Add wusc to more profiles (#3005)

* Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add qt/qt4 support to wusc * Add wusc to more profiles * Add wusc to more profiles * Update enchant.profile * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add wusc to more profiles * Add /usr/share/ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc * Add ca-certs to wusc
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-10-18 22:22:06 +0000
committer: GitHub <noreply@github.com> 2019-10-18 22:22:06 +0000
commit: 9f90e7924db093cbfbe974eb69618f9d8b54a078 (patch)
tree: 4d7293dc4dc335a5799badc65c44b7a7e958467a
parent: Merge pull request #3004 from rusty-snake/fix-2995 (diff)
download: firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.tar.gz
firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.tar.zst
firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.zip
81 files changed, 165 insertions, 2 deletions
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index eb21349a9..b9ddd80c4 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -27,6 +27,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/qtchooser
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index 2f08fa169..0a87ec297 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -17,6 +17,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/arch-audit
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
index 910e52a82..72e577d56 100644
--- a/etc/aria2c.profile
+++ b/etc/aria2c.profile
@@ -15,6 +15,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 ipc-namespace
 netfilter
diff --git a/etc/artha.profile b/etc/artha.profile
index f886921cb..f1d30a415 100644
--- a/etc/artha.profile
+++ b/etc/artha.profile
@@ -20,7 +20,10 @@ mkdir ${HOME}/.config/artha.conf
 mkdir ${HOME}/.config/enchant
 whitelist ${HOME}/.config/artha.conf
 whitelist ${HOME}/.config/enchant
+whitelist /usr/share/artha
+whitelist /usr/share/wordnet
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/assogiate.profile b/etc/assogiate.profile
index 074d82955..542b3da8d 100644
--- a/etc/assogiate.profile
+++ b/etc/assogiate.profile
@@ -18,6 +18,7 @@ include disable-xdg.inc
 whitelist ${PICTURES}
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
index 7b2d344e5..0abe87511 100644
--- a/etc/checkbashisms.profile
+++ b/etc/checkbashisms.profile
@@ -20,6 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index f0656385f..f68500b8e 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -16,6 +16,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+whitelist /usr/share/doc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/clawsker.profile b/etc/clawsker.profile
index f8c05a55b..eb05ed347 100644
--- a/etc/clawsker.profile
+++ b/etc/clawsker.profile
@@ -21,6 +21,7 @@ include disable-programs.inc
 mkdir ${HOME}/.claws-mail
 whitelist ${HOME}/.claws-mail
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
diff --git a/etc/clipit.profile b/etc/clipit.profile
index 44cda0665..66b5fc859 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -22,6 +22,7 @@ mkdir ${HOME}/.local/share/clipit
 whitelist ${HOME}/.config/clipit
 whitelist ${HOME}/.local/share/clipit
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/conky.profile b/etc/conky.profile
index d5949ecfd..78f92720f 100644
--- a/etc/conky.profile
+++ b/etc/conky.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 ipc-namespace
 netfilter
diff --git a/etc/curl.profile b/etc/curl.profile
index d44ce0b96..2624e5545 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -14,6 +14,8 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 ipc-namespace
 machine-id
diff --git a/etc/d-feet.profile b/etc/d-feet.profile
index e06769601..897bf5f5d 100644
--- a/etc/d-feet.profile
+++ b/etc/d-feet.profile
@@ -22,7 +22,9 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/d-feet
 whitelist ${HOME}/.config/d-feet
+whitelist /usr/share/d-feet
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/dconf.profile b/etc/dconf.profile
index 81763bd94..ebb362fb6 100644
--- a/etc/dconf.profile
+++ b/etc/dconf.profile
@@ -17,6 +17,7 @@ include disable-xdg.inc
 whitelist ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
diff --git a/etc/devhelp.profile b/etc/devhelp.profile
index 02b752b5f..5c1935835 100644
--- a/etc/devhelp.profile
+++ b/etc/devhelp.profile
@@ -15,7 +15,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/devhelp
