diff options
111 files changed, 130 insertions, 130 deletions
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index 7cc50da15..b750a135e 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -45,7 +45,7 @@ shell none | |||
45 | tracelog | 45 | tracelog |
46 | 46 | ||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer | 48 | private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | # private-etc alternatives | 51 | # private-etc alternatives |
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile index 27ba00857..c774f3a60 100644 --- a/etc/QOwnNotes.profile +++ b/etc/QOwnNotes.profile | |||
@@ -47,8 +47,8 @@ shell none | |||
47 | tracelog | 47 | tracelog |
48 | 48 | ||
49 | disable-mnt | 49 | disable-mnt |
50 | private-bin QOwnNotes,gio | 50 | private-bin gio,QOwnNotes |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies | 52 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,nsswitch.conf,pki,pulse,resolv.conf,ssl |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/Viber.profile b/etc/Viber.profile index 40358aa87..ecc500769 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
@@ -32,8 +32,8 @@ seccomp | |||
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin sh,bash,dig,awk,Viber | 35 | private-bin awk,bash,dig,sh,Viber |
36 | private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf | 36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | env QTWEBENGINE_DISABLE_SANDBOX=1 | 39 | env QTWEBENGINE_DISABLE_SANDBOX=1 |
diff --git a/etc/XMind.profile b/etc/XMind.profile index a5b0a864e..7e7c0c3cd 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile | |||
@@ -32,7 +32,7 @@ seccomp | |||
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin XMind,sh,cp | 35 | private-bin cp,sh,XMind |
36 | private-tmp | 36 | private-tmp |
37 | private-dev | 37 | private-dev |
38 | 38 | ||
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 3580f8336..259077d86 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -40,5 +40,5 @@ private | |||
40 | # private-bin Xvfb,sh,xkbcomp | 40 | # private-bin Xvfb,sh,xkbcomp |
41 | # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls | 41 | # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 43 | private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/akregator.profile b/etc/akregator.profile index 2f35c55c0..466eff22d 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -40,7 +40,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
40 | shell none | 40 | shell none |
41 | 41 | ||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper | 43 | private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kshell4,kshell5 |
44 | private-dev | 44 | private-dev |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/anki.profile b/etc/anki.profile index d50c720f7..c349376ff 100644 --- a/etc/anki.profile +++ b/etc/anki.profile | |||
@@ -50,5 +50,5 @@ disable-mnt | |||
50 | private-bin anki,python* | 50 | private-bin anki,python* |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,Trolltech.conf,ssl | 53 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf |
54 | private-tmp | 54 | private-tmp |
diff --git a/etc/apktool.profile b/etc/apktool.profile index acddf010b..aeeb845ea 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -31,6 +31,6 @@ protocol unix | |||
31 | seccomp | 31 | seccomp |
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | private-bin apktool,bash,java,dirname,basename,expr,sh | 34 | private-bin apktool,basename,bash,dirname,expr,java,sh |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 2f1715da1..bfd110bf2 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private | 38 | private |
39 | private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds | 39 | private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds |
40 | #private-dev | 40 | #private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 68c83e573..583250983 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | private-bin aria2c,gzip | 37 | private-bin aria2c,gzip |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,ca-certificates,ssl,resolv.conf | 40 | private-etc alternatives,ca-certificates,resolv.conf,ssl |
41 | private-lib libreadline.so.* | 41 | private-lib libreadline.so.* |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/ark.profile b/etc/ark.profile index 9214e96ff..ee0899b1d 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -34,7 +34,7 @@ protocol unix | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh | 37 | private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip,zip,zipinfo |
38 | #private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg | 38 | #private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg |
39 | 39 | ||
40 | private-dev | 40 | private-dev |
diff --git a/etc/arm.profile b/etc/arm.profile index dd3fa190a..51dad94d1 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -41,8 +41,8 @@ shell none | |||
41 | tracelog | 41 | tracelog |
42 | 42 | ||
43 | disable-mnt | 43 | disable-mnt |
44 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig | 44 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies | 46 | private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/artha.profile b/etc/artha.profile index 8ef5124de..2660c4e10 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -38,7 +38,7 @@ disable-mnt | |||
38 | private-bin artha,enchant,notify-send | 38 | private-bin artha,enchant,notify-send |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,machine-id,fonts | 41 | private-etc alternatives,fonts,machine-id |
42 | private-lib libnotify.so.* | 42 | private-lib libnotify.so.* |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/atool.profile b/etc/atool.profile index 3df32baac..7bcfdb935 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | # without login.defs atool complains and uses UID/GID 1000 by default | 47 | # without login.defs atool complains and uses UID/GID 1000 by default |
48 | private-etc alternatives,passwd,group,login.defs | 48 | private-etc alternatives,group,login.defs,passwd |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | memory-deny-write-execute | 51 | memory-deny-write-execute |
diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile index 609543e14..550830157 100644 --- a/etc/bitwarden.profile +++ b/etc/bitwarden.profile | |||
@@ -47,7 +47,7 @@ private-bin bitwarden | |||
47 | private-cache | 47 | private-cache |
48 | ?HAS_APPIMAGE: ignore private-dev | 48 | ?HAS_APPIMAGE: ignore private-dev |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,hosts,nsswitch.conf,fonts,pki,resolv.conf,ssl | 50 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl |
51 | private-opt Bitwarden | 51 | private-opt Bitwarden |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index f964438bc..1f7a02c2b 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
@@ -37,9 +37,9 @@ shell none | |||
37 | tracelog | 37 | tracelog |
38 | 38 | ||
39 | # support compressed archives | 39 | # support compressed archives |
40 | private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive | 40 | private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,passwd,group,localtime | 43 | private-etc alternatives,group,localtime,passwd |
44 | 44 | ||
45 | memory-deny-write-execute | 45 | memory-deny-write-execute |
diff --git a/etc/bzflag.profile b/etc/bzflag.profile index 94cd40899..86ab73e0b 100644 --- a/etc/bzflag.profile +++ b/etc/bzflag.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin bzflag,bzflag-wrapper,bzfs,bzadmin | 41 | private-bin bzadmin,bzflag,bzflag-wrapper,bzfs |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/celluloid.profile b/etc/celluloid.profile index 190a49588..89543d6cc 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile | |||
@@ -38,9 +38,9 @@ seccomp | |||
38 | shell none | 38 | shell none |
39 | tracelog | 39 | tracelog |
40 | 40 | ||
41 | private-bin celluloid,gnome-mpv,youtube-dl,python*,env | 41 | private-bin celluloid,env,gnome-mpv,python*,youtube-dl |
42 | private-cache | 42 | private-cache |
43 | private-etc alternatives,ca-certificates,ssl,pki,pkcs11,hosts,machine-id,localtime,libva.conf,drirc,fonts,gtk-3.0,dconf,crypto-policies,xdg,selinux,resolv.conf | 43 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg |
44 | private-dev | 44 | private-dev |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/cheese.profile b/etc/cheese.profile index e95a27da5..633928260 100644 --- a/etc/cheese.profile +++ b/etc/cheese.profile | |||
@@ -41,5 +41,5 @@ tracelog | |||
41 | disable-mnt | 41 | disable-mnt |
42 | private-bin cheese | 42 | private-bin cheese |
43 | private-cache | 43 | private-cache |
44 | private-etc alternatives,fonts,drirc,clutter-1.0,gtk-3.0,dconf | 44 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0 |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/cmus.profile b/etc/cmus.profile index e602c4e2a..7e12a06de 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -27,4 +27,4 @@ seccomp | |||
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin cmus | 29 | private-bin cmus |
30 | private-etc alternatives,group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,machine-id,pki,pulse,ssl |
diff --git a/etc/crow.profile b/etc/crow.profile index 8aa70a09c..755b6e9f8 100644 --- a/etc/crow.profile +++ b/etc/crow.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin crow | 39 | private-bin crow |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies | 41 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
42 | private-opt none | 42 | private-opt none |
43 | private-tmp | 43 | private-tmp |
44 | private-srv none | 44 | private-srv none |
diff --git a/etc/deluge.profile b/etc/deluge.profile index e86255d22..8f4f9fbe9 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -39,6 +39,6 @@ seccomp | |||
39 | shell none | 39 | shell none |
40 | 40 | ||
41 | # deluge is using python on Debian | 41 | # deluge is using python on Debian |
42 | private-bin deluge,deluge-console,deluged,deluge-gtk,deluge-web,sh,python*,uname | 42 | private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index a6fed6c78..e5f37b06a 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -35,7 +35,7 @@ protocol unix | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep | 38 | private-bin bash,dex2jar,dirname,expr,grep,java,ls,sh,uname |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | 41 | ||
diff --git a/etc/dig.profile b/etc/dig.profile index 1843f6e46..9bc4ee0ca 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | 42 | ||
43 | disable-mnt | 43 | disable-mnt |
44 | private | 44 | private |
45 | private-bin sh,bash,dig | 45 | private-bin bash,dig,sh |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | # private-etc alternatives,resolv.conf | 48 | # private-etc alternatives,resolv.conf |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index a791c7a06..82dd0475c 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -27,9 +27,9 @@ novideo | |||
27 | protocol unix,inet,inet6,netlink | 27 | protocol unix,inet,inet6,netlink |
28 | seccomp | 28 | seccomp |
29 | 29 | ||
30 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh | 30 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,tr,xdg-mime,xdg-open,zsh |
31 | private-dev | 31 | private-dev |
32 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,ld.so.cache,localtime,login.defs,password,pki,resolv.conf,ssl | 32 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,resolv.conf,ssl |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | noexec /tmp | 35 | noexec /tmp |
diff --git a/etc/electrum.profile b/etc/electrum.profile index ab554b21f..42438977f 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile | |||
@@ -46,6 +46,6 @@ disable-mnt | |||
46 | private-bin electrum,python* | 46 | private-bin electrum,python* |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id,resolv.conf | 49 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/enpass.profile b/etc/enpass.profile index 4ac35bbd6..99d3eac85 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
