aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2019-03-12 20:44:51 +0000
committerLibravatar GitHub <noreply@github.com>2019-03-12 20:44:51 +0000
commitaa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch)
treee44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc
parentHarden meld.profile (#2577) (diff)
downloadfirejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz
firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst
firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip
add disable-exec.inc to all profiles with apparmor (#2576)
* add disable-exec.inc to all profiles with apparmor - #2385 #2505 * drop disable-exec.inc from generic electron.profile
Diffstat (limited to 'etc')
-rw-r--r--etc/akonadi_control.profile3
-rw-r--r--etc/arch-audit.profile3
-rw-r--r--etc/ark.profile3
-rw-r--r--etc/artha.profile3
-rw-r--r--etc/assogiate.profile3
-rw-r--r--etc/asunder.profile3
-rw-r--r--etc/atril.profile3
-rw-r--r--etc/audacious.profile3
-rw-r--r--etc/audacity.profile3
-rw-r--r--etc/authenticator.profile3
-rw-r--r--etc/celluloid.profile3
-rw-r--r--etc/checkbashisms.profile3
-rw-r--r--etc/chromium-common.profile8
-rw-r--r--etc/clawsker.profile3
-rw-r--r--etc/clipit.profile3
-rw-r--r--etc/d-feet.profile3
-rw-r--r--etc/dconf-editor.profile3
-rw-r--r--etc/dconf.profile3
-rw-r--r--etc/devhelp.profile3
-rw-r--r--etc/devilspie.profile3
-rw-r--r--etc/devilspie2.profile3
-rw-r--r--etc/digikam.profile3
-rw-r--r--etc/disable-exec.inc11
-rw-r--r--etc/enchant.profile3
-rw-r--r--etc/engrampa.profile3
-rw-r--r--etc/eog.profile3
-rw-r--r--etc/exiftool.profile3
-rw-r--r--etc/ffmpeg.profile3
-rw-r--r--etc/file-roller.profile3
-rw-r--r--etc/file.profile3
-rw-r--r--etc/firefox-common.profile8
-rw-r--r--etc/font-manager.profile3
-rw-r--r--etc/galculator.profile3
-rw-r--r--etc/gcloud.profile9
-rw-r--r--etc/gconf.profile3
-rw-r--r--etc/gedit.profile3
-rw-r--r--etc/geekbench.profile3
-rw-r--r--etc/ghostwriter.profile3
-rw-r--r--etc/gimp.profile10
-rw-r--r--etc/git.profile3
-rw-r--r--etc/gnome-calculator.profile3
-rw-r--r--etc/gnome-clocks.profile3
-rw-r--r--etc/gnome-keyring.profile3
-rw-r--r--etc/gnome-logs.profile3
-rw-r--r--etc/gnome-maps.profile3
-rw-r--r--etc/gnome-schedule.profile3
-rw-r--r--etc/gnome-system-log.profile3
-rw-r--r--etc/gpicview.profile3
-rw-r--r--etc/gucharmap.profile3
-rw-r--r--etc/gwenview.profile3
-rw-r--r--etc/handbrake.profile3
-rw-r--r--etc/img2txt.profile3
-rw-r--r--etc/inkscape.profile3
-rw-r--r--etc/kate.profile6
-rw-r--r--etc/kcalc.profile3
-rw-r--r--etc/kdenlive.profile6
-rw-r--r--etc/klavaro.profile3
-rw-r--r--etc/kmail.profile3
-rw-r--r--etc/kodi.profile8
-rw-r--r--etc/krita.profile8
-rw-r--r--etc/kwrite.profile3
-rw-r--r--etc/libreoffice.profile3
-rw-r--r--etc/masterpdfeditor.profile3
-rw-r--r--etc/mediainfo.profile3
-rw-r--r--etc/meld.profile3
-rw-r--r--etc/mpsyt.profile3
-rw-r--r--etc/mpv.profile1
-rw-r--r--etc/mypaint.profile3
-rw-r--r--etc/nano.profile3
-rw-r--r--etc/netactview.profile3
-rw-r--r--etc/ocenaudio.profile3
-rw-r--r--etc/okular.profile3
-rw-r--r--etc/openshot.profile3
-rw-r--r--etc/pavucontrol.profile3
-rw-r--r--etc/pluma.profile3
-rw-r--r--etc/qbittorrent.profile3
-rw-r--r--etc/redshift.profile3
-rw-r--r--etc/regextester.profile3
-rw-r--r--etc/rhythmbox.profile3
-rw-r--r--etc/seahorse-tool.profile3
-rw-r--r--etc/seahorse.profile1
-rw-r--r--etc/simplescreenrecorder.profile3
-rw-r--r--etc/smplayer.profile3
-rw-r--r--etc/soundconverter.profile3
-rw-r--r--etc/sqlitebrowser.profile3
-rw-r--r--etc/standardnotes-desktop.profile3
-rw-r--r--etc/subdownloader.profile3
-rw-r--r--etc/supertuxkart.profile3
-rw-r--r--etc/sysprof.profile3
-rw-r--r--etc/totem.profile3
-rw-r--r--etc/transgui.profile3
-rw-r--r--etc/transmission-cli.profile3
-rw-r--r--etc/transmission-daemon.profile3
-rw-r--r--etc/transmission-gtk.profile3
-rw-r--r--etc/transmission-qt.profile3
-rw-r--r--etc/transmission-remote.profile3
-rw-r--r--etc/transmission-show.profile3
-rw-r--r--etc/viewnior.profile3
-rw-r--r--etc/vlc.profile3
-rw-r--r--etc/wireshark.profile3
-rw-r--r--etc/xed.profile3
-rw-r--r--etc/xfce4-mixer.profile3
-rw-r--r--etc/xplayer.profile3
-rw-r--r--etc/xreader.profile3
-rw-r--r--etc/xviewer.profile3
105 files changed, 138 insertions, 220 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile
index 4d40e6594..1c16f940e 100644
--- a/etc/akonadi_control.profile
+++ b/etc/akonadi_control.profile
@@ -22,6 +22,7 @@ noblacklist /usr/sbin
22 22
23include disable-common.inc 23include disable-common.inc
24include disable-devel.inc 24include disable-devel.inc
25include disable-exec.inc
25include disable-interpreters.inc 26include disable-interpreters.inc
26include disable-passwdmgr.inc 27include disable-passwdmgr.inc
27include disable-programs.inc 28include disable-programs.inc
@@ -51,5 +52,3 @@ tracelog
51private-dev 52private-dev
52# private-tmp - breaks programs that depend on akonadi 53# private-tmp - breaks programs that depend on akonadi
53 54
54noexec ${HOME}
55noexec /tmp
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index e28733c63..e353326df 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -12,6 +12,7 @@ noblacklist /var/lib/pacman
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -44,5 +45,3 @@ private-dev
44private-tmp 45private-tmp
45 46
46memory-deny-write-execute 47memory-deny-write-execute
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/ark.profile b/etc/ark.profile
index b60674f95..9214e96ff 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/arkrc
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -39,5 +40,3 @@ private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,ba
39private-dev 40private-dev
40private-tmp 41private-tmp
41 42
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/artha.profile b/etc/artha.profile
index 2e4c9071f..8ef5124de 100644
--- a/etc/artha.profile
+++ b/etc/artha.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/enchant
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -42,5 +43,3 @@ private-lib libnotify.so.*
42private-tmp 43private-tmp
43 44
44memory-deny-write-execute 45memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/assogiate.profile b/etc/assogiate.profile
index 1161c24fe..577a20093 100644
--- a/etc/assogiate.profile
+++ b/etc/assogiate.profile
@@ -10,6 +10,7 @@ noblacklist ${PICTURES}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -45,5 +46,3 @@ private-lib gnome-vfs-2.0,libattr.so.*,libacl.so.*,libfam.so.*
45private-tmp 46private-tmp
46 47
47memory-deny-write-execute 48memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/asunder.profile b/etc/asunder.profile
index 3167dfe12..fa2479051 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -14,6 +14,7 @@ noblacklist ${MUSIC}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
17include disable-interpreters.inc 18include disable-interpreters.inc
18include disable-passwdmgr.inc 19include disable-passwdmgr.inc
19include disable-programs.inc 20include disable-programs.inc
@@ -39,5 +40,3 @@ private-tmp
39 40
40# mdwe is disabled due to breaking hardware accelerated decoding 41# mdwe is disabled due to breaking hardware accelerated decoding
41# memory-deny-write-execute 42# memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/atril.profile b/etc/atril.profile
index aca945ba3..2f39af823 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -15,6 +15,7 @@ noblacklist ${DOCUMENTS}
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -49,5 +50,3 @@ private-tmp
49 50
50# webkit gtk killed by memory-deny-write-execute 51# webkit gtk killed by memory-deny-write-execute
51#memory-deny-write-execute 52#memory-deny-write-execute
52noexec ${HOME}
53noexec /tmp
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 590d3ffa3..4d0c93047 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -12,6 +12,7 @@ noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -40,5 +41,3 @@ private-dev
40private-tmp 41private-tmp
41 42
42memory-deny-write-execute 43memory-deny-write-execute
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 4dd412359..200d3a387 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -12,6 +12,7 @@ noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -41,5 +42,3 @@ private-dev
41private-tmp 42private-tmp
42 43
43memory-deny-write-execute 44memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/authenticator.profile b/etc/authenticator.profile
index 7f5090251..339b51239 100644
--- a/etc/authenticator.profile
+++ b/etc/authenticator.profile
@@ -14,6 +14,7 @@ noblacklist /usr/lib/python3*
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
17include disable-interpreters.inc 18include disable-interpreters.inc
18include disable-passwdmgr.inc 19include disable-passwdmgr.inc
19include disable-programs.inc 20include disable-programs.inc
@@ -43,5 +44,3 @@ private-etc alternatives,fonts,ld.so.cache
43private-tmp 44private-tmp
44 45
45# memory-deny-write-execute - breaks on Arch 46# memory-deny-write-execute - breaks on Arch
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/celluloid.profile b/etc/celluloid.profile
index 1f61ff9f5..5604a16b9 100644
--- a/etc/celluloid.profile
+++ b/etc/celluloid.profile
@@ -21,6 +21,7 @@ noblacklist /usr/local/lib/python3*
21 21
22include disable-common.inc 22include disable-common.inc
23include disable-devel.inc 23include disable-devel.inc
24include disable-exec.inc
24include disable-interpreters.inc 25include disable-interpreters.inc
25include disable-passwdmgr.inc 26include disable-passwdmgr.inc
26include disable-programs.inc 27include disable-programs.inc
@@ -47,5 +48,3 @@ private-etc alternatives,ca-certificates,ssl,pki,pkcs11,hosts,machine-id,localti
47private-dev 48private-dev
48private-tmp 49private-tmp
49 50
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
index fe2648792..5afbf2d56 100644
--- a/etc/checkbashisms.profile
+++ b/etc/checkbashisms.profile
@@ -18,6 +18,7 @@ noblacklist /usr/share/perl*
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
21include disable-exec.inc
21include disable-interpreters.inc 22include disable-interpreters.inc
22include disable-passwdmgr.inc 23include disable-passwdmgr.inc
23include disable-programs.inc 24include disable-programs.inc
@@ -50,5 +51,3 @@ private-lib perl*
50private-tmp 51private-tmp
51 52
52memory-deny-write-execute 53memory-deny-write-execute
53noexec ${HOME}
54noexec /tmp
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index a182e5d20..3c7423316 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -6,11 +6,15 @@ include chromium-common.local
6# already included by caller profile 6# already included by caller profile
7#include globals.local 7#include globals.local
8 8
9# noexec ${HOME} breaks DRM binaries.
10ignore noexec ${HOME}
11
9noblacklist ${HOME}/.pki 12noblacklist ${HOME}/.pki
10noblacklist ${HOME}/.local/share/pki 13noblacklist ${HOME}/.local/share/pki
11 14
12include disable-common.inc 15include disable-common.inc
13include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
14include disable-interpreters.inc 18include disable-interpreters.inc
15include disable-programs.inc 19include disable-programs.inc
16 20
@@ -37,9 +41,5 @@ disable-mnt
37private-dev 41private-dev
38# private-tmp - problems with multiple browser sessions 42# private-tmp - problems with multiple browser sessions
39 43
40# breaks DRM binaries
41#noexec ${HOME}
42noexec /tmp
43
44# the file dialog needs to work without d-bus 44# the file dialog needs to work without d-bus
45env NO_CHROME_KDE_FILE_DIALOG=1 45env NO_CHROME_KDE_FILE_DIALOG=1
diff --git a/etc/clawsker.profile b/etc/clawsker.profile
index c0f417915..c519ecedb 100644
--- a/etc/clawsker.profile
+++ b/etc/clawsker.profile
@@ -17,6 +17,7 @@ noblacklist /usr/share/perl*
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
20include disable-exec.inc
20include disable-interpreters.inc 21include disable-interpreters.inc
21include disable-passwdmgr.inc 22include disable-passwdmgr.inc
22include disable-programs.inc 23include disable-programs.inc
@@ -51,5 +52,3 @@ private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1
51private-tmp 52private-tmp
52 53
53# memory-deny-write-execute - breaks on Arch 54# memory-deny-write-execute - breaks on Arch
54noexec ${HOME}
55noexec /tmp
diff --git a/etc/clipit.profile b/etc/clipit.profile
index 052d0464b..6e4d3fbaf 100644
--- a/etc/clipit.profile
+++ b/etc/clipit.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/clipit
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -39,5 +40,3 @@ private-cache
39private-dev 40private-dev
40private-tmp 41private-tmp
41 42
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/d-feet.profile b/etc/d-feet.profile
index 05314fa18..92bd5e1a4 100644
--- a/etc/d-feet.profile
+++ b/etc/d-feet.profile
@@ -16,6 +16,7 @@ noblacklist /usr/lib/python3*
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
19include disable-exec.inc
19include disable-interpreters.inc 20include disable-interpreters.inc
20include disable-passwdmgr.inc 21include disable-passwdmgr.inc
21include disable-programs.inc 22include disable-programs.inc
@@ -51,5 +52,3 @@ private-etc alternatives,dbus-1,fonts,machine-id
51private-tmp 52private-tmp
52 53
53# memory-deny-write-execute - Breaks on Arch 54# memory-deny-write-execute - Breaks on Arch
54noexec ${HOME}
55noexec /tmp
diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile
index 103a2ed93..1174a5bba 100644
--- a/etc/dconf-editor.profile
+++ b/etc/dconf-editor.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -41,5 +42,3 @@ private-lib
41private-tmp 42private-tmp
42 43
43# memory-deny-write-execute 44# memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/dconf.profile b/etc/dconf.profile
index d2376cc35..2c7c9f638 100644
