From 50a80e86106e956e6bbcb88aeacd3ea1eb1e949c Mon Sep 17 00:00:00 2001 From: kortewegdevries <62639087+kortewegdevries@users.noreply.github.com> Date: Mon, 27 Jul 2020 23:09:30 +0530 Subject: [PATCH 1/2] Added lyx profile Initial --- etc/inc/disable-programs.inc | 2 ++ etc/profile-a-l/lyx.profile | 40 ++++++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 43 insertions(+) create mode 100644 etc/profile-a-l/lyx.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 4336999186e..3155cab3331 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -101,6 +101,7 @@ blacklist ${HOME}/.config/Jitsi Meet blacklist ${HOME}/.config/Kid3 blacklist ${HOME}/.config/Kingsoft blacklist ${HOME}/.config/Luminance +blacklist ${HOME}/.config/LyX blacklist ${HOME}/.config/Mattermost blacklist ${HOME}/.config/Meltytech blacklist ${HOME}/.config/Mendeley Ltd. @@ -680,6 +681,7 @@ blacklist ${HOME}/.local/share/xplayer blacklist ${HOME}/.local/share/xreader blacklist ${HOME}/.local/share/zathura blacklist ${HOME}/.lv2 +blacklist ${HOME}/.lyx blacklist ${HOME}/.magicor blacklist ${HOME}/.masterpdfeditor blacklist ${HOME}/.mbwarband diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile new file mode 100644 index 00000000000..7d26dc19e38 --- /dev/null +++ b/etc/profile-a-l/lyx.profile @@ -0,0 +1,40 @@ +# Firejail profile for lyx +# Description: Open source document processor based on LaTeX typsetting +# This file is overwritten after every install/update +# Persistent local customizations +include lyx.local +# Persistent global definitions +include globals.local + +ignore private-tmp + +noblacklist ${DOCUMENTS} +noblacklist ${HOME}/.config/LyX +noblacklist ${HOME}/.lyx + +include allow-lua.inc +include allow-python2.inc +include allow-python3.inc + +include disable-xdg.inc + +mkdir ${HOME}/.config/LyX +mkdir ${HOME}/.lyx +whitelist ${DOCUMENTS} +whitelist ${HOME}/.config/LyX +whitelist ${HOME}/.lyx +whitelist /usr/share/lyx +whitelist /usr/share/texinfo +whitelist /usr/share/texmf-dist +whitelist /usr/share/tlpkg +include whitelist-common.inc +include whitelist-usr-share-common.inc + +apparmor +machine-id + +# private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex +private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,locale,locale.alias,locale.conf,lyx,mime.types,passwd,texmf,X11,xdg + +# Redirect +include latex-common.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e9ecab92529..bb57d99e970 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -429,6 +429,7 @@ luminance-hdr lximage-qt lxmusic lynx +lyx macrofusion magicor manaplus From 446c90787a932bb532dbd1ba9af92612655d754d Mon Sep 17 00:00:00 2001 From: kortewegdevries <62639087+kortewegdevries@users.noreply.github.com> Date: Tue, 28 Jul 2020 13:48:41 +0530 Subject: [PATCH 2/2] Rmoved whitelists Make home directory more accessible --- etc/profile-a-l/lyx.profile | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index 7d26dc19e38..b2c0afbe71f 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile @@ -8,32 +8,25 @@ include globals.local ignore private-tmp -noblacklist ${DOCUMENTS} noblacklist ${HOME}/.config/LyX noblacklist ${HOME}/.lyx include allow-lua.inc +include allow-perl.inc include allow-python2.inc include allow-python3.inc -include disable-xdg.inc - -mkdir ${HOME}/.config/LyX -mkdir ${HOME}/.lyx -whitelist ${DOCUMENTS} -whitelist ${HOME}/.config/LyX -whitelist ${HOME}/.lyx whitelist /usr/share/lyx whitelist /usr/share/texinfo +whitelist /usr/share/texlive whitelist /usr/share/texmf-dist whitelist /usr/share/tlpkg -include whitelist-common.inc include whitelist-usr-share-common.inc apparmor machine-id -# private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex +# private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,locale,locale.alias,locale.conf,lyx,mime.types,passwd,texmf,X11,xdg # Redirect