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index ca617983d..ad891ffaf 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -19,6 +19,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.devilspie
 whitelist ${HOME}/.devilspie
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index 74b0dc939..f2bacda9a 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -22,6 +22,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/devilspie2
 whitelist ${HOME}/.config/devilspie2
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/dig.profile b/etc/dig.profile
index 611cbf026..e609105b4 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -20,6 +20,7 @@ include disable-xdg.inc
 #mkfile ${HOME}/.digrc -- see #903
 whitelist ${HOME}/.digrc
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/display.profile b/etc/display.profile
index 0b9d685e8..9e976c11a 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -19,6 +19,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index bba94e3cb..d0430d5ca 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -18,6 +18,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/dnscrypt-proxy
+include whitelist-usr-share-common.inc
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 ipc-namespace
 machine-id
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 42529d302..623a4cadc 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 machine-id
diff --git a/etc/enchant.profile b/etc/enchant.profile
index d30fb8232..d276cec84 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/exfalso.profile b/etc/exfalso.profile
index b5eda059f..7d91f2854 100644
--- a/etc/exfalso.profile
+++ b/etc/exfalso.profile
@@ -27,6 +27,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.quodlibet
 whitelist ${HOME}/.quodlibet
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index e76a4ca4c..565ae8fe9 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -16,6 +16,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index 0771bf6a5..19d9a7644 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -18,6 +18,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/ffmpeg
+whitelist /usr/share/qtchooser
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/font-manager.profile b/etc/font-manager.profile
index 1699e5cfc..064df38d7 100644
--- a/etc/font-manager.profile
+++ b/etc/font-manager.profile
@@ -25,7 +25,9 @@ mkdir ${HOME}/.cache/font-manager
 mkdir ${HOME}/.config/font-manager
 whitelist ${HOME}/.cache/font-manager
 whitelist ${HOME}/.config/font-manager
+whitelist /usr/share/font-manager
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
diff --git a/etc/gconf.profile b/etc/gconf.profile
index 4baf8c957..2f930235c 100644
--- a/etc/gconf.profile
+++ b/etc/gconf.profile
@@ -22,7 +22,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.config/gconf
 whitelist ${HOME}/.config/gconf
+whitelist /usr/share/GConf
+whitelist /usr/share/gconf
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
diff --git a/etc/geekbench.profile b/etc/geekbench.profile
index 8d7dbd48e..bf9d27788 100644
--- a/etc/geekbench.profile
+++ b/etc/geekbench.profile
@@ -14,6 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/git.profile b/etc/git.profile
index 8b1c81ca4..f290f8ffe 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -26,6 +26,12 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+whitelist /usr/share/git
+whitelist /usr/share/git-core
+whitelist /usr/share/gitgui
+whitelist /usr/share/gitweb
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/gjs.profile b/etc/gjs.profile
index 17b0aa5cf..871020ae0 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -19,6 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 nodvd
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index c9ad4831f..6709a331e 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -16,6 +16,7 @@ include disable-programs.inc
 include disable-xdg.inc
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/gnome-keyring.profile b/etc/gnome-keyring.profile
index 47d8ca2c0..8b24da8c4 100644
--- a/etc/gnome-keyring.profile
+++ b/etc/gnome-keyring.profile
@@ -17,7 +17,10 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
 #include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile
index 001274372..d15299890 100644
--- a/etc/gnome-nettool.profile
+++ b/etc/gnome-nettool.profile
@@ -14,7 +14,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/gnome-nettool
 #include whitelist-common.inc -- see #903
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.keep net_raw
