From 1f4400d3fffe9e3e8f5ab574cc389c68ea9d81a3 Mon Sep 17 00:00:00 2001
From: xSmurf <xsmurf+github@smurfturf.net>
Date: Mon, 20 Jul 2015 22:32:27 +0000
Subject: [PATCH] Cleanup of profiles to comply with latest wrapper changes

---
 profiles/eog-whitelist.seccomp    | 94 +++++++++++++++++++++++++++++++
 profiles/eog.json                 | 30 ++++++++++
 profiles/evince.json              |  5 +-
 profiles/gajim.json               |  8 +--
 profiles/icedove.json             |  8 +--
 profiles/iceweasel.json           |  8 +--
 profiles/libreoffice.json         |  8 +--
 profiles/liferea.json             |  8 +--
 profiles/pidgin.json              |  8 +--
 profiles/pond.json                |  8 +--
 profiles/torbrowser-launcher.json |  8 +--
 profiles/xchat.json               |  8 +--
 12 files changed, 144 insertions(+), 57 deletions(-)
 create mode 100644 profiles/eog-whitelist.seccomp
 create mode 100644 profiles/eog.json

diff --git a/profiles/eog-whitelist.seccomp b/profiles/eog-whitelist.seccomp
new file mode 100644
index 0000000..6846c0d
--- /dev/null
+++ b/profiles/eog-whitelist.seccomp
@@ -0,0 +1,94 @@
+access: 1
+arch_prctl: 1
+bind: 1
+brk: 1
+chdir: 1
+chmod: 1
+clock_getres: 1
+clone: 1
+close: 1
+connect: 1
+dup: 1
+dup2: 1
+eventfd2: 1
+execve: 1
+exit: 1
+exit_group: 1
+fadvise64: 1
+fallocate: 1
+fcntl: 1
+flistxattr: 1
+fstat: 1
+fstatfs: 1
+fsync: 1
+futex: 1
+getcwd: 1
+getdents: 1
+getegid: 1
+geteuid: 1
+getpeername: 1
+getpid: 1
+getresgid: 1
+getresuid: 1
+getrlimit: 1
+getrusage: 1
+getsockname: 1
+getuid: 1
+getxattr: 1
+inotify_add_watch: 1
+inotify_init1: 1
+inotify_rm_watch: 1
+ioctl: 1
+lchown: 1
+lgetxattr: 1
+link: 1
+listxattr: 1
+lseek: 1
+lstat: 1
+madvise: 1
+mincore: 1
+mkdir: 1
+mmap: 1
+mprotect: 1
+mremap: 1
+munmap: 1
+open: 1
+openat: 1
+pipe: 1
+pipe2: 1
+poll: 1
+prctl: 1
+pread64: 1
+pwrite64: 1
+read: 1
+readlink: 1
+recvfrom: 1
+recvmsg: 1
+rename: 1
+rmdir: 1
+rt_sigaction: 1
+rt_sigprocmask: 1
+sched_getaffinity: 1
+select: 1
+sendmsg: 1
+sendto: 1
+set_robust_list: 1
+setsockopt: 1
+set_tid_address: 1
+shmat: 1
+shmctl: 1
+shmdt: 1
+shmget: 1
+shutdown: 1
+sigaltstack: 1
+socket: arg0 == 0x1
+splice: 1
+stat: 1
+statfs: 1
+tgkill: 1
+uname: 1
+unlink: 1
+utimes: 1
+wait4: 1
+write: 1
+writev: 1
diff --git a/profiles/eog.json b/profiles/eog.json
new file mode 100644
index 0000000..651477b
--- /dev/null
+++ b/profiles/eog.json
@@ -0,0 +1,30 @@
+{
+"name": "eog"
+, "path": "/usr/bin/eog"
+, "allow_files": true
+, "xserver": {
+	"enabled": true
+	, "enable_tray": false
+	, "tray_icon":"/usr/share/icons/hicolor/scalable/apps/eog.svg"
+}
+, "networking":{
+	"type":"empty"
+}
+, "whitelist": [
+	{"path":"${HOME}/.config/gtk-3.0/gtk.css"}
+
+	, {"path":"/var/lib/oz/cells.d/eog-whitelist.seccomp"}
+]
+, "blacklist": [
+]
+, "environment": [
+	{"name":"GTK_THEME", "value":"Adwaita:dark"}
+	, {"name":"GTK2_RC_FILES", "value":"/usr/share/themes/Darklooks/gtk-2.0/gtkrc"}
+]
+, "seccomp": {
+	"mode":"whitelist"
+	, "enforce": true
+	, "seccomp_whitelist":"/var/lib/oz/cells.d/eog-whitelist.seccomp"
+	, "seccomp_blacklist":""
+}
+}
diff --git a/profiles/evince.json b/profiles/evince.json
index bd932d2..4eacde1 100644
--- a/profiles/evince.json
+++ b/profiles/evince.json
@@ -15,8 +15,7 @@
 	"type":"empty"
 }
 , "whitelist": [
-	{"path":"/var/lib/oz/cells.d/evince.json"}
-	, {"path":"/var/lib/oz/cells.d/evince-whitelist.seccomp"}
+	{"path":"/var/lib/oz/cells.d/evince-whitelist.seccomp"}
 	, {"path":"/var/lib/oz/cells.d/evince-blacklist.seccomp"}
 ]
 , "blacklist": [
@@ -24,7 +23,7 @@
 , "environment": [
 ]
 , "seccomp": {
-	"mode":"blacklist"
+	"mode":"whitelist"
 	, "enforce": true
 	, "seccomp_whitelist":"/var/lib/oz/cells.d/evince-whitelist.seccomp"
 	, "seccomp_blacklist":"/var/lib/oz/cells.d/evince-blacklist.seccomp"
diff --git a/profiles/gajim.json b/profiles/gajim.json
index 3e23b95..cb29ad5 100644
--- a/profiles/gajim.json
+++ b/profiles/gajim.json
@@ -23,8 +23,6 @@
 	, {"path":"${HOME}/.cache/gajim"}
 	, {"path":"${HOME}/.config/gajim"}
 	, {"path":"${HOME}/.local/share/keyrings"}
-	, {"path":"/var/lib/oz/cells.d/gajim.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 	{"path":"/run/user/${UID}/keyring-*/ssh"}
@@ -32,8 +30,6 @@
 	, {"path":"/run/user/${UID}/keyring-*/gpg"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/icedove.json b/profiles/icedove.json
index f997518..5070ff1 100644
--- a/profiles/icedove.json
+++ b/profiles/icedove.json
@@ -22,8 +22,6 @@
 
 	, {"path":"${HOME}/.config/gtk-3.0"}
 	, {"path":"${HOME}/.config/gtk-2.0"}
-	, {"path":"/var/lib/oz/cells.d/icedove.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "_blacklist": [
 ]
@@ -33,8 +31,6 @@
 	, {"name":"GNOME_KEYRING_PID", "value":"1"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/iceweasel.json b/profiles/iceweasel.json
index 29d3589..71b1454 100644
--- a/profiles/iceweasel.json
+++ b/profiles/iceweasel.json
@@ -19,16 +19,12 @@
 
 	, {"path":"${HOME}/.config/gtk-3.0"}
 	, {"path":"${HOME}/.config/gtk-2.0"}
-	, {"path":"/var/lib/oz/cells.d/iceweasel.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "environment": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/libreoffice.json b/profiles/libreoffice.json
index 61d3c5d..b22518d 100644
--- a/profiles/libreoffice.json
+++ b/profiles/libreoffice.json
@@ -27,12 +27,8 @@
 	"type":"empty"
 }
 , "whitelist": [
-	        {"path":"/var/lib/oz/cells.d/libreoffice.json"}
-		,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/liferea.json b/profiles/liferea.json
index ccd02c3..b56c652 100644
--- a/profiles/liferea.json
+++ b/profiles/liferea.json
@@ -25,16 +25,12 @@
 	, {"path":"${HOME}/.config/dconf"}
 	, {"path":"${HOME}/.cache/dconf"}
 	, {"path":"/run/user/${UID}/dconf"}
-	, {"path":"/var/lib/oz/cells.d/liferea.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.json"}
 ]
 , "blacklist": [
 ]
 , "_environment": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/pidgin.json b/profiles/pidgin.json
index 37c0ead..122dc20 100644
--- a/profiles/pidgin.json
+++ b/profiles/pidgin.json
@@ -10,16 +10,12 @@
 }
 , "whitelist": [
 	{"path":"${HOME}/.purple"}
-	,{"path":"/var/lib/oz/cells.d/pidgin.json"}
-	,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "environment": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/pond.json b/profiles/pond.json
index bb1c957..83c09b1 100644
--- a/profiles/pond.json
+++ b/profiles/pond.json
@@ -16,8 +16,6 @@
 , "whitelist": [
 	{"path":"${HOME}/.pond"}
 	, {"path":"/opt/usr/share/gopkgs/pond"}
-	, {"path":"/var/lib/oz/cells.d/pond.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
@@ -28,8 +26,6 @@
 	, {"name":"TOR_SOCKS_PORT"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/torbrowser-launcher.json b/profiles/torbrowser-launcher.json
index 5f62ac5..3586914 100644
--- a/profiles/torbrowser-launcher.json
+++ b/profiles/torbrowser-launcher.json
@@ -18,8 +18,6 @@
 	, {"path":"${HOME}/.cache/torbrowser"}
 	, {"path":"${HOME}/.config/torbrowser"}
 	, {"path":"${HOME}/Downloads/TorBrowser"}
-	, {"path":"/var/lib/oz/cells.d/torbrowser-launcher.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
@@ -33,8 +31,6 @@
 	, {"name":"TOR_CONTROL_COOKIE_AUTH_FILE"}
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }
diff --git a/profiles/xchat.json b/profiles/xchat.json
index 8c3c4db..ff79f02 100644
--- a/profiles/xchat.json
+++ b/profiles/xchat.json
@@ -17,14 +17,10 @@
 
 	, {"path":"${HOME}/.config/gtk-3.0"}
 	, {"path":"${HOME}/.config/gtk-2.0"}
-	, {"path":"/var/lib/oz/cells.d/xchat.json"}
-	, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
 ]
 , "blacklist": [
 ]
 , "seccomp": {
-        "mode":"blacklist"
-        , "enforce": true
-        , "seccomp_whitelist":""
-        , "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
+	"mode":"blacklist"
+	, "enforce": true
 }