Add crypto-policies to private-etc in all profiles with private-etc *ssl*

Seems to be necessary under Fedora like pki This also fixes an issue with no audio in Lollypop on Fedora
author: Tad <tad@spotco.us> 2018-01-15 19:26:11 -0500
committer: Tad <tad@spotco.us> 2018-01-15 19:26:11 -0500
commit: 4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec (patch)
tree: 9f94ce17d9663c0fae227d0537f3e67884d10817
parent: Fixup 68ccf1efee030470bf3f1666429e31374f2ae3a6 (diff)
download: firejail-4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec.tar.gz
firejail-4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec.tar.zst
firejail-4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec.zip
12 files changed, 12 insertions, 12 deletions
diff --git a/etc/Viber.profile b/etc/Viber.profile
index 6700e3afc..a58ae95f6 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -31,7 +31,7 @@ shell none
 disable-mnt
 private-bin sh,bash,dig,awk,Viber
-private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates
+private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies
 private-tmp
 noexec ${HOME}
diff --git a/etc/firefox.profile b/etc/firefox.profile
index ffb22295f..079cb1536 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -88,7 +88,7 @@ disable-mnt
 # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
 private-dev
 # private-etc below works fine on most distributions. There are some problems on CentOS.
-# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki
+# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
 private-tmp
 noexec ${HOME}
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index defbc0ac4..f42489cd3 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -25,7 +25,7 @@ seccomp
 shell none
 private-dev
-private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki
+private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
 private-tmp
 noexec ${HOME}
diff --git a/etc/minetest.profile b/etc/minetest.profile
index 38aea8bcb..c560ac47c 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -33,7 +33,7 @@ disable-mnt
 private-bin minetest
 private-dev
 # private-etc needs to be updated, see #1702
-#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki
+#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
 private-tmp
 noexec ${HOME}
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index a2c6a3ef3..94c64f2dd 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -44,7 +44,7 @@ tracelog
 disable-mnt
 private-bin quiterss
 private-dev
-# private-etc X11,ssl,pki,ca-certificates
+# private-etc X11,ssl,pki,ca-certificates,crypto-policies
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/slack.profile b/etc/slack.profile
index 3861d44b5..da1f86638 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -36,5 +36,5 @@ shell none
 disable-mnt
 private-bin slack
 private-dev
-private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki
+private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies
 private-tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index add320616..1e0fd57d1 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -47,5 +47,5 @@ shell none
 # private-dev should be commented for controllers
 private-dev
 # private-etc breaks some games
-#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services
+#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies
 private-tmp
diff --git a/etc/surf.profile b/etc/surf.profile
index 1630fc391..b91c09885 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -29,7 +29,7 @@ tracelog
 disable-mnt
 private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
 private-dev
-private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates
+private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies
 private-tmp
 noexec ${HOME}
diff --git a/etc/terasology.profile b/etc/terasology.profile
index 88de342c5..3d27134c4 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -37,7 +37,7 @@ shell none
 disable-mnt
 private-dev
-private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki
+private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies
 private-tmp
 noexec ${HOME}
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 49b083919..b802478a2 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
 disable-mnt
 private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
 private-dev
-private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates
+private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies
 private-tmp
 noexec /tmp
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 97d20becb..d35ed9ae0 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -31,5 +31,5 @@ tracelog
 # private-bin w3m
 private-dev
-private-etc resolv.conf,ssl,pki,ca-certificates
+private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies
 private-tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index d2c804448..d17d2b612 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -32,7 +32,7 @@ disable-mnt
 private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
 private-dev
 # private-etc breaks audio on some distros
-#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki
+#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
 private-tmp
 noexec ${HOME}
author	Tad <tad@spotco.us>	2018-01-15 19:26:11 -0500
committer	Tad <tad@spotco.us>	2018-01-15 19:26:11 -0500
commit	4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec (patch)
tree	9f94ce17d9663c0fae227d0537f3e67884d10817
parent	Fixup 68ccf1efee030470bf3f1666429e31374f2ae3a6 (diff)
download	firejail-4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec.tar.gz firejail-4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec.tar.zst firejail-4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec.zip

diff --git a/etc/Viber.profile b/etc/Viber.profile index 6700e3afc..a58ae95f6 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile
@@ -31,7 +31,7 @@ shell none
31		31
32	disable-mnt	32	disable-mnt
33	private-bin sh,bash,dig,awk,Viber	33	private-bin sh,bash,dig,awk,Viber
34	private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates	34	private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies
35	private-tmp	35	private-tmp
36		36
37	noexec ${HOME}	37	noexec ${HOME}


diff --git a/etc/firefox.profile b/etc/firefox.profile index ffb22295f..079cb1536 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile
@@ -88,7 +88,7 @@ disable-mnt
88	# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash	88	# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
89	private-dev	89	private-dev
90	# private-etc below works fine on most distributions. There are some problems on CentOS.	90	# private-etc below works fine on most distributions. There are some problems on CentOS.
91	# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki	91	# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
92	private-tmp	92	private-tmp
93		93
94	noexec ${HOME}	94	noexec ${HOME}


diff --git a/etc/lollypop.profile b/etc/lollypop.profile index defbc0ac4..f42489cd3 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile
@@ -25,7 +25,7 @@ seccomp
25	shell none	25	shell none
26		26
27	private-dev	27	private-dev
28	private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki	28	private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
29	private-tmp	29	private-tmp
30		30
31	noexec ${HOME}	31	noexec ${HOME}


diff --git a/etc/minetest.profile b/etc/minetest.profile index 38aea8bcb..c560ac47c 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile
@@ -33,7 +33,7 @@ disable-mnt
33	private-bin minetest	33	private-bin minetest
34	private-dev	34	private-dev
35	# private-etc needs to be updated, see #1702	35	# private-etc needs to be updated, see #1702
36	#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki	36	#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
37	private-tmp	37	private-tmp
38		38
39	noexec ${HOME}	39	noexec ${HOME}


diff --git a/etc/quiterss.profile b/etc/quiterss.profile index a2c6a3ef3..94c64f2dd 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile
@@ -44,7 +44,7 @@ tracelog
44	disable-mnt	44	disable-mnt
45	private-bin quiterss	45	private-bin quiterss
46	private-dev	46	private-dev
47	# private-etc X11,ssl,pki,ca-certificates	47	# private-etc X11,ssl,pki,ca-certificates,crypto-policies
48		48
49	noexec ${HOME}	49	noexec ${HOME}
50	noexec /tmp	50	noexec /tmp


diff --git a/etc/slack.profile b/etc/slack.profile index 3861d44b5..da1f86638 100644 --- a/etc/slack.profile +++ b/etc/slack.profile
@@ -36,5 +36,5 @@ shell none
36	disable-mnt	36	disable-mnt
37	private-bin slack	37	private-bin slack
38	private-dev	38	private-dev
39	private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki	39	private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies
40	private-tmp	40	private-tmp


diff --git a/etc/steam.profile b/etc/steam.profile index add320616..1e0fd57d1 100644 --- a/etc/steam.profile +++ b/etc/steam.profile
@@ -47,5 +47,5 @@ shell none
47	# private-dev should be commented for controllers	47	# private-dev should be commented for controllers
48	private-dev	48	private-dev
49	# private-etc breaks some games	49	# private-etc breaks some games
50	#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services	50	#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies
51	private-tmp	51	private-tmp


diff --git a/etc/surf.profile b/etc/surf.profile index 1630fc391..b91c09885 100644 --- a/etc/surf.profile +++ b/etc/surf.profile
@@ -29,7 +29,7 @@ tracelog
29	disable-mnt	29	disable-mnt
30	private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop	30	private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
31	private-dev	31	private-dev
32	private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates	32	private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies
33	private-tmp	33	private-tmp
34		34
35	noexec ${HOME}	35	noexec ${HOME}


diff --git a/etc/terasology.profile b/etc/terasology.profile index 88de342c5..3d27134c4 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile
@@ -37,7 +37,7 @@ shell none
37		37
38	disable-mnt	38	disable-mnt
39	private-dev	39	private-dev
40	private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki	40	private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies
41	private-tmp	41	private-tmp
42		42
43	noexec ${HOME}	43	noexec ${HOME}


diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 49b083919..b802478a2 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
33	disable-mnt	33	disable-mnt
34	private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher	34	private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
35	private-dev	35	private-dev
36	private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates	36	private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies
37	private-tmp	37	private-tmp
38		38
39	noexec /tmp	39	noexec /tmp


diff --git a/etc/w3m.profile b/etc/w3m.profile index 97d20becb..d35ed9ae0 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile
@@ -31,5 +31,5 @@ tracelog
31		31
32	# private-bin w3m	32	# private-bin w3m
33	private-dev	33	private-dev
34	private-etc resolv.conf,ssl,pki,ca-certificates	34	private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies
35	private-tmp	35	private-tmp


diff --git a/etc/xonotic.profile b/etc/xonotic.profile index d2c804448..d17d2b612 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile
@@ -32,7 +32,7 @@ disable-mnt
32	private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl	32	private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
33	private-dev	33	private-dev
34	# private-etc breaks audio on some distros	34	# private-etc breaks audio on some distros
35	#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki	35	#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
36	private-tmp	36	private-tmp
37		37
38	noexec ${HOME}	38	noexec ${HOME}