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile
index 567fa262c..b4791afc5 100644
--- a/etc/gnome-recipes.profile
+++ b/etc/gnome-recipes.profile
@@ -21,7 +21,9 @@ mkdir ${HOME}/.cache/gnome-recipes
 mkdir ${HOME}/.local/share/gnome-recipes
 whitelist ${HOME}/.cache/gnome-recipes
 whitelist ${HOME}/.local/share/gnome-recipes
+whitelist /usr/share/gnome-recipes
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile
index 30ca56094..c8dd8ead7 100644
--- a/etc/gnome-schedule.profile
+++ b/etc/gnome-schedule.profile
@@ -35,9 +35,11 @@ include disable-xdg.inc
 mkfile ${HOME}/.gnome/gnome-schedule
 whitelist ${HOME}/.gnome/gnome-schedule
+whitelist /usr/share/gnome-schedule
 whitelist /var/spool/atd
 whitelist /var/spool/cron
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile
index b2907b32c..cfe39d18b 100644
--- a/etc/gnome-system-log.profile
+++ b/etc/gnome-system-log.profile
@@ -16,6 +16,7 @@ include disable-xdg.inc
 whitelist /var/log
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 61b485df5..36e50370e 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -16,6 +16,10 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 99ad1b888..1ed5e484a 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -16,6 +16,11 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/pacman/keyrings
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 17371aec0..eb00688dd 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -15,6 +15,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+whitelist /usr/share/gpicview
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index 19b4e1ed7..c17e82870 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/imlib2
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index a968609a9..30cb5d75d 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -28,6 +28,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/inkscape
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/liferea.profile b/etc/liferea.profile
index 70d317199..045adc1bf 100644
--- a/etc/liferea.profile
+++ b/etc/liferea.profile
@@ -27,7 +27,9 @@ mkdir ${HOME}/.local/share/liferea
 whitelist ${HOME}/.cache/liferea
 whitelist ${HOME}/.config/liferea
 whitelist ${HOME}/.local/share/liferea
+whitelist /usr/share/liferea
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index 02d4a937c..00730c00b 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -13,6 +13,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/mpDris2.profile b/etc/mpDris2.profile
index eb49b52ab..fd0351db0 100644
--- a/etc/mpDris2.profile
+++ b/etc/mpDris2.profile
@@ -26,6 +26,7 @@ whitelist ${MUSIC}
 mkdir ${HOME}/.config/mpDris2
 whitelist ${HOME}/.config/mpDris2
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 6c5963793..80f4df7cb 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -19,6 +19,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/mpg123.profile b/etc/mpg123.profile
index 8a8907c39..6dfeb4586 100644
--- a/etc/mpg123.profile
+++ b/etc/mpg123.profile
@@ -17,6 +17,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/mplayer.profile b/etc/mplayer.profile
index 877b92564..9ab4f8c7f 100644
--- a/etc/mplayer.profile
+++ b/etc/mplayer.profile
@@ -18,6 +18,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/nano.profile b/etc/nano.profile
index 9965d8a6b..af6fcc3fe 100644
--- a/etc/nano.profile
+++ b/etc/nano.profile
@@ -17,6 +17,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+whitelist /usr/share/nano
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/netactview.profile b/etc/netactview.profile
index c91822a9d..0618caf68 100644
--- a/etc/netactview.profile
+++ b/etc/netactview.profile
@@ -18,7 +18,9 @@ include disable-xdg.inc
 mkfile ${HOME}/.netactview
 whitelist ${HOME}/.netactview
+whitelist /usr/share/netactview
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile
index 19b6615ef..28879d09b 100644
--- a/etc/nitroshare.profile
+++ b/etc/nitroshare.profile
@@ -20,6 +20,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile
index 25e8089ab..acc249000 100644
--- a/etc/ocenaudio.profile
+++ b/etc/ocenaudio.profile
@@ -18,6 +18,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/patch.profile b/etc/patch.profile
index aa5c1ed4e..03f5a4b71 100644
--- a/etc/patch.profile
+++ b/etc/patch.profile
@@ -16,6 +16,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile
index e74394b22..5bbe1386f 100644
--- a/etc/pavucontrol.profile
+++ b/etc/pavucontrol.profile
@@ -18,7 +18,10 @@ include disable-xdg.inc
 mkfile ${HOME}/.config/pavucontrol.ini
 whitelist ${HOME}/.config/pavucontrol.ini
+whitelist /usr/share/pavucontrol
+whitelist /usr/share/pavucontrol-qt
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index f1a5741d0..e9572d914 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -17,6 +17,8 @@ include disable-xdg.inc
 whitelist ${DOCUMENTS}
 whitelist ${DOWNLOADS}
+whitelist /usr/share/poppler
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 299f807af..2e4215744 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -22,6 +22,7 @@ include disable-xdg.inc
 mkdir ${HOME}/.purple
 whitelist ${HOME}/.purple
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/ping.profile b/etc/ping.profile
index 4ff5250d7..11dbbcd58 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -14,6 +14,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-common.inc
 caps.keep net_raw
diff --git a/etc/regextester.profile b/etc/regextester.profile
index c7c59bec2..e30748946 100644
--- a/etc/regextester.profile
+++ b/etc/regextester.profile
@@ -14,6 +14,9 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/com.github.artemanufrij.regextester
+include whitelist-usr-share-common.inc
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/seahorse.profile b/etc/seahorse.profile
index fe29a6731..6acf8aa5d 100644
--- a/etc/seahorse.profile
+++ b/etc/seahorse.profile
@@ -25,6 +25,11 @@ mkdir ${HOME}/.ssh
 whitelist ${HOME}/.gnupg
 whitelist ${HOME}/.ssh
 whitelist /tmp/ssh-*
+whitelist /usr/share/gnupg
+whitelist /usr/share/gnupg2
+whitelist /usr/share/seahorse
+whitelist /usr/share/seahorse-nautilus
+include whitelist-usr-share-common.inc
 include whitelist-common.inc
 include whitelist-var-common.inc
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
index 2fcd69d3b..d26096c77 100644
--- a/etc/shellcheck.profile
+++ b/etc/shellcheck.profile
@@ -17,6 +17,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/shellcheck
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index a0c9e8303..ff6de9ec2 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/simple-scan
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 nodvd
diff --git a/etc/simplescreenrecorder.profile b/etc/simplescreenrecorder.profile
index a3caedf88..5f8ab360f 100644
--- a/etc/simplescreenrecorder.profile
+++ b/etc/simplescreenrecorder.profile
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/simplescreenrecorder
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 nodvd
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index c7324e6ca..395888c8a 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -25,6 +25,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/smplayer
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/smtube.profile b/etc/smtube.profile
index 1c7c6c0d2..98e0229ce 100644
--- a/etc/smtube.profile
+++ b/etc/smtube.profile
@@ -23,6 +23,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/smplayer
+whitelist /usr/share/smtube
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index efd600eb2..bdd6eb7f5 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -22,7 +22,9 @@ include disable-xdg.inc
 whitelist ${DOWNLOADS}
 whitelist ${MUSIC}
+whitelist /usr/share/soundconverter
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile
index cb4a74e11..1e1b46d3c 100644
--- a/etc/spectre-meltdown-checker.profile
+++ b/etc/spectre-meltdown-checker.profile
@@ -20,6 +20,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 allow-debuggers
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index 9934e92b0..8e355a176 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -16,6 +16,8 @@ include disable-common.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 no3d
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 6949299af..584c56b54 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -18,6 +18,8 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 ipc-namespace
 netfilter
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile
index 6de408740..828f3d327 100644
--- a/etc/subdownloader.profile
+++ b/etc/subdownloader.profile
@@ -21,6 +21,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 netfilter
diff --git a/etc/sysprof.profile b/etc/sysprof.profile
index e978e03f2..9188df709 100644
--- a/etc/sysprof.profile
+++ b/etc/sysprof.profile
@@ -14,6 +14,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 ipc-namespace
diff --git a/etc/transgui.profile b/etc/transgui.profile
index 0d09cef87..567e2ab30 100644
