Add private-cache to many profiles

grep "cache" -L $(grep "redirect" -iL $(grep "whitelist" -RL))
author: Tad <tad@spotco.us> 2018-06-14 17:28:34 -0400
committer: Tad <tad@spotco.us> 2018-06-14 17:28:34 -0400
commit: b885aec301631b7fc6e1b402820f734b77e670a2 (patch)
tree: e617fa5b0b44f1ebf581fb7738f3ee7ce79a7253
parent: Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default" (diff)
download: firejail-b885aec301631b7fc6e1b402820f734b77e670a2.tar.gz
firejail-b885aec301631b7fc6e1b402820f734b77e670a2.tar.zst
firejail-b885aec301631b7fc6e1b402820f734b77e670a2.zip
101 files changed, 112 insertions, 8 deletions
diff --git a/README.md b/README.md
index cd6d82990..147b0ee1f 100644
--- a/README.md
+++ b/README.md
@@ -100,11 +100,6 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 `````
 # Current development version: 0.9.55
-## Mounting a temporary filesystem on top of ~/.cache directory by default
-To disable it globally, set "private-cache no" in /etc/firejail/firejail.config.
 ## New commands:
 `````
      (wireless support for --net)
@@ -128,6 +123,14 @@ To disable it globally, set "private-cache no" in /etc/firejail/firejail.config.
              Example:
              $ firejail --nou2f
+      --private-cache
+               Mount an empty temporary filesystem on top of the .cache
+               directory in user home. All modifications are discarded
+               when the sandbox is closed.
+              Example:
+              $ firejail --private-cache
 `````
 ## New profiles
diff --git a/RELNOTES b/RELNOTES
index 00e06f62c..4598e9b39 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,9 +1,7 @@
 firejail (0.9.55) baseline; urgency=low
  * work in progress
  * modif: removed CFG_CHROOT_DESKTOP configuration option
-  * mounting a temporary filesystem on top of ~/.cache directory by default.
+  * add --private-cache to support private ~/.cache
-    To disable it globally, set "private-cache no" in
-    /etc/firejail/firejail.config.
  * support full paths in private-lib
  * globbing support in private-lib
  * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile
index 08c2860b3..f1336be3e 100644
--- a/etc/Cryptocat.profile
+++ b/etc/Cryptocat.profile
@@ -25,5 +25,6 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/android-studio.profile b/etc/android-studio.profile
index 5ff0b7c3a..d845bd4b9 100644
--- a/etc/android-studio.profile
+++ b/etc/android-studio.profile
@@ -32,6 +32,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 # private-tmp
 # noexec /tmp breaks 'Android Profiler'
diff --git a/etc/apktool.profile b/etc/apktool.profile
index d5063d79b..ded17ca58 100644
--- a/etc/apktool.profile
+++ b/etc/apktool.profile
@@ -26,6 +26,7 @@ seccomp
 shell none
 private-bin apktool,bash,java,dirname,basename,expr,sh
+private-cache
 private-dev
 noexec ${HOME}
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index 70e02fc7b..0987ce149 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -32,6 +32,7 @@ shell none
 disable-mnt
 private
+private-cache
 private-bin arch-audit
 private-dev
 private-tmp
diff --git a/etc/ardour5.profile b/etc/ardour5.profile
index df42dfaed..c2090af98 100644
--- a/etc/ardour5.profile
+++ b/etc/ardour5.profile
@@ -30,6 +30,7 @@ seccomp
 shell none
 #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm
+private-cache
 private-dev
 #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts
 private-tmp
diff --git a/etc/arduino.profile b/etc/arduino.profile
index 14741c964..c8850ccb0 100644
--- a/etc/arduino.profile
+++ b/etc/arduino.profile
@@ -35,6 +35,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-tmp
 noexec ${HOME}
diff --git a/etc/atom.profile b/etc/atom.profile
index c513c7531..f7e30aeb4 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -27,6 +27,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/atool.profile b/etc/atool.profile
index 83b681437..06eace7d2 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -36,6 +36,7 @@ seccomp
 shell none
 tracelog
+private-cache
 # private-bin atool
 private-dev
 private-etc passwd,group
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index 1cd5d6a69..6507aeadb 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -27,6 +27,7 @@ seccomp
