diff options
Diffstat (limited to 'etc/profile-a-l')
327 files changed, 487 insertions, 3 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 04f58abb9..48a2afdf2 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 7913fdea9..1cd207996 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -40,3 +40,5 @@ seccomp | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index af026fc86..4a850f1bd 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -28,3 +28,5 @@ seccomp | |||
28 | private-cache | 28 | private-cache |
29 | private-dev | 29 | private-dev |
30 | private-tmp | 30 | private-tmp |
31 | |||
32 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 09149350d..462bfa517 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -36,3 +36,4 @@ seccomp | |||
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index 8d56c0d95..b229c151d 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index ce3d0630f..eb7a5254f 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | # dbus-user none | 47 | # dbus-user none |
48 | # dbus-system none | 48 | # dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index ee9420d62..96c56d85d 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 2f58d9146..184036f24 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -55,3 +55,4 @@ tracelog | |||
55 | private-dev | 55 | private-dev |
56 | # private-tmp - breaks programs that depend on akonadi | 56 | # private-tmp - breaks programs that depend on akonadi |
57 | 57 | ||
58 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 8e6935fb8..d88a1fcad 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -49,3 +49,4 @@ private-dev | |||
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | deterministic-shutdown | 51 | deterministic-shutdown |
52 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 5dc306147..9612ffdd2 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -62,3 +62,4 @@ read-write ${HOME}/.config/menus | |||
62 | read-write ${HOME}/.gnome/apps | 62 | read-write ${HOME}/.gnome/apps |
63 | read-write ${HOME}/.local/share/applications | 63 | read-write ${HOME}/.local/share/applications |
64 | read-write ${HOME}/.local/share/flatpak/exports | 64 | read-write ${HOME}/.local/share/flatpak/exports |
65 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index ee6be4bc9..0f7407f05 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index e00aef423..4e994c025 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -100,3 +100,4 @@ dbus-system none | |||
100 | 100 | ||
101 | memory-deny-write-execute | 101 | memory-deny-write-execute |
102 | read-only ${HOME}/.signature | 102 | read-only ${HOME}/.signature |
103 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index 7211f0cf7..3171d738e 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -44,3 +44,5 @@ dbus-user.talk org.freedesktop.Notifications | |||
44 | #dbus-user.own org.kde.klauncher | 44 | #dbus-user.own org.kde.klauncher |
45 | #dbus-user.talk org.kde.knotify | 45 | #dbus-user.talk org.kde.knotify |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index bce22fbfd..ccf7231bd 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -40,3 +40,4 @@ private-bin amule | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index add75c849..3dfa0f95a 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -40,3 +40,4 @@ private-cache | |||
40 | 40 | ||
41 | # noexec /tmp breaks 'Android Profiler' | 41 | # noexec /tmp breaks 'Android Profiler' |
42 | #noexec /tmp | 42 | #noexec /tmp |
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index 45d000012..466f60bda 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fd92f63db..4c2dcf0e6 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -33,3 +33,5 @@ disable-mnt | |||
33 | private-bin anydesk | 33 | private-bin anydesk |
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
36 | |||
37 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index 0d3131f8c..80ee71831 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -40,3 +40,5 @@ protocol unix,inet,inet6 | |||
40 | #seccomp | 40 | #seccomp |
41 | 41 | ||
42 | private-tmp | 42 | private-tmp |
43 | |||
44 | #restrict-namespaces | ||
diff --git a/etc/profile-a-l/apktool.profile b/etc/profile-a-l/apktool.profile index e03ff3084..9f1940a4d 100644 --- a/etc/profile-a-l/apktool.profile +++ b/etc/profile-a-l/apktool.profile | |||
@@ -35,3 +35,5 @@ private-dev | |||
35 | 35 | ||
36 | dbus-user none | 36 | dbus-user none |
37 | dbus-system none | 37 | dbus-system none |
38 | |||
39 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index ca4dec918..dab91fe7d 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -69,3 +69,5 @@ dbus-user filter | |||
69 | dbus-user.own org.gnome.gitlab.somas.Apostrophe | 69 | dbus-user.own org.gnome.gitlab.somas.Apostrophe |
70 | dbus-user.talk ca.desrt.dconf | 70 | dbus-user.talk ca.desrt.dconf |
71 | dbus-system none | 71 | dbus-system none |
72 | |||
73 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index 7db947be8..766c2c96d 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -49,3 +49,4 @@ dbus-user none | |||
49 | dbus-system none | 49 | dbus-system none |
50 | 50 | ||
51 | memory-deny-write-execute | 51 | memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 6ad75d68c..3e3f77576 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -36,3 +36,4 @@ private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman, | |||
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | memory-deny-write-execute | 38 | memory-deny-write-execute |
39 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index b82563099..b0f83aa32 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -49,3 +49,4 @@ dbus-user none | |||
49 | dbus-system none | 49 | dbus-system none |
50 | 50 | ||
51 | memory-deny-write-execute | 51 | memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index c93cecf9f..341fe1ed8 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
42 | dbus-system none | 42 | dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index bb0bc3513..85ea76939 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -33,3 +33,4 @@ seccomp | |||
33 | private-cache | 33 | private-cache |
34 | private-tmp | 34 | private-tmp |
35 | 35 | ||
36 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index f108a6291..17eb2451c 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -53,3 +53,4 @@ dbus-user none | |||
53 | dbus-system none | 53 | dbus-system none |
54 | 54 | ||
55 | memory-deny-write-execute | 55 | memory-deny-write-execute |
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 53697a367..272e06219 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | # dbus-user none | 45 | # dbus-user none |
46 | # dbus-system none | 46 | # dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 556a354e7..db388eee1 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -45,3 +45,4 @@ private-dev | |||
45 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor | 45 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index b83b6bb10..b1347b0d9 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -65,3 +65,4 @@ dbus-user.talk org.freedesktop.Notifications | |||
65 | dbus-system none | 65 | dbus-system none |
66 | 66 | ||
67 | memory-deny-write-execute | 67 | memory-deny-write-execute |
68 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 26eddf1b6..f28f77748 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | read-write ${HOME}/.local/share/mime | 53 | read-write ${HOME}/.local/share/mime |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index 445aa3985..c09ad7936 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -45,3 +45,4 @@ dbus-system none | |||
45 | 45 | ||
46 | # mdwe is disabled due to breaking hardware accelerated decoding | 46 | # mdwe is disabled due to breaking hardware accelerated decoding |
47 | # memory-deny-write-execute | 47 | # memory-deny-write-execute |
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 8ec6f433e..f24aff108 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -49,3 +49,4 @@ private-tmp | |||
49 | 49 | ||
50 | # webkit gtk killed by memory-deny-write-execute | 50 | # webkit gtk killed by memory-deny-write-execute |
51 | #memory-deny-write-execute | 51 | #memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index fe23049f4..b31f3f1b2 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -42,3 +42,5 @@ private-tmp | |||
42 | # dbus needed for MPRIS | 42 | # dbus needed for MPRIS |
43 | # dbus-user none | 43 | # dbus-user none |
44 | # dbus-system none | 44 | # dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index 2831fec72..078e3bf26 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | # problems on Fedora 27 | 44 | # problems on Fedora 27 |
45 | # dbus-user none | 45 | # dbus-user none |
46 | # dbus-system none | 46 | # dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 6c8a90c0b..74dba7411 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -51,3 +51,4 @@ dbus-user.talk ca.desrt.dconf | |||
51 | dbus-system none | 51 | dbus-system none |
52 | 52 | ||
53 | # memory-deny-write-execute - breaks on Arch | 53 | # memory-deny-write-execute - breaks on Arch |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 8e898b5ee..73a2e1806 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | dbus-user filter | 52 | dbus-user filter |
53 | dbus-user.talk ca.desrt.dconf | 53 | dbus-user.talk ca.desrt.dconf |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 5f26a39f5..02c1d8768 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -46,3 +46,4 @@ private-tmp | |||
46 | # dbus-system none | 46 | # dbus-system none |
47 | 47 | ||
48 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 48 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index ee63f0ead..834eac11a 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -39,3 +39,4 @@ private-dev | |||
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 41 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 4cb556f6e..8707dca5b 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -55,3 +55,5 @@ private-tmp | |||
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
57 | dbus-system none | 57 | dbus-system none |
58 | |||
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index 0a80a2203..e2646095c 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -37,3 +37,5 @@ tracelog | |||
37 | private-bin aweather | 37 | private-bin aweather |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 5d1bf5071..ee9280fe8 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -17,3 +17,4 @@ protocol unix,inet,inet6 | |||
17 | seccomp | 17 | seccomp |
18 | 18 | ||
19 | read-only ${HOME}/.config/awesome/autorun.sh | 19 | read-only ${HOME}/.config/awesome/autorun.sh |
20 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 05637d247..b60b5715c 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index 24bb53981..084b7c702 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -52,3 +52,5 @@ private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kb | |||
