diff options
-rw-r--r-- | etc/profile-a-l/brave.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/evince.profile | 13 | ||||
-rw-r--r-- | etc/profile-m-z/whalebird.profile | 3 |
3 files changed, 10 insertions, 8 deletions
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index 09548c761..071a279b0 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -13,6 +13,8 @@ ignore noexec /tmp | |||
13 | # you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default. | 13 | # you will need to uncomment the 'brave + tor' rule in /etc/apparmor.d/local/firejail-default. |
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | # Causes slow starts (#4604) | ||
17 | ignore private-cache | ||
16 | 18 | ||
17 | noblacklist ${HOME}/.cache/BraveSoftware | 19 | noblacklist ${HOME}/.cache/BraveSoftware |
18 | noblacklist ${HOME}/.config/BraveSoftware | 20 | noblacklist ${HOME}/.config/BraveSoftware |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index 21bf7eabf..eec9f86db 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -6,9 +6,9 @@ include evince.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # WARNING: using bookmarks possibly exposes information, including file history from other programs. | 9 | # WARNING: This exposes information like file history from other programs. |
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # You can add a blacklist for it in your evince.local for additional hardening if you can live with some restrictions. |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/evince | 13 | noblacklist ${HOME}/.config/evince |
14 | noblacklist ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
@@ -59,9 +59,8 @@ private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd | |||
59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* | 59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* |
60 | private-tmp | 60 | private-tmp |
61 | 61 | ||
62 | # dbus-user filtering might break two-page-view on some systems | ||
63 | dbus-user filter | 62 | dbus-user filter |
64 | # Add the next two lines to your evince.local if you need bookmarks support. | 63 | dbus-user.talk ca.desrt.dconf |
65 | #dbus-user.talk org.gtk.vfs.Daemon | 64 | dbus-user.talk org.gtk.vfs.Daemon |
66 | #dbus-user.talk org.gtk.vfs.Metadata | 65 | dbus-user.talk org.gtk.vfs.Metadata |
67 | dbus-system none | 66 | dbus-system none |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index 92ebebdae..8a9614fb0 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
@@ -10,6 +10,7 @@ include globals.local | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | ignore apparmor | ||
13 | ignore dbus-user none | 14 | ignore dbus-user none |
14 | ignore dbus-system none | 15 | ignore dbus-system none |
15 | 16 | ||
@@ -21,7 +22,7 @@ whitelist ${HOME}/.config/Whalebird | |||
21 | no3d | 22 | no3d |
22 | 23 | ||
23 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird | 24 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird |
24 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 25 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
25 | 26 | ||
26 | # Redirect | 27 | # Redirect |
27 | include electron.profile | 28 | include electron.profile |