diff options
-rw-r--r-- | etc/profile-a-l/curl.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/gimp.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/inkscape.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/warzone2100.profile | 1 | ||||
-rw-r--r-- | src/include/etc_groups.h | 4 |
6 files changed, 8 insertions, 1 deletions
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 3e5878574..88b29cfbd 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -54,6 +54,7 @@ tracelog | |||
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | # private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl | 56 | # private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl |
57 | private-etc TLS-CA | ||
57 | private-tmp | 58 | private-tmp |
58 | 59 | ||
59 | dbus-user none | 60 | dbus-user none |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 60d64736e..c1a8c9e28 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -60,6 +60,7 @@ disable-mnt | |||
60 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 60 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
61 | # Add it to your firefox-common.local if you want to enable it. | 61 | # Add it to your firefox-common.local if you want to enable it. |
62 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 62 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
63 | private-etc GUI,NETWORK,TLS-CA,os-release,mime.types,mailcap | ||
63 | private-tmp | 64 | private-tmp |
64 | 65 | ||
65 | blacklist ${PATH}/curl | 66 | blacklist ${PATH}/curl |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 083b85a91..9635bb6e3 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -59,6 +59,7 @@ seccomp !mbind | |||
59 | tracelog | 59 | tracelog |
60 | 60 | ||
61 | private-dev | 61 | private-dev |
62 | private-etc GUI,gcrypt,python* | ||
62 | private-tmp | 63 | private-tmp |
63 | 64 | ||
64 | dbus-user none | 65 | dbus-user none |
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 1034c225f..c32536929 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -54,6 +54,7 @@ tracelog | |||
54 | # private-bin inkscape,potrace,python* - problems on Debian stretch | 54 | # private-bin inkscape,potrace,python* - problems on Debian stretch |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc inkscape: GUI,ImageMagick*,python* | ||
57 | private-tmp | 58 | private-tmp |
58 | 59 | ||
59 | dbus-user none | 60 | dbus-user none |
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 50c776412..d5a853fcd 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile | |||
@@ -46,6 +46,7 @@ tracelog | |||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin bash,dash,sh,warzone2100,which | 47 | private-bin bash,dash,sh,warzone2100,which |
48 | private-dev | 48 | private-dev |
49 | private-etc GUI,GAMES | ||
49 | private-tmp | 50 | private-tmp |
50 | 51 | ||
51 | restrict-namespaces | 52 | restrict-namespaces |
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h index 066c97570..421837fbb 100644 --- a/src/include/etc_groups.h +++ b/src/include/etc_groups.h | |||
@@ -35,8 +35,10 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer | |||
35 | "locale.alias", | 35 | "locale.alias", |
36 | "locale.conf", | 36 | "locale.conf", |
37 | "localtime", | 37 | "localtime", |
38 | "login.defs", // firejail reading UID/GID MIN and MAX at startup | ||
38 | "nsswitch.conf", | 39 | "nsswitch.conf", |
39 | "passwd", | 40 | "passwd", |
41 | "group", | ||
40 | NULL | 42 | NULL |
41 | }; | 43 | }; |
42 | 44 | ||
@@ -77,6 +79,7 @@ static char *etc_group_gui[] = { | |||
77 | "gtk-3.0", | 79 | "gtk-3.0", |
78 | "kde4rc", | 80 | "kde4rc", |
79 | "kde5rc", | 81 | "kde5rc", |
82 | "pango", // text rendering/internationalization | ||
80 | NULL | 83 | NULL |
81 | }; | 84 | }; |
82 | 85 | ||
@@ -85,7 +88,6 @@ static char *etc_group_games[] = { | |||
85 | "timidity", // MIDI | 88 | "timidity", // MIDI |
86 | "timidity.cfg", | 89 | "timidity.cfg", |
87 | "openal", // 3D sound | 90 | "openal", // 3D sound |
88 | "gcrypt", // GNU crypto library | ||
89 | NULL | 91 | NULL |
90 | }; | 92 | }; |
91 | 93 | ||