diff options
195 files changed, 358 insertions, 206 deletions
diff --git a/.gitignore b/.gitignore index 5e26f1711..7f5913727 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -40,4 +40,3 @@ seccomp.64 | |||
40 | seccomp.block_secondary | 40 | seccomp.block_secondary |
41 | seccomp.mdwx | 41 | seccomp.mdwx |
42 | src/common.mk | 42 | src/common.mk |
43 | |||
@@ -397,6 +397,8 @@ LaurentGH (https://github.com/LaurentGH) | |||
397 | - allow private-bin parameters to be absolute paths | 397 | - allow private-bin parameters to be absolute paths |
398 | Loïc Damien (https://github.com/dzamlo) | 398 | Loïc Damien (https://github.com/dzamlo) |
399 | - small fixes | 399 | - small fixes |
400 | Lockdis (https://github.com/Lockdis) | ||
401 | - Added crow, nyx, and google-earth-pro profiles | ||
400 | luzpaz (https://github.com/luzpaz) | 402 | luzpaz (https://github.com/luzpaz) |
401 | - code spelling fixes | 403 | - code spelling fixes |
402 | maces (https://github.com/maces) | 404 | maces (https://github.com/maces) |
@@ -443,6 +445,9 @@ nyancat18 (https://github.com/nyancat18) | |||
443 | - added ardour4, dooble, karbon, krita profiles | 445 | - added ardour4, dooble, karbon, krita profiles |
444 | Ondra Nekola (https://github.com/satai) | 446 | Ondra Nekola (https://github.com/satai) |
445 | - allow firefox theming with non-global themes | 447 | - allow firefox theming with non-global themes |
448 | Lorenzo "Palinuro" Faletra (https://github.com/PalinuroSec) | ||
449 | - prevent thunderbird conflicts when firefox is running | ||
450 | - add join-or-start to pluma to open multiple files in tabs | ||
446 | Panzerfather (https://github.com/Panzerfather) | 451 | Panzerfather (https://github.com/Panzerfather) |
447 | - allow eog to access user's trash | 452 | - allow eog to access user's trash |
448 | Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/) | 453 | Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/) |
@@ -102,3 +102,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
102 | ## Current development version: 0.9.59 | 102 | ## Current development version: 0.9.59 |
103 | 103 | ||
104 | ## New profiles: | 104 | ## New profiles: |
105 | crow, nyx | ||
@@ -1,3 +1,6 @@ | |||
1 | firejail (0.9.58) baseline; urgency=low | ||
2 | * new profiles: crow, nyx | ||
3 | |||
1 | firejail (0.9.58,2) baseline; urgency=low | 4 | firejail (0.9.58,2) baseline; urgency=low |
2 | * cgroup flag in /etc/firejail/firejail.config file | 5 | * cgroup flag in /etc/firejail/firejail.config file |
3 | * name-change flag in /etc/firejail.config file | 6 | * name-change flag in /etc/firejail.config file |
diff --git a/etc-fixes/0.9.38/firefox.profile b/etc-fixes/0.9.38/firefox.profile index f107f77fd..0eab2b5e0 100644 --- a/etc-fixes/0.9.38/firefox.profile +++ b/etc-fixes/0.9.38/firefox.profile | |||
@@ -29,4 +29,4 @@ whitelist ~/.cache/gnome-mplayer/plugin | |||
29 | include /etc/firejail/whitelist-common.inc | 29 | include /etc/firejail/whitelist-common.inc |
30 | 30 | ||
31 | # experimental features | 31 | # experimental features |
32 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | 32 | #private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse |
diff --git a/etc-fixes/0.9.52/firefox.profile b/etc-fixes/0.9.52/firefox.profile index e3efada2c..6a9ff977e 100644 --- a/etc-fixes/0.9.52/firefox.profile +++ b/etc-fixes/0.9.52/firefox.profile | |||
@@ -92,7 +92,7 @@ disable-mnt | |||
92 | # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash | 92 | # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash |
93 | private-dev | 93 | private-dev |
94 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 94 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
95 | # private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | 95 | # private-etc alternatives,iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse |
96 | private-tmp | 96 | private-tmp |
97 | 97 | ||
98 | noexec ${HOME} | 98 | noexec ${HOME} |
diff --git a/etc-fixes/0.9.52/gedit.profile b/etc-fixes/0.9.52/gedit.profile index 2646233cf..8dd71a196 100644 --- a/etc-fixes/0.9.52/gedit.profile +++ b/etc-fixes/0.9.52/gedit.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | 36 | ||
37 | # private-bin gedit | 37 | # private-bin gedit |
38 | private-dev | 38 | private-dev |
39 | # private-etc fonts | 39 | # private-etc alternatives,fonts |
40 | #private-lib gedit - disabled; problems when running "firejail gedit"; "firejail /usr/bin/gedit" works fine | 40 | #private-lib gedit - disabled; problems when running "firejail gedit"; "firejail /usr/bin/gedit" works fine |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index d988fd41a..69dfbecfe 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer | 47 | private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | # private-etc none | 50 | # private-etc alternatives |
51 | # private-lib | 51 | # private-lib |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile index 1135b850b..f63a8b9ef 100644 --- a/etc/QOwnNotes.profile +++ b/etc/QOwnNotes.profile | |||
@@ -49,7 +49,7 @@ tracelog | |||
49 | disable-mnt | 49 | disable-mnt |
50 | private-bin QOwnNotes,gio | 50 | private-bin QOwnNotes,gio |
51 | private-dev | 51 | private-dev |
52 | private-etc fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies | 52 | private-etc alternatives,fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | noexec ${HOME} | 55 | noexec ${HOME} |
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index a95c8989a..d9b7f8c26 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -39,5 +39,5 @@ private | |||
39 | # private-bin Xephyr,sh,xkbcomp | 39 | # private-bin Xephyr,sh,xkbcomp |
40 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls | 40 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls |
41 | private-dev | 41 | private-dev |
42 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 42 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 967946a6c..ed07485d6 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -41,5 +41,5 @@ private | |||
41 | # private-bin Xvfb,sh,xkbcomp | 41 | # private-bin Xvfb,sh,xkbcomp |
42 | # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls | 42 | # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls |
43 | private-dev | 43 | private-dev |
44 | private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 44 | private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/amarok.profile b/etc/amarok.profile index 6f2e6b3cc..6cec3befc 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -31,5 +31,5 @@ shell none | |||
31 | 31 | ||
32 | # private-bin amarok | 32 | # private-bin amarok |
33 | private-dev | 33 | private-dev |
34 | # private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 34 | # private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 3c207b5b3..377ce0a2c 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm | 36 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf | 39 | #private-etc alternatives,pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 3015349b7..56ed081e6 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin aria2c,gzip | 37 | private-bin aria2c,gzip |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc ca-certificates,ssl | 40 | private-etc alternatives,ca-certificates,ssl |
41 | private-lib libreadline.so.* | 41 | private-lib libreadline.so.* |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/ark.profile b/etc/ark.profile index 37211682c..b60674f95 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -34,7 +34,7 @@ seccomp | |||
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh | 36 | private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh |
37 | #private-etc smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg | 37 | #private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg |
38 | 38 | ||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/arm.profile b/etc/arm.profile index 288dd972a..217b61d09 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig | 45 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig |
46 | private-dev | 46 | private-dev |
47 | private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies | 47 | private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/artha.profile b/etc/artha.profile index 7b0c6735b..431fc3ed1 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin artha,enchant,notify-send | 37 | private-bin artha,enchant,notify-send |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts | 40 | private-etc alternatives,fonts |
41 | private-lib libnotify.so.* | 41 | private-lib libnotify.so.* |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/atool.profile b/etc/atool.profile index d5daeabbe..c82108cef 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -43,5 +43,5 @@ private-cache | |||
43 | # private-bin atool | 43 | # private-bin atool |
44 | private-dev | 44 | private-dev |
45 | # without login.defs atool complains and uses UID/GID 1000 by default | 45 | # without login.defs atool complains and uses UID/GID 1000 by default |
46 | private-etc passwd,group,login.defs | 46 | private-etc alternatives,passwd,group,login.defs |
47 | private-tmp | 47 | private-tmp |
diff --git a/etc/atril.profile b/etc/atril.profile index 92fae21d4..aca945ba3 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | 41 | ||
42 | private-bin atril, atril-previewer, atril-thumbnailer | 42 | private-bin atril, atril-previewer, atril-thumbnailer |
43 | private-dev | 43 | private-dev |
44 | private-etc fonts,ld.so.cache | 44 | private-etc alternatives,fonts,ld.so.cache |
45 | # atril uses webkit gtk to display epub files | 45 | # atril uses webkit gtk to display epub files |
46 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 | 46 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 |
47 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit | 47 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit |
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 9656bb3d7..fc86001be 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
@@ -40,7 +40,7 @@ disable-mnt | |||
40 | # private-bin authenticator | 40 | # private-bin authenticator |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc fonts,ld.so.cache | 43 | private-etc alternatives,fonts,ld.so.cache |
44 | # private-lib | 44 | # private-lib |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 07cb889e4..6e40054f7 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -44,5 +44,5 @@ shell none | |||
44 | 44 | ||
45 | # private-bin bibletime,qt5ct | 45 | # private-bin bibletime,qt5ct |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies | 47 | private-etc alternatives,fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 46ce0775b..def292118 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin bitcoin-qt | 42 | private-bin bitcoin-qt |
43 | private-dev | 43 | private-dev |
44 | # Causes problem with loading of libGL.so | 44 | # Causes problem with loading of libGL.so |
45 | #private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 45 | #private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
46 | # Works, but QT complains about OpenSSL a bit. | 46 | # Works, but QT complains about OpenSSL a bit. |
47 | #private-lib | 47 | #private-lib |
48 | private-tmp | 48 | private-tmp |
