diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-10-18 22:22:06 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-18 22:22:06 +0000 |
commit | 9f90e7924db093cbfbe974eb69618f9d8b54a078 (patch) | |
tree | 4d7293dc4dc335a5799badc65c44b7a7e958467a | |
parent | Merge pull request #3004 from rusty-snake/fix-2995 (diff) | |
download | firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.tar.gz firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.tar.zst firejail-9f90e7924db093cbfbe974eb69618f9d8b54a078.zip |
Add wusc to more profiles (#3005)
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add qt/qt4 support to wusc
* Add wusc to more profiles
* Add wusc to more profiles
* Update enchant.profile
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add wusc to more profiles
* Add /usr/share/ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
* Add ca-certs to wusc
81 files changed, 165 insertions, 2 deletions
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index eb21349a9..b9ddd80c4 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -27,6 +27,8 @@ include disable-passwdmgr.inc | |||
27 | include disable-programs.inc | 27 | include disable-programs.inc |
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | whitelist /usr/share/qtchooser | ||
31 | include whitelist-usr-share-common.inc | ||
30 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
31 | 33 | ||
32 | caps.drop all | 34 | caps.drop all |
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 2f08fa169..0a87ec297 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -17,6 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/arch-audit | ||
21 | include whitelist-usr-share-common.inc | ||
22 | |||
20 | apparmor | 23 | apparmor |
21 | caps.drop all | 24 | caps.drop all |
22 | ipc-namespace | 25 | ipc-namespace |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 910e52a82..72e577d56 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -15,6 +15,8 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | include whitelist-usr-share-common.inc | ||
19 | |||
18 | caps.drop all | 20 | caps.drop all |
19 | ipc-namespace | 21 | ipc-namespace |
20 | netfilter | 22 | netfilter |
diff --git a/etc/artha.profile b/etc/artha.profile index f886921cb..f1d30a415 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -20,7 +20,10 @@ mkdir ${HOME}/.config/artha.conf | |||
20 | mkdir ${HOME}/.config/enchant | 20 | mkdir ${HOME}/.config/enchant |
21 | whitelist ${HOME}/.config/artha.conf | 21 | whitelist ${HOME}/.config/artha.conf |
22 | whitelist ${HOME}/.config/enchant | 22 | whitelist ${HOME}/.config/enchant |
23 | whitelist /usr/share/artha | ||
24 | whitelist /usr/share/wordnet | ||
23 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
25 | 28 | ||
26 | apparmor | 29 | apparmor |
diff --git a/etc/assogiate.profile b/etc/assogiate.profile index 074d82955..542b3da8d 100644 --- a/etc/assogiate.profile +++ b/etc/assogiate.profile | |||
@@ -18,6 +18,7 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | whitelist ${PICTURES} | 19 | whitelist ${PICTURES} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
22 | 23 | ||
23 | apparmor | 24 | apparmor |
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index 7b2d344e5..0abe87511 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
@@ -20,6 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | apparmor | 26 | apparmor |
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index f0656385f..f68500b8e 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
@@ -16,6 +16,9 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | whitelist /usr/share/doc | ||
20 | include whitelist-usr-share-common.inc | ||
21 | |||
19 | caps.drop all | 22 | caps.drop all |
20 | netfilter | 23 | netfilter |
21 | no3d | 24 | no3d |
diff --git a/etc/clawsker.profile b/etc/clawsker.profile index f8c05a55b..eb05ed347 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile | |||
@@ -21,6 +21,7 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.claws-mail | 21 | mkdir ${HOME}/.claws-mail |
22 | whitelist ${HOME}/.claws-mail | 22 | whitelist ${HOME}/.claws-mail |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | ||
24 | 25 | ||
25 | apparmor | 26 | apparmor |
26 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/clipit.profile b/etc/clipit.profile index 44cda0665..66b5fc859 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -22,6 +22,7 @@ mkdir ${HOME}/.local/share/clipit | |||
22 | whitelist ${HOME}/.config/clipit | 22 | whitelist ${HOME}/.config/clipit |
23 | whitelist ${HOME}/.local/share/clipit | 23 | whitelist ${HOME}/.local/share/clipit |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
26 | 27 | ||
27 | apparmor | 28 | apparmor |
diff --git a/etc/conky.profile b/etc/conky.profile index d5949ecfd..78f92720f 100644 --- a/etc/conky.profile +++ b/etc/conky.profile | |||
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | |||
19 | caps.drop all | 21 | caps.drop all |
20 | ipc-namespace | 22 | ipc-namespace |
21 | netfilter | 23 | netfilter |
diff --git a/etc/curl.profile b/etc/curl.profile index d44ce0b96..2624e5545 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -14,6 +14,8 @@ include disable-exec.inc | |||
14 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include whitelist-usr-share-common.inc | ||
18 | |||
17 | caps.drop all | 19 | caps.drop all |
18 | ipc-namespace | 20 | ipc-namespace |
19 | machine-id | 21 | machine-id |
diff --git a/etc/d-feet.profile b/etc/d-feet.profile index e06769601..897bf5f5d 100644 --- a/etc/d-feet.profile +++ b/etc/d-feet.profile | |||
@@ -22,7 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/d-feet | 23 | mkdir ${HOME}/.config/d-feet |
24 | whitelist ${HOME}/.config/d-feet | 24 | whitelist ${HOME}/.config/d-feet |
25 | whitelist /usr/share/d-feet | ||
25 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
27 | 29 | ||
28 | apparmor | 30 | apparmor |
diff --git a/etc/dconf.profile b/etc/dconf.profile index 81763bd94..ebb362fb6 100644 --- a/etc/dconf.profile +++ b/etc/dconf.profile | |||
@@ -17,6 +17,7 @@ include disable-xdg.inc | |||
17 | whitelist ${HOME}/.local/share/glib-2.0 | 17 | whitelist ${HOME}/.local/share/glib-2.0 |
18 | # dconf paths are whitelisted by the following | 18 | # dconf paths are whitelisted by the following |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | ||
20 | 21 | ||
21 | apparmor | 22 | apparmor |
22 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/devhelp.profile b/etc/devhelp.profile index 02b752b5f..5c1935835 100644 --- a/etc/devhelp.profile +++ b/etc/devhelp.profile | |||
@@ -15,7 +15,9 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/devhelp | ||
18 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | ||
19 | 21 | ||
20 | apparmor | 22 | apparmor |
21 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index ca617983d..ad891ffaf 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -19,6 +19,7 @@ include disable-xdg.inc | |||
19 | mkdir ${HOME}/.devilspie | 19 | mkdir ${HOME}/.devilspie |
20 | whitelist ${HOME}/.devilspie | 20 | whitelist ${HOME}/.devilspie |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
23 | 24 | ||
24 | apparmor | 25 | apparmor |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 74b0dc939..f2bacda9a 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -22,6 +22,7 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.config/devilspie2 | 22 | mkdir ${HOME}/.config/devilspie2 |
23 | whitelist ${HOME}/.config/devilspie2 | 23 | whitelist ${HOME}/.config/devilspie2 |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
26 | 27 | ||
27 | apparmor | 28 | apparmor |
diff --git a/etc/dig.profile b/etc/dig.profile index 611cbf026..e609105b4 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -20,6 +20,7 @@ include disable-xdg.inc | |||
20 | #mkfile ${HOME}/.digrc -- see #903 | 20 | #mkfile ${HOME}/.digrc -- see #903 |
21 | whitelist ${HOME}/.digrc | 21 | whitelist ${HOME}/.digrc |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/display.profile b/etc/display.profile index 0b9d685e8..9e976c11a 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -19,6 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
23 | 24 | ||
24 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index bba94e3cb..d0430d5ca 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -18,6 +18,9 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/dnscrypt-proxy | ||
22 | include whitelist-usr-share-common.inc | ||
23 | |||
21 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 24 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
22 | ipc-namespace | 25 | ipc-namespace |
23 | machine-id | 26 | machine-id |
diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 42529d302..623a4cadc 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile | |||
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | |||
19 | apparmor | 21 | apparmor |
20 | caps.drop all | 22 | caps.drop all |
21 | machine-id | 23 | machine-id |
diff --git a/etc/enchant.profile b/etc/enchant.profile index d30fb8232..d276cec84 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -16,6 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | |||
19 | apparmor | 21 | apparmor |
20 | caps.drop all | 22 | caps.drop all |
21 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/exfalso.profile b/etc/exfalso.profile index b5eda059f..7d91f2854 100644 --- a/etc/exfalso.profile +++ b/etc/exfalso.profile | |||
@@ -27,6 +27,7 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.quodlibet | 27 | mkdir ${HOME}/.quodlibet |
28 | whitelist ${HOME}/.quodlibet | 28 | whitelist ${HOME}/.quodlibet |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | ||
30 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
31 | 32 | ||
32 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index e76a4ca4c..565ae8fe9 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -16,6 +16,8 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | |||
19 | apparmor | 21 | apparmor |
20 | caps.drop all | 22 | caps.drop all |
21 | ipc-namespace | 23 | ipc-namespace |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index 0771bf6a5..19d9a7644 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -18,6 +18,9 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/ffmpeg | ||
22 | whitelist /usr/share/qtchooser | ||
23 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
22 | 25 | ||
23 | apparmor | 26 | apparmor |
diff --git a/etc/font-manager.profile b/etc/font-manager.profile index 1699e5cfc..064df38d7 100644 --- a/etc/font-manager.profile +++ b/etc/font-manager.profile | |||
@@ -25,7 +25,9 @@ mkdir ${HOME}/.cache/font-manager | |||
25 | mkdir ${HOME}/.config/font-manager | 25 | mkdir ${HOME}/.config/font-manager |
26 | whitelist ${HOME}/.cache/font-manager | 26 | whitelist ${HOME}/.cache/font-manager |
27 | whitelist ${HOME}/.config/font-manager | 27 | whitelist ${HOME}/.config/font-manager |
28 | whitelist /usr/share/font-manager | ||
28 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | ||
29 | 31 | ||
30 | apparmor | 32 | apparmor |
31 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/gconf.profile b/etc/gconf.profile index 4baf8c957..2f930235c 100644 --- a/etc/gconf.profile +++ b/etc/gconf.profile | |||
@@ -22,7 +22,10 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/gconf | 23 | mkdir ${HOME}/.config/gconf |
24 | whitelist ${HOME}/.config/gconf | 24 | whitelist ${HOME}/.config/gconf |
25 | whitelist /usr/share/GConf | ||
26 | whitelist /usr/share/gconf | ||
25 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | ||
26 | 29 | ||
27 | apparmor | 30 | apparmor |
28 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/geekbench.profile b/etc/geekbench.profile index 8d7dbd48e..bf9d27788 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile | |||
@@ -14,6 +14,7 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include whitelist-usr-share-common.inc | ||
17 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
18 | 19 | ||
19 | apparmor | 20 | apparmor |
diff --git a/etc/git.profile b/etc/git.profile index 8b1c81ca4..f290f8ffe 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -26,6 +26,12 @@ include disable-exec.inc | |||
26 | include disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
27 | include disable-programs.inc | 27 | include disable-programs.inc |
28 | 28 | ||
29 | whitelist /usr/share/git | ||
30 | whitelist /usr/share/git-core | ||
31 | whitelist /usr/share/gitgui | ||
32 | whitelist /usr/share/gitweb | ||
33 | include whitelist-usr-share-common.inc | ||
34 | |||
29 | apparmor | 35 | apparmor |
30 | caps.drop all | 36 | caps.drop all |
31 | ipc-namespace | 37 | ipc-namespace |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 17b0aa5cf..871020ae0 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -19,6 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | include whitelist-usr-share-common.inc | ||
23 | |||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
24 | nodvd | 26 | nodvd |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index c9ad4831f..6709a331e 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -16,6 +16,7 @@ include disable-programs.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-usr-share-common.inc | ||
19 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
20 | 21 | ||
21 | apparmor | 22 | apparmor |
diff --git a/etc/gnome-keyring.profile b/etc/gnome-keyring.profile index 47d8ca2c0..8b24da8c4 100644 --- a/etc/gnome-keyring.profile +++ b/etc/gnome-keyring.profile | |||
@@ -17,7 +17,10 @@ include disable-interpreters.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/gnupg | ||
21 | whitelist /usr/share/gnupg2 | ||
20 | #include whitelist-common.inc | 22 | #include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
22 | 25 | ||
23 | apparmor | 26 | apparmor |
diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile index 001274372..d15299890 100644 --- a/etc/gnome-nettool.profile +++ b/etc/gnome-nettool.profile | |||
@@ -14,7 +14,9 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/gnome-nettool | ||
17 | #include whitelist-common.inc -- see #903 | 18 | #include whitelist-common.inc -- see #903 |
19 | include whitelist-usr-share-common.inc | ||
18 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
19 | 21 | ||
20 | caps.keep net_raw | 22 | caps.keep net_raw |
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 567fa262c..b4791afc5 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -21,7 +21,9 @@ mkdir ${HOME}/.cache/gnome-recipes | |||
21 | mkdir ${HOME}/.local/share/gnome-recipes | 21 | mkdir ${HOME}/.local/share/gnome-recipes |
22 | whitelist ${HOME}/.cache/gnome-recipes | 22 | whitelist ${HOME}/.cache/gnome-recipes |
23 | whitelist ${HOME}/.local/share/gnome-recipes | 23 | whitelist ${HOME}/.local/share/gnome-recipes |
24 | whitelist /usr/share/gnome-recipes | ||
24 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
26 | 28 | ||
27 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile index 30ca56094..c8dd8ead7 100644 --- a/etc/gnome-schedule.profile +++ b/etc/gnome-schedule.profile | |||
@@ -35,9 +35,11 @@ include disable-xdg.inc | |||
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | whitelist ${HOME}/.gnome/gnome-schedule | 37 | whitelist ${HOME}/.gnome/gnome-schedule |
38 | whitelist /usr/share/gnome-schedule | ||
38 | whitelist /var/spool/atd | 39 | whitelist /var/spool/atd |
39 | whitelist /var/spool/cron | 40 | whitelist /var/spool/cron |
40 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-usr-share-common.inc | ||
41 | include whitelist-var-common.inc | 43 | include whitelist-var-common.inc |
42 | 44 | ||
43 | apparmor | 45 | apparmor |
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile index b2907b32c..cfe39d18b 100644 --- a/etc/gnome-system-log.profile +++ b/etc/gnome-system-log.profile | |||
@@ -16,6 +16,7 @@ include disable-xdg.inc | |||
16 | 16 | ||
17 | whitelist /var/log | 17 | whitelist /var/log |
18 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-usr-share-common.inc | ||
19 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
20 | 21 | ||
21 | apparmor | 22 | apparmor |
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 61b485df5..36e50370e 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -16,6 +16,10 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | whitelist /usr/share/gnupg | ||
20 | whitelist /usr/share/gnupg2 | ||
21 | include whitelist-usr-share-common.inc | ||
22 | |||
19 | caps.drop all | 23 | caps.drop all |
20 | netfilter | 24 | netfilter |
21 | no3d | 25 | no3d |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 99ad1b888..1ed5e484a 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -16,6 +16,11 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | whitelist /usr/share/gnupg | ||
20 | whitelist /usr/share/gnupg2 | ||
21 | whitelist /usr/share/pacman/keyrings | ||
22 | include whitelist-usr-share-common.inc | ||
23 | |||
19 | caps.drop all | 24 | caps.drop all |
20 | netfilter | 25 | netfilter |
21 | no3d | 26 | no3d |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 17371aec0..eb00688dd 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -15,6 +15,8 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist /usr/share/gpicview | ||
19 | include whitelist-usr-share-common.inc | ||
18 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
19 | 21 | ||
20 | apparmor | 22 | apparmor |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 19b4e1ed7..c17e82870 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/imlib2 | ||
20 | include whitelist-usr-share-common.inc | ||
21 | |||
19 | apparmor | 22 | apparmor |
20 | caps.drop all | 23 | caps.drop all |
21 | ipc-namespace | 24 | ipc-namespace |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index a968609a9..30cb5d75d 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -28,6 +28,8 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/inkscape | ||
32 | include whitelist-usr-share-common.inc | ||
31 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
32 | 34 | ||
33 | apparmor | 35 | apparmor |
diff --git a/etc/liferea.profile b/etc/liferea.profile index 70d317199..045adc1bf 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
@@ -27,7 +27,9 @@ mkdir ${HOME}/.local/share/liferea | |||
27 | whitelist ${HOME}/.cache/liferea | 27 | whitelist ${HOME}/.cache/liferea |
28 | whitelist ${HOME}/.config/liferea | 28 | whitelist ${HOME}/.config/liferea |
29 | whitelist ${HOME}/.local/share/liferea | 29 | whitelist ${HOME}/.local/share/liferea |
30 | whitelist /usr/share/liferea | ||
30 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | ||
31 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
32 | 34 | ||
33 | caps.drop all | 35 | caps.drop all |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 02d4a937c..00730c00b 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -13,6 +13,8 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | include whitelist-usr-share-common.inc | ||
17 | |||
16 | apparmor | 18 | apparmor |
17 | caps.drop all | 19 | caps.drop all |
18 | ipc-namespace | 20 | ipc-namespace |
diff --git a/etc/mpDris2.profile b/etc/mpDris2.profile index eb49b52ab..fd0351db0 100644 --- a/etc/mpDris2.profile +++ b/etc/mpDris2.profile | |||
@@ -26,6 +26,7 @@ whitelist ${MUSIC} | |||
26 | 26 | ||
27 | mkdir ${HOME}/.config/mpDris2 | 27 | mkdir ${HOME}/.config/mpDris2 |
28 | whitelist ${HOME}/.config/mpDris2 | 28 | whitelist ${HOME}/.config/mpDris2 |
29 | include whitelist-usr-share-common.inc | ||
29 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
30 | 31 | ||
31 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/mpd.profile b/etc/mpd.profile index 6c5963793..80f4df7cb 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -19,6 +19,8 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include whitelist-usr-share-common.inc | ||
23 | |||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
24 | no3d | 26 | no3d |
diff --git a/etc/mpg123.profile b/etc/mpg123.profile index 8a8907c39..6dfeb4586 100644 --- a/etc/mpg123.profile +++ b/etc/mpg123.profile | |||
@@ -17,6 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include whitelist-usr-share-common.inc | ||
20 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
21 | 22 | ||
22 | apparmor | 23 | apparmor |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 877b92564..9ab4f8c7f 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile | |||
@@ -18,6 +18,7 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
22 | 23 | ||
23 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/nano.profile b/etc/nano.profile index 9965d8a6b..af6fcc3fe 100644 --- a/etc/nano.profile +++ b/etc/nano.profile | |||
@@ -17,6 +17,9 @@ include disable-interpreters.inc | |||
17 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | 19 | ||
20 | whitelist /usr/share/nano | ||
21 | include whitelist-usr-share-common.inc | ||
22 | |||
20 | apparmor | 23 | apparmor |
21 | caps.drop all | 24 | caps.drop all |
22 | ipc-namespace | 25 | ipc-namespace |
diff --git a/etc/netactview.profile b/etc/netactview.profile index c91822a9d..0618caf68 100644 --- a/etc/netactview.profile +++ b/etc/netactview.profile | |||
@@ -18,7 +18,9 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkfile ${HOME}/.netactview | 19 | mkfile ${HOME}/.netactview |
20 | whitelist ${HOME}/.netactview | 20 | whitelist ${HOME}/.netactview |
21 | whitelist /usr/share/netactview | ||
21 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
23 | 25 | ||
24 | apparmor | 26 | apparmor |
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index 19b6615ef..28879d09b 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile | |||
@@ -20,6 +20,8 @@ include disable-interpreters.inc | |||
20 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | ||
24 | |||
23 | caps.drop all | 25 | caps.drop all |
24 | netfilter | 26 | netfilter |
25 | no3d | 27 | no3d |
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index 25e8089ab..acc249000 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile | |||
@@ -18,6 +18,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | include whitelist-usr-share-common.inc | ||
22 | |||
21 | apparmor | 23 | apparmor |
22 | caps.drop all | 24 | caps.drop all |
23 | ipc-namespace | 25 | ipc-namespace |
diff --git a/etc/patch.profile b/etc/patch.profile index aa5c1ed4e..03f5a4b71 100644 --- a/etc/patch.profile +++ b/etc/patch.profile | |||
@@ -16,6 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include whitelist-usr-share-common.inc | ||
19 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
20 | 21 | ||