@@ -53,7 +53,7 @@ seccomp | |||
53 | shell none | 53 | shell none |
54 | tracelog | 54 | tracelog |
55 | 55 | ||
56 | private-bin dirname,Enpass,importer_enpass,sh,readlink | 56 | private-bin dirname,Enpass,importer_enpass,readlink,sh |
57 | ?HAS_APPIMAGE: ignore private-dev | 57 | ?HAS_APPIMAGE: ignore private-dev |
58 | private-dev | 58 | private-dev |
59 | private-opt Enpass | 59 | private-opt Enpass |
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index ee722bc54..9c1c5b7de 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin ffmpeg | 43 | private-bin ffmpeg |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf | 46 | private-etc alternatives,ca-certificates,hosts,pkcs11,pki,resolv.conf,ssl |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 49 | # memory-deny-write-execute - it breaks old versions of ffmpeg |
diff --git a/etc/file.profile b/etc/file.profile index c304b4efe..2782960c8 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -38,7 +38,7 @@ x11 none | |||
38 | #private-bin file | 38 | #private-bin file |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,magic.mgc,magic,localtime | 41 | private-etc alternatives,localtime,magic,magic.mgc |
42 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* | 42 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index af535880d..d8d4c1746 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
@@ -33,6 +33,6 @@ seccomp | |||
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | # private-bin breaks --join if the user has zsh set as $SHELL - adding zsh on private-bin | 35 | # private-bin breaks --join if the user has zsh set as $SHELL - adding zsh on private-bin |
36 | private-bin filezilla,uname,sh,bash,zsh,python*,lsb_release,fzputtygen,fzsftp | 36 | private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh |
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index cd3e07455..3aad9723b 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin flameshot | 38 | private-bin flameshot |
39 | private-cache | 39 | private-cache |
40 | private-etc alternatives,fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,pki,resolv.conf,ssl |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/freeciv.profile b/etc/freeciv.profile index 4813379a7..fa115d325 100644 --- a/etc/freeciv.profile +++ b/etc/freeciv.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin freeciv-gtk3,freeciv-mp-gtk3,freeciv-server,freeciv-manual | 41 | private-bin freeciv-gtk3,freeciv-manual,freeciv-mp-gtk3,freeciv-server |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/freemind.profile b/etc/freemind.profile index 7ab4ae129..ba945c0fb 100644 --- a/etc/freemind.profile +++ b/etc/freemind.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | tracelog | 42 | tracelog |
43 | 43 | ||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin freemind,java,bash,sed,sh,grep,mkdir,echo,cp,uname,which,lsb_release,rpm,dpkg,dirname,readlink | 45 | private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | #private-etc alternatives,fonts,java | 48 | #private-etc alternatives,fonts,java |
diff --git a/etc/gajim.profile b/etc/gajim.profile index 75d2f0774..74ab9f8b7 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -46,7 +46,7 @@ shell none | |||
46 | tracelog | 46 | tracelog |
47 | 47 | ||
48 | disable-mnt | 48 | disable-mnt |
49 | private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager | 49 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh |
50 | private-dev | 50 | private-dev |
51 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl | 51 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl |
52 | private-tmp | 52 | private-tmp |
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index a08aebf2c..7ca99f420 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache | 39 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/geekbench.profile b/etc/geekbench.profile index 764c68131..a4c33b46f 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin bash,geekbenc*,sh | 41 | private-bin bash,geekbenc*,sh |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,group,passwd,lsb-release | 44 | private-etc alternatives,group,lsb-release,passwd |
45 | private-lib libstdc++.so.* | 45 | private-lib libstdc++.so.* |
46 | private-opt none | 46 | private-opt none |
47 | private-tmp | 47 | private-tmp |
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 76011df19..48c02f195 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -49,7 +49,7 @@ tracelog | |||
49 | #private-bin ghostwriter,pandoc | 49 | #private-bin ghostwriter,pandoc |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id | 52 | private-etc alternatives,crypto-policies,cups,dconf,drirc,fonts,gtk-3.0,localtime,machine-id |
53 | # Breaks Translation | 53 | # Breaks Translation |
54 | #private-lib | 54 | #private-lib |
55 | private-tmp | 55 | private-tmp |
diff --git a/etc/gitg.profile b/etc/gitg.profile index 656d5cfd8..f6f51ef6f 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -35,7 +35,7 @@ protocol unix,inet,inet6 | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | private-bin gitg,git,ssh | 38 | private-bin git,gitg,ssh |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/gitter.profile b/etc/gitter.profile index 7d0831bc4..017b1765a 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin bash,env,gitter | 39 | private-bin bash,env,gitter |
40 | private-etc alternatives,fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,pulse,resolv.conf,ssl |
41 | private-opt Gitter | 41 | private-opt Gitter |
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 04409a5e4..e657293ac 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | tracelog | 37 | tracelog |
38 | 38 | ||
39 | disable-mnt | 39 | disable-mnt |
40 | private-bin fairymax,gnome-chess,hoichess,gnuchess | 40 | private-bin fairymax,gnome-chess,gnuchess,hoichess |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0 | 43 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0 |
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index cb73a9477..2beee83e0 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -37,6 +37,6 @@ disable-mnt | |||
37 | private-bin gnome-clocks,gsound-play | 37 | private-bin gnome-clocks,gsound-play |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf | 40 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,localtime,machine-id,pkcs11,pki,ssl |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index f843452c9..ad3fa1753 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -37,8 +37,8 @@ seccomp | |||
37 | shell none | 37 | shell none |
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | private-bin gnome-music,python*,env,gio-launch-desktop,yelp | 40 | private-bin env,gio-launch-desktop,gnome-music,python*,yelp |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,fonts,machine-id,pulse,asound.conf | 42 | private-etc alternatives,asound.conf,fonts,machine-id,pulse |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 1a897a5d8..567fa262c 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -43,7 +43,7 @@ shell none | |||
43 | disable-mnt | 43 | disable-mnt |
44 | private-bin gnome-recipes,tar | 44 | private-bin gnome-recipes,tar |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ca-certificates,fonts,ssl,crypto-policies,pki | 46 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl |
47 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* | 47 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/godot.profile b/etc/godot.profile index 596b825eb..f2b365455 100644 --- a/etc/godot.profile +++ b/etc/godot.profile | |||
@@ -39,5 +39,5 @@ disable-mnt | |||
39 | private-bin godot | 39 | private-bin godot |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl,fonts,alsa,asound.conf,machine-id,openal,pulse,alternatives,drirc | 42 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/google-earth.profile b/etc/google-earth.profile index a29e0d563..447a895d7 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile | |||
@@ -45,7 +45,7 @@ seccomp | |||
45 | shell none | 45 | shell none |
46 | 46 | ||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin google-earth,sh,bash,grep,sed,ls,dirname | 48 | private-bin bash,dirname,google-earth,grep,ls,sed,sh |
49 | private-dev | 49 | private-dev |
50 | private-opt google | 50 | private-opt google |
51 | 51 | ||
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index e6d37ee27..c1f1b53a0 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -35,6 +35,6 @@ tracelog | |||
35 | 35 | ||
36 | private-bin gpredict | 36 | private-bin gpredict |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/gradio.profile b/etc/gradio.profile index 75c793f61..82e2504b9 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile | |||
@@ -35,6 +35,6 @@ protocol unix,inet,inet6 | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 38 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index d4af3ed1a..489be3931 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -43,7 +43,7 @@ seccomp | |||
43 | shell none | 43 | shell none |
44 | # tracelog | 44 | # tracelog |
45 | 45 | ||
46 | private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 | 46 | private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 48 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
49 | 49 | ||
diff --git a/etc/hugin.profile b/etc/hugin.profile index 3d8921120..07a697c05 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile | |||
@@ -33,7 +33,7 @@ protocol unix | |||
33 | seccomp | 33 | seccomp |
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend | 36 | private-bin align_image_stack,autooptimiser,calibrate_lens_gui,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,enblend,fulla,geocpset,hugin,hugin_executor,hugin_hdrmerge,hugin_lensdb,hugin_stitch_project,icpfind,linefind,nona,pano_modify,pano_trafo,PTBatcherGUI,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/imagej.profile b/etc/imagej.profile index be656bafa..00ee115ed 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile | |||
@@ -34,7 +34,7 @@ protocol unix | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-bin imagej,bash,grep,sort,tail,tr,cut,whoami,hostname,uname,mkdir,ls,touch,free,awk,update-java-alternatives,basename,xprop,rm,ln | 37 | private-bin awk,basename,bash,cut,free,grep,hostname,imagej,ln,ls,mkdir,rm,sort,tail,touch,tr,uname,update-java-alternatives,whoami,xprop |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 8442c6ed7..74fadb4a9 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -37,7 +37,7 @@ protocol unix | |||
37 | seccomp | 37 | seccomp |
38 | shell none | 38 | shell none |
39 | 39 | ||
40 | private-bin jd-gui,sh,bash | 40 | private-bin bash,jd-gui,sh |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index f786c78d5..082045c62 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile | |||
@@ -30,7 +30,7 @@ protocol unix,inet,inet6,netlink | |||
30 | seccomp | 30 | seccomp |
31 | shell none | 31 | shell none |
32 | 32 | ||
33 | private-bin kdeinit4,kbuildsycoca4,kded4,knotify4 | 33 | private-bin kbuildsycoca4,kded4,kdeinit4,knotify4 |
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 82c8c6793..710c86e9a 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -33,6 +33,6 @@ protocol unix,netlink | |||
33 | seccomp | 33 | seccomp |
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt | 36 | private-bin dbus-launch,dvdauthor,ffmpeg,ffplay,ffprobe,genisoimage,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kdenlive,kdenlive_render,kshell4,kshell5,melt,mlt-melt,vlc,xine |
37 | private-dev | 37 | private-dev |
38 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 | 38 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 |
diff --git a/etc/kid3.profile b/etc/kid3.profile index 3171e94fe..e138bdec4 100644 --- a/etc/kid3.profile +++ b/etc/kid3.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,drirc,fonts,kde5rc,gtk-3.0,dconf,machine-id,ca-certificates,ssl,pki,hostname,hosts,resolv.conf,pulse,,crypto-policies | 40 | private-etc ,alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl |
41 | private-tmp | 41 | private-tmp |
42 | private-opt none | 42 | private-opt none |
43 | private-srv none | 43 | private-srv none |
diff --git a/etc/konversation.profile b/etc/konversation.profile index 19174459c..dd3e9617f 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -34,7 +34,7 @@ seccomp | |||
34 | shell none | 34 | shell none |
35 | tracelog | 35 | tracelog |
36 | 36 | ||
37 | private-bin konversation,kbuildsycoca4 | 37 | private-bin kbuildsycoca4,konversation |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index f30a1b7e6..2eb46a7e8 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -52,7 +52,7 @@ protocol unix,inet,inet6,netlink | |||
52 | seccomp | 52 | seccomp |
53 | shell none | 53 | shell none |
54 | 54 | ||
55 | private-bin ktorrent,kbuildsycoca4,kdeinit4 | 55 | private-bin kbuildsycoca4,kdeinit4,ktorrent |
56 | private-dev | 56 | private-dev |
57 | # private-lib - problems on Arch | 57 | # private-lib - problems on Arch |
58 | private-tmp | 58 | private-tmp |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 9b0640eab..31ac19039 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -43,7 +43,7 @@ seccomp | |||
43 | shell none | 43 | shell none |
44 | tracelog | 44 | tracelog |
45 | 45 | ||
46 | private-bin kwrite,kbuildsycoca4,kdeinit4 | 46 | private-bin kbuildsycoca4,kdeinit4,kwrite |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 48 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
49 | private-tmp | 49 | private-tmp |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 6667815b9..1ce83822d 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -37,6 +37,6 @@ seccomp | |||
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 40 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index f7a059f50..94d90780b 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile | |||
@@ -36,7 +36,7 @@ protocol unix | |||
36 | seccomp | 36 | seccomp |
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack | 39 | private-bin align_image_stack,enfuse,env,exiftool,macrofusion,python* |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index d1dc76260..49a776766 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin mate-dictionary | 37 | private-bin mate-dictionary |
38 | private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl |
39 | private-opt mate-dictionary | 39 | private-opt mate-dictionary |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index c65a25edc..134a6ae63 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -30,4 +30,4 @@ shell none | |||
30 | 30 | ||
31 | private-bin mcabber | 31 | private-bin mcabber |
32 | private-dev | 32 | private-dev |
33 | private-etc alternatives,ca-certificates,ssl,pki,crypto-policies | 33 | private-etc alternatives,ca-certificates,crypto-policies,pki,ssl |
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index ed6cc3ae0..1f02ff5c0 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile | |||
@@ -43,7 +43,7 @@ shell none | |||
43 | tracelog | 43 | tracelog |
44 | 44 | ||
45 | disable-mnt | 45 | disable-mnt |
46 | private-bin mendeleydesktop,python*,env,gconftool-2,which,sh,ln,cat,update-desktop-database | 46 | private-bin cat,env,gconftool-2,ln,mendeleydesktop,python*,sh,update-desktop-database,which |
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/mp3splt-gtk.profile b/etc/mp3splt-gtk.profile index d14006112..e0936476b 100644 --- a/etc/mp3splt-gtk.profile +++ b/etc/mp3splt-gtk.profile | |||
@@ -37,5 +37,5 @@ tracelog | |||
37 | private-bin mp3splt-gtk | 37 | private-bin mp3splt-gtk |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alsa,alternatives,asound.conf,fonts,gtk-3.0,dconf,machine-id,openal,pulse | 40 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,machine-id,openal,pulse |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 775e137bc..d87241070 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile | |||
@@ -50,7 +50,7 @@ seccomp | |||
50 | shell none | 50 | shell none |
51 | tracelog | 51 | tracelog |
52 | 52 | ||
53 | private-bin mpsyt,mplayer,mpv,youtube-dl,python*,env,ffmpeg | 53 | private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl |
54 | private-dev | 54 | private-dev |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
diff --git a/etc/mpv.profile b/etc/mpv.profile index aa2335516..5aa9e7e74 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -40,6 +40,6 @@ seccomp | |||
40 | shell none | 40 | shell none |
41 | tracelog | 41 | tracelog |
42 | 42 | ||
43 | private-bin mpv,youtube-dl,python*,env | 43 | private-bin env,mpv,python*,youtube-dl |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 25b097d72..3bc674134 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
@@ -35,8 +35,8 @@ shell none | |||
35 | tracelog | 35 | tracelog |
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin bash,fonts,env,jak,ms-office,python*,sh | 38 | private-bin bash,env,fonts,jak,ms-office,python*,sh |
39 | private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 39 | private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index 727269a61..a6b85a8e4 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -32,5 +32,5 @@ seccomp | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-dev | 34 | private-dev |
35 | private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl |
36 | 36 | ||
diff --git a/etc/mypaint.profile b/etc/mypaint.profile index 19643e749..d75651d78 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile | |||
@@ -44,6 +44,6 @@ tracelog | |||
44 | 44 | ||
