14 files changed, 40 insertions, 2 deletions
diff --git a/etc/7z.profile b/etc/7z.profile
index 0cb72ff8d..319126540 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -1,9 +1,14 @@
 # 7zip crompression tool profile
 quiet
 ignore noroot
 include /etc/firejail/default.profile
+blacklist /tmp/.X11-unix
 tracelog
 net none
 shell none
 private-dev
 nosound
+no3d
diff --git a/etc/cpio.profile b/etc/cpio.profile
index 519bd244c..cf89acdac 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -16,6 +16,7 @@ shell none
 tracelog
 net none
 nosound
+no3d
+blacklist /tmp/.X11-unix
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 384695473..1cae8c093 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -17,9 +17,12 @@ protocol unix
 seccomp
 netfilter
 net none
+no3d
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 # private-bin exiftool,perl
 private-tmp
 private-dev
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index b0ebdf43c..59c7383d7 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -14,9 +14,12 @@ nosound
 protocol unix
 seccomp
 netfilter
+no3d
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 # private-bin gpg-agent,gpg
 private-tmp
 private-dev
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 31372eb90..d711c6f3e 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -15,9 +15,12 @@ protocol unix
 seccomp
 netfilter
 net none
+no3d
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 # private-bin gpg,gpg-agent
 private-tmp
 private-dev
diff --git a/etc/less.profile b/etc/less.profile
index 08758aead..c01dfc466 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -5,7 +5,10 @@ include /etc/firejail/default.profile
 net none
 nosound
+no3d
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 private-dev
diff --git a/etc/mutt.profile b/etc/mutt.profile
index 2718421c5..5a714de4a 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -33,8 +33,11 @@ nogroups
 nonewprivs
 noroot
 nosound
+no3d
 protocol unix,inet,inet6
 seccomp
 shell none
+blacklist /tmp/.X11-unix
 private-dev
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile
index 329275022..c4e28f70e 100644
--- a/etc/odt2txt.profile
+++ b/etc/odt2txt.profile
@@ -13,9 +13,12 @@ protocol unix
 seccomp
 netfilter
 net none
+no3d
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 private-bin odt2txt
 private-tmp
 private-dev
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile
index 632c9d15e..fe9e9e3cd 100644
--- a/etc/pdftotext.profile
+++ b/etc/pdftotext.profile
@@ -13,9 +13,12 @@ protocol unix
 seccomp
 netfilter
 net none
+no3d
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 private-bin pdftotext
 private-tmp
 private-dev
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index 548ede37d..bea3a6061 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -12,5 +12,8 @@ caps.drop all
 netfilter
 nonewprivs
 noroot
+no3d
 protocol unix,inet,inet6
 seccomp
+blacklist /tmp/.X11-unix
diff --git a/etc/strings.profile b/etc/strings.profile
index 2b7724b11..2bbab1366 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -7,5 +7,6 @@ net none
 nosound
 shell none
 tracelog
 private-dev
+no3d
+blacklist /tmp/.X11-unix
diff --git a/etc/tracker.profile b/etc/tracker.profile
index 217631216..7f4f371eb 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -12,12 +12,15 @@ nogroups
 nonewprivs
 noroot
 nosound
+no3d
 protocol unix
 seccomp
 netfilter
 shell none
 tracelog
+blacklist /tmp/.X11-unix
 # private-bin tracker
 # private-tmp
 # private-dev
diff --git a/etc/wget.profile b/etc/wget.profile
index d9bca2acc..ff4b92bae 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -10,10 +10,12 @@ nonewprivs
 noroot
 nogroups
 nosound
+no3d
 protocol unix,inet,inet6
 seccomp
 shell none
+blacklist /tmp/.X11-unix
 # private-bin wget
 # private-etc resolv.conf
diff --git a/etc/xpra.profile b/etc/xpra.profile
index 8584e4e5b..32be90b19 100644
--- a/etc/xpra.profile
+++ b/etc/xpra.profile
@@ -14,6 +14,8 @@ shell none
 seccomp
 protocol unix,inet,inet6
+# blacklist /tmp/.X11-unix
 # private-bin 
 private-dev
 private-tmp

diff --git a/etc/7z.profile b/etc/7z.profile index 0cb72ff8d..319126540 100644 --- a/etc/7z.profile +++ b/etc/7z.profile
@@ -1,9 +1,14 @@
1	# 7zip crompression tool profile	1	# 7zip crompression tool profile
2	quiet	2	quiet
3	ignore noroot	3	ignore noroot
		4
4	include /etc/firejail/default.profile	5	include /etc/firejail/default.profile
		6
		7	blacklist /tmp/.X11-unix
		8
5	tracelog	9	tracelog
6	net none	10	net none
7	shell none	11	shell none
8	private-dev	12	private-dev
9	nosound	13	nosound
		14	no3d


diff --git a/etc/cpio.profile b/etc/cpio.profile index 519bd244c..cf89acdac 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -16,6 +16,7 @@ shell none
16	tracelog	16	tracelog
17	net none	17	net none
18	nosound	18	nosound
		19	no3d
19		20
20		21	blacklist /tmp/.X11-unix
21		22


diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 384695473..1cae8c093 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile
@@ -17,9 +17,12 @@ protocol unix
17	seccomp	17	seccomp
18	netfilter	18	netfilter
19	net none	19	net none
		20	no3d
20	shell none	21	shell none
21	tracelog	22	tracelog
22		23
		24	blacklist /tmp/.X11-unix
		25
23	# private-bin exiftool,perl	26	# private-bin exiftool,perl
24	private-tmp	27	private-tmp
25	private-dev	28	private-dev


diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index b0ebdf43c..59c7383d7 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile
@@ -14,9 +14,12 @@ nosound
14	protocol unix	14	protocol unix
15	seccomp	15	seccomp
16	netfilter	16	netfilter
		17	no3d
17	shell none	18	shell none
18	tracelog	19	tracelog
19		20
		21	blacklist /tmp/.X11-unix
		22
20	# private-bin gpg-agent,gpg	23	# private-bin gpg-agent,gpg
21	private-tmp	24	private-tmp
22	private-dev	25	private-dev


diff --git a/etc/gpg.profile b/etc/gpg.profile index 31372eb90..d711c6f3e 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile
@@ -15,9 +15,12 @@ protocol unix
15	seccomp	15	seccomp
16	netfilter	16	netfilter
17	net none	17	net none
		18	no3d
18	shell none	19	shell none
19	tracelog	20	tracelog
20		21
		22	blacklist /tmp/.X11-unix
		23
21	# private-bin gpg,gpg-agent	24	# private-bin gpg,gpg-agent
22	private-tmp	25	private-tmp
23	private-dev	26	private-dev


diff --git a/etc/less.profile b/etc/less.profile index 08758aead..c01dfc466 100644 --- a/etc/less.profile +++ b/etc/less.profile
@@ -5,7 +5,10 @@ include /etc/firejail/default.profile
5		5
6	net none	6	net none
7	nosound	7	nosound
		8	no3d
8	shell none	9	shell none
9	tracelog	10	tracelog
10		11
		12	blacklist /tmp/.X11-unix
		13
11	private-dev	14	private-dev


diff --git a/etc/mutt.profile b/etc/mutt.profile index 2718421c5..5a714de4a 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile
@@ -33,8 +33,11 @@ nogroups
33	nonewprivs	33	nonewprivs
34	noroot	34	noroot
35	nosound	35	nosound
		36	no3d
36	protocol unix,inet,inet6	37	protocol unix,inet,inet6
37	seccomp	38	seccomp
38	shell none	39	shell none
39		40
		41	blacklist /tmp/.X11-unix
		42
40	private-dev	43	private-dev


diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 329275022..c4e28f70e 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile
@@ -13,9 +13,12 @@ protocol unix
13	seccomp	13	seccomp
14	netfilter	14	netfilter
15	net none	15	net none
		16	no3d
16	shell none	17	shell none
17	tracelog	18	tracelog
18		19
		20	blacklist /tmp/.X11-unix
		21
19	private-bin odt2txt	22	private-bin odt2txt
20	private-tmp	23	private-tmp
21	private-dev	24	private-dev


diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 632c9d15e..fe9e9e3cd 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile
@@ -13,9 +13,12 @@ protocol unix
13	seccomp	13	seccomp
14	netfilter	14	netfilter
15	net none	15	net none
		16	no3d
16	shell none	17	shell none
17	tracelog	18	tracelog
18		19
		20	blacklist /tmp/.X11-unix
		21
19	private-bin pdftotext	22	private-bin pdftotext
20	private-tmp	23	private-tmp
21	private-dev	24	private-dev


diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 548ede37d..bea3a6061 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile
@@ -12,5 +12,8 @@ caps.drop all
12	netfilter	12	netfilter
13	nonewprivs	13	nonewprivs
14	noroot	14	noroot
		15	no3d
15	protocol unix,inet,inet6	16	protocol unix,inet,inet6
16	seccomp	17	seccomp
		18
		19	blacklist /tmp/.X11-unix


diff --git a/etc/strings.profile b/etc/strings.profile index 2b7724b11..2bbab1366 100644 --- a/etc/strings.profile +++ b/etc/strings.profile
@@ -7,5 +7,6 @@ net none
7	nosound	7	nosound
8	shell none	8	shell none
9	tracelog	9	tracelog
10
11	private-dev	10	private-dev
		11	no3d
		12	blacklist /tmp/.X11-unix


diff --git a/etc/tracker.profile b/etc/tracker.profile index 217631216..7f4f371eb 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile
@@ -12,12 +12,15 @@ nogroups
12	nonewprivs	12	nonewprivs
13	noroot	13	noroot
14	nosound	14	nosound
		15	no3d
15	protocol unix	16	protocol unix
16	seccomp	17	seccomp
17	netfilter	18	netfilter
18	shell none	19	shell none
19	tracelog	20	tracelog
20		21
		22	blacklist /tmp/.X11-unix
		23
21	# private-bin tracker	24	# private-bin tracker
22	# private-tmp	25	# private-tmp
23	# private-dev	26	# private-dev


diff --git a/etc/wget.profile b/etc/wget.profile index d9bca2acc..ff4b92bae 100644 --- a/etc/wget.profile +++ b/etc/wget.profile
@@ -10,10 +10,12 @@ nonewprivs
10	noroot	10	noroot
11	nogroups	11	nogroups
12	nosound	12	nosound
		13	no3d
13	protocol unix,inet,inet6	14	protocol unix,inet,inet6
14	seccomp	15	seccomp
15	shell none	16	shell none
16		17
		18	blacklist /tmp/.X11-unix
17		19
18	# private-bin wget	20	# private-bin wget
19	# private-etc resolv.conf	21	# private-etc resolv.conf


diff --git a/etc/xpra.profile b/etc/xpra.profile index 8584e4e5b..32be90b19 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile
@@ -14,6 +14,8 @@ shell none
14	seccomp	14	seccomp
15	protocol unix,inet,inet6	15	protocol unix,inet,inet6
16		16
		17	# blacklist /tmp/.X11-unix
		18
17	# private-bin	19	# private-bin
18	private-dev	20	private-dev
19	private-tmp	21	private-tmp