22 files changed, 54 insertions, 15 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index 217cdeee0..1e7c06879 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -19,8 +19,8 @@ whitelist ~/.local/share/0ad
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
@@ -28,4 +28,4 @@ shell none
 tracelog
 private-dev
+private-tmp
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile
index 3c753e86c..9a8d93875 100644
--- a/etc/atom-beta.profile
+++ b/etc/atom-beta.profile
@@ -1,4 +1,4 @@
-# Firjail profile for Atom Beta.
+# Firejail profile for Atom Beta.
 noblacklist ~/.atom
 noblacklist ~/.config/Atom
@@ -11,9 +11,10 @@ netfilter
 nonewprivs
 nogroups
 noroot
+nosound
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
 private-dev
-nosound
+private-tmp
diff --git a/etc/atom.profile b/etc/atom.profile
index 8304cd379..3cb86847e 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -1,4 +1,4 @@
-# Firjail profile for Atom.
+# Firejail profile for Atom.
 noblacklist ~/.atom
 noblacklist ~/.config/Atom
@@ -11,8 +11,10 @@ netfilter
 nonewprivs
 nogroups
 noroot
+nosound
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
 private-dev
-nosound
+private-tmp
diff --git a/etc/atril.profile b/etc/atril.profile
index bfe731bec..d9e10b072 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -18,3 +18,4 @@ tracelog
 private-bin atril, atril-previewer, atril-thumbnailer
 private-dev
+private-tmp
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 162201cb8..be3fac9be 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
+netfilter
 nonewprivs
 nogroups
 noroot
@@ -17,3 +18,4 @@ tracelog
 private-bin audacity
 private-dev
+private-tmp
diff --git a/etc/aweather.profile b/etc/aweather.profile
index da93e8ba3..4e5c36f50 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -15,10 +15,11 @@ nonewprivs
 nogroups
 noroot
 nosound
-protocol unix,inet,inet6,netlink
+protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
 private-bin aweather
 private-dev
+private-tmp
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
new file mode 100644
index 000000000..45fbb712a
--- /dev/null
+++ b/etc/dosbox.profile
@@ -0,0 +1,21 @@
+# Firejail profile for dosbox
+noblacklist ~/.dosbox
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin dosbox
+private-dev
+private-tmp
diff --git a/etc/eom.profile b/etc/eom.profile
index 81d993e96..dfcea82c1 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -18,3 +18,4 @@ tracelog
 private-bin eom
 private-dev
+private-tmp
diff --git a/etc/gitter.profile b/etc/gitter.profile
index 2882c59a6..f43f5f199 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -7,12 +7,14 @@ include /etc/firejail/disable-devel.inc
 caps.drop all
 netfilter
-nonewprivs
 nogroups
+nonewprivs
 noroot
+nosound
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
 private-bin gitter
 private-dev
+private-tmp
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index e043c7229..3ffd10add 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -19,4 +19,3 @@ tracelog
 private-bin gthumb
 whitelist /tmp/.X11-unix
 private-dev
-private-tmp
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 77a00ebef..75a52e9ff 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
@@ -15,5 +16,3 @@ tracelog
 private-dev
 whitelist /tmp/.X11-unix/
-nosound
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index acedaebb7..71deec6bc 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -23,6 +23,7 @@ shell none
 tracelog
 private-bin palemoon
+private-tmp
 # These are uncommented in the Firefox profile. If you run into trouble you may
 # want to uncomment (some of) them.
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 3df2cafa6..47be2b6ea 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -18,3 +18,4 @@ tracelog
 private-bin pidgin
 private-dev
+private-tmp
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 0cac18573..927487037 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -20,3 +20,4 @@ shell none
 tracelog
 private-bin qtox
+private-tmp
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 9f087ea1d..0e8527ae7 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -16,3 +16,4 @@ tracelog
 private-bin rhythmbox
 private-dev
+private-tmp
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index adefa75ff..d57c9e5f7 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -25,4 +25,4 @@ tracelog
 private-bin stellarium
 private-dev
+private-tmp
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index fa5c3b22b..0cfa4fcfc 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -14,9 +14,9 @@ noroot
 nosound
 protocol unix,inet,inet6
 seccomp
+shell none
 tracelog
-shell none
 private-bin transmission-gtk
 whitelist /tmp/.X11-unix
 private-dev
diff --git a/etc/vlc.profile b/etc/vlc.profile
index c82247dd2..cdd098dd5 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -17,3 +17,5 @@ shell none
 tracelog
 private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
+private-dev
+private-tmp
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index ff37e2800..7c7efade8 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -23,3 +23,4 @@ tracelog
 private-bin warzone2100
 private-dev
+private-tmp
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index a46b2fa06..54d5ed89b 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -19,3 +19,4 @@ tracelog
 private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer
 private-dev
+private-tmp
diff --git a/etc/xreader.profile b/etc/xreader.profile
index ac7d34022..d2a000bd0 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -20,3 +20,4 @@ tracelog
 private-bin xreader, xreader-previewer, xreader-thumbnailer
 private-dev
+private-tmp
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 7a4ae4858..cbb59d16e 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -6,8 +6,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix
@@ -17,3 +17,4 @@ tracelog
 private-dev
 private-bin xviewer
+private-tmp

