diff options
284 files changed, 290 insertions, 292 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index e05d4c0ed..56aa8532f 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -27,6 +27,7 @@ netfilter | |||
27 | nogroups | 27 | nogroups |
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | notv | ||
30 | novideo | 31 | novideo |
31 | protocol unix,inet,inet6 | 32 | protocol unix,inet,inet6 |
32 | seccomp | 33 | seccomp |
@@ -39,4 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
41 | noexec /tmp | 42 | noexec /tmp |
42 | notv | ||
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index da4123517..b5956b439 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/7z.profile b/etc/7z.profile index 8e782d11f..1333a8c20 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -12,7 +12,7 @@ ignore noroot | |||
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nosound | 14 | nosound |
15 | nosound | 15 | notv |
16 | novideo | 16 | novideo |
17 | shell none | 17 | shell none |
18 | tracelog | 18 | tracelog |
@@ -20,4 +20,3 @@ tracelog | |||
20 | private-dev | 20 | private-dev |
21 | 21 | ||
22 | include /etc/firejail/default.profile | 22 | include /etc/firejail/default.profile |
23 | notv | ||
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index e0fc13f0c..1db1af9a6 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
@@ -18,10 +18,10 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
24 | 25 | ||
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
27 | notv | ||
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index ddc76fadc..c023f87ee 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile | |||
@@ -23,5 +23,5 @@ include /etc/firejail/whitelist-common.inc | |||
23 | caps.drop all | 23 | caps.drop all |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | seccomp | ||
27 | notv | 26 | notv |
27 | seccomp | ||
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index 2e3483b2e..039edc63a 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
@@ -21,9 +21,9 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
28 | tracelog | 29 | tracelog |
29 | notv | ||
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index 7af518397..8ea000750 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -27,6 +27,7 @@ nonewprivs | |||
27 | # In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. | 27 | # In noroot mode, Xephyr cannot create a socket in the real /tmp/.X11-unix. |
28 | # noroot | 28 | # noroot |
29 | nosound | 29 | nosound |
30 | notv | ||
30 | protocol unix | 31 | protocol unix |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
@@ -38,4 +39,3 @@ private | |||
38 | private-dev | 39 | private-dev |
39 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 40 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
40 | private-tmp | 41 | private-tmp |
41 | notv | ||
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 934008110..28102d339 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -28,6 +28,7 @@ nonewprivs | |||
28 | # In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. | 28 | # In noroot mode, Xvfb cannot create a socket in the real /tmp/.X11-unix. |
29 | #noroot | 29 | #noroot |
30 | nosound | 30 | nosound |
31 | notv | ||
31 | protocol unix | 32 | protocol unix |
32 | seccomp | 33 | seccomp |
33 | shell none | 34 | shell none |
@@ -39,4 +40,3 @@ private | |||
39 | private-dev | 40 | private-dev |
40 | private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 41 | private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
41 | private-tmp | 42 | private-tmp |
42 | notv | ||
diff --git a/etc/abrowser.profile b/etc/abrowser.profile index b30924dbb..ca9e87ff5 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile | |||
@@ -39,9 +39,9 @@ caps.drop all | |||
39 | netfilter | 39 | netfilter |
40 | nonewprivs | 40 | nonewprivs |
41 | noroot | 41 | noroot |
42 | notv | ||
42 | protocol unix,inet,inet6,netlink | 43 | protocol unix,inet,inet6,netlink |
43 | seccomp | 44 | seccomp |
44 | tracelog | 45 | tracelog |
45 | 46 | ||
46 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 47 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
47 | notv | ||
diff --git a/etc/akregator.profile b/etc/akregator.profile index fea540566..0e4a7290a 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -19,6 +19,7 @@ no3d | |||
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/amarok.profile b/etc/amarok.profile index ece667fac..e10cfbefe 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -16,6 +16,7 @@ netfilter | |||
16 | nogroups | 16 | nogroups |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | # seccomp | 21 | # seccomp |
21 | shell none | 22 | shell none |
@@ -24,4 +25,3 @@ shell none | |||
24 | private-dev | 25 | private-dev |
25 | # private-etc none | 26 | # private-etc none |
26 | private-tmp | 27 | private-tmp |
27 | notv | ||
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 65f57a0c7..eee6f3ce8 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -23,6 +23,7 @@ netfilter | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
@@ -32,4 +33,3 @@ private-dev | |||
32 | # private-tmp | 33 | # private-tmp |
33 | 34 | ||
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/apktool.profile b/etc/apktool.profile index 8c4204fdd..6e8b9ba53 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -27,4 +28,3 @@ private-dev | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/arduino.profile b/etc/arduino.profile index 62320fe5d..8732b8dec 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/ark.profile b/etc/ark.profile index ccc209e78..45548a566 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -27,4 +28,3 @@ shell none | |||
27 | private-dev | 28 | private-dev |
28 | # private-etc | 29 | # private-etc |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/arm.profile b/etc/arm.profile index b37c5910f..5deb15738 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -24,6 +24,7 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | notv | ||
27 | novideo | 28 | novideo |
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
@@ -38,4 +39,3 @@ private-tmp | |||
38 | 39 | ||
39 | noexec ${HOME} | 40 | noexec ${HOME} |
40 | noexec /tmp | 41 | noexec /tmp |
41 | notv | ||
diff --git a/etc/atom-beta.profile b/etc/atom-beta.profile index 0e7eb4235..74a1e649a 100644 --- a/etc/atom-beta.profile +++ b/etc/atom-beta.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
23 | seccomp | 24 | seccomp |
@@ -25,4 +26,3 @@ shell none | |||
25 | 26 | ||
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/atom.profile b/etc/atom.profile index 540c5dfc8..4f144e8b4 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
23 | seccomp | 24 | seccomp |
@@ -25,4 +26,3 @@ shell none | |||
25 | 26 | ||
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/atool.profile b/etc/atool.profile index ed937b07b..30ad86498 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ tracelog | |||
29 | private-dev | 30 | private-dev |
30 | private-etc none | 31 | private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | notv | ||
diff --git a/etc/atril.profile b/etc/atril.profile index 1f4b124a8..2a52ba6a7 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-bin atril, atril-previewer, atril-thumbnailer | 28 | private-bin atril, atril-previewer, atril-thumbnailer |
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/audacious.profile b/etc/audacious.profile index bbb1fb6fd..3baa0ddba 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -17,6 +17,7 @@ caps.drop all | |||
17 | netfilter | 17 | netfilter |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -25,4 +26,3 @@ tracelog | |||
25 | 26 | ||
26 | private-bin audacious | 27 | private-bin audacious |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index fb87cf252..5387761e8 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/aweather.profile b/etc/aweather.profile index 28e63c9ce..2bdf95f0e 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix,inet,inet6 | 27 | protocol unix,inet,inet6 |
27 | seccomp | 28 | seccomp |
@@ -31,4 +32,3 @@ tracelog | |||
31 | private-bin aweather | 32 | private-bin aweather |
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | notv | ||
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index e2b60e49e..fc55ae1cb 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix | 27 | protocol unix |
27 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 28 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
@@ -39,4 +40,3 @@ noexec /tmp | |||
39 | # read-only ${HOME} | 40 | # read-only ${HOME} |
40 | # read-write ${HOME}/.local/share | 41 | # read-write ${HOME}/.local/share |
41 | # noexec ${HOME}/.local/share | 42 | # noexec ${HOME}/.local/share |
42 | notv | ||
diff --git a/etc/baobab.profile b/etc/baobab.profile index a3644f876..fc05e9e3e 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | memory-deny-write-execute | 30 | memory-deny-write-execute |
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index ec20f3725..d0f76fd1b 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -28,6 +28,7 @@ nogroups | |||
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | nosound | 30 | nosound |
31 | notv | ||
31 | novideo | 32 | novideo |
32 | protocol unix,inet,inet6,netlink | 33 | protocol unix,inet,inet6,netlink |
33 | seccomp | 34 | seccomp |
@@ -38,4 +39,3 @@ tracelog | |||
38 | private-dev | 39 | private-dev |
39 | private-etc fonts,resolv.conf,sword,sword.conf,passwd | 40 | private-etc fonts,resolv.conf,sword,sword.conf,passwd |
40 | private-tmp | 41 | private-tmp |
41 | notv | ||
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 307a9c47a..5f714ab04 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | no3d | 17 | no3d |
18 | nonewprivs | 18 | nonewprivs |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | read-write /var/lib/bitlbee | 30 | read-write /var/lib/bitlbee |
30 | 31 | ||
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index a48b6d8e8..2fc9bf5b1 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -31,4 +32,3 @@ shell none | |||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/blender.profile b/etc/blender.profile index 557dfb4ac..ec203eaed 100644 --- a/etc/blender.profile +++ b/etc/blender.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6,netlink | 21 | protocol unix,inet,inet6,netlink |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -26,4 +27,3 @@ private-tmp | |||
26 | 27 | ||
27 | noexec ${HOME} | 28 | noexec ${HOME} |
28 | noexec /tmp | 29 | noexec /tmp |
29 | notv | ||
diff --git a/etc/bless.profile b/etc/bless.profile index 01a6deaf4..6f0fc3f84 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/brasero.profile b/etc/brasero.profile index d26c745d6..eff4cba43 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
@@ -31,4 +32,3 @@ tracelog | |||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/brave.profile b/etc/brave.profile index bfa16d7af..38c9cfed4 100644 --- a/etc/brave.profile +++ b/etc/brave.profile | |||
@@ -30,8 +30,8 @@ include /etc/firejail/whitelist-common.inc | |||
30 | netfilter | 30 | netfilter |
31 | # nonewprivs | 31 | # nonewprivs |
32 | # noroot | 32 | # noroot |
33 | notv | ||
33 | # protocol unix,inet,inet6,netlink | 34 | # protocol unix,inet,inet6,netlink |
34 | # seccomp | 35 | # seccomp |
35 | 36 | ||
36 | # disable-mnt | 37 | # disable-mnt |
37 | notv | ||
diff --git a/etc/caja.profile b/etc/caja.profile index 293709e14..fb57f5fd8 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
@@ -22,6 +22,7 @@ netfilter | |||
22 | nogroups | 22 | nogroups |
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | notv | ||
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
@@ -32,4 +33,3 @@ tracelog | |||
32 | # private-dev | 33 | # private-dev |
33 | # private-etc fonts | 34 | # private-etc fonts |
34 | # private-tmp | 35 | # private-tmp |
35 | notv | ||
diff --git a/etc/calibre.profile b/etc/calibre.profile index e2ac57521..1fe2f6c93 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/catfish.profile b/etc/catfish.profile index 21232206e..190a1ba97 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -29,4 +30,3 @@ tracelog | |||
29 | # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m | 30 | # private-bin bash,catfish,env,locate,ls,mlocate,python,python2,python2.7,python3,python3.5,python3.5m,python3m |
30 | # private-dev | 31 | # private-dev |
31 | # private-tmp | 32 | # private-tmp |
32 | notv | ||
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 676d17db7..d11ea8206 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6,netlink | 26 | protocol unix,inet,inet6,netlink |
26 | seccomp | 27 | seccomp |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index 580a1643c..8454d3d17 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -28,6 +28,7 @@ include /etc/firejail/whitelist-common.inc | |||
28 | caps.keep sys_chroot,sys_admin | 28 | caps.keep sys_chroot,sys_admin |
29 | netfilter | 29 | netfilter |
30 | nogroups | 30 | nogroups |
31 | notv | ||
31 | shell none | 32 | shell none |
32 | 33 | ||
33 | private-dev | 34 | private-dev |
@@ -35,4 +36,3 @@ private-dev | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | notv | ||
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile index 7d81b3da7..0af5de283 100644 --- a/etc/claws-mail.profile +++ b/etc/claws-mail.profile | |||
@@ -20,10 +20,10 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
26 | 27 | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | notv | ||
diff --git a/etc/clementine.profile b/etc/clementine.profile index d86a0266f..14437db3e 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc | |||
15 | caps.drop all | 15 | caps.drop all |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | novideo | 19 | novideo |
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | # Clementine makes ioprio_set system calls, which are blacklisted by default. | 21 | # Clementine makes ioprio_set system calls, which are blacklisted by default. |
21 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old | 22 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old |
22 | notv | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile index cb053a318..83b27000d 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/cmus.profile b/etc/cmus.profile index 0deeb9bce..cf0830475 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -16,10 +16,10 @@ caps.drop all | |||
16 | netfilter | 16 | netfilter |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
22 | 23 | ||
23 | private-bin cmus | 24 | private-bin cmus |
24 | private-etc group | 25 | private-etc group |
25 | notv | ||
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 931678e82..8d031f8b6 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -27,6 +27,6 @@ caps.drop all | |||
27 | netfilter | 27 | netfilter |
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | notv | ||
30 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
31 | seccomp | 32 | seccomp |
32 | notv | ||
diff --git a/etc/corebird.profile b/etc/corebird.profile index 58ec38c07..f7810b4ae 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile | |||
@@ -14,6 +14,6 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | noroot | 16 | noroot |
17 | notv | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | notv | ||
diff --git a/etc/cpio.profile b/etc/cpio.profile index f198ed26f..373e13c7c 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -20,9 +20,9 @@ net none | |||
20 | net none | 20 | net none |
21 | no3d | 21 | no3d |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
25 | tracelog | 26 | tracelog |
26 | 27 | ||
27 | private-dev | 28 | private-dev |
28 | notv | ||
diff --git a/etc/curl.profile b/etc/curl.profile index 25a97c3c3..22c82a106 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/cvlc.profile b/etc/cvlc.profile index 68347d12e..04168b7f5 100644 --- a/etc/cvlc.profile +++ b/etc/cvlc.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6,netlink | 21 | protocol unix,inet,inet6,netlink |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -28,4 +29,3 @@ private-dev | |||
28 | private-tmp | 29 | private-tmp |
29 | 30 | ||
30 | memory-deny-write-execute | 31 | memory-deny-write-execute |
31 | notv | ||
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index 20089ec41..eb1ea39e0 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile | |||
@@ -55,6 +55,7 @@ netfilter | |||
55 | nogroups | 55 | nogroups |
56 | nonewprivs | 56 | nonewprivs |
57 | noroot | 57 | noroot |
58 | notv | ||
58 | protocol unix,inet,inet6,netlink | 59 | protocol unix,inet,inet6,netlink |
59 | seccomp | 60 | seccomp |
60 | shell none | 61 | shell none |
@@ -68,4 +69,3 @@ private-tmp | |||
68 | 69 | ||
69 | noexec ${HOME} | 70 | noexec ${HOME} |
70 | noexec /tmp | 71 | noexec /tmp |
71 | notv | ||
diff --git a/etc/darktable.profile b/etc/darktable.profile index 4b7f0d1fd..001f24e7e 100644 --- a/etc/darktable.profile +++ b/etc/darktable.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index c6843f27c..3367aa8f4 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/default.profile b/etc/default.profile index eaefa34e4..066cb1fef 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -16,13 +16,13 @@ include /etc/firejail/disable-programs.inc | |||
16 | caps.drop all | 16 | caps.drop all |
17 | # ipc-namespace | 17 | # ipc-namespace |
18 | netfilter | 18 | netfilter |
19 | # no3d | ||
19 | # nogroups | 20 | # nogroups |
20 | nonewprivs | 21 | nonewprivs |
21 | noroot | 22 | noroot |
22 | # nosound | 23 | # nosound |
23 | # novideo | ||
24 | # notv | 24 | # notv |
25 | # no3d | 25 | # novideo |
26 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
27 | seccomp | 27 | seccomp |
28 | # shell none | 28 | # shell none |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 6685c88aa..f406fb133 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -22,6 +22,7 @@ netfilter | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix,inet,inet6 | 27 | protocol unix,inet,inet6 |
27 | seccomp | 28 | seccomp |
@@ -31,4 +32,3 @@ shell none | |||
31 | # private-bin deluge,sh,python,uname | 32 | # private-bin deluge,sh,python,uname |
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | notv | ||
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index afcd23300..a4917b66e 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -28,4 +29,3 @@ private-dev | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/dia.profile b/etc/dia.profile index 7f3c17167..4a20aa4da 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/digikam.profile b/etc/digikam.profile index 3fff61433..e0906b06c 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -19,6 +19,7 @@ netfilter | |||
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | notv | ||
22 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
23 | seccomp | 24 | seccomp |
24 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group | 25 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/dillo.profile b/etc/dillo.profile index 1e2b7ced5..45eda5c91 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile | |||
@@ -23,7 +23,7 @@ caps.drop all | |||
23 | netfilter | 23 | netfilter |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | protocol unix,inet,inet6 | 27 | protocol unix,inet,inet6 |
27 | seccomp | 28 | seccomp |
28 | tracelog | 29 | tracelog |
29 | notv | ||
diff --git a/etc/dino.profile b/etc/dino.profile index 34705f498..cfda5de89 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -24,6 +24,7 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | notv | ||
27 | novideo | 28 | novideo |
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | 38 | ||
38 | noexec ${HOME} | 39 | noexec ${HOME} |
39 | noexec /tmp | 40 | noexec /tmp |
40 | notv | ||
diff --git a/etc/display.profile b/etc/display.profile index 56cc16698..17dd01fdf 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix | 21 | protocol unix |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -26,4 +27,3 @@ private-bin display | |||
26 | private-dev | 27 | private-dev |
27 | private-etc none | 28 | private-etc none |
28 | private-tmp | 29 | private-tmp |
29 | notv | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ddb379bb0..07f089703 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | no3d | 16 | no3d |
17 | nosound | 17 | nosound |
18 | notv | ||
18 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 19 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
19 | 20 | ||
20 | private | 21 | private |
21 | private-dev | 22 | private-dev |
22 | notv | ||
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index ddf7e8416..84ec9c9e2 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -18,10 +18,10 @@ netfilter | |||
18 | no3d | 18 | no3d |
19 | nonewprivs | 19 | nonewprivs |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
22 | seccomp | 23 | seccomp |
23 | 24 | ||
24 | disable-mnt | 25 | disable-mnt |
25 | private | 26 | private |
26 | private-dev | 27 | private-dev |
27 | notv | ||
diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 348f933c5..3db73d712 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile | |||
@@ -22,6 +22,7 @@ netfilter | |||
22 | nogroups | 22 | nogroups |
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
@@ -31,4 +32,3 @@ shell none | |||
31 | # private-dev | 32 | # private-dev |
32 | # private-etc | 33 | # private-etc |
33 | # private-tmp | 34 | # private-tmp |
34 | notv | ||
diff --git a/etc/dosbox.profile b/etc/dosbox.profile index 540ef6eea..d9a8606de 100644 --- a/etc/dosbox.profile +++ b/etc/dosbox.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -25,4 +26,3 @@ tracelog | |||
25 | private-bin dosbox | 26 | private-bin dosbox |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/dragon.profile b/etc/dragon.profile index 7bcef0b44..474911d2f 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 37dc196df..4a1e192c7 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
@@ -30,6 +30,7 @@ nogroups | |||
30 | nonewprivs | 30 | nonewprivs |
31 | noroot | 31 | noroot |
32 | nosound | 32 | nosound |
33 | notv | ||
33 | novideo | 34 | novideo |
34 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
35 | seccomp | 36 | seccomp |
@@ -39,4 +40,3 @@ private-dev | |||
39 | private-tmp | 40 | private-tmp |
40 | 41 | ||
41 | noexec /tmp | 42 | noexec /tmp |
42 | notv | ||
diff --git a/etc/electron.profile b/etc/electron.profile index 1c5794af6..6ca67f8bb 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
@@ -15,6 +15,6 @@ netfilter | |||
15 | nogroups | 15 | nogroups |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | protocol unix,inet,inet6,netlink | 19 | protocol unix,inet,inet6,netlink |
19 | seccomp | 20 | seccomp |
20 | notv | ||
diff --git a/etc/elinks.profile b/etc/elinks.profile index 35b27d015..d162a8c34 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -31,4 +32,3 @@ tracelog | |||
31 | private-dev | 32 | private-dev |
32 | # private-etc none | 33 | # private-etc none |
33 | private-tmp | 34 | private-tmp |
34 | notv | ||
diff --git a/etc/emacs.profile b/etc/emacs.profile index e0bc682f4..fbf183f43 100644 --- a/etc/emacs.profile +++ b/etc/emacs.profile | |||
@@ -17,6 +17,6 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | notv | ||
diff --git a/etc/empathy.profile b/etc/empathy.profile index f3e6813a1..7a2503d34 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -15,6 +15,6 @@ netfilter | |||
15 | nogroups | 15 | nogroups |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | notv | ||
diff --git a/etc/enchant.profile b/etc/enchant.profile index f5acf432e..35ead9c86 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | # private-dev | 28 | # private-dev |
28 | # private-etc fonts | 29 | # private-etc fonts |
29 | # private-tmp | 30 | # private-tmp |
30 | notv | ||
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 45d2abcbb..05959e2cd 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-dev | 28 | private-dev |
28 | # private-etc fonts | 29 | # private-etc fonts |
29 | # private-tmp | 30 | # private-tmp |
30 | notv | ||
diff --git a/etc/eog.profile b/etc/eog.profile index 655763b08..f65f854a8 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | memory-deny-write-execute | 36 | memory-deny-write-execute |
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | notv | ||
