/eog.profile b/etc/eog.profile index 953dc612c..8e3aa42fe 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -6,46 +6,12 @@ include eog.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.Steam noblacklist ${HOME}/.config/eog -noblacklist ${HOME}/.local/share/Trash -noblacklist ${HOME}/.steam - -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc - -include whitelist-var-common.inc - -apparmor -caps.drop all -ipc-namespace -machine-id -no3d -nodvd -nogroups -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix,netlink -seccomp -shell none -tracelog # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager' # comment those if you need that functionality # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eog.local private-bin eog -private-cache -private-dev -private-etc alternatives,fonts,gtk-3.0,dconf -private-lib eog,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* -private-tmp -# memory-deny-write-execute +# Redirect +include eo-common.profile diff --git a/etc/eom.profile b/etc/eom.profile index 25c760743..437326d38 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -6,42 +6,12 @@ include eom.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.Steam noblacklist ${HOME}/.config/mate/eom -noblacklist ${HOME}/.local/share/Trash -noblacklist ${HOME}/.steam - -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc - -include whitelist-var-common.inc - -caps.drop all -no3d -nodvd -nogroups -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix,netlink -seccomp -shell none -tracelog # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager' # comment those if you need that functionality # or put 'ignore private-bin', 'ignore private-etc' and 'ignore private-lib' in your eom.local private-bin eom -private-dev -private-etc alternatives,fonts,gtk-3.0,dconf -private-lib -private-tmp -#memory-deny-write-execute - breaks on Arch +# Redirect +include eo-common.profile -- cgit v1.2.3-70-g09d2