profiles: Add nonewprivs where sensible

author: The Fox in the Shell <KellerFuchs@hashbang.sh> 2016-05-25 02:46:09 +0200
committer: The Fox in the Shell <KellerFuchs@hashbang.sh> 2016-05-25 15:01:13 +0200
commit: 845bd06665539af002b1bf74d2b7cb9e6cf11e0e (patch)
tree: 8f4a6133c718f1e98db1d52869a7d8070dbe9b84 /etc
parent: midori.profile: Use nonewprivs and noroot (diff)
download: firejail-845bd06665539af002b1bf74d2b7cb9e6cf11e0e.tar.gz
firejail-845bd06665539af002b1bf74d2b7cb9e6cf11e0e.tar.zst
firejail-845bd06665539af002b1bf74d2b7cb9e6cf11e0e.zip
68 files changed, 68 insertions, 1 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index f8a3ce23d..e6540fb5d 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -12,6 +12,7 @@ protocol unix,inet,inet6,netlink
 netfilter
 tracelog
 noroot
+nonewprivs
 # Whitelists
 noblacklist ~/.cache/0ad
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index 05131df43..75dbebcf0 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -16,4 +16,5 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
+nonewprivs
 noroot
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 949635258..6a06ce76b 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -11,6 +11,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/atril.profile b/etc/atril.profile
index d1a7b25f8..c20a8c7b3 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 tracelog
 netfilter
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 290faa260..0a1598dee 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/aweather.profile b/etc/aweather.profile
index d7f510a7e..dd508e736 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
 # Call these options
 caps.drop all
 netfilter
+nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile
index fb84c260a..b7ccd132e 100644
--- a/etc/bitlbee.profile
+++ b/etc/bitlbee.profile
@@ -9,3 +9,4 @@ private
 private-dev
 seccomp
 netfilter
+nonewprivs
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile
index 1f69f61c6..b3a34fc9a 100644
--- a/etc/cherrytree.profile
+++ b/etc/cherrytree.profile
@@ -19,6 +19,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 include /etc/firejail/whitelist-common.inc
 nosound
diff --git a/etc/clementine.profile b/etc/clementine.profile
index c6271e6e3..fb9dca2a9 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/cmus.profile b/etc/cmus.profile
index 72b43a70f..16b9c112d 100644
--- a/etc/cmus.profile
+++ b/etc/cmus.profile
@@ -10,6 +10,7 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 private-bin cmus
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index 007eef663..0a7966e4b 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -7,6 +7,7 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 whitelist ~/.conkeror.mozdev.org
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index cef9ad464..c5fb25e9a 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -11,6 +11,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile
index 2810e5323..9225ca16e 100644
--- a/etc/deadbeef.profile
+++ b/etc/deadbeef.profile
@@ -9,4 +9,5 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/default.profile b/etc/default.profile
index f2c7d4114..d836a9f5d 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -11,5 +11,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
diff --git a/etc/deluge.profile b/etc/deluge.profile
index 4043f58f5..f7a2b98e4 100644
--- a/etc/deluge.profile
+++ b/etc/deluge.profile
@@ -9,5 +9,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 nosound
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 49c33fb7a..392000ade 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -11,6 +11,7 @@ seccomp
 protocol unix,inet,inet6
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index 474bc5aca..4459c40dd 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -11,3 +11,4 @@ protocol unix,inet,inet6,netlink
 netfilter
 private
 private-dev
+nonewprivs
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index a0a944dce..568ab230a 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -6,4 +6,5 @@ include /etc/firejail/disable-passwdmgr.inc
 caps
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/empathy.profile b/etc/empathy.profile
index 789bdda08..c08398e84 100644
--- a/etc/empathy.profile
+++ b/etc/empathy.profile
@@ -7,3 +7,4 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
diff --git a/etc/epiphany.profile b/etc/epiphany.profile
index 95a673bf9..7783a05fd 100644
--- a/etc/epiphany.profile
+++ b/etc/epiphany.profile
@@ -23,4 +23,4 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
diff --git a/etc/evince.profile b/etc/evince.profile
index c390dcaf3..3c883d43c 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 nosound
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
index cfbae1c74..7764a48c9 100644
--- a/etc/fbreader.profile
