diff options
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/chromium-common-hardened.inc.profile | 3 | ||||
-rw-r--r-- | etc/profile-a-l/code.profile | 39 | ||||
-rw-r--r-- | etc/profile-a-l/kodi.profile | 6 |
3 files changed, 25 insertions, 23 deletions
diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 87a0a0994..19addd285 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile | |||
@@ -6,5 +6,4 @@ caps.drop all | |||
6 | nonewprivs | 6 | nonewprivs |
7 | noroot | 7 | noroot |
8 | protocol unix,inet,inet6,netlink | 8 | protocol unix,inet,inet6,netlink |
9 | # kcmp is required for ozone-platform=wayland, see #3783. | 9 | seccomp !chroot |
10 | seccomp !chroot,!kcmp | ||
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index e19b78908..fdf94ec41 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,6 +5,21 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Disabled until someone reported positive feedback | ||
9 | ignore include disable-devel.inc | ||
10 | ignore include disable-exec.inc | ||
11 | ignore include disable-interpreters.inc | ||
12 | ignore include disable-xdg.inc | ||
13 | ignore whitelist ${DOWNLOADS} | ||
14 | ignore include whitelist-common.inc | ||
15 | ignore include whitelist-runuser-common.inc | ||
16 | ignore include whitelist-usr-share-common.inc | ||
17 | ignore include whitelist-var-common.inc | ||
18 | ignore apparmor | ||
19 | ignore disable-mnt | ||
20 | ignore dbus-user none | ||
21 | ignore dbus-system none | ||
22 | |||
8 | noblacklist ${HOME}/.config/Code | 23 | noblacklist ${HOME}/.config/Code |
9 | noblacklist ${HOME}/.config/Code - OSS | 24 | noblacklist ${HOME}/.config/Code - OSS |
10 | noblacklist ${HOME}/.vscode | 25 | noblacklist ${HOME}/.vscode |
@@ -13,31 +28,13 @@ noblacklist ${HOME}/.vscode-oss | |||
13 | # Allows files commonly used by IDEs | 28 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 29 | include allow-common-devel.inc |
15 | 30 | ||
16 | include disable-common.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | noinput | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | 31 | nosound |
28 | notv | ||
29 | nou2f | ||
30 | novideo | ||
31 | protocol unix,inet,inet6,netlink | ||
32 | seccomp | ||
33 | shell none | ||
34 | |||
35 | private-cache | ||
36 | private-dev | ||
37 | private-tmp | ||
38 | 32 | ||
39 | # Disabling noexec ${HOME} for now since it will | 33 | # Disabling noexec ${HOME} for now since it will |
40 | # probably interfere with running some programmes | 34 | # probably interfere with running some programmes |
41 | # in VS Code | 35 | # in VS Code |
42 | # noexec ${HOME} | 36 | # noexec ${HOME} |
43 | noexec /tmp | 37 | noexec /tmp |
38 | |||
39 | # Redirect | ||
40 | include electron.profile | ||
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b7091f1fc..f909728a5 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -12,6 +12,12 @@ ignore noexec ${HOME} | |||
12 | #ignore nogroups | 12 | #ignore nogroups |
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | # Add the following to your kodi.local if you use the Lutris Kodi Addon | ||
16 | #noblacklist /sbin | ||
17 | #noblacklist /usr/sbin | ||
18 | #noblacklist ${HOME}/.cache/lutris | ||
19 | #noblacklist ${HOME}/.config/lutris | ||
20 | #noblacklist ${HOME}/.local/share/lutris | ||
15 | 21 | ||
16 | noblacklist ${HOME}/.kodi | 22 | noblacklist ${HOME}/.kodi |
17 | noblacklist ${MUSIC} | 23 | noblacklist ${MUSIC} |