16 files changed, 36 insertions, 65 deletions
diff --git a/README.md b/README.md
index 57267e414..4739b22fd 100644
--- a/README.md
+++ b/README.md
@@ -259,12 +259,10 @@ enable/disable apparmor functionality globally. By default the flag is enabled.
 AppArmor deployment: we are starting apparmor by default for the following programs:
 - web browsers: firefox (firefox-common.profile), chromium (chromium-common.profile)
 - torrent clients: transmission-qt, transmission-gtk, qbittorrent
- media players: vlc, mpv, audacious, totem, rhythmbox, kodi, smplayer, xplayer
+- media players: vlc, mpv, audacious, kodi, smplayer
- media editing: kdenlive, audacity, handbrake, gimp, inkscape, krita, openshot
+- media editing: kdenlive, audacity, handbrake, inkscape, krita, openshot
- image viewers: eom, eog, gwenview, xviewer
 - archive managers: ark, engrampa, file-roller
- text editors: gedit, kwrite, pluma, xed
+- etc.: digikam, libreoffice, okular, gwenview, galculator, kcalc
- etc.: digikam, gnome-calculator, galculator, kcalc, okular, libreoffice, asunder
 Checking apparmor status:
 `````
diff --git a/etc/audacity.profile b/etc/audacity.profile
index e8ad7347a..907dbeb55 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -18,7 +18,7 @@ apparmor
 caps.drop all
 net none
 no3d
-# nodbus
+# nodbus - problems on Fedora 27
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/engrampa.profile b/etc/engrampa.profile
index 25607d0a0..cf32d579e 100644
--- a/etc/engrampa.profile
+++ b/etc/engrampa.profile
@@ -12,13 +12,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
 apparmor
 caps.drop all
 net none
 no3d
-# following line makes settings immutable
+nodbus
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/eog.profile b/etc/eog.profile
index cbb0dc3cf..66434ae05 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -17,13 +17,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/eom.profile b/etc/eom.profile
index 93acd7f28..48965bcb9 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -17,13 +17,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index f21f8af85..eb76d1dbb 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -12,13 +12,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
 apparmor
 caps.drop all
 net none
 no3d
-# following line makes settings immutable
+nodbus
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/gedit.profile b/etc/gedit.profile
index 49d99becf..e78b8a708 100644
--- a/etc/gedit.profile
+++ b/etc/gedit.profile
@@ -16,14 +16,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
 machine-id
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/gimp.profile b/etc/gimp.profile
index 5685eb5c1..630f02229 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -13,12 +13,10 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
-net none
+# net none - makes settings immutable
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 24615e828..9d737efb1 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -14,13 +14,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/kcalc.profile b/etc/kcalc.profile
index 0e10dc061..86a3b1462 100644
--- a/etc/kcalc.profile
+++ b/etc/kcalc.profile
@@ -23,7 +23,6 @@ include /etc/firejail/whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 no3d
 nodbus
 nodvd
diff --git a/etc/pluma.profile b/etc/pluma.profile
index da9766a81..d0acfeb1a 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -14,14 +14,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
 machine-id
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index f02d0363b..6322f8217 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -13,13 +13,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
 netfilter
 # no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nogroups
 nonewprivs
 noroot
diff --git a/etc/totem.profile b/etc/totem.profile
index 0b242ab8f..ad3845d90 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -15,12 +15,10 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
 netfilter
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nogroups
 nonewprivs
 noroot
diff --git a/etc/xed.profile b/etc/xed.profile
index 5f245f9ff..5d46560b7 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -14,14 +14,12 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
 machine-id
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index e0b7b4322..7e475bd58 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -15,12 +15,10 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
 netfilter
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nogroups
 nonewprivs
 noroot
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 35e9398ad..26f9f0238 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -17,13 +17,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-# following line makes settings immutable
+# apparmor - makes settings immutable
-apparmor
 caps.drop all
-net none
+# net none - makes settings immutable
 no3d
-# following line makes settings immutable
+# nodbus - makes settings immutable
-# nodbus
 nodvd
 nogroups
 nonewprivs

diff --git a/README.md b/README.md index 57267e414..4739b22fd 100644 --- a/README.md +++ b/README.md
@@ -259,12 +259,10 @@ enable/disable apparmor functionality globally. By default the flag is enabled.
259	AppArmor deployment: we are starting apparmor by default for the following programs:	259	AppArmor deployment: we are starting apparmor by default for the following programs:
260	- web browsers: firefox (firefox-common.profile), chromium (chromium-common.profile)	260	- web browsers: firefox (firefox-common.profile), chromium (chromium-common.profile)
261	- torrent clients: transmission-qt, transmission-gtk, qbittorrent	261	- torrent clients: transmission-qt, transmission-gtk, qbittorrent
262	- media players: vlc, mpv, audacious, totem, rhythmbox, kodi, smplayer, xplayer	262	- media players: vlc, mpv, audacious, kodi, smplayer
263	- media editing: kdenlive, audacity, handbrake, gimp, inkscape, krita, openshot	263	- media editing: kdenlive, audacity, handbrake, inkscape, krita, openshot
264	- image viewers: eom, eog, gwenview, xviewer
265	- archive managers: ark, engrampa, file-roller	264	- archive managers: ark, engrampa, file-roller
266	- text editors: gedit, kwrite, pluma, xed	265	- etc.: digikam, libreoffice, okular, gwenview, galculator, kcalc
267	- etc.: digikam, gnome-calculator, galculator, kcalc, okular, libreoffice, asunder
268		266
269	Checking apparmor status:	267	Checking apparmor status:
270	`````	268	`````


diff --git a/etc/audacity.profile b/etc/audacity.profile index e8ad7347a..907dbeb55 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile
@@ -18,7 +18,7 @@ apparmor
18	caps.drop all	18	caps.drop all
19	net none	19	net none
20	no3d	20	no3d
21	# nodbus	21	# nodbus - problems on Fedora 27
22	nodvd	22	nodvd
23	nogroups	23	nogroups
24	nonewprivs	24	nonewprivs


diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 25607d0a0..cf32d579e 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile
@@ -12,13 +12,11 @@ include /etc/firejail/disable-programs.inc
12		12
13	include /etc/firejail/whitelist-var-common.inc	13	include /etc/firejail/whitelist-var-common.inc
14		14
15	# following line makes settings immutable
16	apparmor	15	apparmor
17	caps.drop all	16	caps.drop all
18	net none	17	net none
19	no3d	18	no3d
20	# following line makes settings immutable	19	nodbus
21	# nodbus
22	nodvd	20	nodvd
23	nogroups	21	nogroups
24	nonewprivs	22	nonewprivs


diff --git a/etc/eog.profile b/etc/eog.profile index cbb0dc3cf..66434ae05 100644 --- a/etc/eog.profile +++ b/etc/eog.profile
@@ -17,13 +17,11 @@ include /etc/firejail/disable-programs.inc
17		17
18	include /etc/firejail/whitelist-var-common.inc	18	include /etc/firejail/whitelist-var-common.inc
19		19
20	# following line makes settings immutable	20	# apparmor - makes settings immutable
21	apparmor
22	caps.drop all	21	caps.drop all
23	net none	22	# net none - makes settings immutable
24	no3d	23	no3d
25	# following line makes settings immutable	24	# nodbus - makes settings immutable
26	# nodbus
27	nodvd	25	nodvd
28	nogroups	26	nogroups
29	nonewprivs	27	nonewprivs


diff --git a/etc/eom.profile b/etc/eom.profile index 93acd7f28..48965bcb9 100644 --- a/etc/eom.profile +++ b/etc/eom.profile
@@ -17,13 +17,11 @@ include /etc/firejail/disable-programs.inc
17		17
18	include /etc/firejail/whitelist-var-common.inc	18	include /etc/firejail/whitelist-var-common.inc
19		19
20	# following line makes settings immutable	20	# apparmor - makes settings immutable
21	apparmor
22	caps.drop all	21	caps.drop all
23	net none	22	# net none - makes settings immutable
24	no3d	23	no3d
25	# following line makes settings immutable	24	# nodbus - makes settings immutable
26	# nodbus
27	nodvd	25	nodvd
28	nogroups	26	nogroups
29	nonewprivs	27	nonewprivs


diff --git a/etc/file-roller.profile b/etc/file-roller.profile index f21f8af85..eb76d1dbb 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile
@@ -12,13 +12,11 @@ include /etc/firejail/disable-programs.inc
12		12
13	include /etc/firejail/whitelist-var-common.inc	13	include /etc/firejail/whitelist-var-common.inc
14		14
15	# following line makes settings immutable
16	apparmor	15	apparmor
17	caps.drop all	16	caps.drop all
18	net none	17	net none
19	no3d	18	no3d
20	# following line makes settings immutable	19	nodbus
21	# nodbus
22	nodvd	20	nodvd
23	nogroups	21	nogroups
24	nonewprivs	22	nonewprivs


diff --git a/etc/gedit.profile b/etc/gedit.profile index 49d99becf..e78b8a708 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile
@@ -16,14 +16,12 @@ include /etc/firejail/disable-programs.inc
16		16
17	include /etc/firejail/whitelist-var-common.inc	17	include /etc/firejail/whitelist-var-common.inc
18		18
19	# following line makes settings immutable	19	# apparmor - makes settings immutable
20	apparmor
21	caps.drop all	20	caps.drop all
22	machine-id	21	machine-id
23	net none	22	# net none - makes settings immutable
24	no3d	23	no3d
25	# following line makes settings immutable	24	# nodbus - makes settings immutable
26	# nodbus
27	nodvd	25	nodvd
28	nogroups	26	nogroups
29	nonewprivs	27	nonewprivs


diff --git a/etc/gimp.profile b/etc/gimp.profile index 5685eb5c1..630f02229 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile
@@ -13,12 +13,10 @@ include /etc/firejail/disable-programs.inc
13		13
14	include /etc/firejail/whitelist-var-common.inc	14	include /etc/firejail/whitelist-var-common.inc
15		15
16	# following line makes settings immutable	16	# apparmor - makes settings immutable
17	apparmor
18	caps.drop all	17	caps.drop all
19	net none	18	# net none - makes settings immutable
20	# following line makes settings immutable	19	# nodbus - makes settings immutable
21	# nodbus
22	nodvd	20	nodvd
23	nogroups	21	nogroups
24	nonewprivs	22	nonewprivs


diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index 24615e828..9d737efb1 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile
@@ -14,13 +14,11 @@ include /etc/firejail/disable-programs.inc
14	include /etc/firejail/whitelist-common.inc	14	include /etc/firejail/whitelist-common.inc
15	include /etc/firejail/whitelist-var-common.inc	15	include /etc/firejail/whitelist-var-common.inc
16		16
17	# following line makes settings immutable	17	# apparmor - makes settings immutable
18	apparmor
19	caps.drop all	18	caps.drop all
20	net none	19	# net none - makes settings immutable
21	no3d	20	no3d
22	# following line makes settings immutable	21	# nodbus - makes settings immutable
23	# nodbus
24	nodvd	22	nodvd
25	nogroups	23	nogroups
26	nonewprivs	24	nonewprivs


diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 0e10dc061..86a3b1462 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile
@@ -23,7 +23,6 @@ include /etc/firejail/whitelist-var-common.inc
23	apparmor	23	apparmor
24	caps.drop all	24	caps.drop all
25	net none	25	net none
26	netfilter
27	no3d	26	no3d
28	nodbus	27	nodbus
29	nodvd	28	nodvd


diff --git a/etc/pluma.profile b/etc/pluma.profile index da9766a81..d0acfeb1a 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile
@@ -14,14 +14,12 @@ include /etc/firejail/disable-programs.inc
14		14
15	include /etc/firejail/whitelist-var-common.inc	15	include /etc/firejail/whitelist-var-common.inc
16		16
17	# following line makes settings immutable	17	# apparmor - makes settings immutable
18	apparmor
19	caps.drop all	18	caps.drop all
20	machine-id	19	machine-id