diff --git a/etc/bless.profile b/etc/bless.profile index cc03107a5..8315f4563 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | # private-bin bless,sh,bash,mono | 35 | # private-bin bless,sh,bash,mono |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc fonts,mono | 38 | private-etc alternatives,fonts,mono |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 8ab9472ac..5021db254 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -30,7 +30,7 @@ tracelog | |||
30 | # private-bin brasero | 30 | # private-bin brasero |
31 | private-cache | 31 | private-cache |
32 | # private-dev | 32 | # private-dev |
33 | # private-etc fonts | 33 | # private-etc alternatives,fonts |
34 | # private-tmp | 34 | # private-tmp |
35 | 35 | ||
36 | memory-deny-write-execute | 36 | memory-deny-write-execute |
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index f6864386e..9e45b1fd6 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
@@ -37,4 +37,4 @@ tracelog | |||
37 | # support compressed archives | 37 | # support compressed archives |
38 | private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive | 38 | private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive |
39 | private-dev | 39 | private-dev |
40 | private-etc passwd,group,localtime | 40 | private-etc alternatives,passwd,group,localtime |
diff --git a/etc/caja.profile b/etc/caja.profile index f938792cd..49516de8c 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
@@ -41,5 +41,5 @@ tracelog | |||
41 | # caja needs to be able to start arbitrary applications so we cannot blacklist their files | 41 | # caja needs to be able to start arbitrary applications so we cannot blacklist their files |
42 | # private-bin caja | 42 | # private-bin caja |
43 | # private-dev | 43 | # private-dev |
44 | # private-etc fonts | 44 | # private-etc alternatives,fonts |
45 | # private-tmp | 45 | # private-tmp |
diff --git a/etc/clawsker.profile b/etc/clawsker.profile index e863a6a45..d50882c75 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | private-bin clawsker,perl | 44 | private-bin clawsker,perl |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts | 47 | private-etc alternatives,fonts |
48 | private-lib girepository-1.*,libgirepository-1.*,perl* | 48 | private-lib girepository-1.*,libgirepository-1.*,perl* |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/cmus.profile b/etc/cmus.profile index ee6600b76..e602c4e2a 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -27,4 +27,4 @@ seccomp | |||
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin cmus | 29 | private-bin cmus |
30 | private-etc group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 30 | private-etc alternatives,group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/crow.profile b/etc/crow.profile new file mode 100644 index 000000000..93f71cef8 --- /dev/null +++ b/etc/crow.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for crow | ||
2 | # Description: A translator that allows to translate and say selected text using Google, Yandex and Bing translate API | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include crow.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | mkdir ${HOME}/.config/crow | ||
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | ||
11 | whitelist ${HOME}/.config/crow | ||
12 | whitelist ${HOME}/.cache/gstreamer-1.0 | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | include whitelist-common.inc | ||
22 | |||
23 | caps.drop all | ||
24 | netfilter | ||
25 | no3d | ||
26 | nodvd | ||
27 | nogroups | ||
28 | nonewprivs | ||
29 | noroot | ||
30 | notv | ||
31 | nou2f | ||
32 | novideo | ||
33 | protocol unix,inet,inet6,netlink | ||
34 | seccomp | ||
35 | shell none | ||
36 | |||
37 | disable-mnt | ||
38 | private-bin crow | ||
39 | private-dev | ||
40 | private-etc alternatives,ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies | ||
41 | private-opt none | ||
42 | private-tmp | ||
43 | private-srv none | ||
44 | |||
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/curl.profile b/etc/curl.profile index d20e00740..1783f1337 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -33,7 +33,7 @@ shell none | |||
33 | # private-bin curl | 33 | # private-bin curl |
34 | private-cache | 34 | private-cache |
35 | private-dev | 35 | private-dev |
36 | # private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies | 36 | # private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/default.profile b/etc/default.profile index 14ea0ae17..917e42287 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -37,7 +37,7 @@ seccomp | |||
37 | # private-bin program | 37 | # private-bin program |
38 | # private-cache | 38 | # private-cache |
39 | # private-dev | 39 | # private-dev |
40 | # private-etc none | 40 | # private-etc alternatives |
41 | # private-lib | 41 | # private-lib |
42 | # private-tmp | 42 | # private-tmp |
43 | 43 | ||
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index b3558a038..a809bee0c 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin devilspie | 37 | private-bin devilspie |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc none | 40 | private-etc alternatives |
41 | private-lib gconv | 41 | private-lib gconv |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 4ab2634e8..d8c10413b 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin devilspie2 | 37 | private-bin devilspie2 |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc none | 40 | private-etc alternatives |
41 | private-lib gconv | 41 | private-lib gconv |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/dig.profile b/etc/dig.profile index 8a0ba8f09..f5b26c195 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -40,7 +40,7 @@ private | |||
40 | private-bin sh,bash,dig | 40 | private-bin sh,bash,dig |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | # private-etc resolv.conf | 43 | # private-etc alternatives,resolv.conf |
44 | private-lib | 44 | private-lib |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/digikam.profile b/etc/digikam.profile index ccc0a6544..cc0e98ba3 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | # private-bin program | 38 | # private-bin program |
39 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 39 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |
40 | # private-etc ca-certificates,ssl,pki,crypto-policies | 40 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
diff --git a/etc/dino.profile b/etc/dino.profile index 9844ce81a..76f63fdc8 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin dino | 37 | private-bin dino |
38 | private-dev | 38 | private-dev |
39 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection | 39 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index f98f247d5..80ea918df 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -305,6 +305,7 @@ blacklist ${HOME}/.msmtprc | |||
305 | blacklist ${HOME}/.mutt | 305 | blacklist ${HOME}/.mutt |
306 | blacklist ${HOME}/.muttrc | 306 | blacklist ${HOME}/.muttrc |
307 | blacklist ${HOME}/.netrc | 307 | blacklist ${HOME}/.netrc |
308 | blacklist ${HOME}/.nyx | ||
308 | blacklist ${HOME}/.pki | 309 | blacklist ${HOME}/.pki |
309 | blacklist ${HOME}/.local/share/pki | 310 | blacklist ${HOME}/.local/share/pki |
310 | blacklist ${HOME}/.smbcredentials | 311 | blacklist ${HOME}/.smbcredentials |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32c3ddb07..39aab61c1 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -201,6 +201,7 @@ blacklist ${HOME}/.config/mono | |||
201 | blacklist ${HOME}/.config/mpd | 201 | blacklist ${HOME}/.config/mpd |
202 | blacklist ${HOME}/.config/mpv | 202 | blacklist ${HOME}/.config/mpv |
203 | blacklist ${HOME}/.config/mupen64plus | 203 | blacklist ${HOME}/.config/mupen64plus |
204 | blacklist ${HOME}/.config/mypaint | ||
204 | blacklist ${HOME}/.config/nautilus | 205 | blacklist ${HOME}/.config/nautilus |
205 | blacklist ${HOME}/.config/nemo | 206 | blacklist ${HOME}/.config/nemo |
206 | blacklist ${HOME}/.config/netsurf | 207 | blacklist ${HOME}/.config/netsurf |
@@ -450,6 +451,7 @@ blacklist ${HOME}/.local/share/midori | |||
450 | blacklist ${HOME}/.local/share/multimc | 451 | blacklist ${HOME}/.local/share/multimc |
451 | blacklist ${HOME}/.local/share/multimc5 | 452 | blacklist ${HOME}/.local/share/multimc5 |
452 | blacklist ${HOME}/.local/share/mupen64plus | 453 | blacklist ${HOME}/.local/share/mupen64plus |
454 | blacklist ${HOME}/.local/share/mypaint | ||
453 | blacklist ${HOME}/.local/share/nautilus | 455 | blacklist ${HOME}/.local/share/nautilus |
454 | blacklist ${HOME}/.local/share/nautilus-python | 456 | blacklist ${HOME}/.local/share/nautilus-python |
455 | blacklist ${HOME}/.local/share/nemo | 457 | blacklist ${HOME}/.local/share/nemo |
@@ -612,6 +614,7 @@ blacklist ${HOME}/.cache/moonchild productions/basilisk | |||
612 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 614 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
613 | blacklist ${HOME}/.cache/mozilla | 615 | blacklist ${HOME}/.cache/mozilla |
614 | blacklist ${HOME}/.cache/mutt | 616 | blacklist ${HOME}/.cache/mutt |
617 | blacklist ${HOME}/.cache/mypaint | ||
615 | blacklist ${HOME}/.cache/nheko/nheko | 618 | blacklist ${HOME}/.cache/nheko/nheko |
616 | blacklist ${HOME}/.cache/netsurf | 619 | blacklist ${HOME}/.cache/netsurf |
617 | blacklist ${HOME}/.cache/okular | 620 | blacklist ${HOME}/.cache/okular |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index 9c6a40e8a..c520454e8 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -27,7 +27,7 @@ seccomp | |||
27 | 27 | ||
28 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh | 28 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh |
29 | private-dev | 29 | private-dev |
30 | private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf | 30 | private-etc alternatives,fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf |
31 | private-tmp | 31 | private-tmp |
32 | 32 | ||
33 | noexec ${HOME} | 33 | noexec ${HOME} |
diff --git a/etc/display.profile b/etc/display.profile index 3182aebbe..ff19365ad 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -39,5 +39,6 @@ shell none | |||
39 | 39 | ||
40 | private-bin display,python* | 40 | private-bin display,python* |
41 | private-dev | 41 | private-dev |
42 | # private-etc none - on Debian-based systems display is a symlink in /etc/alternatives | 42 | # On Debian-based systems, display is a symlink in /etc/alternatives |
43 | private-etc alternatives | ||
43 | private-tmp | 44 | private-tmp |
diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 31cc48e9f..44156f97e 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile | |||
@@ -36,7 +36,7 @@ disable-mnt | |||
36 | private-bin easystroke,bash,sh | 36 | private-bin easystroke,bash,sh |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc fonts | 39 | private-etc alternatives,fonts |
40 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 40 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/electrum.profile b/etc/electrum.profile index d24a31299..a290683de 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin electrum,python* | 47 | private-bin electrum,python* |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id | 50 | private-etc alternatives,fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | noexec ${HOME} | 53 | noexec ${HOME} |
diff --git a/etc/elinks.profile b/etc/elinks.profile index 6643c5fda..842a0db04 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | # private-bin elinks | 36 | # private-bin elinks |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | # private-etc ca-certificates,ssl,pki,crypto-policies | 39 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/enchant.profile b/etc/enchant.profile index e29e542ab..1d3d33d68 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | # private-bin enchant, enchant-* | 35 | # private-bin enchant, enchant-* |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc none | 38 | private-etc alternatives |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | # memory-deny-write-execute | 41 | # memory-deny-write-execute |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index b9f2632c4..670808de2 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin engrampa | 35 | # private-bin engrampa |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts | 37 | # private-etc alternatives,fonts |
38 | # private-tmp | 38 | # private-tmp |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
diff --git a/etc/eog.profile b/etc/eog.profile index 75d343d4e..d448b7c6c 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -39,7 +39,7 @@ shell none | |||
39 | private-bin eog | 39 | private-bin eog |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc fonts | 42 | private-etc alternatives,fonts |
43 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 43 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/eom.profile b/etc/eom.profile index 7d84cd3b4..c34331da6 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | 39 | ||
40 | private-bin eom | 40 | private-bin eom |
41 | private-dev | 41 | private-dev |
42 | private-etc fonts | 42 | private-etc alternatives,fonts |
43 | private-lib | 43 | private-lib |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/etr.profile b/etc/etr.profile index 6c3db897b..cf13a42de 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -31,5 +31,5 @@ shell none | |||
31 | 31 | ||
32 | # private-bin etr | 32 | # private-bin etr |
33 | private-dev | 33 | private-dev |
34 | # private-etc none | 34 | # private-etc alternatives |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/evince.profile b/etc/evince.profile index b9ff3c121..e9b530ece 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | 39 | ||
40 | private-bin evince,evince-previewer,evince-thumbnailer | 40 | private-bin evince,evince-previewer,evince-thumbnailer |
41 | private-dev | 41 | private-dev |
42 | private-etc fonts,machine-id | 42 | private-etc alternatives,fonts,machine-id |
43 | 43 | ||
44 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv | 44 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv |
45 | 45 | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 3eac35bac..37e01f8d3 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -39,5 +39,5 @@ tracelog | |||
39 | # private-bin exiftool,perl | 39 | # private-bin exiftool,perl |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc none | 42 | private-etc alternatives |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/feh-network.inc b/etc/feh-network.inc new file mode 100644 index 000000000..b74486f4f --- /dev/null +++ b/etc/feh-network.inc | |||
@@ -0,0 +1,2 @@ | |||
1 | ignore net none | ||
2 | private-etc resolv.conf,ca-certificates,ssl | ||
diff --git a/etc/feh.profile b/etc/feh.profile index ddf0fa154..f020bace5 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -12,6 +12,11 @@ include disable-interpreters.inc | |||
12 | include disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | # This profile disables network access | ||
16 | # In order to enable network access, | ||
17 | # uncomment the following or put it in your feh.local: | ||
18 | # include feh-network.inc | ||
19 | |||
15 | caps.drop all | 20 | caps.drop all |
16 | net none | 21 | net none |
17 | no3d | 22 | no3d |
@@ -31,5 +36,5 @@ shell none | |||
31 | private-bin feh,jpegexiforient,jpegtran | 36 | private-bin feh,jpegexiforient,jpegtran |
32 | private-cache | 37 | private-cache |
33 | private-dev | 38 | private-dev |
34 | private-etc feh | 39 | private-etc alternatives,feh |
35 | private-tmp | 40 | private-tmp |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index d79b4de4b..e4863bfc0 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin file-roller | 35 | # private-bin file-roller |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts | 37 | # private-etc alternatives,fonts |
38 | # private-tmp | 38 | # private-tmp |
39 | 39 | ||
40 | #memory-deny-write-execute - breaks on Arch | 40 | #memory-deny-write-execute - breaks on Arch |
diff --git a/etc/file.profile b/etc/file.profile index f2f9f25f9..0769f8887 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -34,7 +34,7 @@ x11 none | |||
34 | #private-bin file | 34 | #private-bin file |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc magic.mgc,magic,localtime | 37 | private-etc alternatives,magic.mgc,magic,localtime |
38 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* | 38 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 7c65be7cb..69920aa5f 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -51,7 +51,7 @@ shell none | |||
51 | disable-mnt | 51 | disable-mnt |
52 | private-dev | 52 | private-dev |
53 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 53 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
54 | #private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache | 54 | #private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | # breaks DRM binaries | 57 | # breaks DRM binaries |
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index d665d1851..1c5f90f42 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin flameshot | 36 | private-bin flameshot |
37 | private-cache | 37 | private-cache |
38 | private-etc fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 3697252e7..ed3b4490f 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -35,5 +35,5 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | # private-bin frozen-bubble | 36 | # private-bin frozen-bubble |
37 | private-dev | 37 | private-dev |
38 | # private-etc none | 38 | # private-etc alternatives |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/gajim.profile b/etc/gajim.profile index a957b07b0..efe85f3aa 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager | 48 | private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager |
49 | private-dev | 49 | private-dev |
50 | private-etc alsa,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl | 50 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | noexec ${HOME} | 53 | noexec ${HOME} |
diff --git a/etc/galculator.profile b/etc/galculator.profile index 323c880a8..509d9bd05 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -38,6 +38,6 @@ tracelog | |||
38 | 38 | ||
39 | private-bin galculator | 39 | private-bin galculator |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts | 41 | private-etc alternatives,fonts |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 5aa73b38f..d9df8fd37 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
@@ -32,7 +32,7 @@ tracelog | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-dev | 34 | private-dev |
35 | private-etc ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache | 35 | private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | noexec /tmp | 38 | noexec /tmp |
diff --git a/etc/gedit.profile b/etc/gedit.profile index af0a3da56..a583c534f 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | # private-bin gedit | 41 | # private-bin gedit |
42 | private-dev | 42 | private-dev |
43 | # private-etc fonts | 43 | # private-etc alternatives,fonts |
44 | private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell | 44 | private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index a7d82b5fb..adfc3ef1c 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -31,4 +31,4 @@ shell none | |||
31 | 31 | ||
32 | # private-bin geeqie | 32 | # private-bin geeqie |
33 | private-dev | 33 | private-dev |
34 | # private-etc X11 | 34 | # private-etc alternatives,X11 |
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index bdca281ed..11686e0e9 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | #private-bin ghostwriter,pandoc | 52 | #private-bin ghostwriter,pandoc |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id | 55 | private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id |
56 | # Breaks Translation | 56 | # Breaks Translation |
57 | #private-lib | 57 | #private-lib |
58 | private-tmp | 58 | private-tmp |
diff --git a/etc/github-desktop.profile b/etc/github-desktop.profile index 9ac212fe8..934ac7c40 100644 --- a/etc/github-desktop.profile +++ b/etc/github-desktop.profile | |||
@@ -39,7 +39,7 @@ disable-mnt | |||
39 | private-cache | 39 | private-cache |
40 | ?HAS_APPIMAGE: ignore private-dev | 40 | ?HAS_APPIMAGE: ignore private-dev |
41 | private-dev | 41 | private-dev |
42 | # private-etc none | 42 | # private-etc alternatives |
43 | # private-lib | 43 | # private-lib |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index d8439fa79..d84f01f20 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin bash,env,gitter | 37 | private-bin bash,env,gitter |
38 | private-etc fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | private-opt Gitter | 39 | private-opt Gitter |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 9c7aa5700..f119e5b34 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather | 35 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index c748cf7e3..b880980bc 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | # private-bin gjs gnome-books | 38 | # private-bin gjs gnome-books |
39 | private-dev | 39 | private-dev |
40 | # private-etc fonts | 40 | # private-etc alternatives,fonts |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index fbd8c22c0..42aa3ea2c 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin fairymax,gnome-chess,hoichess | 36 | private-bin fairymax,gnome-chess,hoichess |
37 | private-dev | 37 | private-dev |
38 | private-etc fonts,gnome-chess | 38 | private-etc alternatives,fonts,gnome-chess |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 54356a1b7..83ece0fce 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | disable-mnt | 34 | disable-mnt |
35 | # private-bin gnome-clocks | 35 | # private-bin gnome-clocks |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index f89684219..c429c7697 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin gnome-logs | 38 | private-bin gnome-logs |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts,localtime,machine-id | 40 | private-etc alternatives,fonts,localtime,machine-id |
41 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 41 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
42 | private-tmp | 42 | private-tmp |
43 | writable-var-log | 43 | writable-var-log |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 2d2f5aa6d..b963c17dd 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | disable-mnt | 38 | disable-mnt |
39 | # private-bin gjs gnome-maps | 39 | # private-bin gjs gnome-maps |
40 | private-dev | 40 | private-dev |
41 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 41 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 54e055358..c4dedcf1c 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | private-bin gnome-music,python*,env,gio-launch-desktop,yelp | 41 | private-bin gnome-music,python*,env,gio-launch-desktop,yelp |
42 | private-dev | 42 | private-dev |
43 | private-etc fonts,machine-id,pulse,asound.conf | 43 | private-etc alternatives,fonts,machine-id,pulse,asound.conf |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | noexec ${HOME} | 46 | noexec ${HOME} |
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 2e3356607..c48ca50a5 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin gjs gnome-photos | 35 | # private-bin gjs gnome-photos |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts | 37 | # private-etc alternatives,fonts |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index cef741eb3..01c65a5a4 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts | 37 | private-etc alternatives,fonts |
38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 761c604ff..e516566d7 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin gnome-recipes,tar | 39 | private-bin gnome-recipes,tar |
40 | private-dev | 40 | private-dev |
41 | private-etc ca-certificates,fonts,ssl,crypto-policies,pki | 41 | private-etc alternatives,ca-certificates,fonts,ssl,crypto-policies,pki |
42 | # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) | 42 | # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) |
43 | # not widely tested though, leaving it to devs discretion to enable it later | 43 | # not widely tested though, leaving it to devs discretion to enable it later |
44 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 | 44 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 6b5f5480d..baa5d39fd 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | disable-mnt | 38 | disable-mnt |
39 | # private-bin gjs gnome-weather | 39 | # private-bin gjs gnome-weather |
40 | private-dev | 40 | private-dev |
41 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 41 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/goobox.profile b/etc/goobox.profile index 3cc159eb2..be332665e 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -31,5 +31,5 @@ tracelog | |||
31 | 31 | ||
32 | # private-bin goobox | 32 | # private-bin goobox |
33 | private-dev | 33 | private-dev |
34 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 34 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
35 | # private-tmp | 35 | # private-tmp |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index d3e1123f3..af9680b49 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -34,6 +34,6 @@ tracelog | |||
34 | 34 | ||
35 | private-bin gpicview | 35 | private-bin gpicview |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts | 37 | private-etc alternatives,fonts |
38 | private-lib | 38 | private-lib |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 76a10f697..38897f184 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | 33 | ||
34 | private-bin gpredict | 34 | private-bin gpredict |
35 | private-dev | 35 | private-dev |
36 | private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 36 | private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/gradio.profile b/etc/gradio.profile index e7f415090..eec7376b4 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile | |||
@@ -34,7 +34,7 @@ protocol unix,inet,inet6 | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 37 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index e90578333..790e4920d 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | 44 | ||
45 | private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 | 45 | private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 47 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
48 | 48 | ||
49 | # memory-deny-write-execute | 49 | # memory-deny-write-execute |
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/highlight.profile b/etc/highlight.profile index ae2cce0b4..243643aea 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | private-bin highlight | 34 | private-bin highlight |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 6f860a3d4..2011759e3 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | # private-bin img2txt | 34 | # private-bin img2txt |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/kate.profile b/etc/kate.profile index cce36eacc..4a78d718f 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | 42 | ||
43 | # private-bin kate,kbuildsycoca4,kdeinit4 | 43 | # private-bin kate,kbuildsycoca4,kdeinit4 |
44 | private-dev | 44 | private-dev |
45 | # private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg | 45 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # noexec ${HOME} | 48 | # noexec ${HOME} |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index fc9386618..357eb435d 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | 41 | ||
42 | private-bin keepassx,keepassx2 | 42 | private-bin keepassx,keepassx2 |
43 | private-dev | 43 | private-dev |
44 | private-etc fonts,machine-id | 44 | private-etc alternatives,fonts,machine-id |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 448f5455f..d565373f4 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | 42 | ||
43 | private-bin keepassxc | 43 | private-bin keepassxc |
44 | private-dev | 44 | private-dev |
45 | private-etc fonts,ld.so.cache,machine-id | 45 | private-etc alternatives,fonts,ld.so.cache,machine-id |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # 2.2.4 crashes on database open | 48 | # 2.2.4 crashes on database open |
diff --git a/etc/klavaro.profile b/etc/klavaro.profile index 890cde3db..04b4a5ae5 100644 --- a/etc/klavaro.profile +++ b/etc/klavaro.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin klavaro,tclsh,tclsh*,bash | 45 | private-bin klavaro,tclsh,tclsh*,bash |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc fonts | 48 | private-etc alternatives,fonts |
49 | private-tmp | 49 | private-tmp |
50 | private-opt none | 50 | private-opt none |
51 | private-srv none | 51 | private-srv none |
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 653283150..834f6f2dd 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin kwin_x11 | 38 | private-bin kwin_x11 |
39 | private-dev | 39 | private-dev |
40 | private-etc drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg | 40 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 9922cb0b5..bc4fba97d 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | 44 | ||
45 | private-bin kwrite,kbuildsycoca4,kdeinit4 | 45 | private-bin kwrite,kbuildsycoca4,kdeinit4 |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 47 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 6e53fc62b..047424e5e 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -38,7 +38,7 @@ seccomp | |||
38 | shell none | 38 | shell none |
39 | 39 | ||
40 | private-dev | 40 | private-dev |
41 | private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 41 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/lynx.profile b/etc/lynx.profile index e8d44823b..2f043c9b9 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | # private-bin lynx | 34 | # private-bin lynx |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index e35ddd2a7..56433df41 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | private-bin masterpdfeditor* | 41 | private-bin masterpdfeditor* |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc fonts | 44 | private-etc alternatives,fonts |
45 | # private-lib | 45 | # private-lib |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index e3220076d..1d3c21e3f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -39,7 +39,7 @@ shell none | |||
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin mate-calc,mate-calculator | 41 | private-bin mate-calc,mate-calculator |
42 | private-etc fonts | 42 | private-etc alternatives,fonts |
43 | private-dev | 43 | private-dev |
44 | private-opt none | 44 | private-opt none |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 1ba744d5a..a344f70e1 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin mate-color-select | 36 | private-bin mate-color-select |
37 | private-etc fonts | 37 | private-etc alternatives,fonts |
38 | private-dev | 38 | private-dev |
39 | private-lib | 39 | private-lib |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index ba179dfdd..196f5b2c3 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin mate-dictionary | 38 | private-bin mate-dictionary |
39 | private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 39 | private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
40 | private-opt mate-dictionary | 40 | private-opt mate-dictionary |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index ea4cb0250..c65a25edc 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -30,4 +30,4 @@ shell none | |||
30 | 30 | ||
31 | private-bin mcabber | 31 | private-bin mcabber |
32 | private-dev | 32 | private-dev |
33 | private-etc ca-certificates,ssl,pki,crypto-policies | 33 | private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 115444e0f..32a269fd3 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | private-bin mediainfo | 34 | private-bin mediainfo |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc none | 37 | private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/min.profile b/etc/min.profile index 80baedff7..6101ac2e6 100644 --- a/etc/min.profile +++ b/etc/min.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 48 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
49 | private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache | 49 | private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # memory-deny-write-execute | 52 | # memory-deny-write-execute |
diff --git a/etc/minetest.profile b/etc/minetest.profile index 17b39f7c6..aa50847ea 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
@@ -38,7 +38,7 @@ disable-mnt | |||
38 | private-bin minetest | 38 | private-bin minetest |
39 | private-dev | 39 | private-dev |
40 | # private-etc needs to be updated, see #1702 | 40 | # private-etc needs to be updated, see #1702 |
41 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 41 | #private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 6c8cb213f..6334ecd41 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin bash,fonts,env,jak,ms-office,python*,sh | 39 | private-bin bash,fonts,env,jak,ms-office,python*,sh |
40 | private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies | 40 | private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 011e85c0e..59ad36305 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | # private-bin mupdf,sh,tempfile,rm | 38 | # private-bin mupdf,sh,tempfile,rm |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts | 40 | private-etc alternatives,fonts |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | # mupdf will never write anything | 43 | # mupdf will never write anything |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index d5fde525e..54d9fb16e 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -21,7 +21,7 @@ nodvd | |||
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nogroups | 24 | nogroups |
25 | nosound | 25 | nosound |
26 | notv | 26 | notv |
27 | nou2f | 27 | nou2f |
@@ -31,7 +31,7 @@ seccomp | |||
31 | 31 | ||
32 | disable-mnt | 32 | disable-mnt |
33 | private-dev | 33 | private-dev |
34 | private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 34 | private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
35 | 35 | ||
36 | noexec ${HOME} | 36 | noexec ${HOME} |
37 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/mypaint-ora-thumbnailer.profile b/etc/mypaint-ora-thumbnailer.profile new file mode 100644 index 000000000..59b3024ed --- /dev/null +++ b/etc/mypaint-ora-thumbnailer.profile | |||
@@ -0,0 +1,5 @@ | |||
1 | # Firejail profile alias for mypaint-ora-thumbnailer | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | # Redirect | ||
5 | include mypaint.profile | ||
diff --git a/etc/mypaint.profile b/etc/mypaint.profile new file mode 100644 index 000000000..21fd841cf --- /dev/null +++ b/etc/mypaint.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for mypaint | ||
2 | # Description: A fast and easy graphics application for digital painters | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include mypaint.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/mypaint | ||
10 | noblacklist ${HOME}/.config/mypaint | ||
11 | noblacklist ${HOME}/.local/share/mypaint | ||
12 | noblacklist ${PATH}/python2* | ||
13 | noblacklist /usr/lib/python2* | ||
14 | noblacklist ${PICTURES} | ||
15 | |||
16 | include disable-common.inc | ||
17 | include disable-devel.inc | ||
18 | include disable-interpreters.inc | ||
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | machine-id | ||
26 | net none | ||
27 | no3d | ||
28 | nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | private-cache | ||
43 | private-dev | ||
44 | private-etc alternatives,fonts,gtk-3.0,dconf | ||
45 | private-tmp | ||
46 | |||
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 13fe9a9e1..b5e65e3ee 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -42,5 +42,5 @@ tracelog | |||
42 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files | 42 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files |
43 | # private-bin nautilus | 43 | # private-bin nautilus |
44 | # private-dev | 44 | # private-dev |
45 | # private-etc fonts | 45 | # private-etc alternatives,fonts |
46 | # private-tmp | 46 | # private-tmp |
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index 67c651429..bf8fff7cd 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui | 41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl | 44 | private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl |
45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare | 45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/nyx.profile b/etc/nyx.profile new file mode 100644 index 000000000..2a078ef0f --- /dev/null +++ b/etc/nyx.profile | |||
@@ -0,0 +1,51 @@ | |||
1 | # Firejail profile for nyx | ||
2 | # Description: Command-line status monitor for tor | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include nyx.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${PATH}/python2* | ||
10 | noblacklist ${PATH}/python3* | ||
11 | noblacklist /usr/lib/python2* | ||
12 | noblacklist /usr/lib/python3* | ||
13 | |||
14 | noblacklist ${HOME}/.nyx | ||
15 | mkdir ${HOME}/.nyx | ||
16 | whitelist ${HOME}/.nyx | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-interpreters.inc | ||
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | ||
23 | include disable-xdg.inc | ||
24 | |||
25 | caps.drop all | ||
26 | netfilter | ||
27 | no3d | ||
28 | nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix,inet,inet6 | ||
38 | seccomp | ||
39 | shell none | ||
40 | |||
41 | disable-mnt | ||
42 | private-bin nyx,python* | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-etc alternatives,passwd,tor,fonts | ||
46 | private-opt none | ||
47 | private-srv none | ||
48 | private-tmp | ||
49 | |||
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index 10f3f68a6..4a4fa828d 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin ocenaudio | 43 | private-bin ocenaudio |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc asound.conf,fonts,ld.so.cache,pulse | 46 | private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse |
47 | # private-lib | 47 | # private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 3a1369b83..3e1739bf9 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -37,6 +37,6 @@ tracelog | |||
37 | private-bin odt2txt | 37 | private-bin odt2txt |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc none | 40 | private-etc alternatives |
41 | private-tmp | 41 | private-tmp |
42 | read-only ${HOME} | 42 | read-only ${HOME} |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 108398104..bff42fb19 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | # private-bin open-invaders | 34 | # private-bin open-invaders |
35 | private-dev | 35 | private-dev |
36 | # private-etc none | 36 | # private-etc alternatives |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/parole.profile b/etc/parole.profile index 9ad59d2e6..69ed5a2ca 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -27,4 +27,4 @@ shell none | |||
27 | 27 | ||
28 | private-bin parole,dbus-launch | 28 | private-bin parole,dbus-launch |
29 | private-cache | 29 | private-cache |
30 | private-etc passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 30 | private-etc alternatives,passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index f0db20b74..d9f721578 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | 34 | ||
35 | private-bin pdfchain,pdftk,sh | 35 | private-bin pdfchain,pdftk,sh |
36 | private-dev | 36 | private-dev |
37 | private-etc dconf,fonts,gtk-3.0,xdg | 37 | private-etc alternatives,dconf,fonts,gtk-3.0,xdg |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 6b2b0fba5..85e28372e 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -38,5 +38,5 @@ tracelog | |||
38 | 38 | ||
39 | private-bin pdftotext | 39 | private-bin pdftotext |
40 | private-dev | 40 | private-dev |
41 | private-etc none | 41 | private-etc alternatives |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/pingus.profile b/etc/pingus.profile index f071e664f..6b664248f 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | # private-bin pingus | 34 | # private-bin pingus |
35 | private-dev | 35 | private-dev |
36 | # private-etc none | 36 | # private-etc alternatives |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/pluma.profile b/etc/pluma.profile index 35b141c1a..a8b1e4cc6 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -37,10 +37,12 @@ tracelog | |||
37 | 37 | ||
38 | private-bin pluma | 38 | private-bin pluma |
39 | private-dev | 39 | private-dev |
40 | # private-etc fonts | 40 | # private-etc alternatives,fonts |
41 | private-lib pluma | 41 | private-lib pluma |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | noexec ${HOME} | 45 | noexec ${HOME} |
46 | noexec /tmp | 46 | noexec /tmp |
47 | |||
48 | join-or-start pluma | ||
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index fc37e6fd2..0c8bfa770 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | # private-dev is disabled to allow controller support | 38 | # private-dev is disabled to allow controller support |
39 | #private-dev | 39 | #private-dev |
40 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 40 | private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
41 | private-opt ppsspp | 41 | private-opt ppsspp |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index c98f34e77..92cae0f97 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat | 43 | private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat |
44 | private-dev | 44 | private-dev |
45 | private-etc PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies | 45 | private-etc alternatives,PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | noexec ${HOME} | 48 | noexec ${HOME} |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index bb948a971..bfe8b614e 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
@@ -32,7 +32,7 @@ novideo | |||
32 | shell none | 32 | shell none |
33 | tracelog | 33 | tracelog |
34 | 34 | ||
35 | # private-etc fonts,passwd - minimal required to run but will probably break | 35 | # private-etc alternatives,fonts,passwd - minimal required to run but will probably break |
36 | # program! | 36 | # program! |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index b6b94c703..0420d38e9 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -53,7 +53,7 @@ shell none | |||
53 | 53 | ||
54 | private-bin qbittorrent,python* | 54 | private-bin qbittorrent,python* |
55 | private-dev | 55 | private-dev |
56 | # private-etc X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 56 | # private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
57 | # private-lib - problems on Arch | 57 | # private-lib - problems on Arch |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index b6cb9772a..3dc4c6a30 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin qtox | 38 | private-bin qtox |
39 | private-etc fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse | 39 | private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index ce0816114..e6c441e27 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin quiterss | 48 | private-bin quiterss |
49 | private-dev | 49 | private-dev |
50 | # private-etc X11,ssl,pki,ca-certificates,crypto-policies | 50 | # private-etc alternatives,X11,ssl,pki,ca-certificates,crypto-policies |
51 | 51 | ||
52 | noexec ${HOME} | 52 | noexec ${HOME} |
53 | noexec /tmp | 53 | noexec /tmp |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index efee6ce84..eef0c8fa6 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -34,7 +34,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
34 | # tracelog | 34 | # tracelog |
35 | 35 | ||
36 | private-dev | 36 | private-dev |
37 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies |
38 | # private-tmp - interferes with the opening of downloaded files | 38 | # private-tmp - interferes with the opening of downloaded files |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index cbdc28cf6..a67d6b7ca 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin ricochet,tor | 37 | private-bin ricochet,tor |
38 | private-dev | 38 | private-dev |
39 | #private-etc fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies | 39 | #private-etc alternatives,fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
42 | noexec /tmp | 42 | noexec /tmp |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 8cb291ba6..d92c62a52 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -50,4 +50,4 @@ seccomp | |||
50 | tracelog | 50 | tracelog |
51 | 51 | ||
52 | disable-mnt | 52 | disable-mnt |
53 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies | 53 | # private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/server.profile b/etc/server.profile index 3526e88ab..8da4853e7 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -43,7 +43,7 @@ private | |||
43 | # private-bin program | 43 | # private-bin program |
44 | # private-cache | 44 | # private-cache |
45 | private-dev | 45 | private-dev |
46 | # private-etc none | 46 | # private-etc alternatives |
47 | # private-lib | 47 | # private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 85cb00ef1..4ad841880 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -33,5 +33,5 @@ tracelog | |||
33 | 33 | ||
34 | # private-bin simple-scan | 34 | # private-bin simple-scan |
35 | # private-dev | 35 | # private-dev |
36 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 36 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
37 | # private-tmp | 37 | # private-tmp |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index a4e4d892c..c07b1c145 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | # private-bin simutrans | 34 | # private-bin simutrans |
35 | private-dev | 35 | private-dev |
36 | # private-etc none | 36 | # private-etc alternatives |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/slack.profile b/etc/slack.profile index 995d49687..841998b0e 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -37,5 +37,5 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin slack,locale | 38 | private-bin slack,locale |
39 | private-dev | 39 | private-dev |
40 | private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id | 40 | private-etc alternatives,asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 14f9f5228..60d15735d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin spotify,bash,sh,zenity | 47 | private-bin spotify,bash,sh,zenity |
48 | private-dev | 48 | private-dev |
49 | private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies | 49 | private-etc alternatives,fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies |
50 | private-opt spotify | 50 | private-opt spotify |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 4486c8869..0a4d38dbe 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -38,7 +38,7 @@ seccomp | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | private-etc ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg | 41 | private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
44 | noexec /tmp | 44 | noexec /tmp |
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index d3b0b27e3..b0cb52a0f 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf | 35 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 37 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec /tmp | 40 | noexec /tmp |
diff --git a/etc/steam.profile b/etc/steam.profile index 775b6c875..9d348347e 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -74,5 +74,5 @@ shell none | |||
74 | # private-dev should be commented for controllers | 74 | # private-dev should be commented for controllers |
75 | private-dev | 75 | private-dev |
76 | # private-etc breaks a small selection of games on some systems, comment to support those | 76 | # private-etc breaks a small selection of games on some systems, comment to support those |
77 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release | 77 | private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release |
78 | private-tmp | 78 | private-tmp |
diff --git a/etc/strings.profile b/etc/strings.profile index f243606ec..3ef3ffcb1 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -24,7 +24,7 @@ tracelog | |||
24 | private-bin strings | 24 | private-bin strings |
25 | private-cache | 25 | private-cache |
26 | private-dev | 26 | private-dev |
27 | private-etc none | 27 | private-etc alternatives |
28 | private-lib | 28 | private-lib |
29 | 29 | ||
30 | memory-deny-write-execute | 30 | memory-deny-write-execute |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index fc523ce0a..793e4126c 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -34,5 +34,5 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | # private-bin supertux2 | 35 | # private-bin supertux2 |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 9f65a2fa1..696ac4de0 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin supertuxkart | 46 | private-bin supertuxkart |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux | 49 | private-etc alternatives,resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux |
50 | private-tmp | 50 | private-tmp |
51 | private-opt none | 51 | private-opt none |
52 | private-srv none | 52 | private-srv none |
diff --git a/etc/surf.profile b/etc/surf.profile index 3a1b1f383..4fad4a81d 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
@@ -32,7 +32,7 @@ tracelog | |||
32 | disable-mnt | 32 | disable-mnt |
33 | private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop | 33 | private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop |
34 | private-dev | 34 | private-dev |
35 | private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies | 35 | private-etc alternatives,passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | noexec ${HOME} | 38 | noexec ${HOME} |
diff --git a/etc/tar.profile b/etc/tar.profile index 9a5f00f65..d228051e8 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -26,7 +26,7 @@ tracelog | |||
26 | # support compressed archives | 26 | # support compressed archives |
27 | private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | 27 | private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop |
28 | private-dev | 28 | private-dev |
29 | private-etc passwd,group,localtime | 29 | private-etc alternatives,passwd,group,localtime |
30 | private-lib | 30 | private-lib |
31 | 31 | ||
32 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 32 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
diff --git a/etc/terasology.profile b/etc/terasology.profile index 22038e0b4..43865b6fb 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | 44 | ||
45 | disable-mnt | 45 | disable-mnt |
46 | private-dev | 46 | private-dev |
47 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies | 47 | private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index db563b25c..c3358a9e8 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -44,4 +44,4 @@ writable-run-user | |||
44 | # Redirect | 44 | # Redirect |
45 | # Uncomment if you use enigmail | 45 | # Uncomment if you use enigmail |
46 | # ignore nodbus | 46 | # ignore nodbus |
47 | include firefox.profile | 47 | include firefox-common.profile |
diff --git a/etc/tilp.profile b/etc/tilp.profile index ecacd1deb..2643c9a84 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile | |||
@@ -29,7 +29,7 @@ tracelog | |||
29 | disable-mnt | 29 | disable-mnt |
30 | private-bin tilp | 30 | private-bin tilp |
31 | private-cache | 31 | private-cache |
32 | private-etc fonts | 32 | private-etc alternatives,fonts |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | noexec ${HOME} | 35 | noexec ${HOME} |
diff --git a/etc/tor.profile b/etc/tor.profile index 04a6c3abb..418352639 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -46,7 +46,7 @@ private | |||
46 | private-bin tor,bash | 46 | private-bin tor,bash |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies | 49 | private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | noexec ${HOME} | 52 | noexec ${HOME} |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index a9244683f..2b1cc6549 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -49,7 +49,7 @@ shell none | |||
49 | disable-mnt | 49 | disable-mnt |
50 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz | 50 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz |
51 | private-dev | 51 | private-dev |
52 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 52 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | noexec /tmp | 55 | noexec /tmp |
diff --git a/etc/totem.profile b/etc/totem.profile index 3055ea542..fd473b03c 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -36,7 +36,7 @@ private-bin totem | |||
36 | # totem needs access to ~/.cache/tracker or it exits | 36 | # totem needs access to ~/.cache/tracker or it exits |
37 | #private-cache | 37 | #private-cache |
38 | private-dev | 38 | private-dev |
39 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 39 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/tracker.profile b/etc/tracker.profile index 6d86b2951..c1779ae3e 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -33,5 +33,5 @@ tracelog | |||
33 | 33 | ||
34 | # private-bin tracker | 34 | # private-bin tracker |
35 | # private-dev | 35 | # private-dev |
36 | # private-etc fonts | 36 | # private-etc alternatives,fonts |
37 | # private-tmp | 37 | # private-tmp |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 81b52ec7c..89b9b21dc 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | 33 | ||
34 | # private-bin transmission-cli | 34 | # private-bin transmission-cli |
35 | private-dev | 35 | private-dev |
36 | private-etc ca-certificates,ssl,pki,crypto-policies | 36 | private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | memory-deny-write-execute | 39 | memory-deny-write-execute |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 248eb977e..6154ad15b 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -31,5 +31,5 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | private-dev | 33 | private-dev |
34 | private-etc none | 34 | private-etc alternatives |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index f62f018a6..36d1319d1 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -29,5 +29,5 @@ shell none | |||
29 | 29 | ||
30 | # private-bin unknown-horizons | 30 | # private-bin unknown-horizons |
31 | private-dev | 31 | private-dev |
32 | # private-etc ca-certificates,ssl,pki,crypto-policies | 32 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 00fe0887b..bc5fced9f 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -25,7 +25,7 @@ tracelog | |||
25 | 25 | ||
26 | private-bin unrar | 26 | private-bin unrar |
27 | private-dev | 27 | private-dev |
28 | private-etc passwd,group,localtime | 28 | private-etc alternatives,passwd,group,localtime |
29 | private-tmp | 29 | private-tmp |
30 | 30 | ||
31 | include default.profile | 31 | include default.profile |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 8e659c256..1859a2248 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -25,7 +25,7 @@ tracelog | |||
25 | 25 | ||
26 | private-bin unzip | 26 | private-bin unzip |
27 | private-dev | 27 | private-dev |
28 | private-etc passwd,group,localtime | 28 | private-etc alternatives,passwd,group,localtime |
29 | 29 | ||
30 | # GNOME Shell integration (chrome-gnome-shell) | 30 | # GNOME Shell integration (chrome-gnome-shell) |
31 | noblacklist ${HOME}/.local/share/gnome-shell | 31 | noblacklist ${HOME}/.local/share/gnome-shell |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 3bd0ebe70..9710b1b9f 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -23,6 +23,6 @@ tracelog | |||
23 | private-bin uudeview | 23 | private-bin uudeview |
24 | private-cache | 24 | private-cache |
25 | private-dev | 25 | private-dev |
26 | private-etc ld.so.preload | 26 | private-etc alternatives,ld.so.preload |
27 | 27 | ||
28 | include default.profile | 28 | include default.profile |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 4c22f8e6f..94b6c2052 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | private-bin viewnior | 38 | private-bin viewnior |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts | 41 | private-etc alternatives,fonts |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | # memory-deny-write-executes breaks on Arch - see issue #1808 | 44 | # memory-deny-write-executes breaks on Arch - see issue #1808 |
diff --git a/etc/w3m.profile b/etc/w3m.profile index c03df49cd..143ac4f63 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | # private-bin w3m | 36 | # private-bin w3m |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies | 39 | private-etc alternatives,resolv.conf,ssl,pki,ca-certificates,crypto-policies |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 9a25727a9..4979e8186 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile | |||
@@ -18,10 +18,10 @@ noblacklist ${PATH}/node | |||
18 | noblacklist ${HOME}/.nvm | 18 | noblacklist ${HOME}/.nvm |
19 | 19 | ||
20 | include disable-common.inc | 20 | include disable-common.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | ||
23 | include disable-devel.inc | 21 | include disable-devel.inc |
24 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | ||
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
diff --git a/etc/wget.profile b/etc/wget.profile index 87c0501da..c0a6f0d21 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | 35 | ||
36 | # private-bin wget | 36 | # private-bin wget |
37 | private-dev | 37 | private-dev |
38 | # private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | # private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | # private-tmp | 39 | # private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/whois.profile b/etc/whois.profile index 78236c02f..0e9eb05a5 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -38,7 +38,7 @@ private | |||
38 | private-bin sh,bash,whois | 38 | private-bin sh,bash,whois |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | # private-etc hosts,services,whois.conf | 41 | # private-etc alternatives,hosts,services,whois.conf |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index f464a2fb9..e974e4304 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -37,5 +37,5 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin wire-desktop | 38 | private-bin wire-desktop |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 40 | private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 4f1142826..a08b97d05 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | 45 | ||
46 | # private-bin wireshark | 46 | # private-bin wireshark |
47 | private-dev | 47 | private-dev |
48 | # private-etc fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies | 48 | # private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | noexec ${HOME} | 51 | noexec ${HOME} |
diff --git a/etc/xed.profile b/etc/xed.profile index 7dffae05a..cd565f684 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | 42 | ||
43 | private-bin xed | 43 | private-bin xed |
44 | private-dev | 44 | private-dev |
45 | # private-etc fonts | 45 | # private-etc alternatives,fonts |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # xed uses python plugins, memory-deny-write-execute breaks python | 48 | # xed uses python plugins, memory-deny-write-execute breaks python |
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 3dc525755..1cb7f568a 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
@@ -29,5 +29,5 @@ tracelog | |||
29 | 29 | ||
30 | # private-bin xfburn | 30 | # private-bin xfburn |
31 | # private-dev | 31 | # private-dev |
32 | # private-etc fonts | 32 | # private-etc alternatives,fonts |
33 | # private-tmp | 33 | # private-tmp |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 6adfcd819..3ad03e2c6 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -38,5 +38,5 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xiphos | 39 | private-bin xiphos |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies | 41 | private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 25b2b8c91..99c9676b8 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private ${HOME}/.xmr-stak | 37 | private ${HOME}/.xmr-stak |
38 | private-bin xmr-stak | 38 | private-bin xmr-stak |
39 | private-dev | 39 | private-dev |
40 | private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
41 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend | 41 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend |
42 | private-opt cuda | 42 | private-opt cuda |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 054cf4896..9d422a01e 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl | 37 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl |
38 | private-dev | 38 | private-dev |
39 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 39 | private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index b8297295a..0df879d7c 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 41 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
42 | private-dev | 42 | private-dev |
43 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 43 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | noexec ${HOME} | 46 | noexec ${HOME} |
diff --git a/etc/xpra.profile b/etc/xpra.profile index 23f3294bd..2ff6c2a5d 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -52,5 +52,5 @@ shell none | |||
52 | # older Xpra versions also use Xvfb | 52 | # older Xpra versions also use Xvfb |
53 | # private-bin xpra,python*,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls | 53 | # private-bin xpra,python*,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls |
54 | private-dev | 54 | private-dev |
55 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 | 55 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 |
56 | private-tmp | 56 | private-tmp |
diff --git a/etc/xreader.profile b/etc/xreader.profile index a879e8b04..e0a3ddee3 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xreader,xreader-previewer,xreader-thumbnailer | 39 | private-bin xreader,xreader-previewer,xreader-thumbnailer |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts,ld.so.cache | 41 | private-etc alternatives,fonts,ld.so.cache |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index e6185807e..c73630053 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xviewer | 39 | private-bin xviewer |
40 | private-dev | 40 | private-dev |
41 | #private-etc fonts | 41 | #private-etc alternatives,fonts |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 2eee47fa0..922284353 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | private-bin zathura | 35 | private-bin zathura |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc fonts,machine-id | 38 | private-etc alternatives,fonts,machine-id |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | read-only ${HOME}/ | 41 | read-only ${HOME}/ |
diff --git a/src/common.mk.in b/src/common.mk.in index 7a2056e7b..b9af977ae 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -32,4 +32,3 @@ CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV | |||
32 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 32 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
33 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | 33 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ |
34 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | 34 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ |
35 | |||
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index c865ee929..4feb8d9bc 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -314,4 +314,3 @@ void build_dev(const char *fname, FILE *fp) { | |||
314 | fprintf(fp, "\n"); | 314 | fprintf(fp, "\n"); |
315 | } | 315 | } |
316 | } | 316 | } |
317 | |||
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c index 8a2268b3b..6fe4c56d8 100644 --- a/src/fbuilder/build_seccomp.c +++ b/src/fbuilder/build_seccomp.c | |||
@@ -189,4 +189,3 @@ void build_protocol(const char *fname, FILE *fp) { | |||
189 | fprintf(fp, "netfilter\n"); | 189 | fprintf(fp, "netfilter\n"); |
190 | } | 190 | } |
191 | } | 191 | } |
192 | |||
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 811750bd0..66bf8c544 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
@@ -67,4 +67,4 @@ FileDB *filedb_add(FileDB *head, const char *fname); | |||
67 | FileDB *filedb_find(FileDB *head, const char *fname); | 67 | FileDB *filedb_find(FileDB *head, const char *fname); |
68 | void filedb_print(FileDB *head, const char *prefix, FILE *fp); | 68 | void filedb_print(FileDB *head, const char *prefix, FILE *fp); |
69 | 69 | ||
70 | #endif \ No newline at end of file | 70 | #endif |
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index ac2837373..89fe72c29 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c | |||
@@ -76,4 +76,3 @@ void filedb_print(FileDB *head, const char *prefix, FILE *fp) { | |||
76 | ptr = ptr->next; | 76 | ptr = ptr->next; |
77 | } | 77 | } |
78 | } | 78 | } |
79 | |||
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 7a4df83dd..525d9b6f9 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
@@ -322,5 +322,3 @@ void fix_desktop_files(char *homedir) { | |||
322 | closedir(dir); | 322 | closedir(dir); |
323 | free(user_apps_dir); | 323 | free(user_apps_dir); |
324 | } | 324 | } |
325 | |||
326 | |||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index f4d5b71d4..47b20006d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -94,6 +94,7 @@ code | |||
94 | conkeror | 94 | conkeror |
95 | conky | 95 | conky |
96 | corebird | 96 | corebird |
97 | crow | ||
97 | cvlc | 98 | cvlc |
98 | cyberfox | 99 | cyberfox |
99 | darktable | 100 | darktable |
@@ -200,6 +201,7 @@ google-chrome-beta | |||
200 | google-chrome-stable | 201 | google-chrome-stable |
201 | google-chrome-unstable | 202 | google-chrome-unstable |
202 | google-earth | 203 | google-earth |
204 | google-earth-pro | ||
203 | google-play-music-desktop-player | 205 | google-play-music-desktop-player |
204 | gpa | 206 | gpa |
205 | gpicview | 207 | gpicview |
@@ -310,6 +312,8 @@ mupen64plus | |||
310 | musescore | 312 | musescore |
311 | musixmatch | 313 | musixmatch |
312 | mutt | 314 | mutt |
315 | mypaint | ||
316 | mypaint-ora-thumbnailer | ||
313 | natron | 317 | natron |
314 | #nautilus - removed in order to let the application start in a new sandbox when clicking on icons in the file manager | 318 | #nautilus - removed in order to let the application start in a new sandbox when clicking on icons in the file manager |
315 | ncdu | 319 | ncdu |
@@ -318,6 +322,7 @@ neverball | |||
318 | nheko | 322 | nheko |
319 | nitroshare | 323 | nitroshare |
320 | nylas | 324 | nylas |
325 | nyx | ||
321 | obs | 326 | obs |
322 | ocenaudio | 327 | ocenaudio |
323 | odt2txt | 328 | odt2txt |
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h index 2b1c45d40..e847719cf 100644 --- a/src/firecfg/firecfg.h +++ b/src/firecfg/firecfg.h | |||
@@ -48,4 +48,3 @@ void sound(void); | |||
48 | 48 | ||
49 | // desktop_files.c | 49 | // desktop_files.c |
50 | void fix_desktop_files(char *homedir); | 50 | void fix_desktop_files(char *homedir); |
51 | |||
diff --git a/src/firecfg/sound.c b/src/firecfg/sound.c index c54394c22..2d38e4cfb 100644 --- a/src/firecfg/sound.c +++ b/src/firecfg/sound.c | |||
@@ -65,4 +65,3 @@ errexit: | |||
65 | fprintf(stderr, "Error: cannot configure sound file\n"); | 65 | fprintf(stderr, "Error: cannot configure sound file\n"); |
66 | exit(1); | 66 | exit(1); |
67 | } | 67 | } |
68 | |||
diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index 7c50dd5e2..9923190b5 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c | |||
@@ -308,8 +308,3 @@ void fslib_install_system(void) { | |||
308 | ptr++; | 308 | ptr++; |
309 | } | 309 | } |
310 | } | 310 | } |
311 | |||
312 | |||
313 | |||
314 | |||
315 | |||
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 4867e6e54..6a199469a 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -378,4 +378,4 @@ void net_print(pid_t pid) { | |||
378 | 378 | ||
379 | enter_network_namespace(pid); | 379 | enter_network_namespace(pid); |
380 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, PATH_FNET_MAIN, "printif"); | 380 | sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, PATH_FNET_MAIN, "printif"); |
381 | } \ No newline at end of file | 381 | } |
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index 160d6245f..905cc0f15 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c | |||
@@ -189,4 +189,3 @@ void preproc_clean_run(void) { | |||
189 | 189 | ||
190 | free(pidarr); | 190 | free(pidarr); |
191 | } | 191 | } |
192 | |||
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index b70394bc8..24b3665fc 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -52,15 +52,17 @@ void shut(pid_t pid) { | |||
52 | printf("Sending SIGTERM to %u\n", pid); | 52 | printf("Sending SIGTERM to %u\n", pid); |
53 | kill(pid, SIGTERM); | 53 | kill(pid, SIGTERM); |
54 | 54 | ||
55 | // wait for not more than 10 seconds | 55 | // wait for not more than 11 seconds |
56 | sleep(2); | 56 | int monsec = 11; |
57 | int monsec = 8; | ||
58 | char *monfile; | 57 | char *monfile; |
59 | if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1) | 58 | if (asprintf(&monfile, "/proc/%d/cmdline", pid) == -1) |
60 | errExit("asprintf"); | 59 | errExit("asprintf"); |
61 | int killdone = 0; | 60 | int killdone = 0; |
62 | 61 | ||
63 | while (monsec) { | 62 | while (monsec) { |
63 | sleep(1); | ||
64 | monsec--; | ||
65 | |||
64 | FILE *fp = fopen(monfile, "r"); | 66 | FILE *fp = fopen(monfile, "r"); |
65 | if (!fp) { | 67 | if (!fp) { |
66 | killdone = 1; | 68 | killdone = 1; |
@@ -75,9 +77,6 @@ void shut(pid_t pid) { | |||
75 | killdone = 1; | 77 | killdone = 1; |
76 | break; | 78 | break; |
77 | } | 79 | } |
78 | |||
79 | sleep(1); | ||
80 | monsec--; | ||
81 | } | 80 | } |
82 | free(monfile); | 81 | free(monfile); |
83 | 82 | ||
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h index 76126d734..279118bee 100644 --- a/src/fsec-optimize/fsec_optimize.h +++ b/src/fsec-optimize/fsec_optimize.h | |||
@@ -27,4 +27,4 @@ | |||
27 | struct sock_filter *duplicate(struct sock_filter *filter, int entries); | 27 | struct sock_filter *duplicate(struct sock_filter *filter, int entries); |
28 | int optimize(struct sock_filter * filter, int entries); | 28 | int optimize(struct sock_filter * filter, int entries); |
29 | 29 | ||
30 | #endif \ No newline at end of file | 30 | #endif |
diff --git a/src/fsec-optimize/optimizer.c b/src/fsec-optimize/optimizer.c index f9e4b6a6c..69b99f595 100644 --- a/src/fsec-optimize/optimizer.c +++ b/src/fsec-optimize/optimizer.c | |||
@@ -133,4 +133,3 @@ struct sock_filter *duplicate(struct sock_filter *filter, int entries) { | |||
133 | memcpy(rv, filter, len); | 133 | memcpy(rv, filter, len); |
134 | return rv; | 134 | return rv; |
135 | } | 135 | } |
136 | |||
diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h index 0a40c09ed..777bc609a 100644 --- a/src/fsec-print/fsec_print.h +++ b/src/fsec-print/fsec_print.h | |||
@@ -29,4 +29,4 @@ void print(struct sock_filter *filter, int entries); | |||
29 | // syscall_list.c | 29 | // syscall_list.c |
30 | const char *syscall_find_nr(int nr); | 30 | const char *syscall_find_nr(int nr); |
31 | 31 | ||
32 | #endif \ No newline at end of file | 32 | #endif |
diff --git a/src/fsec-print/print.c b/src/fsec-print/print.c index d58ce2df9..8a5d69120 100644 --- a/src/fsec-print/print.c +++ b/src/fsec-print/print.c | |||
@@ -330,4 +330,3 @@ void print(struct sock_filter *filter, int entries) { | |||
330 | printf("\n"); | 330 | printf("\n"); |
331 | } | 331 | } |
332 | } | 332 | } |
333 | |||
diff --git a/src/include/ldd_utils.h b/src/include/ldd_utils.h index e5ec67171..c9e8b4098 100644 --- a/src/include/ldd_utils.h +++ b/src/include/ldd_utils.h | |||
@@ -43,4 +43,4 @@ int is_lib_64(const char *exe); | |||
43 | 43 | ||
44 | 44 | ||
45 | 45 | ||
46 | #endif \ No newline at end of file | 46 | #endif |
diff --git a/test/apps/apps.sh b/test/apps/apps.sh index 01546d104..c239ed8b8 100755 --- a/test/apps/apps.sh +++ b/test/apps/apps.sh | |||
@@ -19,4 +19,3 @@ for app in $LIST; do | |||
19 | echo "TESTING SKIP: $app not found" | 19 | echo "TESTING SKIP: $app not found" |
20 | fi | 20 | fi |
21 | done | 21 | done |
22 | |||
diff --git a/test/filters/memwrexe.c b/test/filters/memwrexe.c index 7e14aa23d..b43b232d1 100644 --- a/test/filters/memwrexe.c +++ b/test/filters/memwrexe.c | |||
@@ -20,7 +20,7 @@ int main(int argc, char **argv) { | |||
20 | usage(); | 20 | usage(); |
21 | return 1; | 21 | return 1; |
22 | } | 22 | } |
23 | 23 | ||
24 | if (strcmp(argv[1], "mmap") == 0) { | 24 | if (strcmp(argv[1], "mmap") == 0) { |
25 | // open some file | 25 | // open some file |
26 | int fd = open("memwrexe.c", O_RDONLY); | 26 | int fd = open("memwrexe.c", O_RDONLY); |
@@ -28,13 +28,13 @@ int main(int argc, char **argv) { | |||
28 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | 28 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); |
29 | return 1; | 29 | return 1; |
30 | } | 30 | } |
31 | 31 | ||
32 | int size = lseek(fd, 0, SEEK_END); | 32 | int size = lseek(fd, 0, SEEK_END); |
33 | if (size == -1) { | 33 | if (size == -1) { |
34 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | 34 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); |
35 | return 1; | 35 | return 1; |
36 | } | 36 | } |
37 | 37 | ||
38 | void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0); | 38 | void *p = mmap (0, size, PROT_WRITE|PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0); |
39 | printf("mmap successful\n"); | 39 | printf("mmap successful\n"); |
40 | 40 | ||
@@ -51,19 +51,19 @@ int main(int argc, char **argv) { | |||
51 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | 51 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); |
52 | return 1; | 52 | return 1; |
53 | } | 53 | } |
54 | 54 | ||
55 | int size = lseek(fd, 0, SEEK_END); | 55 | int size = lseek(fd, 0, SEEK_END); |
56 | if (size == -1) { | 56 | if (size == -1) { |
57 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); | 57 | fprintf(stderr, "TESTING ERROR: file not found, cannot run mmap test\n"); |
58 | return 1; | 58 | return 1; |
59 | } | 59 | } |
60 | 60 | ||
61 | void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0); | 61 | void *p = mmap (0, size, PROT_READ, MAP_SHARED, fd, 0); |
62 | if (!p) { | 62 | if (!p) { |
63 | fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n"); | 63 | fprintf(stderr, "TESTING ERROR: cannot map file for mprotect test\n"); |
64 | return 1; | 64 | return 1; |
65 | } | 65 | } |
66 | 66 | ||
67 | mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC); | 67 | mprotect(p, size, PROT_READ|PROT_WRITE|PROT_EXEC); |
68 | printf("mprotect successful\n"); | 68 | printf("mprotect successful\n"); |
69 | 69 | ||
@@ -73,4 +73,3 @@ int main(int argc, char **argv) { | |||
73 | return 0; | 73 | return 0; |
74 | } | 74 | } |
75 | } | 75 | } |
76 | \ No newline at end of file | ||
diff --git a/test/fnetfilter/test1.net b/test/fnetfilter/test1.net index e60127373..ce21f20c2 100644 --- a/test/fnetfilter/test1.net +++ b/test/fnetfilter/test1.net | |||
@@ -16,4 +16,3 @@ | |||
16 | -A OUTPUT -p tcp --dport 3478 -j DROP | 16 | -A OUTPUT -p tcp --dport 3478 -j DROP |
17 | -A OUTPUT -p tcp --dport 3479 -j DROP | 17 | -A OUTPUT -p tcp --dport 3479 -j DROP |
18 | COMMIT | 18 | COMMIT |
19 | |||
diff --git a/test/fnetfilter/test2.net b/test/fnetfilter/test2.net index a02785413..f389cd16d 100644 --- a/test/fnetfilter/test2.net +++ b/test/fnetfilter/test2.net | |||
@@ -9,11 +9,10 @@ | |||
9 | #-A INPUT -p icmp --$ARG1 echo-reply -j ACCEPT | 9 | #-A INPUT -p icmp --$ARG1 echo-reply -j ACCEPT |
10 | -A INPUT -p icmp --$ARG1 $ARG2 -j ACCEPT | 10 | -A INPUT -p icmp --$ARG1 $ARG2 -j ACCEPT |
11 | -A INPUT -p icmp --$ARG1 $ARG3 -j ACCEPT | 11 | -A INPUT -p icmp --$ARG1 $ARG3 -j ACCEPT |
12 | -A INPUT -p icmp --$ARG1 $ARG4 -j ACCEPT | 12 | -A INPUT -p icmp --$ARG1 $ARG4 -j ACCEPT |
13 | # disable STUN | 13 | # disable STUN |
14 | -A OUTPUT -p udp --dport $ARG5 -j DROP | 14 | -A OUTPUT -p udp --dport $ARG5 -j DROP |
15 | -A OUTPUT -p udp --dport $ARG6 -j DROP | 15 | -A OUTPUT -p udp --dport $ARG6 -j DROP |
16 | -A OUTPUT -p tcp --dport $ARG5 -j DROP | 16 | -A OUTPUT -p tcp --dport $ARG5 -j DROP |
17 | -A OUTPUT -p tcp --dport $ARG6 -j DROP | 17 | -A OUTPUT -p tcp --dport $ARG6 -j DROP |
18 | COMMIT | 18 | COMMIT |
19 | |||
diff --git a/test/hidepid-howto b/test/hidepid-howto index f207c9109..0fa1e5d86 100644 --- a/test/hidepid-howto +++ b/test/hidepid-howto | |||
@@ -23,5 +23,3 @@ $ cat /proc/mounts | grep proc | |||
23 | proc /proc proc rw,nosuid,nodev,noexec,relatime,gid=618,hidepid=2 0 0 | 23 | proc /proc proc rw,nosuid,nodev,noexec,relatime,gid=618,hidepid=2 0 0 |
24 | 24 | ||
25 | 3. Test "firejail --list", "firejail --top", "firejail --tree", "firejail --netstats" | 25 | 3. Test "firejail --list", "firejail --top", "firejail --tree", "firejail --netstats" |
26 | |||
27 | |||
diff --git a/test/network/tcpserver.c b/test/network/tcpserver.c index e8f89b097..9de965858 100644 --- a/test/network/tcpserver.c +++ b/test/network/tcpserver.c | |||
@@ -35,7 +35,7 @@ int main(int argc, char **argv) { | |||
35 | return 1; | 35 | return 1; |
36 | } | 36 | } |
37 | int portno = atoi(argv[1]); | 37 | int portno = atoi(argv[1]); |
38 | 38 | ||
39 | // init socket | 39 | // init socket |
40 | fd = socket(AF_INET, SOCK_STREAM, 0); | 40 | fd = socket(AF_INET, SOCK_STREAM, 0); |
41 | if (fd < 0) { | 41 | if (fd < 0) { |
@@ -82,7 +82,7 @@ int main(int argc, char **argv) { | |||
82 | if (pid == 0) { | 82 | if (pid == 0) { |
83 | // child | 83 | // child |
84 | close(fd); | 84 | close(fd); |
85 | #define MAXBUF 4096 | 85 | #define MAXBUF 4096 |
86 | char buf[MAXBUF]; | 86 | char buf[MAXBUF]; |
87 | memset(buf, 0, MAXBUF); | 87 | memset(buf, 0, MAXBUF); |
88 | 88 | ||
@@ -103,6 +103,6 @@ int main(int argc, char **argv) { | |||
103 | else | 103 | else |
104 | close(newfd); | 104 | close(newfd); |
105 | } | 105 | } |
106 | 106 | ||
107 | return 0; | 107 | return 0; |
108 | } | 108 | } |
diff --git a/test/profiles/profiles.sh b/test/profiles/profiles.sh index 46662cef5..85e5c1c13 100755 --- a/test/profiles/profiles.sh +++ b/test/profiles/profiles.sh | |||
@@ -43,4 +43,3 @@ do | |||
43 | echo "TESTING: $PROFILE" | 43 | echo "TESTING: $PROFILE" |
44 | ./test-profile.exp $PROFILE | 44 | ./test-profile.exp $PROFILE |
45 | done | 45 | done |
46 | |||
diff --git a/test/profiles/test3.profile b/test/profiles/test3.profile index c28ddadb5..5a70bd829 100644 --- a/test/profiles/test3.profile +++ b/test/profiles/test3.profile | |||
@@ -1 +1 @@ | |||
include test3.profile \ No newline at end of file | include test3.profile | ||
diff --git a/test/root/option_tmpfs.exp b/test/root/option_tmpfs.exp index 3d492dfdb..cac692cb2 100755 --- a/test/root/option_tmpfs.exp +++ b/test/root/option_tmpfs.exp | |||
@@ -37,4 +37,3 @@ after 100 | |||
37 | 37 | ||
38 | 38 | ||
39 | puts "\nall done\n" | 39 | puts "\nall done\n" |
40 | |||
diff --git a/test/utils/caps2.profile b/test/utils/caps2.profile index cb2258c52..e760d4cb5 100644 --- a/test/utils/caps2.profile +++ b/test/utils/caps2.profile | |||
@@ -1 +1 @@ | |||
caps.keep chown,kill \ No newline at end of file | caps.keep chown,kill | ||