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,gtk-3.0,dconf | 47 | private-etc alternatives,dconf,fonts,gtk-3.0 |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/nomacs.profile b/etc/nomacs.profile index fd154b1c4..7a7ff504a 100644 --- a/etc/nomacs.profile +++ b/etc/nomacs.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | #private-bin nomacs | 41 | #private-bin nomacs |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,hosts,ca-certificates,ssl,pki,crypto-policies,resolv.conf,drirc,fonts,gtk-3.0,dconf,machine-id,login.defs | 44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,login.defs,machine-id,pki,resolv.conf,ssl |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/nyx.profile b/etc/nyx.profile index 1ea33ac4d..c4475c75c 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin nyx,python* | 45 | private-bin nyx,python* |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,passwd,tor,fonts | 48 | private-etc alternatives,fonts,passwd,tor |
49 | private-opt none | 49 | private-opt none |
50 | private-srv none | 50 | private-srv none |
51 | private-tmp | 51 | private-tmp |
diff --git a/etc/okular.profile b/etc/okular.profile index 48e45ca3f..99357934d 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -47,7 +47,7 @@ seccomp | |||
47 | shell none | 47 | shell none |
48 | tracelog | 48 | tracelog |
49 | 49 | ||
50 | private-bin okular,kbuildsycoca4,kdeinit4,lpr | 50 | private-bin kbuildsycoca4,kdeinit4,lpr,okular |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg | 52 | private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg |
53 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients | 53 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients |
diff --git a/etc/openclonk.profile b/etc/openclonk.profile index 02663c2f4..da60006b3 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin openclonk,c4group | 41 | private-bin c4group,openclonk |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/parole.profile b/etc/parole.profile index 69ed5a2ca..e7a0694ed 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -25,6 +25,6 @@ protocol unix,inet,inet6 | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin parole,dbus-launch | 28 | private-bin dbus-launch,parole |
29 | private-cache | 29 | private-cache |
30 | private-etc alternatives,passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,pulse,ssl |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index bd3592f48..adff2af3e 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -37,7 +37,7 @@ protocol unix | |||
37 | seccomp | 37 | seccomp |
38 | shell none | 38 | shell none |
39 | 39 | ||
40 | private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config | 40 | private-bin archlinux-java,awk,bash,dirname,expr,find,grep,java,java-config,ls,pdfsam,readlink,sh,sort,uname,which |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/pioneer.profile b/etc/pioneer.profile index a240aa5fc..c5b936617 100644 --- a/etc/pioneer.profile +++ b/etc/pioneer.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin pioneer,modelcompiler,savegamedump | 41 | private-bin modelcompiler,pioneer,savegamedump |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/pithos.profile b/etc/pithos.profile index 62050eb55..ad56ce525 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -36,7 +36,7 @@ seccomp | |||
36 | shell none | 36 | shell none |
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin pithos,env,python* | 39 | private-bin env,pithos,python* |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 480a03e49..116698312 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | 38 | ||
39 | # private-dev is disabled to allow controller support | 39 | # private-dev is disabled to allow controller support |
40 | #private-dev | 40 | #private-dev |
41 | private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 41 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
42 | private-opt ppsspp | 42 | private-opt ppsspp |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/pragha.profile b/etc/pragha.profile index 4e6840636..019c1a547 100644 --- a/etc/pragha.profile +++ b/etc/pragha.profile | |||
@@ -33,6 +33,6 @@ seccomp | |||
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 3bce425d9..034c144c7 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile | |||
@@ -39,8 +39,8 @@ seccomp | |||
39 | shell none | 39 | shell none |
40 | 40 | ||
41 | disable-mnt | 41 | disable-mnt |
42 | private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat | 42 | private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies | 44 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 82e237d54..d5198ef61 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -51,7 +51,7 @@ protocol unix,inet,inet6,netlink | |||
51 | seccomp | 51 | seccomp |
52 | shell none | 52 | shell none |
53 | 53 | ||
54 | private-bin qbittorrent,python* | 54 | private-bin python*,qbittorrent |
55 | private-dev | 55 | private-dev |
56 | # private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 56 | # private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
57 | # private-lib - problems on Arch | 57 | # private-lib - problems on Arch |
diff --git a/etc/qgis.profile b/etc/qgis.profile index 70788b207..15ef4c22a 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile | |||
@@ -53,5 +53,5 @@ tracelog | |||
53 | disable-mnt | 53 | disable-mnt |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl,QGIS,QGIS.conf,Trolltech.conf | 56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf |
57 | private-tmp | 57 | private-tmp |
diff --git a/etc/qmmp.profile b/etc/qmmp.profile index f786e73b7..b69bbdef1 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile | |||
@@ -31,7 +31,7 @@ seccomp | |||
31 | shell none | 31 | shell none |
32 | tracelog | 32 | tracelog |
33 | 33 | ||
34 | private-bin qmmp,tar,unzip,bzip2,gzip | 34 | private-bin bzip2,gzip,qmmp,tar,unzip |
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 0ca5a5ef0..4a731b45a 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin qtox | 42 | private-bin qtox |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse | 45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | memory-deny-write-execute | 48 | memory-deny-write-execute |
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 176842c44..a367acad5 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -36,7 +36,7 @@ protocol unix | |||
36 | seccomp | 36 | seccomp |
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-bin sdat2img,env,python* | 39 | private-bin env,python*,sdat2img |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | 42 | ||
diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 7aeb2909b..cfc33d074 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile | |||
@@ -32,7 +32,7 @@ shell none | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private | 34 | private |
35 | private-bin silentarmy,sa-solver,python* | 35 | private-bin python*,sa-solver,silentarmy |
36 | private-dev | 36 | private-dev |
37 | private-opt none | 37 | private-opt none |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/slack.profile b/etc/slack.profile index 53baf5f40..5c10ef0ba 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -33,7 +33,7 @@ seccomp | |||
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin slack,locale | 36 | private-bin locale,slack |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id | 38 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 0363a2475..9b824604a 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -37,7 +37,7 @@ protocol unix,inet,inet6,netlink | |||
37 | seccomp | 37 | seccomp |
38 | shell none | 38 | shell none |
39 | 39 | ||
40 | private-bin smplayer,smtube,mplayer,mpv,youtube-dl,python*,env | 40 | private-bin env,mplayer,mpv,python*,smplayer,smtube,youtube-dl |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/spotify.profile b/etc/spotify.profile index 2d5c4a48f..09ed69afe 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -42,9 +42,9 @@ shell none | |||
42 | tracelog | 42 | tracelog |
43 | 43 | ||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin spotify,bash,sh,zenity | 45 | private-bin bash,sh,spotify,zenity |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies | 47 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
48 | private-opt spotify | 48 | private-opt spotify |
49 | private-srv none | 49 | private-srv none |
50 | private-tmp | 50 | private-tmp |
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 5458120ef..297392b9a 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -39,5 +39,5 @@ seccomp | |||
39 | disable-mnt | 39 | disable-mnt |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,pki,resolv.conf,ssl,xdg |
43 | 43 | ||
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 8acf77349..0145f3de6 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | #tracelog | 34 | #tracelog |
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf | 37 | private-bin bash,cp,dirname,env,getconf,gpg,grep,id,ln,mkdir,readlink,rm,sed,sh,tail,test |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 39 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/steam.profile b/etc/steam.profile index 5ab600bfb..df7bfba85 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -69,5 +69,5 @@ shell none | |||
69 | # private-dev should be commented for controllers | 69 | # private-dev should be commented for controllers |
70 | private-dev | 70 | private-dev |
71 | # private-etc breaks a small selection of games on some systems, comment to support those | 71 | # private-etc breaks a small selection of games on some systems, comment to support those |
72 | private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release | 72 | private-etc alternatives,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl |
73 | private-tmp | 73 | private-tmp |
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 60d80ecd4..2cd5ec3ad 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin supertuxkart | 47 | private-bin supertuxkart |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux | 50 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,selinux,ssl,system-fips,xdg |
51 | private-tmp | 51 | private-tmp |
52 | private-opt none | 52 | private-opt none |
53 | private-srv none | 53 | private-srv none |
diff --git a/etc/surf.profile b/etc/surf.profile index 5f116fd0c..d4c6d9afc 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
@@ -32,8 +32,8 @@ shell none | |||
32 | tracelog | 32 | tracelog |
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop | 35 | private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop |
36 | private-dev | 36 | private-dev |
37 | private-etc alternatives,passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies | 37 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,passwd,pki,resolv.conf,ssl |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
diff --git a/etc/tar.profile b/etc/tar.profile index b6a874217..71f7414bc 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -38,10 +38,10 @@ shell none | |||
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | # support compressed archives | 40 | # support compressed archives |
41 | private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | 41 | private-bin bash,bzip2,compress,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,passwd,group,localtime | 44 | private-etc alternatives,group,localtime,passwd |
45 | private-lib libfakeroot | 45 | private-lib libfakeroot |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index 51a76bad4..d9e874be2 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile | |||
@@ -35,8 +35,8 @@ seccomp | |||
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux | 38 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf | 41 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/terasology.profile b/etc/terasology.profile index 2a7212395..7b273c23d 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -44,5 +44,5 @@ shell none | |||
44 | 44 | ||