--- a/etc/dconf.profile
+++ b/etc/dconf.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -44,5 +45,3 @@ private-lib
44private-tmp 45private-tmp
45 46
46memory-deny-write-execute 47memory-deny-write-execute
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/devhelp.profile b/etc/devhelp.profile
index 897357fdf..4e618b7ea 100644
--- a/etc/devhelp.profile
+++ b/etc/devhelp.profile
@@ -9,6 +9,7 @@ include globals.local
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
12include disable-exec.inc
12include disable-interpreters.inc 13include disable-interpreters.inc
13include disable-passwdmgr.inc 14include disable-passwdmgr.inc
14include disable-programs.inc 15include disable-programs.inc
@@ -41,7 +42,5 @@ private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl
41private-tmp 42private-tmp
42 43
43# memory-deny-write-execute - Breaks on Arch 44# memory-deny-write-execute - Breaks on Arch
44noexec ${HOME}
45noexec /tmp
46 45
47read-only ${HOME} 46read-only ${HOME}
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index ffab615d1..2d100c4b0 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.devilspie
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -44,7 +45,5 @@ private-lib gconv
44private-tmp 45private-tmp
45 46
46memory-deny-write-execute 47memory-deny-write-execute
47noexec ${HOME}
48noexec /tmp
49 48
50read-only ${HOME} 49read-only ${HOME}
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index b89bf122b..2f599366b 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/devilspie2
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -44,7 +45,5 @@ private-lib gconv
44private-tmp 45private-tmp
45 46
46memory-deny-write-execute 47memory-deny-write-execute
47noexec ${HOME}
48noexec /tmp
49 48
50read-only ${HOME} 49read-only ${HOME}
diff --git a/etc/digikam.profile b/etc/digikam.profile
index cc0e98ba3..e9c89a1b9 100644
--- a/etc/digikam.profile
+++ b/etc/digikam.profile
@@ -14,6 +14,7 @@ noblacklist ${PICTURES}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
17include disable-interpreters.inc 18include disable-interpreters.inc
18include disable-passwdmgr.inc 19include disable-passwdmgr.inc
19include disable-programs.inc 20include disable-programs.inc
@@ -40,5 +41,3 @@ shell none
40# private-etc alternatives,ca-certificates,ssl,pki,crypto-policies 41# private-etc alternatives,ca-certificates,ssl,pki,crypto-policies
41private-tmp 42private-tmp
42 43
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/disable-exec.inc b/etc/disable-exec.inc
new file mode 100644
index 000000000..c535af7d4
--- /dev/null
+++ b/etc/disable-exec.inc
@@ -0,0 +1,11 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include disable-exec.local
4
5noexec ${HOME}
6noexec ${RUNUSER}
7noexec /dev/shm
8noexec /tmp
9# /var/tmp is noexec by default
10# just in case there is a keep-var-tmp option:
11noexec /var/tmp
diff --git a/etc/enchant.profile b/etc/enchant.profile
index 7d304feb7..288d8799c 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/enchant
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -43,5 +44,3 @@ private-lib
43private-tmp 44private-tmp
44 45
45memory-deny-write-execute 46memory-deny-write-execute
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index 670808de2..562e8f542 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -38,5 +39,3 @@ private-dev
38# private-tmp 39# private-tmp
39 40
40memory-deny-write-execute 41memory-deny-write-execute
41noexec ${HOME}
42noexec /tmp
diff --git a/etc/eog.profile b/etc/eog.profile
index 57931b794..f296cbcb4 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.steam
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -47,5 +48,3 @@ private-lib eog,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*
47private-tmp 48private-tmp
48 49
49# memory-deny-write-execute 50# memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 1838ce273..62eff69ab 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -15,6 +15,7 @@ noblacklist /usr/share/perl*
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -46,5 +47,3 @@ private-etc alternatives
46private-tmp 47private-tmp
47 48
48memory-deny-write-execute 49memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile
index aa7a91928..a1c311e42 100644
--- a/etc/ffmpeg.profile
+++ b/etc/ffmpeg.profile
@@ -12,6 +12,7 @@ noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -48,5 +49,3 @@ private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf
48private-tmp 49private-tmp
49 50
50# memory-deny-write-execute - it breaks old versions of ffmpeg 51# memory-deny-write-execute - it breaks old versions of ffmpeg
51noexec ${HOME}
52noexec /tmp
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index dbb3fa93c..ad52b0e97 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -41,5 +42,3 @@ private-dev
41# private-tmp 42# private-tmp
42 43
43# memory-deny-write-execute 44# memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/file.profile b/etc/file.profile
index e084e80c2..c304b4efe 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -10,6 +10,7 @@ include globals.local
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-exec.inc
13include disable-passwdmgr.inc 14include disable-passwdmgr.inc
14include disable-programs.inc 15include disable-programs.inc
15 16
@@ -41,5 +42,3 @@ private-etc alternatives,magic.mgc,magic,localtime
41private-lib libarchive.so.*,libfakeroot,libmagic.so.* 42private-lib libarchive.so.*,libfakeroot,libmagic.so.*
42 43
43memory-deny-write-execute 44memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 3089b7ce8..a2a34f33f 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -6,6 +6,9 @@ include firefox-common.local
6# already included by caller profile 6# already included by caller profile
7#include globals.local 7#include globals.local
8 8
9# noexec ${HOME} breaks DRM binaries.
10ignore noexec ${HOME}
11
9# Uncomment the following line to allow access to common programs/addons/plugins. 12# Uncomment the following line to allow access to common programs/addons/plugins.
10#include firefox-common-addons.inc 13#include firefox-common-addons.inc
11 14
@@ -14,6 +17,7 @@ noblacklist ${HOME}/.local/share/pki
14 17
15include disable-common.inc 18include disable-common.inc
16include disable-devel.inc 19include disable-devel.inc
20include disable-exec.inc
17include disable-interpreters.inc 21include disable-interpreters.inc
18include disable-programs.inc 22include disable-programs.inc
19 23
@@ -55,7 +59,3 @@ private-dev
55# private-etc below works fine on most distributions. There are some problems on CentOS. 59# private-etc below works fine on most distributions. There are some problems on CentOS.
56#private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache 60#private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache
57private-tmp 61private-tmp
58
59# Breaks DRM binaries.