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-tmp | 54 | private-tmp |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index c78caad77..661356ff6 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -79,3 +79,4 @@ dbus-user.talk org.gnome.keyring.SystemPrompter | |||
79 | dbus-system none | 79 | dbus-system none |
80 | 80 | ||
81 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 81 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
82 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/baobab.profile b/etc/profile-a-l/baobab.profile index 40f50e991..31ef66a58 100644 --- a/etc/profile-a-l/baobab.profile +++ b/etc/profile-a-l/baobab.profile | |||
@@ -41,3 +41,4 @@ private-tmp | |||
41 | # dbus-system none | 41 | # dbus-system none |
42 | 42 | ||
43 | read-only ${HOME} | 43 | read-only ${HOME} |
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index dbd3d38f1..a78d202a2 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -42,3 +42,4 @@ private-cache | |||
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 8dc3847a0..a962bfe02 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -22,5 +22,8 @@ ignore seccomp | |||
22 | #private-etc basilisk | 22 | #private-etc basilisk |
23 | #private-opt basilisk | 23 | #private-opt basilisk |
24 | 24 | ||
25 | restrict-namespaces | ||
26 | ignore restrict-namespaces | ||
27 | |||
25 | # Redirect | 28 | # Redirect |
26 | include firefox-common.profile | 29 | include firefox-common.profile |
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index b43c670b6..d566b94e8 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index bc1cb18ac..85a1a58c7 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -56,3 +56,5 @@ private-tmp | |||
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index e6675e0d3..b6b52601e 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -60,3 +60,4 @@ dbus-user.talk org.freedesktop.Tracker1 | |||
60 | dbus-system none | 60 | dbus-system none |
61 | 61 | ||
62 | env WEBKIT_FORCE_SANDBOX=0 | 62 | env WEBKIT_FORCE_SANDBOX=0 |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 390d002ed..9fc01a2fd 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -47,3 +47,4 @@ private-dev | |||
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | memory-deny-write-execute | 49 | memory-deny-write-execute |
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index 773fa7500..988a1479e 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -38,3 +38,4 @@ private-dev | |||
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | read-write /var/lib/bitlbee | 40 | read-write /var/lib/bitlbee |
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 233f9a96f..753254ffc 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
@@ -16,3 +16,4 @@ noroot | |||
16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
17 | seccomp | 17 | seccomp |
18 | 18 | ||
19 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bleachbit.profile b/etc/profile-a-l/bleachbit.profile index a352ab8d8..45ae345c3 100644 --- a/etc/profile-a-l/bleachbit.profile +++ b/etc/profile-a-l/bleachbit.profile | |||
@@ -40,3 +40,4 @@ dbus-system none | |||
40 | 40 | ||
41 | # memory-deny-write-execute breaks some systems, see issue #1850 | 41 | # memory-deny-write-execute breaks some systems, see issue #1850 |
42 | # memory-deny-write-execute | 42 | # memory-deny-write-execute |
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 8ee852ab5..cd8fac61f 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -37,3 +37,5 @@ protocol unix,inet,inet6,netlink | |||
37 | seccomp !mbind | 37 | seccomp !mbind |
38 | 38 | ||
39 | private-dev | 39 | private-dev |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 0e38889c0..9badb4357 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -39,3 +39,5 @@ private-tmp | |||
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
41 | dbus-system none | 41 | dbus-system none |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 3bd8c79d0..6e7a87e5f 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -48,3 +48,4 @@ dbus-user none | |||
48 | dbus-system none | 48 | dbus-system none |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
51 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 9dfbd8f8e..e6926ee29 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bluefish.profile b/etc/profile-a-l/bluefish.profile index ac949d561..d24f76262 100644 --- a/etc/profile-a-l/bluefish.profile +++ b/etc/profile-a-l/bluefish.profile | |||
@@ -37,3 +37,5 @@ private-tmp | |||
37 | 37 | ||
38 | dbus-user none | 38 | dbus-user none |
39 | dbus-system none | 39 | dbus-system none |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0ab28fffe..a483c2b0a 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -31,3 +31,5 @@ seccomp !chroot,!ioperm | |||
31 | 31 | ||
32 | private-cache | 32 | private-cache |
33 | private-dev | 33 | private-dev |
34 | |||
35 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index f80ad9f20..12d7062ab 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -33,3 +33,5 @@ tracelog | |||
33 | private-cache | 33 | private-cache |
34 | # private-dev | 34 | # private-dev |
35 | # private-tmp | 35 | # private-tmp |
36 | |||
37 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile index bd6719b62..cf5f462ae 100644 --- a/etc/profile-a-l/build-systems-common.profile +++ b/etc/profile-a-l/build-systems-common.profile | |||
@@ -63,3 +63,5 @@ private-tmp | |||
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
65 | dbus-system none | 65 | dbus-system none |
66 | |||
67 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index 5bfe3751b..b28f982fc 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index acfc1ba0a..b347941d7 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -35,3 +35,5 @@ seccomp !chroot | |||
35 | 35 | ||
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | private-tmp |
38 | |||
39 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index 6fccf2122..c2972f902 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -37,3 +37,4 @@ private-dev | |||
37 | 37 | ||
38 | # noexec ${HOME} | 38 | # noexec ${HOME} |
39 | noexec /tmp | 39 | noexec /tmp |
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index fb3a6df7e..b2248ad06 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -52,3 +52,4 @@ private-tmp | |||
52 | # dbus-system none | 52 | # dbus-system none |
53 | 53 | ||
54 | # memory-deny-write-execute - breaks on Arch | 54 | # memory-deny-write-execute - breaks on Arch |
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index f2d9c282d..7cb56efee 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -37,3 +37,5 @@ seccomp | |||
37 | # private-etc alternatives,drirc,fonts,gcrypt,hosts,kde5rc,mpd.conf,passwd,samba,ssl,xdg | 37 | # private-etc alternatives,drirc,fonts,gcrypt,hosts,kde5rc,mpd.conf,passwd,samba,ssl,xdg |
38 | private-bin cantata,mpd,perl | 38 | private-bin cantata,mpd,perl |
39 | private-dev | 39 | private-dev |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index d076c3ca0..e2df341e9 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -46,3 +46,5 @@ tracelog | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index e9affe09e..e4e32b265 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -43,3 +43,5 @@ private-tmp | |||
43 | 43 | ||
44 | # dbus-user none | 44 | # dbus-user none |
45 | dbus-system none | 45 | dbus-system none |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 48522c002..0c4335e8f 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -64,3 +64,4 @@ dbus-system none | |||
64 | 64 | ||
65 | read-only ${HOME} | 65 | read-only ${HOME} |
66 | read-write ${HOME}/.config/celluloid | 66 | read-write ${HOME}/.config/celluloid |
67 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/chafa.profile b/etc/profile-a-l/chafa.profile index b042ac189..72f79681d 100644 --- a/etc/profile-a-l/chafa.profile +++ b/etc/profile-a-l/chafa.profile | |||
@@ -53,3 +53,4 @@ dbus-user none | |||
53 | dbus-system none | 53 | dbus-system none |
54 | 54 | ||
55 | read-only ${HOME} | 55 | read-only ${HOME} |
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 835b884ad..3baa80d50 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index 1e498259c..8aed77c04 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -58,3 +58,5 @@ dbus-user filter | |||
58 | dbus-user.own org.gnome.Cheese | 58 | dbus-user.own org.gnome.Cheese |
59 | dbus-user.talk ca.desrt.dconf | 59 | dbus-user.talk ca.desrt.dconf |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index fe0c7cfe8..528d6203e 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -40,3 +40,4 @@ private-cache | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 19addd285..c3944bd65 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile | |||
@@ -7,3 +7,5 @@ nonewprivs | |||
7 | noroot | 7 | noroot |
8 | protocol unix,inet,inet6,netlink | 8 | protocol unix,inet,inet6,netlink |
9 | seccomp !chroot | 9 | seccomp !chroot |
10 | |||
11 | #restrict-namespaces | ||
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index 3e62d7ba2..0930c9361 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -34,3 +34,5 @@ private-dev | |||
34 | 34 | ||
35 | dbus-user none | 35 | dbus-user none |
36 | dbus-system none | 36 | dbus-system none |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index f5f665215..ddd0eb1f9 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile | |||
@@ -37,3 +37,4 @@ dbus-system none | |||
37 | read-only ${HOME} | 37 | read-only ${HOME} |
38 | 38 | ||
39 | memory-deny-write-execute | 39 | memory-deny-write-execute |
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/clamtk.profile b/etc/profile-a-l/clamtk.profile index 842416171..9fc73ee55 100644 --- a/etc/profile-a-l/clamtk.profile +++ b/etc/profile-a-l/clamtk.profile | |||
@@ -27,3 +27,5 @@ private-dev | |||
27 | 27 | ||
28 | dbus-user none | 28 | dbus-user none |
29 | dbus-system none | 29 | dbus-system none |
30 | |||
31 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 268cf01b4..4f4e8e7bf 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -51,3 +51,4 @@ dbus-user none | |||
51 | dbus-system none | 51 | dbus-system none |
52 | 52 | ||
53 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 53 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index b1509f391..ee01fa653 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -38,3 +38,5 @@ private-tmp | |||
38 | 38 | ||
39 | dbus-system none | 39 | dbus-system none |
40 | # dbus-user none | 40 | # dbus-user none |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index a8d57d63d..652809f1b 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -40,3 +40,4 @@ private-dev | |||
40 | # private-tmp | 40 | # private-tmp |
41 | 41 | ||
42 | noexec /tmp | 42 | noexec /tmp |
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index 4086f46ba..3f3748e1a 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | # 'dbus-user none' breaks tray menu - add 'dbus-user none' to your clipgrab.local if you don't need it. | 48 | # 'dbus-user none' breaks tray menu - add 'dbus-user none' to your clipgrab.local if you don't need it. |
