profile fixes

author: netblue30 <netblue30@yahoo.com> 2020-03-18 12:28:19 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-03-18 12:28:19 -0400
commit: a81a8b4539ca52d5b02c37ec95c7fe864b656641 (patch)
tree: eb465fa57d2231dcc64fe07795a380bb1fcdbf19 /etc
parent: fix mplayer profile (diff)
download: firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.tar.gz
firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.tar.zst
firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.zip
22 files changed, 40 insertions, 1 deletions
diff --git a/etc/bluefish.profile b/etc/bluefish.profile
index 412088ba9..a85840d2f 100644
--- a/etc/bluefish.profile
+++ b/etc/bluefish.profile
@@ -15,6 +15,7 @@ include disable-programs.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 no3d
diff --git a/etc/brasero.profile b/etc/brasero.profile
index 67fc07afb..417a6b3e0 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -15,6 +15,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 nogroups
diff --git a/etc/curl.profile b/etc/curl.profile
index 3f93e5f7e..a720aca9b 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -19,7 +19,9 @@ include disable-programs.inc
 #include disable-xdg.inc
 include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 machine-id
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 8f4f9fbe9..17c5059f5 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -14,6 +14,7 @@ include allow-python3.inc
 include disable-common.inc
 # include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -24,6 +25,7 @@ whitelist ${HOME}/.config/deluge
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 machine-id
 netfilter
diff --git a/etc/dig.profile b/etc/dig.profile
index 054e4891d..0e1598406 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -25,6 +25,7 @@ include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 machine-id
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index 701f14dce..49cec85c7 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -11,6 +11,7 @@ noblacklist ${DOCUMENTS}
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -18,7 +19,9 @@ include disable-xdg.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
+net none
 netfilter
 nodvd
 nonewprivs
diff --git a/etc/freeciv.profile b/etc/freeciv.profile
index fa115d325..379c5eca9 100644
--- a/etc/freeciv.profile
+++ b/etc/freeciv.profile
@@ -21,6 +21,7 @@ whitelist ${HOME}/.freeciv
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 netfilter
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 6cef181c8..c089d2e35 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -13,6 +13,7 @@ include allow-perl.inc
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -22,6 +23,7 @@ whitelist ${HOME}/.frozen-bubble
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 nodbus
diff --git a/etc/kino.profile b/etc/kino.profile
index 9e8d61391..b3ade0dd9 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -16,6 +16,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 nogroups
diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile
index b55ac9a15..748d38221 100644
--- a/etc/lincity-ng.profile
+++ b/etc/lincity-ng.profile
@@ -21,6 +21,7 @@ whitelist ${HOME}/.lincity-ng
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 net none
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 74adb7a67..c1135d859 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -14,8 +14,11 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
+net none
 netfilter
 no3d
 nodvd
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index e1a37343e..9094f4377 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -20,6 +20,7 @@ include disable-xdg.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 no3d
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 5925ccc09..0ba9451d8 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.openinvaders
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -17,7 +18,9 @@ include disable-programs.inc
 mkdir ${HOME}/.openinvaders
 whitelist ${HOME}/.openinvaders
 include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 nodbus
diff --git a/etc/opencity.profile b/etc/opencity.profile
index 6a27c8095..b0192c947 100644
--- a/etc/opencity.profile
+++ b/etc/opencity.profile
@@ -21,6 +21,7 @@ whitelist ${HOME}/.opencity
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 net none
diff --git a/etc/openclonk.profile b/etc/openclonk.profile
index da60006b3..8921bc460 100644
--- a/etc/openclonk.profile
+++ b/etc/openclonk.profile
@@ -21,9 +21,10 @@ whitelist ${HOME}/.clonk
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
-net none
+# net none - networked game
 nodbus
 nodvd
 nogroups
diff --git a/etc/openttd.profile b/etc/openttd.profile
index 5de4d325d..507a18e1c 100644
--- a/etc/openttd.profile
+++ b/etc/openttd.profile
@@ -21,8 +21,10 @@ whitelist ${HOME}/.openttd
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
+net none
 netfilter
 nodbus
 nodvd
diff --git a/etc/ping.profile b/etc/ping.profile
index 5f68ee011..75ad0ee31 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -19,6 +19,7 @@ include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.keep net_raw
 ipc-namespace
 #net tun0
diff --git a/etc/pingus.profile b/etc/pingus.profile
index a3adc55a2..8e77a26d0 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.pingus
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -17,7 +18,9 @@ include disable-programs.inc
 mkdir ${HOME}/.pingus
 whitelist ${HOME}/.pingus
 include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 nodbus
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 4c64ee766..a702faa9e 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/supertux2
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -19,6 +20,7 @@ whitelist ${HOME}/.local/share/supertux2
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 nodbus
diff --git a/etc/tshark.profile b/etc/tshark.profile
index 22ced5d8a..211f59f29 100644
--- a/etc/tshark.profile
+++ b/etc/tshark.profile
@@ -19,6 +19,7 @@ include whitelist-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 #caps.keep net_raw
 caps.keep dac_override,net_admin,net_raw
 ipc-namespace
diff --git a/etc/wget.profile b/etc/wget.profile
index 401926e2d..d402316e9 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -26,6 +26,7 @@ include disable-programs.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 ipc-namespace
 machine-id
diff --git a/etc/whois.profile b/etc/whois.profile
index 0e60e18ab..9af6d6843 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -21,6 +21,7 @@ include disable-xdg.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 hostname whois
 ipc-namespace
author	netblue30 <netblue30@yahoo.com>	2020-03-18 12:28:19 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-03-18 12:28:19 -0400
commit	a81a8b4539ca52d5b02c37ec95c7fe864b656641 (patch)
tree	eb465fa57d2231dcc64fe07795a380bb1fcdbf19 /etc
parent	fix mplayer profile (diff)
download	firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.tar.gz firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.tar.zst firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.zip

diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 412088ba9..a85840d2f 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile
@@ -15,6 +15,7 @@ include disable-programs.inc
15		15
16	include whitelist-var-common.inc	16	include whitelist-var-common.inc
17		17
		18	apparmor
18	caps.drop all	19	caps.drop all
19	net none	20	net none
20	no3d	21	no3d


diff --git a/etc/brasero.profile b/etc/brasero.profile index 67fc07afb..417a6b3e0 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile
@@ -15,6 +15,9 @@ include disable-interpreters.inc
15	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
17		17
		18	include whitelist-var-common.inc
		19
		20	apparmor
18	caps.drop all	21	caps.drop all
19	net none	22	net none
20	nogroups	23	nogroups


diff --git a/etc/curl.profile b/etc/curl.profile index 3f93e5f7e..a720aca9b 100644 --- a/etc/curl.profile +++ b/etc/curl.profile
@@ -19,7 +19,9 @@ include disable-programs.inc
19	#include disable-xdg.inc	19	#include disable-xdg.inc
20		20
21	include whitelist-usr-share-common.inc	21	include whitelist-usr-share-common.inc
		22	include whitelist-var-common.inc
22		23
		24	apparmor
23	caps.drop all	25	caps.drop all
24	ipc-namespace	26	ipc-namespace
25	machine-id	27	machine-id


diff --git a/etc/deluge.profile b/etc/deluge.profile index 8f4f9fbe9..17c5059f5 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile
@@ -14,6 +14,7 @@ include allow-python3.inc
14		14
15	include disable-common.inc	15	include disable-common.inc
16	# include disable-devel.inc	16	# include disable-devel.inc
		17	include disable-exec.inc
17	include disable-interpreters.inc	18	include disable-interpreters.inc
18	include disable-passwdmgr.inc	19	include disable-passwdmgr.inc
19	include disable-programs.inc	20	include disable-programs.inc
@@ -24,6 +25,7 @@ whitelist ${HOME}/.config/deluge
24	include whitelist-common.inc	25	include whitelist-common.inc
25	include whitelist-var-common.inc	26	include whitelist-var-common.inc
26		27
		28	apparmor
27	caps.drop all	29	caps.drop all
28	machine-id	30	machine-id
29	netfilter	31	netfilter


diff --git a/etc/dig.profile b/etc/dig.profile index 054e4891d..0e1598406 100644 --- a/etc/dig.profile +++ b/etc/dig.profile
@@ -25,6 +25,7 @@ include whitelist-common.inc
25	include whitelist-usr-share-common.inc	25	include whitelist-usr-share-common.inc
26	include whitelist-var-common.inc	26	include whitelist-var-common.inc
27		27
		28	apparmor
28	caps.drop all	29	caps.drop all
29	ipc-namespace	30	ipc-namespace
30	machine-id	31	machine-id


diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 701f14dce..49cec85c7 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile
@@ -11,6 +11,7 @@ noblacklist ${DOCUMENTS}
11		11
12	include disable-common.inc	12	include disable-common.inc
13	include disable-devel.inc	13	include disable-devel.inc
		14	include disable-exec.inc
14	include disable-interpreters.inc	15	include disable-interpreters.inc
15	include disable-passwdmgr.inc	16	include disable-passwdmgr.inc
16	include disable-programs.inc	17	include disable-programs.inc
@@ -18,7 +19,9 @@ include disable-xdg.inc
18		19
19	include whitelist-var-common.inc	20	include whitelist-var-common.inc
20		21
		22	apparmor
21	caps.drop all	23	caps.drop all
		24	net none
22	netfilter	25	netfilter
23	nodvd	26	nodvd
24	nonewprivs	27	nonewprivs


diff --git a/etc/freeciv.profile b/etc/freeciv.profile index fa115d325..379c5eca9 100644 --- a/etc/freeciv.profile +++ b/etc/freeciv.profile
@@ -21,6 +21,7 @@ whitelist ${HOME}/.freeciv
21	include whitelist-common.inc	21	include whitelist-common.inc
22	include whitelist-var-common.inc	22	include whitelist-var-common.inc
23		23
		24	apparmor
24	caps.drop all	25	caps.drop all
25	ipc-namespace	26	ipc-namespace
26	netfilter	27	netfilter


diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 6cef181c8..c089d2e35 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile
@@ -13,6 +13,7 @@ include allow-perl.inc
13		13
14	include disable-common.inc	14	include disable-common.inc
15	include disable-devel.inc	15	include disable-devel.inc
		16	include disable-exec.inc
16	include disable-interpreters.inc	17	include disable-interpreters.inc
17	include disable-passwdmgr.inc	18	include disable-passwdmgr.inc
18	include disable-programs.inc	19	include disable-programs.inc
@@ -22,6 +23,7 @@ whitelist ${HOME}/.frozen-bubble
22	include whitelist-common.inc	23	include whitelist-common.inc
23	include whitelist-var-common.inc	24	include whitelist-var-common.inc
24		25
		26	apparmor
25	caps.drop all	27	caps.drop all
26	net none	28	net none
27	nodbus	29	nodbus


diff --git a/etc/kino.profile b/etc/kino.profile index 9e8d61391..b3ade0dd9 100644 --- a/etc/kino.profile +++ b/etc/kino.profile
@@ -16,6 +16,9 @@ include disable-interpreters.inc
16	include disable-passwdmgr.inc	16	include disable-passwdmgr.inc
17	include disable-programs.inc	17	include disable-programs.inc
18		18
		19	include whitelist-var-common.inc
		20
		21	apparmor
19	caps.drop all	22	caps.drop all
20	netfilter	23	netfilter
21	nogroups	24	nogroups


diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile index b55ac9a15..748d38221 100644 --- a/etc/lincity-ng.profile +++ b/etc/lincity-ng.profile
@@ -21,6 +21,7 @@ whitelist ${HOME}/.lincity-ng
21	include whitelist-common.inc	21	include whitelist-common.inc
22	include whitelist-var-common.inc	22	include whitelist-var-common.inc
23		23
		24	apparmor
24	caps.drop all	25	caps.drop all
25	ipc-namespace	26	ipc-namespace
26	net none	27	net none


diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 74adb7a67..c1135d859 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile
@@ -14,8 +14,11 @@ include disable-exec.inc
14	include disable-interpreters.inc	14	include disable-interpreters.inc
15	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
		17	include whitelist-var-common.inc
17		18
		19	apparmor
18	caps.drop all	20	caps.drop all
		21	net none
19	netfilter	22	netfilter
20	no3d	23	no3d
21	nodvd	24	nodvd


diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index e1a37343e..9094f4377 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile
@@ -20,6 +20,7 @@ include disable-xdg.inc
20		20
21	include whitelist-var-common.inc	21	include whitelist-var-common.inc
22		22
		23	apparmor
23	caps.drop all	24	caps.drop all
24	netfilter	25	netfilter
25	no3d	26	no3d


diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 5925ccc09..0ba9451d8 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.openinvaders
10		10
11	include disable-common.inc	11	include disable-common.inc
12	include disable-devel.inc	12	include disable-devel.inc
		13	include disable-exec.inc
13	include disable-interpreters.inc	14	include disable-interpreters.inc
14	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
15	include disable-programs.inc	16	include disable-programs.inc
@@ -17,7 +18,9 @@ include disable-programs.inc
17	mkdir ${HOME}/.openinvaders	18	mkdir ${HOME}/.openinvaders
18	whitelist ${HOME}/.openinvaders	19	whitelist ${HOME}/.openinvaders
19	include whitelist-common.inc	20	include whitelist-common.inc
		21	include whitelist-var-common.inc
20		22
		23	apparmor
21	caps.drop all	24	caps.drop all
22	net none	25	net none
23	nodbus	26	nodbus


diff --git a/etc/opencity.profile b/etc/opencity.profile index 6a27c8095..b0192c947 100644 --- a/etc/opencity.profile +++ b/etc/opencity.profile
@@ -21,6 +21,7 @@ whitelist ${HOME}/.opencity
21	include whitelist-common.inc	21	include whitelist-common.inc
22	include whitelist-var-common.inc	22	include whitelist-var-common.inc
23		23
		24	apparmor
24	caps.drop all	25	caps.drop all
25	ipc-namespace	26	ipc-namespace
26	net none	27	net none


diff --git a/etc/openclonk.profile b/etc/openclonk.profile index da60006b3..8921bc460 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile
@@ -21,9 +21,10 @@ whitelist ${HOME}/.clonk
21	include whitelist-common.inc	21	include whitelist-common.inc
22	include whitelist-var-common.inc	22	include whitelist-var-common.inc
23		23
		24	apparmor
24	caps.drop all	25	caps.drop all
25	ipc-namespace	26	ipc-namespace
26	net none	27	# net none - networked game
27	nodbus	28	nodbus
28	nodvd	29	nodvd
29	nogroups	30	nogroups


diff --git a/etc/openttd.profile b/etc/openttd.profile index 5de4d325d..507a18e1c 100644 --- a/etc/openttd.profile +++ b/etc/openttd.profile
@@ -21,8 +21,10 @@ whitelist ${HOME}/.openttd
21	include whitelist-common.inc	21	include whitelist-common.inc
22	include whitelist-var-common.inc	22	include whitelist-var-common.inc
23		23
		24	apparmor
24	caps.drop all	25	caps.drop all
25	ipc-namespace	26	ipc-namespace
		27	net none
26	netfilter	28	netfilter
27	nodbus	29	nodbus
28	nodvd	30	nodvd


diff --git a/etc/ping.profile b/etc/ping.profile index 5f68ee011..75ad0ee31 100644 --- a/etc/ping.profile +++ b/etc/ping.profile
@@ -19,6 +19,7 @@ include whitelist-common.inc
19	include whitelist-usr-share-common.inc	19	include whitelist-usr-share-common.inc
20	include whitelist-var-common.inc	20	include whitelist-var-common.inc
21		21
		22	apparmor
22	caps.keep net_raw	23	caps.keep net_raw
23	ipc-namespace	24	ipc-namespace
24	#net tun0	25	#net tun0


diff --git a/etc/pingus.profile b/etc/pingus.profile index a3adc55a2..8e77a26d0 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.pingus
10		10
11	include disable-common.inc	11	include disable-common.inc
12	include disable-devel.inc	12	include disable-devel.inc
		13	include disable-exec.inc
13	include disable-interpreters.inc	14	include disable-interpreters.inc
14	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
15	include disable-programs.inc	16	include disable-programs.inc
@@ -17,7 +18,9 @@ include disable-programs.inc
17	mkdir ${HOME}/.pingus	18	mkdir ${HOME}/.pingus
18	whitelist ${HOME}/.pingus	19	whitelist ${HOME}/.pingus
19	include whitelist-common.inc	20	include whitelist-common.inc
		21	include whitelist-var-common.inc
20		22
		23	apparmor
21	caps.drop all	24	caps.drop all
22	net none	25	net none
23	nodbus	26	nodbus


diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 4c64ee766..a702faa9e 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/supertux2
10		10
11	include disable-common.inc	11	include disable-common.inc
12	include disable-devel.inc	12	include disable-devel.inc
		13	include disable-exec.inc
13	include disable-interpreters.inc	14	include disable-interpreters.inc
14	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
15	include disable-programs.inc	16	include disable-programs.inc
@@ -19,6 +20,7 @@ whitelist ${HOME}/.local/share/supertux2
19	include whitelist-common.inc	20	include whitelist-common.inc
20	include whitelist-var-common.inc	21	include whitelist-var-common.inc
21		22
		23	apparmor
22	caps.drop all	24	caps.drop all
23	net none	25	net none
24	nodbus	26	nodbus


diff --git a/etc/tshark.profile b/etc/tshark.profile index 22ced5d8a..211f59f29 100644 --- a/etc/tshark.profile +++ b/etc/tshark.profile
@@ -19,6 +19,7 @@ include whitelist-common.inc
19	include whitelist-usr-share-common.inc	19	include whitelist-usr-share-common.inc
20	include whitelist-var-common.inc	20	include whitelist-var-common.inc
21		21
		22	apparmor
22	#caps.keep net_raw	23	#caps.keep net_raw
23	caps.keep dac_override,net_admin,net_raw	24	caps.keep dac_override,net_admin,net_raw
24	ipc-namespace	25	ipc-namespace


diff --git a/etc/wget.profile b/etc/wget.profile index 401926e2d..d402316e9 100644 --- a/etc/wget.profile +++ b/etc/wget.profile
@@ -26,6 +26,7 @@ include disable-programs.inc
26	include whitelist-usr-share-common.inc	26	include whitelist-usr-share-common.inc
27	include whitelist-var-common.inc	27	include whitelist-var-common.inc
28		28
		29	apparmor
29	caps.drop all	30	caps.drop all
30	ipc-namespace	31	ipc-namespace
31	machine-id	32	machine-id


diff --git a/etc/whois.profile b/etc/whois.profile index 0e60e18ab..9af6d6843 100644 --- a/etc/whois.profile +++ b/etc/whois.profile
@@ -21,6 +21,7 @@ include disable-xdg.inc
21	include whitelist-usr-share-common.inc	21	include whitelist-usr-share-common.inc
22	include whitelist-var-common.inc	22	include whitelist-var-common.inc
23		23
		24	apparmor
24	caps.drop all	25	caps.drop all
25	hostname whois	26	hostname whois
26	ipc-namespace	27	ipc-namespace