diff options
275 files changed, 275 insertions, 275 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 5ee386268..9ca9834a8 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
@@ -40,4 +41,3 @@ private-tmp | |||
40 | 41 | ||
41 | noexec ${HOME} | 42 | noexec ${HOME} |
42 | noexec /tmp | 43 | noexec /tmp |
43 | nodvd | ||
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index e235bd51e..06cc69503 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/7z.profile b/etc/7z.profile index 4357cbcd1..ea67bbe19 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix | |||
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nodvd | ||
14 | nosound | 15 | nosound |
15 | notv | 16 | notv |
16 | novideo | 17 | novideo |
@@ -20,4 +21,3 @@ tracelog | |||
20 | private-dev | 21 | private-dev |
21 | 22 | ||
22 | include /etc/firejail/default.profile | 23 | include /etc/firejail/default.profile |
23 | nodvd | ||
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 261fe1373..add122a5e 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -25,4 +26,3 @@ shell none | |||
25 | 26 | ||
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | nodvd | ||
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index b92851c0b..924f74389 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -21,8 +21,8 @@ whitelist ~/Documents/Wolfram Mathematica | |||
21 | include /etc/firejail/whitelist-common.inc | 21 | include /etc/firejail/whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | nodvd | ||
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
26 | notv | 27 | notv |
27 | seccomp | 28 | seccomp |
28 | nodvd | ||
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 74146d6e3..f4a5c9f54 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -27,4 +28,3 @@ protocol unix | |||
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
29 | tracelog | 30 | tracelog |
30 | nodvd | ||
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index 9c533437b..c0c322b67 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. | 24 | # Xephyr needs to be allowed access to the abstract Unix socket namespace. |
25 | nodvd | ||
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
27 | # In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. | 28 | # In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. |
@@ -39,4 +40,3 @@ private | |||
39 | private-dev | 40 | private-dev |
40 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 41 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
41 | private-tmp | 42 | private-tmp |
42 | nodvd | ||
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 69420c3a8..7921e0d06 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -23,6 +23,7 @@ include /etc/firejail/whitelist-common.inc | |||
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. | 25 | # Xvfb needs to be allowed access to the abstract Unix socket namespace. |
26 | nodvd | ||
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
28 | # In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. | 29 | # In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. |
@@ -40,4 +41,3 @@ private | |||
40 | private-dev | 41 | private-dev |
41 | private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 42 | private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
42 | private-tmp | 43 | private-tmp |
43 | nodvd | ||
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index e31b422c5..3251ef8aa 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -37,6 +37,7 @@ include /etc/firejail/whitelist-common.inc | |||
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
39 | netfilter | 39 | netfilter |
40 | nodvd | ||
40 | nonewprivs | 41 | nonewprivs |
41 | noroot | 42 | noroot |
42 | notv | 43 | notv |
@@ -45,4 +46,3 @@ seccomp | |||
45 | tracelog | 46 | tracelog |
46 | 47 | ||
47 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 48 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
48 | nodvd | ||
diff --git a/etc/akregator.profile b/etc/akregator.profile index d47ce4df0..12bb06fb5 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 07d67c639..1e1953780 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -33,4 +34,3 @@ private-dev | |||
33 | # private-tmp | 34 | # private-tmp |
34 | 35 | ||
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/apktool.profile b/etc/apktool.profile index 0ca0ea0b0..bdd711964 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -29,4 +30,3 @@ private-dev | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/arduino.profile b/etc/arduino.profile index d1938c01a..b529ec266 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/ark.profile b/etc/ark.profile index 2ac7089fb..2ed25a4e6 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc | 30 | # private-etc |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/arm.profile b/etc/arm.profile index 4e6bb9b1c..53d290b49 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -20,6 +20,7 @@ caps.drop all | |||
20 | ipc-namespace | 20 | ipc-namespace |
21 | netfilter | 21 | netfilter |
22 | no3d | 22 | no3d |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -39,4 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
41 | noexec /tmp | 42 | noexec /tmp |
42 | nodvd | ||
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 395f4e350..4869ef4ea 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ shell none | |||
26 | 27 | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/atom.profile b/etc/atom.profile index 2a0c46355..8629c3dd8 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ shell none | |||
26 | 27 | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/atool.profile b/etc/atool.profile index cd06b4b2a..c2e772f9d 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ tracelog | |||
30 | private-dev | 31 | private-dev |
31 | private-etc none | 32 | private-etc none |
32 | private-tmp | 33 | private-tmp |
33 | nodvd | ||
diff --git a/etc/atril.profile b/etc/atril.profile index 1c0d3a11d..7109d343e 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-bin atril, atril-previewer, atril-thumbnailer | 29 | private-bin atril, atril-previewer, atril-thumbnailer |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index f2e4d2b5b..b5a15b04c 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/aweather.profile b/etc/aweather.profile index 4c2664a91..ef811b330 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -32,4 +33,3 @@ tracelog | |||
32 | private-bin aweather | 33 | private-bin aweather |
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | nodvd | ||
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 80c5ea0b0..2809089e6 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -40,4 +41,3 @@ noexec /tmp | |||
40 | # read-only ${HOME} | 41 | # read-only ${HOME} |
41 | # read-write ${HOME}/.local/share | 42 | # read-write ${HOME}/.local/share |
42 | # noexec ${HOME}/.local/share | 43 | # noexec ${HOME}/.local/share |
43 | nodvd | ||
diff --git a/etc/baobab.profile b/etc/baobab.profile index c67f01503..ef733632d 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 158733660..73d31c205 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
@@ -39,4 +40,3 @@ tracelog | |||
39 | private-dev | 40 | private-dev |
40 | private-etc fonts,resolv.conf,sword,sword.conf,passwd | 41 | private-etc fonts,resolv.conf,sword,sword.conf,passwd |
41 | private-tmp | 42 | private-tmp |
42 | nodvd | ||
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 0566029cb..0b61e7b9f 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nonewprivs | 19 | nonewprivs |
19 | nosound | 20 | nosound |
20 | notv | 21 | notv |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | read-write /var/lib/bitlbee | 31 | read-write /var/lib/bitlbee |
31 | 32 | ||
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 0c1670283..f3498e9b9 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -32,4 +33,3 @@ shell none | |||
32 | memory-deny-write-execute | 33 | memory-deny-write-execute |
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/blender.profile b/etc/blender.profile index 438be7e41..f7ecbce55 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | nodvd | ||
diff --git a/etc/bless.profile b/etc/bless.profile index 8c7cc5fe5..e4d2f0730 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/brave.profile b/etc/brave.profile index a512bd133..4a908c884 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -30,9 +30,9 @@ include /etc/firejail/whitelist-common.inc | |||
30 | netfilter | 30 | netfilter |
31 | # nonewprivs | 31 | # nonewprivs |
32 | # noroot | 32 | # noroot |
33 | nodvd | ||
33 | notv | 34 | notv |
34 | # protocol unix,inet,inet6,netlink | 35 | # protocol unix,inet,inet6,netlink |
35 | # seccomp | 36 | # seccomp |
36 | 37 | ||
37 | # disable-mnt | 38 | # disable-mnt |
38 | nodvd | ||
diff --git a/etc/caja.profile b/etc/caja.profile index 35b0ce040..d234e6c9b 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -33,4 +34,3 @@ tracelog | |||
33 | # private-dev | 34 | # private-dev |
34 | # private-etc fonts | 35 | # private-etc fonts |
35 | # private-tmp | 36 | # private-tmp |
36 | nodvd | ||
diff --git a/etc/calibre.profile b/etc/calibre.profile index d1371839c..aa0de473c 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/catfish.profile b/etc/catfish.profile index 2f9c35220..498f3b6ee 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -30,4 +31,3 @@ tracelog | |||
30 | # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m | 31 | # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m |
31 | # private-dev | 32 | # private-dev |
32 | # private-tmp | 33 | # private-tmp |
33 | nodvd | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 901bfed1e..88be562c8 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index e28606054..9be99e68a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc | |||
26 | 26 | ||
27 | caps.keep sys_chroot,sys_admin | 27 | caps.keep sys_chroot,sys_admin |
28 | netfilter | 28 | netfilter |
29 | nodvd | ||
29 | nogroups | 30 | nogroups |
30 | notv | 31 | notv |
31 | shell none | 32 | shell none |
@@ -36,4 +37,3 @@ private-dev | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | nodvd | ||
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index d1470adfb..bc045fb77 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -27,4 +28,3 @@ shell none | |||
27 | 28 | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | nodvd | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile index 64a635efb..e6ee7b636 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index efee37106..f6a9eefb6 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -25,9 +25,9 @@ include /etc/firejail/whitelist-common.inc | |||
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | nodvd | ||
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
30 | notv | 31 | notv |
31 | protocol unix,inet,inet6 | 32 | protocol unix,inet,inet6 |
32 | seccomp | 33 | seccomp |
33 | nodvd | ||
diff --git a/etc/corebird.profile b/etc/corebird.profile index 39726d13a..87f7a970b 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
@@ -13,8 +13,8 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | noroot | 17 | noroot |
17 | notv | 18 | notv |
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | nodvd | ||
diff --git a/etc/cpio.profile b/etc/cpio.profile index 3f25393b0..f082d2e40 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -19,6 +19,7 @@ caps.drop all | |||
19 | net none | 19 | net none |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nodvd | ||
22 | nosound | 23 | nosound |
23 | notv | 24 | notv |
24 | seccomp | 25 | seccomp |
@@ -26,4 +27,3 @@ shell none | |||
26 | tracelog | 27 | tracelog |
27 | 28 | ||
28 | private-dev | 29 | private-dev |
29 | nodvd | ||
diff --git a/etc/curl.profile b/etc/curl.profile index dea5b3db8..af7eabf59 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index b0052eeab..ee1346617 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -29,4 +30,3 @@ private-dev | |||
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | nodvd | ||
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 5cd75208b..63f6ea845 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -52,6 +52,7 @@ include /etc/firejail/whitelist-common.inc | |||
52 | 52 | ||
53 | caps.drop all | 53 | caps.drop all |
54 | netfilter | 54 | netfilter |
55 | nodvd | ||
55 | nogroups | 56 | nogroups |
56 | nonewprivs | 57 | nonewprivs |
57 | noroot | 58 | noroot |
@@ -69,4 +70,3 @@ private-tmp | |||
69 | 70 | ||
70 | noexec ${HOME} | 71 | noexec ${HOME} |
71 | noexec /tmp | 72 | noexec /tmp |
72 | nodvd | ||
diff --git a/etc/darktable.profile b/etc/darktable.profile index 51cb197b0..e04163486 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/deluge.profile b/etc/deluge.profile index da477e4c3..c311d2fa7 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/whitelist-common.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodvd | ||
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
24 | nosound | 25 | nosound |
@@ -32,4 +33,3 @@ shell none | |||
32 | # private-bin deluge,sh,python,uname | 33 | # private-bin deluge,sh,python,uname |
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | nodvd | ||
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index fab7ccb13..5261bb865 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-dev | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/dia.profile b/etc/dia.profile index 14724c321..a625ab36d 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/digikam.profile b/etc/digikam.profile index 1a39f5a9d..43191ec06 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/dillo.profile b/etc/dillo.profile index e1f0594e1..aa8a395e1 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
@@ -21,10 +21,10 @@ include /etc/firejail/whitelist-common.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodvd | ||
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
26 | notv | 27 | notv |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
29 | tracelog | 30 | tracelog |
30 | nodvd | ||
diff --git a/etc/dino.profile b/etc/dino.profile index 9355f7e6a..72f4f40b2 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | no3d | 22 | no3d |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -38,4 +39,3 @@ private-tmp | |||
38 | 39 | ||
39 | noexec ${HOME} | 40 | noexec ${HOME} |
40 | noexec /tmp | 41 | noexec /tmp |
41 | nodvd | ||
diff --git a/etc/display.profile b/etc/display.profile index d8bbd4423..44d37d5b2 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -27,4 +28,3 @@ private-bin display | |||
27 | private-dev | 28 | private-dev |
28 | private-etc none | 29 | private-etc none |
29 | private-tmp | 30 | private-tmp |
30 | nodvd | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 101e3afb0..d82efef04 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -14,10 +14,10 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nosound | 18 | nosound |
18 | notv | 19 | notv |
19 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
20 | 21 | ||
21 | private | 22 | private |
22 | private-dev | 23 | private-dev |
23 | nodvd | ||
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index b6ca68bf2..bf52a5d8a 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps | 16 | caps |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nonewprivs | 20 | nonewprivs |
20 | nosound | 21 | nosound |
21 | notv | 22 | notv |
@@ -25,4 +26,3 @@ seccomp | |||
25 | disable-mnt | 26 | disable-mnt |
26 | private | 27 | private |
27 | private-dev | 28 | private-dev |
28 | nodvd | ||
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 6bd4fd38f..7566e927b 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -32,4 +33,3 @@ shell none | |||
32 | # private-dev | 33 | # private-dev |
33 | # private-etc | 34 | # private-etc |
34 | # private-tmp | 35 | # private-tmp |
35 | nodvd | ||
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 700458169..bec2960f1 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-bin dosbox | 27 | private-bin dosbox |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/dragon.profile b/etc/dragon.profile index 4bab76e7d..211c2432f 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index de41691b8..c8670357c 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc | |||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | no3d | 28 | no3d |
29 | nodvd | ||
29 | nogroups | 30 | nogroups |
30 | nonewprivs | 31 | nonewprivs |
31 | noroot | 32 | noroot |
@@ -40,4 +41,3 @@ private-dev | |||
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | noexec /tmp | 43 | noexec /tmp |
43 | nodvd | ||
diff --git a/etc/electron.profile b/etc/electron.profile index a60704035..9b21c1bfd 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
@@ -12,10 +12,10 @@ include /etc/firejail/disable-programs.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nodvd | ||
15 | nogroups | 16 | nogroups |
16 | nonewprivs | 17 | nonewprivs |
17 | noroot | 18 | noroot |
18 | notv | 19 | notv |
19 | protocol unix,inet,inet6,netlink | 20 | protocol unix,inet,inet6,netlink |
20 | seccomp | 21 | seccomp |
21 | nodvd | ||
diff --git a/etc/elinks.profile b/etc/elinks.profile index 530e41217..10fd19f71 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -32,4 +33,3 @@ tracelog | |||
32 | private-dev | 33 | private-dev |
33 | # private-etc none | 34 | # private-etc none |
34 | private-tmp | 35 | private-tmp |
35 | nodvd | ||
diff --git a/etc/emacs.profile b/etc/emacs.profile index c262c9900..8351d6c42 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
@@ -14,10 +14,10 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | notv | 21 | notv |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | nodvd | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index e85bf324d..b2cfa369c 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -12,10 +12,10 @@ include /etc/firejail/disable-programs.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nodvd | ||
15 | nogroups | 16 | nogroups |
16 | nonewprivs | 17 | nonewprivs |
17 | noroot | 18 | noroot |
18 | notv | 19 | notv |
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | nodvd | ||
diff --git a/etc/enchant.profile b/etc/enchant.profile index 5574eeae0..a7b549a4c 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | # private-dev | 29 | # private-dev |
29 | # private-etc fonts | 30 | # private-etc fonts |
30 | # private-tmp | 31 | # private-tmp |
31 | nodvd | ||
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 9ac577da0..e10fd6084 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc fonts | 30 | # private-etc fonts |
30 | # private-tmp | 31 | # private-tmp |
31 | nodvd | ||
diff --git a/etc/eog.profile b/etc/eog.profile index 8dfd01ea1..54d5a1a88 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | no3d | 20 | no3d |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | memory-deny-write-execute | 37 | memory-deny-write-execute |
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | nodvd | ||
diff --git a/etc/eom.profile b/etc/eom.profile index d5470ef24..6fd069b5c 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index f3a880bd6..0f9a9cf55 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -24,8 +24,8 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nonewprivs | 28 | nonewprivs |
28 | notv | 29 | notv |
29 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
30 | seccomp | 31 | seccomp |
31 | nodvd | ||
diff --git a/etc/etr.profile b/etc/etr.profile index 5529c2ed6..96e8b46d9 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/evince.profile b/etc/evince.profile index a929c8c4f..5c6215bb2 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -35,4 +36,3 @@ private-etc fonts | |||
35 | memory-deny-write-execute | 36 | memory-deny-write-execute |
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | nodvd | ||
diff --git a/etc/evolution.profile b/etc/evolution.profile index ef4c9f627..2f7f25ff8 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -23,6 +23,7 @@ include /etc/firejail/disable-programs.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | no3d | 25 | no3d |
26 | nodvd | ||
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
28 | noroot | 29 | noroot |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | 38 | ||
38 | noexec ${HOME} | 39 | noexec ${HOME} |
39 | noexec /tmp | 40 | noexec /tmp |
40 | nodvd | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 8b56e810d..565212161 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -34,4 +35,3 @@ tracelog | |||
34 | private-dev | 35 | private-dev |
35 | private-etc none | 36 | private-etc none |
36 | private-tmp | 37 | private-tmp |
37 | nodvd | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 0756a1d40..19d45a1d8 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
19 | nosound | 20 | nosound |
@@ -25,4 +26,3 @@ shell none | |||
25 | private-bin fbreader,FBReader | 26 | private-bin fbreader,FBReader |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | nodvd | ||
diff --git a/etc/feh.profile b/etc/feh.profile index 1798527f7..61b456e34 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -26,4 +27,3 @@ private-bin feh | |||
26 | private-dev | 27 | private-dev |
27 | private-etc feh | 28 | private-etc feh |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index ff8d8c9eb..1ecb3c632 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -33,4 +34,3 @@ private-dev | |||
33 | memory-deny-write-execute | 34 | memory-deny-write-execute |
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/file.profile b/etc/file.profile index 389e89426..9a4dba7ef 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -16,6 +16,7 @@ caps.drop all | |||
16 | hostname file | 16 | hostname file |
17 | net none | 17 | net none |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | nosound | 22 | nosound |
@@ -29,4 +30,3 @@ x11 none | |||
29 | private-bin file | 30 | private-bin file |
30 | private-dev | 31 | private-dev |
31 | private-etc magic.mgc,magic,localtime | 32 | private-etc magic.mgc,magic,localtime |
32 | nodvd | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index cb8c38a14..63bfd1e0d 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
19 | nosound | 20 | nosound |
@@ -25,4 +26,3 @@ shell none | |||
25 | private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp | 26 | private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | nodvd | ||
diff --git a/etc/firefox.profile b/etc/firefox.profile index d4de1332d..7229ba45b 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -52,6 +52,7 @@ include /etc/firejail/whitelist-common.inc | |||
52 | 52 | ||
53 | caps.drop all | 53 | caps.drop all |
54 | netfilter | 54 | netfilter |
55 | nodvd | ||
55 | nogroups | 56 | nogroups |
56 | nonewprivs | 57 | nonewprivs |
57 | noroot | 58 | noroot |
@@ -69,4 +70,3 @@ private-tmp | |||
69 | 70 | ||
70 | noexec ${HOME} | 71 | noexec ${HOME} |
71 | noexec /tmp | 72 | noexec /tmp |
72 | nodvd | ||
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 1a4c8dea6..18db4c597 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -29,9 +29,9 @@ include /etc/firejail/whitelist-common.inc | |||
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | netfilter | 31 | netfilter |
32 | nodvd | ||
32 | nonewprivs | 33 | nonewprivs |
33 | noroot | 34 | noroot |
34 | notv | 35 | notv |
35 | protocol unix,inet,inet6,netlink | 36 | protocol unix,inet,inet6,netlink |
36 | seccomp | 37 | seccomp |
37 | nodvd | ||
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index 557948c84..79dab0751 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 835f913d4..29295f8a0 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index ef89561e9..74073d8d1 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
@@ -17,7 +17,7 @@ whitelist ~/.fossamail | |||
17 | whitelist ~/.gnupg | 17 | whitelist ~/.gnupg |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | nodvd | ||
20 | notv | 21 | notv |
21 | 22 | ||
22 | include /etc/firejail/firefox.profile | 23 | include /etc/firejail/firefox.profile |
23 | nodvd | ||
diff --git a/etc/franz.profile b/etc/franz.profile index 52758dc0c..f83b5018c 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
@@ -38,4 +39,3 @@ private-tmp | |||
38 | 39 | ||
39 | noexec ${HOME} | 40 | noexec ${HOME} |
40 | noexec /tmp | 41 | noexec /tmp |
41 | nodvd | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 6417ce812..40aa6d58d 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/gajim.profile b/etc/gajim.profile index f69391f23..f1929c015 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc | |||
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
31 | nodvd | ||
31 | nogroups | 32 | nogroups |
32 | nonewprivs | 33 | nonewprivs |
33 | noroot | 34 | noroot |
@@ -43,4 +44,3 @@ private-dev | |||
43 | # private-tmp | 44 | # private-tmp |
44 | # Allow the local python 2.7 site packages, in case any plugins are using these | 45 | # Allow the local python 2.7 site packages, in case any plugins are using these |
45 | read-only ${HOME}/.local/lib/python2.7/site-packages/ | 46 | read-only ${HOME}/.local/lib/python2.7/site-packages/ |
46 | nodvd | ||
diff --git a/etc/galculator.profile b/etc/galculator.profile index 9d2ce57e8..a2e855656 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -32,4 +33,3 @@ private-bin galculator | |||
32 | private-dev | 33 | private-dev |
33 | private-etc fonts | 34 | private-etc fonts |
34 | private-tmp | 35 | private-tmp |
35 | nodvd | ||
diff --git a/etc/geany.profile b/etc/geany.profile index 530b00192..35e405319 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ shell none | |||
26 | 27 | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/gedit.profile b/etc/gedit.profile index 6b9eb5a44..418575e09 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index 5009940d1..c9f9d0074 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -27,4 +28,3 @@ shell none | |||
27 | # private-bin geeqie | 28 | # private-bin geeqie |
28 | private-dev | 29 | private-dev |
29 | # private-etc X11 | 30 | # private-etc X11 |
30 | nodvd | ||
diff --git a/etc/gimp.profile b/etc/gimp.profile index acacc8e28..aa77d6105 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | # if you are not using external plugins, you can enable noexec statement below | 30 | # if you are not using external plugins, you can enable noexec statement below |
30 | # noexec ${HOME} | 31 | # noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/git.profile b/etc/git.profile index 34bba1974..92bf66b92 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -23,6 +23,7 @@ include /etc/firejail/disable-programs.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | no3d | 25 | no3d |
26 | nodvd | ||
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
28 | noroot | 29 | noroot |
@@ -33,4 +34,3 @@ seccomp | |||
33 | shell none | 34 | shell none |
34 | 35 | ||
35 | private-dev | 36 | private-dev |
36 | nodvd | ||
diff --git a/etc/gitg.profile b/etc/gitg.profile index 273cc006c..1a731d507 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | memory-deny-write-execute | 34 | memory-deny-write-execute |
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index 9bbe605e7..f92f4b167 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ shell none | |||
26 | private-bin gitter | 27 | private-bin gitter |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/gjs.profile b/etc/gjs.profile index 1255ec6bb..a856d35b5 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -32,4 +33,3 @@ tracelog | |||
32 | private-dev | 33 | private-dev |
33 | # private-etc fonts | 34 | # private-etc fonts |
34 | private-tmp | 35 | private-tmp |
35 | nodvd | ||
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index ac72c87c7..6961a56e9 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 7dba3f58b..7aea3f5a8 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/whitelist-common.inc | |||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | no3d | 21 | no3d |
22 | nodvd | ||
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
24 | notv | 25 | notv |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index c9082995d..5c1d5f137 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | nodvd | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 21019893b..4921fb0c4 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/whitelist-common.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | memory-deny-write-execute | 35 | memory-deny-write-execute |
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 87b01bf92..688df6dfe 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index b9938e9d2..d9bac48eb 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index d905bfe63..90c2c2628 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/whitelist-common.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | nosound | 21 | nosound |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index e28b787fe..3254f3fbc 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index daf0ddc2a..5ccb28840 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
19 | nosound | 20 | nosound |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 527899aea..cdbf5cbe0 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | nodvd | ||
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index c1e9d7b58..0e150f525 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index db7739c33..9c94404d1 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile | |||
@@ -20,6 +20,7 @@ whitelist ${HOME}/.local/share/gnome-twitch | |||
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index f1db7dab3..4ddbbbde2 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | nodvd | ||
diff --git a/etc/goobox.profile b/etc/goobox.profile index c7a52c944..9bedaa431 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -26,4 +27,3 @@ tracelog | |||
26 | # private-dev | 27 | # private-dev |
27 | # private-etc fonts | 28 | # private-etc fonts |
28 | # private-tmp | 29 | # private-tmp |
29 | nodvd | ||
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 031a43504..ac457b92f 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.keep sys_chroot,sys_admin | 25 | caps.keep sys_chroot,sys_admin |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | notv | 29 | notv |
29 | shell none | 30 | shell none |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 4dcdef578..3d7a9a715 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.keep sys_chroot,sys_admin | 25 | caps.keep sys_chroot,sys_admin |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | notv | 29 | notv |
29 | shell none | 30 | shell none |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 2caa3c4ec..a50e0e89d 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.keep sys_chroot,sys_admin | 25 | caps.keep sys_chroot,sys_admin |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | notv | 29 | notv |
29 | shell none | 30 | shell none |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 641988796..704de6e40 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | no3d | 22 | no3d |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | nodvd | ||
diff --git a/etc/gpa.profile b/etc/gpa.profile index b33d06ba1..58dfcd3e1 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ tracelog | |||
26 | 27 | ||
27 | # private-bin gpa,gpg | 28 | # private-bin gpa,gpg |
28 | private-dev | 29 | private-dev |
29 | nodvd | ||
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 852bbc210..13bceaa5a 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ tracelog | |||
29 | 30 | ||
30 | # private-bin gpg-agent,gpg | 31 | # private-bin gpg-agent,gpg |
31 | private-dev | 32 | private-dev |
32 | nodvd | ||
diff --git a/etc/gpg.profile b/etc/gpg.profile index 91048db14..d99afdfe2 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ tracelog | |||
29 | 30 | ||
30 | # private-bin gpg,gpg-agent | 31 | # private-bin gpg,gpg-agent |
31 | private-dev | 32 | private-dev |
32 | nodvd | ||
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index b8c1d60c0..ec9245e58 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ private-bin gpicview | |||
28 | private-dev | 29 | private-dev |
29 | private-etc fonts | 30 | private-etc fonts |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index ed9ef1a1e..f204366c5 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 4b922189a..63ad07894 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-bin gthumb | 29 | private-bin gthumb |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index d9982933d..b6be37439 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index f5507850b..745468912 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
20 | include /etc/firejail/disable-programs.inc | 20 | include /etc/firejail/disable-programs.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -36,4 +37,3 @@ private-dev | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | nodvd | ||
diff --git a/etc/gzip.profile b/etc/gzip.profile index 5560c8252..3f6ecec2c 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix | |||
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nodvd | ||
14 | nosound | 15 | nosound |
15 | notv | 16 | notv |
16 | shell none | 17 | shell none |
@@ -19,4 +20,3 @@ tracelog | |||
19 | private-dev | 20 | private-dev |
20 | 21 | ||
21 | include /etc/firejail/default.profile | 22 | include /etc/firejail/default.profile |
22 | nodvd | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index 189f364f8..5f08d7cb8 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 90abe5d27..e2775ffce 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | disable-mnt | 29 | disable-mnt |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 875d07e89..fc817d9f9 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | no3d | 22 | no3d |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -39,4 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
41 | noexec /tmp | 42 | noexec /tmp |
42 | nodvd | ||
diff --git a/etc/highlight.profile b/etc/highlight.profile index bbd08cb6b..83b023a90 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -29,4 +30,3 @@ private-bin highlight | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/hugin.profile b/etc/hugin.profile index 064488daa..d3cd181b1 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/icecat.profile b/etc/icecat.profile index 0477bfc4c..ab7e62180 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -37,6 +37,7 @@ include /etc/firejail/whitelist-common.inc | |||
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
39 | netfilter | 39 | netfilter |
40 | nodvd | ||
40 | nonewprivs | 41 | nonewprivs |
41 | noroot | 42 | noroot |
42 | notv | 43 | notv |
@@ -48,4 +49,3 @@ tracelog | |||
48 | 49 | ||
49 | noexec ${HOME} | 50 | noexec ${HOME} |
50 | noexec /tmp | 51 | noexec /tmp |
51 | nodvd | ||
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 20ec4f33f..928ec7327 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -33,4 +34,3 @@ private-dev | |||
33 | # private-tmp | 34 | # private-tmp |
34 | 35 | ||
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 342ddf9a3..bd454a2c8 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-dev | 28 | private-dev |
28 | # private-etc none | 29 | # private-etc none |
29 | private-tmp | 30 | private-tmp |
30 | nodvd | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 315b0193a..1d24f5d7d 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/inox.profile b/etc/inox.profile index aeee91526..6273c4de6 100644 --- a/etc/inox.profile +++ b/etc/inox.profile | |||
@@ -22,5 +22,5 @@ whitelist ~/.pki | |||
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | 23 | ||
24 | netfilter | 24 | netfilter |
25 | notv | ||
26 | nodvd | 25 | nodvd |
26 | notv | ||
diff --git a/etc/iridium.profile b/etc/iridium.profile index 395481793..db9c5c7cf 100644 --- a/etc/iridium.profile +++ b/etc/iridium.profile | |||
@@ -23,5 +23,5 @@ whitelist ~/.pki | |||
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | netfilter | 25 | netfilter |
26 | notv | ||
27 | nodvd | 26 | nodvd |
27 | notv | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 8df805895..5cb1e1828 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index bd636251c..78a57ff46 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -24,4 +25,3 @@ tracelog | |||
24 | 25 | ||
25 | disable-mnt | 26 | disable-mnt |
26 | private-tmp | 27 | private-tmp |
27 | nodvd | ||
diff --git a/etc/k3b.profile b/etc/k3b.profile index a547cd7b1..87132e775 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
21 | nosound | 22 | nosound |
@@ -29,4 +30,3 @@ tracelog | |||
29 | # private-bin | 30 | # private-bin |
30 | # private-etc | 31 | # private-etc |
31 | # private-tmp | 32 | # private-tmp |
32 | nodvd | ||
diff --git a/etc/kate.profile b/etc/kate.profile index 84057f402..ec5d09ce2 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -34,4 +35,3 @@ tracelog | |||
34 | private-dev | 35 | private-dev |
35 | # private-etc fonts | 36 | # private-etc fonts |
36 | private-tmp | 37 | private-tmp |
37 | nodvd | ||
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index fbd4d3e19..f334c4c72 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/keepass.profile b/etc/keepass.profile index bdd6c9995..c133ce0fb 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc | |||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | no3d | 23 | no3d |
24 | nodvd | ||
24 | nogroups | 25 | nogroups |
25 | nonewprivs | 26 | nonewprivs |
26 | noroot | 27 | noroot |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | nodvd | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 3eadcace7..9d943d89c 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -19,6 +19,7 @@ caps.drop all | |||
19 | machine-id | 19 | machine-id |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | 38 | ||
38 | noexec ${HOME} | 39 | noexec ${HOME} |
39 | noexec /tmp | 40 | noexec /tmp |
40 | nodvd | ||
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index 7f8380bfa..e20e06b76 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | no3d | 20 | no3d |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | nodvd | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index fc44bfdd7..f79cda80d 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | no3d | 20 | no3d |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | memory-deny-write-execute | 37 | memory-deny-write-execute |
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | nodvd | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index e5e8b0fef..fdc96c97f 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -24,4 +25,3 @@ tracelog | |||
24 | 25 | ||
25 | private-dev | 26 | private-dev |
26 | # private-tmp | 27 | # private-tmp |
27 | nodvd | ||
diff --git a/etc/knotes.profile b/etc/knotes.profile index c482a2f02..a1d303ded 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc fonts | 30 | # private-etc fonts |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/konversation.profile b/etc/konversation.profile index b4f0b5524..8bc263d4d 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | noroot | 18 | noroot |
18 | notv | 19 | notv |
@@ -20,4 +21,3 @@ protocol unix,inet,inet6 | |||
20 | seccomp | 21 | seccomp |
21 | 22 | ||
22 | private-tmp | 23 | private-tmp |
23 | nodvd | ||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index ae8d929db..c5b887118 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -35,6 +35,7 @@ include /etc/firejail/whitelist-common.inc | |||
35 | caps.drop all | 35 | caps.drop all |
36 | netfilter | 36 | netfilter |
37 | no3d | 37 | no3d |
38 | nodvd | ||
38 | nogroups | 39 | nogroups |
39 | nonewprivs | 40 | nonewprivs |
40 | noroot | 41 | noroot |
@@ -50,4 +51,3 @@ private-tmp | |||
50 | 51 | ||
51 | noexec ${HOME} | 52 | noexec ${HOME} |
52 | noexec /tmp | 53 | noexec /tmp |
53 | nodvd | ||
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index b87d453ec..6ba076dc0 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -34,4 +35,3 @@ tracelog | |||
34 | private-dev | 35 | private-dev |
35 | # private-etc fonts | 36 | # private-etc fonts |
36 | private-tmp | 37 | private-tmp |
37 | nodvd | ||
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index d04ea862d..e7557651b 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -29,4 +30,3 @@ private-dev | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/less.profile b/etc/less.profile index 725673318..e1c42ed76 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix | |||
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nodvd | ||
14 | nosound | 15 | nosound |
15 | notv | 16 | notv |
16 | novideo | 17 | novideo |
@@ -28,4 +29,3 @@ noexec ${HOME} | |||
28 | noexec /tmp | 29 | noexec /tmp |
29 | 30 | ||
30 | include /etc/firejail/default.profile | 31 | include /etc/firejail/default.profile |
31 | nodvd | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index b82e402fb..ec7356002 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -29,4 +30,3 @@ private-dev | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/liferea.profile b/etc/liferea.profile index cbc3a2bb5..afd5fed6b 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
@@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc | |||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | # no3d | 27 | # no3d |
28 | nodvd | ||
28 | nogroups | 29 | nogroups |
29 | nonewprivs | 30 | nonewprivs |
30 | noroot | 31 | noroot |
@@ -41,4 +42,3 @@ private-tmp | |||
41 | 42 | ||
42 | noexec ${HOME} | 43 | noexec ${HOME} |
43 | noexec /tmp | 44 | noexec /tmp |
44 | nodvd | ||
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 6fa4b5e86..bd32e0c70 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 9c8dce88b..734f16e92 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 67c5e0e9a..901bdb408 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index dac9bf957..dbbd1ace0 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile | |||
@@ -13,7 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | # noroot - somehow this breaks on Debian Jessie! | 15 | # noroot - somehow this breaks on Debian Jessie! |
16 | nodvd | ||
16 | notv | 17 | notv |
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | nodvd | ||
diff --git a/etc/lynx.profile b/etc/lynx.profile index 4b981684a..db01a5b8f 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -29,4 +30,3 @@ tracelog | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index e56737691..caf3095a5 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 207ea9c67..26ce42fbf 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 8b18c7f4e..f0de57e0d 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index c9ba56710..bd1ada2b5 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | nosound | 21 | nosound |
@@ -26,4 +27,3 @@ shell none | |||
26 | private-bin mcabber | 27 | private-bin mcabber |
27 | private-dev | 28 | private-dev |
28 | private-etc null | 29 | private-etc null |
29 | nodvd | ||
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 36e237fef..d6a55610f 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -29,4 +30,3 @@ private-bin mediainfo | |||
29 | private-dev | 30 | private-dev |
30 | private-etc none | 31 | private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index a4077c416..b90e21e66 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodvd | ||
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
26 | notv | 27 | notv |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/meld.profile b/etc/meld.profile index 280004f49..f1910d0f4 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/midori.profile b/etc/midori.profile index 3b0b96a52..8ddb37776 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -35,10 +35,10 @@ include /etc/firejail/whitelist-common.inc | |||
35 | 35 | ||
36 | caps.drop all | 36 | caps.drop all |
37 | netfilter | 37 | netfilter |
38 | nodvd | ||
38 | nonewprivs | 39 | nonewprivs |
39 | # noroot - problems on Ubuntu 14.04 | 40 | # noroot - problems on Ubuntu 14.04 |
40 | notv | 41 | notv |
41 | protocol unix,inet,inet6,netlink | 42 | protocol unix,inet,inet6,netlink |
42 | seccomp | 43 | seccomp |
43 | tracelog | 44 | tracelog |
44 | nodvd | ||
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 325b9d60e..36365fc2f 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-bin mousepad | 28 | private-bin mousepad |
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | nodvd | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index e99876447..91a269ffb 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodvd | ||
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
@@ -39,4 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
41 | noexec /tmp | 42 | noexec /tmp |
42 | nodvd | ||
diff --git a/etc/mumble.profile b/etc/mumble.profile index 745b22256..e58dc93f4 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | no3d | 24 | no3d |
25 | nodvd | ||
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
@@ -38,4 +39,3 @@ private-tmp | |||
38 | memory-deny-write-execute | 39 | memory-deny-write-execute |
39 | noexec ${HOME} | 40 | noexec ${HOME} |
40 | noexec /tmp | 41 | noexec /tmp |
41 | nodvd | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 050addfe4..c7bb458df 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | # mupdf will never write anything | 33 | # mupdf will never write anything |
33 | read-only ${HOME} | 34 | read-only ${HOME} |
34 | nodvd | ||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index ad54094f0..9f3be0d27 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -22,8 +22,8 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | nodvd | ||
25 | nonewprivs | 26 | nonewprivs |
26 | noroot | 27 | noroot |
27 | notv | 28 | notv |
28 | seccomp | 29 | seccomp |
29 | nodvd | ||
diff --git a/etc/mutt.profile b/etc/mutt.profile index 6387fb40b..206edefae 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -38,6 +38,7 @@ include /etc/firejail/disable-programs.inc | |||
38 | caps.drop all | 38 | caps.drop all |
39 | netfilter | 39 | netfilter |
40 | no3d | 40 | no3d |
41 | nodvd | ||
41 | nogroups | 42 | nogroups |
42 | nonewprivs | 43 | nonewprivs |
43 | noroot | 44 | noroot |
@@ -48,4 +49,3 @@ seccomp | |||
48 | shell none | 49 | shell none |
49 | 50 | ||
50 | private-dev | 51 | private-dev |
51 | nodvd | ||
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 616d06e99..57d6faa17 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -34,4 +35,3 @@ tracelog | |||
34 | # private-dev | 35 | # private-dev |
35 | # private-etc fonts | 36 | # private-etc fonts |
36 | # private-tmp | 37 | # private-tmp |
37 | nodvd | ||
diff --git a/etc/nemo.profile b/etc/nemo.profile index d206e3764..b11ad645a 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 36a564715..64aa068b1 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -21,10 +21,10 @@ include /etc/firejail/whitelist-common.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodvd | ||
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
26 | notv | 27 | notv |
27 | protocol unix,inet,inet6,netlink | 28 | protocol unix,inet,inet6,netlink |
28 | seccomp | 29 | seccomp |
29 | tracelog | 30 | tracelog |
30 | nodvd | ||
diff --git a/etc/nylas.profile b/etc/nylas.profile index 43445cb1a..5d84d1326 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -30,4 +31,3 @@ seccomp | |||
30 | shell none | 31 | shell none |
31 | 32 | ||
32 | private-dev | 33 | private-dev |
33 | nodvd | ||
diff --git a/etc/obs.profile b/etc/obs.profile index 11c18e0b6..187862752 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 71eff62ac..da2d03635 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-dev | |||
30 | private-etc none | 31 | private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | read-only ${HOME} | 33 | read-only ${HOME} |
33 | nodvd | ||
diff --git a/etc/okular.profile b/etc/okular.profile index 426072331..d03891ebe 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/disable-programs.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodvd | ||
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
@@ -40,4 +41,3 @@ private-tmp | |||
40 | 41 | ||
41 | noexec ${HOME} | 42 | noexec ${HOME} |
42 | noexec /tmp | 43 | noexec /tmp |
43 | nodvd | ||
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index b225bd2d2..998d57f62 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/openshot.profile b/etc/openshot.profile index 2219b670c..02f4665d6 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile index f751d7a8b..c295a2082 100644 --- a/etc/opera-beta.profile +++ b/etc/opera-beta.profile | |||
@@ -22,5 +22,5 @@ whitelist ~/.pki | |||
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | 23 | ||
24 | netfilter | 24 | netfilter |
25 | notv | ||
26 | nodvd | 25 | nodvd |
26 | notv | ||
diff --git a/etc/opera.profile b/etc/opera.profile index 2141fe2ee..553ea6790 100644 --- a/etc/opera.profile +++ b/etc/opera.profile | |||
@@ -26,5 +26,5 @@ whitelist ~/.pki | |||
26 | include /etc/firejail/whitelist-common.inc | 26 | include /etc/firejail/whitelist-common.inc |
27 | 27 | ||
28 | netfilter | 28 | netfilter |
29 | notv | ||
30 | nodvd | 29 | nodvd |
30 | notv | ||
diff --git a/etc/orage.profile b/etc/orage.profile index d5946ab5b..209c7e9db 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 962dcd16e..054e876c5 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -41,6 +41,7 @@ include /etc/firejail/whitelist-common.inc | |||
41 | 41 | ||
42 | caps.drop all | 42 | caps.drop all |
43 | netfilter | 43 | netfilter |
44 | nodvd | ||
44 | nogroups | 45 | nogroups |
45 | nonewprivs | 46 | nonewprivs |
46 | noroot | 47 | noroot |
@@ -55,4 +56,3 @@ tracelog | |||
55 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 56 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
56 | # private-opt palemoon | 57 | # private-opt palemoon |
57 | private-tmp | 58 | private-tmp |
58 | nodvd | ||
diff --git a/etc/parole.profile b/etc/parole.profile index e37e39789..794d91481 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nonewprivs | 17 | nonewprivs |
17 | noroot | 18 | noroot |
18 | notv | 19 | notv |
@@ -22,4 +23,3 @@ shell none | |||
22 | 23 | ||
23 | private-bin parole,dbus-launch | 24 | private-bin parole,dbus-launch |
24 | private-etc passwd,group,fonts | 25 | private-etc passwd,group,fonts |
25 | nodvd | ||
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 44375234d..3b739b2ac 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | net none | 18 | net none |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
22 | nosound | 23 | nosound |
@@ -26,4 +27,3 @@ protocol unix | |||
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
28 | tracelog | 29 | tracelog |
29 | nodvd | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index e2fbd81ae..fd52fb9ee 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 78fb91d5b..540a428cc 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-bin pdftotext | |||
30 | private-dev | 31 | private-dev |
31 | private-etc none | 32 | private-etc none |
32 | private-tmp | 33 | private-tmp |
33 | nodvd | ||
diff --git a/etc/peek.profile b/etc/peek.profile index e65d3f172..13c0c72e0 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | memory-deny-write-execute | 34 | memory-deny-write-execute |
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/picard.profile b/etc/picard.profile index d855a767d..8dc79b4ad 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 113f3ce33..dd610920a 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-bin pidgin | 27 | private-bin pidgin |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/pingus.profile b/etc/pingus.profile index 204bc7f40..68d5a98ad 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/pithos.profile b/etc/pithos.profile index 2aaedd45e..b81e0b634 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/whitelist-common.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/pix.profile b/etc/pix.profile index 79107c27c..ed9298727 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -29,4 +30,3 @@ tracelog | |||
29 | private-bin pix | 30 | private-bin pix |
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/pluma.profile b/etc/pluma.profile index ed64c4cf7..d17a64d1d 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-bin pluma | 27 | private-bin pluma |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/polari.profile b/etc/polari.profile index c41581b0d..a990194c9 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -27,6 +27,7 @@ include /etc/firejail/whitelist-common.inc | |||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | nodvd | ||
30 | nogroups | 31 | nogroups |
31 | nonewprivs | 32 | nonewprivs |
32 | noroot | 33 | noroot |
@@ -43,4 +44,3 @@ private-tmp | |||
43 | 44 | ||
44 | noexec ${HOME} | 45 | noexec ${HOME} |
45 | noexec /tmp | 46 | noexec /tmp |
46 | nodvd | ||
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index 3611e66f2..72c52d967 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc | |||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | no3d | 27 | no3d |
28 | nodvd | ||
28 | nogroups | 29 | nogroups |
29 | nonewprivs | 30 | nonewprivs |
30 | noroot | 31 | noroot |
@@ -40,4 +41,3 @@ private-tmp | |||
40 | 41 | ||
41 | noexec ${HOME} | 42 | noexec ${HOME} |
42 | noexec /tmp | 43 | noexec /tmp |
43 | nodvd | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index b5b5f2cf5..ea635ab6e 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -29,6 +29,7 @@ include /etc/firejail/whitelist-common.inc | |||
29 | caps.drop all | 29 | caps.drop all |
30 | machine-id | 30 | machine-id |
31 | netfilter | 31 | netfilter |
32 | nodvd | ||
32 | nogroups | 33 | nogroups |
33 | nonewprivs | 34 | nonewprivs |
34 | noroot | 35 | noroot |
@@ -42,4 +43,3 @@ seccomp | |||
42 | private-dev | 43 | private-dev |
43 | # private-etc X11,fonts,xdg,resolv.conf | 44 | # private-etc X11,fonts,xdg,resolv.conf |
44 | private-tmp | 45 | private-tmp |
45 | nodvd | ||
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 292b6b266..2738e04bb 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -25,4 +26,3 @@ tracelog | |||
25 | private-tmp | 26 | private-tmp |
26 | 27 | ||
27 | noexec /tmp | 28 | noexec /tmp |
28 | nodvd | ||
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index a4b962b8a..7a60007fe 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nodvd | ||
15 | nogroups | 16 | nogroups |
16 | nonewprivs | 17 | nonewprivs |
17 | noroot | 18 | noroot |
@@ -24,4 +25,3 @@ tracelog | |||
24 | private-tmp | 25 | private-tmp |
25 | 26 | ||
26 | noexec /tmp | 27 | noexec /tmp |
27 | nodvd | ||
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 8e5a4f19d..796015654 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 7fe8567dd..2c652c688 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-bin qpdfview | 29 | private-bin qpdfview |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 6fe942eeb..5cbe68c90 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodvd | ||
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | 38 | ||
38 | noexec ${HOME} | 39 | noexec ${HOME} |
39 | noexec /tmp | 40 | noexec /tmp |
40 | nodvd | ||
diff --git a/etc/quassel.profile b/etc/quassel.profile index 223376272..af0f723f1 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -12,9 +12,9 @@ include /etc/firejail/disable-programs.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nodvd | ||
15 | nonewprivs | 16 | nonewprivs |
16 | noroot | 17 | noroot |
17 | notv | 18 | notv |
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | nodvd | ||
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 01bc439cd..6f20f6d7f 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc | |||
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
31 | nodvd | ||
31 | nogroups | 32 | nogroups |
32 | nonewprivs | 33 | nonewprivs |
33 | noroot | 34 | noroot |
@@ -45,4 +46,3 @@ private-dev | |||
45 | 46 | ||
46 | noexec ${HOME} | 47 | noexec ${HOME} |
47 | noexec /tmp | 48 | noexec /tmp |
48 | nodvd | ||
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index c34a6031f..7b7086bde 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodvd | ||
23 | noroot | 24 | noroot |
24 | notv | 25 | notv |
25 | protocol unix,inet,inet6,netlink | 26 | protocol unix,inet,inet6,netlink |
@@ -27,4 +28,3 @@ seccomp | |||
27 | tracelog | 28 | tracelog |
28 | 29 | ||
29 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 30 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
30 | nodvd | ||
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index e041cb04f..31721617f 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -23,10 +23,10 @@ include /etc/firejail/whitelist-common.inc | |||
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | nodvd | ||
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
28 | notv | 29 | notv |
29 | protocol unix,inet,inet6,netlink | 30 | protocol unix,inet,inet6,netlink |
30 | seccomp | 31 | seccomp |
31 | tracelog | 32 | tracelog |
32 | nodvd | ||
diff --git a/etc/rambox.profile b/etc/rambox.profile index 686691849..2696df86b 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodvd | ||
24 | nogroups | 25 | nogroups |
25 | nonewprivs | 26 | nonewprivs |
26 | noroot | 27 | noroot |
@@ -28,4 +29,3 @@ notv | |||
28 | protocol unix,inet,inet6,netlink | 29 | protocol unix,inet,inet6,netlink |
29 | seccomp | 30 | seccomp |
30 | # tracelog | 31 | # tracelog |
31 | nodvd | ||
diff --git a/etc/ranger.profile b/etc/ranger.profile index 93f517a61..717eca099 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -27,4 +28,3 @@ protocol unix | |||
27 | seccomp | 28 | seccomp |
28 | 29 | ||
29 | private-dev | 30 | private-dev |
30 | nodvd | ||
diff --git a/etc/remmina.profile b/etc/remmina.profile index 70ce4c465..3bb6aa0b1 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 4f271db58..3de5de34a 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 258349f1f..a44d99e5b 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nonewprivs | 17 | nonewprivs |
17 | noroot | 18 | noroot |
18 | nosound | 19 | nosound |
@@ -24,4 +25,3 @@ shell none | |||
24 | private-bin rtorrent | 25 | private-bin rtorrent |
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
27 | nodvd | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index 7f98065ef..acd6b2239 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -27,6 +27,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
27 | include /etc/firejail/disable-programs.inc | 27 | include /etc/firejail/disable-programs.inc |
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | nodvd | ||
30 | nonewprivs | 31 | nonewprivs |
31 | noroot | 32 | noroot |
32 | nosound | 33 | nosound |
@@ -38,4 +39,3 @@ tracelog | |||
38 | 39 | ||
39 | private-dev | 40 | private-dev |
40 | # private-tmp | 41 | # private-tmp |
41 | nodvd | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 578f623f0..ce4c4d416 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-dev | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index c9bc2d593..36dde66b0 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -37,6 +37,7 @@ include /etc/firejail/whitelist-common.inc | |||
37 | 37 | ||
38 | caps.drop all | 38 | caps.drop all |
39 | netfilter | 39 | netfilter |
40 | nodvd | ||
40 | nonewprivs | 41 | nonewprivs |
41 | noroot | 42 | noroot |
42 | notv | 43 | notv |
@@ -45,4 +46,3 @@ seccomp | |||
45 | tracelog | 46 | tracelog |
46 | 47 | ||
47 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 48 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
48 | nodvd | ||
diff --git a/etc/server.profile b/etc/server.profile index 1bc2920d9..04ef555de 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/disable-programs.inc | |||
21 | 21 | ||
22 | caps | 22 | caps |
23 | no3d | 23 | no3d |
24 | nodvd | ||
24 | nosound | 25 | nosound |
25 | notv | 26 | notv |
26 | novideo | 27 | novideo |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | # memory-deny-write-execute | 38 | # memory-deny-write-execute |
38 | # noexec ${HOME} | 39 | # noexec ${HOME} |
39 | # noexec /tmp | 40 | # noexec /tmp |
40 | nodvd | ||
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 2e998b1b9..abc68a499 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index faf31d7a3..05ed9f813 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | # private-dev | 29 | # private-dev |
29 | # private-etc fonts | 30 | # private-etc fonts |
30 | # private-tmp | 31 | # private-tmp |
31 | nodvd | ||
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 8e1f6031e..fda5204e2 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 1fdfc0dd5..0338bc452 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -26,4 +27,3 @@ shell none | |||
26 | # private-dev | 27 | # private-dev |
27 | # private-etc | 28 | # private-etc |
28 | # private-tmp | 29 | # private-tmp |
29 | nodvd | ||
diff --git a/etc/skype.profile b/etc/skype.profile index 1c78313aa..f3e504a3f 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index 3cd0480c7..b69a208a8 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/slack.profile b/etc/slack.profile index f973f2cae..9025e4f75 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | name slack | 25 | name slack |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
@@ -37,4 +38,3 @@ private-bin slack | |||
37 | private-dev | 38 | private-dev |
38 | private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime | 39 | private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime |
39 | private-tmp | 40 | private-tmp |
40 | nodvd | ||
diff --git a/etc/snap.profile b/etc/snap.profile index 175589397..238dffeab 100644 --- a/etc/snap.profile +++ b/etc/snap.profile | |||
@@ -14,5 +14,5 @@ include /etc/firejail/disable-programs.inc | |||
14 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
15 | whitelist ~/snap | 15 | whitelist ~/snap |
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
17 | notv | ||
18 | nodvd | 17 | nodvd |
18 | notv | ||
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index a9b59b89a..5d7129b5a 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | net none | 15 | net none |
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | nodvd | ||
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index a61aca77a..65e8073c9 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | memory-deny-write-execute | 33 | memory-deny-write-execute |
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index fcfdd057a..ba5115521 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -19,9 +19,9 @@ include /etc/firejail/disable-programs.inc | |||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | no3d | 21 | no3d |
22 | nodvd | ||
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
24 | notv | 25 | notv |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
27 | nodvd | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index 905e3900e..da852c6ba 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -18,6 +18,7 @@ caps.drop all | |||
18 | ipc-namespace | 18 | ipc-namespace |
19 | netfilter | 19 | netfilter |
20 | no3d | 20 | no3d |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -34,4 +35,3 @@ private-dev | |||
34 | memory-deny-write-execute | 35 | memory-deny-write-execute |
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index b37ed72b7..ca521e08c 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
@@ -26,4 +27,3 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed | |||
26 | private-dev | 27 | private-dev |
27 | private-etc fonts | 28 | private-etc fonts |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/steam.profile b/etc/steam.profile index 8d8eabe6d..96899038a 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -24,6 +24,7 @@ include /etc/firejail/disable-programs.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nodvd | ||
27 | nogroups | 28 | nogroups |
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
@@ -37,4 +38,3 @@ shell none | |||
37 | 38 | ||
38 | private-dev | 39 | private-dev |
39 | private-tmp | 40 | private-tmp |
40 | nodvd | ||
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 06bbf3445..89e2d1a30 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodvd | ||
24 | nogroups | 25 | nogroups |
25 | nonewprivs | 26 | nonewprivs |
26 | noroot | 27 | noroot |
@@ -35,4 +36,3 @@ disable-mnt | |||
35 | private-bin stellarium | 36 | private-bin stellarium |
36 | private-dev | 37 | private-dev |
37 | private-tmp | 38 | private-tmp |
38 | nodvd | ||
diff --git a/etc/strings.profile b/etc/strings.profile index d102cd445..83561cae5 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix | |||
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nodvd | ||
14 | nosound | 15 | nosound |
15 | notv | 16 | notv |
16 | novideo | 17 | novideo |
@@ -24,4 +25,3 @@ private-lib | |||
24 | memory-deny-write-execute | 25 | memory-deny-write-execute |
25 | 26 | ||
26 | include /etc/firejail/default.profile | 27 | include /etc/firejail/default.profile |
27 | nodvd | ||
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 910c39aeb..cd6496a7b 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/whitelist-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-dev | 30 | private-dev |
30 | # private-etc none | 31 | # private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 7db148e8d..08ece1e9b 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/tar.profile b/etc/tar.profile index ae520be02..34a4f34d6 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -12,6 +12,7 @@ hostname tar | |||
12 | ignore noroot | 12 | ignore noroot |
13 | net none | 13 | net none |
14 | no3d | 14 | no3d |
15 | nodvd | ||
15 | nosound | 16 | nosound |
16 | notv | 17 | notv |
17 | shell none | 18 | shell none |
@@ -23,4 +24,3 @@ private-dev | |||
23 | private-etc passwd,group,localtime | 24 | private-etc passwd,group,localtime |
24 | 25 | ||
25 | include /etc/firejail/default.profile | 26 | include /etc/firejail/default.profile |
26 | nodvd | ||
diff --git a/etc/telegram.profile b/etc/telegram.profile index 38cbe3bd0..e3ccaf1a0 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | nodvd | ||
16 | nonewprivs | 17 | nonewprivs |
17 | noroot | 18 | noroot |
18 | notv | 19 | notv |
@@ -24,4 +25,3 @@ private-tmp | |||
24 | 25 | ||
25 | noexec ${HOME} | 26 | noexec ${HOME} |
26 | noexec /tmp | 27 | noexec /tmp |
27 | nodvd | ||
diff --git a/etc/tracker.profile b/etc/tracker.profile index 9da8931f8..ded2ae2e5 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -31,4 +32,3 @@ tracelog | |||
31 | # private-dev | 32 | # private-dev |
32 | # private-etc fonts | 33 | # private-etc fonts |
33 | # private-tmp | 34 | # private-tmp |
34 | nodvd | ||
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index ffdfe16fe..5752c96f3 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | nosound | 21 | nosound |
@@ -30,4 +31,3 @@ private-etc none | |||
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
32 | memory-deny-write-execute | 33 | memory-deny-write-execute |
33 | nodvd | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 0de1ea99d..c4bf7a08d 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodvd | ||
25 | nonewprivs | 26 | nonewprivs |
26 | noroot | 27 | noroot |
27 | nosound | 28 | nosound |
@@ -36,4 +37,3 @@ private-dev | |||
36 | private-tmp | 37 | private-tmp |
37 | 38 | ||
38 | memory-deny-write-execute | 39 | memory-deny-write-execute |
39 | nodvd | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 6d71cd945..02e9a5052 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodvd | ||
25 | nonewprivs | 26 | nonewprivs |
26 | noroot | 27 | noroot |
27 | nosound | 28 | nosound |
@@ -34,4 +35,3 @@ tracelog | |||
34 | private-bin transmission-qt | 35 | private-bin transmission-qt |
35 | private-dev | 36 | private-dev |
36 | private-tmp | 37 | private-tmp |
37 | nodvd | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 6fcffe4f8..130defc8e 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
18 | nodvd | ||
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | nosound | 21 | nosound |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-dev | 29 | private-dev |
29 | private-etc none | 30 | private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/truecraft.profile b/etc/truecraft.profile index ccdac70dc..4e48f6c6b 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile | |||
@@ -20,6 +20,7 @@ whitelist ${HOME}/.config/truecraft | |||
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | nodvd | ||
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index e0f66d877..ddbcce3f6 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
20 | notv | 21 | notv |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | # noexec ${HOME} - tuxguitar may fail to launch | 30 | # noexec ${HOME} - tuxguitar may fail to launch |
30 | noexec /tmp | 31 | noexec /tmp |
31 | nodvd | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index f85d6a7b9..877ad635b 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodvd | ||
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
23 | nosound | 24 | nosound |
@@ -29,4 +30,3 @@ shell none | |||
29 | private-bin uget-gtk | 30 | private-bin uget-gtk |
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/unbound.profile b/etc/unbound.profile index 3ca75b3ef..c1cb86893 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -14,10 +14,10 @@ include /etc/firejail/disable-passwdmgr.inc | |||
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | no3d | 16 | no3d |
17 | nodvd | ||
17 | nosound | 18 | nosound |
18 | notv | 19 | notv |
19 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 20 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
20 | 21 | ||
21 | private | 22 | private |
22 | private-dev | 23 | private-dev |
23 | nodvd | ||
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index c282bb020..5f70843d6 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -16,6 +16,7 @@ whitelist ~/.unknown-horizons | |||
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/unrar.profile b/etc/unrar.profile index b9f2999ae..6a3ac5527 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -12,6 +12,7 @@ hostname unrar | |||
12 | ignore noroot | 12 | ignore noroot |
13 | net none | 13 | net none |
14 | no3d | 14 | no3d |
15 | nodvd | ||
15 | nosound | 16 | nosound |
16 | notv | 17 | notv |
17 | shell none | 18 | shell none |
@@ -23,4 +24,3 @@ private-etc passwd,group,localtime | |||
23 | private-tmp | 24 | private-tmp |
24 | 25 | ||
25 | include /etc/firejail/default.profile | 26 | include /etc/firejail/default.profile |
26 | nodvd | ||
diff --git a/etc/unzip.profile b/etc/unzip.profile index c391dd7a5..bb30d74cd 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -12,6 +12,7 @@ hostname unzip | |||
12 | ignore noroot | 12 | ignore noroot |
13 | net none | 13 | net none |
14 | no3d | 14 | no3d |
15 | nodvd | ||
15 | nosound | 16 | nosound |
16 | notv | 17 | notv |
17 | shell none | 18 | shell none |
@@ -22,4 +23,3 @@ private-dev | |||
22 | private-etc passwd,group,localtime | 23 | private-etc passwd,group,localtime |
23 | 24 | ||
24 | include /etc/firejail/default.profile | 25 | include /etc/firejail/default.profile |
25 | nodvd | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 3b254ba4e..192d13f80 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/globals.local | |||
10 | hostname uudeview | 10 | hostname uudeview |
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | nodvd | ||
13 | nosound | 14 | nosound |
14 | notv | 15 | notv |
15 | shell none | 16 | shell none |
@@ -20,4 +21,3 @@ private-dev | |||
20 | private-etc ld.so.preload | 21 | private-etc ld.so.preload |
21 | 22 | ||
22 | include /etc/firejail/default.profile | 23 | include /etc/firejail/default.profile |
23 | nodvd | ||
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index 53fc303a0..e7c931f30 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
@@ -25,10 +25,10 @@ include /etc/firejail/whitelist-common.inc | |||
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | nodvd | ||
28 | nonewprivs | 29 | nonewprivs |
29 | noroot | 30 | noroot |
30 | notv | 31 | notv |
31 | protocol unix,inet,inet6 | 32 | protocol unix,inet,inet6 |
32 | seccomp | 33 | seccomp |
33 | tracelog | 34 | tracelog |
34 | nodvd | ||
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 3dd9a5389..a02845885 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | nodvd | ||
22 | nogroups | 23 | nogroups |
23 | nonewprivs | 24 | nonewprivs |
24 | noroot | 25 | noroot |
@@ -33,4 +34,3 @@ private-bin viewnior | |||
33 | private-dev | 34 | private-dev |
34 | private-etc fonts | 35 | private-etc fonts |
35 | private-tmp | 36 | private-tmp |
36 | nodvd | ||
diff --git a/etc/viking.profile b/etc/viking.profile index 8b5bff2b8..30e89b511 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | no3d | 18 | no3d |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/vim.profile b/etc/vim.profile index 0264930ef..7b5566f5b 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
@@ -15,10 +15,10 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
21 | notv | 22 | notv |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
24 | nodvd | ||
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index da0b91e09..6e153d559 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile | |||
@@ -24,5 +24,5 @@ include /etc/firejail/whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | notv | ||
28 | nodvd | 27 | nodvd |
28 | notv | ||
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index cd4d62e44..503916b26 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/whitelist-common.inc | |||
21 | 21 | ||
22 | caps.keep sys_chroot,sys_admin | 22 | caps.keep sys_chroot,sys_admin |
23 | netfilter | 23 | netfilter |
24 | nodvd | ||
24 | nogroups | 25 | nogroups |
25 | notv | 26 | notv |
26 | shell none | 27 | shell none |
@@ -30,4 +31,3 @@ private-dev | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/vym.profile b/etc/vym.profile index 702680958..4f60b2ada 100644 --- a/etc/vym.profile +++ b/etc/vym.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/w3m.profile b/etc/w3m.profile index 04760d176..b25e19135 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -31,4 +32,3 @@ tracelog | |||
31 | private-dev | 32 | private-dev |
32 | private-etc none | 33 | private-etc none |
33 | private-tmp | 34 | private-tmp |
34 | nodvd | ||
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 0a8a73f1f..976f7db5f 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/whitelist-common.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | nodvd | ||
23 | nogroups | 24 | nogroups |
24 | nonewprivs | 25 | nonewprivs |
25 | noroot | 26 | noroot |
@@ -33,4 +34,3 @@ disable-mnt | |||
33 | private-bin warzone2100 | 34 | private-bin warzone2100 |
34 | private-dev | 35 | private-dev |
35 | private-tmp | 36 | private-tmp |
36 | nodvd | ||
diff --git a/etc/waterfox.profile b/etc/waterfox.profile index c842e6700..76b7c86ba 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile | |||
@@ -52,6 +52,7 @@ include /etc/firejail/whitelist-common.inc | |||
52 | 52 | ||
53 | caps.drop all | 53 | caps.drop all |
54 | netfilter | 54 | netfilter |
55 | nodvd | ||
55 | nogroups | 56 | nogroups |
56 | nonewprivs | 57 | nonewprivs |
57 | noroot | 58 | noroot |
@@ -69,4 +70,3 @@ private-tmp | |||
69 | 70 | ||
70 | noexec ${HOME} | 71 | noexec ${HOME} |
71 | noexec /tmp | 72 | noexec /tmp |
72 | nodvd | ||
diff --git a/etc/weechat.profile b/etc/weechat.profile index 79619bb82..b0971ae19 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | nodvd | ||
15 | nonewprivs | 16 | nonewprivs |
16 | noroot | 17 | noroot |
17 | notv | 18 | notv |
@@ -21,4 +22,3 @@ seccomp | |||
21 | # no private-bin support for various reasons: | 22 | # no private-bin support for various reasons: |
22 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, | 23 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, |
23 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins | 24 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins |
24 | nodvd | ||
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 30f857f47..d6318c81b 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -23,6 +23,7 @@ whitelist ${HOME}/.local/share/wesnoth | |||
23 | include /etc/firejail/whitelist-common.inc | 23 | include /etc/firejail/whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | nodvd | ||
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
28 | notv | 29 | notv |
@@ -31,4 +32,3 @@ seccomp | |||
31 | 32 | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | nodvd | ||
diff --git a/etc/wget.profile b/etc/wget.profile index 23eba46fe..5072cb9c5 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -34,4 +35,3 @@ private-dev | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/wine.profile b/etc/wine.profile index 69ad72137..b1bc7df78 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -17,9 +17,9 @@ include /etc/firejail/disable-programs.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
23 | notv | 24 | notv |
24 | seccomp | 25 | seccomp |
25 | nodvd | ||
diff --git a/etc/wire.profile b/etc/wire.profile index 00da13cce..af14f686f 100644 --- a/etc/wire.profile +++ b/etc/wire.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/disable-programs.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -29,4 +30,3 @@ shell none | |||
29 | disable-mnt | 30 | disable-mnt |
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | nodvd | ||
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 1bee919b3..57f4f2f5b 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | # nogroups - breaks unprivileged wireshark usage | 18 | # nogroups - breaks unprivileged wireshark usage |
19 | # nonewprivs - breaks unprivileged wireshark usage | 19 | # nonewprivs - breaks unprivileged wireshark usage |
20 | # noroot | 20 | # noroot |
21 | nodvd | ||
21 | nosound | 22 | nosound |
22 | notv | 23 | notv |
23 | # protocol unix,inet,inet6,netlink | 24 | # protocol unix,inet,inet6,netlink |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/xchat.profile b/etc/xchat.profile index 73df480bf..ab62160b5 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | nodvd | ||
15 | nonewprivs | 16 | nonewprivs |
16 | noroot | 17 | noroot |
17 | notv | 18 | notv |
@@ -19,4 +20,3 @@ protocol unix,inet,inet6 | |||
19 | seccomp | 20 | seccomp |
20 | 21 | ||
21 | # private-bin requires perl, python, etc. | 22 | # private-bin requires perl, python, etc. |
22 | nodvd | ||
diff --git a/etc/xed.profile b/etc/xed.profile index b47cca36f..758fb5526 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-bin xed | 27 | private-bin xed |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | nodvd | ||
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 4729ebaf7..e80685f0e 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | nodvd | ||
17 | nogroups | 18 | nogroups |
18 | nonewprivs | 19 | nonewprivs |
19 | noroot | 20 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | # private-dev | 29 | # private-dev |
29 | # private-etc fonts | 30 | # private-etc fonts |
30 | # private-tmp | 31 | # private-tmp |
31 | nodvd | ||
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index 3e2d4b1d4..ab52d17e9 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | netfilter | 16 | netfilter |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | nodvd | ||
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 12b7e6de7..868b4796b 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | nodvd | ||
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index ae3e303a3..38e568860 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodvd | ||
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
@@ -36,4 +37,3 @@ private-bin xiphos | |||
36 | private-dev | 37 | private-dev |
37 | private-etc fonts,resolv.conf,sword | 38 | private-etc fonts,resolv.conf,sword |
38 | private-tmp | 39 | private-tmp |
39 | nodvd | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 6a67bde75..c7db00daf 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodvd | ||
21 | nogroups | 22 | nogroups |
22 | nonewprivs | 23 | nonewprivs |
23 | noroot | 24 | noroot |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | nodvd | ||
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 1f51c220d..f34358521 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | nodvd | ||
diff --git a/etc/xpra.profile b/etc/xpra.profile index 28586f134..2bd91e8b5 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -26,6 +26,7 @@ whitelist /var/lib/xkb | |||
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
28 | # xpra needs to be allowed access to the abstract Unix socket namespace. | 28 | # xpra needs to be allowed access to the abstract Unix socket namespace. |
29 | nodvd | ||
29 | nogroups | 30 | nogroups |
30 | nonewprivs | 31 | nonewprivs |
31 | # In noroot mode, xpra cannot create a socket in the real /tmp/.X11-unix. | 32 | # In noroot mode, xpra cannot create a socket in the real /tmp/.X11-unix. |
@@ -44,4 +45,3 @@ shell none | |||
44 | private-dev | 45 | private-dev |
45 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 | 46 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 |
46 | private-tmp | 47 | private-tmp |
47 | nodvd | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index 35358814a..107cefe5e 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-bin xreader, xreader-previewer, xreader-thumbnailer | 29 | private-bin xreader, xreader-previewer, xreader-thumbnailer |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | nodvd | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index dd3103909..70ad3b895 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | nodvd | ||
19 | nogroups | 20 | nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 18384680f..7f21f5d2f 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -11,6 +11,7 @@ blacklist /tmp/.X11-unix | |||
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nodvd | ||
14 | nosound | 15 | nosound |
15 | notv | 16 | notv |
16 | shell none | 17 | shell none |
@@ -19,4 +20,3 @@ tracelog | |||
19 | private-dev | 20 | private-dev |
20 | 21 | ||
21 | include /etc/firejail/default.profile | 22 | include /etc/firejail/default.profile |
22 | nodvd | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index e9f6d5641..e20fb3e99 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -17,6 +17,7 @@ caps.drop all | |||
17 | ipc-namespace | 17 | ipc-namespace |
18 | netfilter | 18 | netfilter |
19 | no3d | 19 | no3d |
20 | nodvd | ||
20 | nogroups | 21 | nogroups |
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
@@ -32,4 +33,3 @@ private-dev | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | nodvd | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 9f1c4a3da..0036a3521 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | net none | 17 | net none |
18 | nodvd | ||
18 | nogroups | 19 | nogroups |
19 | nonewprivs | 20 | nonewprivs |
20 | noroot | 21 | noroot |
@@ -30,4 +31,3 @@ private-etc fonts | |||
30 | private-tmp | 31 | private-tmp |
31 | read-only ~/ | 32 | read-only ~/ |
32 | read-write ~/.local/share/zathura/ | 33 | read-write ~/.local/share/zathura/ |
33 | nodvd | ||
diff --git a/etc/zoom.profile b/etc/zoom.profile index e0902390f..381df9ab5 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile | |||
@@ -18,6 +18,7 @@ include /etc/firejail/whitelist-common.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodvd | ||
21 | nonewprivs | 22 | nonewprivs |
22 | noroot | 23 | noroot |
23 | notv | 24 | notv |
@@ -25,4 +26,3 @@ protocol unix,inet,inet6 | |||
25 | seccomp | 26 | seccomp |
26 | 27 | ||
27 | private-tmp | 28 | private-tmp |
28 | nodvd | ||