Cleanup of profiles to comply with latest wrapper changes

9 years ago · 1f4400d3ff
parent 2f7e27f121
commit 1f4400d3ff
12 changed files with 144 additions and 57 deletions
--- a/profiles/eog-whitelist.seccomp
+++ b/profiles/eog-whitelist.seccomp
@ -0,0 +1,94 @@
+access: 1
+arch_prctl: 1
+bind: 1
+brk: 1
+chdir: 1
+chmod: 1
+clock_getres: 1
+clone: 1
+close: 1
+connect: 1
+dup: 1
+dup2: 1
+eventfd2: 1
+execve: 1
+exit: 1
+exit_group: 1
+fadvise64: 1
+fallocate: 1
+fcntl: 1
+flistxattr: 1
+fstat: 1
+fstatfs: 1
+fsync: 1
+futex: 1
+getcwd: 1
+getdents: 1
+getegid: 1
+geteuid: 1
+getpeername: 1
+getpid: 1
+getresgid: 1
+getresuid: 1
+getrlimit: 1
+getrusage: 1
+getsockname: 1
+getuid: 1
+getxattr: 1
+inotify_add_watch: 1
+inotify_init1: 1
+inotify_rm_watch: 1
+ioctl: 1
+lchown: 1
+lgetxattr: 1
+link: 1
+listxattr: 1
+lseek: 1
+lstat: 1
+madvise: 1
+mincore: 1
+mkdir: 1
+mmap: 1
+mprotect: 1
+mremap: 1
+munmap: 1
+open: 1
+openat: 1
+pipe: 1
+pipe2: 1
+poll: 1
+prctl: 1
+pread64: 1
+pwrite64: 1
+read: 1
+readlink: 1
+recvfrom: 1
+recvmsg: 1
+rename: 1
+rmdir: 1
+rt_sigaction: 1
+rt_sigprocmask: 1
+sched_getaffinity: 1
+select: 1
+sendmsg: 1
+sendto: 1
+set_robust_list: 1
+setsockopt: 1
+set_tid_address: 1
+shmat: 1
+shmctl: 1
+shmdt: 1
+shmget: 1
+shutdown: 1
+sigaltstack: 1
+socket: arg0 == 0x1
+splice: 1
+stat: 1
+statfs: 1
+tgkill: 1
+uname: 1
+unlink: 1
+utimes: 1
+wait4: 1
+write: 1
+writev: 1
--- a/profiles/eog.json
+++ b/profiles/eog.json
@ -0,0 +1,30 @@
+{
+"name": "eog"
+, "path": "/usr/bin/eog"
+, "allow_files": true
+, "xserver": {
+	"enabled": true
+	, "enable_tray": false
+	, "tray_icon":"/usr/share/icons/hicolor/scalable/apps/eog.svg"
+}
+, "networking":{
+	"type":"empty"
+}
+, "whitelist": [
+	{"path":"${HOME}/.config/gtk-3.0/gtk.css"}
+
+	, {"path":"/var/lib/oz/cells.d/eog-whitelist.seccomp"}
+]
+, "blacklist": [
+]
+, "environment": [
+	{"name":"GTK_THEME", "value":"Adwaita:dark"}
+	, {"name":"GTK2_RC_FILES", "value":"/usr/share/themes/Darklooks/gtk-2.0/gtkrc"}
+]
+, "seccomp": {
+	"mode":"whitelist"
+	, "enforce": true
+	, "seccomp_whitelist":"/var/lib/oz/cells.d/eog-whitelist.seccomp"
+	, "seccomp_blacklist":""
+}
+}
--- a/profiles/evince.json
+++ b/profiles/evince.json
@ -15,8 +15,7 @@
 	"type":"empty"
 }
 , "whitelist": [
-	{"path":"/var/lib/oz/cells.d/evince.json"}
-	, {"path":"/var/lib/oz/cells.d/evince-whitelist.seccomp"}
+	{"path":"/var/lib/oz/cells.d/evince-whitelist.seccomp"}
 	, {"path":"/var/lib/oz/cells.d/evince-blacklist.seccomp"}
 ]
 , "blacklist": [
@ -24,7 +23,7 @@
 , "environment": [
 ]
 , "seccomp": {
-	"mode":"blacklist"
+	"mode":"whitelist"
 	, "enforce": true
 	, "seccomp_whitelist":"/var/lib/oz/cells.d/evince-whitelist.seccomp"
 	, "seccomp_blacklist":"/var/lib/oz/cells.d/evince-blacklist.seccomp"
--- a/profiles/gajim.json
+++ b/profiles/gajim.json
@ -23,8 +23,6 @@
 	, {"path":"${HOME}/.cache/gajim"}
 	, {"path":"${HOME}/.config/gajim"}
 	, {"path":"${HOME}/.local/share/keyrings"}
-	, {"path":"/var/lib/oz/cells.d/gajim.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 	{"path":"/run/user/${UID}/keyring-*/ssh"}
@ -32,8 +30,6 @@
 	, {"path":"/run/user/${UID}/keyring-*/gpg"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/icedove.json
+++ b/profiles/icedove.json
@ -22,8 +22,6 @@

