From 577c9bfc67c38ae9fad9949bc1c821b25d44fcd6 Mon Sep 17 00:00:00 2001
From: Pig Monkey <pm@pig-monkey.com>
Date: Sat, 30 Jan 2016 17:53:55 -0800
Subject: [PATCH] jail zathura

For shady PDFs, firewarden is still the better solution, but jailing
zathura with the generic profile isn't going to hurt anything when
viewing trusted docs.
---
 roles/office/files/zathura.sh | 11 +++++++++++
 roles/office/meta/main.yml    |  3 +--
 roles/office/tasks/main.yml   |  5 +++++
 3 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 roles/office/files/zathura.sh

diff --git a/roles/office/files/zathura.sh b/roles/office/files/zathura.sh
new file mode 100644
index 0000000..0d1e8a1
--- /dev/null
+++ b/roles/office/files/zathura.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+FIREJAIL=""
+
+hash firejail 2> /dev/null
+
+if [ $? -eq 0 ]; then
+    FIREJAIL=firejail
+fi
+
+$FIREJAIL /usr/bin/zathura "$@"
diff --git a/roles/office/meta/main.yml b/roles/office/meta/main.yml
index ead01fd..cbc0668 100644
--- a/roles/office/meta/main.yml
+++ b/roles/office/meta/main.yml
@@ -1,4 +1,3 @@
 ---
 dependencies:
-  - { role: base }
-  - { role: x }
+  - { role: firejail }
diff --git a/roles/office/tasks/main.yml b/roles/office/tasks/main.yml
index 7887afd..868064c 100644
--- a/roles/office/tasks/main.yml
+++ b/roles/office/tasks/main.yml
@@ -8,6 +8,11 @@
     - zathura-pdf-mupdf
     - zathura-ps
 
+- name: Jail Zathura
+  copy: src=zathura.sh dest=/usr/local/bin/zathura mode=0755
+  tags:
+    - firejail
+
 - name: Install enscript
   pacman: name=enscript state=present