--- a/etc/transgui.profile
+++ b/etc/transgui.profile
@@ -20,6 +20,7 @@ mkdir ${HOME}/.config/transgui
 whitelist ${HOME}/.config/transgui
 whitelist ${DOWNLOADS}
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile
index 1b1fc4af7..a8b667e91 100644
--- a/etc/transmission-common.profile
+++ b/etc/transmission-common.profile
@@ -20,6 +20,7 @@ whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/transmission
 whitelist ${HOME}/.config/transmission
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index de8da003b..01bdeb4ef 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -7,8 +7,6 @@ include transmission-gtk.local
 # Persistent global definitions
 include globals.local
-include whitelist-usr-share-common.inc
 private-bin transmission-gtk
 ignore memory-deny-write-execute
diff --git a/etc/tshark.profile b/etc/tshark.profile
index ea85f4e8a..0decb95cf 100644
--- a/etc/tshark.profile
+++ b/etc/tshark.profile
@@ -14,7 +14,9 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/wireshark
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 #caps.keep net_raw
 caps.keep dac_override,net_admin,net_raw
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 09821b411..ec1ac48a2 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -16,6 +16,7 @@ mkdir ${HOME}/.config/uGet
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.config/uGet
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
diff --git a/etc/unbound.profile b/etc/unbound.profile
index c57bb45c4..67448d766 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -19,6 +19,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
 whitelist /var/lib/unbound
 whitelist /var/run
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index af6cd620f..60a7f0d20 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -14,6 +14,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 hostname uudeview
 ipc-namespace
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index e238db8ce..f9241c7e0 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -19,6 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 apparmor
 caps.drop all
 net none
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 99b34048f..a94275c2c 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.weechat
 include disable-common.inc
 include disable-programs.inc
+include whitelist-usr-share-common.inc
 caps.drop all
 netfilter
 nodvd
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc
index 61c69b2f8..7d1439f59 100644
--- a/etc/whitelist-usr-share-common.inc
+++ b/etc/whitelist-usr-share-common.inc
@@ -5,6 +5,7 @@ include whitelist-usr-share-common.local
 whitelist /usr/share/alsa
 whitelist /usr/share/applications
+whitelist /usr/share/ca-certificates
 whitelist /usr/share/crypto-policies
 whitelist /usr/share/cursors
 whitelist /usr/share/dconf
@@ -38,6 +39,8 @@ whitelist /usr/share/p11-kit
 whitelist /usr/share/pixmaps
 whitelist /usr/share/pki
 whitelist /usr/share/plasma
+whitelist /usr/share/qt
+whitelist /usr/share/qt4
 whitelist /usr/share/qt5
 whitelist /usr/share/sounds
 whitelist /usr/share/tcl8.6
diff --git a/etc/whois.profile b/etc/whois.profile
index 859542533..fed3709e5 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -15,6 +15,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 #include disable-xdg.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index 58ff93750..d73e2e279 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -21,6 +21,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /usr/share/wireshark
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile
index e6bbb4259..6ef85f318 100644
--- a/etc/xfce4-mixer.profile
+++ b/etc/xfce4-mixer.profile
@@ -18,7 +18,10 @@ include disable-xdg.inc
 mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
 whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
+whitelist /usr/share/xfce4
+whitelist /usr/share/xfce4-mixer
 include whitelist-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 apparmor
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-10-18 22:22:06 +0000
committer	GitHub <noreply@github.com>	2019-10-18 22:22:06 +0000
commit	9f90e7924db093cbfbe974eb69618f9d8b54a078 (patch)
tree	4d7293dc4dc335a5799badc65c44b7a7e958467a
parent	Merge pull request #3004 from rusty-snake/fix-2995 (diff)
download	firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.tar.gz firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.tar.zst firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.zip