diff options
Diffstat (limited to 'etc/profile-a-l')
326 files changed, 415 insertions, 525 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 4009853d3..ddc7ecad5 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 1d787cba7..80b032aee 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | mkdir ${HOME}/.config/2048-qt | 18 | mkdir ${HOME}/.config/2048-qt |
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index 1d86b0fbf..39b39667c 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -10,7 +10,6 @@ noblacklist ${HOME}/.config/Cryptocat | |||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | 14 | ||
16 | caps.drop all | 15 | caps.drop all |
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 7dc6b5ff0..3fe2ddcd5 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index d10b70796..92f8e5c85 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 75da9a956..256e2115a 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | 17 | ||
@@ -43,7 +42,7 @@ tracelog | |||
43 | private-bin abiword | 42 | private-bin abiword |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc fonts,gtk-3.0,passwd | 45 | private-etc fonts,gtk-3.0,ld.so.preload,passwd |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
49 | # dbus-user none | 48 | # dbus-user none |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 34f59769e..8652ae5f1 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
@@ -51,7 +50,7 @@ tracelog | |||
51 | private-bin agetpkg,python3 | 50 | private-bin agetpkg,python3 |
52 | private-cache | 51 | private-cache |
53 | private-dev | 52 | private-dev |
54 | private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl | 53 | private-etc ca-certificates,crypto-policies,ld.so.preload,pki,resolv.conf,ssl |
55 | private-tmp | 54 | private-tmp |
56 | 55 | ||
57 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 37fdb38b5..168e81985 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -25,7 +25,6 @@ include disable-common.inc | |||
25 | include disable-devel.inc | 25 | include disable-devel.inc |
26 | include disable-exec.inc | 26 | include disable-exec.inc |
27 | include disable-interpreters.inc | 27 | include disable-interpreters.inc |
28 | include disable-passwdmgr.inc | ||
29 | include disable-programs.inc | 28 | include disable-programs.inc |
30 | 29 | ||
31 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 38fcd2dc1..d1e7df37b 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 4c6d68020..9b74b4d29 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -15,7 +15,6 @@ include disable-devel.inc | |||
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
21 | # Whitelist your system icon directory,varies by distro | 20 | # Whitelist your system icon directory,varies by distro |
@@ -54,7 +53,7 @@ disable-mnt | |||
54 | # private-bin alacarte,bash,python*,sh | 53 | # private-bin alacarte,bash,python*,sh |
55 | private-cache | 54 | private-cache |
56 | private-dev | 55 | private-dev |
57 | private-etc alternatives,dconf,fonts,gtk-3.0,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg | 56 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg |
58 | private-tmp | 57 | private-tmp |
59 | 58 | ||
60 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 81ee6bd46..62857a3e2 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 0b5cf0df0..61c3ad21d 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -37,7 +37,6 @@ include disable-common.inc | |||
37 | include disable-devel.inc | 37 | include disable-devel.inc |
38 | include disable-exec.inc | 38 | include disable-exec.inc |
39 | include disable-interpreters.inc | 39 | include disable-interpreters.inc |
40 | include disable-passwdmgr.inc | ||
41 | include disable-programs.inc | 40 | include disable-programs.inc |
42 | include disable-shell.inc | 41 | include disable-shell.inc |
43 | include disable-xdg.inc | 42 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index a7caddc4c..e7b78f7d0 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${MUSIC} | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index f6e399e9f..e82c145d1 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | mkdir ${HOME}/.aMule | 17 | mkdir ${HOME}/.aMule |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 5a21744cf..ad44d5f1d 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -20,7 +20,6 @@ include allow-common-devel.inc | |||
20 | include allow-ssh.inc | 20 | include allow-ssh.inc |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | 24 | ||
26 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index ef60e91c2..b6e931be5 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
@@ -46,13 +45,12 @@ protocol unix,inet,inet6 | |||
46 | # QtWebengine needs chroot to set up its own sandbox | 45 | # QtWebengine needs chroot to set up its own sandbox |
47 | seccomp !chroot | 46 | seccomp !chroot |
48 | shell none | 47 | shell none |
49 | tracelog | ||
50 | 48 | ||
51 | disable-mnt | 49 | disable-mnt |
52 | private-bin anki,python* | 50 | private-bin anki,python* |
53 | private-cache | 51 | private-cache |
54 | private-dev | 52 | private-dev |
55 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf | 53 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf |
56 | private-tmp | 54 | private-tmp |
57 | 55 | ||
58 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fdaf10259..5001b20cb 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -10,7 +10,6 @@ noblacklist ${HOME}/.anydesk | |||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | 15 | ||
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index e7b09283e..9668ba00a 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -20,7 +20,6 @@ include allow-common-devel.inc | |||
20 | include allow-ssh.inc | 20 | include allow-ssh.inc |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
26 | 25 | ||
diff --git a/etc/profile-a-l/apktool.profile b/etc/profile-a-l/apktool.profile index 4ea43c434..1951748d4 100644 --- a/etc/profile-a-l/apktool.profile +++ b/etc/profile-a-l/apktool.profile | |||
@@ -9,7 +9,6 @@ include globals.local | |||
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-passwdmgr.inc | ||
13 | include disable-programs.inc | 12 | include disable-programs.inc |
14 | include disable-xdg.inc | 13 | include disable-xdg.inc |
15 | 14 | ||
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 01566314f..5d45a0804 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -26,7 +26,6 @@ include disable-common.inc | |||
26 | include disable-devel.inc | 26 | include disable-devel.inc |
27 | include disable-exec.inc | 27 | include disable-exec.inc |
28 | include disable-interpreters.inc | 28 | include disable-interpreters.inc |
29 | include disable-passwdmgr.inc | ||
30 | include disable-programs.inc | 29 | include disable-programs.inc |
31 | include disable-shell.inc | 30 | include disable-shell.inc |
32 | include disable-xdg.inc | 31 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index accabb6f5..c164073c5 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 19c37f90e..3aebd685d 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index 1fab4606b..81733220f 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -17,7 +17,6 @@ blacklist ${RUNUSER} | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | # Add the next line to your archiver-common.local if you don't need to compress files in disable-programs.inc. | 20 | # Add the next line to your archiver-common.local if you don't need to compress files in disable-programs.inc. |
22 | #include disable-programs.inc | 21 | #include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index 84b1d6c18..78dea1cd0 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index fd1ca9a09..01da63e8e 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 22b8ecd65..e96def048 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | 21 | ||
23 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
@@ -46,7 +45,7 @@ private-bin aria2c,gzip | |||
46 | # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). | 45 | # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). |
47 | #private-cache | 46 | #private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,groups,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | 48 | private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl |
50 | private-lib libreadline.so.* | 49 | private-lib libreadline.so.* |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index a63dd8f5f..45071dc62 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | whitelist /usr/share/ark | 18 | whitelist /usr/share/ark |
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 2c8b630ce..98ae01950 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | mkdir ${HOME}/.arm | 21 | mkdir ${HOME}/.arm |
@@ -44,6 +43,6 @@ tracelog | |||
44 | disable-mnt | 43 | disable-mnt |
45 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor | 44 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor |
46 | private-dev | 45 | private-dev |
47 | private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor | 46 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,passwd,pki,ssl,tor |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index fab72b7d3..adf4e16ee 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
@@ -57,7 +56,7 @@ disable-mnt | |||
57 | private-bin artha,enchant,notify-send | 56 | private-bin artha,enchant,notify-send |
58 | private-cache | 57 | private-cache |
59 | private-dev | 58 | private-dev |
60 | private-etc alternatives,fonts,machine-id | 59 | private-etc alternatives,fonts,ld.so.preload,machine-id |
61 | private-lib libnotify.so.* | 60 | private-lib libnotify.so.* |
62 | private-tmp | 61 | private-tmp |
63 | 62 | ||
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 977fe30a4..788a94302 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index c97fd691a..fbc65ffc7 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile index e377de2c8..272f9906d 100644 --- a/etc/profile-a-l/atool.profile +++ b/etc/profile-a-l/atool.profile | |||
@@ -13,7 +13,7 @@ include allow-perl.inc | |||
13 | noroot | 13 | noroot |
14 | 14 | ||
15 | # without login.defs atool complains and uses UID/GID 1000 by default | 15 | # without login.defs atool complains and uses UID/GID 1000 by default |
16 | private-etc alternatives,group,login.defs,passwd | 16 | private-etc alternatives,group,ld.so.preload,login.defs,passwd |
17 | private-tmp | 17 | private-tmp |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 1c3ed66ff..264bc0215 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
@@ -43,7 +42,7 @@ tracelog | |||
43 | 42 | ||
44 | private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote | 43 | private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote |
45 | private-dev | 44 | private-dev |
46 | private-etc alternatives,fonts,ld.so.cache | 45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
47 | # atril uses webkit gtk to display epub files | 46 | # atril uses webkit gtk to display epub files |
48 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 | 47 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 |
49 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit | 48 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit |
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index f9f209786..d71370b7e 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index a2de8436a..264bfb9ab 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 2c7fdc812..58b2efde6 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 2ebe35dd5..8fefc1eb7 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -48,7 +47,7 @@ disable-mnt | |||
48 | private-bin authenticator-rs | 47 | private-bin authenticator-rs |
49 | private-cache | 48 | private-cache |
50 | private-dev | 49 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,pki,resolv.conf,ssl,xdg | 50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,pki,resolv.conf,ssl,xdg |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
54 | dbus-user filter | 53 | dbus-user filter |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 42d9cd56a..f9a03ca68 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | 21 | ||
23 | # apparmor | 22 | # apparmor |
@@ -40,7 +39,7 @@ shell none | |||
40 | disable-mnt | 39 | disable-mnt |
41 | # private-bin authenticator,python* | 40 | # private-bin authenticator,python* |
42 | private-dev | 41 | private-dev |
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,pki,resolv.conf,ssl | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
46 | # makes settings immutable | 45 | # makes settings immutable |
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index 891928e5a..abd535afe 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -19,7 +19,6 @@ include disable-devel.inc | |||
19 | # disable-exec.inc might break scripting functionality | 19 | # disable-exec.inc might break scripting functionality |
20 | #include disable-exec.inc | 20 | #include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
25 | 24 | ||
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 1ecc03da1..468a3fe9f 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -23,6 +22,7 @@ mkdir ${HOME}/.config/avidemux3_qt5rc | |||
23 | whitelist ${HOME}/.avidemux6 | 22 | whitelist ${HOME}/.avidemux6 |
24 | whitelist ${HOME}/.config/avidemux3_qt5rc | 23 | whitelist ${HOME}/.config/avidemux3_qt5rc |
25 | whitelist ${VIDEOS} | 24 | whitelist ${VIDEOS} |
25 | |||
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index a57ad4014..e01ea5b5d 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${HOME}/.config/aweather | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 3952921a3..daa13a7ed 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index fe86d9b80..252016bec 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -23,7 +23,6 @@ include disable-common.inc | |||
23 | include disable-devel.inc | 23 | include disable-devel.inc |
24 | include disable-exec.inc | 24 | include disable-exec.inc |
25 | include disable-interpreters.inc | 25 | include disable-interpreters.inc |
26 | include disable-passwdmgr.inc | ||
27 | include disable-programs.inc | 26 | include disable-programs.inc |
28 | 27 | ||
29 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 8c69652c5..2080aad62 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
@@ -67,7 +66,7 @@ tracelog | |||
67 | private-bin balsa,balsa-ab,gpg,gpg-agent,gpg2,gpgsm | 66 | private-bin balsa,balsa-ab,gpg,gpg-agent,gpg2,gpgsm |
68 | private-cache | 67 | private-cache |
69 | private-dev | 68 | private-dev |
70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg | 69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.preload,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg |
71 | private-tmp | 70 | private-tmp |
72 | writable-run-user | 71 | writable-run-user |
73 | writable-var | 72 | writable-var |
@@ -80,4 +79,4 @@ dbus-user.talk org.freedesktop.secrets | |||
80 | dbus-user.talk org.gnome.keyring.SystemPrompter | 79 | dbus-user.talk org.gnome.keyring.SystemPrompter |
81 | dbus-system none | 80 | dbus-system none |
82 | 81 | ||
83 | read-only ${HOME}/.mozilla/firefox/profiles.ini \ No newline at end of file | 82 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
diff --git a/etc/profile-a-l/baobab.profile b/etc/profile-a-l/baobab.profile index ac03c663a..c8dbcad4e 100644 --- a/etc/profile-a-l/baobab.profile +++ b/etc/profile-a-l/baobab.profile | |||
@@ -10,7 +10,6 @@ include globals.local | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | # include disable-programs.inc | 13 | # include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | # include disable-xdg.inc | 15 | # include disable-xdg.inc |
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index 7b50e9199..f6775ee01 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index 3ecaea7fe..87bcf9a19 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -17,7 +17,6 @@ noblacklist ${HOME}/.config/gwenviewrc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | # Add the next line to your bcompare.local if you don't need to compare files in disable-programs.inc. | 20 | # Add the next line to your bcompare.local if you don't need to compare files in disable-programs.inc. |
22 | #include disable-programs.inc | 21 | #include disable-programs.inc |
23 | #include disable-shell.inc - breaks launch | 22 | #include disable-shell.inc - breaks launch |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index c7a82afbd..24db11c7e 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | mkdir ${HOME}/.bibletime | 21 | mkdir ${HOME}/.bibletime |
@@ -53,7 +52,7 @@ disable-mnt | |||
53 | # private-bin bibletime,qt5ct | 52 | # private-bin bibletime,qt5ct |
54 | private-cache | 53 | private-cache |
55 | private-dev | 54 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
59 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 854fe5cb9..61cd792b1 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 932db9b73..ef6ef7a75 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index dd7651979..773fa7500 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index bef25276d..91ce57966 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -6,54 +6,25 @@ include bitwarden.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Disabled until someone reported positive feedback | ||
10 | ignore include whitelist-usr-share-common.inc | ||
11 | |||
9 | ignore noexec /tmp | 12 | ignore noexec /tmp |
10 | 13 | ||
11 | noblacklist ${HOME}/.config/Bitwarden | 14 | noblacklist ${HOME}/.config/Bitwarden |
12 | 15 | ||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | 16 | include disable-shell.inc |
20 | include disable-xdg.inc | ||
21 | 17 | ||
22 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
23 | whitelist ${HOME}/.config/Bitwarden | 19 | whitelist ${HOME}/.config/Bitwarden |
24 | whitelist ${DOWNLOADS} | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | 20 | ||
28 | apparmor | ||
29 | caps.drop all | ||
30 | machine-id | 21 | machine-id |
31 | netfilter | ||
32 | no3d | 22 | no3d |
33 | nodvd | ||
34 | nogroups | ||
35 | noinput | ||
36 | nonewprivs | ||
37 | noroot | ||
38 | nosound | 23 | nosound |
39 | notv | 24 | |
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix,inet,inet6,netlink | ||
43 | seccomp !chroot | ||
44 | shell none | ||
45 | #tracelog - breaks on Arch | ||
46 | |||
47 | private-bin bitwarden | ||
48 | private-cache | ||
49 | ?HAS_APPIMAGE: ignore private-dev | 25 | ?HAS_APPIMAGE: ignore private-dev |
50 | private-dev | 26 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
51 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl | ||
52 | private-opt Bitwarden | 27 | private-opt Bitwarden |
53 | private-tmp | ||
54 | |||
55 | # breaks appindicator (tray) functionality | ||
56 | # dbus-user none | ||
57 | # dbus-system none | ||
58 | 28 | ||
59 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 29 | # Redirect |
30 | include electron.profile | ||
diff --git a/etc/profile-a-l/bleachbit.profile b/etc/profile-a-l/bleachbit.profile index 09fa24577..28ce8fbea 100644 --- a/etc/profile-a-l/bleachbit.profile +++ b/etc/profile-a-l/bleachbit.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | # include disable-programs.inc | 17 | # include disable-programs.inc |
19 | 18 | ||
20 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 701ae431e..225fd7cdc 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | # Allow usage of AMD GPU by OpenCL | 21 | # Allow usage of AMD GPU by OpenCL |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 80dc750f7..8d8787174 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | include whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
@@ -36,7 +35,7 @@ shell none | |||
36 | # private-bin bash,bless,mono,sh | 35 | # private-bin bash,bless,mono,sh |
37 | private-cache | 36 | private-cache |
38 | private-dev | 37 | private-dev |
39 | private-etc alternatives,fonts,mono | 38 | private-etc alternatives,fonts,ld.so.preload,mono |
40 | private-tmp | 39 | private-tmp |
41 | 40 | ||
42 | dbus-user none | 41 | dbus-user none |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 229c20293..7179bf4a5 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -42,7 +41,7 @@ tracelog | |||
42 | disable-mnt | 41 | disable-mnt |
43 | private-bin blobby | 42 | private-bin blobby |
44 | private-dev | 43 | private-dev |
45 | private-etc alsa,alternatives,asound.conf,drirc,group,hosts,login.defs,machine-id,passwd,pulse | 44 | private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.preload,login.defs,machine-id,passwd,pulse |
46 | private-lib | 45 | private-lib |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 904710cb5..683a7858b 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -44,7 +43,7 @@ disable-mnt | |||
44 | private-bin blobwars | 43 | private-bin blobwars |
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
47 | private-etc machine-id | 46 | private-etc ld.so.preload,machine-id |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
50 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/bluefish.profile b/etc/profile-a-l/bluefish.profile index f28435987..bc5219e29 100644 --- a/etc/profile-a-l/bluefish.profile +++ b/etc/profile-a-l/bluefish.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | 14 | ||
16 | include whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0cbac049a..94afc9e0b 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.config/Brackets | |||
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index 417a6b3e0..656701909 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | include whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile index d731a6a6e..dbfc90996 100644 --- a/etc/profile-a-l/bsdtar.profile +++ b/etc/profile-a-l/bsdtar.profile | |||
@@ -6,7 +6,7 @@ include bsdtar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | private-etc alternatives,group,localtime,passwd | 9 | private-etc alternatives,group,ld.so.preload,localtime,passwd |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include archiver-common.profile | 12 | include archiver-common.profile |
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index bda96bbb3..53cfde352 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index 83571397b..cdc168384 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -13,7 +13,6 @@ noblacklist ${DOCUMENTS} | |||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index fcff47662..280a61401 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${HOME}/.local/share/kxmlgui5/calligra | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | 15 | ||
17 | caps.drop all | 16 | caps.drop all |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index 74c7cc34b..d3c25d451 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
@@ -47,7 +46,7 @@ tracelog | |||
47 | disable-mnt | 46 | disable-mnt |
48 | private-bin cameramonitor,python* | 47 | private-bin cameramonitor,python* |
49 | private-cache | 48 | private-cache |
50 | private-etc alternatives,fonts | 49 | private-etc alternatives,fonts,ld.so.preload |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
53 | # dbus-user none | 52 | # dbus-user none |
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index 96f88a7c4..69cf912ef 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 7cf04c550..ff46cd429 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -25,7 +25,6 @@ include allow-common-devel.inc | |||
25 | include disable-common.inc | 25 | include disable-common.inc |
26 | include disable-exec.inc | 26 | include disable-exec.inc |
27 | include disable-interpreters.inc | 27 | include disable-interpreters.inc |
28 | include disable-passwdmgr.inc | ||
29 | include disable-programs.inc | 28 | include disable-programs.inc |
30 | include disable-xdg.inc | 29 | include disable-xdg.inc |
31 | 30 | ||
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index 009d3a049..38a670fdc 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -18,7 +18,6 @@ include allow-python3.inc | |||
18 | # include disable-common.inc | 18 | # include disable-common.inc |
19 | # include disable-devel.inc | 19 | # include disable-devel.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | # include disable-programs.inc | 21 | # include disable-programs.inc |
23 | 22 | ||
24 | whitelist /var/lib/mlocate | 23 | whitelist /var/lib/mlocate |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index 6e137010c..ceba03269 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -40,7 +39,7 @@ disable-mnt | |||
40 | private-bin cawbird | 39 | private-bin cawbird |
41 | private-cache | 40 | private-cache |
42 | private-dev | 41 | private-dev |
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg |
44 | private-tmp | 43 | private-tmp |
45 | 44 | ||
46 | # dbus-user none | 45 | # dbus-user none |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 1c539cc93..1a9340632 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -23,10 +23,8 @@ include disable-common.inc | |||
23 | include disable-devel.inc | 23 | include disable-devel.inc |
24 | include disable-exec.inc | 24 | include disable-exec.inc |
25 | include disable-interpreters.inc | 25 | include disable-interpreters.inc |
26 | include disable-passwdmgr.inc | ||
27 | include disable-programs.inc | 26 | include disable-programs.inc |
28 | 27 | ||
29 | read-only ${DESKTOP} | ||
30 | mkdir ${HOME}/.config/celluloid | 28 | mkdir ${HOME}/.config/celluloid |
31 | mkdir ${HOME}/.config/gnome-mpv | 29 | mkdir ${HOME}/.config/gnome-mpv |
32 | mkdir ${HOME}/.config/youtube-dl | 30 | mkdir ${HOME}/.config/youtube-dl |
@@ -55,12 +53,13 @@ tracelog | |||
55 | 53 | ||
56 | private-bin celluloid,env,gnome-mpv,python*,youtube-dl | 54 | private-bin celluloid,env,gnome-mpv,python*,youtube-dl |
57 | private-cache | 55 | private-cache |
58 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg | 56 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg |
59 | private-dev | 57 | private-dev |
60 | private-tmp | 58 | private-tmp |
61 | 59 | ||
62 | dbus-user filter | 60 | dbus-user filter |
63 | dbus-user.own io.github.celluloid_player.Celluloid | 61 | dbus-user.own io.github.celluloid_player.Celluloid |
62 | dbus-user.talk ca.desrt.dconf | ||
64 | dbus-user.talk org.gnome.SettingsDaemon.MediaKeys | 63 | dbus-user.talk org.gnome.SettingsDaemon.MediaKeys |
65 | dbus-system none | 64 | dbus-system none |
66 | 65 | ||
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 24939fc70..e89f488ea 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
24 | 23 | ||
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index aca1f5876..978d727f4 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -9,18 +9,24 @@ include globals.local | |||
9 | noblacklist ${VIDEOS} | 9 | noblacklist ${VIDEOS} |
10 | noblacklist ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include allow-python3.inc | ||
13 | |||
12 | include disable-common.inc | 14 | include disable-common.inc |
13 | include disable-devel.inc | 15 | include disable-devel.inc |
14 | include disable-exec.inc | 16 | include disable-exec.inc |
15 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-shell.inc | ||
18 | include disable-xdg.inc | 20 | include disable-xdg.inc |
19 | 21 | ||
20 | whitelist ${VIDEOS} | 22 | whitelist ${VIDEOS} |
21 | whitelist ${PICTURES} | 23 | whitelist ${PICTURES} |
24 | whitelist /run/udev/data | ||
25 | whitelist /usr/libexec/gstreamer-1.0/gst-plugin-scanner | ||
22 | whitelist /usr/share/gnome-video-effects | 26 | whitelist /usr/share/gnome-video-effects |
27 | whitelist /usr/share/gstreamer-1.0 | ||
23 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-run-common.inc | ||
24 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
@@ -31,21 +37,26 @@ machine-id | |||
31 | net none | 37 | net none |
32 | nodvd | 38 | nodvd |
33 | nogroups | 39 | nogroups |
40 | noinput | ||
34 | nonewprivs | 41 | nonewprivs |
35 | noroot | 42 | noroot |
43 | nosound | ||
36 | notv | 44 | notv |
37 | nou2f | 45 | nou2f |
38 | protocol unix | 46 | protocol unix |
39 | seccomp | 47 | seccomp |
48 | seccomp.block-secondary | ||
40 | shell none | 49 | shell none |
41 | tracelog | 50 | tracelog |
42 | 51 | ||
43 | disable-mnt | 52 | disable-mnt |
44 | private-bin cheese | 53 | private-bin cheese |
45 | private-cache | 54 | private-cache |
46 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0 | 55 | private-dev |
56 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.preload | ||
47 | private-tmp | 57 | private-tmp |
48 | 58 | ||
49 | dbus-user filter | 59 | dbus-user filter |
60 | dbus-user.own org.gnome.Cheese | ||
50 | dbus-user.talk ca.desrt.dconf | 61 | dbus-user.talk ca.desrt.dconf |
51 | dbus-system none | 62 | dbus-system none |
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index 7621b3c8c..e68182b27 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 87a0a0994..19addd285 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile | |||
@@ -6,5 +6,4 @@ caps.drop all | |||
6 | nonewprivs | 6 | nonewprivs |
7 | noroot | 7 | noroot |
8 | protocol unix,inet,inet6,netlink | 8 | protocol unix,inet,inet6,netlink |
9 | # kcmp is required for ozone-platform=wayland, see #3783. | 9 | seccomp !chroot |
10 | seccomp !chroot,!kcmp | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index f7493aa82..c42243e02 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -20,7 +20,6 @@ include disable-common.inc | |||
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | 21 | include disable-exec.inc |
22 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | # include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
26 | 25 | ||
@@ -30,6 +29,7 @@ whitelist ${DOWNLOADS} | |||
30 | whitelist ${HOME}/.pki | 29 | whitelist ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 30 | whitelist ${HOME}/.local/share/pki |
32 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-run-common.inc | ||
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
@@ -37,9 +37,6 @@ include whitelist-var-common.inc | |||
37 | # Add the next line to your chromium-common.local if your kernel allows unprivileged userns clone. | 37 | # Add the next line to your chromium-common.local if your kernel allows unprivileged userns clone. |
38 | #include chromium-common-hardened.inc.profile | 38 | #include chromium-common-hardened.inc.profile |
39 | 39 | ||
40 | # Add the next line to your chromium-common.local to allow screen sharing under wayland. | ||
41 | #whitelist ${RUNUSER}/pipewire-0 | ||
42 | |||
43 | apparmor | 40 | apparmor |
44 | caps.keep sys_admin,sys_chroot | 41 | caps.keep sys_admin,sys_chroot |
45 | netfilter | 42 | netfilter |
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index e1f9523c4..7d3e0c100 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | 15 | ||
17 | caps.drop all | 16 | caps.drop all |
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 9b62a1f73..5eb2cb621 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | mkdir ${HOME}/.claws-mail | 20 | mkdir ${HOME}/.claws-mail |
@@ -45,7 +44,7 @@ disable-mnt | |||
45 | private-bin bash,clawsker,perl,sh,which | 44 | private-bin bash,clawsker,perl,sh,which |
46 | private-cache | 45 | private-cache |
47 | private-dev | 46 | private-dev |
48 | private-etc alternatives,fonts | 47 | private-etc alternatives,fonts,ld.so.preload |
49 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* | 48 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index fa33795c1..b1509f391 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/clion-eap.profile b/etc/profile-a-l/clion-eap.profile new file mode 100644 index 000000000..3602c3e7b --- /dev/null +++ b/etc/profile-a-l/clion-eap.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile for CLion EAP | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include clion-eap.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include clion.profile | ||
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index 22cecff09..15071d731 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -5,6 +5,9 @@ include clion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/JetBrains/CLion* | ||
9 | noblacklist ${HOME}/.cache/JetBrains/CLion* | ||
10 | noblacklist ${HOME}/.clion* | ||
8 | noblacklist ${HOME}/.CLion* | 11 | noblacklist ${HOME}/.CLion* |
9 | noblacklist ${HOME}/.config/git | 12 | noblacklist ${HOME}/.config/git |
10 | noblacklist ${HOME}/.gitconfig | 13 | noblacklist ${HOME}/.gitconfig |
@@ -17,7 +20,6 @@ noblacklist ${HOME}/.tooling | |||
17 | include allow-ssh.inc | 20 | include allow-ssh.inc |
18 | 21 | ||
19 | include disable-common.inc | 22 | include disable-common.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 23 | include disable-programs.inc |
22 | 24 | ||
23 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index c8258da07..f3c77fa77 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index d421903a3..4c7cb86bf 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index bcd557787..e51dd6bed 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -12,7 +12,6 @@ noblacklist ${MUSIC} | |||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -28,4 +27,4 @@ seccomp | |||
28 | shell none | 27 | shell none |
29 | 28 | ||
30 | private-bin cmus | 29 | private-bin cmus |
31 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,machine-id,pki,pulse,resolv.conf,ssl | 30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index e19b78908..fdf94ec41 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,6 +5,21 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # Disabled until someone reported positive feedback | ||
9 | ignore include disable-devel.inc | ||
10 | ignore include disable-exec.inc | ||
11 | ignore include disable-interpreters.inc | ||
12 | ignore include disable-xdg.inc | ||
13 | ignore whitelist ${DOWNLOADS} | ||
14 | ignore include whitelist-common.inc | ||
15 | ignore include whitelist-runuser-common.inc | ||
16 | ignore include whitelist-usr-share-common.inc | ||
17 | ignore include whitelist-var-common.inc | ||
18 | ignore apparmor | ||
19 | ignore disable-mnt | ||
20 | ignore dbus-user none | ||
21 | ignore dbus-system none | ||
22 | |||
8 | noblacklist ${HOME}/.config/Code | 23 | noblacklist ${HOME}/.config/Code |
9 | noblacklist ${HOME}/.config/Code - OSS | 24 | noblacklist ${HOME}/.config/Code - OSS |
10 | noblacklist ${HOME}/.vscode | 25 | noblacklist ${HOME}/.vscode |
@@ -13,31 +28,13 @@ noblacklist ${HOME}/.vscode-oss | |||
13 | # Allows files commonly used by IDEs | 28 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 29 | include allow-common-devel.inc |
15 | 30 | ||
16 | include disable-common.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | noinput | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | 31 | nosound |
28 | notv | ||
29 | nou2f | ||
30 | novideo | ||
31 | protocol unix,inet,inet6,netlink | ||
32 | seccomp | ||
33 | shell none | ||
34 | |||
35 | private-cache | ||
36 | private-dev | ||
37 | private-tmp | ||
38 | 32 | ||
39 | # Disabling noexec ${HOME} for now since it will | 33 | # Disabling noexec ${HOME} for now since it will |
40 | # probably interfere with running some programmes | 34 | # probably interfere with running some programmes |
41 | # in VS Code | 35 | # in VS Code |
42 | # noexec ${HOME} | 36 | # noexec ${HOME} |
43 | noexec /tmp | 37 | noexec /tmp |
38 | |||
39 | # Redirect | ||
40 | include electron.profile | ||
diff --git a/etc/profile-a-l/cola.profile b/etc/profile-a-l/cola.profile index e5debfd82..97bf6d394 100644 --- a/etc/profile-a-l/cola.profile +++ b/etc/profile-a-l/cola.profile | |||
@@ -7,4 +7,4 @@ include cola.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Redirect | 9 | # Redirect |
10 | include git-cola.profile \ No newline at end of file | 10 | include git-cola.profile |
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index bd6d8f5b0..33ee0d0ee 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index c8bdfec23..6f08bc378 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -46,7 +45,7 @@ disable-mnt | |||
46 | private-bin com.github.bleakgrey.tootle | 45 | private-bin com.github.bleakgrey.tootle |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
52 | # Settings are immutable | 51 | # Settings are immutable |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index b467a0f7a..d33b89e7c 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
@@ -53,7 +52,7 @@ disable-mnt | |||
53 | private-bin com.github.dahenson.agenda | 52 | private-bin com.github.dahenson.agenda |
54 | private-cache | 53 | private-cache |
55 | private-dev | 54 | private-dev |
56 | private-etc dconf,fonts,gtk-3.0 | 55 | private-etc dconf,fonts,gtk-3.0,ld.so.preload |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
59 | dbus-user filter | 58 | dbus-user filter |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index c13f9618b..c75a09a51 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
@@ -56,7 +55,7 @@ disable-mnt | |||
56 | private-bin com.github.johnfactotum.Foliate,gjs | 55 | private-bin com.github.johnfactotum.Foliate,gjs |
57 | private-cache | 56 | private-cache |
58 | private-dev | 57 | private-dev |
59 | private-etc dconf,fonts,gconf,gtk-3.0 | 58 | private-etc dconf,fonts,gconf,gtk-3.0,ld.so.preload |
60 | private-tmp | 59 | private-tmp |
61 | 60 | ||
62 | read-only ${HOME} | 61 | read-only ${HOME} |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index d0402d188..b10d1b5b0 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index eaa18739d..7ccc101bf 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
21 | 20 | ||
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 2fb446e2a..537381f64 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 1635995dc..351ca0dab 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 7ece35c2b..1d623fa09 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -41,7 +40,7 @@ tracelog | |||
41 | disable-mnt | 40 | disable-mnt |
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,ssl | 43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,machine-id,pki,ssl |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
47 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index b10216895..7cbbcd8d3 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 02b15ecc2..deb2c0ef8 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
@@ -40,7 +39,7 @@ shell none | |||
40 | disable-mnt | 39 | disable-mnt |
41 | private-bin crow | 40 | private-bin crow |
42 | private-dev | 41 | private-dev |
43 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 42 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
44 | private-opt none | 43 | private-opt none |
45 | private-tmp | 44 | private-tmp |
46 | private-srv none | 45 | private-srv none |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index c9867c5d7..448d8b655 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -20,7 +20,6 @@ blacklist ${RUNUSER} | |||
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | # Depending on workflow you can add 'include disable-xdg.inc' to your curl.local. | 24 | # Depending on workflow you can add 'include disable-xdg.inc' to your curl.local. |
26 | #include disable-xdg.inc | 25 | #include disable-xdg.inc |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index ba1e7adad..0e754c448 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-shell.inc | 20 | include disable-shell.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
@@ -51,7 +50,7 @@ disable-mnt | |||
51 | private-bin d-feet,python* | 50 | private-bin d-feet,python* |
52 | private-cache | 51 | private-cache |
53 | private-dev | 52 | private-dev |
54 | private-etc alternatives,dbus-1,fonts,machine-id | 53 | private-etc alternatives,dbus-1,fonts,ld.so.preload,machine-id |
55 | private-tmp | 54 | private-tmp |
56 | 55 | ||
57 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 56 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 61fa52928..a3590281c 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -10,11 +10,12 @@ noblacklist ${HOME}/.cache/darktable | |||
10 | noblacklist ${HOME}/.config/darktable | 10 | noblacklist ${HOME}/.config/darktable |
11 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include allow-lua.inc | ||
14 | |||
13 | include disable-common.inc | 15 | include disable-common.inc |
14 | include disable-devel.inc | 16 | include disable-devel.inc |
15 | include disable-exec.inc | 17 | include disable-exec.inc |
16 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 19 | include disable-programs.inc |
19 | include disable-xdg.inc | 20 | include disable-xdg.inc |
20 | 21 | ||
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 67a61bb60..c2532ed3b 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-write-mnt.inc | 19 | include disable-write-mnt.inc |
@@ -52,7 +51,7 @@ private | |||
52 | private-bin dbus-send | 51 | private-bin dbus-send |
53 | private-cache | 52 | private-cache |
54 | private-dev | 53 | private-dev |
55 | private-etc alternatives,dbus-1 | 54 | private-etc alternatives,dbus-1,ld.so.preload |
56 | private-lib libpcre* | 55 | private-lib libpcre* |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 0c221850a..2b43c5ea3 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -44,7 +43,7 @@ disable-mnt | |||
44 | private-bin dconf-editor | 43 | private-bin dconf-editor |
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
47 | private-etc alternatives,dconf,fonts,gtk-3.0,machine-id | 46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload,machine-id |
48 | private-lib | 47 | private-lib |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index be7514cbf..1cbeee763 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
@@ -47,7 +46,7 @@ disable-mnt | |||
47 | private-bin dconf,gsettings | 46 | private-bin dconf,gsettings |
48 | private-cache | 47 | private-cache |
49 | private-dev | 48 | private-dev |
50 | private-etc alternatives,dconf | 49 | private-etc alternatives,dconf,ld.so.preload |
51 | private-lib | 50 | private-lib |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 5b95b74be..0669a5a6c 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
@@ -46,7 +45,7 @@ tracelog | |||
46 | disable-mnt | 45 | disable-mnt |
47 | private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr | 46 | private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr |
48 | private-cache | 47 | private-cache |
49 | private-etc alternatives,fonts | 48 | private-etc alternatives,fonts,ld.so.preload |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
52 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index a221ebbd7..d9ff941da 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile index 5bdf5df7f..0d8c224d7 100644 --- a/etc/profile-a-l/default.profile +++ b/etc/profile-a-l/default.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | # include disable-devel.inc | 12 | # include disable-devel.inc |
13 | # include disable-exec.inc | 13 | # include disable-exec.inc |
14 | # include disable-interpreters.inc | 14 | # include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | # include disable-shell.inc | 16 | # include disable-shell.inc |
18 | # include disable-write-mnt.inc | 17 | # include disable-write-mnt.inc |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index ad7aa6ed5..3697243e0 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | mkdir ${HOME}/.config/deluge | 21 | mkdir ${HOME}/.config/deluge |
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 212cdab60..5175146db 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | 18 | ||
20 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 5007f8e74..562f6b105 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
@@ -43,7 +42,7 @@ disable-mnt | |||
43 | private-bin devhelp | 42 | private-bin devhelp |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl | 45 | private-etc alternatives,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,ssl |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
49 | # makes settings immutable | 48 | # makes settings immutable |
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 6267b5709..19b6cffaf 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
@@ -49,7 +48,7 @@ disable-mnt | |||
49 | private-bin devilspie | 48 | private-bin devilspie |
50 | private-cache | 49 | private-cache |
51 | private-dev | 50 | private-dev |
52 | private-etc alternatives | 51 | private-etc alternatives,ld.so.preload |
53 | private-lib gconv | 52 | private-lib gconv |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
diff --git a/etc/profile-a-l/dex2jar.profile b/etc/profile-a-l/dex2jar.profile index 8f3703369..9c1cf72f0 100644 --- a/etc/profile-a-l/dex2jar.profile +++ b/etc/profile-a-l/dex2jar.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 531734b7d..902148756 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 247159a8a..a925781af 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | # include disable-devel.inc | 17 | # include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | # include disable-interpreters.inc | 19 | # include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 2ca7bd400..41625e12e 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 9871a6095..276ee251a 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${HOME}/.dillo | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | 15 | ||
17 | mkdir ${HOME}/.dillo | 16 | mkdir ${HOME}/.dillo |
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index c3174b35f..b1a9550f1 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 19e7bd9ab..c04e38899 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -23,8 +23,8 @@ ignore novideo | |||
23 | whitelist ${HOME}/.config/BetterDiscord | 23 | whitelist ${HOME}/.config/BetterDiscord |
24 | whitelist ${HOME}/.local/share/betterdiscordctl | 24 | whitelist ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh | 26 | private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl |
28 | 28 | ||
29 | join-or-start discord | 29 | join-or-start discord |
30 | 30 | ||
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 11f3fd36e..6eff39d40 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
@@ -41,7 +40,7 @@ shell none | |||
41 | private-bin display,python* | 40 | private-bin display,python* |
42 | private-dev | 41 | private-dev |
43 | # On Debian-based systems, display is a symlink in /etc/alternatives | 42 | # On Debian-based systems, display is a symlink in /etc/alternatives |
44 | private-etc alternatives | 43 | private-etc alternatives,ld.so.preload |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
47 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index f8fb1a331..906089663 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 01398c2b2..2db1548a4 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -16,7 +16,6 @@ blacklist ${RUNUSER}/wayland-* | |||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 49feec32e..ac86ef75a 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-write-mnt.inc | 20 | include disable-write-mnt.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 37a4113cb..f1b630ac8 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | mkdir ${HOME}/.dooble | 18 | mkdir ${HOME}/.dooble |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 988f66f28..ad7049d3d 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 8fa01d504..26243ab4e 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 82d96e405..253f5643e 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -46,7 +45,7 @@ shell none | |||
46 | private-bin drawio | 45 | private-bin drawio |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,fonts | 48 | private-etc alternatives,fonts,ld.so.preload |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
52 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index 068bd88d8..2a09270f7 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | # include disable-interpreters.inc | 18 | # include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index b3b2aaf40..73d9cfbbc 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -15,7 +15,6 @@ include allow-python3.inc | |||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | mkdir ${HOME}/.dropbox | 20 | mkdir ${HOME}/.dropbox |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 38e4b16f7..0345f2b24 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
@@ -46,7 +45,7 @@ disable-mnt | |||
46 | #private-bin bash,easystroke,sh | 45 | #private-bin bash,easystroke,sh |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,fonts,group,passwd | 48 | private-etc alternatives,fonts,group,ld.so.preload,passwd |
50 | # breaks custom shell command functionality | 49 | # breaks custom shell command functionality |
51 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 50 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
52 | private-tmp | 51 | private-tmp |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 278dd6cbd..e472f57b6 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -46,7 +45,7 @@ shell none | |||
46 | private-bin electron-mail | 45 | private-bin electron-mail |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg | 48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg |
50 | private-opt ElectronMail | 49 | private-opt ElectronMail |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index 493af79d4..05ae7e16d 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -8,7 +8,6 @@ include disable-common.inc | |||
8 | include disable-devel.inc | 8 | include disable-devel.inc |
9 | include disable-exec.inc | 9 | include disable-exec.inc |
10 | include disable-interpreters.inc | 10 | include disable-interpreters.inc |
11 | include disable-passwdmgr.inc | ||
12 | include disable-programs.inc | 11 | include disable-programs.inc |
13 | include disable-xdg.inc | 12 | include disable-xdg.inc |
14 | 13 | ||
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad636d71a..8cfc9f797 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-shell.inc | 20 | include disable-shell.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
@@ -48,7 +47,7 @@ private-bin electrum,python* | |||
48 | private-cache | 47 | private-cache |
49 | ?HAS_APPIMAGE: ignore private-dev | 48 | ?HAS_APPIMAGE: ignore private-dev |
50 | private-dev | 49 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl | 50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.preload,machine-id,pki,resolv.conf,ssl |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
54 | # dbus-user none | 53 | # dbus-user none |
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 55bf743ef..7e9be653d 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -15,7 +15,6 @@ noblacklist ${HOME}/.emacs.d | |||
15 | include allow-common-devel.inc | 15 | include allow-common-devel.inc |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 6c9a8a6ea..8673b65ca 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -7,11 +7,12 @@ include email-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.bogofilter | ||
10 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 12 | noblacklist ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 13 | noblacklist ${HOME}/.signature |
13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 14 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 15 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
15 | noblacklist ${HOME}/Mail | 16 | noblacklist ${HOME}/Mail |
16 | 17 | ||
17 | noblacklist ${DOCUMENTS} | 18 | noblacklist ${DOCUMENTS} |
@@ -20,7 +21,6 @@ include disable-common.inc | |||
20 | include disable-devel.inc | 21 | include disable-devel.inc |
21 | include disable-exec.inc | 22 | include disable-exec.inc |
22 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 24 | include disable-programs.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
@@ -66,7 +66,7 @@ tracelog | |||
66 | # disable-mnt | 66 | # disable-mnt |
67 | private-cache | 67 | private-cache |
68 | private-dev | 68 | private-dev |
69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg | 69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg |
70 | private-tmp | 70 | private-tmp |
71 | # encrypting and signing email | 71 | # encrypting and signing email |
72 | writable-run-user | 72 | writable-run-user |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index ac17b1726..0a2e23996 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
@@ -49,7 +48,7 @@ x11 none | |||
49 | private-bin enchant,enchant-* | 48 | private-bin enchant,enchant-* |
50 | private-cache | 49 | private-cache |
51 | private-dev | 50 | private-dev |
52 | private-etc alternatives | 51 | private-etc alternatives,ld.so.preload |
53 | private-lib | 52 | private-lib |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
diff --git a/etc/profile-a-l/engrampa.profile b/etc/profile-a-l/engrampa.profile index f926610e2..1aca416d8 100644 --- a/etc/profile-a-l/engrampa.profile +++ b/etc/profile-a-l/engrampa.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | 14 | ||
16 | include whitelist-var-common.inc | 15 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index c4123b4c2..0d0d6f083 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index fe7913e77..ddc0ce0b9 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-write-mnt.inc | 21 | include disable-write-mnt.inc |
23 | 22 | ||
@@ -48,6 +47,6 @@ tracelog | |||
48 | 47 | ||
49 | private-cache | 48 | private-cache |
50 | private-dev | 49 | private-dev |
51 | private-etc alternatives,dconf,fonts,gtk-3.0 | 50 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload |
52 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 51 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
53 | private-tmp | 52 | private-tmp |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index 5892374bd..65e5c6e69 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -18,7 +18,7 @@ whitelist /usr/share/eog | |||
18 | 18 | ||
19 | private-bin eog | 19 | private-bin eog |
20 | 20 | ||
21 | # broken on Debian 10 (buster) running LXDE got the folowing error: | 21 | # broken on Debian 10 (buster) running LXDE got the following error: |
22 | # Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown | 22 | # Failed to register: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown |
23 | #dbus-user filter | 23 | #dbus-user filter |
24 | #dbus-user.own org.gnome.eog | 24 | #dbus-user.own org.gnome.eog |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 964d3b7ca..fe7b912bd 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -55,7 +54,7 @@ disable-mnt | |||
55 | private-bin equalx,gs,pdflatex,pdftocairo | 54 | private-bin equalx,gs,pdflatex,pdftocairo |
56 | private-cache | 55 | private-cache |
57 | private-dev | 56 | private-dev |
58 | private-etc equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,machine-id,papersize,passwd,texlive,Trolltech.conf | 57 | private-etc equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf |
59 | private-tmp | 58 | private-tmp |
60 | 59 | ||
61 | dbus-user none | 60 | dbus-user none |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index fdff1e4b5..edeed69bf 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index a9e39b15c..63e456488 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include disable-shell.inc | 23 | include disable-shell.inc |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
@@ -55,9 +54,9 @@ tracelog | |||
55 | private-bin evince,evince-previewer,evince-thumbnailer | 54 | private-bin evince,evince-previewer,evince-thumbnailer |
56 | private-cache | 55 | private-cache |
57 | private-dev | 56 | private-dev |
58 | private-etc alternatives,fonts,group,ld.so.cache,machine-id,passwd | 57 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd |
59 | # private-lib might break two-page-view on some systems | 58 | # private-lib might break two-page-view on some systems |
60 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* | 59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* |
61 | private-tmp | 60 | private-tmp |
62 | 61 | ||
63 | # dbus-user filtering might break two-page-view on some systems | 62 | # dbus-user filtering might break two-page-view on some systems |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 7222493ac..a80327234 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -20,7 +20,6 @@ include disable-common.inc | |||
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | 21 | include disable-exec.inc |
22 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | 24 | ||
26 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 7b09a2c64..12c22ba5b 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | whitelist /usr/share/perl-image-exiftool | 20 | whitelist /usr/share/perl-image-exiftool |
@@ -49,7 +48,7 @@ x11 none | |||
49 | #private-bin exiftool,perl | 48 | #private-bin exiftool,perl |
50 | private-cache | 49 | private-cache |
51 | private-dev | 50 | private-dev |
52 | private-etc alternatives | 51 | private-etc alternatives,ld.so.preload |
53 | private-tmp | 52 | private-tmp |
54 | 53 | ||
55 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index b2061db79..62ea449a6 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
@@ -47,7 +46,7 @@ disable-mnt | |||
47 | # private-bin falkon | 46 | # private-bin falkon |
48 | private-cache | 47 | private-cache |
49 | private-dev | 48 | private-dev |
50 | private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | 49 | private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
53 | # dbus-user filter | 52 | # dbus-user filter |
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 8e81000fd..121c5ba26 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 31cb1776c..25e1082ad 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
21 | 20 | ||
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 664ec2da6..e45df21fc 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/feh-network.inc.profile b/etc/profile-a-l/feh-network.inc.profile index 690b39171..f9b3d58c9 100644 --- a/etc/profile-a-l/feh-network.inc.profile +++ b/etc/profile-a-l/feh-network.inc.profile | |||
@@ -5,4 +5,4 @@ include feh-network.inc.local | |||
5 | ignore net none | 5 | ignore net none |
6 | netfilter | 6 | netfilter |
7 | protocol unix,inet,inet6 | 7 | protocol unix,inet,inet6 |
8 | private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl | 8 | private-etc ca-certificates,crypto-policies,hosts,ld.so.preload,pki,resolv.conf,ssl |
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index 2f2d8a4c7..f2770f294 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
17 | 16 | ||
@@ -37,7 +36,7 @@ shell none | |||
37 | private-bin feh,jpegexiforient,jpegtran | 36 | private-bin feh,jpegexiforient,jpegtran |
38 | private-cache | 37 | private-cache |
39 | private-dev | 38 | private-dev |
40 | private-etc alternatives,feh | 39 | private-etc alternatives,feh,ld.so.preload |
41 | private-tmp | 40 | private-tmp |
42 | 41 | ||
43 | dbus-user none | 42 | dbus-user none |
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index 7358ed5c7..babfeab61 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -12,7 +12,6 @@ noblacklist ${HOME}/.netrc | |||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | caps.drop all | 17 | caps.drop all |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 13ef1beb9..637e6fbf5 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/ffplay.profile b/etc/profile-a-l/ffplay.profile index 04134cbf4..2284ccbe4 100644 --- a/etc/profile-a-l/ffplay.profile +++ b/etc/profile-a-l/ffplay.profile | |||
@@ -14,7 +14,7 @@ ignore nogroups | |||
14 | ignore nosound | 14 | ignore nosound |
15 | 15 | ||
16 | private-bin ffplay | 16 | private-bin ffplay |
17 | private-etc alsa,asound.conf,group | 17 | private-etc alsa,asound.conf,group,ld.so.preload |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include ffmpeg.profile | 20 | include ffmpeg.profile |
diff --git a/etc/profile-a-l/file-manager-common.profile b/etc/profile-a-l/file-manager-common.profile index 23ec4a432..dbae06f19 100644 --- a/etc/profile-a-l/file-manager-common.profile +++ b/etc/profile-a-l/file-manager-common.profile | |||
@@ -26,7 +26,6 @@ include allow-python3.inc | |||
26 | include disable-devel.inc | 26 | include disable-devel.inc |
27 | include disable-exec.inc | 27 | include disable-exec.inc |
28 | include disable-interpreters.inc | 28 | include disable-interpreters.inc |
29 | include disable-passwdmgr.inc | ||
30 | #include disable-programs.inc | 29 | #include disable-programs.inc |
31 | 30 | ||
32 | allusers | 31 | allusers |
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 4e651ed61..54fa7dfa7 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -10,10 +10,10 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | 14 | ||
16 | whitelist /usr/libexec/file-roller | 15 | whitelist /usr/libexec/file-roller |
16 | whitelist /usr/libexec/p7zip | ||
17 | whitelist /usr/share/file-roller | 17 | whitelist /usr/share/file-roller |
18 | include whitelist-runuser-common.inc | 18 | include whitelist-runuser-common.inc |
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd | 43 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc dconf,fonts,gtk-3.0,xdg | 46 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,xdg |
47 | # private-tmp | 47 | # private-tmp |
48 | 48 | ||
49 | dbus-system none | 49 | dbus-system none |
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index 5c7583605..397120a0b 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -11,7 +11,6 @@ blacklist ${RUNUSER} | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | 15 | ||
17 | apparmor | 16 | apparmor |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index d282f9a60..b2b7c362a 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -2,6 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include firefox-common-addons.local | 3 | include firefox-common-addons.local |
4 | 4 | ||
5 | ignore whitelist ${RUNUSER}/*firefox* | ||
5 | ignore include whitelist-runuser-common.inc | 6 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 7 | ignore private-cache |
7 | 8 | ||
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 8b74ed979..20ae039aa 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -27,6 +27,7 @@ whitelist ${DOWNLOADS} | |||
27 | whitelist ${HOME}/.pki | 27 | whitelist ${HOME}/.pki |
28 | whitelist ${HOME}/.local/share/pki | 28 | whitelist ${HOME}/.local/share/pki |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-run-common.inc | ||
30 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
31 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
32 | 33 | ||
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 7874c882f..9138fed90 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -16,6 +16,7 @@ include globals.local | |||
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/mozilla | 17 | noblacklist ${HOME}/.cache/mozilla |
18 | noblacklist ${HOME}/.mozilla | 18 | noblacklist ${HOME}/.mozilla |
19 | noblacklist ${RUNUSER}/*firefox* | ||
19 | 20 | ||
20 | blacklist /usr/libexec | 21 | blacklist /usr/libexec |
21 | 22 | ||
@@ -35,6 +36,7 @@ whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | |||
35 | whitelist /usr/share/gtk-doc/html | 36 | whitelist /usr/share/gtk-doc/html |
36 | whitelist /usr/share/mozilla | 37 | whitelist /usr/share/mozilla |
37 | whitelist /usr/share/webext | 38 | whitelist /usr/share/webext |
39 | whitelist ${RUNUSER}/*firefox* | ||
38 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
39 | 41 | ||
40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 42 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
@@ -56,9 +58,8 @@ dbus-user.own org.mpris.MediaPlayer2.firefox.* | |||
56 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | 58 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration |
57 | #dbus-user.talk org.kde.JobViewServer | 59 | #dbus-user.talk org.kde.JobViewServer |
58 | #dbus-user.talk org.kde.kuiserver | 60 | #dbus-user.talk org.kde.kuiserver |
59 | # Add the next two lines to your firefox.local to allow screen sharing under wayland. | 61 | # Add the next line to your firefox.local to allow screen sharing under wayland. |
60 | #whitelist ${RUNUSER}/pipewire-0 | 62 | #dbus-user.talk org.freedesktop.portal.Desktop |
61 | #dbus-user.talk org.freedesktop.portal.* | ||
62 | # Add the next line to your firefox.local if screen sharing sharing still does not work | 63 | # Add the next line to your firefox.local if screen sharing sharing still does not work |
63 | # with the above lines (might depend on the portal implementation). | 64 | # with the above lines (might depend on the portal implementation). |
64 | #ignore noroot | 65 | #ignore noroot |
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 55af96c84..5c7bc03d8 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
@@ -53,7 +52,7 @@ tracelog | |||
53 | disable-mnt | 52 | disable-mnt |
54 | private-bin flameshot | 53 | private-bin flameshot |
55 | private-cache | 54 | private-cache |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,machine-id,pki,resolv.conf,ssl | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl |
57 | private-dev | 56 | private-dev |
58 | #private-tmp | 57 | #private-tmp |
59 | 58 | ||
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index a4421e3ce..bc173d0f1 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | 21 | ||
23 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index cd0129436..02db368b7 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index bd1495877..6020464b3 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 1b1d031b4..265eec1ca 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-shell.inc | 20 | include disable-shell.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index 8043d0530..827dc8be9 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 23c19682c..5126e2d37 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 93fa7da03..4467b5869 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
24 | 23 | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index 699177039..fbe3d45e3 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index e6aff533d..aeed313c8 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -8,13 +8,15 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeTube | 9 | noblacklist ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include allow-bin-sh.inc | ||
12 | |||
11 | include disable-shell.inc | 13 | include disable-shell.inc |
12 | 14 | ||
13 | mkdir ${HOME}/.config/FreeTube | 15 | mkdir ${HOME}/.config/FreeTube |
14 | whitelist ${HOME}/.config/FreeTube | 16 | whitelist ${HOME}/.config/FreeTube |
15 | 17 | ||
16 | private-bin freetube | 18 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 19 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
18 | 20 | ||
19 | # Redirect | 21 | # Redirect |
20 | include electron.profile | 22 | include electron.profile |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index b4ad81046..efd5246d6 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
@@ -46,7 +45,7 @@ disable-mnt | |||
46 | private-bin frogatto,sh | 45 | private-bin frogatto,sh |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc machine-id | 48 | private-etc ld.so.preload,machine-id |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
52 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 76352e41e..bb35c9447 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
21 | 20 | ||
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index 8852925b1..1009f345b 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | # include disable-shell.inc | 19 | # include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index ed3f0357d..6d764a0f9 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | # Add 'ignore include disable-xdg.inc' to your gajim.local if you need to whitelist folders other than ~/Downloads. | 23 | # Add 'ignore include disable-xdg.inc' to your gajim.local if you need to whitelist folders other than ~/Downloads. |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
@@ -60,7 +59,7 @@ disable-mnt | |||
60 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh | 59 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh |
61 | private-cache | 60 | private-cache |
62 | private-dev | 61 | private-dev |
63 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg | 62 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg |
64 | private-tmp | 63 | private-tmp |
65 | writable-run-user | 64 | writable-run-user |
66 | 65 | ||
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 550b3808b..c6280c488 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -44,7 +43,7 @@ tracelog | |||
44 | private-bin galculator | 43 | private-bin galculator |
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
47 | private-etc alternatives,fonts | 46 | private-etc alternatives,fonts,ld.so.preload |
48 | private-lib | 47 | private-lib |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile new file mode 100644 index 000000000..a31dde21c --- /dev/null +++ b/etc/profile-a-l/gallery-dl.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gallery-dl | ||
2 | # Description: Downloader of images from various sites | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include gallery-dl.local | ||
7 | # Persistent global definitions | ||
8 | # added by included profile | ||
9 | #include globals.local | ||
10 | |||
11 | noblacklist ${HOME}/.config/gallery-dl | ||
12 | noblacklist ${HOME}/.gallery-dl.conf | ||
13 | |||
14 | private-bin gallery-dl | ||
15 | private-etc gallery-dl.conf,ld.so.preload | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-dl.profile | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 3a8c055f2..e9eb55709 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -50,7 +49,7 @@ private | |||
50 | private-bin gapplication | 49 | private-bin gapplication |
51 | private-cache | 50 | private-cache |
52 | private-dev | 51 | private-dev |
53 | private-etc none | 52 | private-etc ld.so.preload,none |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
56 | # Add the next line to your gapplication.local to filter D-Bus names. | 55 | # Add the next line to your gapplication.local to filter D-Bus names. |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 388f4c0df..297e5d345 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl | 39 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index fec1a555a..6532d85f0 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
24 | 23 | ||
@@ -55,7 +54,7 @@ disable-mnt | |||
55 | private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* | 54 | private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* |
56 | private-cache | 55 | private-cache |
57 | private-dev | 56 | private-dev |
58 | private-etc alternatives,fonts,gconf | 57 | private-etc alternatives,fonts,gconf,ld.so.preload |
59 | private-lib GConf,libpython*,python2* | 58 | private-lib GConf,libpython*,python2* |
60 | private-tmp | 59 | private-tmp |
61 | 60 | ||
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 6fdb9b37a..f244cb526 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -12,7 +12,6 @@ noblacklist ${HOME}/.config/geany | |||
12 | include allow-common-devel.inc | 12 | include allow-common-devel.inc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | caps.drop all | 17 | caps.drop all |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 74e135a7c..b78f7e647 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include disable-shell.inc | 23 | include disable-shell.inc |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
@@ -71,7 +70,7 @@ tracelog | |||
71 | private-bin geary | 70 | private-bin geary |
72 | private-cache | 71 | private-cache |
73 | private-dev | 72 | private-dev |
74 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,xdg | 73 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.preload,pki,resolv.conf,ssl,xdg |
75 | private-tmp | 74 | private-tmp |
76 | 75 | ||
77 | dbus-user filter | 76 | dbus-user filter |
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 108b7041d..0726d17bd 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | # include disable-interpreters.inc | 18 | # include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index e0aadff24..4812e1368 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile | |||
@@ -6,14 +6,19 @@ include geekbench.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.geekbench5 | ||
10 | noblacklist /sbin | ||
11 | noblacklist /usr/sbin | ||
12 | |||
9 | include disable-common.inc | 13 | include disable-common.inc |
10 | include disable-devel.inc | 14 | include disable-devel.inc |
11 | include disable-exec.inc | 15 | include disable-exec.inc |
12 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 17 | include disable-programs.inc |
15 | include disable-xdg.inc | 18 | include disable-xdg.inc |
16 | 19 | ||
20 | mkdir ${HOME}/.geekbench5 | ||
21 | whitelist ${HOME}/.geekbench5 | ||
17 | include whitelist-common.inc | 22 | include whitelist-common.inc |
18 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
19 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
@@ -40,16 +45,14 @@ shell none | |||
40 | tracelog | 45 | tracelog |
41 | 46 | ||
42 | disable-mnt | 47 | disable-mnt |
43 | private-bin bash,geekbenc*,sh | 48 | #private-bin bash,geekbench*,sh -- #4576 |
44 | private-cache | 49 | private-cache |
45 | private-dev | 50 | private-dev |
46 | private-etc alternatives,group,lsb-release,passwd | 51 | private-etc alternatives,group,ld.so.preload,lsb-release,passwd |
47 | private-lib gcc/*/*/libstdc++.so.* | ||
48 | private-opt none | ||
49 | private-tmp | 52 | private-tmp |
50 | 53 | ||
51 | dbus-user none | 54 | dbus-user none |
52 | dbus-system none | 55 | dbus-system none |
53 | 56 | ||
54 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | ||
55 | read-only ${HOME} | 57 | read-only ${HOME} |
58 | read-write ${HOME}/.geekbench5 | ||
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index dd33b3fb5..fbb509d89 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.local/share/geeqie | |||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index f894a42ca..388f6496d 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index d9c5a0d9a..d8ca4ae41 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
@@ -50,7 +49,7 @@ disable-mnt | |||
50 | private-bin gget | 49 | private-bin gget |
51 | private-cache | 50 | private-cache |
52 | private-dev | 51 | private-dev |
53 | private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl | 52 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,pki,resolv.conf,ssl |
54 | private-lib | 53 | private-lib |
55 | private-tmp | 54 | private-tmp |
56 | 55 | ||
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 276ab76df..3dfdc0184 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index dfc1304d1..df9c2ac7a 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -13,7 +13,6 @@ include globals.local | |||
13 | #ignore net | 13 | #ignore net |
14 | #protocol unix,inet,inet6 | 14 | #protocol unix,inet,inet6 |
15 | 15 | ||
16 | |||
17 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory | 16 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory |
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 17 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 18 | ignore noexec ${HOME} |
@@ -26,10 +25,13 @@ noblacklist ${HOME}/.gimp* | |||
26 | noblacklist ${DOCUMENTS} | 25 | noblacklist ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 26 | noblacklist ${PICTURES} |
28 | 27 | ||
28 | # See issue #4367, gimp 2.10.22-3: gegl:introspect broken | ||
29 | noblacklist /sbin | ||
30 | noblacklist /usr/sbin | ||
31 | |||
29 | include disable-common.inc | 32 | include disable-common.inc |
30 | include disable-exec.inc | 33 | include disable-exec.inc |
31 | include disable-devel.inc | 34 | include disable-devel.inc |
32 | include disable-passwdmgr.inc | ||
33 | include disable-programs.inc | 35 | include disable-programs.inc |
34 | include disable-xdg.inc | 36 | include disable-xdg.inc |
35 | 37 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 661c3a375..010cdae06 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
25 | 24 | ||
@@ -53,7 +52,7 @@ tracelog | |||
53 | disable-mnt | 52 | disable-mnt |
54 | private-cache | 53 | private-cache |
55 | private-dev | 54 | private-dev |
56 | private-etc alternatives | 55 | private-etc alternatives,ld.so.preload |
57 | private-tmp | 56 | private-tmp |
58 | 57 | ||
59 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 5e4249376..c13273321 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -28,7 +28,6 @@ include disable-common.inc | |||
28 | include disable-devel.inc | 28 | include disable-devel.inc |
29 | include disable-exec.inc | 29 | include disable-exec.inc |
30 | include disable-interpreters.inc | 30 | include disable-interpreters.inc |
31 | include disable-passwdmgr.inc | ||
32 | include disable-programs.inc | 31 | include disable-programs.inc |
33 | include disable-xdg.inc | 32 | include disable-xdg.inc |
34 | 33 | ||
@@ -71,7 +70,7 @@ tracelog | |||
71 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed | 70 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed |
72 | private-cache | 71 | private-cache |
73 | private-dev | 72 | private-dev |
74 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg | 73 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg |
75 | private-tmp | 74 | private-tmp |
76 | writable-run-user | 75 | writable-run-user |
77 | 76 | ||
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index bfa0081c6..b0318e4a3 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -26,7 +26,6 @@ blacklist ${RUNUSER}/wayland-* | |||
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | include disable-passwdmgr.inc | ||
30 | include disable-programs.inc | 29 | include disable-programs.inc |
31 | 30 | ||
32 | whitelist /usr/share/git | 31 | whitelist /usr/share/git |
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 05d7dffa9..314b797c0 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | 22 | ||
24 | #whitelist ${HOME}/YOUR_GIT_PROJECTS_DIRECTORY | 23 | #whitelist ${HOME}/YOUR_GIT_PROJECTS_DIRECTORY |
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 460e2b990..36b016e02 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | mkdir ${HOME}/.config/Gitter | 17 | mkdir ${HOME}/.config/Gitter |
@@ -38,7 +37,7 @@ shell none | |||
38 | 37 | ||
39 | disable-mnt | 38 | disable-mnt |
40 | private-bin bash,env,gitter | 39 | private-bin bash,env,gitter |
41 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,pulse,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,pulse,resolv.conf,ssl |
42 | private-opt Gitter | 41 | private-opt Gitter |
43 | private-dev | 42 | private-dev |
44 | private-tmp | 43 | private-tmp |
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index ed68b3c2d..a52272852 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -19,7 +19,6 @@ include allow-gjs.inc | |||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | 23 | ||
25 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index c8cefc67e..35d969e6d 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index ee7af0546..dec0daef2 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 14b3ef811..d07f0ace4 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index b3aad8b2c..0a1264888 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
@@ -45,7 +44,7 @@ tracelog | |||
45 | disable-mnt | 44 | disable-mnt |
46 | #private-bin gmpc | 45 | #private-bin gmpc |
47 | private-cache | 46 | private-cache |
48 | private-etc alternatives,fonts | 47 | private-etc alternatives,fonts,ld.so.preload |
49 | private-tmp | 48 | private-tmp |
50 | writable-run-user | 49 | writable-run-user |
51 | 50 | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 34a7f557c..5b7eaa78d 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index 37ca5aeff..9fe9ed6ba 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -16,7 +16,6 @@ noblacklist ${HOME}/.local/share/gnome-builder | |||
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile index 4c465cc49..ac130da21 100644 --- a/etc/profile-a-l/gnome-calculator.profile +++ b/etc/profile-a-l/gnome-calculator.profile | |||
@@ -10,7 +10,6 @@ include globals.local | |||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index eaf25b177..2c1dee50c 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -46,7 +45,7 @@ private | |||
46 | private-bin gnome-calendar | 45 | private-bin gnome-calendar |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl | 48 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
52 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 741fe9bf7..aaa1e3f5a 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index bd39f625c..6261fcc27 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -51,5 +50,5 @@ disable-mnt | |||
51 | private-bin fairymax,gnome-chess,gnuchess,hoichess | 50 | private-bin fairymax,gnome-chess,gnuchess,hoichess |
52 | private-cache | 51 | private-cache |
53 | private-dev | 52 | private-dev |
54 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0 | 53 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.preload |
55 | private-tmp | 54 | private-tmp |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 1e7c70b84..7d33ac94e 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -43,6 +42,6 @@ disable-mnt | |||
43 | private-bin gnome-clocks,gsound-play | 42 | private-bin gnome-clocks,gsound-play |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,localtime,machine-id,pkcs11,pki,ssl | 45 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index dcc6163b6..f96f750dd 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 29ad67af8..0ed3c7541 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
24 | 23 | ||
diff --git a/etc/profile-a-l/gnome-font-viewer.profile b/etc/profile-a-l/gnome-font-viewer.profile index aa0844b8b..294729152 100644 --- a/etc/profile-a-l/gnome-font-viewer.profile +++ b/etc/profile-a-l/gnome-font-viewer.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 2db956faf..28c7e3346 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -43,7 +42,7 @@ private | |||
43 | private-bin gnome-hexgl | 42 | private-bin gnome-hexgl |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc alsa,asound.conf,machine-id,pulse | 45 | private-etc alsa,asound.conf,ld.so.preload,machine-id,pulse |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
49 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 25b4c47de..b74325102 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -12,7 +12,6 @@ noblacklist ${HOME}/.gnupg | |||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 1a7eafeca..1d2366365 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | whitelist /usr/share/gnome-latex | 21 | whitelist /usr/share/gnome-latex |
@@ -49,6 +48,6 @@ tracelog | |||
49 | private-cache | 48 | private-cache |
50 | private-dev | 49 | private-dev |
51 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 50 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
52 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,login.defs,passwd,texlive | 51 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.preload,login.defs,passwd,texlive |
53 | 52 | ||
54 | dbus-system none | 53 | dbus-system none |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index 9d2ea7b7b..3d8218e99 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -41,7 +40,7 @@ disable-mnt | |||
41 | private-bin gnome-logs | 40 | private-bin gnome-logs |
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-etc alternatives,fonts,localtime,machine-id | 43 | private-etc alternatives,fonts,ld.so.preload,localtime,machine-id |
45 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 44 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
46 | private-tmp | 45 | private-tmp |
47 | writable-var-log | 46 | writable-var-log |
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 23aab343f..7732117ac 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -24,7 +24,6 @@ include disable-common.inc | |||
24 | include disable-devel.inc | 24 | include disable-devel.inc |
25 | include disable-exec.inc | 25 | include disable-exec.inc |
26 | include disable-interpreters.inc | 26 | include disable-interpreters.inc |
27 | include disable-passwdmgr.inc | ||
28 | include disable-programs.inc | 27 | include disable-programs.inc |
29 | include disable-shell.inc | 28 | include disable-shell.inc |
30 | include disable-xdg.inc | 29 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 43fe71f5e..f8f40ea54 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 2fcbe9910..fe8268530 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
@@ -43,6 +42,6 @@ tracelog | |||
43 | # private-bin calls a file manager - whatever is installed! | 42 | # private-bin calls a file manager - whatever is installed! |
44 | #private-bin env,gio-launch-desktop,gnome-music,python*,yelp | 43 | #private-bin env,gio-launch-desktop,gnome-music,python*,yelp |
45 | private-dev | 44 | private-dev |
46 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,machine-id,pulse,selinux,xdg | 45 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.preload,machine-id,pulse,selinux,xdg |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index 814751db3..abf3dd759 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-xdg.inc | 14 | include disable-xdg.inc |
16 | 15 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index fee5f88b9..bdc09b5ac 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include disable-shell.inc | 23 | include disable-shell.inc |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
@@ -54,7 +53,7 @@ disable-mnt | |||
54 | private-bin gnome-passwordsafe,python3* | 53 | private-bin gnome-passwordsafe,python3* |
55 | private-cache | 54 | private-cache |
56 | private-dev | 55 | private-dev |
57 | private-etc dconf,fonts,gtk-3.0,passwd | 56 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,passwd |
58 | private-tmp | 57 | private-tmp |
59 | 58 | ||
60 | dbus-user filter | 59 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 58bf3f349..4fd78eaab 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | 18 | ||
20 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 41903b136..fb108ee97 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -12,7 +12,6 @@ noblacklist ${HOME}/.config/gnome-pie | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | #include disable-interpreters.inc | 14 | #include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | #include disable-programs.inc | 15 | #include disable-programs.inc |
17 | 16 | ||
18 | caps.drop all | 17 | caps.drop all |
@@ -35,7 +34,7 @@ shell none | |||
35 | disable-mnt | 34 | disable-mnt |
36 | private-cache | 35 | private-cache |
37 | private-dev | 36 | private-dev |
38 | private-etc alternatives,fonts,machine-id | 37 | private-etc alternatives,fonts,ld.so.preload,machine-id |
39 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
40 | private-tmp | 39 | private-tmp |
41 | 40 | ||
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index c2ba7556d..256a0c69f 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 48c98ebe0..9a5f878fc 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | 19 | ||
@@ -48,7 +47,7 @@ shell none | |||
48 | disable-mnt | 47 | disable-mnt |
49 | private-bin gnome-recipes,tar | 48 | private-bin gnome-recipes,tar |
50 | private-dev | 49 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl | 50 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,ssl |
52 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* | 51 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* |
53 | private-tmp | 52 | private-tmp |
54 | 53 | ||
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 78ceb9c4f..7ee01dec1 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | 15 | ||
17 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 69c90b33d..8c3db651f 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -29,7 +29,6 @@ include disable-common.inc | |||
29 | include disable-devel.inc | 29 | include disable-devel.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
31 | include disable-interpreters.inc | 31 | include disable-interpreters.inc |
32 | include disable-passwdmgr.inc | ||
33 | include disable-programs.inc | 32 | include disable-programs.inc |
34 | include disable-xdg.inc | 33 | include disable-xdg.inc |
35 | 34 | ||
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index b683b6f6c..a4e4ae38a 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -43,7 +42,7 @@ tracelog | |||
43 | disable-mnt | 42 | disable-mnt |
44 | private-bin gnome-screenshot | 43 | private-bin gnome-screenshot |
45 | private-dev | 44 | private-dev |
46 | private-etc dconf,fonts,gtk-3.0,localtime,machine-id | 45 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,localtime,machine-id |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
49 | dbus-user filter | 48 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 34f5fdeff..859d56bd9 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
@@ -41,5 +40,5 @@ tracelog | |||
41 | disable-mnt | 40 | disable-mnt |
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-etc alsa,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,machine-id,openal,pango,pulse,xdg | 43 | private-etc alsa,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,machine-id,openal,pango,pulse,xdg |
45 | private-tmp | 44 | private-tmp |
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 8a818695d..addd76f7f 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -44,7 +43,7 @@ disable-mnt | |||
44 | private-bin gnome-system-log | 43 | private-bin gnome-system-log |
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
47 | private-etc alternatives,fonts,localtime,machine-id | 46 | private-etc alternatives,fonts,ld.so.preload,localtime,machine-id |
48 | private-lib | 47 | private-lib |
49 | private-tmp | 48 | private-tmp |
50 | writable-var-log | 49 | writable-var-log |
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 3b147cd48..e7615e4f2 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -47,7 +46,7 @@ disable-mnt | |||
47 | private-bin gnome-todo | 46 | private-bin gnome-todo |
48 | private-cache | 47 | private-cache |
49 | private-dev | 48 | private-dev |
50 | private-etc dconf,fonts,gtk-3.0,localtime,passwd,xdg | 49 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,localtime,passwd,xdg |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
53 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index b8ec195d3..aef6b0fdd 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | mkdir ${HOME}/.cache/gnome-twitch | 18 | mkdir ${HOME}/.cache/gnome-twitch |
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index 2e08fa41d..5592879ec 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index 5627842f5..a76fbbb2c 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -42,7 +41,7 @@ tracelog | |||
42 | disable-mnt | 41 | disable-mnt |
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-etc dconf,fonts,gconf,gtk-2.0,gtk-3.0,machine-id,pango,passwd,X11 | 44 | private-etc dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.preload,machine-id,pango,passwd,X11 |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
48 | dbus-user filter | 47 | dbus-user filter |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index c3014a288..deda06f8e 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -22,6 +21,7 @@ mkdir ${HOME}/.config/gnote | |||
22 | mkdir ${HOME}/.local/share/gnote | 21 | mkdir ${HOME}/.local/share/gnote |
23 | whitelist ${HOME}/.config/gnote | 22 | whitelist ${HOME}/.config/gnote |
24 | whitelist ${HOME}/.local/share/gnote | 23 | whitelist ${HOME}/.local/share/gnote |
24 | whitelist /usr/libexec/webkit2gtk-4.0 | ||
25 | whitelist /usr/share/gnote | 25 | whitelist /usr/share/gnote |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin gnote | 51 | private-bin gnote |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc dconf,fonts,gtk-3.0,pango,X11 | 54 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,pango,X11 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index 22851ce9f..e2e154216 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -44,7 +43,7 @@ private | |||
44 | private-bin gnubik | 43 | private-bin gnubik |
45 | private-cache | 44 | private-cache |
46 | private-dev | 45 | private-dev |
47 | private-etc drirc,fonts,gtk-2.0 | 46 | private-etc drirc,fonts,gtk-2.0,ld.so.preload |
48 | private-tmp | 47 | private-tmp |
49 | 48 | ||
50 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 09ca17caa..f33f63497 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
@@ -39,7 +38,7 @@ tracelog | |||
39 | # private-bin godot | 38 | # private-bin godot |
40 | private-cache | 39 | private-cache |
41 | private-dev | 40 | private-dev |
42 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl | 41 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,ld.so.preload,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl |
43 | private-tmp | 42 | private-tmp |
44 | 43 | ||
45 | dbus-user none | 44 | dbus-user none |
diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile new file mode 100644 index 000000000..59a572319 --- /dev/null +++ b/etc/profile-a-l/goldendict.profile | |||
@@ -0,0 +1,57 @@ | |||
1 | # Firejail profile for goldendict | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include goldendict.local | ||
5 | # Persistent global definitions | ||
6 | include globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.goldendict | ||
9 | noblacklist ${HOME}/.cache/GoldenDict | ||
10 | |||
11 | include disable-common.inc | ||
12 | include disable-devel.inc | ||
13 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | ||
15 | include disable-programs.inc | ||
16 | include disable-shell.inc | ||
17 | include disable-xdg.inc | ||
18 | |||
19 | mkdir ${HOME}/.goldendict | ||
20 | mkdir ${HOME}/.cache/GoldenDict | ||
21 | whitelist ${HOME}/.goldendict | ||
22 | whitelist ${HOME}/.cache/GoldenDict | ||
23 | # The default path of dictionaries | ||
24 | whitelist /usr/share/stardict/dic | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | ||
29 | |||
30 | apparmor | ||
31 | caps.drop all | ||
32 | netfilter | ||
33 | # no3d leads to the libGL MESA-LOADER errors | ||
34 | #no3d | ||
35 | nodvd | ||
36 | nogroups | ||
37 | noinput | ||
38 | nonewprivs | ||
39 | noroot | ||
40 | notv | ||
41 | nou2f | ||
42 | novideo | ||
43 | protocol unix,inet,inet6,netlink | ||
44 | seccomp | ||
45 | seccomp.block-secondary | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin goldendict | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc ca-certificates,crypto-policies,fonts,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user none | ||
57 | dbus-system none | ||
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 8399d77c4..2ff3bc8d9 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${MUSIC} | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 65ac04771..0153a58d1 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | 16 | ||
18 | mkdir ${HOME}/.config/Google | 17 | mkdir ${HOME}/.config/Google |
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index a7aabe105..fe61d727e 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | 18 | ||
20 | mkdir ${HOME}/.config/Google Play Music Desktop Player | 19 | mkdir ${HOME}/.config/Google Play Music Desktop Player |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 2d0bce52b..a37c7ad77 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -21,7 +21,6 @@ include disable-common.inc | |||
21 | include disable-devel.inc | 21 | include disable-devel.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
23 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
24 | include disable-passwdmgr.inc | ||
25 | include disable-programs.inc | 24 | include disable-programs.inc |
26 | include disable-shell.inc | 25 | include disable-shell.inc |
27 | include disable-xdg.inc | 26 | include disable-xdg.inc |
@@ -55,7 +54,7 @@ disable-mnt | |||
55 | private-bin env,python3*,sh,w3m | 54 | private-bin env,python3*,sh,w3m |
56 | private-cache | 55 | private-cache |
57 | private-dev | 56 | private-dev |
58 | private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 57 | private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
59 | private-tmp | 58 | private-tmp |
60 | 59 | ||
61 | dbus-user none | 60 | dbus-user none |
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 37b4f0b1c..091851fa8 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${HOME}/.gnupg | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | 15 | ||
17 | caps.drop all | 16 | caps.drop all |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 7f0b614b1..c6ecef5ec 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -15,7 +15,6 @@ blacklist ${RUNUSER}/wayland-* | |||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
21 | 20 | ||
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index 4a4d6527c..cf58ebdb0 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -15,7 +15,6 @@ blacklist ${RUNUSER}/wayland-* | |||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | whitelist ${RUNUSER}/gnupg | 20 | whitelist ${RUNUSER}/gnupg |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index fa53c26c8..436134e1b 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | 17 | ||
@@ -42,7 +41,7 @@ tracelog | |||
42 | private-bin gpicview | 41 | private-bin gpicview |
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
45 | private-etc alternatives,fonts,group,passwd | 44 | private-etc alternatives,fonts,group,ld.so.preload,passwd |
46 | private-lib | 45 | private-lib |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 253d644f1..e421c6a0b 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | 17 | ||
@@ -37,6 +36,6 @@ tracelog | |||
37 | 36 | ||
38 | private-bin gpredict | 37 | private-bin gpredict |
39 | private-dev | 38 | private-dev |
40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl | 39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,resolv.conf,ssl |
41 | private-tmp | 40 | private-tmp |
42 | 41 | ||
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 2b4c536d2..efb6b39c6 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
@@ -46,7 +45,7 @@ disable-mnt | |||
46 | private-bin gradio | 45 | private-bin gradio |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg | 48 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
50 | private-tmp | 49 | private-tmp |
51 | 50 | ||
52 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index c7e0c2977..4baca353b 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 890ba2560..10d41735a 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
@@ -41,7 +40,7 @@ private | |||
41 | private-bin gravity-beams-and-evaporating-stars | 40 | private-bin gravity-beams-and-evaporating-stars |
42 | private-cache | 41 | private-cache |
43 | private-dev | 42 | private-dev |
44 | private-etc fonts,machine-id | 43 | private-etc fonts,ld.so.preload,machine-id |
45 | private-tmp | 44 | private-tmp |
46 | 45 | ||
47 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index 5927e8c4d..4218f8545 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -13,7 +13,6 @@ noblacklist ${HOME}/.steam | |||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index c8addae75..c6347efdf 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -47,7 +46,7 @@ disable-mnt | |||
47 | private-bin gtk-update-icon-cache | 46 | private-bin gtk-update-icon-cache |
48 | private-cache | 47 | private-cache |
49 | private-dev | 48 | private-dev |
50 | private-etc none | 49 | private-etc ld.so.preload,none |
51 | private-lib | 50 | private-lib |
52 | private-tmp | 51 | private-tmp |
53 | 52 | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 3d2b71e9d..39fb177dd 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile index 6adb79852..d47000e89 100644 --- a/etc/profile-a-l/gucharmap.profile +++ b/etc/profile-a-l/gucharmap.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | include disable-xdg.inc | 15 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 9221ca31c..8ddde3c47 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index d33e2a673..8becf6d84 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -22,7 +22,6 @@ include disable-common.inc | |||
22 | include disable-devel.inc | 22 | include disable-devel.inc |
23 | include disable-exec.inc | 23 | include disable-exec.inc |
24 | include disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | include disable-passwdmgr.inc | ||
26 | include disable-programs.inc | 25 | include disable-programs.inc |
27 | include disable-shell.inc | 26 | include disable-shell.inc |
28 | 27 | ||
@@ -47,7 +46,7 @@ shell none | |||
47 | 46 | ||
48 | private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 | 47 | private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 |
49 | private-dev | 48 | private-dev |
50 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg | 49 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,xdg |
51 | 50 | ||
52 | # dbus-user none | 51 | # dbus-user none |
53 | # dbus-system none | 52 | # dbus-system none |
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 847e1ec1e..9ad9aef33 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index aab4b0c21..3be349176 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 44584f26b..8c1ada1d1 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -17,7 +17,6 @@ blacklist ${RUNUSER} | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | # Add the next line to your hasher-common.local if you don't need to hash files in disable-programs.inc. | 20 | # Add the next line to your hasher-common.local if you don't need to hash files in disable-programs.inc. |
22 | #include disable-programs.inc | 21 | #include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index c0675d8ec..9c6f162c6 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -13,7 +13,6 @@ include allow-lua.inc | |||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | mkdir ${HOME}/.hedgewars | 18 | mkdir ${HOME}/.hedgewars |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index b887de147..88448ad45 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -22,7 +22,6 @@ include disable-common.inc | |||
22 | include disable-devel.inc | 22 | include disable-devel.inc |
23 | include disable-exec.inc | 23 | include disable-exec.inc |
24 | include disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | include disable-passwdmgr.inc | ||
26 | include disable-programs.inc | 25 | include disable-programs.inc |
27 | include disable-shell.inc | 26 | include disable-shell.inc |
28 | include disable-xdg.inc | 27 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 643736ac7..0145f7ceb 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -11,7 +11,6 @@ blacklist ${RUNUSER} | |||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index 199b1a5e5..f2dac5881 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -13,7 +13,6 @@ include disable-devel.inc | |||
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 00d9f7a76..984e90e1f 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index 267712c87..0a9c831f3 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index e66ffd7e1..0baebdae1 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -45,7 +44,7 @@ private-bin hyperrogue | |||
45 | private-cache | 44 | private-cache |
46 | private-cwd ${HOME} | 45 | private-cwd ${HOME} |
47 | private-dev | 46 | private-dev |
48 | private-etc fonts,machine-id | 47 | private-etc fonts,ld.so.preload,machine-id |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
51 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index 47c984175..200b4c8b1 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -28,7 +28,6 @@ include disable-common.inc | |||
28 | include disable-devel.inc | 28 | include disable-devel.inc |
29 | include disable-exec.inc | 29 | include disable-exec.inc |
30 | include disable-interpreters.inc | 30 | include disable-interpreters.inc |
31 | include disable-passwdmgr.inc | ||
32 | include disable-programs.inc | 31 | include disable-programs.inc |
33 | include disable-xdg.inc | 32 | include disable-xdg.inc |
34 | 33 | ||
@@ -69,5 +68,5 @@ shell none | |||
69 | disable-mnt | 68 | disable-mnt |
70 | private-cache | 69 | private-cache |
71 | private-dev | 70 | private-dev |
72 | private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | 71 | private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl |
73 | private-tmp | 72 | private-tmp |
diff --git a/etc/profile-a-l/iagno.profile b/etc/profile-a-l/iagno.profile index 363d3dc2e..863dc8acf 100644 --- a/etc/profile-a-l/iagno.profile +++ b/etc/profile-a-l/iagno.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-shell.inc | 14 | include disable-shell.inc |
16 | 15 | ||
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 680b8e777..7716a5f1a 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -19,7 +19,6 @@ include allow-common-devel.inc | |||
19 | include allow-ssh.inc | 19 | include allow-ssh.inc |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | 23 | ||
25 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 12ce7976b..4da127fab 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | caps.drop all | 20 | caps.drop all |
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index c26958d06..54cad08c7 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index c152be01c..31ad641c1 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
24 | 23 | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 35dd86b32..e0015e69a 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -1,6 +1,7 @@ | |||
1 | # Firejail profile for inkscape | 1 | # Firejail profile for inkscape |
2 | # Description: Vector-based drawing program | 2 | # Description: Vector-based drawing program |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include inkscape.local | 6 | include inkscape.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
@@ -24,7 +25,6 @@ include disable-common.inc | |||
24 | include disable-devel.inc | 25 | include disable-devel.inc |
25 | include disable-exec.inc | 26 | include disable-exec.inc |
26 | include disable-interpreters.inc | 27 | include disable-interpreters.inc |
27 | include disable-passwdmgr.inc | ||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile new file mode 100644 index 000000000..6753cb332 --- /dev/null +++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile | |||
@@ -0,0 +1,60 @@ | |||
1 | # Firejail profile for notejot | ||
2 | # Description: Jot your ideas | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include io.github.lainsce.Notejot.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/io.github.lainsce.Notejot | ||
10 | noblacklist ${HOME}/.local/share/io.github.lainsce.Notejot | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-programs.inc | ||
17 | include disable-shell.inc | ||
18 | include disable-xdg.inc | ||
19 | |||
20 | mkdir ${HOME}/.cache/io.github.lainsce.Notejot | ||
21 | mkdir ${HOME}/.local/share/io.github.lainsce.Notejot | ||
22 | whitelist ${HOME}/.cache/io.github.lainsce.Notejot | ||
23 | whitelist ${HOME}/.local/share/io.github.lainsce.Notejot | ||
24 | whitelist /usr/libexec/webkit2gtk-4.0 | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | ||
29 | |||
30 | apparmor | ||
31 | caps.drop all | ||
32 | machine-id | ||
33 | net none | ||
34 | no3d | ||
35 | nodvd | ||
36 | nogroups | ||
37 | noinput | ||
38 | nonewprivs | ||
39 | noroot | ||
40 | nosound | ||
41 | notv | ||
42 | nou2f | ||
43 | novideo | ||
44 | protocol unix | ||
45 | seccomp | ||
46 | seccomp.block-secondary | ||
47 | shell none | ||
48 | tracelog | ||
49 | |||
50 | disable-mnt | ||
51 | private-bin io.github.lainsce.Notejot | ||
52 | private-cache | ||
53 | private-dev | ||
54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
55 | private-tmp | ||
56 | |||
57 | dbus-user filter | ||
58 | dbus-user.own io.github.lainsce.Notejot | ||
59 | dbus-user.talk ca.desrt.dconf | ||
60 | dbus-system none | ||
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index 791065c1a..2997328e8 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | # include disable-shell.inc | 17 | # include disable-shell.inc |
19 | include disable-write-mnt.inc | 18 | include disable-write-mnt.inc |
@@ -51,7 +50,7 @@ private-bin bash,ipcalc,ipcalc-ng,perl,sh | |||
51 | # private-cache | 50 | # private-cache |
52 | private-dev | 51 | private-dev |
53 | # empty etc directory | 52 | # empty etc directory |
54 | private-etc none | 53 | private-etc ld.so.preload,none |
55 | private-lib | 54 | private-lib |
56 | private-opt none | 55 | private-opt none |
57 | private-tmp | 56 | private-tmp |
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index e02dcbdb1..37cde1577 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -14,7 +14,6 @@ noblacklist ${HOME}/.config/itch | |||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | 18 | ||
20 | mkdir ${HOME}/.itch | 19 | mkdir ${HOME}/.itch |
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index 3e9abf369..5c4cc74c2 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | #include disable-interpreters.inc | 15 | #include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | mkdir ${HOME}/.config/jami | 18 | mkdir ${HOME}/.config/jami |
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 7d29f1068..37f99c2f0 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 85b1f2120..59260dc64 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
@@ -35,7 +34,7 @@ tracelog | |||
35 | 34 | ||
36 | private-bin bash,jerry,sh,stockfish | 35 | private-bin bash,jerry,sh,stockfish |
37 | private-dev | 36 | private-dev |
38 | private-etc fonts,gtk-2.0,gtk-3.0 | 37 | private-etc fonts,gtk-2.0,gtk-3.0,ld.so.preload |
39 | private-tmp | 38 | private-tmp |
40 | 39 | ||
41 | dbus-user none | 40 | dbus-user none |
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 223c360b8..0e578909a 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -13,7 +13,6 @@ include allow-java.inc | |||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | caps.drop all | 18 | caps.drop all |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index 9954b8aea..b9bc8f219 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
18 | 17 | ||
@@ -43,7 +42,7 @@ disable-mnt | |||
43 | private-bin jumpnbump | 42 | private-bin jumpnbump |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc none | 45 | private-etc ld.so.preload,none |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
49 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 5ae90dff6..655257f08 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -15,7 +15,6 @@ noblacklist ${MUSIC} | |||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-xdg.inc | 19 | include disable-xdg.inc |
21 | 20 | ||
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index d55fd22cb..8799a6f24 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
25 | 24 | ||
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 503dac4b6..5253a78b0 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
@@ -43,7 +42,7 @@ disable-mnt | |||
43 | private-bin kalgebra,kalgebramobile | 42 | private-bin kalgebra,kalgebramobile |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc fonts,machine-id | 45 | private-etc fonts,ld.so.preload,machine-id |
47 | private-tmp | 46 | private-tmp |
48 | 47 | ||
49 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 27b87e7c3..d8b2dddb1 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -27,7 +27,6 @@ include disable-common.inc | |||
27 | # include disable-devel.inc | 27 | # include disable-devel.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | # include disable-interpreters.inc | 29 | # include disable-interpreters.inc |
30 | include disable-passwdmgr.inc | ||
31 | include disable-programs.inc | 30 | include disable-programs.inc |
32 | 31 | ||
33 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 9795cf168..d88631005 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -21,7 +21,6 @@ include disable-devel.inc | |||
21 | include disable-exec.inc | 21 | include disable-exec.inc |
22 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include disable-programs.inc | 23 | include disable-programs.inc |
24 | include disable-passwdmgr.inc | ||
25 | include disable-shell.inc | 24 | include disable-shell.inc |
26 | include disable-xdg.inc | 25 | include disable-xdg.inc |
27 | 26 | ||
@@ -50,7 +49,7 @@ disable-mnt | |||
50 | # private-bin kazam,python* | 49 | # private-bin kazam,python* |
51 | private-cache | 50 | private-cache |
52 | private-dev | 51 | private-dev |
53 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,machine-id,pulse,selinux,X11,xdg | 52 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,machine-id,pulse,selinux,X11,xdg |
54 | private-tmp | 53 | private-tmp |
55 | 54 | ||
56 | dbus-system none | 55 | dbus-system none |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index e36ee5ed2..c551dbdbe 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
@@ -56,7 +55,7 @@ disable-mnt | |||
56 | private-bin kcalc | 55 | private-bin kcalc |
57 | private-cache | 56 | private-cache |
58 | private-dev | 57 | private-dev |
59 | private-etc alternatives,fonts,ld.so.cache,locale,locale.conf | 58 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.conf |
60 | # private-lib - problems on Arch | 59 | # private-lib - problems on Arch |
61 | private-tmp | 60 | private-tmp |
62 | 61 | ||
diff --git a/etc/profile-a-l/kdeinit4.profile b/etc/profile-a-l/kdeinit4.profile index 925ab3517..4ddd5dac5 100644 --- a/etc/profile-a-l/kdeinit4.profile +++ b/etc/profile-a-l/kdeinit4.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
17 | 16 | ||
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index d2a08a269..87808ced7 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | 21 | ||
23 | apparmor | 22 | apparmor |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 7c1cb2294..fa50b0a20 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -18,7 +18,6 @@ blacklist ${HOME}/.gnupg | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-programs.inc. | 21 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-programs.inc. |
23 | #include disable-programs.inc | 22 | #include disable-programs.inc |
24 | include disable-shell.inc | 23 | include disable-shell.inc |
@@ -49,7 +48,7 @@ shell none | |||
49 | tracelog | 48 | tracelog |
50 | 49 | ||
51 | disable-mnt | 50 | disable-mnt |
52 | private-bin kdiff3 | 51 | private-bin kdiff3 |
53 | private-cache | 52 | private-cache |
54 | private-dev | 53 | private-dev |
55 | 54 | ||
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index ae8971ab4..f26c10be3 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -19,7 +19,6 @@ include disable-common.inc | |||
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | 20 | include disable-exec.inc |
21 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
25 | 24 | ||
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index ac364986d..616b87d7e 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
@@ -42,7 +41,7 @@ tracelog | |||
42 | 41 | ||
43 | private-bin keepassx,keepassx2 | 42 | private-bin keepassx,keepassx2 |
44 | private-dev | 43 | private-dev |
45 | private-etc alternatives,fonts,machine-id | 44 | private-etc alternatives,fonts,ld.so.preload,machine-id |
46 | private-tmp | 45 | private-tmp |
47 | 46 | ||
48 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index f71dcf82b..0f3e6605b 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -28,7 +28,6 @@ include disable-common.inc | |||
28 | include disable-devel.inc | 28 | include disable-devel.inc |
29 | include disable-exec.inc | 29 | include disable-exec.inc |
30 | include disable-interpreters.inc | 30 | include disable-interpreters.inc |
31 | include disable-passwdmgr.inc | ||
32 | include disable-programs.inc | 31 | include disable-programs.inc |
33 | include disable-shell.inc | 32 | include disable-shell.inc |
34 | include disable-xdg.inc | 33 | include disable-xdg.inc |
@@ -38,16 +37,22 @@ include disable-xdg.inc | |||
38 | #mkdir ${HOME}/Documents/KeePassXC | 37 | #mkdir ${HOME}/Documents/KeePassXC |
39 | #whitelist ${HOME}/Documents/KeePassXC | 38 | #whitelist ${HOME}/Documents/KeePassXC |
40 | # Needed for KeePassXC-Browser. | 39 | # Needed for KeePassXC-Browser. |
40 | #mkdir ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts | ||
41 | #mkfile ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 41 | #mkfile ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
42 | #whitelist ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 42 | #whitelist ${HOME}/.config/BraveSoftware/Brave-Browser/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
43 | #mkdir ${HOME}/.config/chromium/NativeMessagingHosts | ||
43 | #mkfile ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 44 | #mkfile ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
44 | #whitelist ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 45 | #whitelist ${HOME}/.config/chromium/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
46 | #mkdir ${HOME}/.config/google-chrome/NativeMessagingHosts | ||
45 | #mkfile ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 47 | #mkfile ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
46 | #whitelist ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 48 | #whitelist ${HOME}/.config/google-chrome/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
49 | #mkdir ${HOME}/.config/vivaldi/NativeMessagingHosts | ||
47 | #mkfile ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 50 | #mkfile ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
48 | #whitelist ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json | 51 | #whitelist ${HOME}/.config/vivaldi/NativeMessagingHosts/org.keepassxc.keepassxc_browser.json |
52 | #mkdir ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts | ||
49 | #mkfile ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 53 | #mkfile ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
50 | #whitelist ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 54 | #whitelist ${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
55 | #mkdir ${HOME}/.mozilla/native-messaging-hosts | ||
51 | #mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 56 | #mkfile ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
52 | #whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json | 57 | #whitelist ${HOME}/.mozilla/native-messaging-hosts/org.keepassxc.keepassxc_browser.json |
53 | #mkdir ${HOME}/.cache/keepassxc | 58 | #mkdir ${HOME}/.cache/keepassxc |
@@ -58,6 +63,7 @@ include disable-xdg.inc | |||
58 | #include whitelist-common.inc | 63 | #include whitelist-common.inc |
59 | 64 | ||
60 | whitelist /usr/share/keepassxc | 65 | whitelist /usr/share/keepassxc |
66 | include whitelist-run-common.inc | ||
61 | include whitelist-usr-share-common.inc | 67 | include whitelist-usr-share-common.inc |
62 | include whitelist-var-common.inc | 68 | include whitelist-var-common.inc |
63 | 69 | ||
@@ -74,7 +80,7 @@ nosound | |||
74 | notv | 80 | notv |
75 | nou2f | 81 | nou2f |
76 | novideo | 82 | novideo |
77 | protocol unix,netlink | 83 | protocol unix |
78 | seccomp !name_to_handle_at | 84 | seccomp !name_to_handle_at |
79 | seccomp.block-secondary | 85 | seccomp.block-secondary |
80 | shell none | 86 | shell none |
@@ -82,24 +88,23 @@ tracelog | |||
82 | 88 | ||
83 | private-bin keepassxc,keepassxc-cli,keepassxc-proxy | 89 | private-bin keepassxc,keepassxc-cli,keepassxc-proxy |
84 | private-dev | 90 | private-dev |
85 | private-etc alternatives,fonts,ld.so.cache,machine-id | 91 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
86 | private-tmp | 92 | private-tmp |
87 | 93 | ||
88 | dbus-user filter | 94 | dbus-user filter |
89 | #dbus-user.own org.keepassxc.KeePassXC | 95 | dbus-user.own org.keepassxc.KeePassXC.* |
90 | dbus-user.talk com.canonical.Unity.Session | 96 | dbus-user.talk com.canonical.Unity |
91 | dbus-user.talk org.freedesktop.ScreenSaver | 97 | dbus-user.talk org.freedesktop.ScreenSaver |
92 | dbus-user.talk org.freedesktop.login1.Manager | ||
93 | dbus-user.talk org.freedesktop.login1.Session | ||
94 | dbus-user.talk org.gnome.ScreenSaver | 98 | dbus-user.talk org.gnome.ScreenSaver |
95 | dbus-user.talk org.gnome.SessionManager | 99 | dbus-user.talk org.gnome.SessionManager |
96 | dbus-user.talk org.gnome.SessionManager.Presence | 100 | dbus-user.talk org.xfce.ScreenSaver |
97 | # Add the next line to your keepassxc.local to allow notifications. | 101 | # Add the next line to your keepassxc.local to allow notifications. |
98 | #dbus-user.talk org.freedesktop.Notifications | 102 | #dbus-user.talk org.freedesktop.Notifications |
99 | # Add the next line to your keepassxc.local to allow the tray menu. | 103 | # Add the next line to your keepassxc.local to allow the tray menu. |
100 | #dbus-user.talk org.kde.StatusNotifierWatcher | 104 | #dbus-user.talk org.kde.StatusNotifierWatcher |
101 | #dbus-user.own org.kde.* | 105 | #dbus-user.own org.kde.* |
102 | dbus-system none | 106 | dbus-system filter |
107 | dbus-system.talk org.freedesktop.login1 | ||
103 | 108 | ||
104 | # Mutex is stored in /tmp by default, which is broken by private-tmp. | 109 | # Mutex is stored in /tmp by default, which is broken by private-tmp. |
105 | join-or-start keepassxc | 110 | join-or-start keepassxc |
diff --git a/etc/profile-a-l/kfind.profile b/etc/profile-a-l/kfind.profile index 6f6fe8d0a..40fe65e3f 100644 --- a/etc/profile-a-l/kfind.profile +++ b/etc/profile-a-l/kfind.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | # include disable-programs.inc | 21 | # include disable-programs.inc |
23 | 22 | ||
24 | apparmor | 23 | apparmor |
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 2c684504b..ec315b431 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | 22 | ||
24 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index e18292e99..8b35a8946 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
@@ -38,7 +37,7 @@ tracelog | |||
38 | 37 | ||
39 | private-cache | 38 | private-cache |
40 | private-dev | 39 | private-dev |
41 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
42 | private-tmp | 41 | private-tmp |
43 | private-opt none | 42 | private-opt none |
44 | private-srv none | 43 | private-srv none |
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 74014ffe6..1f42526d3 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | 17 | ||
19 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 40ee0bbc7..837ea9e36 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
@@ -45,7 +44,7 @@ shell none | |||
45 | disable-mnt | 44 | disable-mnt |
46 | private-cache | 45 | private-cache |
47 | private-dev | 46 | private-dev |
48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl | 47 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
51 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c6a9023f1..f089658af 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | 21 | ||
23 | apparmor | 22 | apparmor |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index f5cd3a48c..964175274 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
@@ -46,7 +45,7 @@ disable-mnt | |||
46 | private-bin bash,klavaro,sh,tclsh,tclsh* | 45 | private-bin bash,klavaro,sh,tclsh,tclsh* |
47 | private-cache | 46 | private-cache |
48 | private-dev | 47 | private-dev |
49 | private-etc alternatives,fonts | 48 | private-etc alternatives,fonts,ld.so.preload |
50 | private-tmp | 49 | private-tmp |
51 | private-opt none | 50 | private-opt none |
52 | private-srv none | 51 | private-srv none |
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 95ae98e53..2c645677c 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -35,7 +35,6 @@ include disable-common.inc | |||
35 | include disable-devel.inc | 35 | include disable-devel.inc |
36 | include disable-exec.inc | 36 | include disable-exec.inc |
37 | include disable-interpreters.inc | 37 | include disable-interpreters.inc |
38 | include disable-passwdmgr.inc | ||
39 | include disable-programs.inc | 38 | include disable-programs.inc |
40 | 39 | ||
41 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index e88b53499..8d462c44c 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
22 | 21 | ||
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b7091f1fc..f901637f3 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -12,6 +12,12 @@ ignore noexec ${HOME} | |||
12 | #ignore nogroups | 12 | #ignore nogroups |
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | # Add the following to your kodi.local if you use the Lutris Kodi Addon | ||
16 | #noblacklist /sbin | ||
17 | #noblacklist /usr/sbin | ||
18 | #noblacklist ${HOME}/.cache/lutris | ||
19 | #noblacklist ${HOME}/.config/lutris | ||
20 | #noblacklist ${HOME}/.local/share/lutris | ||
15 | 21 | ||
16 | noblacklist ${HOME}/.kodi | 22 | noblacklist ${HOME}/.kodi |
17 | noblacklist ${MUSIC} | 23 | noblacklist ${MUSIC} |
@@ -26,7 +32,6 @@ include disable-common.inc | |||
26 | include disable-devel.inc | 32 | include disable-devel.inc |
27 | include disable-exec.inc | 33 | include disable-exec.inc |
28 | include disable-interpreters.inc | 34 | include disable-interpreters.inc |
29 | include disable-passwdmgr.inc | ||
30 | include disable-programs.inc | 35 | include disable-programs.inc |
31 | include disable-xdg.inc | 36 | include disable-xdg.inc |
32 | 37 | ||
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 5b5ed6e24..723fef0d2 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-shell.inc | 20 | include disable-shell.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 88f47d1bf..9e75b03eb 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -16,7 +16,6 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | 20 | ||
22 | whitelist /var/lib/winpopup | 21 | whitelist /var/lib/winpopup |
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 8604e63d0..2d3225421 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -22,7 +22,6 @@ include disable-common.inc | |||
22 | include disable-devel.inc | 22 | include disable-devel.inc |
23 | include disable-exec.inc | 23 | include disable-exec.inc |
24 | include disable-interpreters.inc | 24 | include disable-interpreters.inc |
25 | include disable-passwdmgr.inc | ||
26 | include disable-programs.inc | 25 | include disable-programs.inc |
27 | include disable-xdg.inc | 26 | include disable-xdg.inc |
28 | 27 | ||
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 9cb5eff87..96eb6978d 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -22,7 +22,6 @@ noblacklist ${HOME}/.kde4/share/config/krunnerrc | |||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | # include disable-devel.inc | 23 | # include disable-devel.inc |
24 | # include disable-interpreters.inc | 24 | # include disable-interpreters.inc |
25 | # include disable-passwdmgr.inc | ||
26 | # include disable-programs.inc | 25 | # include disable-programs.inc |
27 | 26 | ||
28 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index 5a85194e0..9d8aa1bd7 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
24 | 23 | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 4cf72b74c..78eb2e8f5 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -47,7 +46,7 @@ disable-mnt | |||
47 | private-bin ktouch | 46 | private-bin ktouch |
48 | private-cache | 47 | private-cache |
49 | private-dev | 48 | private-dev |
50 | private-etc alternatives,fonts,kde5rc,machine-id | 49 | private-etc alternatives,fonts,kde5rc,ld.so.preload,machine-id |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
53 | dbus-user none | 52 | dbus-user none |
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 4e9a12e5f..ad6b2f5fe 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
24 | include disable-xdg.inc | 23 | include disable-xdg.inc |
@@ -69,7 +68,7 @@ tracelog | |||
69 | private-bin kube,sink_synchronizer | 68 | private-bin kube,sink_synchronizer |
70 | private-cache | 69 | private-cache |
71 | private-dev | 70 | private-dev |
72 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,pki,resolv.conf,selinux,ssl,xdg | 71 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg |
73 | private-tmp | 72 | private-tmp |
74 | writable-run-user | 73 | writable-run-user |
75 | 74 | ||
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 15e7ceb17..32e9870e5 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
23 | include disable-xdg.inc | 22 | include disable-xdg.inc |
@@ -43,5 +42,5 @@ tracelog | |||
43 | disable-mnt | 42 | disable-mnt |
44 | private-bin kwin_x11 | 43 | private-bin kwin_x11 |
45 | private-dev | 44 | private-dev |
46 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg | 45 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg |
47 | private-tmp | 46 | private-tmp |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 804ffafeb..cd5ce7034 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -20,7 +20,6 @@ include disable-common.inc | |||
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | 21 | include disable-exec.inc |
22 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | include disable-shell.inc | 24 | include disable-shell.inc |
26 | include disable-xdg.inc | 25 | include disable-xdg.inc |
@@ -47,7 +46,7 @@ tracelog | |||
47 | 46 | ||
48 | private-bin kbuildsycoca4,kdeinit4,kwrite | 47 | private-bin kbuildsycoca4,kdeinit4,kwrite |
49 | private-dev | 48 | private-dev |
50 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 49 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,pulse,xdg |
51 | private-tmp | 50 | private-tmp |
52 | 51 | ||
53 | # dbus-user none | 52 | # dbus-user none |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index ac1b8785d..7993e97e3 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -10,7 +10,6 @@ include disable-common.inc | |||
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | 14 | ||
16 | whitelist /var/lib | 15 | whitelist /var/lib |
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index 4bbb0a86d..75105abf2 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 8eb5ad0c2..db61bf941 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -14,7 +14,6 @@ noblacklist ${HOME}/.lesshst | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | 17 | ||
19 | apparmor | 18 | apparmor |
20 | caps.drop all | 19 | caps.drop all |
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index c57eae73d..c1ce4bb8d 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | include disable-programs.inc | 14 | include disable-programs.inc |
16 | include disable-shell.inc | 15 | include disable-shell.inc |
17 | include disable-xdg.inc | 16 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index b1a24888c..328307705 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -19,7 +19,6 @@ blacklist /usr/libexec | |||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | 21 | include disable-exec.inc |
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | 22 | include disable-programs.inc |
24 | 23 | ||
25 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 8e3e58f19..ebffbbabf 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -36,6 +36,7 @@ include whitelist-usr-share-common.inc | |||
36 | #private-etc librewolf | 36 | #private-etc librewolf |
37 | 37 | ||
38 | dbus-user filter | 38 | dbus-user filter |
39 | dbus-user.own org.mozilla.librewolf.* | ||
39 | # Add the next line to your librewolf.local to enable native notifications. | 40 | # Add the next line to your librewolf.local to enable native notifications. |
40 | #dbus-user.talk org.freedesktop.Notifications | 41 | #dbus-user.talk org.freedesktop.Notifications |
41 | # Add the next line to your librewolf.local to allow inhibiting screensavers. | 42 | # Add the next line to your librewolf.local to allow inhibiting screensavers. |
@@ -44,9 +45,8 @@ dbus-user filter | |||
44 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration | 45 | #dbus-user.own org.mpris.MediaPlayer2.plasma-browser-integration |
45 | #dbus-user.talk org.kde.JobViewServer | 46 | #dbus-user.talk org.kde.JobViewServer |
46 | #dbus-user.talk org.kde.kuiserver | 47 | #dbus-user.talk org.kde.kuiserver |
47 | # Add the next lines to your librewolf.local to allow screensharing under Wayland. | 48 | # Add the next line to your librewolf.local to allow screensharing under Wayland. |
48 | #whitelist ${RUNUSER}/pipewire-0 | 49 | #dbus-user.talk org.freedesktop.portal.Desktop |
49 | #dbus-user.talk org.freedesktop.portal.* | ||
50 | # Also add the next line to your librewolf.local if screensharing does not work with | 50 | # Also add the next line to your librewolf.local if screensharing does not work with |
51 | # the above lines (depends on the portal implementation). | 51 | # the above lines (depends on the portal implementation). |
52 | #ignore noroot | 52 | #ignore noroot |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile new file mode 100644 index 000000000..747fd85fa --- /dev/null +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -0,0 +1,57 @@ | |||
1 | # Firejail profile for lifeograph | ||
2 | # Description: Lifeograph is a diary program to take personal notes | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lifeograph.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${DOCUMENTS} | ||
10 | |||
11 | blacklist /usr/libexec | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-shell.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | whitelist ${DOCUMENTS} | ||
22 | whitelist /usr/share/lifeograph | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | machine-id | ||
31 | net none | ||
32 | no3d | ||
33 | nodvd | ||
34 | nogroups | ||
35 | noinput | ||
36 | nonewprivs | ||
37 | noroot | ||
38 | nosound | ||
39 | notv | ||
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix | ||
43 | seccomp | ||
44 | seccomp.block-secondary | ||
45 | shell none | ||
46 | tracelog | ||
47 | |||
48 | disable-mnt | ||
49 | private-bin lifeograph | ||
50 | private-cache | ||
51 | private-dev | ||
52 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
53 | private-tmp | ||
54 | |||
55 | dbus-user filter | ||
56 | dbus-user.talk ca.desrt.dconf | ||
57 | dbus-system none | ||
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 7afca1d5f..f7955e352 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -18,7 +18,6 @@ include disable-common.inc | |||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
20 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | 22 | ||
24 | mkdir ${HOME}/.cache/liferea | 23 | mkdir ${HOME}/.cache/liferea |
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 4254b7f33..073d814ec 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include disable-shell.inc | 16 | include disable-shell.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index cd885b1d4..dac3eaee3 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -11,7 +11,6 @@ include disable-common.inc | |||
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | ||
15 | # Additional noblacklist files/directories (blacklisted in disable-programs.inc) | 14 | # Additional noblacklist files/directories (blacklisted in disable-programs.inc) |
16 | # used as associated programs can be added in your links-common.local. | 15 | # used as associated programs can be added in your links-common.local. |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -48,11 +47,11 @@ shell none | |||
48 | tracelog | 47 | tracelog |
49 | 48 | ||
50 | disable-mnt | 49 | disable-mnt |
51 | # Add 'private-bin PROGRAM1,PROGRAM2' to your links-common.local if you want to use user-configured programs. | 50 | # Add 'private-bin PROGRAM1,PROGRAM2' to your links-common.local if you want to use user-configured programs. |
52 | private-bin sh | 51 | private-bin sh |
53 | private-cache | 52 | private-cache |
54 | private-dev | 53 | private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 54 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
56 | # Add the next line to your links-common.local to allow external media players. | 55 | # Add the next line to your links-common.local to allow external media players. |
57 | # private-etc alsa,asound.conf,machine-id,openal,pulse | 56 | # private-etc alsa,asound.conf,machine-id,openal,pulse |
58 | private-tmp | 57 | private-tmp |
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index 7ebdbef4c..f821c7512 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | 19 | ||
21 | # linphone 4.0 (released 2017-06-26) moved config and database files to respect | 20 | # linphone 4.0 (released 2017-06-26) moved config and database files to respect |
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index 48b0e14dc..d1a754a6e 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index f2676fec5..a590c5fb7 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -17,7 +17,6 @@ include disable-common.inc | |||
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-xdg.inc | 21 | include disable-xdg.inc |
23 | 22 | ||
@@ -38,6 +37,6 @@ seccomp | |||
38 | shell none | 37 | shell none |
39 | 38 | ||
40 | private-dev | 39 | private-dev |
41 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg | 40 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
42 | private-tmp | 41 | private-tmp |
43 | 42 | ||
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 174c65a65..3d52d1266 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -15,7 +15,6 @@ include disable-common.inc | |||
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | 16 | include disable-exec.inc |
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | ||
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
21 | include disable-xdg.inc | 20 | include disable-xdg.inc |
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index 31067034e..179bc37f2 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -13,7 +13,6 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80a3aba86..bf8ab9e64 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -29,7 +29,6 @@ include disable-common.inc | |||
29 | include disable-devel.inc | 29 | include disable-devel.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
31 | include disable-interpreters.inc | 31 | include disable-interpreters.inc |
32 | include disable-passwdmgr.inc | ||
33 | include disable-programs.inc | 32 | include disable-programs.inc |
34 | include disable-xdg.inc | 33 | include disable-xdg.inc |
35 | 34 | ||
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index b2a56012e..404535f91 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -12,7 +12,6 @@ include disable-common.inc | |||
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
16 | include disable-programs.inc | 15 | include disable-programs.inc |
17 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
18 | 17 | ||
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index cc4b95551..0651b8329 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -14,7 +14,6 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
16 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index a919e924b..05a92e39d 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -13,7 +13,6 @@ blacklist ${RUNUSER}/wayland-* | |||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-xdg.inc | 17 | include disable-xdg.inc |
19 | 18 | ||
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index fa69463d1..3213f3674 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -32,7 +32,7 @@ apparmor | |||
32 | machine-id | 32 | machine-id |
33 | 33 | ||
34 | # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex | 34 | # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex |
35 | private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg | 35 | private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg |
36 | 36 | ||
37 | # Redirect | 37 | # Redirect |
38 | include latex-common.profile | 38 | include latex-common.profile |
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile deleted file mode 100644 index 4637419bf..000000000 --- a/etc/profile-a-l/sway.profile +++ /dev/null | |||
@@ -1,19 +0,0 @@ | |||
1 | # Firejail profile for Sway | ||
2 | # Description: i3-compatible Wayland compositor | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include sway.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # all applications started in sway will run in this profile | ||
10 | noblacklist ${HOME}/.config/sway | ||
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | ||
12 | noblacklist ${HOME}/.config/i3 | ||
13 | include disable-common.inc | ||
14 | |||
15 | caps.drop all | ||
16 | netfilter | ||
17 | noroot | ||
18 | protocol unix,inet,inet6 | ||
19 | seccomp | ||