diff --git a/etc/eom.profile b/etc/eom.profile index ba31eaa5d..99f784c52 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/epiphany.profile b/etc/epiphany.profile index d1a0c2f53..aec536d42 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile | |||
@@ -25,6 +25,6 @@ include /etc/firejail/whitelist-common.inc | |||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | nonewprivs | 27 | nonewprivs |
28 | notv | ||
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
30 | notv | ||
diff --git a/etc/etr.profile b/etc/etr.profile index 5676d9ea7..8b079754a 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -20,6 +20,7 @@ net none | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix,netlink | 24 | protocol unix,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/evince.profile b/etc/evince.profile index aba6a1d5a..23eee6c55 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -34,4 +35,3 @@ private-etc fonts | |||
34 | memory-deny-write-execute | 35 | memory-deny-write-execute |
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | notv | ||
diff --git a/etc/evolution.profile b/etc/evolution.profile index 94cd82ed8..cedbd2a18 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -27,6 +27,7 @@ nogroups | |||
27 | nonewprivs | 27 | nonewprivs |
28 | noroot | 28 | noroot |
29 | nosound | 29 | nosound |
30 | notv | ||
30 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | notv | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 58c0c9fc7..e743e6b41 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -24,6 +24,7 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | notv | ||
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
@@ -33,4 +34,3 @@ tracelog | |||
33 | private-dev | 34 | private-dev |
34 | private-etc none | 35 | private-etc none |
35 | private-tmp | 36 | private-tmp |
36 | notv | ||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 27345be2a..e124200fc 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -24,4 +25,3 @@ shell none | |||
24 | private-bin fbreader,FBReader | 25 | private-bin fbreader,FBReader |
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
27 | notv | ||
diff --git a/etc/feh.profile b/etc/feh.profile index 65639b4f7..c0d457ed1 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix | 21 | protocol unix |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -25,4 +26,3 @@ private-bin feh | |||
25 | private-dev | 26 | private-dev |
26 | private-etc feh | 27 | private-etc feh |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 9effc7b38..68c0e8602 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -32,4 +33,3 @@ private-dev | |||
32 | memory-deny-write-execute | 33 | memory-deny-write-execute |
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/file.profile b/etc/file.profile index 24f498213..0b34b5b37 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -19,6 +19,7 @@ no3d | |||
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -28,4 +29,3 @@ x11 none | |||
28 | private-bin file | 29 | private-bin file |
29 | private-dev | 30 | private-dev |
30 | private-etc magic.mgc,magic,localtime | 31 | private-etc magic.mgc,magic,localtime |
31 | notv | ||
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 002eebb8e..53bb0a1a7 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -24,4 +25,3 @@ shell none | |||
24 | private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp | 25 | private-bin filezilla,uname,sh,bash,dash,python,lsb_release,fzputtygen,fzsftp |
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
27 | notv | ||
diff --git a/etc/firefox.profile b/etc/firefox.profile index e94507c8f..b6d21a158 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -55,6 +55,7 @@ netfilter | |||
55 | nogroups | 55 | nogroups |
56 | nonewprivs | 56 | nonewprivs |
57 | noroot | 57 | noroot |
58 | notv | ||
58 | protocol unix,inet,inet6,netlink | 59 | protocol unix,inet,inet6,netlink |
59 | seccomp | 60 | seccomp |
60 | shell none | 61 | shell none |
@@ -68,4 +69,3 @@ private-tmp | |||
68 | 69 | ||
69 | noexec ${HOME} | 70 | noexec ${HOME} |
70 | noexec /tmp | 71 | noexec /tmp |
71 | notv | ||
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 659fe1d43..e9c09e4ba 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile | |||
@@ -32,6 +32,6 @@ caps.drop all | |||
32 | netfilter | 32 | netfilter |
33 | nonewprivs | 33 | nonewprivs |
34 | noroot | 34 | noroot |
35 | notv | ||
35 | protocol unix,inet,inet6,netlink | 36 | protocol unix,inet,inet6,netlink |
36 | seccomp | 37 | seccomp |
37 | notv | ||
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index d10d3eb7c..a00b1bf5e 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index d22c7310b..001e550e7 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/fossamail.profile b/etc/fossamail.profile index 75766f7d2..a6f07266b 100644 --- a/etc/fossamail.profile +++ b/etc/fossamail.profile | |||
@@ -17,5 +17,6 @@ whitelist ~/.fossamail | |||
17 | whitelist ~/.gnupg | 17 | whitelist ~/.gnupg |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | 19 | ||
20 | include /etc/firejail/firefox.profile | ||
21 | notv | 20 | notv |
21 | |||
22 | include /etc/firejail/firefox.profile | ||
diff --git a/etc/franz.profile b/etc/franz.profile index aa200367c..128d88a9a 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -27,6 +27,7 @@ netfilter | |||
27 | nogroups | 27 | nogroups |
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | notv | ||
30 | protocol unix,inet,inet6,netlink | 31 | protocol unix,inet,inet6,netlink |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | 38 | ||
38 | noexec ${HOME} | 39 | noexec ${HOME} |
39 | noexec /tmp | 40 | noexec /tmp |
40 | notv | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index aa52fc264..c66c76c05 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -20,6 +20,7 @@ net none | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix,netlink | 24 | protocol unix,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/gajim.profile b/etc/gajim.profile index fead7f6ae..79ff6217a 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -31,6 +31,7 @@ netfilter | |||
31 | nogroups | 31 | nogroups |
32 | nonewprivs | 32 | nonewprivs |
33 | noroot | 33 | noroot |
34 | notv | ||
34 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
35 | seccomp | 36 | seccomp |
36 | shell none | 37 | shell none |
@@ -42,4 +43,3 @@ private-dev | |||
42 | # private-tmp | 43 | # private-tmp |
43 | # Allow the local python 2.7 site packages, in case any plugins are using these | 44 | # Allow the local python 2.7 site packages, in case any plugins are using these |
44 | read-only ${HOME}/.local/lib/python2.7/site-packages/ | 45 | read-only ${HOME}/.local/lib/python2.7/site-packages/ |
45 | notv | ||
diff --git a/etc/galculator.profile b/etc/galculator.profile index 816a338a7..e6006aded 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
@@ -31,4 +32,3 @@ private-bin galculator | |||
31 | private-dev | 32 | private-dev |
32 | private-etc fonts | 33 | private-etc fonts |
33 | private-tmp | 34 | private-tmp |
34 | notv | ||
diff --git a/etc/geany.profile b/etc/geany.profile index 88ce48bc1..f5e821d62 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
@@ -25,4 +26,3 @@ shell none | |||
25 | 26 | ||
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/gedit.profile b/etc/gedit.profile index f82077366..a215a0d61 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index e33e0b7b1..26636ca64 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -26,4 +27,3 @@ shell none | |||
26 | # private-bin geeqie | 27 | # private-bin geeqie |
27 | private-dev | 28 | private-dev |
28 | # private-etc X11 | 29 | # private-etc X11 |
29 | notv | ||
diff --git a/etc/gimp.profile b/etc/gimp.profile index b7b5b03b7..510d2aa0a 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix | 21 | protocol unix |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | # if you are not using external plugins, you can enable noexec statement below | 29 | # if you are not using external plugins, you can enable noexec statement below |
29 | # noexec ${HOME} | 30 | # noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/git.profile b/etc/git.profile index 563175307..142edcf1c 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -27,9 +27,9 @@ nogroups | |||
27 | nonewprivs | 27 | nonewprivs |
28 | noroot | 28 | noroot |
29 | nosound | 29 | nosound |
30 | notv | ||
30 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
33 | 34 | ||
34 | private-dev | 35 | private-dev |
35 | notv | ||
diff --git a/etc/gitg.profile b/etc/gitg.profile index a088b3cd8..570ed5a46 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index e54ea88d2..8566f636a 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -25,4 +26,3 @@ shell none | |||
25 | private-bin gitter | 26 | private-bin gitter |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/gjs.profile b/etc/gjs.profile index 348ccfe25..5e4bea850 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -22,6 +22,7 @@ netfilter | |||
22 | nogroups | 22 | nogroups |
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | notv | ||
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
@@ -31,4 +32,3 @@ tracelog | |||
31 | private-dev | 32 | private-dev |
32 | # private-etc fonts | 33 | # private-etc fonts |
33 | private-tmp | 34 | private-tmp |
34 | notv | ||
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index d86820d1e..1b16f4171 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 531660e38..a31602338 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile | |||
@@ -21,6 +21,7 @@ netfilter | |||
21 | no3d | 21 | no3d |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 955afe32b..ae8dbb35e 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | notv | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 874ca5a87..b31ec3371 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | memory-deny-write-execute | 34 | memory-deny-write-execute |
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 8082fd253..6801a0f49 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index ad77c4f53..411bc8bdc 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -17,6 +17,7 @@ no3d | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/gnome-contacts.profile b/etc/gnome-contacts.profile index 3a33a2ae3..7ce444eed 100644 --- a/etc/gnome-contacts.profile +++ b/etc/gnome-contacts.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 4168d1b0b..62be67c5e 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile index 1427a02ba..06e8f2bd0 100644 --- a/etc/gnome-font-viewer.profile +++ b/etc/gnome-font-viewer.profile | |||
@@ -17,6 +17,7 @@ no3d | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 497e3e724..0e3846c05 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | notv | ||
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index bc0ddc117..d3c61d9b4 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index a2e74b9d7..68d1f2617 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile index 42fb81b36..0c325d3f2 100644 --- a/etc/gnome-twitch.profile +++ b/etc/gnome-twitch.profile | |||
@@ -23,6 +23,7 @@ caps.drop all | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index d0657a1d1..4d64defcf 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | notv | ||
diff --git a/etc/goobox.profile b/etc/goobox.profile index 7a9157e84..cfd479acc 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -16,6 +16,7 @@ netfilter | |||
16 | nogroups | 16 | nogroups |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix | 20 | protocol unix |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
@@ -25,4 +26,3 @@ tracelog | |||
25 | # private-dev | 26 | # private-dev |
26 | # private-etc fonts | 27 | # private-etc fonts |
27 | # private-tmp | 28 | # private-tmp |
28 | notv | ||
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 7f07bc959..a0a67883d 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile | |||
@@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc | |||
26 | caps.keep sys_chroot,sys_admin | 26 | caps.keep sys_chroot,sys_admin |
27 | netfilter | 27 | netfilter |
28 | nogroups | 28 | nogroups |
29 | notv | ||
29 | shell none | 30 | shell none |
30 | 31 | ||
31 | private-dev | 32 | private-dev |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 7dc90faf3..8d5057a5d 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile | |||
@@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc | |||
26 | caps.keep sys_chroot,sys_admin | 26 | caps.keep sys_chroot,sys_admin |
27 | netfilter | 27 | netfilter |
28 | nogroups | 28 | nogroups |
29 | notv | ||
29 | shell none | 30 | shell none |
30 | 31 | ||
31 | private-dev | 32 | private-dev |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 3e539ea71..be016d7e7 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile | |||
@@ -26,6 +26,7 @@ include /etc/firejail/whitelist-common.inc | |||
26 | caps.keep sys_chroot,sys_admin | 26 | caps.keep sys_chroot,sys_admin |
27 | netfilter | 27 | netfilter |
28 | nogroups | 28 | nogroups |
29 | notv | ||
29 | shell none | 30 | shell none |
30 | 31 | ||
31 | private-dev | 32 | private-dev |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index c1af553c3..550d3d63c 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile | |||
@@ -23,6 +23,7 @@ no3d | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6,netlink | 28 | protocol unix,inet,inet6,netlink |
28 | seccomp | 29 | seccomp |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | notv | ||
diff --git a/etc/gpa.profile b/etc/gpa.profile index b55a60e02..c5f767cf8 100644 --- a/etc/gpa.profile +++ b/etc/gpa.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -25,4 +26,3 @@ tracelog | |||
25 | 26 | ||
26 | # private-bin gpa,gpg | 27 | # private-bin gpa,gpg |
27 | private-dev | 28 | private-dev |
28 | notv | ||
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index f73b21379..c1c6b7686 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -28,4 +29,3 @@ tracelog | |||
28 | 29 | ||
29 | # private-bin gpg-agent,gpg | 30 | # private-bin gpg-agent,gpg |
30 | private-dev | 31 | private-dev |
31 | notv | ||
diff --git a/etc/gpg.profile b/etc/gpg.profile index 73d7eeaf9..137e37d5f 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -28,4 +29,3 @@ tracelog | |||
28 | 29 | ||
29 | # private-bin gpg,gpg-agent | 30 | # private-bin gpg,gpg-agent |
30 | private-dev | 31 | private-dev |
31 | notv | ||
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 32cd56956..ad30915a4 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ private-bin gpicview | |||
27 | private-dev | 28 | private-dev |
28 | private-etc fonts | 29 | private-etc fonts |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 4bf4fd78d..8066579d3 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index 244fe4d61..4911fbaae 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-bin gthumb | 28 | private-bin gthumb |
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index ac0000bd8..7713f216f 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6,netlink | 21 | protocol unix,inet,inet6,netlink |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 75b58178a..cfb014623 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 463bfd9bc..b0a1fc5ef 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -23,6 +23,7 @@ caps.drop all | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
@@ -35,4 +36,3 @@ private-dev | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | notv | ||
diff --git a/etc/gzip.profile b/etc/gzip.profile index 2c6e521fd..3d0f223f0 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -12,10 +12,10 @@ ignore noroot | |||
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nosound | 14 | nosound |
15 | notv | ||
15 | shell none | 16 | shell none |
16 | tracelog | 17 | tracelog |
17 | 18 | ||
18 | private-dev | 19 | private-dev |
19 | 20 | ||
20 | include /etc/firejail/default.profile | 21 | include /etc/firejail/default.profile |
21 | notv | ||
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 11d1210ea..2b32abca6 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index f79b764a9..8f4ddce07 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 80630b6d6..90515b8de 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile | |||
@@ -21,10 +21,10 @@ netfilter | |||
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | notv | ||
24 | seccomp | 25 | seccomp |
25 | tracelog | 26 | tracelog |
26 | 27 | ||
27 | disable-mnt | 28 | disable-mnt |
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index 2befcf1fb..178f384b1 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -24,6 +24,7 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | notv | ||
27 | novideo | 28 | novideo |
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
@@ -38,4 +39,3 @@ private-tmp | |||
38 | 39 | ||
39 | noexec ${HOME} | 40 | noexec ${HOME} |
40 | noexec /tmp | 41 | noexec /tmp |
41 | notv | ||
diff --git a/etc/highlight.profile b/etc/highlight.profile index 69027e9af..decba5f6c 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -28,4 +29,3 @@ private-bin highlight | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/hugin.profile b/etc/hugin.profile index 9e6f8525e..5d66ce3db 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/icecat.profile b/etc/icecat.profile index fcce3f931..4829675bb 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile | |||
@@ -39,6 +39,7 @@ caps.drop all | |||
39 | netfilter | 39 | netfilter |
40 | nonewprivs | 40 | nonewprivs |
41 | noroot | 41 | noroot |
42 | notv | ||
42 | protocol unix,inet,inet6,netlink | 43 | protocol unix,inet,inet6,netlink |
43 | seccomp | 44 | seccomp |
44 | tracelog | 45 | tracelog |
@@ -47,4 +48,3 @@ tracelog | |||
47 | 48 | ||
48 | noexec ${HOME} | 49 | noexec ${HOME} |
49 | noexec /tmp | 50 | noexec /tmp |
50 | notv | ||
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index 8986e5082..d74386afa 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile | |||
@@ -23,6 +23,7 @@ netfilter | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
@@ -32,4 +33,3 @@ private-dev | |||
32 | # private-tmp | 33 | # private-tmp |
33 | 34 | ||
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index cfcbdab1b..2d2e686b8 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix | 21 | protocol unix |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-dev | 27 | private-dev |
27 | # private-etc none | 28 | # private-etc none |
28 | private-tmp | 29 | private-tmp |
29 | notv | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index b289a7fbd..7c0fdfc97 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 302389bec..990e1a563 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 5c4e66d7c..5e835b2a3 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -16,6 +16,7 @@ caps.drop all | |||
16 | nogroups | 16 | nogroups |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
@@ -23,4 +24,3 @@ tracelog | |||
23 | 24 | ||
24 | disable-mnt | 25 | disable-mnt |
25 | private-tmp | 26 | private-tmp |
26 | notv | ||
diff --git a/etc/k3b.profile b/etc/k3b.profile index 79566fbc8..ca190ecb9 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile | |||
@@ -19,6 +19,7 @@ no3d | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -28,4 +29,3 @@ tracelog | |||
28 | # private-bin | 29 | # private-bin |
29 | # private-etc | 30 | # private-etc |
30 | # private-tmp | 31 | # private-tmp |
31 | notv | ||
diff --git a/etc/kate.profile b/etc/kate.profile index 32b27b419..7f44454b7 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -23,6 +23,7 @@ nogroups | |||
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | nosound | 25 | nosound |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
@@ -33,4 +34,3 @@ tracelog | |||
33 | private-dev | 34 | private-dev |
34 | # private-etc fonts | 35 | # private-etc fonts |
35 | private-tmp | 36 | private-tmp |
36 | notv | ||
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index bf113fd73..8e1239848 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/keepass.profile b/etc/keepass.profile index 558d35086..d925261a2 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -25,6 +25,7 @@ nogroups | |||
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | nosound | 27 | nosound |
28 | notv | ||
28 | novideo | 29 | novideo |
29 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
30 | seccomp | 31 | seccomp |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | 36 | ||
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | notv | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 6397cea8e..cd9d7d0b3 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -23,6 +23,7 @@ nogroups | |||
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | nosound | 25 | nosound |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | notv | ||
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index def4f24af..dd81311df 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | notv | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 92f033d2d..5c8229b95 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | novideo | 26 | novideo |
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
@@ -35,4 +36,3 @@ private-tmp | |||
35 | memory-deny-write-execute | 36 | memory-deny-write-execute |
36 | noexec ${HOME} | 37 | noexec ${HOME} |
37 | noexec /tmp | 38 | noexec /tmp |
38 | notv | ||
diff --git a/etc/kino.profile b/etc/kino.profile index ecb96b73d..240dab8ef 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index 9539be64d..180beb2a6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -17,10 +17,10 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6,netlink | 21 | protocol unix,inet,inet6,netlink |
21 | seccomp | 22 | seccomp |
22 | tracelog | 23 | tracelog |
23 | 24 | ||
24 | private-dev | 25 | private-dev |
25 | # private-tmp | 26 | # private-tmp |
26 | notv | ||
diff --git a/etc/knotes.profile b/etc/knotes.profile index a05100cf7..e5e449b35 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-dev | 28 | private-dev |
28 | # private-etc fonts | 29 | # private-etc fonts |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/konversation.profile b/etc/konversation.profile index 8372c1b6a..926839633 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -15,8 +15,8 @@ caps.drop all | |||
15 | netfilter | 15 | netfilter |
16 | nogroups | 16 | nogroups |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | 21 | ||
21 | private-tmp | 22 | private-tmp |
22 | notv | ||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 7256a3627..0c159bb0e 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -39,6 +39,7 @@ nogroups | |||
39 | nonewprivs | 39 | nonewprivs |
40 | noroot | 40 | noroot |
41 | nosound | 41 | nosound |
42 | notv | ||
42 | novideo | 43 | novideo |
43 | protocol unix,inet,inet6 | 44 | protocol unix,inet,inet6 |
44 | seccomp | 45 | seccomp |
@@ -49,4 +50,3 @@ private-tmp | |||
49 | 50 | ||
50 | noexec ${HOME} | 51 | noexec ${HOME} |
51 | noexec /tmp | 52 | noexec /tmp |
52 | notv | ||
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index ef2d801fd..15113f361 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -23,6 +23,7 @@ nogroups | |||
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | # nosound - KWrite is using ALSA! | 25 | # nosound - KWrite is using ALSA! |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix | 28 | protocol unix |
28 | seccomp | 29 | seccomp |
@@ -33,4 +34,3 @@ tracelog | |||
33 | private-dev | 34 | private-dev |
34 | # private-etc fonts | 35 | # private-etc fonts |
35 | private-tmp | 36 | private-tmp |
36 | notv | ||
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index bb3b0113d..4fc549241 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -28,4 +29,3 @@ private-dev | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/less.profile b/etc/less.profile index 6259a61b5..e0800891e 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -12,9 +12,11 @@ ignore noroot | |||
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nosound | 14 | nosound |
15 | notv | ||
15 | novideo | 16 | novideo |
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
19 | writable-var-log | ||
18 | 20 | ||
19 | # The user can have a custom coloring scritps configured in ~/.lessfilter. | 21 | # The user can have a custom coloring scritps configured in ~/.lessfilter. |
20 | # Enable private-bin if you are not using any filter. | 22 | # Enable private-bin if you are not using any filter. |
@@ -24,7 +26,5 @@ private-dev | |||
24 | memory-deny-write-execute | 26 | memory-deny-write-execute |
25 | noexec ${HOME} | 27 | noexec ${HOME} |
26 | noexec /tmp | 28 | noexec /tmp |
27 | writable-var-log | ||
28 | 29 | ||
29 | include /etc/firejail/default.profile | 30 | include /etc/firejail/default.profile |
30 | notv | ||
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 3204788c4..584020919 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -19,6 +19,7 @@ netfilter | |||
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | notv | ||
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -28,4 +29,3 @@ private-dev | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/liferea.profile b/etc/liferea.profile index 4c1ec4282..78adac568 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
@@ -29,6 +29,7 @@ nogroups | |||
29 | nonewprivs | 29 | nonewprivs |
30 | noroot | 30 | noroot |
31 | # nosound | 31 | # nosound |
32 | notv | ||
32 | novideo | 33 | novideo |
33 | protocol unix,inet,inet6 | 34 | protocol unix,inet,inet6 |
34 | seccomp | 35 | seccomp |
@@ -40,4 +41,3 @@ private-tmp | |||
40 | 41 | ||
41 | noexec ${HOME} | 42 | noexec ${HOME} |
42 | noexec /tmp | 43 | noexec /tmp |
43 | notv | ||
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 5b211cf53..587a46353 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 230cd9dfb..164b6296f 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 350ad51e6..08c6007ae 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index c99c4d80b..c5db75467 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -19,6 +19,7 @@ no3d | |||
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile index 026c9858a..72401bdff 100644 --- a/etc/lxterminal.profile +++ b/etc/lxterminal.profile | |||
@@ -13,6 +13,6 @@ include /etc/firejail/disable-programs.inc | |||
13 | caps.drop all | 13 | caps.drop all |
14 | netfilter | 14 | netfilter |
15 | # noroot - somehow this breaks on Debian Jessie! | 15 | # noroot - somehow this breaks on Debian Jessie! |
16 | notv | ||
16 | protocol unix,inet,inet6 | 17 | protocol unix,inet,inet6 |
17 | seccomp | 18 | seccomp |
18 | notv | ||
diff --git a/etc/lynx.profile b/etc/lynx.profile index 2df2b88a5..365f6dcdb 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 03c6e8b6c..83f4f530f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/mate-calculator.profile b/etc/mate-calculator.profile index 3fce03aa3..43bb3ebb4 100644 --- a/etc/mate-calculator.profile +++ b/etc/mate-calculator.profile | |||
@@ -1,9 +1,6 @@ | |||
1 | # Firejail profile for mate-calculator | 1 | # Firejail profile alias for mate-calc |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | |
4 | include /etc/firejail/mate-calculator.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 4 | ||
8 | # Redirect | 5 | # Redirect |
9 | include include /etc/firejail/mate-calc.profile | 6 | include /etc/firejail/mate-calc.profile |
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index ad18883aa..6b41ab005 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index d12129614..dbeb9567b 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index f667b87d6..9a4505ab2 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol inet,inet6 | 22 | protocol inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -25,4 +26,3 @@ shell none | |||
25 | private-bin mcabber | 26 | private-bin mcabber |
26 | private-dev | 27 | private-dev |
27 | private-etc null | 28 | private-etc null |
28 | notv | ||
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index b499a8ec4..81840d1b4 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -28,4 +29,3 @@ private-bin mediainfo | |||
28 | private-dev | 29 | private-dev |
29 | private-etc none | 30 | private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 17c2eb035..b3c239be7 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile | |||
@@ -23,6 +23,7 @@ caps.drop all | |||
23 | netfilter | 23 | netfilter |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/meld.profile b/etc/meld.profile index 012a6b515..e2c6dd00e 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/midori.profile b/etc/midori.profile index 5c35c4bab..6de433ae0 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -37,7 +37,7 @@ caps.drop all | |||
37 | netfilter | 37 | netfilter |
38 | nonewprivs | 38 | nonewprivs |
39 | # noroot - problems on Ubuntu 14.04 | 39 | # noroot - problems on Ubuntu 14.04 |
40 | notv | ||
40 | protocol unix,inet,inet6,netlink | 41 | protocol unix,inet,inet6,netlink |
41 | seccomp | 42 | seccomp |
42 | tracelog | 43 | tracelog |
43 | notv | ||
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index e1eab3759..2725f004c 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-bin mousepad | 27 | private-bin mousepad |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | notv | ||
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 27ca0a7e4..94cf7da86 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -25,6 +25,7 @@ netfilter | |||
25 | nogroups | 25 | nogroups |
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | notv | ||
28 | novideo | 29 | novideo |
29 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
30 | # seccomp | 31 | # seccomp |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | notv | ||
diff --git a/etc/mumble.profile b/etc/mumble.profile index 0f9283d66..b4c6ed7cf 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
@@ -25,6 +25,7 @@ no3d | |||
25 | nogroups | 25 | nogroups |
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | notv | ||
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
@@ -37,4 +38,3 @@ private-tmp | |||
37 | memory-deny-write-execute | 38 | memory-deny-write-execute |
38 | noexec ${HOME} | 39 | noexec ${HOME} |
39 | noexec /tmp | 40 | noexec /tmp |
40 | notv | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 761150754..7d933867f 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | protocol unix | 21 | protocol unix |
21 | seccomp | 22 | seccomp |
22 | # seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev | 23 | # seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev |
@@ -27,6 +28,6 @@ tracelog | |||
27 | private-dev | 28 | private-dev |
28 | private-etc fonts | 29 | private-etc fonts |
29 | private-tmp | 30 | private-tmp |
31 | |||
30 | # mupdf will never write anything | 32 | # mupdf will never write anything |
31 | read-only ${HOME} | 33 | read-only ${HOME} |
32 | notv | ||
diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 980ed522e..b2415acab 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile | |||
@@ -24,5 +24,5 @@ caps.drop all | |||
24 | net none | 24 | net none |
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | seccomp | ||
28 | notv | 27 | notv |
28 | seccomp | ||
diff --git a/etc/mutt.profile b/etc/mutt.profile index c5202c9f0..1ce1b7065 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -42,9 +42,9 @@ nogroups | |||
42 | nonewprivs | 42 | nonewprivs |
43 | noroot | 43 | noroot |
44 | nosound | 44 | nosound |
45 | notv | ||
45 | protocol unix,inet,inet6 | 46 | protocol unix,inet,inet6 |
46 | seccomp | 47 | seccomp |
47 | shell none | 48 | shell none |
48 | 49 | ||
49 | private-dev | 50 | private-dev |
50 | notv | ||
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 577f63b8a..83599c683 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -23,6 +23,7 @@ netfilter | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
@@ -33,4 +34,3 @@ tracelog | |||
33 | # private-dev | 34 | # private-dev |
34 | # private-etc fonts | 35 | # private-etc fonts |
35 | # private-tmp | 36 | # private-tmp |
36 | notv | ||
diff --git a/etc/nemo.profile b/etc/nemo.profile index 1df3688a3..29a2cad9d 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -28,4 +29,3 @@ shell none | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/netsurf.profile b/etc/netsurf.profile index e32b7250f..df2241f3a 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile | |||
@@ -23,7 +23,7 @@ caps.drop all | |||
23 | netfilter | 23 | netfilter |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | protocol unix,inet,inet6,netlink | 27 | protocol unix,inet,inet6,netlink |
27 | seccomp | 28 | seccomp |
28 | tracelog | 29 | tracelog |
29 | notv | ||
diff --git a/etc/nylas.profile b/etc/nylas.profile index 9dda3c303..e9a277e5c 100644 --- a/etc/nylas.profile +++ b/etc/nylas.profile | |||
@@ -24,9 +24,9 @@ nogroups | |||
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | nosound | 26 | nosound |
27 | notv | ||
27 | protocol unix,inet,inet6,netlink | 28 | protocol unix,inet,inet6,netlink |
28 | seccomp | 29 | seccomp |
29 | shell none | 30 | shell none |
30 | 31 | ||
31 | private-dev | 32 | private-dev |
32 | notv | ||
diff --git a/etc/obs.profile b/etc/obs.profile index 5aa46b64f..407161de5 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -16,6 +16,7 @@ caps.drop all | |||
16 | nogroups | 16 | nogroups |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
@@ -26,4 +27,3 @@ private-tmp | |||
26 | 27 | ||
27 | noexec ${HOME} | 28 | noexec ${HOME} |
28 | noexec /tmp | 29 | noexec /tmp |
29 | notv | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index dd45cf8df..d146dc571 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -29,4 +30,3 @@ private-dev | |||
29 | private-etc none | 30 | private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | read-only ${HOME} | 32 | read-only ${HOME} |
32 | notv | ||
diff --git a/etc/okular.profile b/etc/okular.profile index 82841aa47..c36b76432 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -26,6 +26,7 @@ nogroups | |||
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | nosound | 28 | nosound |
29 | notv | ||
29 | novideo | 30 | novideo |
30 | protocol unix | 31 | protocol unix |
31 | seccomp | 32 | seccomp |
@@ -39,4 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
41 | noexec /tmp | 42 | noexec /tmp |
42 | notv | ||
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 7eed37c20..8414315ea 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -20,6 +20,7 @@ net none | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix,netlink | 24 | protocol unix,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/openshot.profile b/etc/openshot.profile index 24d92cd9f..554bbd40b 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | protocol unix,inet,inet6,netlink | 22 | protocol unix,inet,inet6,netlink |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/orage.profile b/etc/orage.profile index 410d27053..fb29becc5 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 6e5d1f720..e21a9a73e 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -44,6 +44,7 @@ netfilter | |||
44 | nogroups | 44 | nogroups |
45 | nonewprivs | 45 | nonewprivs |
46 | noroot | 46 | noroot |
47 | notv | ||
47 | protocol unix,inet,inet6,netlink | 48 | protocol unix,inet,inet6,netlink |
48 | seccomp | 49 | seccomp |
49 | shell none | 50 | shell none |
@@ -54,4 +55,3 @@ tracelog | |||
54 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 55 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
55 | # private-opt palemoon | 56 | # private-opt palemoon |
56 | private-tmp | 57 | private-tmp |
57 | notv | ||
diff --git a/etc/parole.profile b/etc/parole.profile index 60a7cc365..a8ce63e73 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -15,10 +15,10 @@ caps.drop all | |||
15 | netfilter | 15 | netfilter |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | shell none | 21 | shell none |
21 | 22 | ||
22 | private-bin parole,dbus-launch | 23 | private-bin parole,dbus-launch |
23 | private-etc passwd,group,fonts | 24 | private-etc passwd,group,fonts |
24 | notv | ||
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 0417cebd0..d35d4b369 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
@@ -20,9 +20,9 @@ no3d | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | novideo | 24 | novideo |
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
27 | tracelog | 28 | tracelog |
28 | notv | ||
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 89f830814..8af809e27 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index bf1f2811b..d668f4554 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-bin pdftotext | |||
29 | private-dev | 30 | private-dev |
30 | private-etc none | 31 | private-etc none |
31 | private-tmp | 32 | private-tmp |
32 | notv | ||
diff --git a/etc/peek.profile b/etc/peek.profile index e39163b1f..54d7d105d 100644 --- a/etc/peek.profile +++ b/etc/peek.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/picard.profile b/etc/picard.profile index 2fa5dc22d..94a6f8573 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 016f1c251..4471bcd87 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -25,4 +26,3 @@ tracelog | |||
25 | private-bin pidgin | 26 | private-bin pidgin |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/pingus.profile b/etc/pingus.profile index 981d7e5da..b3078db67 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -20,6 +20,7 @@ net none | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix,netlink | 24 | protocol unix,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/pithos.profile b/etc/pithos.profile index 8629853d5..9f60d41d0 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -18,6 +18,7 @@ no3d | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/pix.profile b/etc/pix.profile index 4d37e3aa6..8062ff322 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ tracelog | |||
28 | private-bin pix | 29 | private-bin pix |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/pluma.profile b/etc/pluma.profile index f9682980a..80f9a8e57 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
23 | tracelog | 24 | tracelog |
@@ -25,4 +26,3 @@ tracelog | |||
25 | private-bin pluma | 26 | private-bin pluma |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/polari.profile b/etc/polari.profile index 278c8765e..b31954ed4 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -31,6 +31,7 @@ nogroups | |||
31 | nonewprivs | 31 | nonewprivs |
32 | noroot | 32 | noroot |
33 | nosound | 33 | nosound |
34 | notv | ||
34 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
35 | seccomp | 36 | seccomp |
36 | shell none | 37 | shell none |
@@ -42,4 +43,3 @@ private-tmp | |||
42 | 43 | ||
43 | noexec ${HOME} | 44 | noexec ${HOME} |
44 | noexec /tmp | 45 | noexec /tmp |
45 | notv | ||
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile index b57999bf0..96dbfdfb4 100644 --- a/etc/psi-plus.profile +++ b/etc/psi-plus.profile | |||
@@ -28,6 +28,7 @@ no3d | |||
28 | nogroups | 28 | nogroups |
29 | nonewprivs | 29 | nonewprivs |
30 | noroot | 30 | noroot |
31 | notv | ||
31 | novideo | 32 | novideo |
32 | protocol unix,inet,inet6 | 33 | protocol unix,inet,inet6 |
33 | seccomp | 34 | seccomp |
@@ -39,4 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
41 | noexec /tmp | 42 | noexec /tmp |
42 | notv | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 7cd512ca5..3cfbff52e 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -33,6 +33,7 @@ nogroups | |||
33 | nonewprivs | 33 | nonewprivs |
34 | noroot | 34 | noroot |
35 | nosound | 35 | nosound |
36 | notv | ||
36 | protocol unix,inet,inet6,netlink | 37 | protocol unix,inet,inet6,netlink |
37 | seccomp | 38 | seccomp |
38 | # shell none | 39 | # shell none |
@@ -41,4 +42,3 @@ seccomp | |||
41 | private-dev | 42 | private-dev |
42 | # private-etc X11,fonts,xdg,resolv.conf | 43 | # private-etc X11,fonts,xdg,resolv.conf |
43 | private-tmp | 44 | private-tmp |
44 | notv | ||
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 96fbf90bd..a80d21129 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
@@ -16,6 +16,7 @@ netfilter | |||
16 | nogroups | 16 | nogroups |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
@@ -24,4 +25,3 @@ tracelog | |||
24 | private-tmp | 25 | private-tmp |
25 | 26 | ||
26 | noexec /tmp | 27 | noexec /tmp |
27 | notv | ||
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 146588dcc..bec350bc5 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
@@ -15,6 +15,7 @@ netfilter | |||
15 | nogroups | 15 | nogroups |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | shell none | 21 | shell none |
@@ -23,4 +24,3 @@ tracelog | |||
23 | private-tmp | 24 | private-tmp |
24 | 25 | ||
25 | noexec /tmp | 26 | noexec /tmp |
26 | notv | ||
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 94347c1f6..8e37515ee 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 7e3d32f61..fb34ff788 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-bin qpdfview | 28 | private-bin qpdfview |
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 78ec984cd..b4c019979 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -25,6 +25,7 @@ netfilter | |||
25 | nogroups | 25 | nogroups |
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | notv | ||
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
@@ -36,4 +37,3 @@ private-tmp | |||
36 | 37 | ||
37 | noexec ${HOME} | 38 | noexec ${HOME} |
38 | noexec /tmp | 39 | noexec /tmp |
39 | notv | ||
diff --git a/etc/quassel.profile b/etc/quassel.profile index 498556426..897fc1044 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -14,6 +14,6 @@ caps.drop all | |||
14 | netfilter | 14 | netfilter |
15 | nonewprivs | 15 | nonewprivs |
16 | noroot | 16 | noroot |
17 | notv | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | notv | ||
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 42dceec83..7508365ca 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -32,6 +32,7 @@ nogroups | |||
32 | nonewprivs | 32 | nonewprivs |
33 | noroot | 33 | noroot |
34 | nosound | 34 | nosound |
35 | notv | ||
35 | protocol unix,inet,inet6 | 36 | protocol unix,inet,inet6 |
36 | seccomp | 37 | seccomp |
37 | shell none | 38 | shell none |
@@ -44,4 +45,3 @@ private-dev | |||
44 | 45 | ||
45 | noexec ${HOME} | 46 | noexec ${HOME} |
46 | noexec /tmp | 47 | noexec /tmp |
47 | notv | ||
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index 5fd6765f2..35687c51c 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -21,9 +21,9 @@ include /etc/firejail/whitelist-common.inc | |||
21 | caps.drop all | 21 | caps.drop all |
22 | netfilter | 22 | netfilter |
23 | noroot | 23 | noroot |
24 | notv | ||
24 | protocol unix,inet,inet6,netlink | 25 | protocol unix,inet,inet6,netlink |
25 | seccomp | 26 | seccomp |
26 | tracelog | 27 | tracelog |
27 | 28 | ||
28 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 29 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
29 | notv | ||
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index aa44a0a94..035636d9b 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -25,7 +25,7 @@ caps.drop all | |||
25 | netfilter | 25 | netfilter |
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | notv | ||
28 | protocol unix,inet,inet6,netlink | 29 | protocol unix,inet,inet6,netlink |
29 | seccomp | 30 | seccomp |
30 | tracelog | 31 | tracelog |
31 | notv | ||
diff --git a/etc/rambox.profile b/etc/rambox.profile index cb859d25e..c66fdb964 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
@@ -24,7 +24,7 @@ netfilter | |||
24 | nogroups | 24 | nogroups |
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | notv | ||
27 | protocol unix,inet,inet6,netlink | 28 | protocol unix,inet,inet6,netlink |
28 | seccomp | 29 | seccomp |
29 | # tracelog | 30 | # tracelog |
30 | notv | ||
diff --git a/etc/ranger.profile b/etc/ranger.profile index 34231e3a5..1cc3b07b9 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile | |||
@@ -22,8 +22,8 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
27 | 28 | ||
28 | private-dev | 29 | private-dev |
29 | notv | ||
diff --git a/etc/remmina.profile b/etc/remmina.profile index fec723145..b03c0d9de 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -18,6 +18,7 @@ caps.drop all | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix,inet,inet6 | 23 | protocol unix,inet,inet6 |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 03d50bf20..bcd72be9a 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index cf61b2da3..7971c79e6 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 5c57d5bf5..5dcf1fe8d 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -16,6 +16,7 @@ netfilter | |||
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | nosound | 18 | nosound |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
@@ -23,4 +24,3 @@ shell none | |||
23 | private-bin rtorrent | 24 | private-bin rtorrent |
24 | private-dev | 25 | private-dev |
25 | private-tmp | 26 | private-tmp |
26 | notv | ||
diff --git a/etc/scribus.profile b/etc/scribus.profile index b7e0b69e3..f18be4ac8 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -30,6 +30,7 @@ caps.drop all | |||
30 | nonewprivs | 30 | nonewprivs |
31 | noroot | 31 | noroot |
32 | nosound | 32 | nosound |
33 | notv | ||
33 | novideo | 34 | novideo |
34 | protocol unix | 35 | protocol unix |
35 | seccomp | 36 | seccomp |
@@ -37,4 +38,3 @@ tracelog | |||
37 | 38 | ||
38 | private-dev | 39 | private-dev |
39 | # private-tmp | 40 | # private-tmp |
40 | notv | ||
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 78e04c9e7..7b13ac772 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -28,4 +29,3 @@ private-dev | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index a127774ab..7d35eeb1b 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -39,9 +39,9 @@ caps.drop all | |||
39 | netfilter | 39 | netfilter |
40 | nonewprivs | 40 | nonewprivs |
41 | noroot | 41 | noroot |
42 | notv | ||
42 | protocol unix,inet,inet6,netlink | 43 | protocol unix,inet,inet6,netlink |
43 | seccomp | 44 | seccomp |
44 | tracelog | 45 | tracelog |
45 | 46 | ||
46 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 47 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
47 | notv | ||
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index fa8d570b9..bbbd5be10 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 14c039fe1..9cf150066 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | shell none | 23 | shell none |
23 | # seccomp | 24 | # seccomp |
@@ -27,4 +28,3 @@ tracelog | |||
27 | # private-dev | 28 | # private-dev |
28 | # private-etc fonts | 29 | # private-etc fonts |
29 | # private-tmp | 30 | # private-tmp |
30 | notv | ||
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index 540cbbb97..c2ef90853 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -20,6 +20,7 @@ net none | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 432e3633d..6fccba92c 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -17,6 +17,7 @@ nogroups | |||
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | nosound | 19 | nosound |
20 | notv | ||
20 | # protocol unix,inet,inet6 | 21 | # protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -25,4 +26,3 @@ shell none | |||
25 | # private-dev | 26 | # private-dev |
26 | # private-etc | 27 | # private-etc |
27 | # private-tmp | 28 | # private-tmp |
28 | notv | ||
diff --git a/etc/skype.profile b/etc/skype.profile index 900c77b2c..13bf06aa6 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index a385d5d13..20632e91b 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile | |||
@@ -17,6 +17,7 @@ netfilter | |||
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6,netlink | 21 | protocol unix,inet,inet6,netlink |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/slack.profile b/etc/slack.profile index 356c0366d..62463ff5c 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -27,6 +27,7 @@ netfilter | |||
27 | nogroups | 27 | nogroups |
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | notv | ||
30 | protocol unix,inet,inet6,netlink | 31 | protocol unix,inet,inet6,netlink |
31 | seccomp | 32 | seccomp |
32 | shell none | 33 | shell none |
@@ -36,4 +37,3 @@ private-bin slack | |||
36 | private-dev | 37 | private-dev |
37 | private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime | 38 | private-etc fonts,resolv.conf,ld.so.conf,ld.so.cache,localtime |
38 | private-tmp | 39 | private-tmp |
39 | notv | ||
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index ee9ee4f1d..933c0fc70 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | novideo | 22 | novideo |
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
@@ -28,4 +29,3 @@ private-tmp | |||
28 | 29 | ||
29 | noexec ${HOME} | 30 | noexec ${HOME} |
30 | noexec /tmp | 31 | noexec /tmp |
31 | notv | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index f75135ac7..8eac3610b 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -36,6 +36,7 @@ netfilter | |||
36 | nogroups | 36 | nogroups |
37 | nonewprivs | 37 | nonewprivs |
38 | noroot | 38 | noroot |
39 | notv | ||
39 | protocol unix,inet,inet6,netlink | 40 | protocol unix,inet,inet6,netlink |
40 | seccomp | 41 | seccomp |
41 | shell none | 42 | shell none |
@@ -48,4 +49,3 @@ private-tmp | |||
48 | 49 | ||
49 | noexec ${HOME} | 50 | noexec ${HOME} |
50 | noexec /tmp | 51 | noexec /tmp |
51 | notv | ||
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 5b5ed3c61..bfa8cac8b 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 891b9d0fd..0005f0ecb 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -21,6 +21,6 @@ netfilter | |||
21 | no3d | 21 | no3d |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | notv | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index 300511a60..3bb115631 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -22,6 +22,7 @@ nogroups | |||
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nosound | 24 | nosound |
25 | notv | ||
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
27 | shell none | 28 | shell none |
@@ -33,4 +34,3 @@ private-dev | |||
33 | memory-deny-write-execute | 34 | memory-deny-write-execute |
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 05817d06a..47cceaddd 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -16,6 +16,7 @@ netfilter | |||
16 | nogroups | 16 | nogroups |
17 | nonewprivs | 17 | nonewprivs |
18 | noroot | 18 | noroot |
19 | notv | ||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
@@ -25,4 +26,3 @@ private-bin bash,dash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed | |||
25 | private-dev | 26 | private-dev |
26 | private-etc fonts | 27 | private-etc fonts |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/steam.profile b/etc/steam.profile index efd834cdc..ec6ea09cc 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -27,6 +27,7 @@ netfilter | |||
27 | nogroups | 27 | nogroups |
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | notv | ||
30 | # novideo | 31 | # novideo |
31 | protocol unix,inet,inet6,netlink | 32 | protocol unix,inet,inet6,netlink |
32 | seccomp | 33 | seccomp |
@@ -36,4 +37,3 @@ shell none | |||
36 | 37 | ||
37 | private-dev | 38 | private-dev |
38 | private-tmp | 39 | private-tmp |
39 | notv | ||
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 2b561eff0..eff80393e 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -25,6 +25,7 @@ nogroups | |||
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | nosound | 27 | nosound |
28 | notv | ||
28 | protocol unix,inet,inet6,netlink | 29 | protocol unix,inet,inet6,netlink |
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
@@ -34,4 +35,3 @@ disable-mnt | |||
34 | private-bin stellarium | 35 | private-bin stellarium |
35 | private-dev | 36 | private-dev |
36 | private-tmp | 37 | private-tmp |
37 | notv | ||
diff --git a/etc/strings.profile b/etc/strings.profile index 0ef004abe..4bbdcb97e 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -12,6 +12,7 @@ ignore noroot | |||
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nosound | 14 | nosound |
15 | notv | ||
15 | novideo | 16 | novideo |
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
@@ -21,4 +22,3 @@ private-dev | |||
21 | memory-deny-write-execute | 22 | memory-deny-write-execute |
22 | 23 | ||
23 | include /etc/firejail/default.profile | 24 | include /etc/firejail/default.profile |
24 | notv | ||
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index a74c476cb..0a99246cc 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -20,6 +20,7 @@ net none | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix,netlink | 24 | protocol unix,netlink |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-dev | 29 | private-dev |
29 | # private-etc none | 30 | # private-etc none |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 4a663bf3d..1ec2185f0 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/tar.profile b/etc/tar.profile index d0633d4ff..3fc0e975c 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -13,6 +13,7 @@ ignore noroot | |||
13 | net none | 13 | net none |
14 | no3d | 14 | no3d |
15 | nosound | 15 | nosound |
16 | notv | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
@@ -22,4 +23,3 @@ private-dev | |||
22 | private-etc passwd,group,localtime | 23 | private-etc passwd,group,localtime |
23 | 24 | ||
24 | include /etc/firejail/default.profile | 25 | include /etc/firejail/default.profile |
25 | notv | ||
diff --git a/etc/telegram.profile b/etc/telegram.profile index ea30928e6..5257083bc 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -15,6 +15,7 @@ caps.drop all | |||
15 | netfilter | 15 | netfilter |
16 | nonewprivs | 16 | nonewprivs |
17 | noroot | 17 | noroot |
18 | notv | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
20 | 21 | ||
@@ -23,4 +24,3 @@ private-tmp | |||
23 | 24 | ||
24 | noexec ${HOME} | 25 | noexec ${HOME} |
25 | noexec /tmp | 26 | noexec /tmp |
26 | notv | ||
diff --git a/etc/tracker.profile b/etc/tracker.profile index 5ca42fc1c..52929c548 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix | 25 | protocol unix |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -30,4 +31,3 @@ tracelog | |||
30 | # private-dev | 31 | # private-dev |
31 | # private-etc fonts | 32 | # private-etc fonts |
32 | # private-tmp | 33 | # private-tmp |
33 | notv | ||
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index e7c75e84b..b3a4bbb84 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -29,4 +30,3 @@ private-etc none | |||
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
31 | memory-deny-write-execute | 32 | memory-deny-write-execute |
32 | notv | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index a53e61b73..b8872adfe 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -25,6 +25,7 @@ netfilter | |||
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | nosound | 27 | nosound |
28 | notv | ||
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
@@ -35,4 +36,3 @@ private-dev | |||
35 | private-tmp | 36 | private-tmp |
36 | 37 | ||
37 | memory-deny-write-execute | 38 | memory-deny-write-execute |
38 | notv | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index c4670c52e..083b293e1 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -25,6 +25,7 @@ netfilter | |||
25 | nonewprivs | 25 | nonewprivs |
26 | noroot | 26 | noroot |
27 | nosound | 27 | nosound |
28 | notv | ||
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
30 | shell none | 31 | shell none |
@@ -33,4 +34,3 @@ tracelog | |||
33 | private-bin transmission-qt | 34 | private-bin transmission-qt |
34 | private-dev | 35 | private-dev |
35 | private-tmp | 36 | private-tmp |
36 | notv | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index ee67b6bb7..ad97b537a 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -18,6 +18,7 @@ net none | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-dev | 28 | private-dev |
28 | private-etc none | 29 | private-etc none |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/truecraft.profile b/etc/truecraft.profile index a177ca7e3..186f6c7f7 100644 --- a/etc/truecraft.profile +++ b/etc/truecraft.profile | |||
@@ -23,6 +23,7 @@ caps.drop all | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | novideo | 27 | novideo |
27 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
28 | seccomp | 29 | seccomp |
@@ -34,4 +35,3 @@ private-tmp | |||
34 | 35 | ||
35 | noexec ${HOME} | 36 | noexec ${HOME} |
36 | noexec /tmp | 37 | noexec /tmp |
37 | notv | ||
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index df46cc698..5f64095f0 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile | |||
@@ -17,6 +17,7 @@ caps.drop all | |||
17 | no3d | 17 | no3d |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | novideo | 21 | novideo |
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
@@ -27,4 +28,3 @@ private-tmp | |||
27 | 28 | ||
28 | # noexec ${HOME} - tuxguitar may fail to launch | 29 | # noexec ${HOME} - tuxguitar may fail to launch |
29 | noexec /tmp | 30 | noexec /tmp |
30 | notv | ||
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index eaf03bed7..a9c332799 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile | |||
@@ -21,6 +21,7 @@ netfilter | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | private-bin uget-gtk | 29 | private-bin uget-gtk |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/unbound.profile b/etc/unbound.profile index debba08fc..0e5539764 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -15,8 +15,8 @@ include /etc/firejail/disable-programs.inc | |||
15 | 15 | ||
16 | no3d | 16 | no3d |
17 | nosound | 17 | nosound |
18 | notv | ||
18 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 19 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
19 | 20 | ||
20 | private | 21 | private |
21 | private-dev | 22 | private-dev |
22 | notv | ||
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index e211b5e4d..db768b883 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -19,6 +19,7 @@ caps.drop all | |||
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | notv | ||
22 | protocol unix,netlink,inet,inet6 | 23 | protocol unix,netlink,inet,inet6 |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -27,4 +28,3 @@ shell none | |||
27 | private-dev | 28 | private-dev |
28 | # private-etc none | 29 | # private-etc none |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/unrar.profile b/etc/unrar.profile index 455ce8369..37227e5d3 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -13,6 +13,7 @@ ignore noroot | |||
13 | net none | 13 | net none |
14 | no3d | 14 | no3d |
15 | nosound | 15 | nosound |
16 | notv | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
@@ -22,4 +23,3 @@ private-etc passwd,group,localtime | |||
22 | private-tmp | 23 | private-tmp |
23 | 24 | ||
24 | include /etc/firejail/default.profile | 25 | include /etc/firejail/default.profile |
25 | notv | ||
diff --git a/etc/unzip.profile b/etc/unzip.profile index 57d0c7898..8a0a79bf8 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -13,6 +13,7 @@ ignore noroot | |||
13 | net none | 13 | net none |
14 | no3d | 14 | no3d |
15 | nosound | 15 | nosound |
16 | notv | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
@@ -21,4 +22,3 @@ private-dev | |||
21 | private-etc passwd,group,localtime | 22 | private-etc passwd,group,localtime |
22 | 23 | ||
23 | include /etc/firejail/default.profile | 24 | include /etc/firejail/default.profile |
24 | notv | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 69fd43e4f..3f86a43f2 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -11,6 +11,7 @@ hostname uudeview | |||
11 | ignore noroot | 11 | ignore noroot |
12 | net none | 12 | net none |
13 | nosound | 13 | nosound |
14 | notv | ||
14 | shell none | 15 | shell none |
15 | tracelog | 16 | tracelog |
16 | 17 | ||
@@ -19,4 +20,3 @@ private-dev | |||
19 | private-etc ld.so.preload | 20 | private-etc ld.so.preload |
20 | 21 | ||
21 | include /etc/firejail/default.profile | 22 | include /etc/firejail/default.profile |
22 | notv | ||
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index 7bc6bee28..d8eba6c7d 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile | |||
@@ -27,7 +27,7 @@ caps.drop all | |||
27 | netfilter | 27 | netfilter |
28 | nonewprivs | 28 | nonewprivs |
29 | noroot | 29 | noroot |
30 | notv | ||
30 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
31 | seccomp | 32 | seccomp |
32 | tracelog | 33 | tracelog |
33 | notv | ||
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 25ac611e6..5f6b9848d 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -23,6 +23,7 @@ nogroups | |||
23 | nonewprivs | 23 | nonewprivs |
24 | noroot | 24 | noroot |
25 | nosound | 25 | nosound |
26 | notv | ||
26 | protocol unix | 27 | protocol unix |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
@@ -32,4 +33,3 @@ private-bin viewnior | |||
32 | private-dev | 33 | private-dev |
33 | private-etc fonts | 34 | private-etc fonts |
34 | private-tmp | 35 | private-tmp |
35 | notv | ||
diff --git a/etc/viking.profile b/etc/viking.profile index fd9744bc0..331a759c4 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/vim.profile b/etc/vim.profile index 169026166..adbcef008 100644 --- a/etc/vim.profile +++ b/etc/vim.profile | |||
@@ -18,6 +18,6 @@ netfilter | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | notv | ||
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 366374b55..816548bc7 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | caps.keep sys_chroot,sys_admin | 22 | caps.keep sys_chroot,sys_admin |
23 | netfilter | 23 | netfilter |
24 | nogroups | 24 | nogroups |
25 | notv | ||
25 | shell none | 26 | shell none |
26 | 27 | ||
27 | private-dev | 28 | private-dev |
@@ -29,4 +30,3 @@ private-dev | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/vym.profile b/etc/vym.profile index d648082ab..c81bc580a 100644 --- a/etc/vym.profile +++ b/etc/vym.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/w3m.profile b/etc/w3m.profile index 2401416a4..f7f7d30b2 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | protocol unix,inet,inet6 | 25 | protocol unix,inet,inet6 |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -30,4 +31,3 @@ tracelog | |||
30 | private-dev | 31 | private-dev |
31 | private-etc none | 32 | private-etc none |
32 | private-tmp | 33 | private-tmp |
33 | notv | ||
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 1485b0316..c40114b24 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -23,6 +23,7 @@ netfilter | |||
23 | nogroups | 23 | nogroups |
24 | nonewprivs | 24 | nonewprivs |
25 | noroot | 25 | noroot |
26 | notv | ||
26 | protocol unix,inet,inet6,netlink | 27 | protocol unix,inet,inet6,netlink |
27 | seccomp | 28 | seccomp |
28 | shell none | 29 | shell none |
@@ -32,4 +33,3 @@ disable-mnt | |||
32 | private-bin warzone2100 | 33 | private-bin warzone2100 |
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | notv | ||
diff --git a/etc/waterfox.profile b/etc/waterfox.profile index 541e8f350..af5ce150d 100644 --- a/etc/waterfox.profile +++ b/etc/waterfox.profile | |||
@@ -55,6 +55,7 @@ netfilter | |||
55 | nogroups | 55 | nogroups |
56 | nonewprivs | 56 | nonewprivs |
57 | noroot | 57 | noroot |
58 | notv | ||
58 | protocol unix,inet,inet6,netlink | 59 | protocol unix,inet,inet6,netlink |
59 | seccomp | 60 | seccomp |
60 | shell none | 61 | shell none |
@@ -68,4 +69,3 @@ private-tmp | |||
68 | 69 | ||
69 | noexec ${HOME} | 70 | noexec ${HOME} |
70 | noexec /tmp | 71 | noexec /tmp |
71 | notv | ||
diff --git a/etc/weechat.profile b/etc/weechat.profile index 9dd1ea3a9..7a2c46cd1 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile | |||
@@ -14,10 +14,10 @@ caps.drop all | |||
14 | netfilter | 14 | netfilter |
15 | nonewprivs | 15 | nonewprivs |
16 | noroot | 16 | noroot |
17 | notv | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | 20 | ||
20 | # no private-bin support for various reasons: | 21 | # no private-bin support for various reasons: |
21 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, | 22 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, |
22 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins | 23 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins |
23 | notv | ||
diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 1236044e2..4796b792e 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile | |||
@@ -25,9 +25,9 @@ include /etc/firejail/whitelist-common.inc | |||
25 | caps.drop all | 25 | caps.drop all |
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | notv | ||
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
30 | 31 | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | notv | ||
diff --git a/etc/wget.profile b/etc/wget.profile index a93ae0627..553e03c33 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -33,4 +34,3 @@ private-dev | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/wine.profile b/etc/wine.profile index 44abb173a..0f7c48837 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
@@ -20,5 +20,5 @@ netfilter | |||
20 | nogroups | 20 | nogroups |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | seccomp | ||
24 | notv | 23 | notv |
24 | seccomp | ||
diff --git a/etc/wire.profile b/etc/wire.profile index 74b72ea48..d1aba549d 100644 --- a/etc/wire.profile +++ b/etc/wire.profile | |||
@@ -21,6 +21,7 @@ netfilter | |||
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | notv | ||
24 | protocol unix,inet,inet6,netlink | 25 | protocol unix,inet,inet6,netlink |
25 | seccomp | 26 | seccomp |
26 | shell none | 27 | shell none |
@@ -28,4 +29,3 @@ shell none | |||
28 | disable-mnt | 29 | disable-mnt |
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | notv | ||
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index be2d38126..d6b8ba23c 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -19,6 +19,7 @@ no3d | |||
19 | # nonewprivs - breaks unprivileged wireshark usage | 19 | # nonewprivs - breaks unprivileged wireshark usage |
20 | # noroot | 20 | # noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | # protocol unix,inet,inet6,netlink | 23 | # protocol unix,inet,inet6,netlink |
23 | # seccomp - breaks unprivileged wireshark usage | 24 | # seccomp - breaks unprivileged wireshark usage |
24 | shell none | 25 | shell none |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/xchat.profile b/etc/xchat.profile index 2cf9faf62..3297b24fc 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
@@ -14,8 +14,8 @@ include /etc/firejail/disable-programs.inc | |||
14 | caps.drop all | 14 | caps.drop all |
15 | nonewprivs | 15 | nonewprivs |
16 | noroot | 16 | noroot |
17 | notv | ||
17 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
18 | seccomp | 19 | seccomp |
19 | 20 | ||
20 | # private-bin requires perl, python, etc. | 21 | # private-bin requires perl, python, etc. |
21 | notv | ||
diff --git a/etc/xed.profile b/etc/xed.profile index eac7d0346..29c35c08c 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
23 | tracelog | 24 | tracelog |
@@ -25,4 +26,3 @@ tracelog | |||
25 | private-bin xed | 26 | private-bin xed |
26 | private-dev | 27 | private-dev |
27 | private-tmp | 28 | private-tmp |
28 | notv | ||
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 7be9c69de..0f94698f2 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
@@ -18,6 +18,7 @@ nogroups | |||
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | ||
21 | protocol unix | 22 | protocol unix |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | # private-dev | 28 | # private-dev |
28 | # private-etc fonts | 29 | # private-etc fonts |
29 | # private-tmp | 30 | # private-tmp |
30 | notv | ||
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index 020965840..aea5aa80a 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
@@ -30,4 +31,3 @@ private-tmp | |||
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
32 | noexec /tmp | 33 | noexec /tmp |
33 | notv | ||
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index dec1accf3..302b26c5e 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix | 26 | protocol unix |
26 | seccomp | 27 | seccomp |
@@ -32,4 +33,3 @@ private-tmp | |||
32 | 33 | ||
33 | noexec ${HOME} | 34 | noexec ${HOME} |
34 | noexec /tmp | 35 | noexec /tmp |
35 | notv | ||
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 82a55e30f..eae4e338d 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -26,6 +26,7 @@ nogroups | |||
26 | nonewprivs | 26 | nonewprivs |
27 | noroot | 27 | noroot |
28 | nosound | 28 | nosound |
29 | notv | ||
29 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
30 | seccomp | 31 | seccomp |
31 | shell none | 32 | shell none |
@@ -35,4 +36,3 @@ private-bin xiphos | |||
35 | private-dev | 36 | private-dev |
36 | private-etc fonts,resolv.conf,sword | 37 | private-etc fonts,resolv.conf,sword |
37 | private-tmp | 38 | private-tmp |
38 | notv | ||
diff --git a/etc/xmms.profile b/etc/xmms.profile index b99c2d847..d2e6eddac 100644 --- a/etc/xmms.profile +++ b/etc/xmms.profile | |||
@@ -17,10 +17,10 @@ netfilter | |||
17 | no3d | 17 | no3d |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | notv | ||
20 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
21 | seccomp | 22 | seccomp |
22 | shell none | 23 | shell none |
23 | 24 | ||
24 | private-bin xmms | 25 | private-bin xmms |
25 | private-dev | 26 | private-dev |
26 | notv | ||
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 2ff75f9f5..5275e4a09 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -21,6 +21,7 @@ netfilter | |||
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -33,4 +34,3 @@ private-tmp | |||
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
35 | noexec /tmp | 36 | noexec /tmp |
36 | notv | ||
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 2672edfbe..ab2b33455 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | novideo | 23 | novideo |
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
@@ -29,4 +30,3 @@ private-tmp | |||
29 | 30 | ||
30 | noexec ${HOME} | 31 | noexec ${HOME} |
31 | noexec /tmp | 32 | noexec /tmp |
32 | notv | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index d887984e1..0722768d1 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -18,6 +18,7 @@ netfilter | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | notv | ||
21 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
@@ -26,4 +27,3 @@ tracelog | |||
26 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 27 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | notv | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index 15226a4d0..cb5ad1ee6 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -27,4 +28,3 @@ tracelog | |||
27 | private-bin xreader, xreader-previewer, xreader-thumbnailer | 28 | private-bin xreader, xreader-previewer, xreader-thumbnailer |
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | notv | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index e4cb200d1..6fa286937 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -20,6 +20,7 @@ nogroups | |||
20 | nonewprivs | 20 | nonewprivs |
21 | noroot | 21 | noroot |
22 | nosound | 22 | nosound |
23 | notv | ||
23 | protocol unix | 24 | protocol unix |
24 | seccomp | 25 | seccomp |
25 | shell none | 26 | shell none |
@@ -31,4 +32,3 @@ private-tmp | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 4481e2ee5..c7d3ebac3 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -12,10 +12,10 @@ ignore noroot | |||
12 | net none | 12 | net none |
13 | no3d | 13 | no3d |
14 | nosound | 14 | nosound |
15 | notv | ||
15 | shell none | 16 | shell none |
16 | tracelog | 17 | tracelog |
17 | 18 | ||
18 | private-dev | 19 | private-dev |
19 | 20 | ||
20 | include /etc/firejail/default.profile | 21 | include /etc/firejail/default.profile |
21 | notv | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 39b4277c9..3e99add9c 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -21,6 +21,7 @@ nogroups | |||
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | nosound | 23 | nosound |
24 | notv | ||
24 | novideo | 25 | novideo |
25 | protocol unix,inet,inet6 | 26 | protocol unix,inet,inet6 |
26 | seccomp | 27 | seccomp |
@@ -31,4 +32,3 @@ private-dev | |||
31 | 32 | ||
32 | noexec ${HOME} | 33 | noexec ${HOME} |
33 | noexec /tmp | 34 | noexec /tmp |
34 | notv | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 523d8ba1f..f495e1973 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -19,6 +19,7 @@ nogroups | |||
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | 21 | nosound |
22 | notv | ||
22 | protocol unix | 23 | protocol unix |
23 | seccomp | 24 | seccomp |
24 | shell none | 25 | shell none |
@@ -29,4 +30,3 @@ private-etc fonts | |||
29 | private-tmp | 30 | private-tmp |
30 | read-only ~/ | 31 | read-only ~/ |
31 | read-write ~/.local/share/zathura/ | 32 | read-write ~/.local/share/zathura/ |
32 | notv | ||
diff --git a/etc/zoom.profile b/etc/zoom.profile index 861c31982..8f52f2f7f 100644 --- a/etc/zoom.profile +++ b/etc/zoom.profile | |||
@@ -20,8 +20,8 @@ caps.drop all | |||
20 | netfilter | 20 | netfilter |
21 | nonewprivs | 21 | nonewprivs |
22 | noroot | 22 | noroot |
23 | notv | ||
23 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
24 | seccomp | 25 | seccomp |
25 | 26 | ||
26 | private-tmp | 27 | private-tmp |
27 | notv | ||