diff options
101 files changed, 112 insertions, 8 deletions
@@ -100,11 +100,6 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
100 | ````` | 100 | ````` |
101 | # Current development version: 0.9.55 | 101 | # Current development version: 0.9.55 |
102 | 102 | ||
103 | ## Mounting a temporary filesystem on top of ~/.cache directory by default | ||
104 | |||
105 | To disable it globally, set "private-cache no" in /etc/firejail/firejail.config. | ||
106 | |||
107 | |||
108 | ## New commands: | 103 | ## New commands: |
109 | ````` | 104 | ````` |
110 | (wireless support for --net) | 105 | (wireless support for --net) |
@@ -128,6 +123,14 @@ To disable it globally, set "private-cache no" in /etc/firejail/firejail.config. | |||
128 | 123 | ||
129 | Example: | 124 | Example: |
130 | $ firejail --nou2f | 125 | $ firejail --nou2f |
126 | |||
127 | --private-cache | ||
128 | Mount an empty temporary filesystem on top of the .cache | ||
129 | directory in user home. All modifications are discarded | ||
130 | when the sandbox is closed. | ||
131 | |||
132 | Example: | ||
133 | $ firejail --private-cache | ||
131 | ````` | 134 | ````` |
132 | 135 | ||
133 | ## New profiles | 136 | ## New profiles |
@@ -1,9 +1,7 @@ | |||
1 | firejail (0.9.55) baseline; urgency=low | 1 | firejail (0.9.55) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * modif: removed CFG_CHROOT_DESKTOP configuration option | 3 | * modif: removed CFG_CHROOT_DESKTOP configuration option |
4 | * mounting a temporary filesystem on top of ~/.cache directory by default. | 4 | * add --private-cache to support private ~/.cache |
5 | To disable it globally, set "private-cache no" in | ||
6 | /etc/firejail/firejail.config. | ||
7 | * support full paths in private-lib | 5 | * support full paths in private-lib |
8 | * globbing support in private-lib | 6 | * globbing support in private-lib |
9 | * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint | 7 | * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint |
diff --git a/etc/Cryptocat.profile b/etc/Cryptocat.profile index 08c2860b3..f1336be3e 100644 --- a/etc/Cryptocat.profile +++ b/etc/Cryptocat.profile | |||
@@ -25,5 +25,6 @@ protocol unix,inet,inet6,netlink | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-cache | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index 5ff0b7c3a..d845bd4b9 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -32,6 +32,7 @@ protocol unix,inet,inet6 | |||
32 | seccomp | 32 | seccomp |
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | private-cache | ||
35 | # private-tmp | 36 | # private-tmp |
36 | 37 | ||
37 | # noexec /tmp breaks 'Android Profiler' | 38 | # noexec /tmp breaks 'Android Profiler' |
diff --git a/etc/apktool.profile b/etc/apktool.profile index d5063d79b..ded17ca58 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -26,6 +26,7 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin apktool,bash,java,dirname,basename,expr,sh | 28 | private-bin apktool,bash,java,dirname,basename,expr,sh |
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
30 | 31 | ||
31 | noexec ${HOME} | 32 | noexec ${HOME} |
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 70e02fc7b..0987ce149 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -32,6 +32,7 @@ shell none | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private | 34 | private |
35 | private-cache | ||
35 | private-bin arch-audit | 36 | private-bin arch-audit |
36 | private-dev | 37 | private-dev |
37 | private-tmp | 38 | private-tmp |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index df42dfaed..c2090af98 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -30,6 +30,7 @@ seccomp | |||
30 | shell none | 30 | shell none |
31 | 31 | ||
32 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm | 32 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts | 35 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts |
35 | private-tmp | 36 | private-tmp |
diff --git a/etc/arduino.profile b/etc/arduino.profile index 14741c964..c8850ccb0 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -35,6 +35,7 @@ protocol unix,inet,inet6 | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | private-cache | ||
38 | private-tmp | 39 | private-tmp |
39 | 40 | ||
40 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/atom.profile b/etc/atom.profile index c513c7531..f7e30aeb4 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -27,6 +27,7 @@ protocol unix,inet,inet6,netlink | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/atool.profile b/etc/atool.profile index 83b681437..06eace7d2 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -36,6 +36,7 @@ seccomp | |||
36 | shell none | 36 | shell none |
37 | tracelog | 37 | tracelog |
38 | 38 | ||
39 | private-cache | ||
39 | # private-bin atool | 40 | # private-bin atool |
40 | private-dev | 41 | private-dev |
41 | private-etc passwd,group | 42 | private-etc passwd,group |
diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index 1cd5d6a69..6507aeadb 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile | |||
@@ -27,6 +27,7 @@ seccomp | |||
27 | 27 | ||
28 | disable-mnt | 28 | disable-mnt |
29 | private | 29 | private |
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | read-write /var/lib/bitlbee | 33 | read-write /var/lib/bitlbee |
diff --git a/etc/bless.profile b/etc/bless.profile index 3fd04cae6..1dd756153 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | # private-bin bless,sh,bash,mono | 31 | # private-bin bless,sh,bash,mono |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-etc fonts,mono | 34 | private-etc fonts,mono |
34 | private-tmp | 35 | private-tmp |
diff --git a/etc/brackets.profile b/etc/brackets.profile index 22a8dffea..8f1068506 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile | |||
@@ -26,4 +26,5 @@ protocol unix,inet,inet6,netlink | |||
26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic | 26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 26074af22..a012d4715 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -27,6 +27,7 @@ shell none | |||
27 | tracelog | 27 | tracelog |
28 | 28 | ||
29 | # private-bin brasero | 29 | # private-bin brasero |
30 | private-cache | ||
30 | # private-dev | 31 | # private-dev |
31 | # private-etc fonts | 32 | # private-etc fonts |
32 | # private-tmp | 33 | # private-tmp |
diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index e33e010aa..c63cfad8d 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile | |||
@@ -34,6 +34,7 @@ seccomp | |||
34 | shell none | 34 | shell none |
35 | tracelog | 35 | tracelog |
36 | 36 | ||
37 | private-cache | ||
37 | private-dev | 38 | private-dev |
38 | private-tmp | 39 | private-tmp |
39 | 40 | ||
diff --git a/etc/cin.profile b/etc/cin.profile index e2410e3a5..92baef33a 100644 --- a/etc/cin.profile +++ b/etc/cin.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | #private-bin cin,ffmpeg | 31 | #private-bin cin,ffmpeg |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
diff --git a/etc/clion.profile b/etc/clion.profile index 115df72c4..bcb18114e 100644 --- a/etc/clion.profile +++ b/etc/clion.profile | |||
@@ -28,6 +28,7 @@ protocol unix,inet,inet6 | |||
28 | seccomp | 28 | seccomp |
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | # private-tmp | 33 | # private-tmp |
33 | 34 | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile index e5660f859..3134fdc3e 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/code.profile b/etc/code.profile index af7d379ed..ab69008f1 100644 --- a/etc/code.profile +++ b/etc/code.profile | |||
@@ -26,6 +26,7 @@ protocol unix,inet,inet6,netlink | |||
26 | seccomp | 26 | seccomp |
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/conky.profile b/etc/conky.profile index fe90ac099..af275b915 100644 --- a/etc/conky.profile +++ b/etc/conky.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | disable-mnt | 30 | disable-mnt |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/curl.profile b/etc/curl.profile index 521cd20cc..1d2515f51 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | # private-bin curl | 31 | # private-bin curl |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | # private-etc resolv.conf | 34 | # private-etc resolv.conf |
34 | private-tmp | 35 | private-tmp |
diff --git a/etc/default.profile b/etc/default.profile index 9a2fcae64..42c1056c5 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -33,6 +33,7 @@ seccomp | |||
33 | # disable-mnt | 33 | # disable-mnt |
34 | # private | 34 | # private |
35 | # private-bin program | 35 | # private-bin program |
36 | # private-cache | ||
36 | # private-dev | 37 | # private-dev |
37 | # private-etc none | 38 | # private-etc none |
38 | # private-lib | 39 | # private-lib |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index 0634c0eaf..aeef46413 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -34,6 +34,7 @@ seccomp | |||
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep | 36 | private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep |
37 | private-cache | ||
37 | private-dev | 38 | private-dev |
38 | 39 | ||
39 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/dia.profile b/etc/dia.profile index 49c6727f9..fca14236f 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -30,6 +30,7 @@ shell none | |||
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | #private-bin dia | 32 | #private-bin dia |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | 36 | ||
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 4d0afc159..0971451c4 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -27,6 +27,7 @@ seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,i | |||
27 | 27 | ||
28 | disable-mnt | 28 | disable-mnt |
29 | private | 29 | private |
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | 32 | ||
32 | # mdwe can break modules/plugins | 33 | # mdwe can break modules/plugins |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index f71f5bb02..fc1209c1e 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -28,4 +28,5 @@ seccomp | |||
28 | 28 | ||
29 | disable-mnt | 29 | disable-mnt |
30 | private | 30 | private |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
diff --git a/etc/elinks.profile b/etc/elinks.profile index 5d28ac0c8..6878c4fe0 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -31,6 +31,7 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | # private-bin elinks | 33 | # private-bin elinks |
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
35 | # private-etc none | 36 | # private-etc none |
36 | private-tmp | 37 | private-tmp |
diff --git a/etc/empathy.profile b/etc/empathy.profile index b9d682322..9d70afcb8 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -20,3 +20,6 @@ noroot | |||
20 | notv | 20 | notv |
21 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
22 | seccomp | 22 | seccomp |
23 | |||
24 | private-cache | ||
25 | private-tmp | ||
diff --git a/etc/enchant.profile b/etc/enchant.profile index 29472313d..a495122dc 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -30,6 +30,7 @@ shell none | |||
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | # private-bin enchant, enchant-* | 32 | # private-bin enchant, enchant-* |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-etc none | 35 | private-etc none |
35 | private-tmp | 36 | private-tmp |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 2522a32a3..2666397f4 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -36,6 +36,7 @@ shell none | |||
36 | tracelog | 36 | tracelog |
37 | 37 | ||
38 | # private-bin exiftool,perl | 38 | # private-bin exiftool,perl |
39 | private-cache | ||
39 | private-dev | 40 | private-dev |
40 | private-etc none | 41 | private-etc none |
41 | private-tmp | 42 | private-tmp |
diff --git a/etc/feh.profile b/etc/feh.profile index 657f05f3c..c79e98d1c 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -27,6 +27,7 @@ seccomp | |||
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin feh,jpegexiforient,jpegtran | 29 | private-bin feh,jpegexiforient,jpegtran |
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | private-etc feh | 32 | private-etc feh |
32 | private-tmp | 33 | private-tmp |
diff --git a/etc/flowblade.profile b/etc/flowblade.profile index e06107f0f..9d399931d 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile | |||
@@ -31,6 +31,7 @@ protocol unix,inet,inet6,netlink | |||
31 | seccomp | 31 | seccomp |
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
35 | private-tmp | 36 | private-tmp |
36 | 37 | ||
diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 088ed626b..c80588a8b 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile | |||
@@ -32,6 +32,7 @@ protocol unix | |||
32 | seccomp | 32 | seccomp |
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | private-cache | ||
35 | private-dev | 36 | private-dev |
36 | private-tmp | 37 | private-tmp |
37 | 38 | ||
diff --git a/etc/freecad.profile b/etc/freecad.profile index dc5738e01..9ea4e0f2b 100644 --- a/etc/freecad.profile +++ b/etc/freecad.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-bin freecad,freecadcmd | 31 | private-bin freecad,freecadcmd |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/freshclam.profile b/etc/freshclam.profile index 08eac5595..4e224dd3e 100644 --- a/etc/freshclam.profile +++ b/etc/freshclam.profile | |||
@@ -24,6 +24,7 @@ tracelog | |||
24 | 24 | ||
25 | disable-mnt | 25 | disable-mnt |
26 | private | 26 | private |
27 | private-cache | ||
27 | private-dev | 28 | private-dev |
28 | private-tmp | 29 | private-tmp |
29 | writable-var | 30 | writable-var |
diff --git a/etc/geany.profile b/etc/geany.profile index 35e405319..9db533e8c 100644 --- a/etc/geany.profile +++ b/etc/geany.profile | |||
@@ -25,5 +25,6 @@ protocol unix,inet,inet6 | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-cache | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
diff --git a/etc/git.profile b/etc/git.profile index 7dac03b1b..1bf9e8e4b 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -34,4 +34,5 @@ protocol unix,inet,inet6 | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-cache | ||
37 | private-dev | 38 | private-dev |
diff --git a/etc/gitg.profile b/etc/gitg.profile index 39cbdc53d..deee7c994 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-bin gitg,git,ssh | 31 | private-bin gitg,git,ssh |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/globaltime.profile b/etc/globaltime.profile index 19820ce85..0df6b5e63 100644 --- a/etc/globaltime.profile +++ b/etc/globaltime.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | disable-mnt | 30 | disable-mnt |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index dfee1ae08..4ddfc456a 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile | |||
@@ -23,4 +23,5 @@ protocol unix,inet,inet6 | |||
23 | seccomp | 23 | seccomp |
24 | shell none | 24 | shell none |
25 | 25 | ||
26 | private-cache | ||
26 | private-dev | 27 | private-dev |
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index 9089d7ee8..8a67d6e5c 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile | |||
@@ -30,6 +30,7 @@ seccomp | |||
30 | shell none | 30 | shell none |
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | 36 | ||
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 7cf97a79f..f54219174 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
@@ -22,6 +22,7 @@ seccomp | |||
22 | shell none | 22 | shell none |
23 | 23 | ||
24 | # private-bin gnome-mplayer,mplayer | 24 | # private-bin gnome-mplayer,mplayer |
25 | private-cache | ||
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
27 | 28 | ||
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index 7f50e1e8d..85020fc2e 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -31,4 +31,5 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | # private-bin gpg-agent,gpg | 33 | # private-bin gpg-agent,gpg |
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 7eb8a3ac8..ab43152d8 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -31,4 +31,5 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | # private-bin gpg,gpg-agent | 33 | # private-bin gpg,gpg-agent |
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
diff --git a/etc/gthumb.profile b/etc/gthumb.profile index eb0c38ec2..77ce42b36 100644 --- a/etc/gthumb.profile +++ b/etc/gthumb.profile | |||
@@ -29,5 +29,6 @@ shell none | |||
29 | tracelog | 29 | tracelog |
30 | 30 | ||
31 | private-bin gthumb | 31 | private-bin gthumb |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 16ea2047d..60a13af3a 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -28,6 +28,7 @@ shell none | |||
28 | 28 | ||
29 | disable-mnt | 29 | disable-mnt |
30 | private | 30 | private |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index d61165a91..0fb8b8704 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -31,6 +31,7 @@ shell none | |||
31 | 31 | ||
32 | disable-mnt | 32 | disable-mnt |
33 | private-bin hashcat | 33 | private-bin hashcat |
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
35 | private-tmp | 36 | private-tmp |
36 | 37 | ||
diff --git a/etc/highlight.profile b/etc/highlight.profile index a93019696..cd48df10c 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -30,6 +30,7 @@ shell none | |||
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | private-bin highlight | 32 | private-bin highlight |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | # private-etc none | 35 | # private-etc none |
35 | private-tmp | 36 | private-tmp |
diff --git a/etc/hugin.profile b/etc/hugin.profile index 761c4e039..f92acac66 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend | 30 | private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index caec416e9..06328ccbf 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile | |||
@@ -32,6 +32,7 @@ protocol unix,inet,inet6 | |||
32 | seccomp | 32 | seccomp |
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | private-cache | ||
35 | private-dev | 36 | private-dev |
36 | # private-tmp | 37 | # private-tmp |
37 | 38 | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 1cc8d2953..bbefd8044 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -27,6 +27,7 @@ shell none | |||
27 | tracelog | 27 | tracelog |
28 | 28 | ||
29 | # private-bin img2txt | 29 | # private-bin img2txt |
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | # private-etc none | 32 | # private-etc none |
32 | private-tmp | 33 | private-tmp |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 9a325d18b..ca23cedfa 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -36,6 +36,7 @@ seccomp | |||
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | private-bin jd-gui,sh,bash | 38 | private-bin jd-gui,sh,bash |
39 | private-cache | ||
39 | private-dev | 40 | private-dev |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
diff --git a/etc/jitsi.profile b/etc/jitsi.profile index cb2f2092a..b3b09f4b1 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile | |||
@@ -31,4 +31,5 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-cache | ||
34 | private-tmp | 35 | private-tmp |
diff --git a/etc/keepass.profile b/etc/keepass.profile index 9ae6abfb2..03f27d3fa 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -33,6 +33,7 @@ protocol unix,inet,inet6 | |||
33 | seccomp | 33 | seccomp |
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-cache | ||
36 | private-dev | 37 | private-dev |
37 | private-tmp | 38 | private-tmp |
38 | 39 | ||
diff --git a/etc/kino.profile b/etc/kino.profile index 054b185dd..5144ce448 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
@@ -25,6 +25,7 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-cache | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/krita.profile b/etc/krita.profile index 99fd235db..01f7b6ff8 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -36,6 +36,7 @@ protocol unix | |||
36 | seccomp | 36 | seccomp |
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-cache | ||
39 | private-dev | 40 | private-dev |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
diff --git a/etc/less.profile b/etc/less.profile index 9b04329f2..fd0f84c71 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -24,6 +24,7 @@ writable-var-log | |||
24 | # Enable private-bin and private-lib if you are not using any filter. | 24 | # Enable private-bin and private-lib if you are not using any filter. |
25 | # private-bin less | 25 | # private-bin less |
26 | # private-lib | 26 | # private-lib |
27 | private-cache | ||
27 | private-dev | 28 | private-dev |
28 | 29 | ||
29 | memory-deny-write-execute | 30 | memory-deny-write-execute |
diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 8d55f5de2..8104a2886 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile | |||
@@ -28,6 +28,7 @@ shell none | |||
28 | tracelog | 28 | tracelog |
29 | 29 | ||
30 | #private-bin luminance-hdr,luminance-hdr-cli,align_image_stack | 30 | #private-bin luminance-hdr,luminance-hdr-cli,align_image_stack |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 971d969ad..e50455532 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -27,6 +27,7 @@ protocol unix | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/lynx.profile b/etc/lynx.profile index fec9661c6..ba5322787 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -29,6 +29,7 @@ shell none | |||
29 | tracelog | 29 | tracelog |
30 | 30 | ||
31 | # private-bin lynx | 31 | # private-bin lynx |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | # private-etc none | 34 | # private-etc none |
34 | private-tmp | 35 | private-tmp |
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index bbef46567..6d20d7261 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
@@ -35,6 +35,7 @@ seccomp | |||
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack | 37 | private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack |
38 | private-cache | ||
38 | private-dev | 39 | private-dev |
39 | private-tmp | 40 | private-tmp |
40 | 41 | ||
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index d79a0e886..48db03c27 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -30,6 +30,7 @@ shell none | |||
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | private-bin mediainfo | 32 | private-bin mediainfo |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-etc none | 35 | private-etc none |
35 | private-tmp | 36 | private-tmp |
diff --git a/etc/meld.profile b/etc/meld.profile index 78d9e0c76..1e85343df 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-bin meld,python* | 30 | private-bin meld,python* |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/mpd.profile b/etc/mpd.profile index 7f3e42e08..2ad520633 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | #private-bin mpd,bash | 30 | #private-bin mpd,bash |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/obs.profile b/etc/obs.profile index 9a0fab3f8..7529dd1bb 100644 --- a/etc/obs.profile +++ b/etc/obs.profile | |||
@@ -25,6 +25,7 @@ shell none | |||
25 | tracelog | 25 | tracelog |
26 | 26 | ||
27 | private-bin obs | 27 | private-bin obs |
28 | private-cache | ||
28 | private-dev | 29 | private-dev |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 32d51f478..aea6b79d2 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -30,6 +30,7 @@ shell none | |||
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | private-bin odt2txt | 32 | private-bin odt2txt |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-etc none | 35 | private-etc none |
35 | private-tmp | 36 | private-tmp |
diff --git a/etc/orage.profile b/etc/orage.profile index 8e218eb2d..2ac420f05 100644 --- a/etc/orage.profile +++ b/etc/orage.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/parole.profile b/etc/parole.profile index c659614e3..36ae97726 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -22,4 +22,5 @@ seccomp | |||
22 | shell none | 22 | shell none |
23 | 23 | ||
24 | private-bin parole,dbus-launch | 24 | private-bin parole,dbus-launch |
25 | private-cache | ||
25 | private-etc passwd,group,fonts | 26 | private-etc passwd,group,fonts |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index a5d9c2d65..fbd7ec179 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -37,6 +37,7 @@ seccomp | |||
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config | 39 | private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config |
40 | private-cache | ||
40 | private-dev | 41 | private-dev |
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index ac2597a68..e0fd270af 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -26,6 +26,7 @@ shell none | |||
26 | tracelog | 26 | tracelog |
27 | 27 | ||
28 | private-bin pidgin | 28 | private-bin pidgin |
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/pinta.profile b/etc/pinta.profile index 73fabb95f..010de0d3e 100644 --- a/etc/pinta.profile +++ b/etc/pinta.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-dev | 31 | private-dev |
32 | private-cache | ||
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
34 | noexec ${HOME} | 35 | noexec ${HOME} |
diff --git a/etc/pix.profile b/etc/pix.profile index ec495269d..dfc6d780e 100644 --- a/etc/pix.profile +++ b/etc/pix.profile | |||
@@ -30,5 +30,6 @@ shell none | |||
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | private-bin pix | 32 | private-bin pix |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index bbb907577..89bb9dadf 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
@@ -32,6 +32,7 @@ tracelog | |||
32 | 32 | ||
33 | # private-etc fonts,passwd - minimal required to run but will probably break | 33 | # private-etc fonts,passwd - minimal required to run but will probably break |
34 | # program! | 34 | # program! |
35 | private-cache | ||
35 | private-dev | 36 | private-dev |
36 | private-tmp | 37 | private-tmp |
37 | 38 | ||
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile index 20b14c0ca..263c71535 100644 --- a/etc/qemu-launcher.profile +++ b/etc/qemu-launcher.profile | |||
@@ -23,6 +23,7 @@ seccomp | |||
23 | shell none | 23 | shell none |
24 | tracelog | 24 | tracelog |
25 | 25 | ||
26 | private-cache | ||
26 | private-tmp | 27 | private-tmp |
27 | 28 | ||
28 | noexec /tmp | 29 | noexec /tmp |
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile index 7a60007fe..3ab25e92e 100644 --- a/etc/qemu-system-x86_64.profile +++ b/etc/qemu-system-x86_64.profile | |||
@@ -22,6 +22,7 @@ seccomp | |||
22 | shell none | 22 | shell none |
23 | tracelog | 23 | tracelog |
24 | 24 | ||
25 | private-cache | ||
25 | private-tmp | 26 | private-tmp |
26 | 27 | ||
27 | noexec /tmp | 28 | noexec /tmp |
diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 237cd240b..079270909 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | disable-mnt | 30 | disable-mnt |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/quassel.profile b/etc/quassel.profile index 6783d5a43..9c5bbe1d3 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
@@ -19,3 +19,6 @@ noroot | |||
19 | notv | 19 | notv |
20 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
21 | seccomp | 21 | seccomp |
22 | |||
23 | private-cache | ||
24 | private-tmp | ||
diff --git a/etc/remmina.profile b/etc/remmina.profile index 4cd93b567..50746c60e 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | # seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev | 28 | # seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev |
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 7628d386f..08c9dbf2d 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile | |||
@@ -29,6 +29,7 @@ protocol unix | |||
29 | seccomp | 29 | seccomp |
30 | shell none | 30 | shell none |
31 | 31 | ||
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index 57e933467..b4a2921ff 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile | |||
@@ -26,5 +26,6 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin rtorrent | 28 | private-bin rtorrent |
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index a0674acbc..fbe1b2de5 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -34,6 +34,7 @@ seccomp | |||
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-bin sdat2img,env,python* | 36 | private-bin sdat2img,env,python* |
37 | private-cache | ||
37 | private-dev | 38 | private-dev |
38 | 39 | ||
39 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/shotcut.profile b/etc/shotcut.profile index d76c486ea..e5a8ce4df 100644 --- a/etc/shotcut.profile +++ b/etc/shotcut.profile | |||
@@ -26,6 +26,7 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | #private-bin shotcut,melt,qmelt,nice | 28 | #private-bin shotcut,melt,qmelt,nice |
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
30 | 31 | ||
31 | #noexec ${HOME} | 32 | #noexec ${HOME} |
diff --git a/etc/skype.profile b/etc/skype.profile index f08542079..04f15b454 100644 --- a/etc/skype.profile +++ b/etc/skype.profile | |||
@@ -26,6 +26,7 @@ shell none | |||
26 | 26 | ||
27 | disable-mnt | 27 | disable-mnt |
28 | #private-bin skype,bash | 28 | #private-bin skype,bash |
29 | private-cache | ||
29 | private-dev | 30 | private-dev |
30 | private-tmp | 31 | private-tmp |
31 | 32 | ||
diff --git a/etc/skypeforlinux.profile b/etc/skypeforlinux.profile index c2270ce39..c675f0345 100644 --- a/etc/skypeforlinux.profile +++ b/etc/skypeforlinux.profile | |||
@@ -25,6 +25,7 @@ seccomp | |||
25 | shell none | 25 | shell none |
26 | 26 | ||
27 | disable-mnt | 27 | disable-mnt |
28 | private-cache | ||
28 | # private-dev - needs /dev/disk | 29 | # private-dev - needs /dev/disk |
29 | private-tmp | 30 | private-tmp |
30 | 31 | ||
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 3d231cf5b..b15ba266b 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -31,6 +31,7 @@ protocol unix | |||
31 | seccomp | 31 | seccomp |
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
35 | private-tmp | 36 | private-tmp |
36 | 37 | ||
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 9711276c8..7bb7080e3 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-bin sqlitebrowser | 31 | private-bin sqlitebrowser |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index df86a276e..dfaeb9688 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | # private-tmp # Breaks when exiting | 34 | # private-tmp # Breaks when exiting |
34 | 35 | ||
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index 677920266..dcfd730ee 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | #private-bin synfigstudio,synfig,ffmpeg | 31 | #private-bin synfigstudio,synfig,ffmpeg |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
34 | 35 | ||
diff --git a/etc/telegram.profile b/etc/telegram.profile index db055a898..9ffb9f287 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile | |||
@@ -23,6 +23,7 @@ protocol unix,inet,inet6 | |||
23 | seccomp | 23 | seccomp |
24 | 24 | ||
25 | disable-mnt | 25 | disable-mnt |
26 | private-cache | ||
26 | private-tmp | 27 | private-tmp |
27 | 28 | ||
28 | noexec ${HOME} | 29 | noexec ${HOME} |
diff --git a/etc/tilp.profile b/etc/tilp.profile index a9cccbd7b..7d63df630 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile | |||
@@ -28,6 +28,7 @@ tracelog | |||
28 | 28 | ||
29 | disable-mnt | 29 | disable-mnt |
30 | private-bin tilp | 30 | private-bin tilp |
31 | private-cache | ||
31 | private-etc fonts | 32 | private-etc fonts |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/tor.profile b/etc/tor.profile index 5029cf9b1..e37fd232c 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -41,6 +41,7 @@ writable-var | |||
41 | disable-mnt | 41 | disable-mnt |
42 | private | 42 | private |
43 | private-bin tor,bash | 43 | private-bin tor,bash |
44 | private-cache | ||
44 | private-dev | 45 | private-dev |
45 | private-etc tor,passwd | 46 | private-etc tor,passwd |
46 | private-tmp | 47 | private-tmp |
diff --git a/etc/totem.profile b/etc/totem.profile index fecf12a4c..0b9252d6c 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-bin totem | 30 | private-bin totem |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | # private-etc fonts | 33 | # private-etc fonts |
33 | private-tmp | 34 | private-tmp |
diff --git a/etc/uefitool.profile b/etc/uefitool.profile index 2ab2d2652..70d694ac9 100644 --- a/etc/uefitool.profile +++ b/etc/uefitool.profile | |||
@@ -27,6 +27,7 @@ protocol unix | |||
27 | seccomp | 27 | seccomp |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-cache | ||
30 | private-dev | 31 | private-dev |
31 | private-tmp | 32 | private-tmp |
32 | 33 | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index b64ecaa3e..d09cbd97a 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -18,6 +18,7 @@ shell none | |||
18 | tracelog | 18 | tracelog |
19 | 19 | ||
20 | private-bin uudeview | 20 | private-bin uudeview |
21 | private-cache | ||
21 | private-dev | 22 | private-dev |
22 | private-etc ld.so.preload | 23 | private-etc ld.so.preload |
23 | 24 | ||
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index d867e0e05..ce4983337 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -34,6 +34,7 @@ shell none | |||
34 | tracelog | 34 | tracelog |
35 | 35 | ||
36 | private-bin viewnior | 36 | private-bin viewnior |
37 | private-cache | ||
37 | private-dev | 38 | private-dev |
38 | private-etc fonts | 39 | private-etc fonts |
39 | private-tmp | 40 | private-tmp |
diff --git a/etc/w3m.profile b/etc/w3m.profile index 59544f5b5..bfc7874cf 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -31,6 +31,7 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | # private-bin w3m | 33 | # private-bin w3m |
34 | private-cache | ||
34 | private-dev | 35 | private-dev |
35 | private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies | 36 | private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies |
36 | private-tmp | 37 | private-tmp |
diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 93bcb50bb..1a77fd833 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile | |||
@@ -35,5 +35,6 @@ protocol unix,inet,inet6 | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | private-cache | ||
38 | private-dev | 39 | private-dev |
39 | private-tmp | 40 | private-tmp |
diff --git a/etc/wire.profile b/etc/wire.profile index e43ba792e..86ebca33d 100644 --- a/etc/wire.profile +++ b/etc/wire.profile | |||
@@ -29,5 +29,6 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
diff --git a/etc/xfce4-dict.profile b/etc/xfce4-dict.profile index 0be0b56a5..fc5294d5b 100644 --- a/etc/xfce4-dict.profile +++ b/etc/xfce4-dict.profile | |||
@@ -28,6 +28,7 @@ seccomp | |||
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | disable-mnt | 30 | disable-mnt |
31 | private-cache | ||
31 | private-dev | 32 | private-dev |
32 | private-tmp | 33 | private-tmp |
33 | 34 | ||
diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 484b66722..5749b7832 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile | |||
@@ -30,6 +30,7 @@ seccomp | |||
30 | shell none | 30 | shell none |
31 | 31 | ||
32 | disable-mnt | 32 | disable-mnt |
33 | private-cache | ||
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
35 | 36 | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 028e15ef5..6cdbbe99b 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -29,6 +29,7 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | 30 | ||
31 | private-bin zathura | 31 | private-bin zathura |
32 | private-cache | ||
32 | private-dev | 33 | private-dev |
33 | private-etc fonts,machine-id | 34 | private-etc fonts,machine-id |
34 | private-tmp | 35 | private-tmp |