21	net none	20	# net none - makes settings immutable
22	no3d	21	no3d
23	# following line makes settings immutable	22	# nodbus - makes settings immutable
24	# nodbus
25	nodvd	23	nodvd
26	nogroups	24	nogroups
27	nonewprivs	25	nonewprivs


diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index f02d0363b..6322f8217 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile
@@ -13,13 +13,11 @@ include /etc/firejail/disable-programs.inc
13		13
14	include /etc/firejail/whitelist-var-common.inc	14	include /etc/firejail/whitelist-var-common.inc
15		15
16	# following line makes settings immutable	16	# apparmor - makes settings immutable
17	apparmor
18	caps.drop all	17	caps.drop all
19	netfilter	18	netfilter
20	# no3d	19	# no3d
21	# following line makes settings immutable	20	# nodbus - makes settings immutable
22	# nodbus
23	nogroups	21	nogroups
24	nonewprivs	22	nonewprivs
25	noroot	23	noroot


diff --git a/etc/totem.profile b/etc/totem.profile index 0b242ab8f..ad3845d90 100644 --- a/etc/totem.profile +++ b/etc/totem.profile
@@ -15,12 +15,10 @@ include /etc/firejail/disable-programs.inc
15		15
16	include /etc/firejail/whitelist-var-common.inc	16	include /etc/firejail/whitelist-var-common.inc
17		17
18	# following line makes settings immutable	18	# apparmor - makes settings immutable
19	apparmor
20	caps.drop all	19	caps.drop all
21	netfilter	20	netfilter
22	# following line makes settings immutable	21	# nodbus - makes settings immutable
23	# nodbus
24	nogroups	22	nogroups
25	nonewprivs	23	nonewprivs
26	noroot	24	noroot


diff --git a/etc/xed.profile b/etc/xed.profile index 5f245f9ff..5d46560b7 100644 --- a/etc/xed.profile +++ b/etc/xed.profile
@@ -14,14 +14,12 @@ include /etc/firejail/disable-programs.inc
14		14
15	include /etc/firejail/whitelist-var-common.inc	15	include /etc/firejail/whitelist-var-common.inc
16		16
17	# following line makes settings immutable	17	# apparmor - makes settings immutable
18	apparmor
19	caps.drop all	18	caps.drop all
20	machine-id	19	machine-id
21	net none	20	# net none - makes settings immutable
22	no3d	21	no3d
23	# following line makes settings immutable	22	# nodbus - makes settings immutable
24	# nodbus
25	nodvd	23	nodvd
26	nogroups	24	nogroups
27	nonewprivs	25	nonewprivs


diff --git a/etc/xplayer.profile b/etc/xplayer.profile index e0b7b4322..7e475bd58 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile
@@ -15,12 +15,10 @@ include /etc/firejail/disable-programs.inc
15		15
16	include /etc/firejail/whitelist-var-common.inc	16	include /etc/firejail/whitelist-var-common.inc
17		17
18	# following line makes settings immutable	18	# apparmor - makes settings immutable
19	apparmor
20	caps.drop all	19	caps.drop all
21	netfilter	20	netfilter
22	# following line makes settings immutable	21	# nodbus - makes settings immutable
23	# nodbus
24	nogroups	22	nogroups
25	nonewprivs	23	nonewprivs
26	noroot	24	noroot


diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 35e9398ad..26f9f0238 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile
@@ -17,13 +17,11 @@ include /etc/firejail/disable-programs.inc
17		17
18	include /etc/firejail/whitelist-var-common.inc	18	include /etc/firejail/whitelist-var-common.inc
19		19
20	# following line makes settings immutable	20	# apparmor - makes settings immutable
21	apparmor
22	caps.drop all	21	caps.drop all
23	net none	22	# net none - makes settings immutable
24	no3d	23	no3d
25	# following line makes settings immutable	24	# nodbus - makes settings immutable
26	# nodbus
27	nodvd	25	nodvd
28	nogroups	26	nogroups
29	nonewprivs	27	nonewprivs