15 files changed, 16 insertions, 75 deletions
diff --git a/etc/7z.profile b/etc/7z.profile
index 53900bae6..ea67bbe19 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -17,7 +17,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 private-dev
diff --git a/etc/atom.profile b/etc/atom.profile
index 6fb6048b6..34fb3a9b1 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local
 # Persistent global definitions
 include /etc/firejail/globals.local
-noexec ${HOME}
-noexec /tmp
 noblacklist ~/.atom
 noblacklist ~/.config/Atom
@@ -25,8 +23,10 @@ notv
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
-net none
 shell none
 private-dev
 private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/calligra.profile b/etc/calligra.profile
index 8c7e49121..d2b76d22c 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 ipc-namespace
+net none
 nodvd
 nogroups
 nonewprivs
@@ -21,7 +22,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch
 private-dev
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile
index bd75a66a9..e6a1941b5 100644
--- a/etc/cinelerra.profile
+++ b/etc/cinelerra.profile
@@ -1,31 +1,6 @@
-# Firejail profile for cin
+# Firejail profile alias for cin
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/cin.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-noblacklist ${HOME}/.bcast
-include /etc/firejail/disable-common.inc
+# Redirect
-include /etc/firejail/disable-devel.inc
+include /etc/firejail/cin.profile
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-caps.drop all
-ipc-namespace
-net none
-nodvd
-nogroups
-nonewprivs
-notv
-noroot
-protocol unix
-seccomp
-shell none
-private-bin cinelerra
-private-dev
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/dia.profile b/etc/dia.profile
index 6915318c0..800c3bbf1 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
-netfilter
+net none
 no3d
 nodvd
 nogroups
@@ -25,7 +25,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 disable-mnt
 #private-bin dia
diff --git a/etc/evince.profile b/etc/evince.profile
index 5e7596352..f503b9a8e 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -28,7 +28,6 @@ protocol unix
 seccomp
 shell none
 tracelog
-net none
 private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
diff --git a/etc/hugin.profile b/etc/hugin.profile
index dd7e326c6..64b6e0c69 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
-netfilter
+net none
 nodvd
 nogroups
 nonewprivs
@@ -24,7 +24,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
 private-dev
diff --git a/etc/inox.profile b/etc/inox.profile
index ec8d12387..de4d6205b 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -21,10 +21,10 @@ whitelist ~/.config/inox
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
+caps.keep sys_chroot,sys_admin
 netfilter
 nodvd
-notv
 nogroups
 noroot
+notv
 shell none
-caps.keep sys_chroot,sys_admin
-\ No newline at end of file
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 9acdc3789..8d05a557c 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -27,7 +27,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
-net none
 private-dev
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile
index 02f4665d6..cbd1f8fe8 100644
--- a/etc/openshot-qt.profile
+++ b/etc/openshot-qt.profile
@@ -1,31 +1,6 @@
-# Firejail profile for openshot
+# Firejail profile alias for openshot
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/openshot.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-noblacklist ${HOME}/.openshot
-noblacklist ${HOME}/.openshot_qt
-include /etc/firejail/disable-common.inc
+# Redirect
-include /etc/firejail/disable-devel.inc
+include /etc/firejail/openshot.profile
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-private-dev
-private-tmp
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/scribus.profile b/etc/scribus.profile
index a6e86a7d6..38f1e5b3c 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -27,6 +27,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
+net none
 nodvd
 nogroups
 nonewprivs
@@ -36,7 +37,6 @@ notv
 novideo
 protocol unix
 seccomp
-net none
 tracelog
 #private-bin scribus,gs
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 1758659f2..2617c0e51 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -14,7 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 caps.drop all
-netfilter
+net none
 nodvd
 nogroups
 nonewprivs
@@ -25,7 +25,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 #private-bin synfigstudio,synfig,ffmpeg
 private-dev
diff --git a/etc/tar.profile b/etc/tar.profile
index 6ac530b15..f14894c25 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -18,7 +18,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 # support compressed archives
 private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
diff --git a/etc/unrar.profile b/etc/unrar.profile
index 881572521..12559a721 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -18,7 +18,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 private-bin unrar
 private-dev
diff --git a/etc/unzip.profile b/etc/unzip.profile
index f913385fb..9828fa9b4 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -18,7 +18,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 private-bin unzip
 private-dev

diff --git a/etc/7z.profile b/etc/7z.profile index 53900bae6..ea67bbe19 100644 --- a/etc/7z.profile +++ b/etc/7z.profile
@@ -17,7 +17,6 @@ notv
17	novideo	17	novideo
18	shell none	18	shell none
19	tracelog	19	tracelog
20	caps.drop all
21		20
22	private-dev	21	private-dev
23		22