 	, {"path":"${HOME}/.config/gtk-3.0"}
 	, {"path":"${HOME}/.config/gtk-2.0"}
-	, {"path":"/var/lib/oz/cells.d/icedove.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "_blacklist": [
 ]
@ -33,8 +31,6 @@
 	, {"name":"GNOME_KEYRING_PID", "value":"1"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/iceweasel.json
+++ b/profiles/iceweasel.json
@ -19,16 +19,12 @@

 	, {"path":"${HOME}/.config/gtk-3.0"}
 	, {"path":"${HOME}/.config/gtk-2.0"}
-	, {"path":"/var/lib/oz/cells.d/iceweasel.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "environment": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/libreoffice.json
+++ b/profiles/libreoffice.json
@ -27,12 +27,8 @@
 	"type":"empty"
 }
 , "whitelist": [
-	        {"path":"/var/lib/oz/cells.d/libreoffice.json"}
-		,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/liferea.json
+++ b/profiles/liferea.json
@ -25,16 +25,12 @@
 	, {"path":"${HOME}/.config/dconf"}
 	, {"path":"${HOME}/.cache/dconf"}
 	, {"path":"/run/user/${UID}/dconf"}
-	, {"path":"/var/lib/oz/cells.d/liferea.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.json"}
 ]
 , "blacklist": [
 ]
 , "_environment": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/pidgin.json
+++ b/profiles/pidgin.json
@ -10,16 +10,12 @@
 }
 , "whitelist": [
 	{"path":"${HOME}/.purple"}
-	,{"path":"/var/lib/oz/cells.d/pidgin.json"}
-	,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "environment": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/pond.json
+++ b/profiles/pond.json
@ -16,8 +16,6 @@
 , "whitelist": [
 	{"path":"${HOME}/.pond"}
 	, {"path":"/opt/usr/share/gopkgs/pond"}
-	, {"path":"/var/lib/oz/cells.d/pond.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
@ -28,8 +26,6 @@
 	, {"name":"TOR_SOCKS_PORT"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/torbrowser-launcher.json
+++ b/profiles/torbrowser-launcher.json
@ -18,8 +18,6 @@
 	, {"path":"${HOME}/.cache/torbrowser"}
 	, {"path":"${HOME}/.config/torbrowser"}
 	, {"path":"${HOME}/Downloads/TorBrowser"}
-	, {"path":"/var/lib/oz/cells.d/torbrowser-launcher.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
@ -33,8 +31,6 @@
 	, {"name":"TOR_CONTROL_COOKIE_AUTH_FILE"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
--- a/profiles/xchat.json
+++ b/profiles/xchat.json
@ -17,14 +17,10 @@

 	, {"path":"${HOME}/.config/gtk-3.0"}
 	, {"path":"${HOME}/.config/gtk-2.0"}
-	, {"path":"/var/lib/oz/cells.d/xchat.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }