aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar rusty-snake <print_hello_world+Public@protonmail.com>2019-08-26 00:22:59 +0200
committerLibravatar rusty-snake <print_hello_world+Public@protonmail.com>2019-08-26 00:22:59 +0200
commit2373fcd74da27dae0e6896d8e63fddc81b6dc34a (patch)
tree8f19fa3192696edfe8140c62d8f38d62a2fd0ed9 /etc
parentadd support for seccomp to sort.py [skip ci] (diff)
downloadfirejail-2373fcd74da27dae0e6896d8e63fddc81b6dc34a.tar.gz
firejail-2373fcd74da27dae0e6896d8e63fddc81b6dc34a.tar.zst
firejail-2373fcd74da27dae0e6896d8e63fddc81b6dc34a.zip
many profile fixes (1)
- add novideo to a lot of profiles (there are still more profiles where novideo can be added) - remove commente mdwe from some gnome applications - add descriptions to some profiles - blacklist ${HOME}/.cargo/credentials - move ${HOME}/.git-credentials and ${HOME}/.git-credential-cache to 'top secret' in disable-common.inc - some ordering in disable-programs.inc - merge tor browser blacklists to ${HOME}/.tor-browser* - qupzilla.profile redirect to falkon.profile - blacklist gnome-builder paths - fix transmission profiles inlude - much more
Diffstat (limited to 'etc')
-rw-r--r--etc/0ad.profile1
-rw-r--r--etc/QMediathekView.profile1
-rw-r--r--etc/Xvfb.profile1
-rw-r--r--etc/asunder.profile1
-rw-r--r--etc/baobab.profile2
-rw-r--r--etc/dconf-editor.profile2
-rw-r--r--etc/devhelp.profile2
-rw-r--r--etc/dino.profile1
-rw-r--r--etc/disable-common.inc3
-rw-r--r--etc/disable-programs.inc25
-rw-r--r--etc/emacs.profile1
-rw-r--r--etc/eo-common.profile2
-rw-r--r--etc/etr.profile2
-rw-r--r--etc/falkon.profile1
-rw-r--r--etc/feedreader.profile1
-rw-r--r--etc/file-roller.profile2
-rw-r--r--etc/firefox.profile2
-rw-r--r--etc/frozen-bubble.profile1
-rw-r--r--etc/ghostwriter.profile3
-rw-r--r--etc/gimp.profile2
-rw-r--r--etc/gitg.profile4
-rw-r--r--etc/gnome-builder.profile4
-rw-r--r--etc/gnome-character-map.profile1
-rw-r--r--etc/gnome-photos.profile1
-rw-r--r--etc/gnome-schedule.profile9
-rw-r--r--etc/hedgewars.profile1
-rw-r--r--etc/less.profile4
-rw-r--r--etc/libreoffice.profile1
-rw-r--r--etc/mencoder.profile1
-rw-r--r--etc/mousepad.profile1
-rw-r--r--etc/mpsyt.profile6
-rw-r--r--etc/open-invaders.profile1
-rw-r--r--etc/pdftotext.profile1
-rw-r--r--etc/ping.profile1
-rw-r--r--etc/pingus.profile1
-rw-r--r--etc/qemu-system-x86_64.profile1
-rw-r--r--etc/qupzilla.profile23
-rw-r--r--etc/shotcut.profile1
-rw-r--r--etc/simutrans.profile1
-rw-r--r--etc/sqlitebrowser.profile2
-rw-r--r--etc/ssh-agent.profile1
-rw-r--r--etc/ssh.profile1
-rw-r--r--etc/start-tor-browser.desktop.profile3
-rw-r--r--etc/strings.profile1
-rw-r--r--etc/subdownloader.profile1
-rw-r--r--etc/supertux2.profile2
-rw-r--r--etc/supertuxkart.profile2
-rw-r--r--etc/transmission-cli.profile3
-rw-r--r--etc/transmission-common.profile5
-rw-r--r--etc/transmission-create.profile3
-rw-r--r--etc/transmission-daemon.profile3
-rw-r--r--etc/transmission-edit.profile3
-rw-r--r--etc/transmission-gtk.profile3
-rw-r--r--etc/transmission-qt.profile3
-rw-r--r--etc/transmission-remote-cli.profile4
-rw-r--r--etc/transmission-remote-gtk.profile3
-rw-r--r--etc/transmission-remote.profile3
-rw-r--r--etc/transmission-show.profile3
-rw-r--r--etc/unknown-horizons.profile1
-rw-r--r--etc/warzone2100.profile1
-rw-r--r--etc/wesnoth.profile1
-rw-r--r--etc/youtube-dl.profile2
-rw-r--r--etc/zathura.profile1
63 files changed, 87 insertions, 87 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index 88c9c453b..565d42567 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -24,6 +24,7 @@ whitelist ${HOME}/.cache/0ad
24whitelist ${HOME}/.config/0ad 24whitelist ${HOME}/.config/0ad
25whitelist ${HOME}/.local/share/0ad 25whitelist ${HOME}/.local/share/0ad
26include whitelist-common.inc 26include whitelist-common.inc
27include whitelist-var-common.inc
27 28
28caps.drop all 29caps.drop all
29netfilter 30netfilter
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile
index ece681c35..eb21349a9 100644
--- a/etc/QMediathekView.profile
+++ b/etc/QMediathekView.profile
@@ -39,6 +39,7 @@ nonewprivs
39noroot 39noroot
40notv 40notv
41nou2f 41nou2f
42novideo
42protocol unix,inet,inet6,netlink 43protocol unix,inet,inet6,netlink
43seccomp 44seccomp
44shell none 45shell none
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile
index 6559be21a..937d02d60 100644
--- a/etc/Xvfb.profile
+++ b/etc/Xvfb.profile
@@ -31,6 +31,7 @@ nonewprivs
31nosound 31nosound
32notv 32notv
33nou2f 33nou2f
34novideo
34protocol unix 35protocol unix
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/asunder.profile b/etc/asunder.profile
index fc10739aa..1f3acd735 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -30,6 +30,7 @@ nodbus
30nonewprivs 30nonewprivs
31noroot 31noroot
32nou2f 32nou2f
33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
35shell none 36shell none
diff --git a/etc/baobab.profile b/etc/baobab.profile
index d2980f75c..c419aa202 100644
--- a/etc/baobab.profile
+++ b/etc/baobab.profile
@@ -32,5 +32,3 @@ shell none
32private-bin baobab 32private-bin baobab
33private-dev 33private-dev
34private-tmp 34private-tmp
35
36#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile
index 7cd39ca6a..29f676535 100644
--- a/etc/dconf-editor.profile
+++ b/etc/dconf-editor.profile
@@ -41,5 +41,3 @@ private-dev
41private-etc alternatives,dconf,fonts,gtk-3.0,machine-id 41private-etc alternatives,dconf,fonts,gtk-3.0,machine-id
42private-lib 42private-lib
43private-tmp 43private-tmp
44
45# memory-deny-write-execute
diff --git a/etc/devhelp.profile b/etc/devhelp.profile
index 60bebb0c9..02b752b5f 100644
--- a/etc/devhelp.profile
+++ b/etc/devhelp.profile
@@ -41,6 +41,6 @@ private-dev
41private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl 41private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl
42private-tmp 42private-tmp
43 43
44#memory-deny-write-execute - breaks on Arch (see issue 1803) 44#memory-deny-write-execute - breaks on Arch (see issue #1803)
45 45
46read-only ${HOME} 46read-only ${HOME}
diff --git a/etc/dino.profile b/etc/dino.profile
index f7b220936..82ddf2819 100644
--- a/etc/dino.profile
+++ b/etc/dino.profile
@@ -1,4 +1,5 @@
1# Firejail profile for dino 1# Firejail profile for dino
2# Description: Modern XMPP Chat Client using GTK+/Vala
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3# Persistent local customizations 4# Persistent local customizations
4include dino.local 5include dino.local
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 5fc65193a..fe49ce2f4 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -299,11 +299,14 @@ blacklist ${HOME}/*.kdbx
299blacklist ${HOME}/*.key 299blacklist ${HOME}/*.key
300blacklist ${HOME}/.Private 300blacklist ${HOME}/.Private
301blacklist ${HOME}/.caff 301blacklist ${HOME}/.caff
302blacklist ${HOME}/.cargo/credentials
302blacklist ${HOME}/.cert 303blacklist ${HOME}/.cert
303blacklist ${HOME}/.config/keybase 304blacklist ${HOME}/.config/keybase
304blacklist ${HOME}/.davfs2/secrets 305blacklist ${HOME}/.davfs2/secrets
305blacklist ${HOME}/.ecryptfs 306blacklist ${HOME}/.ecryptfs
306blacklist ${HOME}/.fetchmailrc 307blacklist ${HOME}/.fetchmailrc
308blacklist ${HOME}/.git-credential-cache
309blacklist ${HOME}/.git-credentials
307blacklist ${HOME}/.gnome2/keyrings 310blacklist ${HOME}/.gnome2/keyrings
308blacklist ${HOME}/.gnupg 311blacklist ${HOME}/.gnupg
309blacklist ${HOME}/.config/hub 312blacklist ${HOME}/.config/hub
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 260d317d1..e54b651a6 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -29,9 +29,9 @@ blacklist ${HOME}/.Steam
29blacklist ${HOME}/.Steampath 29blacklist ${HOME}/.Steampath
30blacklist ${HOME}/.Steampid 30blacklist ${HOME}/.Steampid
31blacklist ${HOME}/.TelegramDesktop 31blacklist ${HOME}/.TelegramDesktop
32blacklist ${HOME}/.VSCodium
32blacklist ${HOME}/.ViberPC 33blacklist ${HOME}/.ViberPC
33blacklist ${HOME}/.VirtualBox 34blacklist ${HOME}/.VirtualBox
34blacklist ${HOME}/.VSCodium
35blacklist ${HOME}/.WebStorm* 35blacklist ${HOME}/.WebStorm*
36blacklist ${HOME}/.Wolfram Research 36blacklist ${HOME}/.Wolfram Research
37blacklist ${HOME}/.ZAP 37blacklist ${HOME}/.ZAP
@@ -97,9 +97,9 @@ blacklist ${HOME}/.config/MusicBrainz
97blacklist ${HOME}/.config/Nathan Osman 97blacklist ${HOME}/.config/Nathan Osman
98blacklist ${HOME}/.config/Nylas Mail 98blacklist ${HOME}/.config/Nylas Mail
99blacklist ${HOME}/.config/PBE 99blacklist ${HOME}/.config/PBE
100blacklist ${HOME}/.config/Qlipper
101blacklist ${HOME}/.config/QGIS 100blacklist ${HOME}/.config/QGIS
102blacklist ${HOME}/.config/QMediathekView 101blacklist ${HOME}/.config/QMediathekView
102blacklist ${HOME}/.config/Qlipper
103blacklist ${HOME}/.config/QuiteRss 103blacklist ${HOME}/.config/QuiteRss
104blacklist ${HOME}/.config/QuiteRssrc 104blacklist ${HOME}/.config/QuiteRssrc
105blacklist ${HOME}/.config/Rambox 105blacklist ${HOME}/.config/Rambox
@@ -182,10 +182,11 @@ blacklist ${HOME}/.config/ghb
182blacklist ${HOME}/.config/ghostwriter 182blacklist ${HOME}/.config/ghostwriter
183blacklist ${HOME}/.config/git 183blacklist ${HOME}/.config/git
184blacklist ${HOME}/.config/globaltime 184blacklist ${HOME}/.config/globaltime
185blacklist ${HOME}/.config/gnome-builder
185blacklist ${HOME}/.config/gnome-mplayer 186blacklist ${HOME}/.config/gnome-mplayer
186blacklist ${HOME}/.config/gnome-mpv 187blacklist ${HOME}/.config/gnome-mpv
187blacklist ${HOME}/.config/godot
188blacklist ${HOME}/.config/gnome-pie 188blacklist ${HOME}/.config/gnome-pie
189blacklist ${HOME}/.config/godot
189blacklist ${HOME}/.config/google-chrome 190blacklist ${HOME}/.config/google-chrome
190blacklist ${HOME}/.config/google-chrome-beta 191blacklist ${HOME}/.config/google-chrome-beta
191blacklist ${HOME}/.config/google-chrome-unstable 192blacklist ${HOME}/.config/google-chrome-unstable
@@ -235,8 +236,8 @@ blacklist ${HOME}/.config/meteo-qt
235blacklist ${HOME}/.config/mfusion 236blacklist ${HOME}/.config/mfusion
236blacklist ${HOME}/.config/midori 237blacklist ${HOME}/.config/midori
237blacklist ${HOME}/.config/mono 238blacklist ${HOME}/.config/mono
238blacklist ${HOME}/.config/mpd
239blacklist ${HOME}/.config/mpDris2 239blacklist ${HOME}/.config/mpDris2
240blacklist ${HOME}/.config/mpd
240blacklist ${HOME}/.config/mps-youtube 241blacklist ${HOME}/.config/mps-youtube
241blacklist ${HOME}/.config/mpv 242blacklist ${HOME}/.config/mpv
242blacklist ${HOME}/.config/mupen64plus 243blacklist ${HOME}/.config/mupen64plus
@@ -257,8 +258,8 @@ blacklist ${HOME}/.config/opera
257blacklist ${HOME}/.config/opera-beta 258blacklist ${HOME}/.config/opera-beta
258blacklist ${HOME}/.config/orage 259blacklist ${HOME}/.config/orage
259blacklist ${HOME}/.config/org.kde.gwenviewrc 260blacklist ${HOME}/.config/org.kde.gwenviewrc
260blacklist ${HOME}/.config/pavucontrol.ini
261blacklist ${HOME}/.config/pavucontrol-qt 261blacklist ${HOME}/.config/pavucontrol-qt
262blacklist ${HOME}/.config/pavucontrol.ini
262blacklist ${HOME}/.config/pcmanfm 263blacklist ${HOME}/.config/pcmanfm
263blacklist ${HOME}/.config/pdfmod 264blacklist ${HOME}/.config/pdfmod
264blacklist ${HOME}/.config/Pinta 265blacklist ${HOME}/.config/Pinta
@@ -356,8 +357,6 @@ blacklist ${HOME}/.freecol
356blacklist ${HOME}/.freemind 357blacklist ${HOME}/.freemind
357blacklist ${HOME}/.frozen-bubble 358blacklist ${HOME}/.frozen-bubble
358blacklist ${HOME}/.gimp* 359blacklist ${HOME}/.gimp*
359blacklist ${HOME}/.git-credentials
360blacklist ${HOME}/.git-credential-cache
361blacklist ${HOME}/.gitconfig 360blacklist ${HOME}/.gitconfig
362blacklist ${HOME}/.gnome/gnome-schedule 361blacklist ${HOME}/.gnome/gnome-schedule
363blacklist ${HOME}/.googleearth/Cache/ 362blacklist ${HOME}/.googleearth/Cache/
@@ -417,13 +416,13 @@ blacklist ${HOME}/.kde4/share/apps/kaffeine
417blacklist ${HOME}/.kde4/share/apps/kcookiejar 416blacklist ${HOME}/.kde4/share/apps/kcookiejar
418blacklist ${HOME}/.kde4/share/apps/kget 417blacklist ${HOME}/.kde4/share/apps/kget
419blacklist ${HOME}/.kde4/share/apps/khtml 418blacklist ${HOME}/.kde4/share/apps/khtml
420blacklist ${HOME}/.kde4/share/apps/konqueror
421blacklist ${HOME}/.kde4/share/apps/konqsidebartng 419blacklist ${HOME}/.kde4/share/apps/konqsidebartng
420blacklist ${HOME}/.kde4/share/apps/konqueror
422blacklist ${HOME}/.kde4/share/apps/kopete 421blacklist ${HOME}/.kde4/share/apps/kopete
423blacklist ${HOME}/.kde4/share/apps/ktorrent 422blacklist ${HOME}/.kde4/share/apps/ktorrent
424blacklist ${HOME}/.kde4/share/apps/okular 423blacklist ${HOME}/.kde4/share/apps/okular
425blacklist ${HOME}/.kde4/share/config/baloorc
426blacklist ${HOME}/.kde4/share/config/baloofilerc 424blacklist ${HOME}/.kde4/share/config/baloofilerc
425blacklist ${HOME}/.kde4/share/config/baloorc
427blacklist ${HOME}/.kde4/share/config/digikam 426blacklist ${HOME}/.kde4/share/config/digikam
428blacklist ${HOME}/.kde4/share/config/gwenviewrc 427blacklist ${HOME}/.kde4/share/config/gwenviewrc
429blacklist ${HOME}/.kde4/share/config/k3brc 428blacklist ${HOME}/.kde4/share/config/k3brc
@@ -446,9 +445,9 @@ blacklist ${HOME}/.kinorc
446blacklist ${HOME}/.klatexformula 445blacklist ${HOME}/.klatexformula
447blacklist ${HOME}/.kodi 446blacklist ${HOME}/.kodi
448blacklist ${HOME}/.lincity-ng 447blacklist ${HOME}/.lincity-ng
448blacklist ${HOME}/.links
449blacklist ${HOME}/.linphone-history.db 449blacklist ${HOME}/.linphone-history.db
450blacklist ${HOME}/.linphonerc 450blacklist ${HOME}/.linphonerc
451blacklist ${HOME}/.links
452blacklist ${HOME}/.lmmsrc.xml 451blacklist ${HOME}/.lmmsrc.xml
453blacklist ${HOME}/.local/lib/vivaldi 452blacklist ${HOME}/.local/lib/vivaldi
454blacklist ${HOME}/.local/share/0ad 453blacklist ${HOME}/.local/share/0ad
@@ -502,6 +501,7 @@ blacklist ${HOME}/.local/share/geeqie
502blacklist ${HOME}/.local/share/gitg 501blacklist ${HOME}/.local/share/gitg
503blacklist ${HOME}/.local/share/gnome-2048 502blacklist ${HOME}/.local/share/gnome-2048
504blacklist ${HOME}/.local/share/gnome-chess 503blacklist ${HOME}/.local/share/gnome-chess
504blacklist ${HOME}/.local/share/gnome-builder
505blacklist ${HOME}/.local/share/gnome-music 505blacklist ${HOME}/.local/share/gnome-music
506blacklist ${HOME}/.local/share/gnome-photos 506blacklist ${HOME}/.local/share/gnome-photos
507blacklist ${HOME}/.local/share/gnome-recipes 507blacklist ${HOME}/.local/share/gnome-recipes
@@ -637,9 +637,7 @@ blacklist ${HOME}/.teeworlds
637blacklist ${HOME}/.thunderbird 637blacklist ${HOME}/.thunderbird
638blacklist ${HOME}/.tilp 638blacklist ${HOME}/.tilp
639blacklist ${HOME}/.tooling 639blacklist ${HOME}/.tooling
640blacklist ${HOME}/.tor-browser 640blacklist ${HOME}/.tor-browser*
641blacklist ${HOME}/.tor-browser-*
642blacklist ${HOME}/.tor-browser_*
643blacklist ${HOME}/.torcs 641blacklist ${HOME}/.torcs
644blacklist ${HOME}/.tremulous 642blacklist ${HOME}/.tremulous
645blacklist ${HOME}/.ts3client 643blacklist ${HOME}/.ts3client
@@ -718,6 +716,7 @@ blacklist ${HOME}/.cache/godot
718blacklist ${HOME}/.cache/google-chrome 716blacklist ${HOME}/.cache/google-chrome
719blacklist ${HOME}/.cache/google-chrome-beta 717blacklist ${HOME}/.cache/google-chrome-beta
720blacklist ${HOME}/.cache/google-chrome-unstable 718blacklist ${HOME}/.cache/google-chrome-unstable
719blacklist ${HOME}/.cache/gnome-builder
721blacklist ${HOME}/.cache/gnome-recipes 720blacklist ${HOME}/.cache/gnome-recipes
722blacklist ${HOME}/.cache/gnome-twitch 721blacklist ${HOME}/.cache/gnome-twitch
723blacklist ${HOME}/.cache/gradio 722blacklist ${HOME}/.cache/gradio
diff --git a/etc/emacs.profile b/etc/emacs.profile
index 071a9f5d2..ab378105e 100644
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@@ -26,5 +26,6 @@ nogroups
26nonewprivs 26nonewprivs
27noroot 27noroot
28notv 28notv
29novideo
29protocol unix,inet,inet6 30protocol unix,inet,inet6
30seccomp 31seccomp
diff --git a/etc/eo-common.profile b/etc/eo-common.profile
index f4b263f50..c4ad8ced4 100644
--- a/etc/eo-common.profile
+++ b/etc/eo-common.profile
@@ -43,5 +43,3 @@ private-dev
43private-etc alternatives,dconf,fonts,gtk-3.0 43private-etc alternatives,dconf,fonts,gtk-3.0
44private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* 44private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*
45private-tmp 45private-tmp
46
47#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/etr.profile b/etc/etr.profile
index d93d3de63..97a43bb59 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -1,4 +1,5 @@
1# Firejail profile for etr 1# Firejail profile for etr
2# Description: High speed arctic racing game
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3# Persistent local customizations 4# Persistent local customizations
4include etr.local 5include etr.local
@@ -29,6 +30,7 @@ nonewprivs
29noroot 30noroot
30notv 31notv
31nou2f 32nou2f
33novideo
32protocol unix,netlink 34protocol unix,netlink
33seccomp 35seccomp
34shell none 36shell none
diff --git a/etc/falkon.profile b/etc/falkon.profile
index cabf5aeba..ddcda6228 100644
--- a/etc/falkon.profile
+++ b/etc/falkon.profile
@@ -38,5 +38,6 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res
38# tracelog 38# tracelog
39 39
40private-dev 40private-dev
41# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
41# private-tmp - interferes with the opening of downloaded files 42# private-tmp - interferes with the opening of downloaded files
42 43
diff --git a/etc/feedreader.profile b/etc/feedreader.profile
index e453cc611..e381b12d6 100644
--- a/etc/feedreader.profile
+++ b/etc/feedreader.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-passwdmgr.inc 16include disable-passwdmgr.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-xdg.inc
18 19
19mkdir ${HOME}/.cache/feedreader 20mkdir ${HOME}/.cache/feedreader
20mkdir ${HOME}/.local/share/feedreader 21mkdir ${HOME}/.local/share/feedreader
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index db1426f36..496152540 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -37,5 +37,3 @@ tracelog
37# private-bin file-roller 37# private-bin file-roller
38private-dev 38private-dev
39# private-tmp 39# private-tmp
40
41# memory-deny-write-execute
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 0c143f569..8d90a0917 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -17,7 +17,7 @@ whitelist ${HOME}/.mozilla
17# firefox requires a shell to launch on Arch. 17# firefox requires a shell to launch on Arch.
18#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which 18#private-bin bash,dbus-launch,dbus-send,env,firefox,sh,which
19# Fedora use shell scripts to launch firefox, at least this is required 19# Fedora use shell scripts to launch firefox, at least this is required
20#private-bin awk,basename,bash,cat,dirname,env,expr,false,firefox,firefox-wayland,ln,mkdir,pidof,rm,rmdir,sed,sh,tclsh,true,uname,which 20#private-bin awk,basename,bash,cat,dbus-launch,dbus-send,dirname,env,expr,false,firefox,firefox-wayland,ln,mkdir,pidof,rm,rmdir,sed,sh,tclsh,true,uname,which
21# private-etc must first be enabled in firefox-common.profile 21# private-etc must first be enabled in firefox-common.profile
22#private-etc firefox 22#private-etc firefox
23 23
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 3931aa64a..6cef181c8 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f 33nou2f
34novideo
34protocol unix,netlink 35protocol unix,netlink
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile
index cb7e7c513..ed9e23b3b 100644
--- a/etc/ghostwriter.profile
+++ b/etc/ghostwriter.profile
@@ -35,8 +35,7 @@ protocol unix,inet,inet6,netlink
35shell none 35shell none
36#tracelog -- breaks 36#tracelog -- breaks
37 37
38# Breaks Translation 38private-bin ghostwriter,pandoc,gettext
39#private-bin ghostwriter,pandoc
40private-cache 39private-cache
41private-dev 40private-dev
42# passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed 41# passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 762e743c8..fab7fa123 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -8,7 +8,7 @@ include globals.local
8 8
9# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory 9# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
10# if you are not using external plugins, you can comment 'ignore noexec' statement below 10# if you are not using external plugins, you can comment 'ignore noexec' statement below
11# or put 'ignore ignore noexec ${HOME}' in your gimp.local 11# or put 'noexec ${HOME}' in your gimp.local
12ignore noexec ${HOME} 12ignore noexec ${HOME}
13 13
14noblacklist ${HOME}/.config/GIMP 14noblacklist ${HOME}/.config/GIMP
diff --git a/etc/gitg.profile b/etc/gitg.profile
index f6f51ef6f..08c1c94b6 100644
--- a/etc/gitg.profile
+++ b/etc/gitg.profile
@@ -22,6 +22,7 @@ include disable-programs.inc
22include whitelist-var-common.inc 22include whitelist-var-common.inc
23 23
24caps.drop all 24caps.drop all
25netfilter
25no3d 26no3d
26nodvd 27nodvd
27nogroups 28nogroups
@@ -39,6 +40,3 @@ private-bin git,gitg,ssh
39private-cache 40private-cache
40private-dev 41private-dev
41private-tmp 42private-tmp
42
43# mdwe breaks diff in older versions
44#memory-deny-write-execute
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile
index ab2ca183b..726a74089 100644
--- a/etc/gnome-builder.profile
+++ b/etc/gnome-builder.profile
@@ -6,6 +6,10 @@ include gnome-builder.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.cache/gnome-builder
10noblacklist ${HOME}/.config/gnome-builder
11noblacklist ${HOME}/.local/share/gnome-builder
12
9# Allows files commonly used by IDEs 13# Allows files commonly used by IDEs
10include allow-common-devel.inc 14include allow-common-devel.inc
11 15
diff --git a/etc/gnome-character-map.profile b/etc/gnome-character-map.profile
index 35db448f2..27804fdd0 100644
--- a/etc/gnome-character-map.profile
+++ b/etc/gnome-character-map.profile
@@ -6,4 +6,5 @@ include gnome-character-map.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9# Redirect
9include gucharmap.profile 10include gucharmap.profile
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index 3bbad67bb..aa0b7dbe3 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -28,6 +28,7 @@ noroot
28nosound 28nosound
29notv 29notv
30nou2f 30nou2f
31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
33shell none 34shell none
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile
index e8b36dd41..005808379 100644
--- a/etc/gnome-schedule.profile
+++ b/etc/gnome-schedule.profile
@@ -35,14 +35,6 @@ include disable-xdg.inc
35 35
36mkfile ${HOME}/.gnome/gnome-schedule 36mkfile ${HOME}/.gnome/gnome-schedule
37whitelist ${HOME}/.gnome/gnome-schedule 37whitelist ${HOME}/.gnome/gnome-schedule
38whitelist /etc/at.allow
39whitelist /etc/at.deny
40whitelist /etc/cron.allow
41whitelist /etc/cron.deny
42whitelist /etc/fonts
43whitelist /etc/pam.d
44whitelist /etc/ld.so.preload
45whitelist /etc/shadow
46whitelist /var/spool/atd 38whitelist /var/spool/atd
47whitelist /var/spool/cron 39whitelist /var/spool/cron
48include whitelist-common.inc 40include whitelist-common.inc
@@ -66,5 +58,6 @@ tracelog
66disable-mnt 58disable-mnt
67private-cache 59private-cache
68private-dev 60private-dev
61private-etc at.allow,at.deny,cron.allow,cron.deny,fonts,pam.d,ld.so.preload,shadow
69writable-var 62writable-var
70 63
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 1e9f898e0..898a07a5f 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -26,6 +26,7 @@ nonewprivs
26noroot 26noroot
27notv 27notv
28nou2f 28nou2f
29novideo
29seccomp 30seccomp
30tracelog 31tracelog
31 32
diff --git a/etc/less.profile b/etc/less.profile
index 0f31d344b..282b033a6 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -8,8 +8,6 @@ include less.local
8include globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.lesshst 10noblacklist ${HOME}/.lesshst
11read-only ${HOME}
12read-write ${HOME}/.lesshst
13 11
14include disable-devel.inc 12include disable-devel.inc
15include disable-exec.inc 13include disable-exec.inc