49 | # dbus-user none | 49 | # dbus-user none |
50 | # dbus-system none | 50 | # dbus-system none |
51 | |||
52 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index 0356547cd..504bce0b1 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -59,5 +59,5 @@ dbus-user none | |||
59 | dbus-system none | 59 | dbus-system none |
60 | 60 | ||
61 | #memory-deny-write-execute | 61 | #memory-deny-write-execute |
62 | restrict-namespaces | ||
63 | read-only ${HOME} | 62 | read-only ${HOME} |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index fa5693901..ad6332f78 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -27,3 +27,5 @@ seccomp | |||
27 | 27 | ||
28 | private-bin cmus | 28 | private-bin cmus |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
30 | |||
31 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile index b4f73458c..c341c4ea2 100644 --- a/etc/profile-a-l/cointop.profile +++ b/etc/profile-a-l/cointop.profile | |||
@@ -60,3 +60,4 @@ dbus-user none | |||
60 | dbus-system none | 60 | dbus-system none |
61 | 61 | ||
62 | memory-deny-write-execute | 62 | memory-deny-write-execute |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index 79ab5e7b1..442d50259 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 7024ddb28..990b6bc5a 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | # dbus-user.own com.github.bleakgrey.tootle | 52 | # dbus-user.own com.github.bleakgrey.tootle |
53 | # dbus-user.talk ca.desrt.dconf | 53 | # dbus-user.talk ca.desrt.dconf |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index 05768977d..5f2a1c3e6 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -63,3 +63,4 @@ read-only ${HOME} | |||
63 | read-write ${HOME}/.cache/agenda | 63 | read-write ${HOME}/.cache/agenda |
64 | read-write ${HOME}/.config/agenda | 64 | read-write ${HOME}/.config/agenda |
65 | read-write ${HOME}/.local/share/agenda | 65 | read-write ${HOME}/.local/share/agenda |
66 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index 06c6e5f84..21f37494b 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -60,3 +60,4 @@ private-tmp | |||
60 | read-only ${HOME} | 60 | read-only ${HOME} |
61 | read-write ${HOME}/.cache/com.github.johnfactotum.Foliate | 61 | read-write ${HOME}/.cache/com.github.johnfactotum.Foliate |
62 | read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate | 62 | read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 667f9805c..07a6a6813 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -58,3 +58,5 @@ dbus-user filter | |||
58 | dbus-user.own com.github.phase1geo.minder | 58 | dbus-user.own com.github.phase1geo.minder |
59 | dbus-user.talk ca.desrt.dconf | 59 | dbus-user.talk ca.desrt.dconf |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile index 20236c161..fd4494e92 100644 --- a/etc/profile-a-l/com.github.tchx84.Flatseal.profile +++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile | |||
@@ -62,3 +62,4 @@ dbus-user.talk org.gnome.Software | |||
62 | dbus-system none | 62 | dbus-system none |
63 | 63 | ||
64 | read-write ${HOME}/.local/share/flatpak/overrides | 64 | read-write ${HOME}/.local/share/flatpak/overrides |
65 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 38edf0d21..6486990f5 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile | |||
@@ -34,3 +34,5 @@ protocol unix,inet,inet6 | |||
34 | seccomp | 34 | seccomp |
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index 49a0a40ff..39e6d3cf9 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -43,3 +43,4 @@ private-dev | |||
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | memory-deny-write-execute | 45 | memory-deny-write-execute |
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 41b9f79a1..1774669f1 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -35,3 +35,4 @@ private-bin corebird | |||
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 2245903a4..e896f3537 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -46,3 +46,4 @@ private-tmp | |||
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
48 | read-only ${HOME}/.config/cower/config | 48 | read-only ${HOME}/.config/cower/config |
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 24a149c5f..793de8ab4 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -46,3 +46,4 @@ dbus-user none | |||
46 | dbus-system none | 46 | dbus-system none |
47 | 47 | ||
48 | #memory-deny-write-execute | 48 | #memory-deny-write-execute |
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index 7928dd93c..7df7b4480 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index ba0dfb1a6..842191f3f 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -43,3 +43,4 @@ private-opt none | |||
43 | private-tmp | 43 | private-tmp |
44 | private-srv none | 44 | private-srv none |
45 | 45 | ||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 3fa6ab764..3e5878574 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -58,3 +58,5 @@ private-tmp | |||
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index a3a16fa0c..63d89ec36 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -53,3 +53,4 @@ private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id | |||
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 20d5657eb..f871b80aa 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -41,3 +41,4 @@ seccomp | |||
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 95f24a0ad..b259c7e93 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -56,3 +56,4 @@ private-tmp | |||
56 | 56 | ||
57 | memory-deny-write-execute | 57 | memory-deny-write-execute |
58 | read-only ${HOME} | 58 | read-only ${HOME} |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 110c9f58e..876e637b2 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -50,3 +50,5 @@ dbus-user filter | |||
50 | dbus-user.own ca.desrt.dconf-editor | 50 | dbus-user.own ca.desrt.dconf-editor |
51 | dbus-user.talk ca.desrt.dconf | 51 | dbus-user.talk ca.desrt.dconf |
52 | dbus-system none | 52 | dbus-system none |
53 | |||
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index 56583838e..5136445da 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -50,3 +50,4 @@ private-lib | |||
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index be1f2eece..8ea5d178e 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -51,3 +51,4 @@ dbus-user none | |||
51 | dbus-system none | 51 | dbus-system none |
52 | 52 | ||
53 | # memory-deny-write-execute - breaks on Arch | 53 | # memory-deny-write-execute - breaks on Arch |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index 205424a62..4eb89503a 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -32,3 +32,4 @@ seccomp | |||
32 | private-dev | 32 | private-dev |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile index 397a89bee..a10bbab5b 100644 --- a/etc/profile-a-l/default.profile +++ b/etc/profile-a-l/default.profile | |||
@@ -60,4 +60,4 @@ seccomp | |||
60 | # deterministic-shutdown | 60 | # deterministic-shutdown |
61 | # memory-deny-write-execute | 61 | # memory-deny-write-execute |
62 | # read-only ${HOME} | 62 | # read-only ${HOME} |
63 | # restrict-namespaces | 63 | restrict-namespaces |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index d8a27da62..ebc751e1a 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -43,3 +43,5 @@ seccomp | |||
43 | private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname | 43 | private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname |
44 | private-dev | 44 | private-dev |
45 | private-tmp | 45 | private-tmp |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 2b03f0ea0..71579905e 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -42,3 +42,5 @@ private-tmp | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 42318527c..ef31fc3eb 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -50,3 +50,4 @@ private-tmp | |||
50 | 50 | ||
51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
52 | read-only ${HOME} | 52 | read-only ${HOME} |
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 4b4bfbc5f..0579547af 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -56,3 +56,4 @@ dbus-system none | |||
56 | 56 | ||
57 | memory-deny-write-execute | 57 | memory-deny-write-execute |
58 | read-only ${HOME} | 58 | read-only ${HOME} |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dex2jar.profile b/etc/profile-a-l/dex2jar.profile index 0908c16f1..b71387b2f 100644 --- a/etc/profile-a-l/dex2jar.profile +++ b/etc/profile-a-l/dex2jar.profile | |||
@@ -39,3 +39,5 @@ private-dev | |||
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
41 | dbus-system none | 41 | dbus-system none |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 30db25ee9..efcdb7ce4 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index a6de5e05e..048b92800 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index c1f0e3a14..05f0dfba8 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -43,3 +43,5 @@ private-tmp | |||
43 | 43 | ||
44 | # dbus-user none | 44 | # dbus-user none |
45 | # dbus-system none | 45 | # dbus-system none |
46 | |||
47 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 19b99b5fd..c7cecf23e 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -37,3 +37,4 @@ private-dev | |||
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | deterministic-shutdown | 39 | deterministic-shutdown |
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index 6802c7eed..1f7134ff2 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -53,3 +53,5 @@ dbus-user.talk org.freedesktop.Notifications | |||
53 | dbus-system filter | 53 | dbus-system filter |
54 | # Integration with systemd-logind or elogind | 54 | # Integration with systemd-logind or elogind |
55 | dbus-system.talk org.freedesktop.login1 | 55 | dbus-system.talk org.freedesktop.login1 |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 6e8e30bfe..15f6e441d 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index 0efebd9a6..0d52805b7 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | # mdwe can break modules/plugins | 52 | # mdwe can break modules/plugins |
53 | memory-deny-write-execute | 53 | memory-deny-write-execute |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 13efd2fa8..40ccab8c7 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -40,3 +40,5 @@ private | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | writable-var | 42 | writable-var |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index b8a29beb7..acaf2e021 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -60,3 +60,5 @@ private-tmp | |||
60 | 60 | ||
61 | dbus-user none | 61 | dbus-user none |
62 | dbus-system none | 62 | dbus-system none |
63 | |||
64 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 427d70e97..6e8d32848 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -38,3 +38,4 @@ disable-mnt | |||
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 845277396..1edbb7ca0 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 14c5e7155..742385855 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -39,3 +39,4 @@ private-bin dragon | |||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index b533ad590..9d9fa291b 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -51,3 +51,4 @@ dbus-user none | |||
51 | dbus-system none | 51 | dbus-system none |
52 | 52 | ||
53 | # memory-deny-write-execute - breaks on Arch | 53 | # memory-deny-write-execute - breaks on Arch |
54 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index ffbd06cb6..bd6fb6dcc 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index 5d83485d2..4fdf1bbfe 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -46,3 +46,4 @@ private-dev | |||
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | noexec /tmp | 48 | noexec /tmp |
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 9db24f5a3..920eb7697 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -53,3 +53,4 @@ private-tmp | |||
53 | # dbus-system none | 53 | # dbus-system none |
54 | 54 | ||
55 | memory-deny-write-execute | 55 | memory-deny-write-execute |
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad3a38bfa..78a996f71 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -51,3 +51,5 @@ private-tmp | |||
51 | 51 | ||
52 | # dbus-user none | 52 | # dbus-user none |
53 | # dbus-system none | 53 | # dbus-system none |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 7e9be653d..5b44f4ccd 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -30,3 +30,4 @@ seccomp | |||
30 | 30 | ||
31 | read-write ${HOME}/.emacs | 31 | read-write ${HOME}/.emacs |
32 | read-write ${HOME}/.emacs.d | 32 | read-write ${HOME}/.emacs.d |
33 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 89c44bf76..86fb27514 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -81,3 +81,4 @@ dbus-system none | |||
81 | 81 | ||
82 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 82 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
83 | read-only ${HOME}/.signature | 83 | read-only ${HOME}/.signature |
84 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/empathy.profile b/etc/profile-a-l/empathy.profile index 5ca640d30..9a128d7af 100644 --- a/etc/profile-a-l/empathy.profile +++ b/etc/profile-a-l/empathy.profile | |||
@@ -24,3 +24,5 @@ seccomp | |||
24 | 24 | ||
25 | private-cache | 25 | private-cache |
26 | private-tmp | 26 | private-tmp |
27 | |||
28 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index d9abe52b0..37a6c088b 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -55,3 +55,4 @@ dbus-user none | |||
55 | dbus-system none | 55 | dbus-system none |
56 | 56 | ||
57 | memory-deny-write-execute | 57 | memory-deny-write-execute |
58 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/engrampa.profile b/etc/profile-a-l/engrampa.profile index 37eb21546..1118c3bf0 100644 --- a/etc/profile-a-l/engrampa.profile +++ b/etc/profile-a-l/engrampa.profile | |||
@@ -38,3 +38,5 @@ private-dev | |||
38 | dbus-user filter | 38 | dbus-user filter |
39 | dbus-user.talk ca.desrt.dconf | 39 | dbus-user.talk ca.desrt.dconf |
40 | dbus-system none | 40 | dbus-system none |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index 2d3367255..45a1125b4 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -59,3 +59,4 @@ private-opt Enpass | |||
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
61 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 61 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index f25f2a291..83abb551e 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -49,3 +49,5 @@ private-dev | |||
49 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 49 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload |
50 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 50 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
51 | private-tmp | 51 | private-tmp |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 37b7fdf11..adda53660 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile | |||
@@ -61,3 +61,5 @@ private-tmp | |||
61 | # breaks preferences | 61 | # breaks preferences |
62 | # dbus-user none | 62 | # dbus-user none |
63 | # dbus-system none | 63 | # dbus-system none |
64 | |||
65 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index 225811226..a8d00d045 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile | |||
@@ -34,3 +34,5 @@ nonewprivs | |||
34 | notv | 34 | notv |
35 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
36 | seccomp | 36 | seccomp |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 60d50a7fa..2fe0a4af4 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -60,3 +60,4 @@ dbus-user none | |||
60 | dbus-system none | 60 | dbus-system none |
61 | 61 | ||
62 | memory-deny-write-execute | 62 | memory-deny-write-execute |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index 8fa6cd3b4..7d27f12c9 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index eec9f86db..95115d484 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -64,3 +64,5 @@ dbus-user.talk ca.desrt.dconf | |||
64 | dbus-user.talk org.gtk.vfs.Daemon | 64 | dbus-user.talk org.gtk.vfs.Daemon |
65 | dbus-user.talk org.gtk.vfs.Metadata | 65 | dbus-user.talk org.gtk.vfs.Metadata |
66 | dbus-system none | 66 | dbus-system none |
67 | |||
68 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 6f959df6e..517bb6206 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -43,3 +43,5 @@ seccomp | |||
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
45 | writable-var | 45 | writable-var |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index dd5e32f49..45331487c 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -54,3 +54,4 @@ dbus-user none | |||
54 | dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | memory-deny-write-execute | 56 | memory-deny-write-execute |
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 321cb0145..2daf1ff15 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | # dbus-user filter | 53 | # dbus-user filter |
54 | # dbus-user.own org.kde.Falkon | 54 | # dbus-user.own org.kde.Falkon |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 5679f7cc1..434371aee 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -36,3 +36,5 @@ seccomp | |||
36 | private-bin fbreader,FBReader | 36 | private-bin fbreader,FBReader |
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index ee775566e..248cb5b49 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -47,3 +47,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so. | |||
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | memory-deny-write-execute | 49 | memory-deny-write-execute |
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 83de90908..6aa24cc86 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.secrets | |||
56 | #dbus-user.talk org.freedesktop.Notifications | 56 | #dbus-user.talk org.freedesktop.Notifications |
57 | #dbus-user.talk org.gnome.OnlineAccounts | 57 | #dbus-user.talk org.gnome.OnlineAccounts |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index 9b0262f5b..be5ab8627 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
42 | dbus-system none | 42 | dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index e11baa536..3a044542f 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile | |||
@@ -44,3 +44,5 @@ seccomp !chroot | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-dev | 45 | private-dev |
46 | private-tmp | 46 | private-tmp |
47 | |||
48 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index cb01fc5dd..ea90239e0 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -31,3 +31,5 @@ seccomp | |||
31 | 31 | ||
32 | #private-bin bash,chmod,fetchmail,procmail | 32 | #private-bin bash,chmod,fetchmail,procmail |
33 | private-dev | 33 | private-dev |
34 | |||
35 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 42de048d7..160f26f78 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -54,3 +54,4 @@ dbus-user none | |||
54 | dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 56 | # memory-deny-write-execute - it breaks old versions of ffmpeg |
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/file-manager-common.profile b/etc/profile-a-l/file-manager-common.profile index 9ab7e36d3..bf8475758 100644 --- a/etc/profile-a-l/file-manager-common.profile +++ b/etc/profile-a-l/file-manager-common.profile | |||
@@ -49,3 +49,5 @@ private-dev | |||
49 | 49 | ||
50 | #dbus-user none | 50 | #dbus-user none |
51 | #dbus-system none | 51 | #dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 06744cdd3..ef4e0e117 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -46,3 +46,5 @@ private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg | |||
46 | # private-tmp | 46 | # private-tmp |
47 | 47 | ||
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index bcb2abc8b..a5fd05bc7 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -44,3 +44,4 @@ dbus-system none | |||
44 | 44 | ||
45 | memory-deny-write-execute | 45 | memory-deny-write-execute |
46 | read-only ${HOME} | 46 | read-only ${HOME} |
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index 273e6180c..e80a875f1 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -41,3 +41,5 @@ seccomp | |||
41 | private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh | 41 | private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh |
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 491ce2eeb..13313cb67 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -68,3 +68,5 @@ blacklist ${PATH}/wget2 | |||
68 | # Gnome connector, KDE connect and power management on KDE Plasma. | 68 | # Gnome connector, KDE connect and power management on KDE Plasma. |
69 | dbus-user none | 69 | dbus-user none |
70 | dbus-system none | 70 | dbus-system none |
71 | |||
72 | #restrict-namespaces | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index d5034ef8e..0984055a3 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -65,3 +65,5 @@ dbus-user.talk org.kde.KWin | |||
65 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | 65 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
66 | ?ALLOW_TRAY: dbus-user.own org.kde.* | 66 | ?ALLOW_TRAY: dbus-user.own org.kde.* |
67 | dbus-system none | 67 | dbus-system none |
68 | |||
69 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index 4bb1b2a71..740dc153f 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -35,3 +35,4 @@ private-cache | |||
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 1210f365c..2ae87be48 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
@@ -16,3 +16,4 @@ noroot | |||
16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
17 | seccomp | 17 | seccomp |
18 | 18 | ||
19 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index fcd4afa44..88ae56c82 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -54,3 +54,4 @@ private-dev | |||
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 56 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index f18250fdb..756ca4fae 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -38,3 +38,4 @@ private-cache | |||
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 796081ece..a614d7d9f 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -55,3 +55,5 @@ dbus-user.talk ca.desrt.dconf | |||
55 | dbus-user.talk org.freedesktop.Notifications | 55 | dbus-user.talk org.freedesktop.Notifications |
56 | dbus-user.talk org.freedesktop.secrets | 56 | dbus-user.talk org.freedesktop.secrets |
57 | dbus-system none | 57 | dbus-system none |
58 | |||
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 4a2e13d89..e21789d73 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile | |||
@@ -44,3 +44,5 @@ seccomp !chroot | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-dev | 45 | private-dev |
46 | private-tmp | 46 | private-tmp |
47 | |||
48 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index e0330b52a..53315c249 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -42,3 +42,5 @@ private-tmp | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 1690f6eb9..0788acce1 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 3092e830a..f1b2ffcb7 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -55,3 +55,5 @@ private-tmp | |||
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
57 | dbus-system none | 57 | dbus-system none |
58 | |||
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index c3f32de03..ae5843f7f 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -50,3 +50,5 @@ private-srv none | |||
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
52 | dbus-system none | 52 | dbus-system none |
53 | |||
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/freshclam.profile b/etc/profile-a-l/freshclam.profile index ab6877de8..133d66f0d 100644 --- a/etc/profile-a-l/freshclam.profile +++ b/etc/profile-a-l/freshclam.profile | |||
@@ -33,3 +33,4 @@ writable-var | |||
33 | writable-var-log | 33 | writable-var-log |
34 | 34 | ||
35 | memory-deny-write-execute | 35 | memory-deny-write-execute |
36 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index 521d50b3b..067fe3caa 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index bb60d98a5..86a8a8fc6 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile index 15b68eb08..f448ab932 100644 --- a/etc/profile-a-l/ftp.profile +++ b/etc/profile-a-l/ftp.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | noexec ${HOME} | 53 | noexec ${HOME} |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index ee4226852..8ca349d1c 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 3d4d4b4e7..d4d578dd4 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -75,4 +75,5 @@ dbus-system.talk org.freedesktop.login1 | |||
75 | # Add the next line to your gajim.local to enable location plugin support. | 75 | # Add the next line to your gajim.local to enable location plugin support. |
76 | #dbus-system.talk org.freedesktop.GeoClue2 | 76 | #dbus-system.talk org.freedesktop.GeoClue2 |
77 | 77 | ||
78 | restrict-namespaces | ||
78 | join-or-start gajim | 79 | join-or-start gajim |
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 95afc8020..0fba8ac07 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 52 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 6fac9affc..106e0eda6 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -70,3 +70,4 @@ dbus-system none | |||
70 | 70 | ||
71 | memory-deny-write-execute | 71 | memory-deny-write-execute |
72 | read-only ${HOME} | 72 | read-only ${HOME} |
73 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 60fac668e..313b34a53 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
42 | dbus-system none | 42 | dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 33441ac0e..5b434342b 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -58,3 +58,4 @@ private-lib GConf,libpython*,python2* | |||
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
60 | memory-deny-write-execute | 60 | memory-deny-write-execute |
61 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile index 783183bea..4eb94edf4 100644 --- a/etc/profile-a-l/gdu.profile +++ b/etc/profile-a-l/gdu.profile | |||
@@ -37,6 +37,7 @@ dbus-user none | |||
37 | dbus-system none | 37 | dbus-system none |
38 | 38 | ||
39 | memory-deny-write-execute | 39 | memory-deny-write-execute |
40 | restrict-namespaces | ||
40 | 41 | ||
41 | # gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features. | 42 | # gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features. |
42 | # Depending on workflow and use case the sandbox can be hardened by adding the | 43 | # Depending on workflow and use case the sandbox can be hardened by adding the |
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 021abefb3..ec1d68e0d 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -32,3 +32,5 @@ seccomp | |||
32 | private-cache | 32 | private-cache |
33 | private-dev | 33 | private-dev |
34 | private-tmp | 34 | private-tmp |
35 | |||
36 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index cc2119f2a..ad9b45b57 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -91,3 +91,4 @@ dbus-user.talk org.gnome.evolution.dataserver.Sources5 | |||
91 | dbus-system none | 91 | dbus-system none |
92 | 92 | ||
93 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 93 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
94 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 28a79b646..dbb3ab971 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | # makes settings immutable | 49 | # makes settings immutable |
50 | # dbus-user none | 50 | # dbus-user none |
51 | # dbus-system none | 51 | # dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index 19ac4e026..cda47a7e9 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile | |||
@@ -55,3 +55,4 @@ dbus-system none | |||
55 | 55 | ||
56 | read-only ${HOME} | 56 | read-only ${HOME} |
57 | read-write ${HOME}/.geekbench5 | 57 | read-write ${HOME}/.geekbench5 |
58 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index 268c3b334..95adc6840 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -34,3 +34,5 @@ seccomp | |||
34 | 34 | ||
35 | # private-bin geeqie | 35 | # private-bin geeqie |
36 | private-dev | 36 | private-dev |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 7b42fadd1..d3d49433b 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -67,3 +67,5 @@ dbus-user filter | |||
67 | dbus-user.own org.gabmus.gfeeds | 67 | dbus-user.own org.gabmus.gfeeds |
68 | dbus-user.talk ca.desrt.dconf | 68 | dbus-user.talk ca.desrt.dconf |
69 | dbus-system none | 69 | dbus-system none |
70 | |||
71 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index b40c96e5b..02c4f9509 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index e908e5cd9..9c719ddb1 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -56,3 +56,5 @@ private-tmp | |||
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | #restrict-namespaces | ||
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 400c8c54f..083b85a91 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -63,3 +63,5 @@ private-tmp | |||
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
65 | dbus-system none | 65 | dbus-system none |
66 | |||
67 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index ffd1b1f13..d315619b7 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -58,3 +58,4 @@ dbus-user none | |||
58 | dbus-system none | 58 | dbus-system none |
59 | 59 | ||
60 | memory-deny-write-execute | 60 | memory-deny-write-execute |
61 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 6c6a0bfd4..2f7068d68 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -84,3 +84,5 @@ read-only ${HOME}/.git-credentials | |||
84 | 84 | ||
85 | # Add 'ignore read-only ${HOME}/.ssh' to your git-cola.local if you need to allow hosts. | 85 | # Add 'ignore read-only ${HOME}/.ssh' to your git-cola.local if you need to allow hosts. |
86 | read-only ${HOME}/.ssh | 86 | read-only ${HOME}/.ssh |
87 | |||
88 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index 76636cc03..78d6cb2a1 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -65,3 +65,4 @@ private-cache | |||
65 | private-dev | 65 | private-dev |
66 | 66 | ||
67 | memory-deny-write-execute | 67 | memory-deny-write-execute |
68 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 4c4ddd2d2..85f08d52e 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -61,3 +61,5 @@ dbus-user.talk ca.desrt.dconf | |||
61 | # Add the next line to your gitg.local if you need keyring access. | 61 | # Add the next line to your gitg.local if you need keyring access. |
62 | #dbus-user.talk org.freedesktop.secrets | 62 | #dbus-user.talk org.freedesktop.secrets |
63 | dbus-system none | 63 | dbus-system none |
64 | |||
65 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 012bc6159..0f9ed9592 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -41,3 +41,4 @@ private-opt Gitter | |||
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index 9bdbd0e37..bd332a6d5 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -42,3 +42,5 @@ tracelog | |||
42 | private-dev | 42 | private-dev |
43 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl | 43 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl |
44 | private-tmp | 44 | private-tmp |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index 311d7f127..92ba70113 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index 162d292f8..d61b566d8 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 5e823a5a8..46553d457 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -34,3 +34,4 @@ private-cache | |||
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index edd2cd9ee..d4e4caebe 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -51,3 +51,4 @@ writable-run-user | |||
51 | # dbus-system none | 51 | # dbus-system none |
52 | 52 | ||
53 | # memory-deny-write-execute - breaks on Arch | 53 | # memory-deny-write-execute - breaks on Arch |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 0c19faab3..812923b2d 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -43,3 +43,4 @@ tracelog | |||
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index fe3a392b4..e171224c0 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -37,3 +37,4 @@ seccomp | |||
37 | private-dev | 37 | private-dev |
38 | 38 | ||
39 | read-write ${HOME}/.bash_history | 39 | read-write ${HOME}/.bash_history |
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile index 11fdb9828..3926146ff 100644 --- a/etc/profile-a-l/gnome-calculator.profile +++ b/etc/profile-a-l/gnome-calculator.profile | |||
@@ -52,3 +52,5 @@ dbus-user filter | |||
52 | dbus-user.own org.gnome.Calculator | 52 | dbus-user.own org.gnome.Calculator |
53 | dbus-user.talk ca.desrt.dconf | 53 | dbus-user.talk ca.desrt.dconf |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index 482992778..b0d3f1d34 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -60,3 +60,4 @@ dbus-system filter | |||
60 | #dbus-system.talk org.freedesktop.GeoClue2 | 60 | #dbus-system.talk org.freedesktop.GeoClue2 |
61 | 61 | ||
62 | read-only ${HOME} | 62 | read-only ${HOME} |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index af5b61fe6..2e11f335b 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -56,3 +56,4 @@ private-tmp | |||
56 | # dbus-system none | 56 | # dbus-system none |
57 | 57 | ||
58 | read-only ${HOME} | 58 | read-only ${HOME} |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 815ede80b..78bd54b64 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -51,3 +51,5 @@ private-cache | |||
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload | 52 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload |
53 | private-tmp | 53 | private-tmp |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index cc8f3fea0..8af9870bf 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -44,3 +44,4 @@ private-dev | |||
44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl | 44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index f96f750dd..2326115c3 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -38,3 +38,4 @@ disable-mnt | |||
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 24fa9721a..c8af97a61 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -41,3 +41,4 @@ private-cache | |||
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-font-viewer.profile b/etc/profile-a-l/gnome-font-viewer.profile index 294729152..17d266537 100644 --- a/etc/profile-a-l/gnome-font-viewer.profile +++ b/etc/profile-a-l/gnome-font-viewer.profile | |||
@@ -35,3 +35,4 @@ disable-mnt | |||
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index f734f23bd..f0493c645 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -49,3 +49,4 @@ dbus-system none | |||
49 | 49 | ||
50 | read-only ${HOME} | 50 | read-only ${HOME} |
51 | read-write ${HOME}/.cache/mesa_shader_cache | 51 | read-write ${HOME}/.cache/mesa_shader_cache |
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 5f9679cc7..45b6fd880 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -59,3 +59,4 @@ private-tmp | |||
59 | dbus-system none | 59 | dbus-system none |
60 | 60 | ||
61 | memory-deny-write-execute | 61 | memory-deny-write-execute |
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 105996b38..43e0a1ec1 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -50,3 +50,5 @@ private-dev | |||
50 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive | 50 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive |
51 | 51 | ||
52 | dbus-system none | 52 | dbus-system none |
53 | |||
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index f93d9ca24..b619b0f27 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | # Add 'ignore read-only ${HOME}' to your gnome-logs.local if you export logs to a file under your ${HOME}. | 52 | # Add 'ignore read-only ${HOME}' to your gnome-logs.local if you export logs to a file under your ${HOME}. |
53 | read-only ${HOME} | 53 | read-only ${HOME} |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 2f5e033ad..d14b2a5a1 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -73,3 +73,5 @@ dbus-user.own org.gnome.Maps | |||
73 | dbus-system filter | 73 | dbus-system filter |
74 | #dbus-system.talk org.freedesktop.NetworkManager | 74 | #dbus-system.talk org.freedesktop.NetworkManager |
75 | dbus-system.talk org.freedesktop.GeoClue2 | 75 | dbus-system.talk org.freedesktop.GeoClue2 |
76 | |||
77 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 444f6ed34..052e9ba9c 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -31,3 +31,4 @@ private-cache | |||
31 | private-dev | 31 | private-dev |
32 | private-tmp | 32 | private-tmp |
33 | 33 | ||
34 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 8c2ff90ea..ec033dbf0 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -44,3 +44,4 @@ private-dev | |||
44 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg | 44 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index abf3dd759..ce4e5edd8 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | #restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index bd39ab0c9..0d7fb2de8 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -59,3 +59,5 @@ dbus-user filter | |||
59 | dbus-user.own org.gnome.PasswordSafe | 59 | dbus-user.own org.gnome.PasswordSafe |
60 | dbus-user.talk ca.desrt.dconf | 60 | dbus-user.talk ca.desrt.dconf |
61 | dbus-system none | 61 | dbus-system none |
62 | |||
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 5c848d0af..1d0291aa2 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -40,3 +40,4 @@ tracelog | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 0086edab0..6d90773aa 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -38,3 +38,4 @@ private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.s | |||
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index e4120743a..fb019227f 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -56,3 +56,4 @@ dbus-system none | |||
56 | 56 | ||
57 | read-only ${HOME} | 57 | read-only ${HOME} |
58 | read-write ${HOME}/.local/share/gnome-pomodoro | 58 | read-write ${HOME}/.local/share/gnome-pomodoro |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 483783195..75f3199e2 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -50,3 +50,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so | |||
50 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* | 50 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 44c608e8c..8f2ab7fd6 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -30,3 +30,4 @@ disable-mnt | |||
30 | # private-dev | 30 | # private-dev |
31 | private-tmp | 31 | private-tmp |
32 | 32 | ||
33 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 415d8eb04..b71d77621 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -61,4 +61,3 @@ disable-mnt | |||
61 | private-cache | 61 | private-cache |
62 | private-dev | 62 | private-dev |
63 | writable-var | 63 | writable-var |
64 | |||
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 95e1309ad..74238a109 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -48,3 +48,5 @@ dbus-user filter | |||
48 | dbus-user.own org.gnome.Screenshot | 48 | dbus-user.own org.gnome.Screenshot |
49 | dbus-user.talk org.gnome.Shell.Screenshot | 49 | dbus-user.talk org.gnome.Shell.Screenshot |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 0faf17c2f..d07bd80a7 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -41,3 +41,5 @@ private-cache | |||
41 | private-dev | 41 | private-dev |
42 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg | 42 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg |
43 | private-tmp | 43 | private-tmp |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index ae2f79e35..4c74c0a61 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -53,3 +53,4 @@ writable-var-log | |||
53 | memory-deny-write-execute | 53 | memory-deny-write-execute |
54 | # Add 'ignore read-only ${HOME}' to your gnome-system-log.local if you export logs to a file under your ${HOME}. | 54 | # Add 'ignore read-only ${HOME}' to your gnome-system-log.local if you export logs to a file under your ${HOME}. |
55 | read-only ${HOME} | 55 | read-only ${HOME} |
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 097a4d5aa..ae7ea83d8 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -61,3 +61,4 @@ dbus-system none | |||
61 | #dbus-system.talk org.freedesktop.login1 | 61 | #dbus-system.talk org.freedesktop.login1 |
62 | 62 | ||
63 | read-only ${HOME} | 63 | read-only ${HOME} |
64 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index 3b9e44f66..dfeeff950 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -37,3 +37,4 @@ disable-mnt | |||
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index ddffb8942..147b84a19 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -46,3 +46,4 @@ private-dev | |||
46 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl | 46 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index bd20bb2bc..c9145d78e 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | dbus-user filter | 46 | dbus-user filter |
47 | dbus-user.talk ca.desrt.dconf | 47 | dbus-user.talk ca.desrt.dconf |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index 9df2f06a4..d7944ae24 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -57,3 +57,5 @@ dbus-user filter | |||
57 | dbus-user.own org.gnome.Gnote | 57 | dbus-user.own org.gnome.Gnote |
58 | dbus-user.talk ca.desrt.dconf | 58 | dbus-user.talk ca.desrt.dconf |
59 | dbus-system none | 59 | dbus-system none |
60 | |||
61 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index bc69f4729..bdbcf9baf 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 57ad9bedc..36a2cae07 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -42,3 +42,5 @@ private-tmp | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile index c1119dcb0..327648cd1 100644 --- a/etc/profile-a-l/goldendict.profile +++ b/etc/profile-a-l/goldendict.profile | |||
@@ -55,3 +55,5 @@ private-tmp | |||
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
57 | dbus-system none | 57 | dbus-system none |
58 | |||
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 1eaa68c1d..8807a239d 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -32,3 +32,5 @@ tracelog | |||
32 | private-dev | 32 | private-dev |
33 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl | 33 | # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl |
34 | # private-tmp | 34 | # private-tmp |
35 | |||
36 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 71e41b289..4af6ce36b 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -39,3 +39,4 @@ private-bin bash,dirname,google-earth,grep,ls,sed,sh | |||
39 | private-dev | 39 | private-dev |
40 | private-opt google | 40 | private-opt google |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index b84ae83b7..c2a7d89fd 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -39,3 +39,5 @@ seccomp | |||
39 | disable-mnt | 39 | disable-mnt |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 74cfd5b89..da7c24581 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -58,3 +58,5 @@ private-tmp | |||
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 40c3b434d..e05cdf424 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -30,3 +30,5 @@ tracelog | |||
30 | 30 | ||
31 | # private-bin gpa,gpg | 31 | # private-bin gpa,gpg |
32 | private-dev | 32 | private-dev |
33 | |||
34 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 78546f547..848960f5f 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -49,3 +49,5 @@ tracelog | |||
49 | # private-bin gpg-agent,gpg | 49 | # private-bin gpg-agent,gpg |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index bc4fb060b..250c9c396 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -51,3 +51,4 @@ private-dev | |||
51 | # installing/upgrading archlinux-keyring extremely slow. | 51 | # installing/upgrading archlinux-keyring extremely slow. |
52 | read-write /etc/pacman.d/gnupg | 52 | read-write /etc/pacman.d/gnupg |
53 | read-write /usr/share/pacman/keyrings | 53 | read-write /usr/share/pacman/keyrings |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 937ef14fe..1012f5774 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -48,3 +48,4 @@ dbus-user none | |||
48 | dbus-system none | 48 | dbus-system none |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
51 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 628205015..53a6f94e2 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -38,3 +38,4 @@ private-dev | |||
38 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 38 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 8ff0d92bb..368482fa3 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -52,3 +52,5 @@ dbus-user.own de.haeckerfelix.gradio | |||
52 | dbus-user.own org.mpris.MediaPlayer2.gradio | 52 | dbus-user.own org.mpris.MediaPlayer2.gradio |
53 | dbus-user.talk ca.desrt.dconf | 53 | dbus-user.talk ca.desrt.dconf |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index 6d9c54967..5073e79c9 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index ab0915cd6..02a49134c 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index b9e3d8e25..9654f0ffc 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -34,3 +34,5 @@ private-bin gthumb | |||
34 | private-cache | 34 | private-cache |
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index 793fb0440..5fd92fd4f 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -53,3 +53,4 @@ dbus-user none | |||
53 | dbus-system none | 53 | dbus-system none |
54 | 54 | ||
55 | memory-deny-write-execute | 55 | memory-deny-write-execute |
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 594c99863..35ce2816b 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -32,3 +32,4 @@ private-bin guayadeque | |||
32 | private-dev | 32 | private-dev |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile index 774652fd5..68b78ec62 100644 --- a/etc/profile-a-l/gucharmap.profile +++ b/etc/profile-a-l/gucharmap.profile | |||
@@ -51,3 +51,4 @@ private-tmp | |||
51 | # dbus-system none | 51 | # dbus-system none |
52 | 52 | ||
53 | read-only ${HOME} | 53 | read-only ${HOME} |
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index e8f64e4e0..db307e940 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 93af4d1f8..8f7f74e0d 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -52,3 +52,4 @@ private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.prel | |||
52 | # dbus-system none | 52 | # dbus-system none |
53 | 53 | ||
54 | # memory-deny-write-execute | 54 | # memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 1f13232f2..488665154 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -36,3 +36,5 @@ private-tmp | |||
36 | 36 | ||
37 | dbus-user none | 37 | dbus-user none |
38 | dbus-system none | 38 | dbus-system none |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index 8d665ce68..e5b0a06af 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -43,3 +43,5 @@ private-tmp | |||
43 | 43 | ||
44 | dbus-user none | 44 | dbus-user none |
45 | dbus-system none | 45 | dbus-system none |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index a1a491ca1..fd8246aae 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -56,3 +56,4 @@ dbus-system none | |||
56 | 56 | ||
57 | memory-deny-write-execute | 57 | memory-deny-write-execute |
58 | read-only ${HOME} | 58 | read-only ${HOME} |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index 9c6f162c6..2de09ea93 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -35,3 +35,5 @@ tracelog | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | private-tmp |
38 | |||
39 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index c730187a9..df7f8f3a3 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -55,3 +55,4 @@ private-dev | |||
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | # memory-deny-write-execute - breaks python | 57 | # memory-deny-write-execute - breaks python |
58 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 04a603794..d77f49ce0 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index cf06b397f..91b73e8e9 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | # memory-deny-write-execute | 58 | # memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 22a3ecf51..09af8f0f5 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -49,3 +49,4 @@ dbus-user none | |||
49 | dbus-system none | 49 | dbus-system none |
50 | 50 | ||
51 | memory-deny-write-execute | 51 | memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index d4587a303..c4085cf9c 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 8fd80564a..13dc06ecc 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index c131381c8..757af67b0 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -69,3 +69,5 @@ private-cache | |||
69 | private-dev | 69 | private-dev |
70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | 70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl |
71 | private-tmp | 71 | private-tmp |
72 | |||
73 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index e96b1843c..a0c3f2d97 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
@@ -16,3 +16,4 @@ noroot | |||
16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
17 | seccomp | 17 | seccomp |
18 | 18 | ||
19 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/iagno.profile b/etc/profile-a-l/iagno.profile index 727dabb77..e16f3f1d5 100644 --- a/etc/profile-a-l/iagno.profile +++ b/etc/profile-a-l/iagno.profile | |||
@@ -37,3 +37,5 @@ private-tmp | |||
37 | 37 | ||
38 | # dbus-user none | 38 | # dbus-user none |
39 | # dbus-system none | 39 | # dbus-system none |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 0d976222f..31f65962f 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -39,3 +39,4 @@ private-dev | |||
39 | # private-tmp | 39 | # private-tmp |
40 | 40 | ||
41 | noexec /tmp | 41 | noexec /tmp |
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 29aeb006b..60e97b24c 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -38,3 +38,5 @@ private-tmp | |||
38 | 38 | ||
39 | dbus-user none | 39 | dbus-user none |
40 | dbus-system none | 40 | dbus-system none |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index 889e4ba65..ee341423a 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index 7306de4b3..d9a256c11 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -54,3 +54,4 @@ dbus-system none | |||
54 | 54 | ||
55 | read-only ${HOME} | 55 | read-only ${HOME} |
56 | read-write ${HOME}/.cache/mesa_shader_cache | 56 | read-write ${HOME}/.cache/mesa_shader_cache |
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile index 43085bb9b..94333a610 100644 --- a/etc/profile-a-l/imv.profile +++ b/etc/profile-a-l/imv.profile | |||
@@ -54,3 +54,4 @@ dbus-user none | |||
54 | dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | read-only ${HOME} | 56 | read-only ${HOME} |
57 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index d461add95..1034c225f 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -60,3 +60,4 @@ dbus-user none | |||
60 | dbus-system none | 60 | dbus-system none |
61 | 61 | ||
62 | # memory-deny-write-execute | 62 | # memory-deny-write-execute |
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile index 483772a1e..cb2f30350 100644 --- a/etc/profile-a-l/io.github.lainsce.Notejot.profile +++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile | |||
@@ -57,3 +57,5 @@ dbus-user filter | |||
57 | dbus-user.own io.github.lainsce.Notejot | 57 | dbus-user.own io.github.lainsce.Notejot |
58 | dbus-user.talk ca.desrt.dconf | 58 | dbus-user.talk ca.desrt.dconf |
59 | dbus-system none | 59 | dbus-system none |
60 | |||
61 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index cdf78ea94..983c31bcb 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile | |||
@@ -59,3 +59,4 @@ dbus-system none | |||
59 | 59 | ||
60 | # memory-deny-write-execute | 60 | # memory-deny-write-execute |
61 | # read-only ${HOME} | 61 | # read-only ${HOME} |
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index 85ea915c7..1c4ddebdb 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -39,3 +39,4 @@ private-dev | |||
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec /tmp | 41 | noexec /tmp |
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index fc1f7e42c..5fe484029 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -39,3 +39,4 @@ private-dev | |||
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | env QT_QPA_PLATFORM=xcb | 41 | env QT_QPA_PLATFORM=xcb |
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 628a646c2..e34b3e676 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index f55305a08..3136b412e 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -40,3 +40,4 @@ dbus-user none | |||
40 | dbus-system none | 40 | dbus-system none |
41 | 41 | ||
42 | memory-deny-write-execute | 42 | memory-deny-write-execute |
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 23f7b720d..c0bda1cbf 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -28,3 +28,5 @@ tracelog | |||
28 | disable-mnt | 28 | disable-mnt |
29 | private-cache | 29 | private-cache |
30 | private-tmp | 30 | private-tmp |
31 | |||
32 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index dee252281..66d63283a 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index a98f09d7d..81d4f3458 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -35,3 +35,5 @@ novideo | |||
35 | 35 | ||
36 | private-dev | 36 | private-dev |
37 | # private-tmp | 37 | # private-tmp |
38 | |||
39 | # restrict-namespaces - breaks privileged helpers | ||
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index 8dba3b4e9..73417bf11 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -40,3 +40,4 @@ seccomp | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 6331e3990..bde52f30e 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index dc6e58c99..152f73d5d 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -60,4 +60,5 @@ private-tmp | |||
60 | # dbus-user none | 60 | # dbus-user none |
61 | # dbus-system none | 61 | # dbus-system none |
62 | 62 | ||
63 | restrict-namespaces | ||
63 | join-or-start kate | 64 | join-or-start kate |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 61802383d..c01000af1 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -52,3 +52,5 @@ private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cach | |||
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index 6e1de1abd..ea56f2d39 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -67,3 +67,4 @@ dbus-user none | |||
67 | dbus-system none | 67 | dbus-system none |
68 | 68 | ||
69 | #memory-deny-write-execute | 69 | #memory-deny-write-execute |
70 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kdeinit4.profile b/etc/profile-a-l/kdeinit4.profile index 8b02142c3..2f426e191 100644 --- a/etc/profile-a-l/kdeinit4.profile +++ b/etc/profile-a-l/kdeinit4.profile | |||
@@ -34,3 +34,4 @@ private-bin kbuildsycoca4,kded4,kdeinit4,knotify4 | |||
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index 872e6d9aa..d4933d816 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -38,3 +38,5 @@ private-dev | |||
38 | 38 | ||
39 | # dbus-user none | 39 | # dbus-user none |
40 | # dbus-system none | 40 | # dbus-system none |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 947e35750..e0b3eadfd 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -55,3 +55,5 @@ private-dev | |||
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
57 | dbus-system none | 57 | dbus-system none |
58 | |||
59 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index db3bbd76f..648ed95cf 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -43,3 +43,4 @@ private-cache | |||
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index c8b895fc2..935fe3933 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -47,3 +47,4 @@ dbus-user none | |||
47 | dbus-system none | 47 | dbus-system none |
48 | 48 | ||
49 | memory-deny-write-execute | 49 | memory-deny-write-execute |
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 827951071..80374690c 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -106,5 +106,7 @@ dbus-user.talk org.xfce.ScreenSaver | |||
106 | dbus-system filter | 106 | dbus-system filter |
107 | dbus-system.talk org.freedesktop.login1 | 107 | dbus-system.talk org.freedesktop.login1 |
108 | 108 | ||
109 | restrict-namespaces | ||
110 | |||
109 | # Mutex is stored in /tmp by default, which is broken by private-tmp. | 111 | # Mutex is stored in /tmp by default, which is broken by private-tmp. |
110 | join-or-start keepassxc | 112 | join-or-start keepassxc |
diff --git a/etc/profile-a-l/kfind.profile b/etc/profile-a-l/kfind.profile index dee84482f..c70030a38 100644 --- a/etc/profile-a-l/kfind.profile +++ b/etc/profile-a-l/kfind.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | # dbus-user none | 45 | # dbus-user none |
46 | # dbus-system none | 46 | # dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 9b6646725..dd45c1889 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -41,3 +41,4 @@ private-dev | |||
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | # memory-deny-write-execute | 43 | # memory-deny-write-execute |
44 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 637b00c35..424fb006e 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -45,3 +45,4 @@ dbus-user none | |||
45 | dbus-system none | 45 | dbus-system none |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 2df907376..a4c8486e1 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -34,3 +34,4 @@ private-cache | |||
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 1c50ad2ea..5a028aeea 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c7b5123d2..0c2d171b9 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -42,3 +42,5 @@ private-tmp | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index 4b8c9e414..0785b904d 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -51,3 +51,5 @@ private-srv none | |||
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
53 | dbus-system none | 53 | dbus-system none |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 1bbc141e8..9724f4963 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -62,3 +62,5 @@ private-dev | |||
62 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments | 62 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments |
63 | # writable-run-user is needed for signing and encrypting emails | 63 | # writable-run-user is needed for signing and encrypting emails |
64 | writable-run-user | 64 | writable-run-user |
65 | |||
66 | # restrict-namespaces | ||
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index 135e8f3ad..992b312ee 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -38,3 +38,4 @@ private-cache | |||
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b78d9c474..474a10a31 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -51,3 +51,5 @@ tracelog | |||
51 | 51 | ||
52 | private-dev | 52 | private-dev |
53 | private-tmp | 53 | private-tmp |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 875d0ef76..e4781fea3 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -43,3 +43,4 @@ private-dev | |||
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | # memory-deny-write-execute | 45 | # memory-deny-write-execute |
46 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 9e75b03eb..91030f453 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -37,3 +37,4 @@ private-dev | |||
37 | private-tmp | 37 | private-tmp |
38 | writable-var | 38 | writable-var |
39 | 39 | ||
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 70d721e9f..a04376430 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | # dbus-user none | 49 | # dbus-user none |
50 | # dbus-system none | 50 | # dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 96eb6978d..27feccf40 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -35,3 +35,5 @@ protocol unix,inet,inet6 | |||
35 | seccomp | 35 | seccomp |
36 | 36 | ||
37 | # private-cache | 37 | # private-cache |
38 | |||
39 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index cb06dd38f..da267b962 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -67,3 +67,4 @@ private-tmp | |||
67 | 67 | ||
68 | deterministic-shutdown | 68 | deterministic-shutdown |
69 | # memory-deny-write-execute | 69 | # memory-deny-write-execute |
70 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 086a4500a..68ef6111a 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -50,3 +50,5 @@ private-tmp | |||
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
52 | dbus-system none | 52 | dbus-system none |
53 | |||
54 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 176c78515..0cdfe4f10 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -78,3 +78,4 @@ dbus-user.talk org.freedesktop.Notifications | |||
78 | dbus-system none | 78 | dbus-system none |
79 | 79 | ||
80 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 80 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
81 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index c3b2a1205..7ecf26d8e 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -44,3 +44,5 @@ private-bin kwin_x11 | |||
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg | 45 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg |
46 | private-tmp | 46 | private-tmp |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 1883d7c86..18a024c7e 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -52,4 +52,5 @@ private-tmp | |||
52 | # dbus-user none | 52 | # dbus-user none |
53 | # dbus-system none | 53 | # dbus-system none |
54 | 54 | ||
55 | restrict-namespaces | ||
55 | join-or-start kwrite | 56 | join-or-start kwrite |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index f6c28fafa..f1e1a897b 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -38,3 +38,5 @@ private-tmp | |||
38 | 38 | ||
39 | dbus-user none | 39 | dbus-user none |
40 | dbus-system none | 40 | dbus-system none |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index ce62b8d5c..27b27a20b 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -38,3 +38,4 @@ private-dev | |||
38 | private-lib | 38 | private-lib |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 24d6261fb..6efe23ade 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -48,3 +48,4 @@ dbus-system none | |||
48 | memory-deny-write-execute | 48 | memory-deny-write-execute |
49 | read-only ${HOME} | 49 | read-only ${HOME} |
50 | read-write ${HOME}/.lesshst | 50 | read-write ${HOME}/.lesshst |
51 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index 00447c6c1..40ec7b9c6 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -47,3 +47,4 @@ dbus-user none | |||
47 | dbus-system none | 47 | dbus-system none |
48 | 48 | ||
49 | memory-deny-write-execute | 49 | memory-deny-write-execute |
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index e25eaa2e9..518928876 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -54,4 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-system none | 55 | dbus-system none |
56 | 56 | ||
57 | restrict-namespaces | ||
57 | join-or-start libreoffice | 58 | join-or-start libreoffice |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile index 280669b24..025156d2d 100644 --- a/etc/profile-a-l/lifeograph.profile +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | dbus-user filter | 54 | dbus-user filter |
55 | dbus-user.talk ca.desrt.dconf | 55 | dbus-user.talk ca.desrt.dconf |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 75aac74d1..b0e9015ee 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -59,3 +59,5 @@ dbus-user.talk ca.desrt.dconf | |||
59 | # Add the next line to your liferea.local if you use the 'Libsecret Support' plugin. | 59 | # Add the next line to your liferea.local if you use the 'Libsecret Support' plugin. |
60 | #dbus-user.talk org.freedesktop.secrets | 60 | #dbus-user.talk org.freedesktop.secrets |
61 | dbus-system none | 61 | dbus-system none |
62 | |||
63 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 79eca0a6f..d81e21636 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 4eec03855..22a4a2a2a 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -59,3 +59,4 @@ dbus-user none | |||
59 | dbus-system none | 59 | dbus-system none |
60 | 60 | ||
61 | memory-deny-write-execute | 61 | memory-deny-write-execute |
62 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index e375f0c13..2273ed560 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -47,3 +47,4 @@ disable-mnt | |||
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index b4582c4f5..35fca733a 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -37,3 +37,5 @@ private-tmp | |||
37 | 37 | ||
38 | dbus-user none | 38 | dbus-user none |
39 | dbus-system none | 39 | dbus-system none |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index 3108900ef..78b78662b 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -39,3 +39,4 @@ private-dev | |||
39 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 39 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 2b61f4d48..f6436d93d 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index b7280b61c..4a8352831 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -36,3 +36,4 @@ private-cache | |||
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80cecd056..2658c5373 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -80,3 +80,5 @@ dbus-user filter | |||
80 | dbus-user.own net.lutris.Lutris | 80 | dbus-user.own net.lutris.Lutris |
81 | dbus-user.talk com.feralinteractive.GameMode | 81 | dbus-user.talk com.feralinteractive.GameMode |
82 | dbus-system none | 82 | dbus-system none |
83 | |||
84 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index d8485ba65..589f1cf6b 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -35,3 +35,4 @@ private-cache | |||
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index a5fc967be..1ecf3c9d7 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -37,3 +37,4 @@ seccomp | |||
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | restrict-namespaces | ||
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index 02a9f8d82..caf8de104 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -39,3 +39,5 @@ private-cache | |||
39 | private-dev | 39 | private-dev |
40 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl | 40 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl |
41 | private-tmp | 41 | private-tmp |
42 | |||
43 | restrict-namespaces | ||