whitelist /var - Xubuntu fixes

etc/catfish.profile

@@ -8,8 +8,13 @@ include /etc/firejail/globals.local
 # We can't blacklist much since catfish
 # is for finding files/content
 noblacklist ~/.config/catfish
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 
-include /etc/firejail/disable-devel.inc
+whitelist /var/lib/mlocate
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 net none

etc/evince.profile

@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 netfilter
 no3d

etc/gnome-calculator.profile

@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 netfilter

etc/whitelist-common.inc

@@ -16,6 +16,7 @@ whitelist ~/.drirc
 whitelist ~/.mime.types
 whitelist ~/.local/share/applications
 read-only ~/.local/share/applications
+whitelist ~/.config/ibus
 
 # fonts
 whitelist ~/.fonts

etc/whitelist-var-common.inc

@@ -3,7 +3,7 @@ include /etc/firejail/whitelist-var-common.local
 
 # common /var whitelist for all profiles
 
-#whitelist /var/lib/dbus/machine-id - problems on Xubuntu, it is a symlink to /etc/machine-id, whitelist will fail
+whitelist /var/lib/dbus
 whitelist /var/lib/menu-xdg
 whitelist /var/cache/fontconfig
 whitelist /var/tmp