60#noexec ${HOME}
61noexec /tmp
diff --git a/etc/font-manager.profile b/etc/font-manager.profile
index 49c50da71..3b4a1e3a2 100644
--- a/etc/font-manager.profile
+++ b/etc/font-manager.profile
@@ -17,6 +17,7 @@ noblacklist /usr/lib/python3*
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
20include disable-exec.inc
20include disable-interpreters.inc 21include disable-interpreters.inc
21include disable-passwdmgr.inc 22include disable-passwdmgr.inc
22include disable-programs.inc 23include disable-programs.inc
@@ -52,5 +53,3 @@ private-dev
52private-tmp 53private-tmp
53 54
54#memory-deny-write-execute - Breaks on Arch 55#memory-deny-write-execute - Breaks on Arch
55noexec ${HOME}
56noexec /tmp
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 203d0a455..92b400572 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/galculator
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -47,5 +48,3 @@ private-lib
47private-tmp 48private-tmp
48 49
49memory-deny-write-execute 50memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
index d9df8fd37..a08aebf2c 100644
--- a/etc/gcloud.profile
+++ b/etc/gcloud.profile
@@ -5,12 +5,16 @@ include gcloud.local
5# Persistent global definitions 5# Persistent global definitions
6include globals.local 6include globals.local
7 7
8# noexec ${HOME} will break user-local installs of gcloud tooling
9ignore noexec ${HOME}
10
8noblacklist ${HOME}/.boto 11noblacklist ${HOME}/.boto
9noblacklist ${HOME}/.config/gcloud 12noblacklist ${HOME}/.config/gcloud
10noblacklist /var/run/docker.sock 13noblacklist /var/run/docker.sock
11 14
12include disable-common.inc 15include disable-common.inc
13include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
14include disable-programs.inc 18include disable-programs.inc
15 19
16apparmor 20apparmor
@@ -34,8 +38,3 @@ disable-mnt
34private-dev 38private-dev
35private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache 39private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache
36private-tmp 40private-tmp
37
38noexec /tmp
39
40# will break user-local installs of gcloud tooling
41# noexec ${HOME}
diff --git a/etc/gconf.profile b/etc/gconf.profile
index 94af21833..4a2d433ef 100644
--- a/etc/gconf.profile
+++ b/etc/gconf.profile
@@ -16,6 +16,7 @@ noblacklist /usr/lib/python2*
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
19include disable-exec.inc
19include disable-interpreters.inc 20include disable-interpreters.inc
20include disable-passwdmgr.inc 21include disable-passwdmgr.inc
21include disable-programs.inc 22include disable-programs.inc
@@ -53,5 +54,3 @@ private-lib libpython*,python2*
53private-tmp 54private-tmp
54 55
55memory-deny-write-execute 56memory-deny-write-execute
56noexec ${HOME}
57noexec /tmp
diff --git a/etc/gedit.profile b/etc/gedit.profile
index a583c534f..6b99ec580 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.python-history
13 13
14include disable-common.inc 14include disable-common.inc
15# include disable-devel.inc 15# include disable-devel.inc
16include disable-exec.inc
16# include disable-interpreters.inc 17# include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -44,5 +45,3 @@ private-dev
44private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell 45private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell
45private-tmp 46private-tmp
46 47
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/geekbench.profile b/etc/geekbench.profile
index 425fb7bb5..764c68131 100644
--- a/etc/geekbench.profile
+++ b/etc/geekbench.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -46,7 +47,5 @@ private-opt none
46private-tmp 47private-tmp
47 48
48# memory-deny-write-execute - Breaks on Arch 49# memory-deny-write-execute - Breaks on Arch
49noexec ${HOME}
50noexec /tmp
51 50
52read-only ${HOME} 51read-only ${HOME}
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile
index 615e6d01c..76011df19 100644
--- a/etc/ghostwriter.profile
+++ b/etc/ghostwriter.profile
@@ -12,6 +12,7 @@ noblacklist ${PICTURES}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -53,5 +54,3 @@ private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dcon
53#private-lib 54#private-lib
54private-tmp 55private-tmp
55 56
56noexec ${HOME}
57noexec /tmp
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 9b14b1fe8..91001cd30 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -6,12 +6,17 @@ include gimp.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
10# if you are not using external plugins, you can disable ignore noexec statement below
11ignore noexec ${HOME}
12
9noblacklist ${HOME}/.config/GIMP 13noblacklist ${HOME}/.config/GIMP
10noblacklist ${HOME}/.gimp* 14noblacklist ${HOME}/.gimp*
11noblacklist ${DOCUMENTS} 15noblacklist ${DOCUMENTS}
12noblacklist ${PICTURES} 16noblacklist ${PICTURES}
13 17
14include disable-common.inc 18include disable-common.inc
19include disable-exec.inc
15include disable-passwdmgr.inc 20include disable-passwdmgr.inc
16include disable-programs.inc 21include disable-programs.inc
17include disable-xdg.inc 22include disable-xdg.inc
@@ -35,8 +40,3 @@ shell none
35 40
36private-dev 41private-dev
37private-tmp 42private-tmp
38
39# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
40# if you are not using external plugins, you can enable noexec statement below
41# noexec ${HOME}
42noexec /tmp
diff --git a/etc/git.profile b/etc/git.profile
index 575793f58..44e3474f8 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -21,6 +21,7 @@ noblacklist ${HOME}/.vim
21noblacklist ${HOME}/.viminfo 21noblacklist ${HOME}/.viminfo
22 22
23include disable-common.inc 23include disable-common.inc
24include disable-exec.inc
24include disable-passwdmgr.inc 25include disable-passwdmgr.inc
25include disable-programs.inc 26include disable-programs.inc
26 27
@@ -46,5 +47,3 @@ private-cache
46private-dev 47private-dev
47 48
48memory-deny-write-execute 49memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index eb124a4e8..c9ad4831f 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -9,6 +9,7 @@ include globals.local
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
12include disable-exec.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-programs.inc 15include disable-programs.inc
@@ -45,5 +46,3 @@ private-dev
45private-tmp 46private-tmp
46 47
47# memory-deny-write-execute 48# memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index 32a7ca918..cb73a9477 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -39,5 +40,3 @@ private-dev
39private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf 40private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf
40private-tmp 41private-tmp
41 42
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/gnome-keyring.profile b/etc/gnome-keyring.profile
index 88898a816..47d8ca2c0 100644
--- a/etc/gnome-keyring.profile
+++ b/etc/gnome-keyring.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.gnupg
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -47,5 +48,3 @@ private-dev
47private-tmp 48private-tmp
48 49
49memory-deny-write-execute 50memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index 9ea4fb9f6..c7cbd8388 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -46,8 +47,6 @@ private-tmp
46writable-var-log 47writable-var-log
47 48
48memory-deny-write-execute 49memory-deny-write-execute
49noexec ${HOME}
50noexec /tmp
51 50
52# comment this if you export logs to a file in your ${HOME} 51# comment this if you export logs to a file in your ${HOME}
53read-only ${HOME} 52read-only ${HOME}
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile
index 6ce44e7ce..97de9c2be 100644
--- a/etc/gnome-maps.profile
+++ b/etc/gnome-maps.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.local/share/flatpak
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -43,5 +44,3 @@ private-dev
43# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies 44# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies
44private-tmp 45private-tmp
45 46
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile
index 10ed8935a..bb11c64a8 100644
--- a/etc/gnome-schedule.profile
+++ b/etc/gnome-schedule.profile
@@ -43,6 +43,7 @@ noblacklist /usr/lib/python3*
43 43
44include disable-common.inc 44include disable-common.inc
45include disable-devel.inc 45include disable-devel.inc
46include disable-exec.inc
46include disable-interpreters.inc 47include disable-interpreters.inc
47include disable-passwdmgr.inc 48include disable-passwdmgr.inc
48include disable-programs.inc 49include disable-programs.inc
@@ -73,5 +74,3 @@ private-dev
73# private-etc alternatives 74# private-etc alternatives
74writable-var 75writable-var