+++ b/etc/fbreader.profile
@@ -10,5 +10,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 nosound
diff --git a/etc/filezilla.profile b/etc/filezilla.profile
index 8542de284..1ab08b568 100644
--- a/etc/filezilla.profile
+++ b/etc/filezilla.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
 nosound
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 1ea94a2c7..6796ef7c4 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -11,6 +11,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index 94c672acf..77a95aa17 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -18,6 +18,7 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6,netlink
 netfilter
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index ec3698ac8..010b19613 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index 7fe43f1f6..fe2f79901 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6,netlink
+nonewprivs
 noroot
 netfilter
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index f53cb1b4f..ba9fce37b 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
 # Call these options
 caps.drop all
 netfilter
+nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index d61c57adc..87523d825 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix
+nonewprivs
 noroot
 nogroups
 private-dev
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index 5ab7cfe72..c5d863bd5 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
+nonewprivs
 noroot
 private-dev
 seccomp
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index b77555e55..3eb350660 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/kmail.profile b/etc/kmail.profile
index a7079661b..a47945bc6 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -10,5 +10,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6,netlink
 netfilter
+nonewprivs
 noroot
 tracelog
diff --git a/etc/mcabber.profile b/etc/mcabber.profile
index 1d753d7c3..1536194b2 100644
--- a/etc/mcabber.profile
+++ b/etc/mcabber.profile
@@ -11,6 +11,7 @@ caps.drop all
 seccomp
 protocol inet,inet6
 netfilter
+nonewprivs
 noroot
 private-bin mcabber
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile
index 7b38b411a..c9a99bede 100644
--- a/etc/mupen64plus.profile
+++ b/etc/mupen64plus.profile
@@ -16,6 +16,7 @@ mkdir ${HOME}/.config
 mkdir ${HOME}/.config/mupen64plus
 whitelist ${HOME}/.config/mupen64plus/
+nonewprivs
 noroot
 caps.drop all
 seccomp
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index 26b621126..e01cace7f 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -11,6 +11,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/okular.profile b/etc/okular.profile
index 7929a8796..5179da787 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix
+nonewprivs
 noroot
 nogroups
 private-dev
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index fc4ea453b..4db9b7adc 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -16,6 +16,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/parole.profile b/etc/parole.profile
index 0c9a72143..c0be0453b 100644
--- a/etc/parole.profile
+++ b/etc/parole.profile
@@ -11,5 +11,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 shell none
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index fd497f082..767da5f55 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/polari.profile b/etc/polari.profile
index 0bc46f3f7..7910f4e9b 100644
--- a/etc/polari.profile
+++ b/etc/polari.profile
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 8bdc745fb..858fdda4d 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -8,5 +8,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 nosound
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 80acc3873..ca34e932a 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -12,4 +12,5 @@ include /etc/firejail/whitelist-common.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/quassel.profile b/etc/quassel.profile
index 72004da7f..e68315c1c 100644
--- a/etc/quassel.profile
+++ b/etc/quassel.profile
@@ -6,5 +6,6 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 411d37dbd..5ad7ead1a 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -20,6 +20,7 @@ seccomp
 protocol unix,inet,inet6
 netfilter
 tracelog
+nonewprivs
 noroot
 nogroups
 shell none
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index 934a374de..09d10b0bb 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -11,6 +11,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 782cd3832..ee0832863 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile
index ae0430830..9ae2206c1 100644
--- a/etc/rtorrent.profile
+++ b/etc/rtorrent.profile
@@ -8,5 +8,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 nosound
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index a10d5b0ec..886af0f67 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -10,6 +10,7 @@ seccomp
 protocol unix,inet,inet6,netlink
 netfilter
 tracelog
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/skype.profile b/etc/skype.profile
index 26feac1a4..4c4a34980 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -6,6 +6,7 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 netfilter
+nonewprivs
 noroot
 seccomp
 protocol unix,inet,inet6
diff --git a/etc/spotify.profile b/etc/spotify.profile
index fd4586dd5..1ee379dea 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -26,5 +26,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6,netlink
 netfilter
+nonewprivs
 noroot
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 7b282bde6..0c4621f66 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -9,4 +9,5 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
diff --git a/etc/steam.profile b/etc/steam.profile
index 4c96e8258..ae5e93829 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
+nonewprivs
 noroot
 seccomp
 protocol unix,inet,inet6
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index 7cb74eeaa..148ec949d 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc
 # Call these options
 caps.drop all
 netfilter
+nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
diff --git a/etc/telegram.profile b/etc/telegram.profile
index df6b6a270..62a0fa404 100644
--- a/etc/telegram.profile
+++ b/etc/telegram.profile
@@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/totem.profile b/etc/totem.profile
index d23167b03..f2bce5dee 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -10,5 +10,6 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index d61d36a8c..e27873f88 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -11,6 +11,7 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 tracelog
 nosound
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 3db7a5452..2caa923d8 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -11,6 +11,7 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 tracelog
 nosound
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index ef5aa7d4a..86e7be6fd 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -9,6 +9,7 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 whitelist ${DOWNLOADS}
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 449d9a168..2049d2bd9 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -6,6 +6,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 netfilter
+nonewprivs
 whitelist ${DOWNLOADS}
 mkdir ~/.config
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 061ae6f78..d26034748 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -9,5 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 netfilter
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 7588da657..ceeaca012 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc
 # Call these options
 caps.drop all
 netfilter
+nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
diff --git a/etc/weechat.profile b/etc/weechat.profile
index 280a5f9d8..11b5bd10f 100644
--- a/etc/weechat.profile
+++ b/etc/weechat.profile
@@ -7,5 +7,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 netfilter
+nonewprivs
 noroot
 netfilter
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile
index 340ba0db5..61a87d994 100644
--- a/etc/wesnoth.profile
+++ b/etc/wesnoth.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 private-dev
diff --git a/etc/wine.profile b/etc/wine.profile
index ea6db8511..18e5346af 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -9,5 +9,6 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 netfilter
+nonewprivs
 noroot
 seccomp
diff --git a/etc/xchat.profile b/etc/xchat.profile
index fcea4245e..f4b273693 100644
--- a/etc/xchat.profile
+++ b/etc/xchat.profile
@@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 67a46a7da..fb0e3c910 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -10,6 +10,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 tracelog
 netfilter
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 7b72d41a6..4b7ed41be 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 seccomp
 protocol unix,inet,inet6
+nonewprivs
 noroot
 tracelog
 netfilter
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 33e1e3c68..a0c91f0f3 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -9,5 +9,6 @@ caps.drop all
 seccomp
 protocol unix,inet,inet6
 noroot
+nonewprivs
 tracelog
 netfilter
author	The Fox in the Shell <KellerFuchs@hashbang.sh>	2016-05-25 02:46:09 +0200
committer	The Fox in the Shell <KellerFuchs@hashbang.sh>	2016-05-25 15:01:13 +0200
commit	845bd06665539af002b1bf74d2b7cb9e6cf11e0e (patch)
tree	8f4a6133c718f1e98db1d52869a7d8070dbe9b84 /etc
parent	midori.profile: Use nonewprivs and noroot (diff)
download	firejail-845bd06665539af002b1bf74d2b7cb9e6cf11e0e.tar.gz firejail-845bd06665539af002b1bf74d2b7cb9e6cf11e0e.tar.zst firejail-845bd06665539af002b1bf74d2b7cb9e6cf11e0e.zip