diff --git a/etc/0ad.profile b/etc/0ad.profile index 217cdeee0..1e7c06879 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile
@@ -19,8 +19,8 @@ whitelist ~/.local/share/0ad
19		19
20	caps.drop all	20	caps.drop all
21	netfilter	21	netfilter
22	nonewprivs
23	nogroups	22	nogroups
		23	nonewprivs
24	noroot	24	noroot
25	protocol unix,inet,inet6	25	protocol unix,inet,inet6
26	seccomp	26	seccomp
@@ -28,4 +28,4 @@ shell none
28	tracelog	28	tracelog
29		29
30	private-dev	30	private-dev
31		31	private-tmp


diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 3c753e86c..9a8d93875 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile
@@ -1,4 +1,4 @@
1	# Firjail profile for Atom Beta.	1	# Firejail profile for Atom Beta.
2	noblacklist ~/.atom	2	noblacklist ~/.atom
3	noblacklist ~/.config/Atom	3	noblacklist ~/.config/Atom
4		4
@@ -11,9 +11,10 @@ netfilter
11	nonewprivs	11	nonewprivs
12	nogroups	12	nogroups
13	noroot	13	noroot
		14	nosound
		15	protocol unix,inet,inet6,netlink
14	seccomp	16	seccomp
15	shell none	17	shell none
16		18
17	private-dev	19	private-dev
18	nosound	20	private-tmp
19


diff --git a/etc/atom.profile b/etc/atom.profile index 8304cd379..3cb86847e 100644 --- a/etc/atom.profile +++ b/etc/atom.profile
@@ -1,4 +1,4 @@
1	# Firjail profile for Atom.	1	# Firejail profile for Atom.
2	noblacklist ~/.atom	2	noblacklist ~/.atom
3	noblacklist ~/.config/Atom	3	noblacklist ~/.config/Atom
4		4
@@ -11,8 +11,10 @@ netfilter
11	nonewprivs	11	nonewprivs
12	nogroups	12	nogroups
13	noroot	13	noroot
		14	nosound
		15	protocol unix,inet,inet6,netlink
14	seccomp	16	seccomp
15	shell none	17	shell none
16		18
17	private-dev	19	private-dev
18	nosound	20	private-tmp


diff --git a/etc/atril.profile b/etc/atril.profile index bfe731bec..d9e10b072 100644 --- a/etc/atril.profile +++ b/etc/atril.profile
@@ -18,3 +18,4 @@ tracelog
18		18
19	private-bin atril, atril-previewer, atril-thumbnailer	19	private-bin atril, atril-previewer, atril-thumbnailer
20	private-dev	20	private-dev
		21	private-tmp