75 76
76noexec ${HOME}
77noexec /tmp
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile
index 69b0fe75c..c6af31ede 100644
--- a/etc/gnome-system-log.profile
+++ b/etc/gnome-system-log.profile
@@ -10,6 +10,7 @@ noblacklist /var/log
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -49,8 +50,6 @@ private-tmp
49writable-var-log 50writable-var-log
50 51
51memory-deny-write-execute 52memory-deny-write-execute
52noexec ${HOME}
53noexec /tmp
54 53
55# uncomment this if you never export logs to a file in your ${HOME} 54# uncomment this if you never export logs to a file in your ${HOME}
56#read-only ${HOME} 55#read-only ${HOME}
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 4c66e3772..17371aec0 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/gpicview
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -43,5 +44,3 @@ private-lib
43private-tmp 44private-tmp
44 45
45memory-deny-write-execute 46memory-deny-write-execute
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index ee514ac71..9507188fc 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -9,6 +9,7 @@ include globals.local
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
12include disable-exec.inc
12include disable-interpreters.inc 13include disable-interpreters.inc
13include disable-passwdmgr.inc 14include disable-passwdmgr.inc
14include disable-programs.inc 15include disable-programs.inc
@@ -43,7 +44,5 @@ private-lib
43private-tmp 44private-tmp
44 45
45memory-deny-write-execute 46memory-deny-write-execute
46noexec ${HOME}
47noexec /tmp
48 47
49read-only ${HOME} 48read-only ${HOME}
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index 790e4920d..d4af3ed1a 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -19,6 +19,7 @@ noblacklist ${HOME}/.local/share/org.kde.gwenview
19 19
20include disable-common.inc 20include disable-common.inc
21include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
22include disable-interpreters.inc 23include disable-interpreters.inc
23include disable-passwdmgr.inc 24include disable-passwdmgr.inc
24include disable-programs.inc 25include disable-programs.inc
@@ -47,5 +48,3 @@ private-dev
47private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg 48private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg
48 49
49# memory-deny-write-execute 50# memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index a98f80bc7..324c629e3 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -12,6 +12,7 @@ noblacklist ${VIDEOS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -35,5 +36,3 @@ shell none
35private-dev 36private-dev
36private-tmp 37private-tmp
37 38
38noexec ${HOME}
39noexec /tmp
diff --git a/etc/img2txt.profile b/etc/img2txt.profile
index 24fd29fbe..ade50048e 100644
--- a/etc/img2txt.profile
+++ b/etc/img2txt.profile
@@ -10,6 +10,7 @@ noblacklist ${PICTURES}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -41,5 +42,3 @@ private-dev
41private-tmp 42private-tmp
42 43
43memory-deny-write-execute 44memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index ba0a2c9f9..8e19d3a7c 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -20,6 +20,7 @@ noblacklist /usr/lib/python3*
20 20
21include disable-common.inc 21include disable-common.inc
22include disable-devel.inc 22include disable-devel.inc
23include disable-exec.inc
23include disable-interpreters.inc 24include disable-interpreters.inc
24include disable-passwdmgr.inc 25include disable-passwdmgr.inc
25include disable-programs.inc 26include disable-programs.inc
@@ -50,5 +51,3 @@ private-dev
50private-tmp 51private-tmp
51 52
52# memory-deny-write-execute 53# memory-deny-write-execute
53noexec ${HOME}
54noexec /tmp
diff --git a/etc/kate.profile b/etc/kate.profile
index 4a78d718f..3035393c4 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -6,6 +6,8 @@ include kate.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9ignore noexec ${HOME}
10
9noblacklist ${HOME}/.config/katemetainfos 11noblacklist ${HOME}/.config/katemetainfos
10noblacklist ${HOME}/.config/katepartrc 12noblacklist ${HOME}/.config/katepartrc
11noblacklist ${HOME}/.config/katerc 13noblacklist ${HOME}/.config/katerc
@@ -16,6 +18,7 @@ noblacklist ${HOME}/.local/share/kate
16 18
17include disable-common.inc 19include disable-common.inc
18# include disable-devel.inc 20# include disable-devel.inc
21include disable-exec.inc
19# include disable-interpreters.inc 22# include disable-interpreters.inc
20include disable-passwdmgr.inc 23include disable-passwdmgr.inc
21include disable-programs.inc 24include disable-programs.inc
@@ -45,7 +48,4 @@ private-dev
45# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg 48# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg
46private-tmp 49private-tmp
47 50
48# noexec ${HOME}
49noexec /tmp
50
51join-or-start kate 51join-or-start kate
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 8baefaa98..8c641802b 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -9,6 +9,7 @@ include globals.local
9 9
10include disable-common.inc 10include disable-common.inc
11include disable-devel.inc 11include disable-devel.inc
12include disable-exec.inc
12include disable-interpreters.inc 13include disable-interpreters.inc
13include disable-passwdmgr.inc 14include disable-passwdmgr.inc
14include disable-programs.inc 15include disable-programs.inc
@@ -45,5 +46,3 @@ private-dev
45# private-lib - problems on Arch 46# private-lib - problems on Arch
46private-tmp 47private-tmp
47 48
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile
index f7b5c89b3..82c8c6793 100644
--- a/etc/kdenlive.profile
+++ b/etc/kdenlive.profile
@@ -6,12 +6,15 @@ include kdenlive.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9ignore noexec ${HOME}
10
9noblacklist ${HOME}/.cache/kdenlive 11noblacklist ${HOME}/.cache/kdenlive
10noblacklist ${HOME}/.config/kdenliverc 12noblacklist ${HOME}/.config/kdenliverc
11noblacklist ${HOME}/.local/share/kdenlive 13noblacklist ${HOME}/.local/share/kdenlive
12 14
13include disable-common.inc 15include disable-common.inc
14include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
15include disable-interpreters.inc 18include disable-interpreters.inc
16include disable-passwdmgr.inc 19include disable-passwdmgr.inc
17include disable-programs.inc 20include disable-programs.inc
@@ -33,6 +36,3 @@ shell none
33private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt 36private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt
34private-dev 37private-dev
35# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 38# private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11
36
37# noexec ${HOME}
38noexec /tmp
diff --git a/etc/klavaro.profile b/etc/klavaro.profile
index 04b4a5ae5..5ad5e2699 100644
--- a/etc/klavaro.profile
+++ b/etc/klavaro.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/klavaro
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -51,5 +52,3 @@ private-opt none
51private-srv none 52private-srv none
52 53
53memory-deny-write-execute 54memory-deny-write-execute
54noexec ${HOME}
55noexec /tmp
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 1f8403ef1..009b2c063 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -31,6 +31,7 @@ noblacklist /tmp/akonadi-*
31 31
32include disable-common.inc 32include disable-common.inc
33include disable-devel.inc 33include disable-devel.inc
34include disable-exec.inc
34include disable-interpreters.inc 35include disable-interpreters.inc
35include disable-passwdmgr.inc 36include disable-passwdmgr.inc
36include disable-programs.inc 37include disable-programs.inc
@@ -58,5 +59,3 @@ writable-run-user
58private-dev 59private-dev
59# private-tmp - interrupts connection to akonadi, breaks opening of email attachments 60# private-tmp - interrupts connection to akonadi, breaks opening of email attachments
60 61
61noexec ${HOME}
62noexec /tmp
diff --git a/etc/kodi.profile b/etc/kodi.profile
index 303310591..9925f131b 100644
--- a/etc/kodi.profile
+++ b/etc/kodi.profile
@@ -6,6 +6,9 @@ include kodi.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9# noexec ${HOME} breaks plugins
10ignore noexec ${HOME}
11
9noblacklist ${HOME}/.kodi 12noblacklist ${HOME}/.kodi
10noblacklist ${MUSIC} 13noblacklist ${MUSIC}
11noblacklist ${PICTURES} 14noblacklist ${PICTURES}
@@ -19,6 +22,7 @@ noblacklist /usr/lib/python3*
19 22
20include disable-common.inc 23include disable-common.inc
21include disable-devel.inc 24include disable-devel.inc
25include disable-exec.inc
22include disable-interpreters.inc 26include disable-interpreters.inc
23include disable-passwdmgr.inc 27include disable-passwdmgr.inc