21 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index e74394b22..5bbe1386f 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile | |||
@@ -18,7 +18,10 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkfile ${HOME}/.config/pavucontrol.ini | 19 | mkfile ${HOME}/.config/pavucontrol.ini |
20 | whitelist ${HOME}/.config/pavucontrol.ini | 20 | whitelist ${HOME}/.config/pavucontrol.ini |
21 | whitelist /usr/share/pavucontrol | ||
22 | whitelist /usr/share/pavucontrol-qt | ||
21 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
23 | 26 | ||
24 | apparmor | 27 | apparmor |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index f1a5741d0..e9572d914 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -17,6 +17,8 @@ include disable-xdg.inc | |||
17 | 17 | ||
18 | whitelist ${DOCUMENTS} | 18 | whitelist ${DOCUMENTS} |
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | whitelist /usr/share/poppler | ||
21 | include whitelist-usr-share-common.inc | ||
20 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
21 | 23 | ||
22 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 299f807af..2e4215744 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -22,6 +22,7 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.purple | 22 | mkdir ${HOME}/.purple |
23 | whitelist ${HOME}/.purple | 23 | whitelist ${HOME}/.purple |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
26 | 27 | ||
27 | apparmor | 28 | apparmor |
diff --git a/etc/ping.profile b/etc/ping.profile index 4ff5250d7..11dbbcd58 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -14,6 +14,8 @@ include disable-interpreters.inc | |||
14 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | |||
18 | include whitelist-usr-share-common.inc | ||
17 | include whitelist-common.inc | 19 | include whitelist-common.inc |
18 | 20 | ||
19 | caps.keep net_raw | 21 | caps.keep net_raw |
diff --git a/etc/regextester.profile b/etc/regextester.profile index c7c59bec2..e30748946 100644 --- a/etc/regextester.profile +++ b/etc/regextester.profile | |||
@@ -14,6 +14,9 @@ include disable-interpreters.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/com.github.artemanufrij.regextester | ||
18 | include whitelist-usr-share-common.inc | ||
19 | |||
17 | include whitelist-common.inc | 20 | include whitelist-common.inc |
18 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
19 | 22 | ||
diff --git a/etc/seahorse.profile b/etc/seahorse.profile index fe29a6731..6acf8aa5d 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile | |||
@@ -25,6 +25,11 @@ mkdir ${HOME}/.ssh | |||
25 | whitelist ${HOME}/.gnupg | 25 | whitelist ${HOME}/.gnupg |
26 | whitelist ${HOME}/.ssh | 26 | whitelist ${HOME}/.ssh |
27 | whitelist /tmp/ssh-* | 27 | whitelist /tmp/ssh-* |
28 | whitelist /usr/share/gnupg | ||
29 | whitelist /usr/share/gnupg2 | ||
30 | whitelist /usr/share/seahorse | ||
31 | whitelist /usr/share/seahorse-nautilus | ||
32 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-common.inc | 33 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 34 | include whitelist-var-common.inc |
30 | 35 | ||
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index 2fcd69d3b..d26096c77 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile | |||
@@ -17,6 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/shellcheck | ||
21 | include whitelist-usr-share-common.inc | ||
20 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
21 | 23 | ||
22 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index a0c9e8303..ff6de9ec2 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/simple-scan | ||
20 | include whitelist-usr-share-common.inc | ||
21 | |||
19 | caps.drop all | 22 | caps.drop all |
20 | netfilter | 23 | netfilter |
21 | nodvd | 24 | nodvd |
diff --git a/etc/simplescreenrecorder.profile b/etc/simplescreenrecorder.profile index a3caedf88..5f8ab360f 100644 --- a/etc/simplescreenrecorder.profile +++ b/etc/simplescreenrecorder.profile | |||
@@ -16,6 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/simplescreenrecorder | ||
20 | include whitelist-usr-share-common.inc | ||
21 | |||
19 | apparmor | 22 | apparmor |
20 | caps.drop all | 23 | caps.drop all |
21 | nodvd | 24 | nodvd |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index c7324e6ca..395888c8a 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -25,6 +25,8 @@ include disable-passwdmgr.inc | |||
25 | include disable-programs.inc | 25 | include disable-programs.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist /usr/share/smplayer | ||
29 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
29 | 31 | ||
30 | apparmor | 32 | apparmor |
diff --git a/etc/smtube.profile b/etc/smtube.profile index 1c7c6c0d2..98e0229ce 100644 --- a/etc/smtube.profile +++ b/etc/smtube.profile | |||
@@ -23,6 +23,9 @@ include disable-passwdmgr.inc | |||
23 | include disable-programs.inc | 23 | include disable-programs.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist /usr/share/smplayer | ||
27 | whitelist /usr/share/smtube | ||
28 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
27 | 30 | ||
28 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index efd600eb2..bdd6eb7f5 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -22,7 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | whitelist ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | whitelist ${MUSIC} | 24 | whitelist ${MUSIC} |
25 | whitelist /usr/share/soundconverter | ||
25 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
27 | 29 | ||
28 | apparmor | 30 | apparmor |
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index cb4a74e11..1e1b46d3c 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile | |||
@@ -20,6 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | allow-debuggers | 26 | allow-debuggers |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 9934e92b0..8e355a176 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -16,6 +16,8 @@ include disable-common.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include whitelist-usr-share-common.inc | ||
20 | |||
19 | caps.drop all | 21 | caps.drop all |
20 | netfilter | 22 | netfilter |
21 | no3d | 23 | no3d |
diff --git a/etc/ssh.profile b/etc/ssh.profile index 6949299af..584c56b54 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -18,6 +18,8 @@ include disable-exec.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | include whitelist-usr-share-common.inc | ||
22 | |||
21 | caps.drop all | 23 | caps.drop all |
22 | ipc-namespace | 24 | ipc-namespace |
23 | netfilter | 25 | netfilter |
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile index 6de408740..828f3d327 100644 --- a/etc/subdownloader.profile +++ b/etc/subdownloader.profile | |||
@@ -21,6 +21,8 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | include whitelist-usr-share-common.inc | ||
25 | |||
24 | apparmor | 26 | apparmor |
25 | caps.drop all | 27 | caps.drop all |
26 | netfilter | 28 | netfilter |
diff --git a/etc/sysprof.profile b/etc/sysprof.profile index e978e03f2..9188df709 100644 --- a/etc/sysprof.profile +++ b/etc/sysprof.profile | |||
@@ -14,6 +14,8 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | include whitelist-usr-share-common.inc | ||
18 | |||
17 | apparmor | 19 | apparmor |
18 | caps.drop all | 20 | caps.drop all |
19 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/transgui.profile b/etc/transgui.profile index 0d09cef87..567e2ab30 100644 --- a/etc/transgui.profile +++ b/etc/transgui.profile | |||
@@ -20,6 +20,7 @@ mkdir ${HOME}/.config/transgui | |||
20 | whitelist ${HOME}/.config/transgui | 20 | whitelist ${HOME}/.config/transgui |
21 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | apparmor | 26 | apparmor |
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile index 1b1fc4af7..a8b667e91 100644 --- a/etc/transmission-common.profile +++ b/etc/transmission-common.profile | |||
@@ -20,6 +20,7 @@ whitelist ${DOWNLOADS} | |||
20 | whitelist ${HOME}/.cache/transmission | 20 | whitelist ${HOME}/.cache/transmission |
21 | whitelist ${HOME}/.config/transmission | 21 | whitelist ${HOME}/.config/transmission |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
25 | apparmor | 26 | apparmor |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index de8da003b..01bdeb4ef 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -7,8 +7,6 @@ include transmission-gtk.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | include whitelist-usr-share-common.inc | ||
11 | |||
12 | private-bin transmission-gtk | 10 | private-bin transmission-gtk |
13 | 11 | ||
14 | ignore memory-deny-write-execute | 12 | ignore memory-deny-write-execute |
diff --git a/etc/tshark.profile b/etc/tshark.profile index ea85f4e8a..0decb95cf 100644 --- a/etc/tshark.profile +++ b/etc/tshark.profile | |||
@@ -14,7 +14,9 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/wireshark | ||
17 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-usr-share-common.inc | ||
18 | 20 | ||
19 | #caps.keep net_raw | 21 | #caps.keep net_raw |
20 | caps.keep dac_override,net_admin,net_raw | 22 | caps.keep dac_override,net_admin,net_raw |
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index 09821b411..ec1ac48a2 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -16,6 +16,7 @@ mkdir ${HOME}/.config/uGet | |||
16 | whitelist ${DOWNLOADS} | 16 | whitelist ${DOWNLOADS} |
17 | whitelist ${HOME}/.config/uGet | 17 | whitelist ${HOME}/.config/uGet |
18 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-usr-share-common.inc | ||
19 | 20 | ||
20 | caps.drop all | 21 | caps.drop all |
21 | netfilter | 22 | netfilter |
diff --git a/etc/unbound.profile b/etc/unbound.profile index c57bb45c4..67448d766 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -19,6 +19,8 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | include whitelist-usr-share-common.inc | ||
23 | |||
22 | whitelist /var/lib/unbound | 24 | whitelist /var/lib/unbound |
23 | whitelist /var/run | 25 | whitelist /var/run |
24 | 26 | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index af6cd620f..60a7f0d20 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -14,6 +14,8 @@ include disable-interpreters.inc | |||
14 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include whitelist-usr-share-common.inc | ||
18 | |||
17 | caps.drop all | 19 | caps.drop all |
18 | hostname uudeview | 20 | hostname uudeview |
19 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index e238db8ce..f9241c7e0 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -19,6 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | include whitelist-usr-share-common.inc | ||
23 | |||
22 | apparmor | 24 | apparmor |
23 | caps.drop all | 25 | caps.drop all |
24 | net none | 26 | net none |
diff --git a/etc/weechat.profile b/etc/weechat.profile index 99b34048f..a94275c2c 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -11,6 +11,8 @@ noblacklist ${HOME}/.weechat | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | include whitelist-usr-share-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | netfilter | 17 | netfilter |
16 | nodvd | 18 | nodvd |
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc index 61c69b2f8..7d1439f59 100644 --- a/etc/whitelist-usr-share-common.inc +++ b/etc/whitelist-usr-share-common.inc | |||
@@ -5,6 +5,7 @@ include whitelist-usr-share-common.local | |||
5 | 5 | ||
6 | whitelist /usr/share/alsa | 6 | whitelist /usr/share/alsa |
7 | whitelist /usr/share/applications | 7 | whitelist /usr/share/applications |
8 | whitelist /usr/share/ca-certificates | ||
8 | whitelist /usr/share/crypto-policies | 9 | whitelist /usr/share/crypto-policies |
9 | whitelist /usr/share/cursors | 10 | whitelist /usr/share/cursors |
10 | whitelist /usr/share/dconf | 11 | whitelist /usr/share/dconf |
@@ -38,6 +39,8 @@ whitelist /usr/share/p11-kit | |||
38 | whitelist /usr/share/pixmaps | 39 | whitelist /usr/share/pixmaps |
39 | whitelist /usr/share/pki | 40 | whitelist /usr/share/pki |
40 | whitelist /usr/share/plasma | 41 | whitelist /usr/share/plasma |
42 | whitelist /usr/share/qt | ||
43 | whitelist /usr/share/qt4 | ||
41 | whitelist /usr/share/qt5 | 44 | whitelist /usr/share/qt5 |
42 | whitelist /usr/share/sounds | 45 | whitelist /usr/share/sounds |
43 | whitelist /usr/share/tcl8.6 | 46 | whitelist /usr/share/tcl8.6 |
diff --git a/etc/whois.profile b/etc/whois.profile index 859542533..fed3709e5 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -15,6 +15,7 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | #include disable-xdg.inc | 16 | #include disable-xdg.inc |
17 | 17 | ||
18 | include whitelist-usr-share-common.inc | ||
18 | include whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
19 | 20 | ||
20 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 58ff93750..d73e2e279 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -21,6 +21,8 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | whitelist /usr/share/wireshark | ||
25 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
25 | 27 | ||
26 | apparmor | 28 | apparmor |
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index e6bbb4259..6ef85f318 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile | |||
@@ -18,7 +18,10 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 19 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
20 | whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 20 | whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
21 | whitelist /usr/share/xfce4 | ||
22 | whitelist /usr/share/xfce4-mixer | ||
21 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
23 | 26 | ||
24 | apparmor | 27 | apparmor |