diff --git a/etc/atom.profile b/etc/atom.profile index 6fb6048b6..34fb3a9b1 100644 --- a/etc/atom.profile +++ b/etc/atom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local
5	# Persistent global definitions	5	# Persistent global definitions
6	include /etc/firejail/globals.local	6	include /etc/firejail/globals.local
7		7
8	noexec ${HOME}
9	noexec /tmp
10	noblacklist ~/.atom	8	noblacklist ~/.atom
11	noblacklist ~/.config/Atom	9	noblacklist ~/.config/Atom
12		10
@@ -25,8 +23,10 @@ notv
25	novideo	23	novideo
26	protocol unix,inet,inet6,netlink	24	protocol unix,inet,inet6,netlink
27	seccomp	25	seccomp
28	net none
29	shell none	26	shell none
30		27
31	private-dev	28	private-dev
32	private-tmp	29	private-tmp
		30
		31	noexec ${HOME}
		32	noexec /tmp


diff --git a/etc/calligra.profile b/etc/calligra.profile index 8c7e49121..d2b76d22c 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
12		12
13	caps.drop all	13	caps.drop all
14	ipc-namespace	14	ipc-namespace
		15	net none
15	nodvd	16	nodvd
16	nogroups	17	nogroups
17	nonewprivs	18	nonewprivs
@@ -21,7 +22,6 @@ novideo
21	protocol unix	22	protocol unix
22	seccomp	23	seccomp
23	shell none	24	shell none
24	net none
25		25
26	private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch	26	private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch
27	private-dev	27	private-dev


diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile index bd75a66a9..e6a1941b5 100644 --- a/etc/cinelerra.profile +++ b/etc/cinelerra.profile
@@ -1,31 +1,6 @@
1	# Firejail profile for cin	1	# Firejail profile alias for cin
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations
4	include /etc/firejail/cin.local
5	# Persistent global definitions
6	include /etc/firejail/globals.local
7		3
8	noblacklist ${HOME}/.bcast
9		4
10	include /etc/firejail/disable-common.inc	5	# Redirect
11	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/cin.profile
12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc
14
15	caps.drop all
16	ipc-namespace
17	net none
18	nodvd
19	nogroups
20	nonewprivs
21	notv
22	noroot
23	protocol unix
24	seccomp
25	shell none
26
27	private-bin cinelerra
28	private-dev
29
30	noexec ${HOME}
31	noexec /tmp


diff --git a/etc/dia.profile b/etc/dia.profile index 6915318c0..800c3bbf1 100644 --- a/etc/dia.profile +++ b/etc/dia.profile
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
15	caps.drop all	15	caps.drop all
16	netfilter	16	net none
17	no3d	17	no3d
18	nodvd	18	nodvd
19	nogroups	19	nogroups
@@ -25,7 +25,6 @@ novideo
25	protocol unix	25	protocol unix
26	seccomp	26	seccomp
27	shell none	27	shell none
28	net none
29		28
30	disable-mnt	29	disable-mnt
31	#private-bin dia	30	#private-bin dia


diff --git a/etc/evince.profile b/etc/evince.profile index 5e7596352..f503b9a8e 100644 --- a/etc/evince.profile +++ b/etc/evince.profile
@@ -28,7 +28,6 @@ protocol unix
28	seccomp	28	seccomp
29	shell none	29	shell none
30	tracelog	30	tracelog
31	net none
32		31
33	private-bin evince,evince-previewer,evince-thumbnailer	32	private-bin evince,evince-previewer,evince-thumbnailer
34	private-dev	33	private-dev


diff --git a/etc/hugin.profile b/etc/hugin.profile index dd7e326c6..64b6e0c69 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
15	caps.drop all	15	caps.drop all
16	netfilter	16	net none
17	nodvd	17	nodvd
18	nogroups	18	nogroups
19	nonewprivs	19	nonewprivs
@@ -24,7 +24,6 @@ novideo
24	protocol unix	24	protocol unix
25	seccomp	25	seccomp
26	shell none	26	shell none
27	net none
28		27
29	private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend	28	private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
30	private-dev	29	private-dev


diff --git a/etc/inox.profile b/etc/inox.profile index ec8d12387..de4d6205b 100644 --- a/etc/inox.profile +++ b/etc/inox.profile
@@ -21,10 +21,10 @@ whitelist ~/.config/inox
21	whitelist ~/.pki	21	whitelist ~/.pki
22	include /etc/firejail/whitelist-common.inc	22	include /etc/firejail/whitelist-common.inc
23		23
		24	caps.keep sys_chroot,sys_admin
24	netfilter	25	netfilter
25	nodvd	26	nodvd
26	notv
27	nogroups	27	nogroups
28	noroot	28	noroot
		29	notv
29	shell none	30	shell none
30	caps.keep sys_chroot,sys_admin \ No newline at end of file


diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 9acdc3789..8d05a557c 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile
@@ -27,7 +27,6 @@ protocol unix,inet,inet6
27	seccomp	27	seccomp
28	shell none	28	shell none
29	tracelog	29	tracelog
30	net none
31		30
32	private-dev	31	private-dev
33		32


diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile index 02f4665d6..cbd1f8fe8 100644 --- a/etc/openshot-qt.profile +++ b/etc/openshot-qt.profile
@@ -1,31 +1,6 @@
1	# Firejail profile for openshot	1	# Firejail profile alias for openshot
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations
4	include /etc/firejail/openshot.local
5	# Persistent global definitions
6	include /etc/firejail/globals.local
7		3
8	noblacklist ${HOME}/.openshot
9	noblacklist ${HOME}/.openshot_qt
10		4
11	include /etc/firejail/disable-common.inc	5	# Redirect
12	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/openshot.profile
13	include /etc/firejail/disable-passwdmgr.inc
14	include /etc/firejail/disable-programs.inc
15
16	caps.drop all
17	netfilter
18	nodvd
19	nogroups
20	nonewprivs
21	noroot
22	notv
23	protocol unix,inet,inet6,netlink
24	seccomp
25	shell none
26
27	private-dev
28	private-tmp
29
30	noexec ${HOME}
31	noexec /tmp


diff --git a/etc/scribus.profile b/etc/scribus.profile index a6e86a7d6..38f1e5b3c 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile
@@ -27,6 +27,7 @@ include /etc/firejail/disable-passwdmgr.inc
27	include /etc/firejail/disable-programs.inc	27	include /etc/firejail/disable-programs.inc
28		28
29	caps.drop all	29	caps.drop all
		30	net none
30	nodvd	31	nodvd
31	nogroups	32	nogroups
32	nonewprivs	33	nonewprivs
@@ -36,7 +37,6 @@ notv
36	novideo	37	novideo
37	protocol unix	38	protocol unix
38	seccomp	39	seccomp
39	net none
40	tracelog	40	tracelog
41		41
42	#private-bin scribus,gs	42	#private-bin scribus,gs


diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 1758659f2..2617c0e51 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile
@@ -14,7 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc
14	include /etc/firejail/disable-programs.inc	14	include /etc/firejail/disable-programs.inc
15		15
16	caps.drop all	16	caps.drop all
17	netfilter	17	net none
18	nodvd	18	nodvd
19	nogroups	19	nogroups
20	nonewprivs	20	nonewprivs
@@ -25,7 +25,6 @@ novideo
25	protocol unix	25	protocol unix
26	seccomp	26	seccomp
27	shell none	27	shell none
28	net none
29		28
30	#private-bin synfigstudio,synfig,ffmpeg	29	#private-bin synfigstudio,synfig,ffmpeg
31	private-dev	30	private-dev


diff --git a/etc/tar.profile b/etc/tar.profile index 6ac530b15..f14894c25 100644 --- a/etc/tar.profile +++ b/etc/tar.profile
@@ -18,7 +18,6 @@ notv
18	novideo	18	novideo
19	shell none	19	shell none
20	tracelog	20	tracelog
21	caps.drop all
22		21
23	# support compressed archives	22	# support compressed archives
24	private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop	23	private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop


diff --git a/etc/unrar.profile b/etc/unrar.profile index 881572521..12559a721 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile
@@ -18,7 +18,6 @@ notv
18	novideo	18	novideo
19	shell none	19	shell none
20	tracelog	20	tracelog
21	caps.drop all
22		21
23	private-bin unrar	22	private-bin unrar
24	private-dev	23	private-dev


diff --git a/etc/unzip.profile b/etc/unzip.profile index f913385fb..9828fa9b4 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile
@@ -18,7 +18,6 @@ notv
18	novideo	18	novideo
19	shell none	19	shell none
20	tracelog	20	tracelog
21	caps.drop all
22		21
23	private-bin unzip	22	private-bin unzip
24	private-dev	23	private-dev