24include disable-programs.inc 28include disable-programs.inc
@@ -40,7 +44,3 @@ tracelog
40 44
41private-dev 45private-dev
42private-tmp 46private-tmp
43
44# breaks plugins
45#noexec ${HOME}
46noexec /tmp
diff --git a/etc/krita.profile b/etc/krita.profile
index 3313106a2..5d9c90440 100644
--- a/etc/krita.profile
+++ b/etc/krita.profile
@@ -6,6 +6,9 @@ include krita.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9# noexec ${HOME} may break krita, see issue #1953
10ignore noexec ${HOME}
11
9noblacklist ${HOME}/.config/kritarc 12noblacklist ${HOME}/.config/kritarc
10noblacklist ${HOME}/.local/share/krita 13noblacklist ${HOME}/.local/share/krita
11noblacklist ${DOCUMENTS} 14noblacklist ${DOCUMENTS}
@@ -19,6 +22,7 @@ noblacklist /usr/lib/python3*
19 22
20include disable-common.inc 23include disable-common.inc
21include disable-devel.inc 24include disable-devel.inc
25include disable-exec.inc
22include disable-interpreters.inc 26include disable-interpreters.inc
23include disable-passwdmgr.inc 27include disable-passwdmgr.inc
24include disable-programs.inc 28include disable-programs.inc
@@ -45,7 +49,3 @@ shell none
45private-cache 49private-cache
46private-dev 50private-dev
47private-tmp 51private-tmp
48
49# noexec ${HOME} may break krita, see issue #1953
50# noexec ${HOME}
51noexec /tmp
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index bc4fba97d..9b0640eab 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -17,6 +17,7 @@ noblacklist ${DOCUMENTS}
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
20include disable-exec.inc
20include disable-interpreters.inc 21include disable-interpreters.inc
21include disable-passwdmgr.inc 22include disable-passwdmgr.inc
22include disable-programs.inc 23include disable-programs.inc
@@ -47,7 +48,5 @@ private-dev
47private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg 48private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg
48private-tmp 49private-tmp
49 50
50noexec ${HOME}
51noexec /tmp
52 51
53join-or-start kwrite 52join-or-start kwrite
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 0e6c86b80..6e77cd741 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -19,6 +19,7 @@ noblacklist /usr/share/java
19 19
20include disable-common.inc 20include disable-common.inc
21include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
22include disable-passwdmgr.inc 23include disable-passwdmgr.inc
23include disable-programs.inc 24include disable-programs.inc
24 25
@@ -49,7 +50,5 @@ tracelog
49private-dev 50private-dev
50private-tmp 51private-tmp
51 52
52noexec ${HOME}
53noexec /tmp
54 53
55join-or-start libreoffice 54join-or-start libreoffice
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile
index 4bb46b5c9..ce6486115 100644
--- a/etc/masterpdfeditor.profile
+++ b/etc/masterpdfeditor.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.masterpdfeditor
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -41,5 +42,3 @@ private-dev
41private-etc alternatives,fonts 42private-etc alternatives,fonts
42private-tmp 43private-tmp
43 44
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile
index 6bb393376..d2681f32d 100644
--- a/etc/mediainfo.profile
+++ b/etc/mediainfo.profile
@@ -10,6 +10,7 @@ blacklist /tmp/.X11-unix
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -41,5 +42,3 @@ private-etc alternatives
41private-tmp 42private-tmp
42 43
43memory-deny-write-execute 44memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/meld.profile b/etc/meld.profile
index af3f501e3..4e298e4e7 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -15,6 +15,7 @@ noblacklist /usr/share/python*
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -46,5 +47,3 @@ private-dev
46# private-etc fonts,alternatives 47# private-etc fonts,alternatives
47private-tmp 48private-tmp
48 49
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile
index f057bdd9e..0808c5a1a 100644
--- a/etc/mpsyt.profile
+++ b/etc/mpsyt.profile
@@ -24,6 +24,7 @@ noblacklist ${VIDEOS}
24 24
25include disable-common.inc 25include disable-common.inc
26include disable-devel.inc 26include disable-devel.inc
27include disable-exec.inc
27include disable-interpreters.inc 28include disable-interpreters.inc
28include disable-passwdmgr.inc 29include disable-passwdmgr.inc
29include disable-programs.inc 30include disable-programs.inc
@@ -57,5 +58,3 @@ private-bin mpsyt,mplayer,mpv,youtube-dl,python*,env,ffmpeg
57private-dev 58private-dev
58private-tmp 59private-tmp
59 60
60noexec ${HOME}
61noexec /tmp
diff --git a/etc/mpv.profile b/etc/mpv.profile
index cf113c1bb..c2ae9c6f9 100644
--- a/etc/mpv.profile
+++ b/etc/mpv.profile
@@ -21,6 +21,7 @@ noblacklist /usr/local/lib/python3*
21 21
22include disable-common.inc 22include disable-common.inc
23include disable-devel.inc 23include disable-devel.inc
24include disable-exec.inc
24include disable-interpreters.inc 25include disable-interpreters.inc
25include disable-passwdmgr.inc 26include disable-passwdmgr.inc
26include disable-programs.inc 27include disable-programs.inc
diff --git a/etc/mypaint.profile b/etc/mypaint.profile
index 21fd841cf..615bb60d1 100644
--- a/etc/mypaint.profile
+++ b/etc/mypaint.profile
@@ -15,6 +15,7 @@ noblacklist ${PICTURES}
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -44,5 +45,3 @@ private-dev
44private-etc alternatives,fonts,gtk-3.0,dconf 45private-etc alternatives,fonts,gtk-3.0,dconf
45private-tmp 46private-tmp
46 47
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/nano.profile b/etc/nano.profile
index ed172b37c..50e251d49 100644
--- a/etc/nano.profile
+++ b/etc/nano.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.nanorc
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -43,5 +44,3 @@ private-dev
43private-etc alternatives,nanorc 44private-etc alternatives,nanorc
44 45
45memory-deny-write-execute 46memory-deny-write-execute
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/netactview.profile b/etc/netactview.profile
index 58235c31b..c91822a9d 100644
--- a/etc/netactview.profile
+++ b/etc/netactview.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.netactview
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -47,5 +48,3 @@ private-lib
47private-tmp 48private-tmp
48 49
49memory-deny-write-execute 50memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile
index be218e3a8..ceeb59384 100644
--- a/etc/ocenaudio.profile
+++ b/etc/ocenaudio.profile
@@ -12,6 +12,7 @@ noblacklist ${MUSIC}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -47,5 +48,3 @@ private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse
47private-tmp 48private-tmp
48 49
49# memory-deny-write-execute - breaks on Arch 50# memory-deny-write-execute - breaks on Arch
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/okular.profile b/etc/okular.profile
index 0192a1d3d..48e45ca3f 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -20,6 +20,7 @@ noblacklist ${DOCUMENTS}
20 20
21include disable-common.inc 21include disable-common.inc
22include disable-devel.inc 22include disable-devel.inc
23include disable-exec.inc
23include disable-interpreters.inc 24include disable-interpreters.inc
24include disable-passwdmgr.inc 25include disable-passwdmgr.inc
25include disable-programs.inc 26include disable-programs.inc
@@ -52,7 +53,5 @@ private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg
52# private-tmp - on KDE we need access to the real /tmp for data exchange with email clients 53# private-tmp - on KDE we need access to the real /tmp for data exchange with email clients
53 54
54# memory-deny-write-execute 55# memory-deny-write-execute
55noexec ${HOME}
56noexec /tmp
57 56
58join-or-start okular 57join-or-start okular
diff --git a/etc/openshot.profile b/etc/openshot.profile
index e383ecf06..acd1fd658 100644
--- a/etc/openshot.profile
+++ b/etc/openshot.profile
@@ -17,6 +17,7 @@ noblacklist /usr/lib/python3*
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
20include disable-exec.inc
20include disable-interpreters.inc 21include disable-interpreters.inc
21include disable-passwdmgr.inc 22include disable-passwdmgr.inc
22include disable-programs.inc 23include disable-programs.inc
@@ -40,5 +41,3 @@ shell none
40private-dev 41private-dev
41private-tmp 42private-tmp
42 43
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile
index 6bda9e7d3..b3faca12c 100644
--- a/etc/pavucontrol.profile
+++ b/etc/pavucontrol.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/pavucontrol.ini
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -43,5 +44,3 @@ private-lib
43private-tmp 44private-tmp
44 45
45memory-deny-write-execute 46memory-deny-write-execute
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/pluma.profile b/etc/pluma.profile
index a8b1e4cc6..25142bc18 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/pluma
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -42,7 +43,5 @@ private-lib pluma
42private-tmp 43private-tmp
43 44
44memory-deny-write-execute 45memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
47 46
48join-or-start pluma 47join-or-start pluma
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 7b1f05574..156a48170 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -19,6 +19,7 @@ noblacklist /usr/lib/python3*
19 19
20include disable-common.inc 20include disable-common.inc
21include disable-devel.inc 21include disable-devel.inc
22include disable-exec.inc
22include disable-interpreters.inc 23include disable-interpreters.inc
23include disable-passwdmgr.inc 24include disable-passwdmgr.inc
24include disable-programs.inc 25include disable-programs.inc
@@ -59,5 +60,3 @@ private-dev
59private-tmp 60private-tmp
60 61
61# memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo 62# memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo
62noexec ${HOME}
63noexec /tmp
diff --git a/etc/redshift.profile b/etc/redshift.profile
index 351b54075..e60877172 100644
--- a/etc/redshift.profile
+++ b/etc/redshift.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/redshift.conf
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -45,5 +46,3 @@ private-dev
45private-tmp 46private-tmp
46 47
47memory-deny-write-execute 48memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/regextester.profile b/etc/regextester.profile
index 19d6a89f4..c7c59bec2 100644
--- a/etc/regextester.profile
+++ b/etc/regextester.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-passwdmgr.inc 12include disable-passwdmgr.inc
12include disable-interpreters.inc 13include disable-interpreters.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -45,8 +46,6 @@ private-lib libgranite.so.*
45private-tmp 46private-tmp
46 47
47memory-deny-write-execute 48memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
50 49
51# never write anything 50# never write anything
52read-only ${HOME} 51read-only ${HOME}
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 6b673a924..df874f378 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/rhythmbox
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14# rhythmbox is using Python 14# rhythmbox is using Python
15include disable-exec.inc
15#include disable-interpreters.inc 16#include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -39,5 +40,3 @@ private-bin rhythmbox
39private-dev 40private-dev
40private-tmp 41private-tmp
41 42
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/seahorse-tool.profile b/etc/seahorse-tool.profile
index bbab69162..d61f860ad 100644
--- a/etc/seahorse-tool.profile
+++ b/etc/seahorse-tool.profile
@@ -11,6 +11,7 @@ include seahorse-tool.local
11mkdir ${HOME}/.config/dconf 11mkdir ${HOME}/.config/dconf
12whitelist ${HOME}/.config/dconf 12whitelist ${HOME}/.config/dconf
13 13
14include disable-exec.inc
14include disable-xdg.inc 15include disable-xdg.inc
15include whitelist-var-common.inc 16include whitelist-var-common.inc
16 17
@@ -21,8 +22,6 @@ disable-mnt
21private-tmp 22private-tmp
22 23
23memory-deny-write-execute 24memory-deny-write-execute
24noexec ${HOME}
25noexec /tmp
26 25
27# Redirect 26# Redirect
28include gpg.profile 27include gpg.profile
diff --git a/etc/seahorse.profile b/etc/seahorse.profile
index 0bf3b89fd..a24c8c3f2 100644
--- a/etc/seahorse.profile
+++ b/etc/seahorse.profile
@@ -16,6 +16,7 @@ noblacklist /etc/ssh
16noblacklist /tmp/ssh-* 16noblacklist /tmp/ssh-*
17noblacklist ${HOME}/.ssh 17noblacklist ${HOME}/.ssh
18 18
19include disable-exec.inc
19include whitelist-var-common.inc 20include whitelist-var-common.inc
20 21
21apparmor 22apparmor
diff --git a/etc/simplescreenrecorder.profile b/etc/simplescreenrecorder.profile
index 47485fe4c..ead475e07 100644
--- a/etc/simplescreenrecorder.profile
+++ b/etc/simplescreenrecorder.profile
@@ -10,6 +10,7 @@ noblacklist ${VIDEOS}
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -34,5 +35,3 @@ private-dev
34private-tmp 35private-tmp
35 36
36memory-deny-write-execute 37memory-deny-write-execute
37noexec ${HOME}
38noexec /tmp
diff --git a/etc/smplayer.profile b/etc/smplayer.profile
index 57ab2cde6..e347d23d6 100644
--- a/etc/smplayer.profile
+++ b/etc/smplayer.profile
@@ -13,6 +13,7 @@ noblacklist ${VIDEOS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -36,5 +37,3 @@ private-bin smplayer,smtube,mplayer,mpv
36private-dev 37private-dev
37private-tmp 38private-tmp
38 39
39noexec ${HOME}
40noexec /tmp
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile
index c7667fbed..8b0b0d53b 100644
--- a/etc/soundconverter.profile
+++ b/etc/soundconverter.profile
@@ -16,6 +16,7 @@ noblacklist /usr/lib/python3*
16 16
17include disable-common.inc 17include disable-common.inc
18include disable-devel.inc 18include disable-devel.inc
19include disable-exec.inc
19include disable-interpreters.inc 20include disable-interpreters.inc
20include disable-passwdmgr.inc 21include disable-passwdmgr.inc
21include disable-programs.inc 22include disable-programs.inc
@@ -44,5 +45,3 @@ private-cache
44private-dev 45private-dev
45private-tmp 46private-tmp
46 47
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 8122079e1..4758871d3 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -11,6 +11,7 @@ noblacklist ${DOCUMENTS}
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -42,5 +43,3 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,
42private-tmp 43private-tmp
43 44
44memory-deny-write-execute 45memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile
index ba7248b73..5458120ef 100644
--- a/etc/standardnotes-desktop.profile
+++ b/etc/standardnotes-desktop.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/Standard Notes
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -40,5 +41,3 @@ private-dev
40private-tmp 41private-tmp
41private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg 42private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg
42 43
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile
index 009cf65df..ee2d63240 100644
--- a/etc/subdownloader.profile
+++ b/etc/subdownloader.profile
@@ -17,6 +17,7 @@ noblacklist /usr/lib/python3*
17 17
18include disable-common.inc 18include disable-common.inc
19include disable-devel.inc 19include disable-devel.inc
20include disable-exec.inc
20include disable-interpreters.inc 21include disable-interpreters.inc
21include disable-passwdmgr.inc 22include disable-passwdmgr.inc
22include disable-programs.inc 23include disable-programs.inc
@@ -42,5 +43,3 @@ private-etc alternatives,fonts
42private-tmp 43private-tmp
43 44
44# memory-deny-write-execute - Breaks on Arch 45# memory-deny-write-execute - Breaks on Arch
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile
index 696ac4de0..60d80ecd4 100644
--- a/etc/supertuxkart.profile
+++ b/etc/supertuxkart.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/supertuxkart
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
17include disable-xdg.inc 18include disable-xdg.inc
@@ -51,5 +52,3 @@ private-tmp
51private-opt none 52private-opt none
52private-srv none 53private-srv none
53 54
54noexec ${HOME}
55noexec /tmp
diff --git a/etc/sysprof.profile b/etc/sysprof.profile
index eedf4c4b4..3cfea5c5e 100644
--- a/etc/sysprof.profile
+++ b/etc/sysprof.profile
@@ -8,6 +8,7 @@ include globals.local
8 8
9include disable-common.inc 9include disable-common.inc
10include disable-devel.inc 10include disable-devel.inc
11include disable-exec.inc
11include disable-interpreters.inc 12include disable-interpreters.inc
12include disable-passwdmgr.inc 13include disable-passwdmgr.inc
13include disable-programs.inc 14include disable-programs.inc
@@ -43,5 +44,3 @@ private-etc alternatives,fonts,ld.so.cache,machine-id,ssl
43private-tmp 44private-tmp
44 45
45# memory-deny-write-execute - Breaks GUI on Arch 46# memory-deny-write-execute - Breaks GUI on Arch
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/totem.profile b/etc/totem.profile
index fd473b03c..f541d3cc2 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -13,6 +13,7 @@ noblacklist ${VIDEOS}
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-exec.inc
16include disable-interpreters.inc 17include disable-interpreters.inc
17include disable-passwdmgr.inc 18include disable-passwdmgr.inc
18include disable-programs.inc 19include disable-programs.inc
@@ -39,5 +40,3 @@ private-dev
39# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies 40# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
40private-tmp 41private-tmp
41 42
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/transgui.profile b/etc/transgui.profile
index 83191ab58..8043bfa01 100644
--- a/etc/transgui.profile
+++ b/etc/transgui.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/transgui
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -48,5 +49,3 @@ private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2
48private-tmp 49private-tmp
49 50
50memory-deny-write-execute 51memory-deny-write-execute
51noexec ${HOME}
52noexec /tmp
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 65682df52..60732bcf2 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/transmission
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -40,5 +41,3 @@ private-lib
40private-tmp 41private-tmp
41 42
42memory-deny-write-execute 43memory-deny-write-execute
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile
index c101e18b5..c67200826 100644
--- a/etc/transmission-daemon.profile
+++ b/etc/transmission-daemon.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/transmission
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -41,5 +42,3 @@ private-lib
41private-tmp 42private-tmp
42 43
43memory-deny-write-execute 44memory-deny-write-execute
44noexec ${HOME}
45noexec /tmp
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 6fd310a73..29df63573 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/transmission
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -47,5 +48,3 @@ private-tmp
47 48
48# Causes freeze during opening file dialog in Archlinux, see issue #1855 49# Causes freeze during opening file dialog in Archlinux, see issue #1855
49# memory-deny-write-execute 50# memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index f35eb0036..9fda5245f 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/transmission
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -46,5 +47,3 @@ private-dev
46private-tmp 47private-tmp
47 48
48# memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 49# memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0
49noexec ${HOME}
50noexec /tmp
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile
index 7e6f67317..d9ba7be71 100644
--- a/etc/transmission-remote.profile
+++ b/etc/transmission-remote.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/transmission
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -40,5 +41,3 @@ private-lib
40private-tmp 41private-tmp
41 42
42memory-deny-write-execute 43memory-deny-write-execute
43noexec ${HOME}
44noexec /tmp
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 691b8959e..58f7af47c 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/transmission
11 11
12include disable-common.inc 12include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-exec.inc
14include disable-interpreters.inc 15include disable-interpreters.inc
15include disable-passwdmgr.inc 16include disable-passwdmgr.inc
16include disable-programs.inc 17include disable-programs.inc
@@ -38,5 +39,3 @@ private-lib
38private-tmp 39private-tmp
39 40
40memory-deny-write-execute 41memory-deny-write-execute
41noexec ${HOME}
42noexec /tmp
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index c958ef6cc..f9fb1cefe 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.steam
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
17include disable-interpreters.inc 18include disable-interpreters.inc
18include disable-passwdmgr.inc 19include disable-passwdmgr.inc
19include disable-programs.inc 20include disable-programs.inc
@@ -44,5 +45,3 @@ private-tmp
44 45
45# memory-deny-write-executes breaks on Arch - see issue #1808 46# memory-deny-write-executes breaks on Arch - see issue #1808
46#memory-deny-write-execute 47#memory-deny-write-execute
47noexec ${HOME}
48noexec /tmp
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 370180b6b..64ac7a4f0 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -14,6 +14,7 @@ noblacklist ${VIDEOS}
14 14
15include disable-common.inc 15include disable-common.inc
16include disable-devel.inc 16include disable-devel.inc
17include disable-exec.inc
17include disable-interpreters.inc 18include disable-interpreters.inc
18include disable-passwdmgr.inc 19include disable-passwdmgr.inc
19include disable-programs.inc 20include disable-programs.inc
@@ -39,5 +40,3 @@ private-tmp
39 40
40# mdwe is disabled due to breaking hardware accelerated decoding 41# mdwe is disabled due to breaking hardware accelerated decoding
41#memory-deny-write-execute 42#memory-deny-write-execute
42noexec ${HOME}
43noexec /tmp
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index a08b97d05..9b9757cd5 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -18,6 +18,7 @@ noblacklist /usr/share/lua
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
21include disable-exec.inc
21include disable-interpreters.inc 22include disable-interpreters.inc
22include disable-passwdmgr.inc 23include disable-passwdmgr.inc
23include disable-programs.inc 24include disable-programs.inc
@@ -48,5 +49,3 @@ private-dev
48# private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies 49# private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies
49private-tmp 50private-tmp
50 51
51noexec ${HOME}
52noexec /tmp
diff --git a/etc/xed.profile b/etc/xed.profile
index cd565f684..a268f2b6e 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -15,6 +15,7 @@ noblacklist /usr/lib/python3*
15 15
16include disable-common.inc 16include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-exec.inc
18include disable-interpreters.inc 19include disable-interpreters.inc
19include disable-passwdmgr.inc 20include disable-passwdmgr.inc
20include disable-programs.inc 21include disable-programs.inc
@@ -47,5 +48,3 @@ private-tmp
47 48
48# xed uses python plugins, memory-deny-write-execute breaks python 49# xed uses python plugins, memory-deny-write-execute breaks python
49# memory-deny-write-execute 50# memory-deny-write-execute
50noexec ${HOME}
51noexec /tmp
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile
index 9c8c5c531..952625ef8 100644
--- a/etc/xfce4-mixer.profile
+++ b/etc/xfce4-mixer.profile
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml
10 10
11include disable-common.inc 11include disable-common.inc
12include disable-devel.inc 12include disable-devel.inc
13include disable-exec.inc
13include disable-interpreters.inc 14include disable-interpreters.inc
14include disable-passwdmgr.inc 15include disable-passwdmgr.inc
15include disable-programs.inc 16include disable-programs.inc
@@ -45,5 +46,3 @@ private-etc alternatives,asound.conf,fonts,pulse,machine-id
45private-tmp 46private-tmp
46 47
47memory-deny-write-execute 48memory-deny-write-execute
48noexec ${HOME}
49noexec /tmp
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 0df879d7c..0cfb840eb 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -18,6 +18,7 @@ noblacklist /usr/lib/python3*
18 18
19include disable-common.inc 19include disable-common.inc
20include disable-devel.inc 20include disable-devel.inc
21include disable-exec.inc
21include disable-interpreters.inc 22include disable-interpreters.inc
22include disable-passwdmgr.inc 23include disable-passwdmgr.inc
23include disable-programs.inc 24include disable-programs.inc
@@ -43,5 +44,3 @@ private-dev
43# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies 44# private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies
44private-tmp 45private-tmp
45 46
46noexec ${HOME}
47noexec /tmp
diff --git a/etc/xreader.profile b/etc/xreader.profile
index e0a3ddee3..643c5a317 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -12,6 +12,7 @@ noblacklist ${DOCUMENTS}
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -42,5 +43,3 @@ private-etc alternatives,fonts,ld.so.cache
42private-tmp 43private-tmp
43 44
44memory-deny-write-execute 45memory-deny-write-execute
45noexec ${HOME}
46noexec /tmp
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index c73630053..b483e9404 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.steam
12 12
13include disable-common.inc 13include disable-common.inc
14include disable-devel.inc 14include disable-devel.inc
15include disable-exec.inc
15include disable-interpreters.inc 16include disable-interpreters.inc
16include disable-passwdmgr.inc 17include disable-passwdmgr.inc
17include disable-programs.inc 18include disable-programs.inc
@@ -43,5 +44,3 @@ private-lib
43private-tmp 44private-tmp
44 45
45memory-deny-write-execute 46memory-deny-write-execute
46noexec ${HOME}
47noexec /tmp
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-28 19:11:06 +0000