From 9d167236b106d952d7f659b6549e4c1b4206c99a Mon Sep 17 00:00:00 2001
From: mdik <github@enteig.net>
Date: Thu, 28 Jul 2016 02:05:50 +0000
Subject: [PATCH] added profile files for inkscape

---
 profiles/inkscape-whitelist.seccomp | 65 +++++++++++++++++++++++++++++
 profiles/inkscape.json              | 24 +++++++++++
 2 files changed, 89 insertions(+)
 create mode 100644 profiles/inkscape-whitelist.seccomp
 create mode 100644 profiles/inkscape.json

diff --git a/profiles/inkscape-whitelist.seccomp b/profiles/inkscape-whitelist.seccomp
new file mode 100644
index 0000000..d7b3089
--- /dev/null
+++ b/profiles/inkscape-whitelist.seccomp
@@ -0,0 +1,65 @@
+access: 1
+arch_prctl: 1
+brk: 1
+chmod: 1
+clone: 1
+close: 1
+connect: 1
+eventfd2: 1
+execve: 1
+exit: 1
+exit_group: 1
+fallocate: 1
+fcntl: 1
+flock: 1
+fstat: 1
+fstatfs: 1
+fsync: 1
+futex: 1
+getcwd: 1
+getdents: 1
+getpeername: 1
+getresgid: 1
+getresuid: 1
+getrlimit: 1
+getsockname: 1
+gettid: 1
+getuid: 1
+inotify_add_watch: 1
+inotify_init1: 1
+inotify_rm_watch: 1
+link: 1
+lseek: 1
+lstat: 1
+madvise: 1
+mkdir: 1
+mmap: 1
+mprotect: 1
+mremap: 1
+munmap: 1
+open: 1
+poll: 1
+prctl: 1
+read: 1
+readlink: 1
+recvfrom: 1
+recvmsg: 1
+rename: 1
+rt_sigaction: 1
+rt_sigprocmask: 1
+sched_getaffinity: 1
+select: 1
+set_robust_list: 1
+set_tid_address: 1
+shmat: 1
+shmctl: 1
+shmdt: 1
+shmget: 1
+sigaltstack: 1
+socket: 1
+stat: 1
+statfs: 1
+uname: 1
+unlink: 1
+write: 1
+writev: 1
diff --git a/profiles/inkscape.json b/profiles/inkscape.json
new file mode 100644
index 0000000..0574040
--- /dev/null
+++ b/profiles/inkscape.json
@@ -0,0 +1,24 @@
+{
+"name": "inkscape"
+, "path": "/usr/bin/inkscape"
+, "allow_files": true
+, "xserver": {
+	"enabled": true
+	, "enable_tray": false
+	, "tray_icon":"/usr/share/icons/gnome-colors-common/scalable/apps/inkscape.svg"
+	, "window_icon":"/usr/share/icons/gnome-colors-common/scalable/apps/inkscape.svg"
+}
+, "networking":{
+	"type":"empty"
+}
+, "whitelist": [
+	{"path":"/home/user/Pictures/inkscape", "can_create":true}
+	, {"path":"/var/lib/oz/cells.d/inkscape-whitelist.seccomp", "read_only": true}
+	, {"path":"/home/user/.local/share/fonts", "read_only": true}
+]
+, "seccomp": {
+	"mode":"whitelist"
+	, "whitelist":"/var/lib/oz/cells.d/inkscape-whitelist.seccomp"
+	, "enforce": true
+}
+}