45 | disable-mnt | 45 | disable-mnt |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies | 47 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl |
48 | private-tmp | 48 | private-tmp |
diff --git a/etc/tor.profile b/etc/tor.profile index e80fbadb0..4aebe0a1e 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -44,9 +44,9 @@ writable-var | |||
44 | 44 | ||
45 | disable-mnt | 45 | disable-mnt |
46 | private | 46 | private |
47 | private-bin tor,bash | 47 | private-bin bash,tor |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies | 50 | private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index ff4a85871..33e87e6a7 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -50,5 +50,5 @@ shell none | |||
50 | disable-mnt | 50 | disable-mnt |
51 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz | 51 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 53 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl |
54 | private-tmp | 54 | private-tmp |
diff --git a/etc/tremulous.profile b/etc/tremulous.profile index a56ac2c07..e148298ae 100644 --- a/etc/tremulous.profile +++ b/etc/tremulous.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | tracelog | 38 | tracelog |
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin tremulous,tremulous-wrapper,tremded | 41 | private-bin tremded,tremulous,tremulous-wrapper |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 5b55f30d2..a2e101a58 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -38,5 +38,5 @@ tracelog | |||
38 | 38 | ||
39 | private-bin unrar | 39 | private-bin unrar |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,passwd,group,localtime | 41 | private-etc alternatives,group,localtime,passwd |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 79b41f9d8..875fa6f98 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -42,4 +42,4 @@ tracelog | |||
42 | private-bin unzip | 42 | private-bin unzip |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,passwd,group,localtime | 45 | private-etc alternatives,group,localtime,passwd |
diff --git a/etc/utox.profile b/etc/utox.profile index 9216a6a05..454e3260b 100644 --- a/etc/utox.profile +++ b/etc/utox.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin utox | 41 | private-bin utox |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse,openal | 44 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 64ac7a4f0..572758f28 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -34,7 +34,7 @@ protocol unix,inet,inet6,netlink | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc | 37 | private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/w3m.profile b/etc/w3m.profile index d577932e3..9b6cc8238 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | # private-bin w3m | 36 | # private-bin w3m |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,resolv.conf,ssl,pki,ca-certificates,crypto-policies | 39 | private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/whois.profile b/etc/whois.profile index cc2494f95..f101ee637 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private | 38 | private |
39 | private-bin sh,bash,whois | 39 | private-bin bash,sh,whois |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | # private-etc alternatives,hosts,services,whois.conf | 42 | # private-etc alternatives,hosts,services,whois.conf |
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 7c545d08f..f41453bf3 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" | 34 | # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" |
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin wire-desktop,bash,sh,env,electron | 37 | private-bin bash,electron,env,sh,wire-desktop |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index 952625ef8..e6bbb4259 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin xfce4-mixer,xfconf-query | 42 | private-bin xfce4-mixer,xfconf-query |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,asound.conf,fonts,pulse,machine-id | 45 | private-etc alternatives,asound.conf,fonts,machine-id,pulse |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | memory-deny-write-execute | 48 | memory-deny-write-execute |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 043e513bd..7114f0469 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -46,5 +46,5 @@ disable-mnt | |||
46 | private-bin xiphos | 46 | private-bin xiphos |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies | 49 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssli,sword,sword.conf |
50 | private-tmp | 50 | private-tmp |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 09c0639f8..f4f828eda 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -37,6 +37,6 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl | 38 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 40 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index c88d63c01..190c972c0 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -49,10 +49,10 @@ shell none | |||
49 | tracelog | 49 | tracelog |
50 | 50 | ||
51 | disable-mnt | 51 | disable-mnt |
52 | private-bin youtube-dl,python*,ffmpeg,env | 52 | private-bin env,ffmpeg,python*,youtube-dl |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,ssl,pki,ca-certificates,hostname,hosts,resolv.conf,youtube-dl.conf,crypto-policies,mime.types | 55 | private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,mime.types,pki,resolv.conf,ssl,youtube-dl.conf |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | # memory-deny-write-execute - breaks on Arch | 58 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/zart.profile b/etc/zart.profile index f380e93f0..347bed8b6 100644 --- a/etc/zart.profile +++ b/etc/zart.profile | |||
@@ -31,6 +31,6 @@ protocol unix | |||
31 | seccomp | 31 | seccomp |
32 | shell none | 32 | shell none |
33 | 33 | ||
34 | private-bin zart,ffmpeg,melt,ffprobe,ffplay | 34 | private-bin ffmpeg,ffplay,ffprobe,melt,zart |
35 | private-dev | 35 | private-dev |
36 | 36 | ||