diff options
35 files changed, 51 insertions, 55 deletions
@@ -540,6 +540,7 @@ rusty-snake (https://github.com/rusty-snake) | |||
540 | - fix gajim profile, added gajim-history-manager profile | 540 | - fix gajim profile, added gajim-history-manager profile |
541 | - updates for ~/.cargo | 541 | - updates for ~/.cargo |
542 | - added klavaro profile | 542 | - added klavaro profile |
543 | - added mypaint, nano, celluoid profiles | ||
543 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) | 544 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) |
544 | - fixed ktorrent profile | 545 | - fixed ktorrent profile |
545 | sarneaud (https://github.com/sarneaud) | 546 | sarneaud (https://github.com/sarneaud) |
@@ -102,4 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
102 | ## Current development version: 0.9.59 | 102 | ## Current development version: 0.9.59 |
103 | 103 | ||
104 | ## New profiles: | 104 | ## New profiles: |
105 | crow, nyx | 105 | crow, nyx, klavaro, mypaint, celluoid, nano, transgui, sysprof, simplescreenrecorder, geekbench, xfce4-mixer, pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring, regextester, hardinfo, gnome-system-log, gnome-nettool, netactview, redshift, devhelp, assogiate, subdownloader, font-manager, exfalso, gconf-editor, dconf-editor, mpdris2, sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings |
@@ -1,5 +1,11 @@ | |||
1 | firejail (0.9.58) baseline; urgency=low | 1 | firejail (0.9.59) baseline; urgency=low |
2 | * new profiles: crow, nyx | 2 | * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 |
3 | * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer | ||
4 | * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring | ||
5 | * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool | ||
6 | * new profiles: netactview, redshift, devhelp, assogiate, subdownloader | ||
7 | * new profiles: font-manager, exfalso, gconf-editor, dconf-editor | ||
8 | * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings | ||
3 | 9 | ||
4 | firejail (0.9.58,2) baseline; urgency=low | 10 | firejail (0.9.58,2) baseline; urgency=low |
5 | * cgroup flag in /etc/firejail/firejail.config file | 11 | * cgroup flag in /etc/firejail/firejail.config file |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 56ed081e6..49a6d4591 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -33,7 +33,6 @@ seccomp | |||
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | # private | ||
37 | private-bin aria2c,gzip | 36 | private-bin aria2c,gzip |
38 | private-cache | 37 | private-cache |
39 | private-dev | 38 | private-dev |
diff --git a/etc/assogiate.profile b/etc/assogiate.profile index f1a2b0129..1161c24fe 100644 --- a/etc/assogiate.profile +++ b/etc/assogiate.profile | |||
@@ -7,7 +7,6 @@ include assogiate.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | whitelist ${PICTURES} | ||
11 | 10 | ||
12 | include disable-common.inc | 11 | include disable-common.inc |
13 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,6 +15,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
18 | whitelist ${PICTURES} | ||
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | apparmor | 21 | apparmor |
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index fc86001be..7f5090251 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
@@ -6,7 +6,6 @@ include authenticator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # blacklisted in 'disable-programs.local' | ||
10 | noblacklist ${HOME}/.config/Authenticator | 9 | noblacklist ${HOME}/.config/Authenticator |
11 | 10 | ||
12 | # Allow python 3.x (blacklisted by disable-interpreters.inc) | 11 | # Allow python 3.x (blacklisted by disable-interpreters.inc) |
@@ -41,7 +40,6 @@ disable-mnt | |||
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | private-etc alternatives,fonts,ld.so.cache | 42 | private-etc alternatives,fonts,ld.so.cache |
44 | # private-lib | ||
45 | private-tmp | 43 | private-tmp |
46 | 44 | ||
47 | # memory-deny-write-execute - breaks on Arch | 45 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index def292118..54c04f837 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
@@ -18,7 +18,6 @@ mkdir ${HOME}/.bitcoin | |||
18 | mkdir ${HOME}/.config/Bitcoin | 18 | mkdir ${HOME}/.config/Bitcoin |
19 | whitelist ${HOME}/.bitcoin | 19 | whitelist ${HOME}/.bitcoin |
20 | whitelist ${HOME}/.config/Bitcoin | 20 | whitelist ${HOME}/.config/Bitcoin |
21 | |||
22 | include whitelist-common.inc | 21 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
24 | 23 | ||
@@ -43,8 +42,6 @@ private-bin bitcoin-qt | |||
43 | private-dev | 42 | private-dev |
44 | # Causes problem with loading of libGL.so | 43 | # Causes problem with loading of libGL.so |
45 | #private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies | 44 | #private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
46 | # Works, but QT complains about OpenSSL a bit. | ||
47 | #private-lib | ||
48 | private-tmp | 45 | private-tmp |
49 | 46 | ||
50 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/clawsker.profile b/etc/clawsker.profile index d50882c75..a3ae74582 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile | |||
@@ -7,7 +7,6 @@ include clawsker.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
10 | whitelist ${HOME}/.claws-mail | ||
11 | 10 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
13 | noblacklist ${PATH}/cpan* | 12 | noblacklist ${PATH}/cpan* |
@@ -21,6 +20,8 @@ include disable-devel.inc | |||
21 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
23 | include disable-programs.inc | 22 | include disable-programs.inc |
23 | |||
24 | whitelist ${HOME}/.claws-mail | ||
24 | include whitelist-common.inc | 25 | include whitelist-common.inc |
25 | 26 | ||
26 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/conkeror.profile b/etc/conkeror.profile index ca38600d1..21bef48a4 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile | |||
@@ -19,8 +19,8 @@ whitelist ${HOME}/.pentadactylrc | |||
19 | whitelist ${HOME}/.vimperator | 19 | whitelist ${HOME}/.vimperator |
20 | whitelist ${HOME}/.vimperatorrc | 20 | whitelist ${HOME}/.vimperatorrc |
21 | whitelist ${HOME}/.zotero | 21 | whitelist ${HOME}/.zotero |
22 | whitelist ${HOME}/Downloads | ||
23 | whitelist ${HOME}/dwhelper | 22 | whitelist ${HOME}/dwhelper |
23 | whitelist ${DOWNLOADS} | ||
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/d-feet.profile b/etc/d-feet.profile index 8526f1b0b..aa4ab191b 100644 --- a/etc/d-feet.profile +++ b/etc/d-feet.profile | |||
@@ -30,7 +30,6 @@ ipc-namespace | |||
30 | machine-id | 30 | machine-id |
31 | net none | 31 | net none |
32 | no3d | 32 | no3d |
33 | # nodbus | ||
34 | nodvd | 33 | nodvd |
35 | nogroups | 34 | nogroups |
36 | nonewprivs | 35 | nonewprivs |
diff --git a/etc/dconf.profile b/etc/dconf.profile index a0bb5626d..0f1869fb8 100644 --- a/etc/dconf.profile +++ b/etc/dconf.profile | |||
@@ -6,9 +6,6 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | mkdir ${HOME}/.config/dconf | ||
10 | whitelist ${HOME}/.config/dconf | ||
11 | |||
12 | include disable-common.inc | 9 | include disable-common.inc |
13 | include disable-devel.inc | 10 | include disable-devel.inc |
14 | include disable-interpreters.inc | 11 | include disable-interpreters.inc |
@@ -16,13 +13,16 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 13 | include disable-programs.inc |
17 | include disable-xdg.inc | 14 | include disable-xdg.inc |
18 | 15 | ||
16 | mkdir ${HOME}/.config/dconf | ||
17 | whitelist ${HOME}/.config/dconf | ||
18 | include whitelist-common.inc | ||
19 | |||
19 | apparmor | 20 | apparmor |
20 | caps.drop all | 21 | caps.drop all |
21 | ipc-namespace | 22 | ipc-namespace |
22 | machine-id | 23 | machine-id |
23 | net none | 24 | net none |
24 | no3d | 25 | no3d |
25 | # nodbus - D-Bus is needed to commit changes to dconf | ||
26 | nodvd | 26 | nodvd |
27 | nogroups | 27 | nogroups |
28 | nonewprivs | 28 | nonewprivs |
diff --git a/etc/deluge.profile b/etc/deluge.profile index cb8bff07e..8df6e028f 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/deluge | 23 | mkdir ${HOME}/.config/deluge |
24 | whitelist ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | whitelist ${HOME}/.config/deluge | 25 | whitelist ${HOME}/.config/deluge |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/devhelp.profile b/etc/devhelp.profile index 004ab0c79..7f00e55e7 100644 --- a/etc/devhelp.profile +++ b/etc/devhelp.profile | |||
@@ -6,8 +6,6 @@ include devhelp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | mkdir ${HOME}/.cache/mesa_shader_cache | ||
10 | whitelist ${HOME}/.cache/mesa_shader_cache | ||
11 | 9 | ||
12 | include disable-common.inc | 10 | include disable-common.inc |
13 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -47,5 +45,4 @@ private-tmp | |||
47 | noexec ${HOME} | 45 | noexec ${HOME} |
48 | noexec /tmp | 46 | noexec /tmp |
49 | 47 | ||
50 | # devhelp will never write anything | ||
51 | read-only ${HOME} | 48 | read-only ${HOME} |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index 4ced198d1..ffab615d1 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -47,5 +47,4 @@ memory-deny-write-execute | |||
47 | noexec ${HOME} | 47 | noexec ${HOME} |
48 | noexec /tmp | 48 | noexec /tmp |
49 | 49 | ||
50 | # devilspie will never write anything | ||
51 | read-only ${HOME} | 50 | read-only ${HOME} |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index fbf765fa2..b89bf122b 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -47,5 +47,4 @@ memory-deny-write-execute | |||
47 | noexec ${HOME} | 47 | noexec ${HOME} |
48 | noexec /tmp | 48 | noexec /tmp |
49 | 49 | ||
50 | # devilspie2 will never write anything | ||
51 | read-only ${HOME} | 50 | read-only ${HOME} |
diff --git a/etc/dino.profile b/etc/dino.profile index 76f63fdc8..e76499f8f 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | 15 | ||
16 | mkdir ${HOME}/.local/share/dino | 16 | mkdir ${HOME}/.local/share/dino |
17 | whitelist ${HOME}/.local/share/dino | 17 | whitelist ${HOME}/.local/share/dino |
18 | whitelist ${HOME}/Downloads | 18 | whitelist ${DOWNLOADS} |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 9dbacb02e..b1717d086 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -604,6 +604,7 @@ blacklist ${HOME}/.cache/geeqie | |||
604 | blacklist ${HOME}/.cache/google-chrome | 604 | blacklist ${HOME}/.cache/google-chrome |
605 | blacklist ${HOME}/.cache/google-chrome-beta | 605 | blacklist ${HOME}/.cache/google-chrome-beta |
606 | blacklist ${HOME}/.cache/google-chrome-unstable | 606 | blacklist ${HOME}/.cache/google-chrome-unstable |
607 | blacklist ${HOME}/.cache/gnome-recipes | ||
607 | blacklist ${HOME}/.cache/gnome-twitch | 608 | blacklist ${HOME}/.cache/gnome-twitch |
608 | blacklist ${HOME}/.cache/gradio | 609 | blacklist ${HOME}/.cache/gradio |
609 | blacklist ${HOME}/.cache/icedove | 610 | blacklist ${HOME}/.cache/icedove |
diff --git a/etc/enchant.profile b/etc/enchant.profile index f2d9d2ee9..7d304feb7 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -35,7 +35,7 @@ seccomp | |||
35 | shell none | 35 | shell none |
36 | tracelog | 36 | tracelog |
37 | 37 | ||
38 | private-bin enchant, enchant-* | 38 | private-bin enchant,enchant-* |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives | 41 | private-etc alternatives |
diff --git a/etc/font-manager.profile b/etc/font-manager.profile index fa5ee6105..3c57a4327 100644 --- a/etc/font-manager.profile +++ b/etc/font-manager.profile | |||
@@ -6,8 +6,8 @@ include font-manager.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/font-manager | ||
9 | noblacklist ${HOME}/.config/font-manager | 10 | noblacklist ${HOME}/.config/font-manager |
10 | whitelist ${HOME}/.config/font-manager | ||
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | noblacklist ${PATH}/python2* | 13 | noblacklist ${PATH}/python2* |
@@ -23,7 +23,9 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/font-manager | 25 | mkdir ${HOME}/.cache/font-manager |
26 | mkdir ${HOME}/.config/font-manager | ||
26 | whitelist ${HOME}/.cache/font-manager | 27 | whitelist ${HOME}/.cache/font-manager |
28 | whitelist ${HOME}/.config/font-manager | ||
27 | include whitelist-common.inc | 29 | include whitelist-common.inc |
28 | 30 | ||
29 | apparmor | 31 | apparmor |
diff --git a/etc/gajim.profile b/etc/gajim.profile index efe85f3aa..6924fbe56 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -24,11 +24,10 @@ include disable-programs.inc | |||
24 | mkdir ${HOME}/.cache/gajim | 24 | mkdir ${HOME}/.cache/gajim |
25 | mkdir ${HOME}/.config/gajim | 25 | mkdir ${HOME}/.config/gajim |
26 | mkdir ${HOME}/.local/share/gajim | 26 | mkdir ${HOME}/.local/share/gajim |
27 | mkdir ${HOME}/Downloads | ||
28 | whitelist ${HOME}/.cache/gajim | 27 | whitelist ${HOME}/.cache/gajim |
29 | whitelist ${HOME}/.config/gajim | 28 | whitelist ${HOME}/.config/gajim |
30 | whitelist ${HOME}/.local/share/gajim | 29 | whitelist ${HOME}/.local/share/gajim |
31 | whitelist ${HOME}/Downloads | 30 | whitelist ${DOWNLOADS} |
32 | include whitelist-common.inc | 31 | include whitelist-common.inc |
33 | 32 | ||
34 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/geekbench.profile b/etc/geekbench.profile index b0bae1e73..c6e45b7d0 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile | |||
@@ -13,6 +13,8 @@ include disable-passwdmgr.inc | |||
13 | include disable-programs.inc | 13 | include disable-programs.inc |
14 | include disable-xdg.inc | 14 | include disable-xdg.inc |
15 | 15 | ||
16 | inclue whitelist-var-common.inc | ||
17 | |||
16 | apparmor | 18 | apparmor |
17 | caps.drop all | 19 | caps.drop all |
18 | hostname geekbench | 20 | hostname geekbench |
@@ -40,6 +42,7 @@ private-cache | |||
40 | private-dev | 42 | private-dev |
41 | private-etc alternatives,groups,passwd,lsb-release | 43 | private-etc alternatives,groups,passwd,lsb-release |
42 | private-lib libstdc++.so.* | 44 | private-lib libstdc++.so.* |
45 | private-opt none | ||
43 | private-tmp | 46 | private-tmp |
44 | 47 | ||
45 | # memory-deny-write-execute - Breaks on Arch | 48 | # memory-deny-write-execute - Breaks on Arch |
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 11686e0e9..615e6d01c 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -18,10 +18,6 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | #mkdir ${HOME}/.config/ghostwriter | 20 | #mkdir ${HOME}/.config/ghostwriter |
21 | #mkdir ${DESKTOP} | ||
22 | #mkdir ${DOCUMENTS} | ||
23 | #mkdir ${DOWNLOADS} | ||
24 | #mkdir ${PICTURES} | ||
25 | #whitelist ${HOME}/.config/ghostwriter | 21 | #whitelist ${HOME}/.config/ghostwriter |
26 | #whitelist ${DESKTOP} | 22 | #whitelist ${DESKTOP} |
27 | #whitelist ${DOCUMENTS} | 23 | #whitelist ${DOCUMENTS} |
diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile index 585fb9a20..dd58f12d5 100644 --- a/etc/gnome-nettool.profile +++ b/etc/gnome-nettool.profile | |||
@@ -35,15 +35,11 @@ novideo | |||
35 | #shell none | 35 | #shell none |
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | #private-bin gnome-nettool | 38 | private |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | #private-etc alternatives | ||
42 | private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.* | 41 | private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.* |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
45 | noexec ${HOME} | 44 | noexec ${HOME} |
46 | noexec /tmp | 45 | noexec /tmp |
47 | |||
48 | # never write anything | ||
49 | read-only ${HOME} | ||
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index fc0bcabdc..24d3cbd87 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -7,6 +7,7 @@ include gnome-recipes.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/gnome-recipes | ||
10 | noblacklist ${HOME}/.local/share/gnome-recipes | 11 | noblacklist ${HOME}/.local/share/gnome-recipes |
11 | 12 | ||
12 | include disable-common.inc | 13 | include disable-common.inc |
@@ -16,7 +17,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 17 | include disable-programs.inc |
17 | 18 | ||
18 | mkdir ${HOME}/.cache/gnome-recipes | 19 | mkdir ${HOME}/.cache/gnome-recipes |
20 | mkdir ${HOME}/.local/share/gnome-recipes | ||
19 | whitelist ${HOME}/.cache/gnome-recipes | 21 | whitelist ${HOME}/.cache/gnome-recipes |
22 | whitelist ${HOME}/.local/share/gnome-recipes | ||
20 | include whitelist-common.inc | 23 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
22 | 25 | ||
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile index 67a2213be..214a3923f 100644 --- a/etc/gnome-system-log.profile +++ b/etc/gnome-system-log.profile | |||
@@ -6,6 +6,8 @@ include gnome-system-log.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/log | ||
10 | |||
9 | include disable-common.inc | 11 | include disable-common.inc |
10 | include disable-devel.inc | 12 | include disable-devel.inc |
11 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
@@ -13,10 +15,8 @@ include disable-passwdmgr.inc | |||
13 | include disable-programs.inc | 15 | include disable-programs.inc |
14 | include disable-xdg.inc | 16 | include disable-xdg.inc |
15 | 17 | ||
16 | include whitelist-common.inc | ||
17 | |||
18 | noblacklist /var/log | ||
19 | whitelist /var/log | 18 | whitelist /var/log |
19 | include whitelist-common.inc | ||
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 4dc635df7..7b7571176 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -25,7 +25,7 @@ mkdir ${HOME}/.local/share/ktorrent | |||
25 | mkfile ${HOME}/.config/ktorrentrc | 25 | mkfile ${HOME}/.config/ktorrentrc |
26 | mkfile ${HOME}/.kde/share/config/ktorrentrc | 26 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
27 | mkfile ${HOME}/.kde4/share/config/ktorrentrc | 27 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
28 | whitelist ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
29 | whitelist ${HOME}/.config/ktorrentrc | 29 | whitelist ${HOME}/.config/ktorrentrc |
30 | whitelist ${HOME}/.kde/share/apps/ktorrent | 30 | whitelist ${HOME}/.kde/share/apps/ktorrent |
31 | whitelist ${HOME}/.kde/share/config/ktorrentrc | 31 | whitelist ${HOME}/.kde/share/config/ktorrentrc |
diff --git a/etc/linphone.profile b/etc/linphone.profile index feb4037fb..cd35dc2bf 100644 --- a/etc/linphone.profile +++ b/etc/linphone.profile | |||
@@ -19,7 +19,7 @@ mkfile ${HOME}/.linphone-history.db | |||
19 | mkfile ${HOME}/.linphonerc | 19 | mkfile ${HOME}/.linphonerc |
20 | whitelist ${HOME}/.linphone-history.db | 20 | whitelist ${HOME}/.linphone-history.db |
21 | whitelist ${HOME}/.linphonerc | 21 | whitelist ${HOME}/.linphonerc |
22 | whitelist ${HOME}/Downloads | 22 | whitelist ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 9fb52c0a8..f057bdd9e 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile | |||
@@ -21,7 +21,6 @@ noblacklist ${HOME}/.netrc | |||
21 | noblacklist ${HOME}/mps | 21 | noblacklist ${HOME}/mps |
22 | noblacklist ${MUSIC} | 22 | noblacklist ${MUSIC} |
23 | noblacklist ${VIDEOS} | 23 | noblacklist ${VIDEOS} |
24 | noblacklist ${DOWNLOADS} | ||
25 | 24 | ||
26 | include disable-common.inc | 25 | include disable-common.inc |
27 | include disable-devel.inc | 26 | include disable-devel.inc |
diff --git a/etc/netactview.profile b/etc/netactview.profile index dfa292bfe..58235c31b 100644 --- a/etc/netactview.profile +++ b/etc/netactview.profile | |||
@@ -15,6 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkfile ${HOME}/.netactview | ||
19 | whitelist ${HOME}/.netactview | ||
18 | include whitelist-common.inc | 20 | include whitelist-common.inc |
19 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
20 | 22 | ||
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index 5d0cf2238..d53a6b01d 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile | |||
@@ -15,13 +15,14 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkfile ${HOME}/.config/pavucontrol.ini | ||
19 | whitelist ${HOME}/.config/pavucontrol.ini | ||
18 | include whitelist-common.inc | 20 | include whitelist-common.inc |
19 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
20 | 22 | ||
21 | apparmor | 23 | apparmor |
22 | caps.drop all | 24 | caps.drop all |
23 | ipc-namespace | 25 | ipc-namespace |
24 | machine-id | ||
25 | net none | 26 | net none |
26 | no3d | 27 | no3d |
27 | nodbus | 28 | nodbus |
@@ -29,7 +30,6 @@ nodvd | |||
29 | nogroups | 30 | nogroups |
30 | nonewprivs | 31 | nonewprivs |
31 | noroot | 32 | noroot |
32 | # nosound | ||
33 | notv | 33 | notv |
34 | nou2f | 34 | nou2f |
35 | novideo | 35 | novideo |
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin pavucontrol | 41 | private-bin pavucontrol |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,asound.conf,fonts,pulse | 44 | private-etc alternatives,asound.conf,fonts,pulse,machine-id |
45 | private-lib | 45 | private-lib |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/regextester.profile b/etc/regextester.profile index 8d18b9101..bbd4560e2 100644 --- a/etc/regextester.profile +++ b/etc/regextester.profile | |||
@@ -14,6 +14,7 @@ include disable-programs.inc | |||
14 | include disable-xdg.inc | 14 | include disable-xdg.inc |
15 | 15 | ||
16 | include whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include whitelist-var-common.inc | ||
17 | 18 | ||
18 | apparmor | 19 | apparmor |
19 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/simplescreenrecorder.profile b/etc/simplescreenrecorder.profile index f8f1def64..6862d51ee 100644 --- a/etc/simplescreenrecorder.profile +++ b/etc/simplescreenrecorder.profile | |||
@@ -6,7 +6,7 @@ include simplescreenrecorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOWNLOADS} | 9 | noblacklist ${VIDEOS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -29,7 +29,6 @@ seccomp | |||
29 | shell none | 29 | shell none |
30 | tracelog | 30 | tracelog |
31 | 31 | ||
32 | disable-mnt | ||
33 | private-cache | 32 | private-cache |
34 | private-dev | 33 | private-dev |
35 | # private-etc alternatives | 34 | # private-etc alternatives |
diff --git a/etc/slack.profile b/etc/slack.profile index 841998b0e..ed76be373 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -6,7 +6,6 @@ include slack.local | |||
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Slack | 8 | noblacklist ${HOME}/.config/Slack |
9 | noblacklist ${HOME}/Downloads | ||
10 | 9 | ||
11 | include disable-common.inc | 10 | include disable-common.inc |
12 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -17,7 +16,7 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.config | 16 | mkdir ${HOME}/.config |
18 | mkdir ${HOME}/.config/Slack | 17 | mkdir ${HOME}/.config/Slack |
19 | whitelist ${HOME}/.config/Slack | 18 | whitelist ${HOME}/.config/Slack |
20 | whitelist ${HOME}/Downloads | 19 | whitelist ${DOWNLOADS} |
21 | include whitelist-common.inc | 20 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
23 | 22 | ||
diff --git a/etc/transgui.profile b/etc/transgui.profile index 9627b703f..21daa0685 100644 --- a/etc/transgui.profile +++ b/etc/transgui.profile | |||
@@ -7,8 +7,6 @@ include /etc/firejail/transgui.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/transgui | 9 | noblacklist ${HOME}/.config/transgui |
10 | whitelist ${HOME}/.config/transgui | ||
11 | |||
12 | noblacklist ${DOWNLOADS} | 10 | noblacklist ${DOWNLOADS} |
13 | 11 | ||
14 | include disable-common.inc | 12 | include disable-common.inc |
@@ -18,7 +16,10 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 16 | include disable-programs.inc |
19 | include disable-xdg.inc | 17 | include disable-xdg.inc |
20 | 18 | ||
19 | mkdir ${HOME}/.config/transgui | ||
20 | whitelist ${HOME}/.config/transgui | ||
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | ||
22 | 23 | ||
23 | apparmor | 24 | apparmor |
24 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index fc39bff60..093fba362 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile | |||
@@ -15,13 +15,13 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | ||
18 | include whitelist-common.inc | 19 | include whitelist-common.inc |
19 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
20 | 21 | ||
21 | apparmor | 22 | apparmor |
22 | caps.drop all | 23 | caps.drop all |
23 | ipc-namespace | 24 | ipc-namespace |
24 | machine-id | ||
25 | netfilter | 25 | netfilter |
26 | no3d | 26 | no3d |
27 | # nodbus | 27 | # nodbus |
@@ -29,7 +29,6 @@ nodvd | |||
29 | nogroups | 29 | nogroups |
30 | nonewprivs | 30 | nonewprivs |
31 | noroot | 31 | noroot |
32 | # nosound | ||
33 | notv | 32 | notv |
34 | nou2f | 33 | nou2f |
35 | novideo | 34 | novideo |
@@ -41,7 +40,7 @@ disable-mnt | |||
41 | private-bin xfce4-mixer,xfconf-query | 40 | private-bin xfce4-mixer,xfconf-query |
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-etc alternatives,asound.conf,fonts,pulse | 43 | private-etc alternatives,asound.conf,fonts,pulse,machine-id |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
47 | memory-deny-write-execute | 46 | memory-deny-write-execute |