mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
New profile: tesseract (#5516)
* Add firecfg support for tesseract * Add tesseract to 'New profiles' section in README.md * Create tesseract.profile * tesseract: fix private-etc * tesseract: fix XDG black/whitelisting * tesseract: use 'seccomp socket' instead of 'protocol unix' As kindly suggested by @rusty-snake. * tesseract: add 'restrict-namespaces' As kindly suggested by @rusty-snake. * tesseract: use full seccomp filtering The tesseract application works fine without 'protocol' or 'seccomp socket'.
This commit is contained in:
glitsj16
GitHub
parent
f24a49a2c9
commit
0e133dc034
3 changed files with 67 additions and 1 deletions
|
|
@ -336,4 +336,4 @@ Stats:
|
|||
### New profiles:
|
||||
|
||||
onionshare, onionshare-cli, opera-developer, songrec, gdu, makedeb, lbry-viewer, tuir,
|
||||
cinelerra-gg
|
||||
cinelerra-gg, tesseract
|
||||
|
|
|
|||
65
etc/profile-m-z/tesseract.profile
Normal file
65
etc/profile-m-z/tesseract.profile
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
# Firejail profile for tesseract
|
||||
# Description: An OCR program
|
||||
# This file is overwritten after every install/update
|
||||
# Persistent local customizations
|
||||
include tesseract.local
|
||||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
noblacklist ${DOCUMENTS}
|
||||
noblacklist ${PICTURES}
|
||||
include disable-common.inc
|
||||
include disable-devel.inc
|
||||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${DOCUMENTS}
|
||||
whitelist ${DOWNLOADS}
|
||||
whitelist ${PICTURES}
|
||||
include whitelist-common.inc
|
||||
include whitelist-run-common.inc
|
||||
include whitelist-runuser-common.inc
|
||||
whitelist /usr/share/tessdata
|
||||
include whitelist-usr-share-common.inc
|
||||
include whitelist-var-common.inc
|
||||
|
||||
apparmor
|
||||
caps.drop all
|
||||
hostname tesseract
|
||||
ipc-namespace
|
||||
machine-id
|
||||
net none
|
||||
no3d
|
||||
nodvd
|
||||
nogroups
|
||||
noinput
|
||||
nonewprivs
|
||||
noprinters
|
||||
noroot
|
||||
nosound
|
||||
notv
|
||||
nou2f
|
||||
novideo
|
||||
seccomp
|
||||
tracelog
|
||||
x11 none
|
||||
|
||||
#disable-mnt
|
||||
private-bin ambiguous_words,classifier_tester,cntraining,combine_lang_model,combine_tessdata,dawg2wordlist,lstmeval,lstmtraining,merge_unicharsets,mftraining,set_unicharset_properties,shapeclustering,tesseract,text2image,unicharset_extractor,wordlist2dawg
|
||||
private-cache
|
||||
private-dev
|
||||
private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload
|
||||
#private-lib libtesseract.so.*
|
||||
private-tmp
|
||||
|
||||
dbus-user none
|
||||
dbus-system none
|
||||
|
||||
memory-deny-write-execute
|
||||
restrict-namespaces
|
||||
|
|
@ -788,6 +788,7 @@ telegram
|
|||
telegram-desktop
|
||||
telnet
|
||||
terasology
|
||||
tesseract
|
||||
textmaker18
|
||||
textmaker18free
|
||||
thunderbird
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue