diff options
290 files changed, 850 insertions, 302 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index d01de00d3..dc3eb5262 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -30,7 +30,6 @@ include whitelist-var-common.inc | |||
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
32 | netfilter | 32 | netfilter |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -49,3 +48,5 @@ private-cache | |||
49 | private-dev | 48 | private-dev |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/7z.profile b/etc/7z.profile index b60bb9ee9..02a2e7ea0 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -23,7 +23,6 @@ ipc-namespace | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | #nogroups | 27 | #nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -42,4 +41,7 @@ x11 none | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index 1435f3422..45ec71e63 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | ipc-namespace | 28 | ipc-namespace |
29 | netfilter | 29 | netfilter |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -45,3 +44,5 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
diff --git a/etc/Maelstrom.profile b/etc/Maelstrom.profile index cee49111e..5cf570f80 100644 --- a/etc/Maelstrom.profile +++ b/etc/Maelstrom.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | #nonewprivs | 28 | #nonewprivs |
@@ -41,3 +40,6 @@ private-bin Maelstrom | |||
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index b9ddd80c4..d1548a864 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -34,7 +34,6 @@ include whitelist-var-common.inc | |||
34 | caps.drop all | 34 | caps.drop all |
35 | netfilter | 35 | netfilter |
36 | # no3d | 36 | # no3d |
37 | # nodbus | ||
38 | nodvd | 37 | nodvd |
39 | nogroups | 38 | nogroups |
40 | nonewprivs | 39 | nonewprivs |
@@ -53,4 +52,7 @@ private-cache | |||
53 | private-dev | 52 | private-dev |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
55 | # dbus-user none | ||
56 | # dbus-system none | ||
57 | |||
56 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 58 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/abiword.profile b/etc/abiword.profile index 748cda195..948d3774a 100644 --- a/etc/abiword.profile +++ b/etc/abiword.profile | |||
@@ -25,7 +25,6 @@ caps.drop all | |||
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | #nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -44,3 +43,6 @@ private-cache | |||
44 | private-dev | 43 | private-dev |
45 | private-etc fonts,gtk-3.0,passwd | 44 | private-etc fonts,gtk-3.0,passwd |
46 | private-tmp | 45 | private-tmp |
46 | |||
47 | # dbus-user none | ||
48 | # dbus-system none | ||
diff --git a/etc/anki.profile b/etc/anki.profile index a0a79ef48..fa688f1a5 100644 --- a/etc/anki.profile +++ b/etc/anki.profile | |||
@@ -32,7 +32,6 @@ caps.drop all | |||
32 | machine-id | 32 | machine-id |
33 | netfilter | 33 | netfilter |
34 | no3d | 34 | no3d |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -53,3 +52,6 @@ private-cache | |||
53 | private-dev | 52 | private-dev |
54 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf | 53 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf |
55 | private-tmp | 54 | private-tmp |
55 | |||
56 | dbus-user none | ||
57 | dbus-system none | ||
diff --git a/etc/apktool.profile b/etc/apktool.profile index aeeb845ea..39c5da9ab 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -18,7 +18,6 @@ include whitelist-var-common.inc | |||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | no3d | 20 | no3d |
21 | nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
@@ -34,3 +33,6 @@ shell none | |||
34 | private-bin apktool,basename,bash,dirname,expr,java,sh | 33 | private-bin apktool,basename,bash,dirname,expr,java,sh |
35 | private-cache | 34 | private-cache |
36 | private-dev | 35 | private-dev |
36 | |||
37 | dbus-user none | ||
38 | dbus-system none | ||
diff --git a/etc/ar.profile b/etc/ar.profile index e28370450..6ed60ffe5 100644 --- a/etc/ar.profile +++ b/etc/ar.profile | |||
@@ -23,7 +23,6 @@ ipc-namespace | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -42,4 +41,7 @@ private-bin ar | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 0a87ec297..324730bde 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | netfilter | 27 | netfilter |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -46,4 +45,7 @@ private-cache | |||
46 | private-dev | 45 | private-dev |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | dbus-user none | ||
49 | dbus-system none | ||
50 | |||
49 | memory-deny-write-execute | 51 | memory-deny-write-execute |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 5ebeafa76..a27cb4f6e 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -23,7 +23,6 @@ include disable-xdg.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -40,3 +39,5 @@ private-dev | |||
40 | #private-etc alternatives,ardour4,ardour5,asound.conf,fonts,machine-id,pulse,X11 | 39 | #private-etc alternatives,ardour4,ardour5,asound.conf,fonts,machine-id,pulse,X11 |
41 | private-tmp | 40 | private-tmp |
42 | 41 | ||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index a52a26d6f..d2dcaace1 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -27,7 +27,6 @@ caps.drop all | |||
27 | ipc-namespace | 27 | ipc-namespace |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -50,4 +49,7 @@ private-etc alternatives,ca-certificates,crypto-policies,groups,login.defs,machi | |||
50 | private-lib libreadline.so.* | 49 | private-lib libreadline.so.* |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | memory-deny-write-execute | 55 | memory-deny-write-execute |
diff --git a/etc/ark.profile b/etc/ark.profile index 2fe546b55..01004d772 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -23,7 +23,6 @@ apparmor | |||
23 | caps.drop all | 23 | caps.drop all |
24 | # net none | 24 | # net none |
25 | netfilter | 25 | netfilter |
26 | # nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -42,3 +41,5 @@ private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip, | |||
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
44 | # dbus-user none | ||
45 | # dbus-system none | ||
diff --git a/etc/artha.profile b/etc/artha.profile index aaaede7ee..19a4771aa 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -38,7 +38,6 @@ caps.drop all | |||
38 | ipc-namespace | 38 | ipc-namespace |
39 | # net none - breaks on Ubuntu | 39 | # net none - breaks on Ubuntu |
40 | no3d | 40 | no3d |
41 | # nodbus | ||
42 | nodvd | 41 | nodvd |
43 | nogroups | 42 | nogroups |
44 | nonewprivs | 43 | nonewprivs |
@@ -60,4 +59,7 @@ private-etc alternatives,fonts,machine-id | |||
60 | private-lib libnotify.so.* | 59 | private-lib libnotify.so.* |
61 | private-tmp | 60 | private-tmp |
62 | 61 | ||
62 | # dbus-user none | ||
63 | # dbus-system none | ||
64 | |||
63 | memory-deny-write-execute | 65 | memory-deny-write-execute |
diff --git a/etc/assogiate.profile b/etc/assogiate.profile index 542b3da8d..da72a4a73 100644 --- a/etc/assogiate.profile +++ b/etc/assogiate.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -47,4 +46,7 @@ private-dev | |||
47 | private-lib gnome-vfs-2.0,libacl.so.*,libattr.so.*,libfam.so.* | 46 | private-lib gnome-vfs-2.0,libacl.so.*,libattr.so.*,libfam.so.* |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
50 | memory-deny-write-execute | 52 | memory-deny-write-execute |
diff --git a/etc/asunder.profile b/etc/asunder.profile index fceac7cf9..33dd4103f 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
@@ -27,7 +27,6 @@ apparmor | |||
27 | caps.drop all | 27 | caps.drop all |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | # nogroups | 30 | # nogroups |
32 | nonewprivs | 31 | nonewprivs |
33 | noroot | 32 | noroot |
@@ -42,5 +41,8 @@ private-cache | |||
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | # mdwe is disabled due to breaking hardware accelerated decoding | 47 | # mdwe is disabled due to breaking hardware accelerated decoding |
46 | # memory-deny-write-execute | 48 | # memory-deny-write-execute |
diff --git a/etc/atom.profile b/etc/atom.profile index b9cb49d08..fceef9579 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -20,7 +20,6 @@ include disable-programs.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | # net none | 21 | # net none |
22 | netfilter | 22 | netfilter |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -36,3 +35,6 @@ shell none | |||
36 | private-cache | 35 | private-cache |
37 | private-dev | 36 | private-dev |
38 | private-tmp | 37 | private-tmp |
38 | |||
39 | dbus-user none | ||
40 | dbus-system none | ||
diff --git a/etc/atool.profile b/etc/atool.profile index ff3c81a80..e501e956c 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -27,7 +27,6 @@ machine-id | |||
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodvd | 29 | nodvd |
30 | nodbus | ||
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
33 | noroot | 32 | noroot |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-etc alternatives,group,login.defs,passwd | 47 | private-etc alternatives,group,login.defs,passwd |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 1bba61a7f..2e1f6f32a 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | #nodbus - dbus needed for MPRIS | ||
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
29 | noroot | 28 | noroot |
@@ -39,3 +38,7 @@ tracelog | |||
39 | private-cache | 38 | private-cache |
40 | private-dev | 39 | private-dev |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | # dbus needed for MPRIS | ||
43 | # dbus-user none | ||
44 | # dbus-system none | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index 022b54d0f..5a454d31d 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -24,7 +24,6 @@ apparmor | |||
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | no3d | 26 | no3d |
27 | # nodbus - problems on Fedora 27 | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -40,3 +39,7 @@ tracelog | |||
40 | private-bin audacity | 39 | private-bin audacity |
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
42 | |||
43 | # problems on Fedora 27 | ||
44 | # dbus-user none | ||
45 | # dbus-system none | ||
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 4887299ec..131b20c70 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
@@ -24,7 +24,6 @@ include disable-programs.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | no3d | 26 | no3d |
27 | # nodbus - makes settings immutable | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -43,4 +42,8 @@ private-dev | |||
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
45 | # makes settings immutable | ||
46 | # dbus-user none | ||
47 | # dbus-system none | ||
48 | |||
46 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 49 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/baobab.profile b/etc/baobab.profile index a2cfa6d67..50f7531c0 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -19,7 +19,6 @@ include whitelist-runuser-common.inc | |||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | #nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -37,4 +36,7 @@ private-bin baobab | |||
37 | private-dev | 36 | private-dev |
38 | private-tmp | 37 | private-tmp |
39 | 38 | ||
39 | # dbus-user none | ||
40 | # dbus-system none | ||
41 | |||
40 | read-only ${HOME} | 42 | read-only ${HOME} |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index b76bc8367..99e2802eb 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -35,7 +35,6 @@ apparmor | |||
35 | caps.drop all | 35 | caps.drop all |
36 | machine-id | 36 | machine-id |
37 | netfilter | 37 | netfilter |
38 | nodbus | ||
39 | nodvd | 38 | nodvd |
40 | nogroups | 39 | nogroups |
41 | nonewprivs | 40 | nonewprivs |
@@ -54,3 +53,6 @@ private-cache | |||
54 | private-dev | 53 | private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf | 54 | private-etc alternatives,ca-certificates,crypto-policies,fonts,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf |
56 | private-tmp | 55 | private-tmp |
56 | |||
57 | dbus-user none | ||
58 | dbus-system none | ||
diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile index 6080808ed..3095e7505 100644 --- a/etc/bitwarden.profile +++ b/etc/bitwarden.profile | |||
@@ -29,7 +29,6 @@ caps.drop all | |||
29 | machine-id | 29 | machine-id |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | #nodbus - breaks appindicator (tray) functionality | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -51,4 +50,8 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.co | |||
51 | private-opt Bitwarden | 50 | private-opt Bitwarden |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
53 | # breaks appindicator (tray) functionality | ||
54 | # dbus-user none | ||
55 | # dbus-system none | ||
56 | |||
54 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 57 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 47c0cfa48..8f230a413 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -20,7 +20,6 @@ include disable-passwdmgr.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -36,5 +35,8 @@ shell none | |||
36 | private-dev | 35 | private-dev |
37 | # private-tmp | 36 | # private-tmp |
38 | 37 | ||
38 | dbus-user none | ||
39 | dbus-system none | ||
40 | |||
39 | # memory-deny-write-execute breaks some systems, see issue #1850 | 41 | # memory-deny-write-execute breaks some systems, see issue #1850 |
40 | # memory-deny-write-execute | 42 | # memory-deny-write-execute |
diff --git a/etc/bless.profile b/etc/bless.profile index 35235962e..216e86109 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -20,7 +20,6 @@ include whitelist-var-common.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -39,3 +38,5 @@ private-dev | |||
39 | private-etc alternatives,fonts,mono | 38 | private-etc alternatives,fonts,mono |
40 | private-tmp | 39 | private-tmp |
41 | 40 | ||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/blobwars.profile b/etc/blobwars.profile index c0fa5ab91..2a56bdf94 100644 --- a/etc/blobwars.profile +++ b/etc/blobwars.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,3 +44,6 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-etc machine-id | 45 | private-etc machine-id |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index a85840d2f..88ac9c0ed 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -19,7 +19,6 @@ apparmor | |||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -37,3 +36,5 @@ private-bin bluefish | |||
37 | private-dev | 36 | private-dev |
38 | private-tmp | 37 | private-tmp |
39 | 38 | ||
39 | dbus-user none | ||
40 | dbus-system none | ||
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 5ce9b6406..08e51f3c1 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
@@ -22,7 +22,6 @@ ipc-namespace | |||
22 | machine-id | 22 | machine-id |
23 | net none | 23 | net none |
24 | no3d | 24 | no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -43,4 +42,7 @@ private-cache | |||
43 | private-dev | 42 | private-dev |
44 | private-etc alternatives,group,localtime,passwd | 43 | private-etc alternatives,group,localtime,passwd |
45 | 44 | ||
45 | dbus-user none | ||
46 | dbus-system none | ||
47 | |||
46 | memory-deny-write-execute | 48 | memory-deny-write-execute |
diff --git a/etc/bzflag.profile b/etc/bzflag.profile index 86ab73e0b..1f56d5169 100644 --- a/etc/bzflag.profile +++ b/etc/bzflag.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin bzadmin,bzflag,bzflag-wrapper,bzfs | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/calligra.profile b/etc/calligra.profile index 7054739c8..489036e39 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
@@ -16,7 +16,6 @@ caps.drop all | |||
16 | ipc-namespace | 16 | ipc-namespace |
17 | # net none | 17 | # net none |
18 | netfilter | 18 | netfilter |
19 | # nodbus | ||
20 | nodvd | 19 | nodvd |
21 | nogroups | 20 | nogroups |
22 | nonewprivs | 21 | nonewprivs |
@@ -31,5 +30,8 @@ shell none | |||
31 | private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch,kbuildsycoca4,kdeinit4 | 30 | private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch,kbuildsycoca4,kdeinit4 |
32 | private-dev | 31 | private-dev |
33 | 32 | ||
33 | # dbus-user none | ||
34 | # dbus-system none | ||
35 | |||
34 | # noexec ${HOME} | 36 | # noexec ${HOME} |
35 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/cameramonitor.profile b/etc/cameramonitor.profile index 1d7aa0f9c..f48cc43a1 100644 --- a/etc/cameramonitor.profile +++ b/etc/cameramonitor.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | net none | 31 | net none |
32 | no3d | 32 | no3d |
33 | #nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -50,4 +49,7 @@ private-cache | |||
50 | private-etc alternatives,fonts | 49 | private-etc alternatives,fonts |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | # dbus-user none | ||
53 | # dbus-system none | ||
54 | |||
53 | # memory-deny-write-execute - breaks on Arch | 55 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/catfish.profile b/etc/catfish.profile index 577391c5d..009d3a049 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -28,7 +28,6 @@ apparmor | |||
28 | caps.drop all | 28 | caps.drop all |
29 | net none | 29 | net none |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -46,3 +45,6 @@ tracelog | |||
46 | # private-bin bash,catfish,env,locate,ls,mlocate,python* | 45 | # private-bin bash,catfish,env,locate,ls,mlocate,python* |
47 | # private-dev | 46 | # private-dev |
48 | # private-tmp | 47 | # private-tmp |
48 | |||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/celluloid.profile b/etc/celluloid.profile index daed19634..9be6b1631 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile | |||
@@ -31,7 +31,6 @@ include whitelist-var-common.inc | |||
31 | apparmor | 31 | apparmor |
32 | caps.drop all | 32 | caps.drop all |
33 | netfilter | 33 | netfilter |
34 | # nodbus -- uses dconf, MPRIS | ||
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
37 | noroot | 36 | noroot |
@@ -47,5 +46,9 @@ private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3 | |||
47 | private-dev | 46 | private-dev |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | # uses dconf, MPRIS | ||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
52 | |||
50 | read-only ${HOME} | 53 | read-only ${HOME} |
51 | read-write ${HOME}/.config/celluloid | 54 | read-write ${HOME}/.config/celluloid |
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index e15131dca..93f61091b 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
@@ -32,7 +32,6 @@ ipc-namespace | |||
32 | machine-id | 32 | machine-id |
33 | net none | 33 | net none |
34 | no3d | 34 | no3d |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -51,4 +50,7 @@ private-dev | |||
51 | private-lib libfreebl3.so,perl* | 50 | private-lib libfreebl3.so,perl* |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
53 | dbus-user none | ||
54 | dbus-system none | ||
55 | |||
54 | memory-deny-write-execute | 56 | memory-deny-write-execute |
diff --git a/etc/cheese.profile b/etc/cheese.profile index 633928260..337117c4a 100644 --- a/etc/cheese.profile +++ b/etc/cheese.profile | |||
@@ -26,7 +26,6 @@ apparmor | |||
26 | caps.drop all | 26 | caps.drop all |
27 | machine-id | 27 | machine-id |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin cheese | |||
43 | private-cache | 42 | private-cache |
44 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0 | 43 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0 |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/cin.profile b/etc/cin.profile index efeb9cd14..8c3fb42d1 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
@@ -17,7 +17,6 @@ include disable-programs.inc | |||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | 18 | ipc-namespace |
19 | net none | 19 | net none |
20 | nodbus | ||
21 | nodvd | 20 | nodvd |
22 | #nogroups | 21 | #nogroups |
23 | nonewprivs | 22 | nonewprivs |
@@ -34,3 +33,5 @@ shell none | |||
34 | private-cache | 33 | private-cache |
35 | private-dev | 34 | private-dev |
36 | 35 | ||
36 | dbus-user none | ||
37 | dbus-system none | ||
diff --git a/etc/clamav.profile b/etc/clamav.profile index 51bc58108..2726ab5af 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
@@ -15,7 +15,6 @@ caps.drop all | |||
15 | ipc-namespace | 15 | ipc-namespace |
16 | net none | 16 | net none |
17 | no3d | 17 | no3d |
18 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
@@ -31,6 +30,10 @@ tracelog | |||
31 | x11 none | 30 | x11 none |
32 | 31 | ||
33 | private-dev | 32 | private-dev |
33 | |||
34 | dbus-user none | ||
35 | dbus-system none | ||
36 | |||
34 | read-only ${HOME} | 37 | read-only ${HOME} |
35 | 38 | ||
36 | memory-deny-write-execute | 39 | memory-deny-write-execute |
diff --git a/etc/clamtk.profile b/etc/clamtk.profile index bc09808cb..4425a2bd0 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile | |||
@@ -11,7 +11,6 @@ caps.drop all | |||
11 | ipc-namespace | 11 | ipc-namespace |
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nodbus | ||
15 | nodvd | 14 | nodvd |
16 | nogroups | 15 | nogroups |
17 | nonewprivs | 16 | nonewprivs |
@@ -25,3 +24,6 @@ seccomp | |||
25 | shell none | 24 | shell none |
26 | 25 | ||
27 | private-dev | 26 | private-dev |
27 | |||
28 | dbus-user none | ||
29 | dbus-system none | ||
diff --git a/etc/clawsker.profile b/etc/clawsker.profile index 07db86c92..12ce47401 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile | |||
@@ -29,7 +29,6 @@ apparmor | |||
29 | caps.drop all | 29 | caps.drop all |
30 | net none | 30 | net none |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -50,4 +49,7 @@ private-etc alternatives,fonts | |||
50 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* | 49 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/clipgrab.profile b/etc/clipgrab.profile index 786d1c866..dace5e83e 100644 --- a/etc/clipgrab.profile +++ b/etc/clipgrab.profile | |||
@@ -25,8 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
27 | netfilter | 27 | netfilter |
28 | # Breaks tray-icon, uncommend or add to clipgrab.local if you don't need it. | ||
29 | #nodbus | ||
30 | nodvd | 28 | nodvd |
31 | nogroups | 29 | nogroups |
32 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +41,7 @@ disable-mnt | |||
43 | private-cache | 41 | private-cache |
44 | private-dev | 42 | private-dev |
45 | private-tmp | 43 | private-tmp |
44 | |||
45 | # Breaks tray icon, uncomment or add to clipgrab.local if you don't need it | ||
46 | # dbus-user none | ||
47 | # dbus-system none | ||
diff --git a/etc/cpio.profile b/etc/cpio.profile index 1156b7439..087a5b2bb 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -25,7 +25,6 @@ ipc-namespace | |||
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -41,4 +40,7 @@ x11 none | |||
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
45 | |||
44 | memory-deny-write-execute | 46 | memory-deny-write-execute |
diff --git a/etc/crawl.profile b/etc/crawl.profile index af78ac738..3da2413d9 100644 --- a/etc/crawl.profile +++ b/etc/crawl.profile | |||
@@ -25,7 +25,6 @@ caps.drop all | |||
25 | ipc-namespace | 25 | ipc-namespace |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin crawl,crawl-tiles | |||
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/curl.profile b/etc/curl.profile index a33d084ce..996ff51d3 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -48,3 +47,6 @@ private-cache | |||
48 | private-dev | 47 | private-dev |
49 | # private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl | 48 | # private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl |
50 | private-tmp | 49 | private-tmp |
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/ddgtk.profile b/etc/ddgtk.profile index 3dfc657bc..5b95b74be 100644 --- a/etc/ddgtk.profile +++ b/etc/ddgtk.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | net none | 31 | net none |
32 | no3d | 32 | no3d |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -50,4 +49,7 @@ private-cache | |||
50 | private-etc alternatives,fonts | 49 | private-etc alternatives,fonts |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | # memory-deny-write-execute - breaks on Arch | 55 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/default.profile b/etc/default.profile index 7731b6e00..74314cf92 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | # net none | 28 | # net none |
29 | netfilter | 29 | netfilter |
30 | # no3d | 30 | # no3d |
31 | # nodbus | ||
32 | # nodvd | 31 | # nodvd |
33 | # nogroups | 32 | # nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -53,5 +52,8 @@ seccomp | |||
53 | # private-opt none | 52 | # private-opt none |
54 | # private-tmp | 53 | # private-tmp |
55 | 54 | ||
55 | # dbus-user none | ||
56 | # dbus-system none | ||
57 | |||
56 | # memory-deny-write-execute | 58 | # memory-deny-write-execute |
57 | # read-only ${HOME} | 59 | # read-only ${HOME} |
diff --git a/etc/desktopeditors.profile b/etc/desktopeditors.profile index d0c727c5c..9a98c4933 100644 --- a/etc/desktopeditors.profile +++ b/etc/desktopeditors.profile | |||
@@ -24,7 +24,6 @@ apparmor | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -41,3 +40,6 @@ private-bin desktopeditors,sh | |||
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/devhelp.profile b/etc/devhelp.profile index cc9553e73..f3c012acb 100644 --- a/etc/devhelp.profile +++ b/etc/devhelp.profile | |||
@@ -24,7 +24,6 @@ include whitelist-usr-share-common.inc | |||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
26 | # net none - makes settings immutable | 26 | # net none - makes settings immutable |
27 | # nodbus - makes settings immutable | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -45,6 +44,10 @@ private-dev | |||
45 | private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl | 44 | private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | # makes settings immutable | ||
48 | # dbus-user none | ||
49 | # dbus-system none | ||
50 | |||
48 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
49 | 52 | ||
50 | read-only ${HOME} | 53 | read-only ${HOME} |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index b561787d8..1ab10a6f6 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | net none | 31 | net none |
32 | no3d | 32 | no3d |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -53,6 +52,9 @@ private-etc alternatives | |||
53 | private-lib gconv | 52 | private-lib gconv |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
55 | dbus-user none | ||
56 | dbus-system none | ||
57 | |||
56 | memory-deny-write-execute | 58 | memory-deny-write-execute |
57 | 59 | ||
58 | read-only ${HOME} | 60 | read-only ${HOME} |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index e5f37b06a..7a59c5d73 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | caps.drop all | 22 | caps.drop all |
23 | net none | 23 | net none |
24 | no3d | 24 | no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -39,3 +38,5 @@ private-bin bash,dex2jar,dirname,expr,grep,java,ls,sh,uname | |||
39 | private-cache | 38 | private-cache |
40 | private-dev | 39 | private-dev |
41 | 40 | ||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/dia.profile b/etc/dia.profile index 3a8651e2e..52bf1c7f8 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -44,3 +43,5 @@ private-cache | |||
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/dig.profile b/etc/dig.profile index 673af1526..152dfd980 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -34,7 +34,6 @@ ipc-namespace | |||
34 | machine-id | 34 | machine-id |
35 | netfilter | 35 | netfilter |
36 | no3d | 36 | no3d |
37 | nodbus | ||
38 | nodvd | 37 | nodvd |
39 | nogroups | 38 | nogroups |
40 | nonewprivs | 39 | nonewprivs |
@@ -55,4 +54,7 @@ private-dev | |||
55 | #private-lib | 54 | #private-lib |
56 | private-tmp | 55 | private-tmp |
57 | 56 | ||
57 | dbus-user none | ||
58 | dbus-system none | ||
59 | |||
58 | memory-deny-write-execute | 60 | memory-deny-write-execute |
diff --git a/etc/digikam.profile b/etc/digikam.profile index e66434444..ae4a63c62 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -25,7 +25,6 @@ include whitelist-var-common.inc | |||
25 | apparmor | 25 | apparmor |
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | # nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -39,3 +38,6 @@ shell none | |||
39 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 38 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |
40 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl | 39 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | # dbus-user none | ||
43 | # dbus-system none | ||
diff --git a/etc/display.profile b/etc/display.profile index 9e976c11a..2ae4edced 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-dev | |||
42 | # On Debian-based systems, display is a symlink in /etc/alternatives | 41 | # On Debian-based systems, display is a symlink in /etc/alternatives |
43 | private-etc alternatives | 42 | private-etc alternatives |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 6637b8d02..e48e9d1ac 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -31,7 +31,6 @@ ipc-namespace | |||
31 | machine-id | 31 | machine-id |
32 | netfilter | 32 | netfilter |
33 | no3d | 33 | no3d |
34 | nodbus | ||
35 | nodvd | 34 | nodvd |
36 | nonewprivs | 35 | nonewprivs |
37 | nosound | 36 | nosound |
@@ -48,5 +47,8 @@ private | |||
48 | private-cache | 47 | private-cache |
49 | private-dev | 48 | private-dev |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | # mdwe can break modules/plugins | 53 | # mdwe can break modules/plugins |
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |
diff --git a/etc/drawio.profile b/etc/drawio.profile index d4fd735a1..4132caa4f 100644 --- a/etc/drawio.profile +++ b/etc/drawio.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | ipc-namespace | 28 | ipc-namespace |
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-etc alternatives,fonts | 47 | private-etc alternatives,fonts |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | # memory-deny-write-execute - breaks on Arch | 53 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 1297f5f40..bb711b1bf 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile | |||
@@ -27,7 +27,6 @@ caps.drop all | |||
27 | machine-id | 27 | machine-id |
28 | net none | 28 | net none |
29 | no3d | 29 | no3d |
30 | # nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -51,4 +50,7 @@ private-etc alternatives,fonts,group,passwd | |||
51 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 50 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
53 | # dbus-user none | ||
54 | # dbus-system none | ||
55 | |||
54 | memory-deny-write-execute | 56 | memory-deny-write-execute |
diff --git a/etc/ebook-viewer.profile b/etc/ebook-viewer.profile index 29cb87a62..706aec737 100644 --- a/etc/ebook-viewer.profile +++ b/etc/ebook-viewer.profile | |||
@@ -4,7 +4,8 @@ | |||
4 | include ebook-viewer.local | 4 | include ebook-viewer.local |
5 | 5 | ||
6 | net none | 6 | net none |
7 | nodbus | 7 | dbus-user none |
8 | dbus-system none | ||
8 | 9 | ||
9 | # Redirect | 10 | # Redirect |
10 | include calibre.profile | 11 | include calibre.profile |
diff --git a/etc/electron-mail.profile b/etc/electron-mail.profile index bde8978df..d5def68c2 100644 --- a/etc/electron-mail.profile +++ b/etc/electron-mail.profile | |||
@@ -29,7 +29,6 @@ apparmor | |||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | # nodbus - breaks tray functionality | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -49,4 +48,8 @@ private-etc alternatives,fonts | |||
49 | private-opt ElectronMail | 48 | private-opt ElectronMail |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | # breaks tray functionality | ||
52 | # dbus-user none | ||
53 | # dbus-system none | ||
54 | |||
52 | # memory-deny-write-execute - breaks on Arch | 55 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/electron.profile b/etc/electron.profile index c24100f17..9b99c7ffb 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
@@ -15,7 +15,6 @@ whitelist ${DOWNLOADS} | |||
15 | apparmor | 15 | apparmor |
16 | caps.drop all | 16 | caps.drop all |
17 | netfilter | 17 | netfilter |
18 | nodbus | ||
19 | nodvd | 18 | nodvd |
20 | nogroups | 19 | nogroups |
21 | nonewprivs | 20 | nonewprivs |
@@ -23,3 +22,6 @@ noroot | |||
23 | notv | 22 | notv |
24 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
25 | seccomp | 24 | seccomp |
25 | |||
26 | dbus-user none | ||
27 | dbus-system none | ||
diff --git a/etc/electrum.profile b/etc/electrum.profile index c9f50f12a..bcc84ddb8 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile | |||
@@ -29,7 +29,6 @@ caps.drop all | |||
29 | ipc-namespace | 29 | ipc-namespace |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | #nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -50,3 +49,5 @@ private-dev | |||
50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl | 49 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | # dbus-user none | ||
53 | # dbus-system none | ||
diff --git a/etc/enchant.profile b/etc/enchant.profile index 69e8b1e44..2b5de799f 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -31,7 +31,6 @@ ipc-namespace | |||
31 | machine-id | 31 | machine-id |
32 | net none | 32 | net none |
33 | no3d | 33 | no3d |
34 | nodbus | ||
35 | nodvd | 34 | nodvd |
36 | nogroups | 35 | nogroups |
37 | nonewprivs | 36 | nonewprivs |
@@ -53,4 +52,7 @@ private-etc alternatives | |||
53 | private-lib | 52 | private-lib |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
55 | dbus-user none | ||
56 | dbus-system none | ||
57 | |||
56 | memory-deny-write-execute | 58 | memory-deny-write-execute |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index aaf3e3382..6c0892c56 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -19,7 +19,6 @@ apparmor | |||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -37,4 +36,7 @@ tracelog | |||
37 | private-dev | 36 | private-dev |
38 | # private-tmp | 37 | # private-tmp |
39 | 38 | ||
39 | dbus-user none | ||
40 | dbus-system none | ||
41 | |||
40 | memory-deny-write-execute | 42 | memory-deny-write-execute |
diff --git a/etc/ephemeral.profile b/etc/ephemeral.profile index c688c2324..029f613c6 100644 --- a/etc/ephemeral.profile +++ b/etc/ephemeral.profile | |||
@@ -39,8 +39,6 @@ caps.drop all | |||
39 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required. | 39 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required. |
40 | #machine-id | 40 | #machine-id |
41 | netfilter | 41 | netfilter |
42 | # nodbus breaks preferences | ||
43 | #nodbus | ||
44 | nodvd | 42 | nodvd |
45 | nogroups | 43 | nogroups |
46 | nonewprivs | 44 | nonewprivs |
@@ -59,3 +57,7 @@ private-cache | |||
59 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 57 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
60 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,login.defs,machine-id,mailcap,mime.types,nsswitch.conf,os-release,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 58 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,login.defs,machine-id,mailcap,mime.types,nsswitch.conf,os-release,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
61 | private-tmp | 59 | private-tmp |
60 | |||
61 | # breaks preferences | ||
62 | # dbus-user none | ||
63 | # dbus-system none | ||
diff --git a/etc/etr.profile b/etc/etr.profile index 97a43bb59..7afcd01d7 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -42,3 +41,6 @@ private-cache | |||
42 | private-dev | 41 | private-dev |
43 | # private-etc alternatives,drirc,machine-id,openal | 42 | # private-etc alternatives,drirc,machine-id,openal |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/evince.profile b/etc/evince.profile index 68ef5eb9a..04964ce33 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -30,8 +30,6 @@ machine-id | |||
30 | # net none - breaks AppArmor on Ubuntu systems | 30 | # net none - breaks AppArmor on Ubuntu systems |
31 | netfilter | 31 | netfilter |
32 | no3d | 32 | no3d |
33 | # nodbus might break two-page-view on some systems | ||
34 | nodbus | ||
35 | nodvd | 33 | nodvd |
36 | nogroups | 34 | nogroups |
37 | nonewprivs | 35 | nonewprivs |
@@ -52,3 +50,7 @@ private-etc alternatives,fonts,group,ld.so.cache,machine-id,passwd | |||
52 | # private-lib might break two-page-view on some systems | 50 | # private-lib might break two-page-view on some systems |
53 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* | 51 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* |
54 | private-tmp | 52 | private-tmp |
53 | |||
54 | # might break two-page-view on some systems | ||
55 | dbus-user none | ||
56 | dbus-system none | ||
diff --git a/etc/exfalso.profile b/etc/exfalso.profile index 04bafdde4..0b961f534 100644 --- a/etc/exfalso.profile +++ b/etc/exfalso.profile | |||
@@ -35,7 +35,6 @@ ipc-namespace | |||
35 | machine-id | 35 | machine-id |
36 | netfilter | 36 | netfilter |
37 | no3d | 37 | no3d |
38 | nodbus | ||
39 | nodvd | 38 | nodvd |
40 | nogroups | 39 | nogroups |
41 | nonewprivs | 40 | nonewprivs |
@@ -55,4 +54,7 @@ private-etc alternatives,fonts,group,passwd | |||
55 | private-lib libatk-1.0.so.*,libgdk-3.so.*,libgdk_pixbuf-2.0.so.*,libgirepository-1.0.so.*,libgstreamer-1.0.so.*,libgtk-3.so.*,libgtksourceview-3.0.so.*,libpango-1.0.so.*,libpython*,libreadline.so.*,libsoup-2.4.so.*,libssl.so.1.*,python2*,python3* | 54 | private-lib libatk-1.0.so.*,libgdk-3.so.*,libgdk_pixbuf-2.0.so.*,libgirepository-1.0.so.*,libgstreamer-1.0.so.*,libgtk-3.so.*,libgtksourceview-3.0.so.*,libpango-1.0.so.*,libpython*,libreadline.so.*,libsoup-2.4.so.*,libssl.so.1.*,python2*,python3* |
56 | private-tmp | 55 | private-tmp |
57 | 56 | ||
57 | dbus-user none | ||
58 | dbus-system none | ||
59 | |||
58 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 60 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index daacbc0c7..90d8a0fc2 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -52,4 +51,7 @@ private-dev | |||
52 | private-etc alternatives | 51 | private-etc alternatives |
53 | private-tmp | 52 | private-tmp |
54 | 53 | ||
54 | dbus-user none | ||
55 | dbus-system none | ||
56 | |||
55 | memory-deny-write-execute | 57 | memory-deny-write-execute |
diff --git a/etc/feh.profile b/etc/feh.profile index 6a8071c28..91123fa0e 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -21,7 +21,6 @@ include disable-programs.inc | |||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
23 | no3d | 23 | no3d |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
@@ -39,3 +38,6 @@ private-cache | |||
39 | private-dev | 38 | private-dev |
40 | private-etc alternatives,feh | 39 | private-etc alternatives,feh |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index b392087e8..37c46e7d6 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -29,7 +29,6 @@ caps.drop all | |||
29 | ipc-namespace | 29 | ipc-namespace |
30 | machine-id | 30 | machine-id |
31 | netfilter | 31 | netfilter |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -50,4 +49,7 @@ private-dev | |||
50 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pkcs11,pki,resolv.conf,ssl | 49 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pkcs11,pki,resolv.conf,ssl |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 55 | # memory-deny-write-execute - it breaks old versions of ffmpeg |
diff --git a/etc/file.profile b/etc/file.profile index 854586354..74620d4cd 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -22,7 +22,6 @@ ipc-namespace | |||
22 | machine-id | 22 | machine-id |
23 | net none | 23 | net none |
24 | no3d | 24 | no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -42,5 +41,8 @@ private-dev | |||
42 | #private-etc alternatives,localtime,magic,magic.mgc | 41 | #private-etc alternatives,localtime,magic,magic.mgc |
43 | #private-lib file,libarchive.so.*,libfakeroot,libmagic.so.*,libseccomp.so.* | 42 | #private-lib file,libarchive.so.*,libfakeroot,libmagic.so.*,libseccomp.so.* |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | memory-deny-write-execute | 47 | memory-deny-write-execute |
46 | read-only ${HOME} | 48 | read-only ${HOME} |
diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index 1dca67e06..681e72d33 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc | |||
@@ -57,7 +57,8 @@ whitelist ${HOME}/dwhelper | |||
57 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python 3 (blacklisted by disable-interpreters.inc) | 57 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python 3 (blacklisted by disable-interpreters.inc) |
58 | noblacklist ${HOME}/.local/share/gnome-shell | 58 | noblacklist ${HOME}/.local/share/gnome-shell |
59 | whitelist ${HOME}/.local/share/gnome-shell | 59 | whitelist ${HOME}/.local/share/gnome-shell |
60 | ignore nodbus | 60 | ignore dbus-user none |
61 | ignore dbus-system none | ||
61 | include allow-python3.inc | 62 | include allow-python3.inc |
62 | 63 | ||
63 | # KeePassXC Browser Integration | 64 | # KeePassXC Browser Integration |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 323070289..7c343c26d 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -34,9 +34,6 @@ caps.drop all | |||
34 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required. | 34 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required. |
35 | #machine-id | 35 | #machine-id |
36 | netfilter | 36 | netfilter |
37 | # nodbus breaks various desktop integration features | ||
38 | # among other things global menus, native notifications, Gnome connector, KDE connect and power management on KDE Plasma | ||
39 | nodbus | ||
40 | nodvd | 37 | nodvd |
41 | nogroups | 38 | nogroups |
42 | nonewprivs | 39 | nonewprivs |
@@ -56,3 +53,8 @@ disable-mnt | |||
56 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 53 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
57 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 54 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
58 | private-tmp | 55 | private-tmp |
56 | |||
57 | # breaks various desktop integration features | ||
58 | # among other things global menus, native notifications, Gnome connector, KDE connect and power management on KDE Plasma | ||
59 | dbus-user none | ||
60 | dbus-system none | ||
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index 9a3df98f4..5a69684b5 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
@@ -23,7 +23,6 @@ caps.drop all | |||
23 | ipc-namespace | 23 | ipc-namespace |
24 | netfilter | 24 | netfilter |
25 | no3d | 25 | no3d |
26 | # nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -43,3 +42,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,pki,re | |||
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
45 | # dbus-user none | ||
46 | # dbus-system none | ||
diff --git a/etc/freecad.profile b/etc/freecad.profile index 6f0f52a55..0a1d4a750 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
@@ -24,7 +24,6 @@ include disable-xdg.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,5 @@ private-cache | |||
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/freeciv.profile b/etc/freeciv.profile index 379c5eca9..0fe933478 100644 --- a/etc/freeciv.profile +++ b/etc/freeciv.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | netfilter | 27 | netfilter |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin freeciv-gtk3,freeciv-manual,freeciv-mp-gtk3,freeciv-server | |||
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/freecol.profile b/etc/freecol.profile index baeb4c528..3cbd2ff53 100644 --- a/etc/freecol.profile +++ b/etc/freecol.profile | |||
@@ -37,7 +37,6 @@ include whitelist-var-common.inc | |||
37 | caps.drop all | 37 | caps.drop all |
38 | ipc-namespace | 38 | ipc-namespace |
39 | netfilter | 39 | netfilter |
40 | nodbus | ||
41 | nodvd | 40 | nodvd |
42 | nogroups | 41 | nogroups |
43 | nonewprivs | 42 | nonewprivs |
@@ -54,3 +53,6 @@ disable-mnt | |||
54 | private-cache | 53 | private-cache |
55 | private-dev | 54 | private-dev |
56 | private-tmp | 55 | private-tmp |
56 | |||
57 | dbus-user none | ||
58 | dbus-system none | ||
diff --git a/etc/freemind.profile b/etc/freemind.profile index ba945c0fb..0ffb5c54d 100644 --- a/etc/freemind.profile +++ b/etc/freemind.profile | |||
@@ -27,7 +27,6 @@ caps.drop all | |||
27 | machine-id | 27 | machine-id |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -49,3 +48,6 @@ private-dev | |||
49 | private-tmp | 48 | private-tmp |
50 | private-opt none | 49 | private-opt none |
51 | private-srv none | 50 | private-srv none |
51 | |||
52 | dbus-user none | ||
53 | dbus-system none | ||
diff --git a/etc/frogatto.profile b/etc/frogatto.profile index fd7c5fc16..06f13e8c6 100644 --- a/etc/frogatto.profile +++ b/etc/frogatto.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,3 +44,6 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-etc machine-id | 45 | private-etc machine-id |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index c089d2e35..d1dc64bb9 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -42,3 +41,6 @@ disable-mnt | |||
42 | # private-bin frozen-bubble | 41 | # private-bin frozen-bubble |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/galculator.profile b/etc/galculator.profile index f757aed69..404d89742 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | #hostname galculator - breaks Arch Linux | 26 | #hostname galculator - breaks Arch Linux |
27 | #ipc-namespace | 27 | #ipc-namespace |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -47,4 +46,7 @@ private-etc alternatives,fonts | |||
47 | private-lib | 46 | private-lib |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
50 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 52 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 7ca99f420..46a862a21 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
@@ -21,7 +21,6 @@ apparmor | |||
21 | caps.drop all | 21 | caps.drop all |
22 | machine-id | 22 | machine-id |
23 | netfilter | 23 | netfilter |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | # required for sudo-free docker | 25 | # required for sudo-free docker |
27 | #nogroups | 26 | #nogroups |
@@ -38,3 +37,6 @@ disable-mnt | |||
38 | private-dev | 37 | private-dev |
39 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl | 38 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl |
40 | private-tmp | 39 | private-tmp |
40 | |||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/geary.profile b/etc/geary.profile index eb427c077..fa01d04b7 100644 --- a/etc/geary.profile +++ b/etc/geary.profile | |||
@@ -10,7 +10,8 @@ include geary.local | |||
10 | # Users have Geary set to open a browser by clicking a link in an email | 10 | # Users have Geary set to open a browser by clicking a link in an email |
11 | # We are not allowed to blacklist browser-specific directories | 11 | # We are not allowed to blacklist browser-specific directories |
12 | 12 | ||
13 | ignore nodbus | 13 | ignore dbus-user none |
14 | ignore dbus-system none | ||
14 | ignore private-tmp | 15 | ignore private-tmp |
15 | 16 | ||
16 | noblacklist ${HOME}/.gnupg | 17 | noblacklist ${HOME}/.gnupg |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 148b98c99..17b7ad563 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -27,7 +27,6 @@ caps.drop all | |||
27 | machine-id | 27 | machine-id |
28 | # net none - makes settings immutable | 28 | # net none - makes settings immutable |
29 | no3d | 29 | no3d |
30 | # nodbus - makes settings immutable | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -47,3 +46,6 @@ private-dev | |||
47 | #private-lib aspell,gconv,gedit,libgspell-1.so.*,libgtksourceview-*,libpeas-gtk-1.0.so.*,libreadline.so.*,libtinfo.so.* | 46 | #private-lib aspell,gconv,gedit,libgspell-1.so.*,libgtksourceview-*,libpeas-gtk-1.0.so.*,libreadline.so.*,libtinfo.so.* |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | # makes settings immutable | ||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
diff --git a/etc/geekbench.profile b/etc/geekbench.profile index 6398505ed..e06a9afad 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile | |||
@@ -25,7 +25,6 @@ ipc-namespace | |||
25 | machine-id | 25 | machine-id |
26 | netfilter | 26 | netfilter |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -48,6 +47,9 @@ private-lib gcc/*/*/libstdc++.so.* | |||
48 | private-opt none | 47 | private-opt none |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 53 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
52 | 54 | ||
53 | read-only ${HOME} | 55 | read-only ${HOME} |
diff --git a/etc/gfeeds.profile b/etc/gfeeds.profile index 7de762e0d..e7913f5e4 100644 --- a/etc/gfeeds.profile +++ b/etc/gfeeds.profile | |||
@@ -38,7 +38,6 @@ caps.drop all | |||
38 | machine-id | 38 | machine-id |
39 | netfilter | 39 | netfilter |
40 | no3d | 40 | no3d |
41 | #nodbus | ||
42 | nodvd | 41 | nodvd |
43 | nogroups | 42 | nogroups |
44 | nonewprivs | 43 | nonewprivs |
@@ -58,3 +57,6 @@ private-bin gfeeds,python3* | |||
58 | private-dev | 57 | private-dev |
59 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg | 58 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg |
60 | private-tmp | 59 | private-tmp |
60 | |||
61 | # dbus-user none | ||
62 | # dbus-system none | ||
diff --git a/etc/gimp.profile b/etc/gimp.profile index 94035bc02..8093c0c39 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -36,7 +36,6 @@ include whitelist-var-common.inc | |||
36 | apparmor | 36 | apparmor |
37 | caps.drop all | 37 | caps.drop all |
38 | net none | 38 | net none |
39 | nodbus | ||
40 | nodvd | 39 | nodvd |
41 | nogroups | 40 | nogroups |
42 | nonewprivs | 41 | nonewprivs |
@@ -51,3 +50,6 @@ tracelog | |||
51 | 50 | ||
52 | private-dev | 51 | private-dev |
53 | private-tmp | 52 | private-tmp |
53 | |||
54 | dbus-user none | ||
55 | dbus-system none | ||
diff --git a/etc/gist.profile b/etc/gist.profile index 59fcb2775..681fc2829 100644 --- a/etc/gist.profile +++ b/etc/gist.profile | |||
@@ -36,7 +36,6 @@ ipc-namespace | |||
36 | machine-id | 36 | machine-id |
37 | netfilter | 37 | netfilter |
38 | no3d | 38 | no3d |
39 | nodbus | ||
40 | nodvd | 39 | nodvd |
41 | nogroups | 40 | nogroups |
42 | nonewprivs | 41 | nonewprivs |
@@ -56,4 +55,7 @@ private-dev | |||
56 | private-etc alternatives | 55 | private-etc alternatives |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
59 | memory-deny-write-execute | 61 | memory-deny-write-execute |
diff --git a/etc/gmpc.profile b/etc/gmpc.profile index b1546db30..b3aad8b2c 100644 --- a/etc/gmpc.profile +++ b/etc/gmpc.profile | |||
@@ -30,7 +30,6 @@ caps.drop all | |||
30 | ipc-namespace | 30 | ipc-namespace |
31 | netfilter | 31 | netfilter |
32 | no3d | 32 | no3d |
33 | #nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -50,4 +49,7 @@ private-etc alternatives,fonts | |||
50 | private-tmp | 49 | private-tmp |
51 | writable-run-user | 50 | writable-run-user |
52 | 51 | ||
52 | # dbus-user none | ||
53 | # dbus-system none | ||
54 | |||
53 | # memory-deny-write-execute - breaks on Arch | 55 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 627ae368a..a18a123d3 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -27,7 +27,6 @@ machine-id | |||
27 | # net none | 27 | # net none |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | # nodbus - makes settings immutable | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -47,4 +46,8 @@ private-dev | |||
47 | #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* | 46 | #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | # makes settings immutable | ||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
52 | |||
50 | # memory-deny-write-execute | 53 | # memory-deny-write-execute |
diff --git a/etc/gnome-characters.profile b/etc/gnome-characters.profile index 77b0c3c15..3d7a2e4a6 100644 --- a/etc/gnome-characters.profile +++ b/etc/gnome-characters.profile | |||
@@ -28,9 +28,6 @@ caps.drop all | |||
28 | machine-id | 28 | machine-id |
29 | net none | 29 | net none |
30 | no3d | 30 | no3d |
31 | # Uncomment the next line (or add it to your gnome-characters.local) | ||
32 | # if you don't need recently used chars | ||
33 | #nodbus | ||
34 | nodvd | 31 | nodvd |
35 | nogroups | 32 | nogroups |
36 | nonewprivs | 33 | nonewprivs |
@@ -54,4 +51,9 @@ private-dev | |||
54 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg | 51 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg |
55 | private-tmp | 52 | private-tmp |
56 | 53 | ||
54 | # Uncomment the next lines (or add it to your gnome-characters.local) | ||
55 | # if you don't need recently used chars | ||
56 | # dbus-user none | ||
57 | # dbus-system none | ||
58 | |||
57 | read-only ${HOME} | 59 | read-only ${HOME} |
diff --git a/etc/gnome-hexgl.profile b/etc/gnome-hexgl.profile index a06ccc9c1..873a47ea9 100644 --- a/etc/gnome-hexgl.profile +++ b/etc/gnome-hexgl.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -44,5 +43,8 @@ private-dev | |||
44 | private-etc machine-id | 43 | private-etc machine-id |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
46 | dbus-user none | ||
47 | dbus-system none | ||
48 | |||
47 | read-only ${HOME} | 49 | read-only ${HOME} |
48 | read-write ${HOME}/.cache/mesa_shader_cache | 50 | read-write ${HOME}/.cache/mesa_shader_cache |
diff --git a/etc/gnome-keyring.profile b/etc/gnome-keyring.profile index 7e2d701b7..ecbb74158 100644 --- a/etc/gnome-keyring.profile +++ b/etc/gnome-keyring.profile | |||
@@ -31,7 +31,6 @@ ipc-namespace | |||
31 | machine-id | 31 | machine-id |
32 | netfilter | 32 | netfilter |
33 | no3d | 33 | no3d |
34 | # nodbus | ||
35 | nodvd | 34 | nodvd |
36 | nogroups | 35 | nogroups |
37 | nonewprivs | 36 | nonewprivs |
@@ -52,4 +51,7 @@ private-dev | |||
52 | #private-lib alternatives,gnome-keyring,libsecret-1.so.*,pkcs11,security | 51 | #private-lib alternatives,gnome-keyring,libsecret-1.so.*,pkcs11,security |
53 | private-tmp | 52 | private-tmp |
54 | 53 | ||
54 | # dbus-user none | ||
55 | # dbus-system none | ||
56 | |||
55 | memory-deny-write-execute | 57 | memory-deny-write-execute |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index 31b7cfb4f..4b6453015 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -24,7 +24,6 @@ caps.drop all | |||
24 | ipc-namespace | 24 | ipc-namespace |
25 | net none | 25 | net none |
26 | no3d | 26 | no3d |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | # When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html), | 28 | # When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html), |
30 | # comment both 'nogroups' and 'noroot' | 29 | # comment both 'nogroups' and 'noroot' |
@@ -50,6 +49,9 @@ private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.s | |||
50 | private-tmp | 49 | private-tmp |
51 | writable-var-log | 50 | writable-var-log |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | # comment this if you export logs to a file in your ${HOME} | 55 | # comment this if you export logs to a file in your ${HOME} |
54 | # or put 'ignore read-only ${HOME}' in your gnome-logs.local. | 56 | # or put 'ignore read-only ${HOME}' in your gnome-logs.local. |
55 | read-only ${HOME} | 57 | read-only ${HOME} |
diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile index 649473679..33eb9c81a 100644 --- a/etc/gnome-nettool.profile +++ b/etc/gnome-nettool.profile | |||
@@ -25,7 +25,6 @@ ipc-namespace | |||
25 | machine-id | 25 | machine-id |
26 | netfilter | 26 | netfilter |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | # ping needs to elevate privileges, noroot and nonewprivs will kill it | 30 | # ping needs to elevate privileges, noroot and nonewprivs will kill it |
@@ -45,3 +44,5 @@ private-dev | |||
45 | private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libgtk-3.so.*,libgtop*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.* | 44 | private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libgtk-3.so.*,libgtop*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.* |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile index cfe39d18b..f597f5cd3 100644 --- a/etc/gnome-system-log.profile +++ b/etc/gnome-system-log.profile | |||
@@ -24,7 +24,6 @@ caps.drop all | |||
24 | ipc-namespace | 24 | ipc-namespace |
25 | # net none - breaks dbus | 25 | # net none - breaks dbus |
26 | no3d | 26 | no3d |
27 | # nodbus | ||
28 | nodvd | 27 | nodvd |
29 | # When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html), | 28 | # When using 'volatile' storage (https://www.freedesktop.org/software/systemd/man/journald.conf.html), |
30 | # comment both 'nogroups' and 'noroot' | 29 | # comment both 'nogroups' and 'noroot' |
@@ -49,6 +48,9 @@ private-lib | |||
49 | private-tmp | 48 | private-tmp |
50 | writable-var-log | 49 | writable-var-log |
51 | 50 | ||
51 | # dbus-user none | ||
52 | # dbus-system none | ||
53 | |||
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |
53 | 55 | ||
54 | # comment this if you export logs to a file in your ${HOME} | 56 | # comment this if you export logs to a file in your ${HOME} |
diff --git a/etc/godot.profile b/etc/godot.profile index 2baf09b1d..8324a4eb5 100644 --- a/etc/godot.profile +++ b/etc/godot.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -41,3 +40,6 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl | 41 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index eb00688dd..578ccaef9 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -24,7 +24,6 @@ caps.drop all | |||
24 | ipc-namespace | 24 | ipc-namespace |
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -45,4 +44,7 @@ private-etc alternatives,fonts,group,passwd | |||
45 | private-lib | 44 | private-lib |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/gramps.profile b/etc/gramps.profile index 54b154964..427fe2d7a 100644 --- a/etc/gramps.profile +++ b/etc/gramps.profile | |||
@@ -30,7 +30,6 @@ caps.drop all | |||
30 | ipc-namespace | 30 | ipc-namespace |
31 | netfilter | 31 | netfilter |
32 | no3d | 32 | no3d |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -47,3 +46,6 @@ disable-mnt | |||
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/gravity-beams-and-evaporating-stars.profile b/etc/gravity-beams-and-evaporating-stars.profile index a0ffa0d88..7a1a9440e 100644 --- a/etc/gravity-beams-and-evaporating-stars.profile +++ b/etc/gravity-beams-and-evaporating-stars.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -42,3 +41,6 @@ private-cache | |||
42 | private-dev | 41 | private-dev |
43 | private-etc fonts,machine-id | 42 | private-etc fonts,machine-id |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/gtk-update-icon-cache.profile b/etc/gtk-update-icon-cache.profile index 668a48f9a..ac2e9891b 100644 --- a/etc/gtk-update-icon-cache.profile +++ b/etc/gtk-update-icon-cache.profile | |||
@@ -27,7 +27,6 @@ ipc-namespace | |||
27 | machine-id | 27 | machine-id |
28 | net none | 28 | net none |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -50,4 +49,7 @@ private-etc none | |||
50 | private-lib | 49 | private-lib |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | memory-deny-write-execute | 55 | memory-deny-write-execute |
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index f3e3ab14d..624914759 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -24,7 +24,6 @@ caps.drop all | |||
24 | machine-id | 24 | machine-id |
25 | #net none - breaks dbus | 25 | #net none - breaks dbus |
26 | no3d | 26 | no3d |
27 | #nodbus - breaks state saveing | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -46,4 +45,8 @@ private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld | |||
46 | private-lib | 45 | private-lib |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | # breaks state saving | ||
49 | # dbus-user none | ||
50 | # dbus-system none | ||
51 | |||
49 | read-only ${HOME} | 52 | read-only ${HOME} |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 5a5d81378..dee0ba9a2 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -30,7 +30,6 @@ apparmor | |||
30 | caps.drop all | 30 | caps.drop all |
31 | # net none | 31 | # net none |
32 | netfilter | 32 | netfilter |
33 | # nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -47,4 +46,7 @@ private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 | |||
47 | private-dev | 46 | private-dev |
48 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg | 47 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg |
49 | 48 | ||
49 | # dbus-user none | ||
50 | # dbus-system none | ||
51 | |||
50 | # memory-deny-write-execute | 52 | # memory-deny-write-execute |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 1af15d227..8ec39d8ca 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -44,4 +43,7 @@ x11 none | |||
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | 45 | ||
46 | dbus-user none | ||
47 | dbus-system none | ||
48 | |||
47 | memory-deny-write-execute | 49 | memory-deny-write-execute |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index add3f407c..0539ffcb8 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
29 | noroot | 28 | noroot |
@@ -36,3 +35,5 @@ shell none | |||
36 | private-dev | 35 | private-dev |
37 | private-tmp | 36 | private-tmp |
38 | 37 | ||
38 | dbus-user none | ||
39 | dbus-system none | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index b4d6d52f0..8ec67ff19 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -23,7 +23,6 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -43,3 +42,5 @@ private-cache | |||
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/highlight.profile b/etc/highlight.profile index fc8b2f65a..8d2987b62 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -18,7 +18,6 @@ include disable-programs.inc | |||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | no3d | 20 | no3d |
21 | nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
@@ -37,3 +36,6 @@ private-bin highlight | |||
37 | private-cache | 36 | private-cache |
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
39 | |||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/host.profile b/etc/host.profile index 51b372361..2b78073df 100644 --- a/etc/host.profile +++ b/etc/host.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | netfilter | 27 | netfilter |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -46,4 +45,7 @@ private-bin bash,host,sh | |||
46 | private-dev | 45 | private-dev |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | dbus-user none | ||
49 | dbus-system none | ||
50 | |||
49 | memory-deny-write-execute | 51 | memory-deny-write-execute |
diff --git a/etc/hugin.profile b/etc/hugin.profile index 07a697c05..f8d9f999d 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -20,7 +20,6 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -38,3 +37,5 @@ private-cache | |||
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/hyperrogue.profile b/etc/hyperrogue.profile index e6b385de9..1e3663b8f 100644 --- a/etc/hyperrogue.profile +++ b/etc/hyperrogue.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -46,3 +45,6 @@ private-cwd ${HOME} | |||
46 | private-dev | 45 | private-dev |
47 | private-etc fonts,machine-id | 46 | private-etc fonts,machine-id |
48 | private-tmp | 47 | private-tmp |
48 | |||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/iagno.profile b/etc/iagno.profile index e79043048..a99c603bd 100644 --- a/etc/iagno.profile +++ b/etc/iagno.profile | |||
@@ -18,7 +18,6 @@ include whitelist-var-common.inc | |||
18 | apparmor | 18 | apparmor |
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | #nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
@@ -35,3 +34,6 @@ private | |||
35 | private-bin iagno | 34 | private-bin iagno |
36 | private-dev | 35 | private-dev |
37 | private-tmp | 36 | private-tmp |
37 | |||
38 | # dbus-user none | ||
39 | # dbus-system none | ||
diff --git a/etc/imagej.profile b/etc/imagej.profile index 00ee115ed..91a60c188 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
@@ -21,7 +21,6 @@ include disable-programs.inc | |||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
23 | net none | 23 | net none |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
@@ -38,3 +37,5 @@ private-bin awk,basename,bash,cut,free,grep,hostname,imagej,ln,ls,mkdir,rm,sort, | |||
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 0b30ec33f..ae03fc8bc 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -27,7 +27,6 @@ caps.drop all | |||
27 | ipc-namespace | 27 | ipc-namespace |
28 | machine-id | 28 | machine-id |
29 | net none | 29 | net none |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -47,4 +46,7 @@ private-cache | |||
47 | private-dev | 46 | private-dev |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
50 | memory-deny-write-execute | 52 | memory-deny-write-execute |
diff --git a/etc/impressive.profile b/etc/impressive.profile index 0bfe5de5a..af82fb059 100644 --- a/etc/impressive.profile +++ b/etc/impressive.profile | |||
@@ -33,7 +33,6 @@ caps.drop all | |||
33 | ipc-namespace | 33 | ipc-namespace |
34 | machine-id | 34 | machine-id |
35 | net none | 35 | net none |
36 | nodbus | ||
37 | nodvd | 36 | nodvd |
38 | nogroups | 37 | nogroups |
39 | nonewprivs | 38 | nonewprivs |
@@ -51,5 +50,8 @@ private-cache | |||
51 | private-dev | 50 | private-dev |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
53 | dbus-user none | ||
54 | dbus-system none | ||
55 | |||
54 | read-only ${HOME} | 56 | read-only ${HOME} |
55 | read-write ${HOME}/.cache/mesa_shader_cache | 57 | read-write ${HOME}/.cache/mesa_shader_cache |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 30cb5d75d..f14868668 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -37,7 +37,6 @@ caps.drop all | |||
37 | ipc-namespace | 37 | ipc-namespace |
38 | machine-id | 38 | machine-id |
39 | net none | 39 | net none |
40 | nodbus | ||
41 | nodvd | 40 | nodvd |
42 | nogroups | 41 | nogroups |
43 | nonewprivs | 42 | nonewprivs |
@@ -56,4 +55,7 @@ private-cache | |||
56 | private-dev | 55 | private-dev |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
59 | # memory-deny-write-execute | 61 | # memory-deny-write-execute |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 5b7275718..0944051e5 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -41,3 +40,5 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/jerry.profile b/etc/jerry.profile index f6bfb9953..b79ae0ee0 100644 --- a/etc/jerry.profile +++ b/etc/jerry.profile | |||
@@ -20,7 +20,6 @@ caps.drop all | |||
20 | machine-id | 20 | machine-id |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -38,4 +37,7 @@ private-dev | |||
38 | private-etc fonts,gtk-2.0,gtk-3.0 | 37 | private-etc fonts,gtk-2.0,gtk-3.0 |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
42 | |||
41 | memory-deny-write-execute | 43 | memory-deny-write-execute |
diff --git a/etc/jumpnbump.profile b/etc/jumpnbump.profile index c8167e1dc..daeb54610 100644 --- a/etc/jumpnbump.profile +++ b/etc/jumpnbump.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,3 +44,6 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-etc none | 45 | private-etc none |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/kalgebra.profile b/etc/kalgebra.profile index 2dc90b9b9..e1e93163b 100644 --- a/etc/kalgebra.profile +++ b/etc/kalgebra.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -45,3 +44,6 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-etc fonts,machine-id | 45 | private-etc fonts,machine-id |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/kate.profile b/etc/kate.profile index 3035393c4..321c4558f 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -28,7 +28,6 @@ include whitelist-var-common.inc | |||
28 | # apparmor | 28 | # apparmor |
29 | caps.drop all | 29 | caps.drop all |
30 | # net none | 30 | # net none |
31 | # nodbus | ||
32 | netfilter | 31 | netfilter |
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
@@ -48,4 +47,7 @@ private-dev | |||
48 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg | 47 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
52 | |||
51 | join-or-start kate | 53 | join-or-start kate |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 8c641802b..6f94777aa 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -27,7 +27,6 @@ apparmor | |||
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -46,3 +45,5 @@ private-dev | |||
46 | # private-lib - problems on Arch | 45 | # private-lib - problems on Arch |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 361109127..e3560cb35 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -22,7 +22,6 @@ include disable-programs.inc | |||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
24 | # net none | 24 | # net none |
25 | # nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -36,3 +35,6 @@ shell none | |||
36 | private-bin dbus-launch,dvdauthor,ffmpeg,ffplay,ffprobe,genisoimage,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kdenlive,kdenlive_render,kshell4,kshell5,melt,mlt-melt,vlc,xine | 35 | private-bin dbus-launch,dvdauthor,ffmpeg,ffplay,ffprobe,genisoimage,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kdenlive,kdenlive_render,kshell4,kshell5,melt,mlt-melt,vlc,xine |
37 | private-dev | 36 | private-dev |
38 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,X11,xdg | 37 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,X11,xdg |
38 | |||
39 | # dbus-user none | ||
40 | # dbus-system none | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 44e9c67bb..b8239e140 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,4 +44,7 @@ private-dev | |||
45 | private-etc alternatives,fonts,machine-id | 44 | private-etc alternatives,fonts,machine-id |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index d04ada227..43dbad5f9 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -34,7 +34,7 @@ nodvd | |||
34 | # Breaks 'Lock database when session is locked or lid is closed' (#2899). | 34 | # Breaks 'Lock database when session is locked or lid is closed' (#2899). |
35 | # Also breaks (Plasma) tray icon, | 35 | # Also breaks (Plasma) tray icon, |
36 | # you can safely uncomment it or add to keepassxc.local if you don't need these features. | 36 | # you can safely uncomment it or add to keepassxc.local if you don't need these features. |
37 | #nodbus | 37 | # |
38 | nogroups | 38 | nogroups |
39 | nonewprivs | 39 | nonewprivs |
40 | noroot | 40 | noroot |
@@ -52,5 +52,11 @@ private-dev | |||
52 | private-etc alternatives,fonts,ld.so.cache,machine-id | 52 | private-etc alternatives,fonts,ld.so.cache,machine-id |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | # Breaks 'Lock database when session is locked or lid is closed' (#2899). | ||
56 | # Also breaks (Plasma) tray icon, | ||
57 | # you can safely uncomment it or add to keepassxc.local if you don't need these features. | ||
58 | # dbus-user none | ||
59 | # dbus-system none | ||
60 | |||
55 | # Mutex is stored in /tmp by default, which is broken by private-tmp | 61 | # Mutex is stored in /tmp by default, which is broken by private-tmp |
56 | join-or-start keepassxc | 62 | join-or-start keepassxc |
diff --git a/etc/kfind.profile b/etc/kfind.profile index ee4c35825..ed815676a 100644 --- a/etc/kfind.profile +++ b/etc/kfind.profile | |||
@@ -27,7 +27,6 @@ machine-id | |||
27 | # net none | 27 | # net none |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | # nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -43,3 +42,6 @@ shell none | |||
43 | # private-bin kbuildsycoca4,kdeinit4,kfind | 42 | # private-bin kbuildsycoca4,kdeinit4,kfind |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | # dbus-user none | ||
47 | # dbus-system none | ||
diff --git a/etc/kid3.profile b/etc/kid3.profile index 01064feb5..cce92a93f 100644 --- a/etc/kid3.profile +++ b/etc/kid3.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -42,4 +41,7 @@ private-tmp | |||
42 | private-opt none | 41 | private-opt none |
43 | private-srv none | 42 | private-srv none |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/kiwix-desktop.profile b/etc/kiwix-desktop.profile index 8b7b12882..d222d6d24 100644 --- a/etc/kiwix-desktop.profile +++ b/etc/kiwix-desktop.profile | |||
@@ -29,7 +29,6 @@ caps.drop all | |||
29 | ipc-namespace | 29 | ipc-namespace |
30 | netfilter | 30 | netfilter |
31 | # no3d | 31 | # no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -47,3 +46,6 @@ private-cache | |||
47 | private-dev | 46 | private-dev |
48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl | 47 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/klatexformula.profile b/etc/klatexformula.profile index d584f6a56..10b689ce5 100644 --- a/etc/klatexformula.profile +++ b/etc/klatexformula.profile | |||
@@ -24,7 +24,6 @@ apparmor | |||
24 | caps.drop all | 24 | caps.drop all |
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -41,3 +40,6 @@ tracelog | |||
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/klavaro.profile b/etc/klavaro.profile index b6b538557..c03d75098 100644 --- a/etc/klavaro.profile +++ b/etc/klavaro.profile | |||
@@ -29,7 +29,6 @@ caps.drop all | |||
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -50,3 +49,6 @@ private-etc alternatives,fonts | |||
50 | private-tmp | 49 | private-tmp |
51 | private-opt none | 50 | private-opt none |
52 | private-srv none | 51 | private-srv none |
52 | |||
53 | dbus-user none | ||
54 | dbus-system none | ||
diff --git a/etc/krita.profile b/etc/krita.profile index 49c36274a..be9921478 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -31,7 +31,6 @@ caps.drop all | |||
31 | ipc-namespace | 31 | ipc-namespace |
32 | # net none | 32 | # net none |
33 | netfilter | 33 | netfilter |
34 | # nodbus | ||
35 | nodvd | 34 | nodvd |
36 | nogroups | 35 | nogroups |
37 | nonewprivs | 36 | nonewprivs |
@@ -47,3 +46,6 @@ shell none | |||
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
diff --git a/etc/ktouch.profile b/etc/ktouch.profile index 446bc50ee..b23b23730 100644 --- a/etc/ktouch.profile +++ b/etc/ktouch.profile | |||
@@ -28,7 +28,6 @@ apparmor | |||
28 | caps.drop all | 28 | caps.drop all |
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -48,3 +47,6 @@ private-cache | |||
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,fonts,kde5rc,machine-id | 48 | private-etc alternatives,fonts,kde5rc,machine-id |
50 | private-tmp | 49 | private-tmp |
50 | |||
51 | dbus-user none | ||
52 | dbus-system none | ||
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 31ac19039..a71e3bfb9 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -29,7 +29,6 @@ apparmor | |||
29 | caps.drop all | 29 | caps.drop all |
30 | # net none | 30 | # net none |
31 | netfilter | 31 | netfilter |
32 | # nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -48,5 +47,7 @@ private-dev | |||
48 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 47 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
51 | 52 | ||
52 | join-or-start kwrite | 53 | join-or-start kwrite |
diff --git a/etc/latex-common.profile b/etc/latex-common.profile index 84901e8ef..b090be726 100644 --- a/etc/latex-common.profile +++ b/etc/latex-common.profile | |||
@@ -20,7 +20,6 @@ include whitelist-var-common.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -38,3 +37,5 @@ private-cache | |||
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/less.profile b/etc/less.profile index 27e24c852..de6fa67d1 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -23,7 +23,6 @@ ipc-namespace | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nonewprivs | 27 | nonewprivs |
29 | #noroot | 28 | #noroot |
@@ -45,6 +44,9 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | writable-var-log | 45 | writable-var-log |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
49 | read-only ${HOME} | 51 | read-only ${HOME} |
50 | read-write ${HOME}/.lesshst | 52 | read-write ${HOME}/.lesshst |
diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile index 748d38221..624d4a8bd 100644 --- a/etc/lincity-ng.profile +++ b/etc/lincity-ng.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | net none | 27 | net none |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin lincity-ng | |||
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/lmms.profile b/etc/lmms.profile index 98ddd03e5..afe1ad635 100644 --- a/etc/lmms.profile +++ b/etc/lmms.profile | |||
@@ -22,7 +22,6 @@ caps.drop all | |||
22 | ipc-namespace | 22 | ipc-namespace |
23 | net none | 23 | net none |
24 | no3d | 24 | no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -37,3 +36,5 @@ shell none | |||
37 | private-dev | 36 | private-dev |
38 | private-tmp | 37 | private-tmp |
39 | 38 | ||
39 | dbus-user none | ||
40 | dbus-system none | ||
diff --git a/etc/lugaru.profile b/etc/lugaru.profile index d81441572..26157b942 100644 --- a/etc/lugaru.profile +++ b/etc/lugaru.profile | |||
@@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
29 | caps.drop all | 29 | caps.drop all |
30 | ipc-namespace | 30 | ipc-namespace |
31 | net none | 31 | net none |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -47,3 +46,6 @@ private-bin lugaru | |||
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 94d90780b..3eef22f98 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
@@ -23,7 +23,6 @@ include disable-xdg.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -41,3 +40,5 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/magicor.profile b/etc/magicor.profile index c34e7b6f2..380a59957 100644 --- a/etc/magicor.profile +++ b/etc/magicor.profile | |||
@@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
29 | apparmor | 29 | apparmor |
30 | caps.drop all | 30 | caps.drop all |
31 | net none | 31 | net none |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -47,3 +46,6 @@ private-cache | |||
47 | private-dev | 46 | private-dev |
48 | private-etc machine-id | 47 | private-etc machine-id |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/manaplus.profile b/etc/manaplus.profile index 93d409bf8..b29a489a6 100644 --- a/etc/manaplus.profile +++ b/etc/manaplus.profile | |||
@@ -28,7 +28,6 @@ include whitelist-var-common.inc | |||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
30 | netfilter | 30 | netfilter |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -46,3 +45,6 @@ private-bin manaplus | |||
46 | private-cache | 45 | private-cache |
47 | private-dev | 46 | private-dev |
48 | private-tmp | 47 | private-tmp |
48 | |||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 8bd62ae0b..ce418d68f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -28,7 +28,6 @@ apparmor | |||
28 | caps.drop all | 28 | caps.drop all |
29 | net none | 29 | net none |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-opt none | 47 | private-opt none |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 40ae663fc..c62d3f6d5 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -24,7 +24,6 @@ ipc-namespace | |||
24 | machine-id | 24 | machine-id |
25 | net none | 25 | net none |
26 | no3d | 26 | no3d |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -45,4 +44,7 @@ private-dev | |||
45 | private-etc alternatives | 44 | private-etc alternatives |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/megaglest.profile b/etc/megaglest.profile index 08eae6dfc..86e7f129e 100644 --- a/etc/megaglest.profile +++ b/etc/megaglest.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin megaglest,megaglest_editor,megaglest_g3dviewer | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/mencoder.profile b/etc/mencoder.profile index ad5ce436a..caf238785 100644 --- a/etc/mencoder.profile +++ b/etc/mencoder.profile | |||
@@ -18,7 +18,6 @@ ipc-namespace | |||
18 | machine-id | 18 | machine-id |
19 | net none | 19 | net none |
20 | no3d | 20 | no3d |
21 | nodbus | ||
22 | nosound | 21 | nosound |
23 | notv | 22 | notv |
24 | protocol unix | 23 | protocol unix |
@@ -27,6 +26,9 @@ x11 none | |||
27 | 26 | ||
28 | private-bin mencoder | 27 | private-bin mencoder |
29 | 28 | ||
29 | dbus-user none | ||
30 | dbus-system none | ||
31 | |||
30 | memory-deny-write-execute | 32 | memory-deny-write-execute |
31 | 33 | ||
32 | # Redirect | 34 | # Redirect |
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index 1f02ff5c0..6022b110a 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile | |||
@@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | netfilter | 31 | netfilter |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -47,3 +46,5 @@ private-bin cat,env,gconftool-2,ln,mendeleydesktop,python*,sh,update-desktop-dat | |||
47 | private-dev | 46 | private-dev |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/meteo-qt.profile b/etc/meteo-qt.profile index 4437d86ea..f9466eb61 100644 --- a/etc/meteo-qt.profile +++ b/etc/meteo-qt.profile | |||
@@ -28,7 +28,6 @@ include whitelist-var-common.inc | |||
28 | 28 | ||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -48,4 +47,7 @@ private-cache | |||
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/mindless.profile b/etc/mindless.profile index 4f33404eb..e6ea54522 100644 --- a/etc/mindless.profile +++ b/etc/mindless.profile | |||
@@ -23,7 +23,6 @@ caps.drop all | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -45,4 +44,7 @@ private-dev | |||
45 | private-etc fonts | 44 | private-etc fonts |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/minetest.profile b/etc/minetest.profile index 0439a1ccc..619173024 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
@@ -27,7 +27,6 @@ include whitelist-var-common.inc | |||
27 | caps.drop all | 27 | caps.drop all |
28 | ipc-namespace | 28 | ipc-namespace |
29 | netfilter | 29 | netfilter |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -47,3 +46,6 @@ private-dev | |||
47 | # private-etc needs to be updated, see #1702 | 46 | # private-etc needs to be updated, see #1702 |
48 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 47 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/mirrormagic.profile b/etc/mirrormagic.profile index 8892ca94d..ef0748436 100644 --- a/etc/mirrormagic.profile +++ b/etc/mirrormagic.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -46,3 +45,6 @@ private-cache | |||
46 | private-dev | 45 | private-dev |
47 | private-etc machine-id | 46 | private-etc machine-id |
48 | private-tmp | 47 | private-tmp |
48 | |||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/mp3splt-gtk.profile b/etc/mp3splt-gtk.profile index e0936476b..bf6077395 100644 --- a/etc/mp3splt-gtk.profile +++ b/etc/mp3splt-gtk.profile | |||
@@ -21,7 +21,6 @@ apparmor | |||
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
23 | no3d | 23 | no3d |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
@@ -39,3 +38,6 @@ private-cache | |||
39 | private-dev | 38 | private-dev |
40 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,machine-id,openal,pulse | 39 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,machine-id,openal,pulse |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/mp3splt.profile b/etc/mp3splt.profile index 7754d276b..c65754a03 100644 --- a/etc/mp3splt.profile +++ b/etc/mp3splt.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -49,3 +48,6 @@ private-etc alternatives | |||
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
51 | memory-deny-write-execute | 50 | memory-deny-write-execute |
51 | |||
52 | dbus-user none | ||
53 | dbus-system none | ||
diff --git a/etc/mpg123.profile b/etc/mpg123.profile index 6dfeb4586..6e18aa401 100644 --- a/etc/mpg123.profile +++ b/etc/mpg123.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | nodbus | ||
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
29 | noroot | 28 | noroot |
@@ -37,3 +36,6 @@ private-dev | |||
37 | private-tmp | 36 | private-tmp |
38 | 37 | ||
39 | memory-deny-write-execute | 38 | memory-deny-write-execute |
39 | |||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 546755ecb..f30fd48eb 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile | |||
@@ -48,7 +48,6 @@ include whitelist-var-common.inc | |||
48 | apparmor | 48 | apparmor |
49 | caps.drop all | 49 | caps.drop all |
50 | netfilter | 50 | netfilter |
51 | nodbus | ||
52 | nodvd | 51 | nodvd |
53 | # Seems to cause issues with Nvidia drivers sometimes | 52 | # Seems to cause issues with Nvidia drivers sometimes |
54 | nogroups | 53 | nogroups |
@@ -67,3 +66,5 @@ private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl | |||
67 | private-dev | 66 | private-dev |
68 | private-tmp | 67 | private-tmp |
69 | 68 | ||
69 | dbus-user none | ||
70 | dbus-system none | ||
diff --git a/etc/mpv.profile b/etc/mpv.profile index 80c45d20b..8c463e7db 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -36,7 +36,7 @@ include whitelist-var-common.inc | |||
36 | apparmor | 36 | apparmor |
37 | caps.drop all | 37 | caps.drop all |
38 | netfilter | 38 | netfilter |
39 | nodbus | 39 | |
40 | # Seems to cause issues with Nvidia drivers sometimes | 40 | # Seems to cause issues with Nvidia drivers sometimes |
41 | nogroups | 41 | nogroups |
42 | nonewprivs | 42 | nonewprivs |
@@ -51,3 +51,6 @@ private-bin env,mpv,python*,youtube-dl | |||
51 | # Causes slow OSD, see #2838 | 51 | # Causes slow OSD, see #2838 |
52 | #private-cache | 52 | #private-cache |
53 | private-dev | 53 | private-dev |
54 | |||
55 | dbus-user none | ||
56 | dbus-system none | ||
diff --git a/etc/mrrescue.profile b/etc/mrrescue.profile index 869a162f8..f02a4f357 100644 --- a/etc/mrrescue.profile +++ b/etc/mrrescue.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,3 +44,6 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-etc machine-id | 45 | private-etc machine-id |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 3bc674134..a6892d698 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
@@ -21,7 +21,6 @@ include disable-programs.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
@@ -40,3 +39,5 @@ private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl | |||
40 | private-dev | 39 | private-dev |
41 | private-tmp | 40 | private-tmp |
42 | 41 | ||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 592467658..a3e56170a 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -22,7 +22,6 @@ apparmor | |||
22 | caps.drop all | 22 | caps.drop all |
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -39,3 +38,6 @@ tracelog | |||
39 | private-dev | 38 | private-dev |
40 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 39 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index e131f5319..00983a8f3 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -24,10 +24,12 @@ include whitelist-common.inc | |||
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nonewprivs | 28 | nonewprivs |
30 | noroot | 29 | noroot |
31 | notv | 30 | notv |
32 | novideo | 31 | novideo |
33 | seccomp | 32 | seccomp |
33 | |||
34 | dbus-user none | ||
35 | dbus-system none | ||
diff --git a/etc/mypaint.profile b/etc/mypaint.profile index d75651d78..c592e8477 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | machine-id | 28 | machine-id |
29 | net none | 29 | net none |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -47,3 +46,5 @@ private-dev | |||
47 | private-etc alternatives,dconf,fonts,gtk-3.0 | 46 | private-etc alternatives,dconf,fonts,gtk-3.0 |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/nano.profile b/etc/nano.profile index bc8c3dde0..2a4625896 100644 --- a/etc/nano.profile +++ b/etc/nano.profile | |||
@@ -28,7 +28,6 @@ ipc-namespace | |||
28 | machine-id | 28 | machine-id |
29 | net none | 29 | net none |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -50,4 +49,7 @@ private-dev | |||
50 | # Comment the next line if you want to edit files in /etc directly | 49 | # Comment the next line if you want to edit files in /etc directly |
51 | private-etc alternatives,nanorc | 50 | private-etc alternatives,nanorc |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | memory-deny-write-execute | 55 | memory-deny-write-execute |
diff --git a/etc/natron.profile b/etc/natron.profile index 7ad217b72..5bf152f84 100644 --- a/etc/natron.profile +++ b/etc/natron.profile | |||
@@ -22,7 +22,6 @@ include disable-programs.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -34,3 +33,6 @@ seccomp | |||
34 | shell none | 33 | shell none |
35 | 34 | ||
36 | private-bin natron,Natron,NatronRenderer | 35 | private-bin natron,Natron,NatronRenderer |
36 | |||
37 | dbus-user none | ||
38 | dbus-system none | ||
diff --git a/etc/ncdu.profile b/etc/ncdu.profile index 9fda6ebe0..651804bf1 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile | |||
@@ -12,7 +12,6 @@ include disable-exec.inc | |||
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | 14 | ipc-namespace |
15 | nodbus | ||
16 | net none | 15 | net none |
17 | no3d | 16 | no3d |
18 | nodvd | 17 | nodvd |
@@ -31,4 +30,7 @@ x11 none | |||
31 | private-dev | 30 | private-dev |
32 | # private-tmp | 31 | # private-tmp |
33 | 32 | ||
33 | dbus-user none | ||
34 | dbus-system none | ||
35 | |||
34 | memory-deny-write-execute | 36 | memory-deny-write-execute |
diff --git a/etc/netactview.profile b/etc/netactview.profile index 0618caf68..cbf0d235d 100644 --- a/etc/netactview.profile +++ b/etc/netactview.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -49,4 +48,7 @@ private-etc alternatives,fonts | |||
49 | private-lib | 48 | private-lib |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | dbus-user none | ||
52 | dbus-system none | ||
53 | |||
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |
diff --git a/etc/nethack-vultures.profile b/etc/nethack-vultures.profile index 079f44ee7..4daa8054b 100644 --- a/etc/nethack-vultures.profile +++ b/etc/nethack-vultures.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | #nonewprivs | 29 | #nonewprivs |
@@ -41,3 +40,6 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
43 | writable-var | 42 | writable-var |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/nethack.profile b/etc/nethack.profile index 3df632451..c8c927db2 100644 --- a/etc/nethack.profile +++ b/etc/nethack.profile | |||
@@ -23,7 +23,6 @@ caps.drop all | |||
23 | ipc-namespace | 23 | ipc-namespace |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | #nonewprivs | 28 | #nonewprivs |
@@ -42,4 +41,7 @@ private-dev | |||
42 | private-tmp | 41 | private-tmp |
43 | writable-var | 42 | writable-var |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | #memory-deny-write-execute | 47 | #memory-deny-write-execute |
diff --git a/etc/newsboat.profile b/etc/newsboat.profile index eabd17b4b..a7bac6286 100644 --- a/etc/newsboat.profile +++ b/etc/newsboat.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | ipc-namespace | 26 | ipc-namespace |
27 | netfilter | 27 | netfilter |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,4 +44,7 @@ private-dev | |||
45 | private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,terminfo | 44 | private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,terminfo |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index dfa64cff9..1743a771e 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | no3d | 28 | no3d |
29 | # nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -47,4 +46,7 @@ private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache, | |||
47 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare | 46 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | # dbus-user none | ||
50 | # dbus-system none | ||
51 | |||
50 | # memory-deny-write-execute | 52 | # memory-deny-write-execute |
diff --git a/etc/nslookup.profile b/etc/nslookup.profile index 000cc1075..a8e0ddd89 100644 --- a/etc/nslookup.profile +++ b/etc/nslookup.profile | |||
@@ -32,7 +32,6 @@ ipc-namespace | |||
32 | machine-id | 32 | machine-id |
33 | netfilter | 33 | netfilter |
34 | no3d | 34 | no3d |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -51,4 +50,7 @@ private-bin bash,nslookup,sh | |||
51 | private-dev | 50 | private-dev |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
53 | dbus-user none | ||
54 | dbus-system none | ||
55 | |||
54 | memory-deny-write-execute | 56 | memory-deny-write-execute |
diff --git a/etc/nyx.profile b/etc/nyx.profile index c4475c75c..df214ff20 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
@@ -28,7 +28,6 @@ include whitelist-var-common.inc | |||
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -50,3 +49,5 @@ private-opt none | |||
50 | private-srv none | 49 | private-srv none |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index a523a6c56..61fe14c08 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile | |||
@@ -29,8 +29,6 @@ ipc-namespace | |||
29 | #net none | 29 | #net none |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | # nodbus - breaks preferences, comment (or put 'ignore nodbus' in your oceanaudio.local) when needed | ||
33 | nodbus | ||
34 | nodvd | 32 | nodvd |
35 | nogroups | 33 | nogroups |
36 | nonewprivs | 34 | nonewprivs |
@@ -49,4 +47,8 @@ private-dev | |||
49 | private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse | 47 | private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse |
50 | private-tmp | 48 | private-tmp |
51 | 49 | ||
50 | # breaks preferences | ||
51 | # dbus-user none | ||
52 | # dbus-system none | ||
53 | |||
52 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 54 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index c0c5b671c..3e4bd94b6 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -20,7 +20,6 @@ include disable-xdg.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -40,4 +39,8 @@ private-cache | |||
40 | private-dev | 39 | private-dev |
41 | private-etc alternatives | 40 | private-etc alternatives |
42 | private-tmp | 41 | private-tmp |
42 | |||
43 | dbus-user none | ||
44 | dbus-system none | ||
45 | |||
43 | read-only ${HOME} | 46 | read-only ${HOME} |
diff --git a/etc/okular.profile b/etc/okular.profile index 9debd86ff..de82f8266 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -37,7 +37,6 @@ caps.drop all | |||
37 | machine-id | 37 | machine-id |
38 | # net none | 38 | # net none |
39 | netfilter | 39 | netfilter |
40 | # nodbus | ||
41 | nodvd | 40 | nodvd |
42 | nogroups | 41 | nogroups |
43 | nonewprivs | 42 | nonewprivs |
@@ -56,6 +55,9 @@ private-dev | |||
56 | private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,xdg | 55 | private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,xdg |
57 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients | 56 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients |
58 | 57 | ||
58 | # dbus-user none | ||
59 | # dbus-system none | ||
60 | |||
59 | # memory-deny-write-execute | 61 | # memory-deny-write-execute |
60 | 62 | ||
61 | join-or-start okular | 63 | join-or-start okular |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 1f214b7f5..de1ef7800 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -38,3 +37,6 @@ shell none | |||
38 | private-bin open-invaders | 37 | private-bin open-invaders |
39 | private-dev | 38 | private-dev |
40 | private-tmp | 39 | private-tmp |
40 | |||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/openarena.profile b/etc/openarena.profile index c83e78e2c..3b15a6e42 100644 --- a/etc/openarena.profile +++ b/etc/openarena.profile | |||
@@ -22,7 +22,6 @@ apparmor | |||
22 | caps.drop all | 22 | caps.drop all |
23 | # ipc-namespace | 23 | # ipc-namespace |
24 | # netfilter | 24 | # netfilter |
25 | # nodbus | ||
26 | # nodvd | 25 | # nodvd |
27 | # nogroups | 26 | # nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -41,3 +40,6 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | # private-etc drirc,machine-id,openal,passwd,selinux,udev,xdg | 41 | # private-etc drirc,machine-id,openal,passwd,selinux,udev,xdg |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | # dbus-user none | ||
45 | # dbus-system none | ||
diff --git a/etc/opencity.profile b/etc/opencity.profile index b0192c947..59a2d1055 100644 --- a/etc/opencity.profile +++ b/etc/opencity.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | net none | 27 | net none |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin opencity | |||
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/openclonk.profile b/etc/openclonk.profile index 20b2a9626..37f046df2 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | ipc-namespace | 26 | ipc-namespace |
27 | # net none - networked game | 27 | # net none - networked game |
28 | netfilter | 28 | netfilter |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -44,3 +43,6 @@ private-bin c4group,openclonk | |||
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-tmp | 45 | private-tmp |
46 | |||
47 | dbus-user none | ||
48 | dbus-system none | ||
diff --git a/etc/openshot.profile b/etc/openshot.profile index 482528be1..e1839c724 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -39,3 +38,5 @@ tracelog | |||
39 | private-dev | 38 | private-dev |
40 | private-tmp | 39 | private-tmp |
41 | 40 | ||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/openttd.profile b/etc/openttd.profile index 10f2f39c3..57e3787aa 100644 --- a/etc/openttd.profile +++ b/etc/openttd.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | net none | 27 | net none |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin openttd | |||
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile index bef784126..378d267f6 100644 --- a/etc/ostrichriders.profile +++ b/etc/ostrichriders.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -43,3 +42,6 @@ private-cache | |||
43 | # private-dev should be commented for controllers | 42 | # private-dev should be commented for controllers |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/pandoc.profile b/etc/pandoc.profile index 9117b0c07..354f6eab8 100644 --- a/etc/pandoc.profile +++ b/etc/pandoc.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -51,4 +50,7 @@ private-dev | |||
51 | private-etc alternatives,texlive | 50 | private-etc alternatives,texlive |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
53 | dbus-user none | ||
54 | dbus-system none | ||
55 | |||
54 | memory-deny-write-execute | 56 | memory-deny-write-execute |
diff --git a/etc/patch.profile b/etc/patch.profile index 95c92a3f5..2bb85e3c6 100644 --- a/etc/patch.profile +++ b/etc/patch.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | ipc-namespace | 26 | ipc-namespace |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,4 +44,7 @@ private-bin patch,red | |||
45 | private-dev | 44 | private-dev |
46 | private-lib libfakeroot | 45 | private-lib libfakeroot |
47 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||
49 | |||
48 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index 0ae9f08af..f7d3576da 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile | |||
@@ -29,7 +29,6 @@ apparmor | |||
29 | caps.drop all | 29 | caps.drop all |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -50,5 +49,8 @@ private-etc alternatives,asound.conf,avahi,fonts,machine-id,pulse | |||
50 | private-lib | 49 | private-lib |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | # mdwe is broken under Wayland, but works under Xorg. | 55 | # mdwe is broken under Wayland, but works under Xorg. |
54 | #memory-deny-write-execute | 56 | #memory-deny-write-execute |
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 7f2a0d673..4e53f9d6e 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -20,7 +20,6 @@ allusers | |||
20 | caps.drop all | 20 | caps.drop all |
21 | # net none - see issue #1467, computer:/// location broken | 21 | # net none - see issue #1467, computer:/// location broken |
22 | no3d | 22 | no3d |
23 | # nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nonewprivs | 24 | nonewprivs |
26 | noroot | 25 | noroot |
@@ -31,3 +30,6 @@ protocol unix | |||
31 | seccomp | 30 | seccomp |
32 | shell none | 31 | shell none |
33 | tracelog | 32 | tracelog |
33 | |||
34 | # dbus-user none | ||
35 | # dbus-system none | ||
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index 98a9f1840..4b6da4d6f 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
@@ -21,7 +21,6 @@ caps.drop all | |||
21 | ipc-namespace | 21 | ipc-namespace |
22 | net none | 22 | net none |
23 | no3d | 23 | no3d |
24 | nodbus | ||
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
27 | noroot | 26 | noroot |
@@ -38,4 +37,7 @@ private-dev | |||
38 | private-etc alternatives,dconf,fonts,gtk-3.0,xdg | 37 | private-etc alternatives,dconf,fonts,gtk-3.0,xdg |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
42 | |||
41 | memory-deny-write-execute | 43 | memory-deny-write-execute |
diff --git a/etc/pdfmod.profile b/etc/pdfmod.profile index 177070e83..fb3c42526 100644 --- a/etc/pdfmod.profile +++ b/etc/pdfmod.profile | |||
@@ -25,7 +25,6 @@ ipc-namespace | |||
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -41,3 +40,5 @@ shell none | |||
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 48f424190..2f4227159 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -23,7 +23,6 @@ caps.drop all | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -41,3 +40,5 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index a7112f1e8..d9e4aedfb 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -49,3 +48,6 @@ private-cache | |||
49 | private-dev | 48 | private-dev |
50 | private-etc alternatives | 49 | private-etc alternatives |
51 | private-tmp | 50 | private-tmp |
51 | |||
52 | dbus-user none | ||
53 | dbus-system none | ||
diff --git a/etc/peek.profile b/etc/peek.profile index 8cbff0c64..66fdd6496 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -20,7 +20,6 @@ include disable-xdg.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | no3d | 22 | no3d |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -38,4 +37,7 @@ shell none | |||
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
42 | |||
41 | memory-deny-write-execute | 43 | memory-deny-write-execute |
diff --git a/etc/penguin-command.profile b/etc/penguin-command.profile index a44126b65..d4d3e914d 100644 --- a/etc/penguin-command.profile +++ b/etc/penguin-command.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -37,3 +36,6 @@ shell none | |||
37 | private-bin penguin-command | 36 | private-bin penguin-command |
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
39 | |||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/pingus.profile b/etc/pingus.profile index 8e77a26d0..cfe45b9c9 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -38,3 +37,6 @@ shell none | |||
38 | # private-bin pingus | 37 | # private-bin pingus |
39 | private-dev | 38 | private-dev |
40 | private-tmp | 39 | private-tmp |
40 | |||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/pinta.profile b/etc/pinta.profile index 8151bc98f..7d94972c4 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -21,7 +21,6 @@ include disable-xdg.inc | |||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | 22 | ipc-namespace |
23 | net none | 23 | net none |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
27 | nonewprivs | 26 | nonewprivs |
@@ -38,3 +37,5 @@ private-dev | |||
38 | private-cache | 37 | private-cache |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/pioneer.profile b/etc/pioneer.profile index c5b936617..8b1c5afb8 100644 --- a/etc/pioneer.profile +++ b/etc/pioneer.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin modelcompiler,pioneer,savegamedump | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/pluma.profile b/etc/pluma.profile index dadfcc44e..ea8550bda 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -26,7 +26,6 @@ caps.drop all | |||
26 | machine-id | 26 | machine-id |
27 | # net none - makes settings immutable | 27 | # net none - makes settings immutable |
28 | no3d | 28 | no3d |
29 | # nodbus - makes settings immutable | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,6 +44,10 @@ private-dev | |||
45 | private-lib aspell,gconv,libgspell-1.so.*,libreadline.so.*,libtinfo.so.*,pluma | 44 | private-lib aspell,gconv,libgspell-1.so.*,libreadline.so.*,libtinfo.so.*,pluma |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | # makes settings immutable | ||
48 | # dbus-user none | ||
49 | # dbus-system none | ||
50 | |||
48 | memory-deny-write-execute | 51 | memory-deny-write-execute |
49 | 52 | ||
50 | join-or-start pluma | 53 | join-or-start pluma |
diff --git a/etc/pngquant.profile b/etc/pngquant.profile index 4695eee71..e9338d4b9 100644 --- a/etc/pngquant.profile +++ b/etc/pngquant.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-etc alternatives | 47 | private-etc alternatives |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 0b5da661a..c62e53151 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
24 | net none | 24 | net none |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -39,3 +38,5 @@ private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts | |||
39 | private-opt ppsspp | 38 | private-opt ppsspp |
40 | private-tmp | 39 | private-tmp |
41 | 40 | ||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/profanity.profile b/etc/profanity.profile index 6ca9314e9..b7aa2bf52 100644 --- a/etc/profanity.profile +++ b/etc/profanity.profile | |||
@@ -28,7 +28,6 @@ include whitelist-var-common.inc | |||
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -47,4 +46,7 @@ private-dev | |||
47 | private-etc alternatives,ca-certificates,crypto-policies,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl | 46 | private-etc alternatives,ca-certificates,crypto-policies,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
50 | memory-deny-write-execute | 52 | memory-deny-write-execute |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index fe9caec77..820dc7214 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -38,7 +38,6 @@ apparmor | |||
38 | caps.drop all | 38 | caps.drop all |
39 | machine-id | 39 | machine-id |
40 | netfilter | 40 | netfilter |
41 | nodbus | ||
42 | nodvd | 41 | nodvd |
43 | nogroups | 42 | nogroups |
44 | nonewprivs | 43 | nonewprivs |
@@ -56,4 +55,7 @@ private-dev | |||
56 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg | 55 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl,X11,xdg |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
59 | # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo | 61 | # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo |
diff --git a/etc/qgis.profile b/etc/qgis.profile index 88ed0cd81..eee538383 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile | |||
@@ -35,7 +35,6 @@ include whitelist-var-common.inc | |||
35 | caps.drop all | 35 | caps.drop all |
36 | netfilter | 36 | netfilter |
37 | machine-id | 37 | machine-id |
38 | nodbus | ||
39 | nodvd | 38 | nodvd |
40 | nogroups | 39 | nogroups |
41 | nonewprivs | 40 | nonewprivs |
@@ -55,3 +54,6 @@ private-cache | |||
55 | private-dev | 54 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf |
57 | private-tmp | 56 | private-tmp |
57 | |||
58 | dbus-user none | ||
59 | dbus-system none | ||
diff --git a/etc/qmmp.profile b/etc/qmmp.profile index b69bbdef1..4dc6b6784 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile | |||
@@ -19,7 +19,6 @@ include disable-xdg.inc | |||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | # no3d | 21 | # no3d |
22 | nodbus | ||
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
25 | noroot | 24 | noroot |
@@ -35,3 +34,5 @@ private-bin bzip2,gzip,qmmp,tar,unzip | |||
35 | private-dev | 34 | private-dev |
36 | private-tmp | 35 | private-tmp |
37 | 36 | ||
37 | dbus-user none | ||
38 | dbus-system none | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index dace1634f..c082762ad 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -23,8 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | machine-id | 25 | machine-id |
26 | # needs D-Bus when started from a file manager | ||
27 | #nodbus | ||
28 | nodvd | 26 | nodvd |
29 | nogroups | 27 | nogroups |
30 | nonewprivs | 28 | nonewprivs |
@@ -41,3 +39,7 @@ tracelog | |||
41 | private-bin qpdfview | 39 | private-bin qpdfview |
42 | private-dev | 40 | private-dev |
43 | private-tmp | 41 | private-tmp |
42 | |||
43 | # needs D-Bus when started from a file manager | ||
44 | # dbus-user none | ||
45 | # dbus-system none | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index cb2a78920..c8b77123d 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -27,7 +27,6 @@ apparmor | |||
27 | caps.drop all | 27 | caps.drop all |
28 | ipc-namespace | 28 | ipc-namespace |
29 | netfilter | 29 | netfilter |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -46,4 +45,7 @@ private-dev | |||
46 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl | 45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | dbus-user none | ||
49 | dbus-system none | ||
50 | |||
49 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/ranger.profile b/etc/ranger.profile index bcf39095b..af033af1a 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -26,7 +26,6 @@ include disable-programs.inc | |||
26 | allusers | 26 | allusers |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -40,3 +39,6 @@ seccomp | |||
40 | #x11 none | 39 | #x11 none |
41 | 40 | ||
42 | private-dev | 41 | private-dev |
42 | |||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/redshift.profile b/etc/redshift.profile index 0f6d34ed0..298ab1902 100644 --- a/etc/redshift.profile +++ b/etc/redshift.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -48,4 +47,7 @@ private-cache | |||
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/regextester.profile b/etc/regextester.profile index e30748946..207156ba5 100644 --- a/etc/regextester.profile +++ b/etc/regextester.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | # nodbus - makes settings immutable | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -48,6 +47,10 @@ private-etc alternatives,fonts | |||
48 | private-lib libgranite.so.* | 47 | private-lib libgranite.so.* |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | # makes settings immutable | ||
51 | # dbus-user none | ||
52 | # dbus-system none | ||
53 | |||
51 | memory-deny-write-execute | 54 | memory-deny-write-execute |
52 | 55 | ||
53 | # never write anything | 56 | # never write anything |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 689fbe626..e8f964383 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -32,7 +32,6 @@ include whitelist-var-common.inc | |||
32 | apparmor | 32 | apparmor |
33 | caps.drop all | 33 | caps.drop all |
34 | netfilter | 34 | netfilter |
35 | # nodbus - makes settings immutable | ||
36 | nogroups | 35 | nogroups |
37 | nonewprivs | 36 | nonewprivs |
38 | noroot | 37 | noroot |
@@ -47,3 +46,7 @@ tracelog | |||
47 | private-bin rhythmbox,rhythmbox-client | 46 | private-bin rhythmbox,rhythmbox-client |
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | # makes settings immutable | ||
51 | # dbus-user none | ||
52 | # dbus-system none | ||
diff --git a/etc/ripperx.profile b/etc/ripperx.profile index b572aa1b4..cf6daada5 100644 --- a/etc/ripperx.profile +++ b/etc/ripperx.profile | |||
@@ -24,7 +24,6 @@ apparmor | |||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | no3d | 26 | no3d |
27 | nodbus | ||
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
30 | noroot | 29 | noroot |
@@ -39,3 +38,6 @@ tracelog | |||
39 | private-cache | 38 | private-cache |
40 | private-dev | 39 | private-dev |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile index 500656a4b..a39ff759a 100644 --- a/etc/rsync-download_only.profile +++ b/etc/rsync-download_only.profile | |||
@@ -33,7 +33,6 @@ ipc-namespace | |||
33 | machine-id | 33 | machine-id |
34 | netfilter | 34 | netfilter |
35 | no3d | 35 | no3d |
36 | nodbus | ||
37 | nodvd | 36 | nodvd |
38 | nogroups | 37 | nogroups |
39 | nonewprivs | 38 | nonewprivs |
@@ -54,4 +53,7 @@ private-dev | |||
54 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 53 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
55 | private-tmp | 54 | private-tmp |
56 | 55 | ||
56 | dbus-user none | ||
57 | dbus-system none | ||
58 | |||
57 | memory-deny-write-execute | 59 | memory-deny-write-execute |
diff --git a/etc/rtv.profile b/etc/rtv.profile index af4b7e94b..14740e05f 100644 --- a/etc/rtv.profile +++ b/etc/rtv.profile | |||
@@ -35,7 +35,6 @@ caps.drop all | |||
35 | machine-id | 35 | machine-id |
36 | netfilter | 36 | netfilter |
37 | no3d | 37 | no3d |
38 | nodbus | ||
39 | nodvd | 38 | nodvd |
40 | nogroups | 39 | nogroups |
41 | nonewprivs | 40 | nonewprivs |
@@ -54,3 +53,6 @@ private-bin python*,rtv,sh,xdg-settings | |||
54 | private-cache | 53 | private-cache |
55 | private-dev | 54 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg | 55 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg |
56 | |||
57 | dbus-user none | ||
58 | dbus-system none | ||
diff --git a/etc/scallion.profile b/etc/scallion.profile index dee9e1f40..0f67d4d09 100644 --- a/etc/scallion.profile +++ b/etc/scallion.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | ipc-namespace | 24 | ipc-namespace |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -40,3 +39,6 @@ disable-mnt | |||
40 | private | 39 | private |
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
42 | |||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/scorched3d.profile b/etc/scorched3d.profile index e94d436cf..b5e51198b 100644 --- a/etc/scorched3d.profile +++ b/etc/scorched3d.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin scorched3d,scorched3d-wrapper,scorched3dc,scorched3ds | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/scorchwentbonkers.profile b/etc/scorchwentbonkers.profile index fcb3d5f29..7cb57edce 100644 --- a/etc/scorchwentbonkers.profile +++ b/etc/scorchwentbonkers.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -45,3 +44,6 @@ private-cache | |||
45 | private-dev | 44 | private-dev |
46 | private-etc alsa,asound.conf,machine-id,pulse | 45 | private-etc alsa,asound.conf,machine-id,pulse |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index e7faccea1..22cd10737 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -43,7 +43,6 @@ include whitelist-var-common.inc | |||
43 | apparmor | 43 | apparmor |
44 | caps.drop all | 44 | caps.drop all |
45 | net none | 45 | net none |
46 | nodbus | ||
47 | nodvd | 46 | nodvd |
48 | nogroups | 47 | nogroups |
49 | nonewprivs | 48 | nonewprivs |
@@ -61,3 +60,5 @@ tracelog | |||
61 | private-dev | 60 | private-dev |
62 | private-tmp | 61 | private-tmp |
63 | 62 | ||
63 | dbus-user none | ||
64 | dbus-system none | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index a367acad5..b45eff4cd 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -40,3 +39,5 @@ private-bin env,python*,sdat2img | |||
40 | private-cache | 39 | private-cache |
41 | private-dev | 40 | private-dev |
42 | 41 | ||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/seahorse-adventures.profile b/etc/seahorse-adventures.profile index 5fd654eed..895724844 100644 --- a/etc/seahorse-adventures.profile +++ b/etc/seahorse-adventures.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -46,3 +45,6 @@ private-cache | |||
46 | private-dev | 45 | private-dev |
47 | private-etc machine-id | 46 | private-etc machine-id |
48 | private-tmp | 47 | private-tmp |
48 | |||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/server.profile b/etc/server.profile index ce318a828..bee8df932 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -28,7 +28,6 @@ caps | |||
28 | # ipc-namespace | 28 | # ipc-namespace |
29 | # netfilter /etc/firejail/webserver.net | 29 | # netfilter /etc/firejail/webserver.net |
30 | no3d | 30 | no3d |
31 | # nodbus | ||
32 | nodvd | 31 | nodvd |
33 | # nogroups | 32 | # nogroups |
34 | # nonewprivs | 33 | # nonewprivs |
@@ -49,4 +48,7 @@ private-dev | |||
49 | # private-lib | 48 | # private-lib |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | # dbus-user none | ||
52 | # dbus-system none | ||
53 | |||
52 | # memory-deny-write-execute | 54 | # memory-deny-write-execute |
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index fb43c61e4..6cd70c2ea 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | net none | 31 | net none |
32 | no3d | 32 | no3d |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -49,4 +48,7 @@ private-cache | |||
49 | private-dev | 48 | private-dev |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | dbus-user none | ||
52 | dbus-system none | ||
53 | |||
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index 072cc2c0d..bec0bfbb0 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -19,7 +19,6 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -34,3 +33,6 @@ tracelog | |||
34 | #private-bin melt,nice,qmelt,shotcut | 33 | #private-bin melt,nice,qmelt,shotcut |
35 | private-cache | 34 | private-cache |
36 | private-dev | 35 | private-dev |
36 | |||
37 | dbus-user none | ||
38 | dbus-system none | ||
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index 25932720b..5d9225705 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile | |||
@@ -30,7 +30,6 @@ include whitelist-var-common.inc | |||
30 | apparmor | 30 | apparmor |
31 | caps.keep sys_admin,sys_chroot | 31 | caps.keep sys_admin,sys_chroot |
32 | netfilter | 32 | netfilter |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | notv | 35 | notv |
@@ -40,3 +39,6 @@ shell none | |||
40 | disable-mnt | 39 | disable-mnt |
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
42 | |||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 73093a259..1b81f2ea1 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -38,3 +37,6 @@ shell none | |||
38 | # private-bin simutrans | 37 | # private-bin simutrans |
39 | private-dev | 38 | private-dev |
40 | private-tmp | 39 | private-tmp |
40 | |||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 6f9bfd201..093a61398 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -17,7 +17,6 @@ include disable-xdg.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | netfilter | 19 | netfilter |
20 | # nodbus | ||
21 | nodvd | 20 | nodvd |
22 | nogroups | 21 | nogroups |
23 | nonewprivs | 22 | nonewprivs |
@@ -33,3 +32,6 @@ shell none | |||
33 | # private-bin kbuildsycoca4,kdeinit4,skanlite | 32 | # private-bin kbuildsycoca4,kdeinit4,skanlite |
34 | # private-dev | 33 | # private-dev |
35 | # private-tmp | 34 | # private-tmp |
35 | |||
36 | # dbus-user none | ||
37 | # dbus-system none | ||
diff --git a/etc/slashem.profile b/etc/slashem.profile index 8c84180d7..ca0516e65 100644 --- a/etc/slashem.profile +++ b/etc/slashem.profile | |||
@@ -23,7 +23,6 @@ caps.drop all | |||
23 | ipc-namespace | 23 | ipc-namespace |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | #nonewprivs | 28 | #nonewprivs |
@@ -42,4 +41,7 @@ private-dev | |||
42 | private-tmp | 41 | private-tmp |
43 | writable-var | 42 | writable-var |
44 | 43 | ||
44 | dbus-user none | ||
45 | dbus-system none | ||
46 | |||
45 | #memory-deny-write-execute | 47 | #memory-deny-write-execute |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 395888c8a..ac01c675b 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -32,7 +32,6 @@ include whitelist-var-common.inc | |||
32 | apparmor | 32 | apparmor |
33 | caps.drop all | 33 | caps.drop all |
34 | netfilter | 34 | netfilter |
35 | # nodbus - problems with KDE | ||
36 | # nogroups | 35 | # nogroups |
37 | nonewprivs | 36 | nonewprivs |
38 | noroot | 37 | noroot |
@@ -45,3 +44,6 @@ private-bin env,mplayer,mpv,python*,smplayer,smtube,youtube-dl | |||
45 | private-dev | 44 | private-dev |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
47 | # problems with KDE | ||
48 | # dbus-user none | ||
49 | # dbus-system none | ||
diff --git a/etc/softmaker-common.inc b/etc/softmaker-common.inc index 48249877c..a8ec5848c 100644 --- a/etc/softmaker-common.inc +++ b/etc/softmaker-common.inc | |||
@@ -28,7 +28,6 @@ apparmor | |||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
30 | netfilter | 30 | netfilter |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -46,3 +45,6 @@ private-cache | |||
46 | private-dev | 45 | private-dev |
47 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl | 46 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl |
48 | private-tmp | 47 | private-tmp |
48 | |||
49 | dbus-user none | ||
50 | dbus-system none | ||
diff --git a/etc/sol.profile b/etc/sol.profile index 4c8fdfbb1..8519de6df 100644 --- a/etc/sol.profile +++ b/etc/sol.profile | |||
@@ -22,7 +22,6 @@ caps.drop all | |||
22 | ipc-namespace | 22 | ipc-namespace |
23 | net none | 23 | net none |
24 | # no3d | 24 | # no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -41,4 +40,7 @@ private-cache | |||
41 | private-dev | 40 | private-dev |
42 | private-tmp | 41 | private-tmp |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
45 | |||
44 | # memory-deny-write-execute | 46 | # memory-deny-write-execute |
diff --git a/etc/sound-juicer.profile b/etc/sound-juicer.profile index ebd321573..b9f3768be 100644 --- a/etc/sound-juicer.profile +++ b/etc/sound-juicer.profile | |||
@@ -23,7 +23,6 @@ apparmor | |||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | no3d | 25 | no3d |
26 | #nodbus | ||
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
29 | noroot | 28 | noroot |
@@ -39,3 +38,6 @@ tracelog | |||
39 | private-cache | 38 | private-cache |
40 | private-dev | 39 | private-dev |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | # dbus-user none | ||
43 | # dbus-system none | ||
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index e27df4cc8..a0b99abcf 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile | |||
@@ -31,7 +31,6 @@ caps.keep sys_rawio | |||
31 | ipc-namespace | 31 | ipc-namespace |
32 | net none | 32 | net none |
33 | no3d | 33 | no3d |
34 | nodbus | ||
35 | nodvd | 34 | nodvd |
36 | nogroups | 35 | nogroups |
37 | nonewprivs | 36 | nonewprivs |
@@ -49,4 +48,7 @@ private-bin awk,bzip2,cat,coreos-install,cpucontrol,cut,dd,dirname,dmesg,dnf,ech | |||
49 | private-cache | 48 | private-cache |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | dbus-user none | ||
52 | dbus-system none | ||
53 | |||
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 59692f1d6..1a34cb86d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
31 | netfilter | 31 | netfilter |
32 | #nodbus - dbus needed for MPRIS | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -50,3 +49,6 @@ private-opt spotify | |||
50 | private-srv none | 49 | private-srv none |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | # dbus needed for MPRIS | ||
53 | # dbus-user none | ||
54 | # dbus-system none | ||
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 94bb4d3f2..017120811 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -24,7 +24,6 @@ apparmor | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | # nodbus - breaks proxy creation | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -43,4 +42,8 @@ private-dev | |||
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
45 | # breaks proxy creation | ||
46 | # dbus-user none | ||
47 | # dbus-system none | ||
48 | |||
46 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 49 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index cf509852a..01b63d3ce 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -22,7 +22,6 @@ include whitelist-usr-share-common.inc | |||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | no3d | 24 | no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nonewprivs | 26 | nonewprivs |
28 | noroot | 27 | noroot |
@@ -34,3 +33,6 @@ shell none | |||
34 | tracelog | 33 | tracelog |
35 | 34 | ||
36 | writable-run-user | 35 | writable-run-user |
36 | |||
37 | dbus-user none | ||
38 | dbus-system none | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index a69fdb0f5..5d3458c29 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | ipc-namespace | 28 | ipc-namespace |
29 | netfilter | 29 | netfilter |
30 | no3d | 30 | no3d |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -47,4 +46,7 @@ private-dev | |||
47 | # private-tmp # Breaks when exiting | 46 | # private-tmp # Breaks when exiting |
48 | writable-run-user | 47 | writable-run-user |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
50 | memory-deny-write-execute | 52 | memory-deny-write-execute |
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index a402aca5a..1292b806b 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | machine-id | 26 | machine-id |
27 | netfilter | 27 | netfilter |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -41,3 +40,5 @@ private-dev | |||
41 | private-tmp | 40 | private-tmp |
42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,pki,resolv.conf,ssl,xdg | 41 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,pki,resolv.conf,ssl,xdg |
43 | 42 | ||
43 | dbus-user none | ||
44 | dbus-system none | ||
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index f9daf8f09..b62b19101 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -19,7 +19,6 @@ include whitelist-var-common.inc | |||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | netfilter | 21 | netfilter |
22 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -38,3 +37,6 @@ private-bin bash,cat,cp,cut,dirname,env,getconf,gpg,grep,gxmessage,id,kdialog,ln | |||
38 | private-dev | 37 | private-dev |
39 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 38 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
40 | private-tmp | 39 | private-tmp |
40 | |||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/steam.profile b/etc/steam.profile index ef927ba89..2463764a7 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -77,8 +77,6 @@ include whitelist-var-common.inc | |||
77 | caps.drop all | 77 | caps.drop all |
78 | #ipc-namespace | 78 | #ipc-namespace |
79 | netfilter | 79 | netfilter |
80 | # nodbus disabled as it breaks appindicator support | ||
81 | #nodbus | ||
82 | nodvd | 80 | nodvd |
83 | # nVidia user may need to comment / ignore nogroups and noroot | 81 | # nVidia user may need to comment / ignore nogroups and noroot |
84 | nogroups | 82 | nogroups |
@@ -108,3 +106,7 @@ private-dev | |||
108 | # private-etc breaks a small selection of games on some systems, comment to support those | 106 | # private-etc breaks a small selection of games on some systems, comment to support those |
109 | private-etc alternatives,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl | 107 | private-etc alternatives,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl |
110 | private-tmp | 108 | private-tmp |
109 | |||
110 | # breaks appindicator support | ||
111 | # dbus-user none | ||
112 | # dbus-system none | ||
diff --git a/etc/strings.profile b/etc/strings.profile index 7d2d035a4..31ed5dd3f 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -27,7 +27,6 @@ ipc-namespace | |||
27 | machine-id | 27 | machine-id |
28 | net none | 28 | net none |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -50,5 +49,8 @@ private-dev | |||
50 | #private-lib libfakeroot | 49 | #private-lib libfakeroot |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | memory-deny-write-execute | 55 | memory-deny-write-execute |
54 | read-only ${HOME} | 56 | read-only ${HOME} |
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile index f6165f139..428af3737 100644 --- a/etc/subdownloader.profile +++ b/etc/subdownloader.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | netfilter | 31 | netfilter |
32 | no3d | 32 | no3d |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-etc alternatives,fonts | 47 | private-etc alternatives,fonts |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 53 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index a702faa9e..e1cdb114c 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -39,3 +38,6 @@ disable-mnt | |||
39 | # private-bin supertux2 | 38 | # private-bin supertux2 |
40 | private-dev | 39 | private-dev |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 2975a61ed..73877b1b5 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile | |||
@@ -32,7 +32,6 @@ include whitelist-var-common.inc | |||
32 | apparmor | 32 | apparmor |
33 | caps.drop all | 33 | caps.drop all |
34 | netfilter | 34 | netfilter |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -54,3 +53,5 @@ private-tmp | |||
54 | private-opt none | 53 | private-opt none |
55 | private-srv none | 54 | private-srv none |
56 | 55 | ||
56 | dbus-user none | ||
57 | dbus-system none | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 30b0ad762..a83080cc3 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -18,7 +18,6 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
@@ -36,3 +35,5 @@ private-cache | |||
36 | private-dev | 35 | private-dev |
37 | private-tmp | 36 | private-tmp |
38 | 37 | ||
38 | dbus-user none | ||
39 | dbus-system none | ||
diff --git a/etc/sysprof-cli.profile b/etc/sysprof-cli.profile index 935c7e9ca..8f4de130b 100644 --- a/etc/sysprof-cli.profile +++ b/etc/sysprof-cli.profile | |||
@@ -7,12 +7,13 @@ include sysprof-cli.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodbus | ||
11 | |||
12 | # There is no GUI help menu to break in the CLI version | 10 | # There is no GUI help menu to break in the CLI version |
13 | private-bin sysprof-cli | 11 | private-bin sysprof-cli |
14 | private-lib | 12 | private-lib |
15 | 13 | ||
14 | dbus-user none | ||
15 | dbus-system none | ||
16 | |||
16 | memory-deny-write-execute | 17 | memory-deny-write-execute |
17 | 18 | ||
18 | # Redirect | 19 | # Redirect |
diff --git a/etc/sysprof.profile b/etc/sysprof.profile index 9761629d2..ad3346285 100644 --- a/etc/sysprof.profile +++ b/etc/sysprof.profile | |||
@@ -23,7 +23,6 @@ ipc-namespace | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | # nodbus - makes settings immutable | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -46,4 +45,8 @@ private-etc alternatives,fonts,ld.so.cache,machine-id,ssl | |||
46 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so | 45 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | # makes settings immutable | ||
49 | # dbus-user none | ||
50 | # dbus-system none | ||
51 | |||
49 | # memory-deny-write-execute - Breaks GUI on Arch | 52 | # memory-deny-write-execute - Breaks GUI on Arch |
diff --git a/etc/tar.profile b/etc/tar.profile index 0858dcb26..3a7405305 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -26,7 +26,6 @@ ipc-namespace | |||
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -50,4 +49,7 @@ private-lib libfakeroot | |||
50 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 49 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
51 | writable-var | 50 | writable-var |
52 | 51 | ||
52 | dbus-user none | ||
53 | dbus-system none | ||
54 | |||
53 | memory-deny-write-execute | 55 | memory-deny-write-execute |
diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index 882d8d0f3..a13c92bc3 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile | |||
@@ -7,7 +7,8 @@ include teams-for-linux.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | ignore nodbus | 10 | ignore dbus-user none |
11 | ignore dbus-system none | ||
11 | 12 | ||
12 | noblacklist ${HOME}/.config/teams-for-linux | 13 | noblacklist ${HOME}/.config/teams-for-linux |
13 | 14 | ||
diff --git a/etc/teams.profile b/etc/teams.profile index 0e5a42be7..326b97e4b 100644 --- a/etc/teams.profile +++ b/etc/teams.profile | |||
@@ -9,7 +9,8 @@ include teams.local | |||
9 | # added by included profile | 9 | # added by included profile |
10 | #include globals.local | 10 | #include globals.local |
11 | 11 | ||
12 | ignore nodbus | 12 | ignore dbus-user none |
13 | ignore dbus-system none | ||
13 | 14 | ||
14 | noblacklist ${HOME}/.config/teams | 15 | noblacklist ${HOME}/.config/teams |
15 | noblacklist ${HOME}/.config/Microsoft | 16 | noblacklist ${HOME}/.config/Microsoft |
diff --git a/etc/teeworlds.profile b/etc/teeworlds.profile index 782f337d3..7765703de 100644 --- a/etc/teeworlds.profile +++ b/etc/teeworlds.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin teeworlds | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 4cb40027c..b3ebd4996 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -136,7 +136,6 @@ include globals.local | |||
136 | #net none | 136 | #net none |
137 | #netfilter | 137 | #netfilter |
138 | #no3d | 138 | #no3d |
139 | #nodbus | ||
140 | #nodvd | 139 | #nodvd |
141 | #nogroups | 140 | #nogroups |
142 | #nonewprivs | 141 | #nonewprivs |
@@ -186,6 +185,9 @@ include globals.local | |||
186 | ##writable-var | 185 | ##writable-var |
187 | ##writable-var-log | 186 | ##writable-var-log |
188 | 187 | ||
188 | #dbus-user none | ||
189 | #dbus-system none | ||
190 | |||
189 | ##env VAR=VALUE | 191 | ##env VAR=VALUE |
190 | #memory-deny-write-execute | 192 | #memory-deny-write-execute |
191 | ##noexec PATH | 193 | ##noexec PATH |
diff --git a/etc/terasology.profile b/etc/terasology.profile index 3324a18be..36ce6d469 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -28,7 +28,6 @@ include whitelist-common.inc | |||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
30 | net none | 30 | net none |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -44,3 +43,6 @@ disable-mnt | |||
44 | private-dev | 43 | private-dev |
45 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl | 44 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl |
46 | private-tmp | 45 | private-tmp |
46 | |||
47 | dbus-user none | ||
48 | dbus-system none | ||
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 06bd2bb03..44ed6e5e0 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -7,7 +7,8 @@ include thunderbird.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # writable-run-user and dbus are needed by enigmail | 9 | # writable-run-user and dbus are needed by enigmail |
10 | ignore nodbus | 10 | ignore dbus-user none |
11 | ignore dbus-system none | ||
11 | writable-run-user | 12 | writable-run-user |
12 | 13 | ||
13 | # If you want to read local mail stored in /var/mail, add the following to thunderbird.local: | 14 | # If you want to read local mail stored in /var/mail, add the following to thunderbird.local: |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 329d7be02..6bcc51f4d 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -33,7 +33,6 @@ include whitelist-var-common.inc | |||
33 | 33 | ||
34 | caps.drop all | 34 | caps.drop all |
35 | netfilter | 35 | netfilter |
36 | nodbus | ||
37 | nodvd | 36 | nodvd |
38 | nogroups | 37 | nogroups |
39 | nonewprivs | 38 | nonewprivs |
@@ -52,3 +51,6 @@ private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog, | |||
52 | private-dev | 51 | private-dev |
53 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 52 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
54 | private-tmp | 53 | private-tmp |
54 | |||
55 | dbus-user none | ||
56 | dbus-system none | ||
diff --git a/etc/torcs.profile b/etc/torcs.profile index d9c59b276..8dcd7447b 100644 --- a/etc/torcs.profile +++ b/etc/torcs.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | net none | 26 | net none |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -41,3 +40,6 @@ disable-mnt | |||
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/totem.profile b/etc/totem.profile index 5b74709e3..d49ef0cb8 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -27,7 +27,6 @@ include whitelist-var-common.inc | |||
27 | # apparmor - makes settings immutable | 27 | # apparmor - makes settings immutable |
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
30 | # nodbus - makes settings immutable | ||
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
33 | noroot | 32 | noroot |
@@ -43,3 +42,6 @@ private-dev | |||
43 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl | 42 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
45 | # makes settings immutable | ||
46 | # dbus-user none | ||
47 | # dbus-system none | ||
diff --git a/etc/transgui.profile b/etc/transgui.profile index 567e2ab30..cafc6e6d1 100644 --- a/etc/transgui.profile +++ b/etc/transgui.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | ipc-namespace | 28 | ipc-namespace |
29 | machine-id | 29 | machine-id |
30 | netfilter | 30 | netfilter |
31 | nodbus | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -49,4 +48,7 @@ private-etc alternatives,fonts | |||
49 | private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* | 48 | private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
51 | dbus-user none | ||
52 | dbus-system none | ||
53 | |||
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile index b9f49c4a4..9d2e8e990 100644 --- a/etc/transmission-common.profile +++ b/etc/transmission-common.profile | |||
@@ -30,7 +30,6 @@ apparmor | |||
30 | caps.drop all | 30 | caps.drop all |
31 | machine-id | 31 | machine-id |
32 | netfilter | 32 | netfilter |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nonewprivs | 34 | nonewprivs |
36 | noroot | 35 | noroot |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-lib | 47 | private-lib |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/tremulous.profile b/etc/tremulous.profile index e148298ae..64bb8cba8 100644 --- a/etc/tremulous.profile +++ b/etc/tremulous.profile | |||
@@ -24,7 +24,6 @@ include whitelist-var-common.inc | |||
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | 25 | ipc-namespace |
26 | netfilter | 26 | netfilter |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin tremded,tremulous,tremulous-wrapper | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/tvbrowser.profile b/etc/tvbrowser.profile index 6e028b086..d3dcbfe53 100644 --- a/etc/tvbrowser.profile +++ b/etc/tvbrowser.profile | |||
@@ -32,7 +32,6 @@ include whitelist-var-common.inc | |||
32 | caps.drop all | 32 | caps.drop all |
33 | netfilter | 33 | netfilter |
34 | no3d | 34 | no3d |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -49,3 +48,6 @@ disable-mnt | |||
49 | private-cache | 48 | private-cache |
50 | private-dev | 49 | private-dev |
51 | private-tmp | 50 | private-tmp |
51 | |||
52 | dbus-user none | ||
53 | dbus-system none | ||
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 8ab0e9a26..8807b0b2c 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
@@ -19,7 +19,6 @@ caps.drop all | |||
19 | ipc-namespace | 19 | ipc-namespace |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -36,3 +35,5 @@ private-cache | |||
36 | private-dev | 35 | private-dev |
37 | private-tmp | 36 | private-tmp |
38 | 37 | ||
38 | dbus-user none | ||
39 | dbus-system none | ||
diff --git a/etc/unbound.profile b/etc/unbound.profile index 36533a762..714a3f2f4 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | netfilter | 31 | netfilter |
32 | no3d | 32 | no3d |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nonewprivs | 34 | nonewprivs |
36 | nosound | 35 | nosound |
@@ -46,5 +45,8 @@ private-dev | |||
46 | private-tmp | 45 | private-tmp |
47 | writable-var | 46 | writable-var |
48 | 47 | ||
48 | dbus-user none | ||
49 | dbus-system none | ||
50 | |||
49 | # mdwe can break modules/plugins | 51 | # mdwe can break modules/plugins |
50 | memory-deny-write-execute | 52 | memory-deny-write-execute |
diff --git a/etc/unf.profile b/etc/unf.profile index b8eccf4dc..fbbe949e9 100644 --- a/etc/unf.profile +++ b/etc/unf.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | net none | 30 | net none |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -53,4 +52,7 @@ private-etc alternatives | |||
53 | private-lib gcc/*/*/libgcc_s.so.* | 52 | private-lib gcc/*/*/libgcc_s.so.* |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
55 | dbus-user none | ||
56 | dbus-system none | ||
57 | |||
56 | memory-deny-write-execute | 58 | memory-deny-write-execute |
diff --git a/etc/unrar.profile b/etc/unrar.profile index bf28746b0..88a753d59 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -22,7 +22,6 @@ ipc-namespace | |||
22 | machine-id | 22 | machine-id |
23 | net none | 23 | net none |
24 | no3d | 24 | no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | #nogroups | 26 | #nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -41,3 +40,6 @@ private-bin unrar | |||
41 | private-dev | 40 | private-dev |
42 | private-etc alternatives,group,localtime,passwd | 41 | private-etc alternatives,group,localtime,passwd |
43 | private-tmp | 42 | private-tmp |
43 | |||
44 | dbus-user none | ||
45 | dbus-system none | ||
diff --git a/etc/unzip.profile b/etc/unzip.profile index 7882f2b63..b4b63882b 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -25,7 +25,6 @@ ipc-namespace | |||
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | #nogroups | 29 | #nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ x11 none | |||
43 | private-bin unzip | 42 | private-bin unzip |
44 | private-dev | 43 | private-dev |
45 | private-etc alternatives,group,localtime,passwd | 44 | private-etc alternatives,group,localtime,passwd |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index bd2ee01d5..6b5f14cab 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -23,7 +23,6 @@ hostname uudeview | |||
23 | ipc-namespace | 23 | ipc-namespace |
24 | machine-id | 24 | machine-id |
25 | net none | 25 | net none |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | #nogroups | 27 | #nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -42,3 +41,6 @@ private-bin uudeview | |||
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-etc alternatives,ld.so.preload | 43 | private-etc alternatives,ld.so.preload |
44 | |||
45 | dbus-user none | ||
46 | dbus-system none | ||
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 9f57b2971..f009f6340 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -26,7 +26,6 @@ apparmor | |||
26 | caps.drop all | 26 | caps.drop all |
27 | net none | 27 | net none |
28 | no3d | 28 | no3d |
29 | nodbus | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
@@ -46,4 +45,7 @@ private-dev | |||
46 | private-etc alternatives,fonts,machine-id | 45 | private-etc alternatives,fonts,machine-id |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | dbus-user none | ||
49 | dbus-system none | ||
50 | |||
49 | #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) | 51 | #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) |
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 2185b90ec..096ce8a72 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -23,8 +23,9 @@ whitelist ${HOME}/.cache/vivaldi | |||
23 | whitelist ${HOME}/.config/vivaldi | 23 | whitelist ${HOME}/.config/vivaldi |
24 | whitelist ${HOME}/.local/lib/vivaldi | 24 | whitelist ${HOME}/.local/lib/vivaldi |
25 | 25 | ||
26 | # nodbus breaks vivaldi sync | 26 | # breaks vivaldi sync |
27 | ignore nodbus | 27 | ignore dbus-user none |
28 | ignore dbus-system none | ||
28 | 29 | ||
29 | # Redirect | 30 | # Redirect |
30 | include chromium-common.profile | 31 | include chromium-common.profile |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 572758f28..0069ebeae 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -25,7 +25,6 @@ include whitelist-var-common.inc | |||
25 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access | 25 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access |
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
28 | #nodbus - dbus needed for MPRIS | ||
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
31 | noroot | 30 | noroot |
@@ -38,5 +37,9 @@ private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc | |||
38 | private-dev | 37 | private-dev |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
40 | # dbus needed for MPRIS | ||
41 | # dbus-user none | ||
42 | # dbus-system none | ||
43 | |||
41 | # mdwe is disabled due to breaking hardware accelerated decoding | 44 | # mdwe is disabled due to breaking hardware accelerated decoding |
42 | #memory-deny-write-execute | 45 | #memory-deny-write-execute |
diff --git a/etc/warmux.profile b/etc/warmux.profile index df7af49c4..a3de3d444 100644 --- a/etc/warmux.profile +++ b/etc/warmux.profile | |||
@@ -32,7 +32,6 @@ include whitelist-var-common.inc | |||
32 | apparmor | 32 | apparmor |
33 | caps.drop all | 33 | caps.drop all |
34 | netfilter | 34 | netfilter |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -51,3 +50,6 @@ private-cache | |||
51 | private-dev | 50 | private-dev |
52 | private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 51 | private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
53 | private-tmp | 52 | private-tmp |
53 | |||
54 | dbus-user none | ||
55 | dbus-system none | ||
diff --git a/etc/warsow.profile b/etc/warsow.profile index e884ab07a..32d27e1b9 100644 --- a/etc/warsow.profile +++ b/etc/warsow.profile | |||
@@ -29,7 +29,6 @@ include whitelist-var-common.inc | |||
29 | caps.drop all | 29 | caps.drop all |
30 | ipc-namespace | 30 | ipc-namespace |
31 | netfilter | 31 | netfilter |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -47,3 +46,6 @@ private-bin warsow | |||
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/webui-aria2.profile b/etc/webui-aria2.profile index 0cd1e05ab..8928f8116 100644 --- a/etc/webui-aria2.profile +++ b/etc/webui-aria2.profile | |||
@@ -18,7 +18,6 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | netfilter | 20 | netfilter |
21 | nodbus | ||
22 | nodvd | 21 | nodvd |
23 | nogroups | 22 | nogroups |
24 | nonewprivs | 23 | nonewprivs |
@@ -35,3 +34,5 @@ private-cache | |||
35 | private-dev | 34 | private-dev |
36 | private-tmp | 35 | private-tmp |
37 | 36 | ||
37 | dbus-user none | ||
38 | dbus-system none | ||
diff --git a/etc/wget.profile b/etc/wget.profile index ad7a14c41..65723e68c 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -31,7 +31,6 @@ apparmor | |||
31 | caps.drop all | 31 | caps.drop all |
32 | ipc-namespace | 32 | ipc-namespace |
33 | machine-id | 33 | machine-id |
34 | nodbus | ||
35 | netfilter | 34 | netfilter |
36 | no3d | 35 | no3d |
37 | nodvd | 36 | nodvd |
@@ -54,4 +53,7 @@ private-dev | |||
54 | #private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,wgetrc | 53 | #private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,wgetrc |
55 | #private-tmp | 54 | #private-tmp |
56 | 55 | ||
56 | dbus-user none | ||
57 | dbus-system none | ||
58 | |||
57 | memory-deny-write-execute | 59 | memory-deny-write-execute |
diff --git a/etc/whalebird.profile b/etc/whalebird.profile index 2e24dd8e0..187c49ed8 100644 --- a/etc/whalebird.profile +++ b/etc/whalebird.profile | |||
@@ -7,7 +7,8 @@ include whalebird.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | ignore nodbus | 10 | ignore dbus-user none |
11 | ignore dbus-system none | ||
11 | 12 | ||
12 | noblacklist ${HOME}/.config/Whalebird | 13 | noblacklist ${HOME}/.config/Whalebird |
13 | 14 | ||
diff --git a/etc/whois.profile b/etc/whois.profile index 5fea610d8..2af1379e0 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -29,7 +29,6 @@ ipc-namespace | |||
29 | machine-id | 29 | machine-id |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -52,4 +51,7 @@ private-etc alternatives,hosts,jwhois.conf,resolv.conf,services,whois.conf | |||
52 | private-lib gconv | 51 | private-lib gconv |
53 | private-tmp | 52 | private-tmp |
54 | 53 | ||
54 | dbus-user none | ||
55 | dbus-system none | ||
56 | |||
55 | memory-deny-write-execute | 57 | memory-deny-write-execute |
diff --git a/etc/widelands.profile b/etc/widelands.profile index dd956fa28..079e4eb96 100644 --- a/etc/widelands.profile +++ b/etc/widelands.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | netfilter | 27 | netfilter |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -43,3 +42,6 @@ private-bin widelands | |||
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-tmp | 44 | private-tmp |
45 | |||
46 | dbus-user none | ||
47 | dbus-system none | ||
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index e199be02c..c1250b1f0 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -10,7 +10,8 @@ include wire-desktop.local | |||
10 | # Debian/Ubuntu use /opt/Wire. As that is not in PATH by default, run `firejail /opt/Wire/wire-desktop` to start it. | 10 | # Debian/Ubuntu use /opt/Wire. As that is not in PATH by default, run `firejail /opt/Wire/wire-desktop` to start it. |
11 | 11 | ||
12 | ignore caps.drop all | 12 | ignore caps.drop all |
13 | ignore nodbus | 13 | ignore dbus-user none |
14 | ignore dbus-system none | ||
14 | 15 | ||
15 | noblacklist ${HOME}/.config/Wire | 16 | noblacklist ${HOME}/.config/Wire |
16 | 17 | ||
diff --git a/etc/wordwarvi.profile b/etc/wordwarvi.profile index ea750e172..6372654bd 100644 --- a/etc/wordwarvi.profile +++ b/etc/wordwarvi.profile | |||
@@ -27,7 +27,6 @@ apparmor | |||
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -47,3 +46,6 @@ private-cache | |||
47 | private-dev | 46 | private-dev |
48 | private-etc alsa,asound.conf,machine-id,pulse | 47 | private-etc alsa,asound.conf,machine-id,pulse |
49 | private-tmp | 48 | private-tmp |
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
diff --git a/etc/wps.profile b/etc/wps.profile index 47bba2dda..6e4a313e3 100644 --- a/etc/wps.profile +++ b/etc/wps.profile | |||
@@ -27,7 +27,6 @@ machine-id | |||
27 | #net none | 27 | #net none |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
30 | nodbus | ||
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
33 | nonewprivs | 32 | nonewprivs |
@@ -45,3 +44,6 @@ tracelog | |||
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index b6424f342..fe0781336 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
@@ -8,7 +8,6 @@ include globals.local | |||
8 | caps.drop all | 8 | caps.drop all |
9 | ipc-namespace | 9 | ipc-namespace |
10 | net none | 10 | net none |
11 | nodbus | ||
12 | nogroups | 11 | nogroups |
13 | noroot | 12 | noroot |
14 | nou2f | 13 | nou2f |
@@ -17,4 +16,7 @@ seccomp | |||
17 | 16 | ||
18 | private-dev | 17 | private-dev |
19 | 18 | ||
19 | dbus-user none | ||
20 | dbus-system none | ||
21 | |||
20 | noexec /tmp | 22 | noexec /tmp |
diff --git a/etc/x2goclient.profile b/etc/x2goclient.profile index bb0535ae6..bc9603835 100644 --- a/etc/x2goclient.profile +++ b/etc/x2goclient.profile | |||
@@ -22,7 +22,6 @@ caps.drop all | |||
22 | ipc-namespace | 22 | ipc-namespace |
23 | netfilter | 23 | netfilter |
24 | #no3d | 24 | #no3d |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -44,4 +43,7 @@ private-opt none | |||
44 | private-srv none | 43 | private-srv none |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
46 | dbus-user none | ||
47 | dbus-system none | ||
48 | |||
47 | #memory-deny-write-execute | 49 | #memory-deny-write-execute |
diff --git a/etc/xbill.profile b/etc/xbill.profile index fc29dced6..56d3cf40d 100644 --- a/etc/xbill.profile +++ b/etc/xbill.profile | |||
@@ -25,7 +25,6 @@ caps.drop all | |||
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -47,5 +46,8 @@ private-dev | |||
47 | private-etc none | 46 | private-etc none |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
49 | dbus-user none | ||
50 | dbus-system none | ||
51 | |||
50 | memory-deny-write-execute | 52 | memory-deny-write-execute |
51 | read-only ${HOME} | 53 | read-only ${HOME} |
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index a644af351..294ad7c80 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
@@ -19,7 +19,6 @@ apparmor | |||
19 | caps.drop all | 19 | caps.drop all |
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nodbus | ||
23 | nodvd | 22 | nodvd |
24 | nogroups | 23 | nogroups |
25 | nonewprivs | 24 | nonewprivs |
@@ -39,3 +38,5 @@ private-dev | |||
39 | private-lib | 38 | private-lib |
40 | private-tmp | 39 | private-tmp |
41 | 40 | ||
41 | dbus-user none | ||
42 | dbus-system none | ||
diff --git a/etc/xed.profile b/etc/xed.profile index 145dd988e..64a50083f 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -28,7 +28,6 @@ caps.drop all | |||
28 | machine-id | 28 | machine-id |
29 | # net none - makes settings immutable | 29 | # net none - makes settings immutable |
30 | no3d | 30 | no3d |
31 | # nodbus - makes settings immutable | ||
32 | nodvd | 31 | nodvd |
33 | nogroups | 32 | nogroups |
34 | nonewprivs | 33 | nonewprivs |
@@ -46,5 +45,9 @@ private-bin xed | |||
46 | private-dev | 45 | private-dev |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
48 | # makes settings immutable | ||
49 | # dbus-user none | ||
50 | # dbus-system none | ||
51 | |||
49 | # xed uses python plugins, memory-deny-write-execute breaks python | 52 | # xed uses python plugins, memory-deny-write-execute breaks python |
50 | # memory-deny-write-execute | 53 | # memory-deny-write-execute |
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index 6ef85f318..5707dc443 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile | |||
@@ -29,7 +29,6 @@ caps.drop all | |||
29 | ipc-namespace | 29 | ipc-namespace |
30 | netfilter | 30 | netfilter |
31 | no3d | 31 | no3d |
32 | # nodbus | ||
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
35 | nonewprivs | 34 | nonewprivs |
@@ -48,4 +47,7 @@ private-dev | |||
48 | private-etc alternatives,asound.conf,fonts,machine-id,pulse | 47 | private-etc alternatives,asound.conf,fonts,machine-id,pulse |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
50 | # dbus-user none | ||
51 | # dbus-system none | ||
52 | |||
51 | memory-deny-write-execute | 53 | memory-deny-write-execute |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index f4f828eda..949988c3b 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
24 | netfilter | 24 | netfilter |
25 | nodbus | ||
26 | nodvd | 25 | nodvd |
27 | nogroups | 26 | nogroups |
28 | nonewprivs | 27 | nonewprivs |
@@ -40,3 +39,5 @@ private-dev | |||
40 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 39 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
41 | private-tmp | 40 | private-tmp |
42 | 41 | ||
42 | dbus-user none | ||
43 | dbus-system none | ||
diff --git a/etc/xournal.profile b/etc/xournal.profile index fa5200ea3..ba41d5bb3 100644 --- a/etc/xournal.profile +++ b/etc/xournal.profile | |||
@@ -25,7 +25,6 @@ caps.drop all | |||
25 | machine-id | 25 | machine-id |
26 | net none | 26 | net none |
27 | no3d | 27 | no3d |
28 | nodbus | ||
29 | nodvd | 28 | nodvd |
30 | nogroups | 29 | nogroups |
31 | nonewprivs | 30 | nonewprivs |
@@ -45,3 +44,6 @@ private-dev | |||
45 | private-etc alternatives,fonts,group,machine-id,passwd | 44 | private-etc alternatives,fonts,group,machine-id,passwd |
46 | # TODO should use private-lib | 45 | # TODO should use private-lib |
47 | private-tmp | 46 | private-tmp |
47 | |||
48 | dbus-user none | ||
49 | dbus-system none | ||
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index cb7ac4a59..cdffe4eb7 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -24,7 +24,6 @@ caps.drop all | |||
24 | machine-id | 24 | machine-id |
25 | net none | 25 | net none |
26 | no3d | 26 | no3d |
27 | nodbus | ||
28 | nodvd | 27 | nodvd |
29 | nogroups | 28 | nogroups |
30 | nonewprivs | 29 | nonewprivs |
@@ -39,4 +38,8 @@ shell none | |||
39 | 38 | ||
40 | private-dev | 39 | private-dev |
41 | private-tmp | 40 | private-tmp |
41 | |||
42 | dbus-user none | ||
43 | dbus-system none | ||
44 | |||
42 | memory-deny-write-execute | 45 | memory-deny-write-execute |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 7c474da41..28df73ea5 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -27,7 +27,6 @@ include whitelist-var-common.inc | |||
27 | # apparmor - makes settings immutable | 27 | # apparmor - makes settings immutable |
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | 29 | netfilter |
30 | # nodbus - makes settings immutable | ||
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
33 | noroot | 32 | noroot |
@@ -42,3 +41,6 @@ private-dev | |||
42 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl | 41 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
44 | # makes settings immutable | ||
45 | # dbus-user none | ||
46 | # dbus-system none | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index b09bf8ab1..59c8a44f2 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | # net none - makes settings immutable | 24 | # net none - makes settings immutable |
25 | no3d | 25 | no3d |
26 | # nodbus - makes settings immutable | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -42,4 +41,8 @@ private-dev | |||
42 | private-lib | 41 | private-lib |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
44 | # makes settings immutable | ||
45 | # dbus-user none | ||
46 | # dbus-system none | ||
47 | |||
45 | memory-deny-write-execute | 48 | memory-deny-write-execute |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index ca6aaf1d5..542363b57 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -21,7 +21,6 @@ ipc-namespace | |||
21 | machine-id | 21 | machine-id |
22 | net none | 22 | net none |
23 | no3d | 23 | no3d |
24 | nodbus | ||
25 | nodvd | 24 | nodvd |
26 | #nogroups | 25 | #nogroups |
27 | nonewprivs | 26 | nonewprivs |
@@ -37,3 +36,6 @@ tracelog | |||
37 | x11 none | 36 | x11 none |
38 | 37 | ||
39 | private-dev | 38 | private-dev |
39 | |||
40 | dbus-user none | ||
41 | dbus-system none | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 6066313a3..061d873b3 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -41,7 +41,6 @@ ipc-namespace | |||
41 | machine-id | 41 | machine-id |
42 | netfilter | 42 | netfilter |
43 | no3d | 43 | no3d |
44 | nodbus | ||
45 | nodvd | 44 | nodvd |
46 | nogroups | 45 | nogroups |
47 | nonewprivs | 46 | nonewprivs |
@@ -61,4 +60,7 @@ private-dev | |||
61 | private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,ld.so.cache,mime.types,pki,resolv.conf,ssl,youtube-dl.conf | 60 | private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,ld.so.cache,mime.types,pki,resolv.conf,ssl,youtube-dl.conf |
62 | private-tmp | 61 | private-tmp |
63 | 62 | ||
63 | dbus-user none | ||
64 | dbus-system none | ||
65 | |||
64 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 66 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/zart.profile b/etc/zart.profile index 347bed8b6..3fe3c8ce8 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
@@ -20,7 +20,6 @@ include disable-xdg.inc | |||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
22 | net none | 22 | net none |
23 | nodbus | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
@@ -34,3 +33,5 @@ shell none | |||
34 | private-bin ffmpeg,ffplay,ffprobe,melt,zart | 33 | private-bin ffmpeg,ffplay,ffprobe,melt,zart |
35 | private-dev | 34 | private-dev |
36 | 35 | ||
36 | dbus-user none | ||
37 | dbus-system none | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 9ca5fd862..ba0ea1032 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -30,7 +30,6 @@ caps.drop all | |||
30 | ipc-namespace | 30 | ipc-namespace |
31 | machine-id | 31 | machine-id |
32 | net none | 32 | net none |
33 | nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
@@ -52,6 +51,9 @@ private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | |||
52 | #private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,zathura | 51 | #private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,zathura |
53 | private-tmp | 52 | private-tmp |
54 | 53 | ||
54 | dbus-user none | ||
55 | dbus-system none | ||
56 | |||
55 | read-only ${HOME} | 57 | read-only ${HOME} |
56 | read-write ${HOME}/.config/zathura | 58 | read-write ${HOME}/.config/zathura |
57 | read-write ${HOME}/.local/share/zathura | 59 | read-write ${HOME}/.local/share/zathura |
diff --git a/etc/zeal.profile b/etc/zeal.profile index f0fa29aa3..943d39097 100644 --- a/etc/zeal.profile +++ b/etc/zeal.profile | |||
@@ -32,7 +32,6 @@ caps.drop all | |||
32 | machine-id | 32 | machine-id |
33 | netfilter | 33 | netfilter |
34 | no3d | 34 | no3d |
35 | nodbus | ||
36 | nodvd | 35 | nodvd |
37 | nogroups | 36 | nogroups |
38 | nonewprivs | 37 | nonewprivs |
@@ -53,4 +52,7 @@ private-dev | |||
53 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | 52 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
55 | dbus-user none | ||
56 | dbus-system none | ||
57 | |||
56 | memory-deny-write-execute | 58 | memory-deny-write-execute |
diff --git a/etc/zstd.profile b/etc/zstd.profile index 93b849568..be27c10e1 100644 --- a/etc/zstd.profile +++ b/etc/zstd.profile | |||
@@ -23,7 +23,6 @@ ipc-namespace | |||
23 | machine-id | 23 | machine-id |
24 | net none | 24 | net none |
25 | no3d | 25 | no3d |
26 | nodbus | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |