diff options
-rw-r--r-- | etc/celluloid.profile | 2 | ||||
-rw-r--r-- | etc/curl.profile | 1 | ||||
-rw-r--r-- | etc/gimp.profile | 1 | ||||
-rw-r--r-- | etc/midori.profile | 7 | ||||
-rw-r--r-- | etc/pdftotext.profile | 2 | ||||
-rw-r--r-- | etc/shotcut.profile | 1 |
6 files changed, 13 insertions, 1 deletions
diff --git a/etc/celluloid.profile b/etc/celluloid.profile index ab68c7f13..5a3bf0008 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile | |||
@@ -29,7 +29,7 @@ include whitelist-var-common.inc | |||
29 | apparmor | 29 | apparmor |
30 | caps.drop all | 30 | caps.drop all |
31 | netfilter | 31 | netfilter |
32 | # nodbus -- uses dconf | 32 | # nodbus -- uses dconf, MPRIS |
33 | nogroups | 33 | nogroups |
34 | nonewprivs | 34 | nonewprivs |
35 | noroot | 35 | noroot |
diff --git a/etc/curl.profile b/etc/curl.profile index 2624e5545..679f5a152 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -33,6 +33,7 @@ novideo | |||
33 | protocol inet,inet6 | 33 | protocol inet,inet6 |
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | tracelog | ||
36 | 37 | ||
37 | # private-bin curl | 38 | # private-bin curl |
38 | private-cache | 39 | private-cache |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 5c0631eb2..94035bc02 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -21,6 +21,7 @@ noblacklist ${PICTURES} | |||
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-exec.inc | 23 | include disable-exec.inc |
24 | include disable-devel.inc | ||
24 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
25 | include disable-programs.inc | 26 | include disable-programs.inc |
26 | include disable-xdg.inc | 27 | include disable-xdg.inc |
diff --git a/etc/midori.profile b/etc/midori.profile index ffae4919f..e11e2acaa 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/midori | ||
12 | noblacklist ${HOME}/.config/midori | 13 | noblacklist ${HOME}/.config/midori |
13 | noblacklist ${HOME}/.local/share/midori | 14 | noblacklist ${HOME}/.local/share/midori |
14 | # noblacklist ${HOME}/.local/share/webkit | 15 | # noblacklist ${HOME}/.local/share/webkit |
@@ -16,11 +17,17 @@ noblacklist ${HOME}/.local/share/midori | |||
16 | noblacklist ${HOME}/.pki | 17 | noblacklist ${HOME}/.pki |
17 | noblacklist ${HOME}/.local/share/pki | 18 | noblacklist ${HOME}/.local/share/pki |
18 | 19 | ||
20 | noblacklist ${HOME}/.cache/gnome-mplayer | ||
21 | noblacklist ${HOME}/.config/gnome-mplayer | ||
22 | noblacklist ${HOME}/.lastpass | ||
23 | |||
19 | include disable-common.inc | 24 | include disable-common.inc |
20 | include disable-devel.inc | 25 | include disable-devel.inc |
21 | include disable-exec.inc | 26 | include disable-exec.inc |
22 | include disable-interpreters.inc | 27 | include disable-interpreters.inc |
28 | #include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 29 | include disable-programs.inc |
30 | include disable-xdg.inc | ||
24 | 31 | ||
25 | mkdir ${HOME}/.cache/midori | 32 | mkdir ${HOME}/.cache/midori |
26 | mkdir ${HOME}/.config/midori | 33 | mkdir ${HOME}/.config/midori |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index e9572d914..f8448f514 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -22,6 +22,7 @@ include whitelist-usr-share-common.inc | |||
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | ||
25 | machine-id | 26 | machine-id |
26 | net none | 27 | net none |
27 | no3d | 28 | no3d |
@@ -41,6 +42,7 @@ tracelog | |||
41 | x11 none | 42 | x11 none |
42 | 43 | ||
43 | private-bin pdftotext | 44 | private-bin pdftotext |
45 | private-cache | ||
44 | private-dev | 46 | private-dev |
45 | private-etc alternatives | 47 | private-etc alternatives |
46 | private-tmp | 48 | private-tmp |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index 5b3c5439d..072cc2c0d 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -29,6 +29,7 @@ nou2f | |||
29 | protocol unix | 29 | protocol unix |
30 | seccomp | 30 | seccomp |
31 | shell none | 31 | shell none |
32 | tracelog | ||
32 | 33 | ||
33 | #private-bin melt,nice,qmelt,shotcut | 34 | #private-bin melt,nice,qmelt,shotcut |
34 | private-cache | 35 | private-cache |