 disable-mnt
 private
+private-cache
 private-dev
 private-tmp
 read-write /var/lib/bitlbee
diff --git a/etc/bless.profile b/etc/bless.profile
index 3fd04cae6..1dd756153 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 # private-bin bless,sh,bash,mono
+private-cache
 private-dev
 private-etc fonts,mono
 private-tmp
diff --git a/etc/brackets.profile b/etc/brackets.profile
index 22a8dffea..8f1068506 100644
--- a/etc/brackets.profile
+++ b/etc/brackets.profile
@@ -26,4 +26,5 @@ protocol unix,inet,inet6,netlink
 seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic
 shell none
+private-cache
 private-dev
diff --git a/etc/brasero.profile b/etc/brasero.profile
index 26074af22..a012d4715 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -27,6 +27,7 @@ shell none
 tracelog
 # private-bin brasero
+private-cache
 # private-dev
 # private-etc fonts
 # private-tmp
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index e33e010aa..c63cfad8d 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -34,6 +34,7 @@ seccomp
 shell none
 tracelog
+private-cache
 private-dev
 private-tmp
diff --git a/etc/cin.profile b/etc/cin.profile
index e2410e3a5..92baef33a 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 #private-bin cin,ffmpeg
+private-cache
 private-dev
 noexec ${HOME}
diff --git a/etc/clion.profile b/etc/clion.profile
index 115df72c4..bcb18114e 100644
--- a/etc/clion.profile
+++ b/etc/clion.profile
@@ -28,6 +28,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
 # private-tmp
diff --git a/etc/clipit.profile b/etc/clipit.profile
index e5660f859..3134fdc3e 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/code.profile b/etc/code.profile
index af7d379ed..ab69008f1 100644
--- a/etc/code.profile
+++ b/etc/code.profile
@@ -26,6 +26,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/conky.profile b/etc/conky.profile
index fe90ac099..af275b915 100644
--- a/etc/conky.profile
+++ b/etc/conky.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/curl.profile b/etc/curl.profile
index 521cd20cc..1d2515f51 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 # private-bin curl
+private-cache
 private-dev
 # private-etc resolv.conf
 private-tmp
diff --git a/etc/default.profile b/etc/default.profile
index 9a2fcae64..42c1056c5 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -33,6 +33,7 @@ seccomp
 # disable-mnt
 # private
 # private-bin program
+# private-cache
 # private-dev
 # private-etc none
 # private-lib
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile
index 0634c0eaf..aeef46413 100644
--- a/etc/dex2jar.profile
+++ b/etc/dex2jar.profile
@@ -34,6 +34,7 @@ seccomp
 shell none
 private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep
+private-cache
 private-dev
 noexec ${HOME}
diff --git a/etc/dia.profile b/etc/dia.profile
index 49c6727f9..fca14236f 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -30,6 +30,7 @@ shell none
 disable-mnt
 #private-bin dia
+private-cache
 private-dev
 private-tmp
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index 4d0afc159..0971451c4 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -27,6 +27,7 @@ seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,i
 disable-mnt
 private
+private-cache
 private-dev
 # mdwe can break modules/plugins
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index f71f5bb02..fc1209c1e 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -28,4 +28,5 @@ seccomp
 disable-mnt
 private
+private-cache
 private-dev
diff --git a/etc/elinks.profile b/etc/elinks.profile
index 5d28ac0c8..6878c4fe0 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -31,6 +31,7 @@ shell none
 tracelog
 # private-bin elinks
+private-cache
 private-dev
 # private-etc none
 private-tmp
diff --git a/etc/empathy.profile b/etc/empathy.profile
index b9d682322..9d70afcb8 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -20,3 +20,6 @@ noroot
 notv
 protocol unix,inet,inet6
 seccomp
+private-cache
+private-tmp
diff --git a/etc/enchant.profile b/etc/enchant.profile
index 29472313d..a495122dc 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -30,6 +30,7 @@ shell none
 tracelog
 # private-bin enchant, enchant-*
+private-cache
 private-dev
 private-etc none
 private-tmp
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 2522a32a3..2666397f4 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -36,6 +36,7 @@ shell none
 tracelog
 # private-bin exiftool,perl
+private-cache
 private-dev
 private-etc none
 private-tmp
diff --git a/etc/feh.profile b/etc/feh.profile
index 657f05f3c..c79e98d1c 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -27,6 +27,7 @@ seccomp
 shell none
 private-bin feh,jpegexiforient,jpegtran
+private-cache
 private-dev
 private-etc feh
 private-tmp
diff --git a/etc/flowblade.profile b/etc/flowblade.profile
index e06107f0f..9d399931d 100644
--- a/etc/flowblade.profile
+++ b/etc/flowblade.profile
@@ -31,6 +31,7 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/fontforge.profile b/etc/fontforge.profile
index 088ed626b..c80588a8b 100644
--- a/etc/fontforge.profile
+++ b/etc/fontforge.profile
@@ -32,6 +32,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/freecad.profile b/etc/freecad.profile
index dc5738e01..9ea4e0f2b 100644
--- a/etc/freecad.profile
+++ b/etc/freecad.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 private-bin freecad,freecadcmd
+private-cache
 private-dev
 private-tmp
diff --git a/etc/freshclam.profile b/etc/freshclam.profile
index 08eac5595..4e224dd3e 100644
--- a/etc/freshclam.profile
+++ b/etc/freshclam.profile
@@ -24,6 +24,7 @@ tracelog
 disable-mnt
 private
+private-cache
 private-dev
 private-tmp
 writable-var
diff --git a/etc/geany.profile b/etc/geany.profile
index 35e405319..9db533e8c 100644
--- a/etc/geany.profile
+++ b/etc/geany.profile
@@ -25,5 +25,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/git.profile b/etc/git.profile
index 7dac03b1b..1bf9e8e4b 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -34,4 +34,5 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
diff --git a/etc/gitg.profile b/etc/gitg.profile
index 39cbdc53d..deee7c994 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 private-bin gitg,git,ssh
+private-cache
 private-dev
 private-tmp
diff --git a/etc/globaltime.profile b/etc/globaltime.profile
index 19820ce85..0df6b5e63 100644
--- a/etc/globaltime.profile
+++ b/etc/globaltime.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index dfee1ae08..4ddfc456a 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -23,4 +23,5 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
index 9089d7ee8..8a67d6e5c 100644
--- a/etc/gnome-documents.profile
+++ b/etc/gnome-documents.profile
@@ -30,6 +30,7 @@ seccomp
 shell none
 tracelog
+private-cache
 private-dev
 private-tmp
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 7cf97a79f..f54219174 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -22,6 +22,7 @@ seccomp
 shell none
 # private-bin gnome-mplayer,mplayer
+private-cache
 private-dev
 private-tmp
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 7f50e1e8d..85020fc2e 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -31,4 +31,5 @@ shell none
 tracelog
 # private-bin gpg-agent,gpg
+private-cache
 private-dev
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 7eb8a3ac8..ab43152d8 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -31,4 +31,5 @@ shell none
 tracelog
 # private-bin gpg,gpg-agent
+private-cache
 private-dev
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index eb0c38ec2..77ce42b36 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -29,5 +29,6 @@ shell none
 tracelog
 private-bin gthumb
+private-cache
 private-dev
 private-tmp
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 16ea2047d..60a13af3a 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -28,6 +28,7 @@ shell none
 disable-mnt
 private
+private-cache
 private-dev
 private-tmp
diff --git a/etc/hashcat.profile b/etc/hashcat.profile
index d61165a91..0fb8b8704 100644
--- a/etc/hashcat.profile
+++ b/etc/hashcat.profile
@@ -31,6 +31,7 @@ shell none
 disable-mnt
 private-bin hashcat
+private-cache
 private-dev
 private-tmp
diff --git a/etc/highlight.profile b/etc/highlight.profile
index a93019696..cd48df10c 100644
--- a/etc/highlight.profile
+++ b/etc/highlight.profile
@@ -30,6 +30,7 @@ shell none
 tracelog
 private-bin highlight
+private-cache
 private-dev
 # private-etc none
 private-tmp
diff --git a/etc/hugin.profile b/etc/hugin.profile
index 761c4e039..f92acac66 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
+private-cache
 private-dev
 private-tmp
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile
index caec416e9..06328ccbf 100644
--- a/etc/idea.sh.profile
+++ b/etc/idea.sh.profile
@@ -32,6 +32,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
 # private-tmp
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index 1cc8d2953..bbefd8044 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -27,6 +27,7 @@ shell none
 tracelog
 # private-bin img2txt
+private-cache
 private-dev
 # private-etc none
 private-tmp
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile
index 9a325d18b..ca23cedfa 100644
--- a/etc/jd-gui.profile
+++ b/etc/jd-gui.profile
@@ -36,6 +36,7 @@ seccomp
 shell none
 private-bin jd-gui,sh,bash
+private-cache
 private-dev
 private-tmp
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index cb2f2092a..b3b09f4b1 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -31,4 +31,5 @@ shell none
 tracelog
 disable-mnt
+private-cache
 private-tmp
diff --git a/etc/keepass.profile b/etc/keepass.profile
index 9ae6abfb2..03f27d3fa 100644
--- a/etc/keepass.profile
+++ b/etc/keepass.profile
@@ -33,6 +33,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/kino.profile b/etc/kino.profile
index 054b185dd..5144ce448 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -25,6 +25,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/krita.profile b/etc/krita.profile
index 99fd235db..01f7b6ff8 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -36,6 +36,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/less.profile b/etc/less.profile
index 9b04329f2..fd0f84c71 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -24,6 +24,7 @@ writable-var-log
 # Enable private-bin and private-lib if you are not using any filter.
 # private-bin less
 # private-lib
+private-cache
 private-dev
 memory-deny-write-execute
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index 8d55f5de2..8104a2886 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -28,6 +28,7 @@ shell none
 tracelog
 #private-bin luminance-hdr,luminance-hdr-cli,align_image_stack
+private-cache
 private-dev
 private-tmp
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 971d969ad..e50455532 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -27,6 +27,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/lynx.profile b/etc/lynx.profile
index fec9661c6..ba5322787 100644
--- a/etc/lynx.profile
+++ b/etc/lynx.profile
@@ -29,6 +29,7 @@ shell none
 tracelog
 # private-bin lynx
+private-cache
 private-dev
 # private-etc none
 private-tmp
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile
index bbef46567..6d20d7261 100644
--- a/etc/macrofusion.profile
+++ b/etc/macrofusion.profile
@@ -35,6 +35,7 @@ seccomp
 shell none
 private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack
+private-cache
 private-dev
 private-tmp
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index d79a0e886..48db03c27 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -30,6 +30,7 @@ shell none
 tracelog
 private-bin mediainfo
+private-cache
 private-dev
 private-etc none
 private-tmp
diff --git a/etc/meld.profile b/etc/meld.profile
index 78d9e0c76..1e85343df 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 private-bin meld,python*
+private-cache
 private-dev
 private-tmp
diff --git a/etc/mpd.profile b/etc/mpd.profile
index 7f3e42e08..2ad520633 100644
--- a/etc/mpd.profile
+++ b/etc/mpd.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 #private-bin mpd,bash
+private-cache
 private-dev
 private-tmp
diff --git a/etc/obs.profile b/etc/obs.profile
index 9a0fab3f8..7529dd1bb 100644
--- a/etc/obs.profile
+++ b/etc/obs.profile
@@ -25,6 +25,7 @@ shell none
 tracelog
 private-bin obs
+private-cache
 private-dev
 private-tmp
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index 32d51f478..aea6b79d2 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -30,6 +30,7 @@ shell none
 tracelog
 private-bin odt2txt
+private-cache
 private-dev
 private-etc none
 private-tmp
diff --git a/etc/orage.profile b/etc/orage.profile
index 8e218eb2d..2ac420f05 100644
--- a/etc/orage.profile
+++ b/etc/orage.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/parole.profile b/etc/parole.profile
index c659614e3..36ae97726 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -22,4 +22,5 @@ seccomp
 shell none
 private-bin parole,dbus-launch
+private-cache
 private-etc passwd,group,fonts
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile
index a5d9c2d65..fbd7ec179 100644
--- a/etc/pdfsam.profile
+++ b/etc/pdfsam.profile
@@ -37,6 +37,7 @@ seccomp
 shell none
 private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config
+private-cache
 private-dev
 private-tmp
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index ac2597a68..e0fd270af 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -26,6 +26,7 @@ shell none
 tracelog
 private-bin pidgin
+private-cache
 private-dev
 private-tmp
diff --git a/etc/pinta.profile b/etc/pinta.profile
index 73fabb95f..010de0d3e 100644
--- a/etc/pinta.profile
+++ b/etc/pinta.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 private-dev
+private-cache
 private-tmp
 noexec ${HOME}
diff --git a/etc/pix.profile b/etc/pix.profile
index ec495269d..dfc6d780e 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -30,5 +30,6 @@ shell none
 tracelog
 private-bin pix
+private-cache
 private-dev
 private-tmp
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile
index bbb907577..89bb9dadf 100644
--- a/etc/pycharm-community.profile
+++ b/etc/pycharm-community.profile
@@ -32,6 +32,7 @@ tracelog
 # private-etc fonts,passwd - minimal required to run but will probably break
 # program!
+private-cache
 private-dev
 private-tmp
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index 20b14c0ca..263c71535 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -23,6 +23,7 @@ seccomp
 shell none
 tracelog
+private-cache
 private-tmp
 noexec /tmp
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 7a60007fe..3ab25e92e 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -22,6 +22,7 @@ seccomp
 shell none
 tracelog
+private-cache
 private-tmp
 noexec /tmp
diff --git a/etc/qlipper.profile b/etc/qlipper.profile
index 237cd240b..079270909 100644
--- a/etc/qlipper.profile
+++ b/etc/qlipper.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/quassel.profile b/etc/quassel.profile
index 6783d5a43..9c5bbe1d3 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -19,3 +19,6 @@ noroot
 notv
 protocol unix,inet,inet6
 seccomp
+private-cache
+private-tmp
diff --git a/etc/remmina.profile b/etc/remmina.profile
index 4cd93b567..50746c60e 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -28,6 +28,7 @@ seccomp
 # seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
index 7628d386f..08c9dbf2d 100644
--- a/etc/ristretto.profile
+++ b/etc/ristretto.profile
@@ -29,6 +29,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index 57e933467..b4a2921ff 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -26,5 +26,6 @@ seccomp
 shell none
 private-bin rtorrent
+private-cache
 private-dev
 private-tmp
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile
index a0674acbc..fbe1b2de5 100644
--- a/etc/sdat2img.profile
+++ b/etc/sdat2img.profile
@@ -34,6 +34,7 @@ seccomp
 shell none
 private-bin sdat2img,env,python*
+private-cache
 private-dev
 noexec ${HOME}
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index d76c486ea..e5a8ce4df 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -26,6 +26,7 @@ seccomp
 shell none
 #private-bin shotcut,melt,qmelt,nice
+private-cache
 private-dev
 #noexec ${HOME}
diff --git a/etc/skype.profile b/etc/skype.profile
index f08542079..04f15b454 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -26,6 +26,7 @@ shell none
 disable-mnt
 #private-bin skype,bash
+private-cache
 private-dev
 private-tmp
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile
index c2270ce39..c675f0345 100644
--- a/etc/skypeforlinux.profile
+++ b/etc/skypeforlinux.profile
@@ -25,6 +25,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 # private-dev - needs /dev/disk
 private-tmp
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index 3d231cf5b..b15ba266b 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -31,6 +31,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 9711276c8..7bb7080e3 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 private-bin sqlitebrowser
+private-cache
 private-dev
 private-tmp
diff --git a/etc/ssh.profile b/etc/ssh.profile
index df86a276e..dfaeb9688 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 tracelog
+private-cache
 private-dev
 # private-tmp # Breaks when exiting
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 677920266..dcfd730ee 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 #private-bin synfigstudio,synfig,ffmpeg
+private-cache
 private-dev
 private-tmp
diff --git a/etc/telegram.profile b/etc/telegram.profile
index db055a898..9ffb9f287 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -23,6 +23,7 @@ protocol unix,inet,inet6
 seccomp
 disable-mnt
+private-cache
 private-tmp
 noexec ${HOME}
diff --git a/etc/tilp.profile b/etc/tilp.profile
index a9cccbd7b..7d63df630 100644
--- a/etc/tilp.profile
+++ b/etc/tilp.profile
@@ -28,6 +28,7 @@ tracelog
 disable-mnt
 private-bin tilp
+private-cache
 private-etc fonts
 private-tmp
diff --git a/etc/tor.profile b/etc/tor.profile
index 5029cf9b1..e37fd232c 100644
--- a/etc/tor.profile
+++ b/etc/tor.profile
@@ -41,6 +41,7 @@ writable-var
 disable-mnt
 private
 private-bin tor,bash
+private-cache
 private-dev
 private-etc tor,passwd
 private-tmp
diff --git a/etc/totem.profile b/etc/totem.profile
index fecf12a4c..0b9252d6c 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 private-bin totem
+private-cache
 private-dev
 # private-etc fonts
 private-tmp
diff --git a/etc/uefitool.profile b/etc/uefitool.profile
index 2ab2d2652..70d694ac9 100644
--- a/etc/uefitool.profile
+++ b/etc/uefitool.profile
@@ -27,6 +27,7 @@ protocol unix
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/uudeview.profile b/etc/uudeview.profile
index b64ecaa3e..d09cbd97a 100644
--- a/etc/uudeview.profile
+++ b/etc/uudeview.profile
@@ -18,6 +18,7 @@ shell none
 tracelog
 private-bin uudeview
+private-cache
 private-dev
 private-etc ld.so.preload
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index d867e0e05..ce4983337 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -34,6 +34,7 @@ shell none
 tracelog
 private-bin viewnior
+private-cache
 private-dev
 private-etc fonts
 private-tmp
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 59544f5b5..bfc7874cf 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -31,6 +31,7 @@ shell none
 tracelog
 # private-bin w3m
+private-cache
 private-dev
 private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies
 private-tmp
diff --git a/etc/webstorm.profile b/etc/webstorm.profile
index 93bcb50bb..1a77fd833 100644
--- a/etc/webstorm.profile
+++ b/etc/webstorm.profile
@@ -35,5 +35,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
+private-cache
 private-dev
 private-tmp
diff --git a/etc/wire.profile b/etc/wire.profile
index e43ba792e..86ebca33d 100644
--- a/etc/wire.profile
+++ b/etc/wire.profile
@@ -29,5 +29,6 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile
index 0be0b56a5..fc5294d5b 100644
--- a/etc/xfce4-dict.profile
+++ b/etc/xfce4-dict.profile
@@ -28,6 +28,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile
index 484b66722..5749b7832 100644
--- a/etc/xfce4-notes.profile
+++ b/etc/xfce4-notes.profile
@@ -30,6 +30,7 @@ seccomp
 shell none
 disable-mnt
+private-cache
 private-dev
 private-tmp
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 028e15ef5..6cdbbe99b 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -29,6 +29,7 @@ seccomp
 shell none
 private-bin zathura
+private-cache
 private-dev
 private-etc fonts,machine-id
 private-tmp
author	Tad <tad@spotco.us>	2018-06-14 17:28:34 -0400
committer	Tad <tad@spotco.us>	2018-06-14 17:28:34 -0400
commit	b885aec301631b7fc6e1b402820f734b77e670a2 (patch)
tree	e617fa5b0b44f1ebf581fb7738f3ee7ce79a7253
parent	Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default" (diff)
download	firejail-b885aec301631b7fc6e1b402820f734b77e670a2.tar.gz firejail-b885aec301631b7fc6e1b402820f734b77e670a2.tar.zst firejail-b885aec301631b7fc6e1b402820f734b77e670a2.zip