diff --git a/etc/audacity.profile b/etc/audacity.profile index 162201cb8..be3fac9be 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile
@@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc
7	include /etc/firejail/disable-programs.inc	7	include /etc/firejail/disable-programs.inc
8		8
9	caps.drop all	9	caps.drop all
		10	netfilter
10	nonewprivs	11	nonewprivs
11	nogroups	12	nogroups
12	noroot	13	noroot
@@ -17,3 +18,4 @@ tracelog
17		18
18	private-bin audacity	19	private-bin audacity
19	private-dev	20	private-dev
		21	private-tmp


diff --git a/etc/aweather.profile b/etc/aweather.profile index da93e8ba3..4e5c36f50 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile
@@ -15,10 +15,11 @@ nonewprivs
15	nogroups	15	nogroups
16	noroot	16	noroot
17	nosound	17	nosound
18	protocol unix,inet,inet6,netlink	18	protocol unix,inet,inet6
19	seccomp	19	seccomp
20	shell none	20	shell none
21	tracelog	21	tracelog
22		22
23	private-bin aweather	23	private-bin aweather
24	private-dev	24	private-dev
		25	private-tmp


diff --git a/etc/dosbox.profile b/etc/dosbox.profile new file mode 100644 index 000000000..45fbb712a --- /dev/null +++ b/etc/dosbox.profile
@@ -0,0 +1,21 @@
		1	# Firejail profile for dosbox
		2	noblacklist ~/.dosbox
		3
		4	include /etc/firejail/disable-common.inc
		5	include /etc/firejail/disable-programs.inc
		6	include /etc/firejail/disable-devel.inc
		7	include /etc/firejail/disable-passwdmgr.inc
		8
		9	caps.drop all
		10	netfilter
		11	nogroups
		12	nonewprivs
		13	noroot
		14	protocol unix,inet,inet6
		15	seccomp
		16	shell none
		17	tracelog
		18
		19	private-bin dosbox
		20	private-dev
		21	private-tmp


diff --git a/etc/eom.profile b/etc/eom.profile index 81d993e96..dfcea82c1 100644 --- a/etc/eom.profile +++ b/etc/eom.profile
@@ -18,3 +18,4 @@ tracelog
18		18
19	private-bin eom	19	private-bin eom
20	private-dev	20	private-dev
		21	private-tmp


diff --git a/etc/gitter.profile b/etc/gitter.profile index 2882c59a6..f43f5f199 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile
@@ -7,12 +7,14 @@ include /etc/firejail/disable-devel.inc
7		7
8	caps.drop all	8	caps.drop all
9	netfilter	9	netfilter
10	nonewprivs
11	nogroups	10	nogroups
		11	nonewprivs
12	noroot	12	noroot
		13	nosound
13	protocol unix,inet,inet6,netlink	14	protocol unix,inet,inet6,netlink
14	seccomp	15	seccomp
15	shell none	16	shell none
16		17
17	private-bin gitter	18	private-bin gitter
18	private-dev	19	private-dev
		20	private-tmp


diff --git a/etc/gthumb.profile b/etc/gthumb.profile index e043c7229..3ffd10add 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile
@@ -19,4 +19,3 @@ tracelog
19	private-bin gthumb	19	private-bin gthumb
20	whitelist /tmp/.X11-unix	20	whitelist /tmp/.X11-unix
21	private-dev	21	private-dev
22	private-tmp


diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 77a00ebef..75a52e9ff 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile
@@ -7,6 +7,7 @@ include /etc/firejail/disable-passwdmgr.inc
7		7
8	caps.drop all	8	caps.drop all
9	netfilter	9	netfilter
		10	nogroups
10	nonewprivs	11	nonewprivs
11	noroot	12	noroot
12	protocol unix,inet,inet6,netlink	13	protocol unix,inet,inet6,netlink
@@ -15,5 +16,3 @@ tracelog
15		16
16	private-dev	17	private-dev
17	whitelist /tmp/.X11-unix/	18	whitelist /tmp/.X11-unix/
18	nosound
19


diff --git a/etc/palemoon.profile b/etc/palemoon.profile index acedaebb7..71deec6bc 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile
@@ -23,6 +23,7 @@ shell none
23	tracelog	23	tracelog
24		24
25	private-bin palemoon	25	private-bin palemoon
		26	private-tmp
26		27
27	# These are uncommented in the Firefox profile. If you run into trouble you may	28	# These are uncommented in the Firefox profile. If you run into trouble you may
28	# want to uncomment (some of) them.	29	# want to uncomment (some of) them.


diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 3df2cafa6..47be2b6ea 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile
@@ -18,3 +18,4 @@ tracelog
18		18
19	private-bin pidgin	19	private-bin pidgin
20	private-dev	20	private-dev
		21	private-tmp


diff --git a/etc/qtox.profile b/etc/qtox.profile index 0cac18573..927487037 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile
@@ -20,3 +20,4 @@ shell none
20	tracelog	20	tracelog
21		21
22	private-bin qtox	22	private-bin qtox
		23	private-tmp


diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 9f087ea1d..0e8527ae7 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile
@@ -16,3 +16,4 @@ tracelog
16		16
17	private-bin rhythmbox	17	private-bin rhythmbox
18	private-dev	18	private-dev
		19	private-tmp


diff --git a/etc/stellarium.profile b/etc/stellarium.profile index adefa75ff..d57c9e5f7 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile
@@ -25,4 +25,4 @@ tracelog
25		25
26	private-bin stellarium	26	private-bin stellarium
27	private-dev	27	private-dev
28		28	private-tmp


diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index fa5c3b22b..0cfa4fcfc 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile
@@ -14,9 +14,9 @@ noroot
14	nosound	14	nosound
15	protocol unix,inet,inet6	15	protocol unix,inet,inet6
16	seccomp	16	seccomp
		17	shell none
17	tracelog	18	tracelog
18		19
19	shell none
20	private-bin transmission-gtk	20	private-bin transmission-gtk
21	whitelist /tmp/.X11-unix	21	whitelist /tmp/.X11-unix
22	private-dev	22	private-dev


diff --git a/etc/vlc.profile b/etc/vlc.profile index c82247dd2..cdd098dd5 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile
@@ -17,3 +17,5 @@ shell none
17	tracelog	17	tracelog
18		18
19	private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc	19	private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
		20	private-dev
		21	private-tmp


diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index ff37e2800..7c7efade8 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile
@@ -23,3 +23,4 @@ tracelog
23		23
24	private-bin warzone2100	24	private-bin warzone2100
25	private-dev	25	private-dev
		26	private-tmp


diff --git a/etc/xplayer.profile b/etc/xplayer.profile index a46b2fa06..54d5ed89b 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile
@@ -19,3 +19,4 @@ tracelog
19		19
20	private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer	20	private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer
21	private-dev	21	private-dev
		22	private-tmp


diff --git a/etc/xreader.profile b/etc/xreader.profile index ac7d34022..d2a000bd0 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile
@@ -20,3 +20,4 @@ tracelog
20		20
21	private-bin xreader, xreader-previewer, xreader-thumbnailer	21	private-bin xreader, xreader-previewer, xreader-thumbnailer
22	private-dev	22	private-dev
		23	private-tmp


diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 7a4ae4858..cbb59d16e 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile
@@ -6,8 +6,8 @@ include /etc/firejail/disable-devel.inc
6	include /etc/firejail/disable-passwdmgr.inc	6	include /etc/firejail/disable-passwdmgr.inc
7		7
8	caps.drop all	8	caps.drop all
9	nonewprivs
10	nogroups	9	nogroups
		10	nonewprivs
11	noroot	11	noroot
12	nosound	12	nosound
13	protocol unix	13	protocol unix
@@ -17,3 +17,4 @@ tracelog
17		17
18	private-dev	18	private-dev
19	private-bin xviewer	19	private-bin xviewer
		20	private-tmp