@@ -45,3 +43,5 @@ private-dev
45writable-var-log 43writable-var-log
46 44
47memory-deny-write-execute 45memory-deny-write-execute
46read-only ${HOME}
47read-write ${HOME}/.lesshst
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index b8a6201b2..aa113883e 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -34,6 +34,7 @@ nonewprivs
34noroot 34noroot
35notv 35notv
36nou2f 36nou2f
37novideo
37# comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile 38# comment the protocol line when using the ubuntu 18.04/debian 10 apparmor profile
38protocol unix,inet,inet6 39protocol unix,inet,inet6
39# comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile 40# comment seccomp when using the ubuntu 18.04/debian 10 apparmor profile
diff --git a/etc/mencoder.profile b/etc/mencoder.profile
index 136412d11..aac394a59 100644
--- a/etc/mencoder.profile
+++ b/etc/mencoder.profile
@@ -25,4 +25,5 @@ shell none
25 25
26private-bin mencoder 26private-bin mencoder
27 27
28# Redirect
28include mplayer.profile 29include mplayer.profile
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index 3b9807b28..20370a5b5 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -26,6 +26,7 @@ noroot
26nosound 26nosound
27notv 27notv
28nou2f 28nou2f
29novideo
29protocol unix 30protocol unix
30seccomp 31seccomp
31shell none 32shell none
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile
index 878a5f654..6839f7cf4 100644
--- a/etc/mpsyt.profile
+++ b/etc/mpsyt.profile
@@ -48,15 +48,21 @@ include whitelist-var-common.inc
48apparmor 48apparmor
49caps.drop all 49caps.drop all
50netfilter 50netfilter
51nodbus
52nodvd
51# Seems to cause issues with Nvidia drivers sometimes 53# Seems to cause issues with Nvidia drivers sometimes
52nogroups 54nogroups
53nonewprivs 55nonewprivs
54noroot 56noroot
57notv
58nou2f
59novideo
55protocol unix,inet,inet6 60protocol unix,inet,inet6
56seccomp 61seccomp
57shell none 62shell none
58tracelog 63tracelog
59 64
65#private-cache
60private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl 66private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl
61private-dev 67private-dev
62private-tmp 68private-tmp
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index d80b3d351..5925ccc09 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f 29nou2f
30novideo
30protocol unix,netlink 31protocol unix,netlink
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index c5016201d..f1a5741d0 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -1,4 +1,5 @@
1# Firejail profile for pdftotext 1# Firejail profile for pdftotext
2# Description: Portable Document Format (PDF) to text converter
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3# Persistent local customizations 4# Persistent local customizations
4include pdftotext.local 5include pdftotext.local
diff --git a/etc/ping.profile b/etc/ping.profile
index 00ac45c5a..4ff5250d7 100644
--- a/etc/ping.profile
+++ b/etc/ping.profile
@@ -1,4 +1,5 @@
1# Firejail profile for ping 1# Firejail profile for ping
2# Description: send ICMP ECHO_REQUEST to network hosts
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3quiet 4quiet
4# Persistent local customizations 5# Persistent local customizations
diff --git a/etc/pingus.profile b/etc/pingus.profile
index 782ee200d..a3adc55a2 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f 29nou2f
30novideo
30protocol unix,netlink 31protocol unix,netlink
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile
index 1399328d3..47b9d6a9a 100644
--- a/etc/qemu-system-x86_64.profile
+++ b/etc/qemu-system-x86_64.profile
@@ -1,4 +1,5 @@
1# Firejail profile for qemu-system-x86_64 1# Firejail profile for qemu-system-x86_64
2# Description: QEMU system emulator for x86_64
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3# Persistent local customizations 4# Persistent local customizations
4include qemu-system-x86_64.local 5include qemu-system-x86_64.local
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile
index 954b1a3b4..3f3270dd6 100644
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@@ -3,7 +3,8 @@
3# Persistent local customizations 3# Persistent local customizations
4include qupzilla.local 4include qupzilla.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6# added by included profile
7#include globals.local
7 8
8noblacklist ${HOME}/.cache/qupzilla 9noblacklist ${HOME}/.cache/qupzilla
9noblacklist ${HOME}/.config/qupzilla 10noblacklist ${HOME}/.config/qupzilla
@@ -17,26 +18,10 @@ include disable-programs.inc
17 18
18mkdir ${HOME}/.cache/qupzilla 19mkdir ${HOME}/.cache/qupzilla
19mkdir ${HOME}/.config/qupzilla 20mkdir ${HOME}/.config/qupzilla
20whitelist ${DOWNLOADS}
21whitelist ${HOME}/.cache/qupzilla 21whitelist ${HOME}/.cache/qupzilla
22whitelist ${HOME}/.config/qupzilla 22whitelist ${HOME}/.config/qupzilla
23include whitelist-common.inc
24include whitelist-var-common.inc
25 23
26caps.drop all
27netfilter
28nodvd
29nogroups
30nonewprivs
31noroot
32notv
33nou2f
34protocol unix,inet,inet6,netlink
35# blacklisting of chroot system calls breaks qupzilla
36seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
37# tracelog
38
39private-dev
40# private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies
41# private-tmp - interferes with the opening of downloaded files 24# private-tmp - interferes with the opening of downloaded files
42 25
26# Redirect
27include falkon.profile
diff --git a/etc/shotcut.profile b/etc/shotcut.profile
index e6c48561f..5b3c5439d 100644
--- a/etc/shotcut.profile
+++ b/etc/shotcut.profile
@@ -1,4 +1,5 @@
1# Firejail profile for shotcut 1# Firejail profile for shotcut
2# Description: A free, open source, cross-platform video editor
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3# Persistent local customizations 4# Persistent local customizations
4include shotcut.local 5include shotcut.local
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 7febcde46..c6f5f70b0 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -27,6 +27,7 @@ nonewprivs
27noroot 27noroot
28notv 28notv
29nou2f 29nou2f
30novideo
30protocol unix 31protocol unix
31seccomp 32seccomp
32shell none 33shell none
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 9cba69a77..d423bb65c 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -42,4 +42,4 @@ private-dev
42private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl 42private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl
43private-tmp 43private-tmp
44 44
45#memory-deny-write-execute - breaks on Arch 45#memory-deny-write-execute - breaks on Arch (see issue #1803)
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index 15e2de9b0..9934e92b0 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -24,6 +24,7 @@ nodvd
24nonewprivs 24nonewprivs
25noroot 25noroot
26notv 26notv
27novideo
27protocol unix,inet,inet6 28protocol unix,inet,inet6
28seccomp 29seccomp
29shell none 30shell none
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 7a9bb5abe..6949299af 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -30,6 +30,7 @@ nonewprivs
30nosound 30nosound
31notv 31notv
32nou2f 32nou2f
33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
35shell none 36shell none
diff --git a/etc/start-tor-browser.desktop.profile b/etc/start-tor-browser.desktop.profile
index 9c3175ad7..2f73c9fee 100644
--- a/etc/start-tor-browser.desktop.profile
+++ b/etc/start-tor-browser.desktop.profile
@@ -6,8 +6,7 @@ include start-tor-browser.desktop.local
6# added by included profile 6# added by included profile
7#include globals.local 7#include globals.local
8 8
9noblacklist ${HOME}/.tor-browser-* 9noblacklist ${HOME}/.tor-browser*
10noblacklist ${HOME}/.tor-browser_*
11 10
12whitelist ${HOME}/.tor-browser-ar 11whitelist ${HOME}/.tor-browser-ar
13whitelist ${HOME}/.tor-browser-ca 12whitelist ${HOME}/.tor-browser-ca
diff --git a/etc/strings.profile b/etc/strings.profile
index 9e681537c..0817d7331 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -1,4 +1,5 @@
1# Firejail profile for strings 1# Firejail profile for strings
2# Description: print the strings of printable characters in files
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3quiet 4quiet
4# Persistent local customizations 5# Persistent local customizations
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile
index d0176a657..6de408740 100644
--- a/etc/subdownloader.profile
+++ b/etc/subdownloader.profile
@@ -31,6 +31,7 @@ nonewprivs
31noroot 31noroot
32notv 32notv
33nou2f 33nou2f
34novideo
34protocol unix,inet,inet6 35protocol unix,inet,inet6
35seccomp 36seccomp
36shell none 37shell none
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 287a078b3..4c64ee766 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -1,4 +1,5 @@
1# Firejail profile for supertux2 1# Firejail profile for supertux2
2# Description: Jump'n run like game
2# This file is overwritten after every install/update 3# This file is overwritten after every install/update
3# Persistent local customizations 4# Persistent local customizations
4include supertux2.local 5include supertux2.local
@@ -27,6 +28,7 @@ nonewprivs
27noroot 28noroot
28notv 29notv
29nou2f 30nou2f
31novideo
30protocol unix,netlink 32protocol unix,netlink
31seccomp 33seccomp
32shell none 34shell none
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile
index 2cd5ec3ad..8a48eeac8 100644
--- a/etc/supertuxkart.profile
+++ b/etc/supertuxkart.profile
@@ -47,7 +47,7 @@ disable-mnt
47private-bin supertuxkart 47private-bin supertuxkart
48private-cache 48private-cache
49private-dev 49private-dev
50private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,selinux,ssl,system-fips,xdg 50private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl
51private-tmp 51private-tmp
52private-opt none 52private-opt none
53private-srv none 53private-srv none
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 00b2fa122..486be5fe6 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-cli.local 6include transmission-cli.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-cli 10private-bin transmission-cli
12private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl 11private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile
index e786fa8a3..1b1fc4af7 100644
--- a/etc/transmission-common.profile
+++ b/etc/transmission-common.profile
@@ -1,11 +1,8 @@
1# Firejail profile for transmission-common 1# Firejail profile for transmission-common
2# Description: Fast, easy and free BitTorrent client 2# Description: Fast, easy and free BitTorrent client
3# This file is overwritten after every install/update 3# This file is overwritten after every install/update
4quiet
5# Persistent local customizations 4# Persistent local customizations
6include transmission-gtk.local 5include transmission-common.local
7# Persistent global definitions
8include globals.local
9 6
10noblacklist ${HOME}/.cache/transmission 7noblacklist ${HOME}/.cache/transmission
11noblacklist ${HOME}/.config/transmission 8noblacklist ${HOME}/.config/transmission
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile
index 7c09878bc..8220b7887 100644
--- a/etc/transmission-create.profile
+++ b/etc/transmission-create.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-create.local 6include transmission-create.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-create 10private-bin transmission-create
12 11
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile
index ca97bb4dc..f1e7fcb17 100644
--- a/etc/transmission-daemon.profile
+++ b/etc/transmission-daemon.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-daemon.local 6include transmission-daemon.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11whitelist /var/lib/transmission 10whitelist /var/lib/transmission
12 11
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile
index 487ea8e51..df381b5cd 100644
--- a/etc/transmission-edit.profile
+++ b/etc/transmission-edit.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-edit.local 6include transmission-edit.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-edit 10private-bin transmission-edit
12 11
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index a45d672ac..01bdeb4ef 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-gtk.local 6include transmission-gtk.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-gtk 10private-bin transmission-gtk
12 11
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index f207a7e90..94f3c3a20 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-qt.local 6include transmission-qt.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-qt 10private-bin transmission-qt
12 11
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile
index d69e70ece..8b3a966c1 100644
--- a/etc/transmission-remote-cli.profile
+++ b/etc/transmission-remote-cli.profile
@@ -5,15 +5,13 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-remote-cli.local 6include transmission-remote-cli.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11# Allow python (blacklisted by disable-interpreters.inc) 10# Allow python (blacklisted by disable-interpreters.inc)
12include allow-python2.inc 11include allow-python2.inc
13include allow-python3.inc 12include allow-python3.inc
14 13
15private-bin python*,transmission-remote-cli 14private-bin python*,transmission-remote-cli
16private-etc
17 15
18# Redirect 16# Redirect
19include transmission-common.profile 17include transmission-common.profile
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile
index f0b313aed..a6400e2c0 100644
--- a/etc/transmission-remote-gtk.profile
+++ b/etc/transmission-remote-gtk.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-remote-gtk.local 6include transmission-remote-gtk.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11noblacklist ${HOME}/.config/transmission-remote-gtk 10noblacklist ${HOME}/.config/transmission-remote-gtk
12 11
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile
index 9ef7119d9..fee4999e6 100644
--- a/etc/transmission-remote.profile
+++ b/etc/transmission-remote.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-remote.local 6include transmission-remote.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-remote 10private-bin transmission-remote
12private-etc alternatives,hosts,nsswitch.conf 11private-etc alternatives,hosts,nsswitch.conf
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 89051f956..5a3c83f58 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -5,8 +5,7 @@ quiet
5# Persistent local customizations 5# Persistent local customizations
6include transmission-show.local 6include transmission-show.local
7# Persistent global definitions 7# Persistent global definitions
8# added by included profile 8include globals.local
9#include globals.local
10 9
11private-bin transmission-show 10private-bin transmission-show
12private-etc alternatives,hosts,nsswitch.conf 11private-etc alternatives,hosts,nsswitch.conf
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index b62d3111d..7223ea2e1 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24notv 24notv
25nou2f 25nou2f
26novideo
26protocol unix,inet,inet6,netlink 27protocol unix,inet,inet6,netlink
27seccomp 28seccomp
28shell none 29shell none
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 85cbc5e43..e65e0a0c3 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f 32nou2f
33novideo
33protocol unix,inet,inet6,netlink 34protocol unix,inet,inet6,netlink
34seccomp 35seccomp
35shell none 36shell none
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index a67d3a1b8..934edfce9 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -30,6 +30,7 @@ nonewprivs
30noroot 30noroot
31notv 31notv
32nou2f 32nou2f
33novideo
33protocol unix,inet,inet6 34protocol unix,inet,inet6
34seccomp 35seccomp
35 36
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile
index 6fc519bee..d87d29ee8 100644
--- a/etc/youtube-dl.profile
+++ b/etc/youtube-dl.profile
@@ -19,6 +19,8 @@ noblacklist ${VIDEOS}
19include allow-python2.inc 19include allow-python2.inc
20include allow-python3.inc 20include allow-python3.inc
21 21
22blacklist /tmp/.X11-unix
23
22include disable-common.inc 24include disable-common.inc
23include disable-devel.inc 25include disable-devel.inc
24include disable-exec.inc 26include disable-exec.inc
diff --git a/etc/zathura.profile b/etc/zathura.profile
index 922284353..db03076be 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -28,6 +28,7 @@ noroot
28nosound 28nosound
29notv 29notv
30nou2f 30nou2f
31novideo
31protocol unix 32protocol unix
32seccomp 33seccomp
33shell none 34shell none
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 11:25:24 +0000