diff options
Diffstat (limited to 'etc/profile-m-z')
31 files changed, 91 insertions, 90 deletions
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index b2687ba3c..e678b7204 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile | |||
@@ -6,7 +6,7 @@ include PCSX2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Note: you must whitelist your games folder in a PCSX2.local | 9 | # Note: you must whitelist your games folder in your PCSX2.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/PCSX2 | 11 | noblacklist ${HOME}/.config/PCSX2 |
12 | 12 | ||
@@ -32,7 +32,7 @@ caps.drop all | |||
32 | ipc-namespace | 32 | ipc-namespace |
33 | net none | 33 | net none |
34 | netfilter | 34 | netfilter |
35 | # Uncomment the following line if not loading games from disc | 35 | # Add the next line to your PCSX2.local if you're not loading games from disc. |
36 | #nodvd | 36 | #nodvd |
37 | nogroups | 37 | nogroups |
38 | nonewprivs | 38 | nonewprivs |
@@ -47,7 +47,7 @@ shell none | |||
47 | 47 | ||
48 | private-bin PCSX2 | 48 | private-bin PCSX2 |
49 | private-cache | 49 | private-cache |
50 | # uncomment the following line if you do not need controller support | 50 | # Add the next line to your PCSX2.local if you do not need controller support. |
51 | #private-dev | 51 | #private-dev |
52 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 52 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
53 | private-opt none | 53 | private-opt none |
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index 70e5c72cf..84039aca3 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -6,7 +6,7 @@ include marker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Uncomment (or add to your marker.local) if you need internet access. | 9 | # Add the next lines to your marker.local if you need internet access. |
10 | #ignore net none | 10 | #ignore net none |
11 | #protocol unix,inet,inet6 | 11 | #protocol unix,inet,inet6 |
12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf | 12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf |
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index d76522fce..900523b81 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -7,11 +7,11 @@ include meld.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # If you want to use meld as git mergetool (and maybe some other VCS integrations) you need | 9 | # If you want to use meld as git mergetool (and maybe some other VCS integrations) you need |
10 | # to bypass firejail, you can do this by removing the symlink or calling it by its absolute path | 10 | # to bypass firejail. You can do this by removing the symlink or by calling it by its absolute path. |
11 | # Removing the symlink: | 11 | # Removing the symlink: |
12 | # sudo rm /usr/local/bin/meld | 12 | # $ sudo rm /usr/local/bin/meld |
13 | # Calling it by its absolute path (example for git mergetool): | 13 | # Calling it by its absolute path (example for git mergetool): |
14 | # git config --global mergetool.meld.cmd /usr/bin/meld | 14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/meld | 16 | noblacklist ${HOME}/.config/meld |
17 | noblacklist ${HOME}/.config/git | 17 | noblacklist ${HOME}/.config/git |
@@ -21,30 +21,31 @@ noblacklist ${HOME}/.local/share/meld | |||
21 | noblacklist ${HOME}/.subversion | 21 | noblacklist ${HOME}/.subversion |
22 | 22 | ||
23 | # Allow python (blacklisted by disable-interpreters.inc) | 23 | # Allow python (blacklisted by disable-interpreters.inc) |
24 | # Python 2 is EOL (see #3164). Uncomment the next line (or put it into your meld.local) if you understand the risks but want python 2 support for older meld versions. | 24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks |
25 | # but want to keep Python 2 support for older meld versions. | ||
25 | #include allow-python2.inc | 26 | #include allow-python2.inc |
26 | include allow-python3.inc | 27 | include allow-python3.inc |
27 | 28 | ||
28 | # Allow ssh (blacklisted by disable-common.inc) | 29 | # Allow ssh (blacklisted by disable-common.inc) |
29 | include allow-ssh.inc | 30 | include allow-ssh.inc |
30 | 31 | ||
31 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc. | 32 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. |
32 | #include disable-common.inc | 33 | #include disable-common.inc |
33 | include disable-devel.inc | 34 | include disable-devel.inc |
34 | include disable-exec.inc | 35 | include disable-exec.inc |
35 | include disable-interpreters.inc | 36 | include disable-interpreters.inc |
36 | include disable-passwdmgr.inc | 37 | include disable-passwdmgr.inc |
37 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc. | 38 | # Add the next line to your meld.local if you don't need to compare files in disable-programs.inc. |
38 | #include disable-programs.inc | 39 | #include disable-programs.inc |
39 | include disable-shell.inc | 40 | include disable-shell.inc |
40 | 41 | ||
41 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
42 | 43 | ||
43 | # Uncomment the next lines (or put it into your meld.local) if you don't need to compare files in /usr/share. | 44 | # Add the next lines to your meld.local if you don't need to compare files in /usr/share. |
44 | #whitelist /usr/share/meld | 45 | #whitelist /usr/share/meld |
45 | #include whitelist-usr-share-common.inc | 46 | #include whitelist-usr-share-common.inc |
46 | 47 | ||
47 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in /var. | 48 | # Add the next line to your meld.local if you don't need to compare files in /var. |
48 | #include whitelist-var-common.inc | 49 | #include whitelist-var-common.inc |
49 | 50 | ||
50 | apparmor | 51 | apparmor |
@@ -70,9 +71,9 @@ tracelog | |||
70 | private-bin bzr,cvs,git,hg,meld,python*,svn | 71 | private-bin bzr,cvs,git,hg,meld,python*,svn |
71 | private-cache | 72 | private-cache |
72 | private-dev | 73 | private-dev |
73 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare in /etc. | 74 | # Add the next line to your meld.local if you don't need to compare files in /etc. |
74 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion | 75 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,pki,resolv.conf,ssl,subversion |
75 | # Comment the next line (or add 'ignore private-tmp to your meld.local') if you want to use it as a difftool (#3551) | 76 | # Add 'ignore private-tmp' to your meld.local if you want to use it as difftool (#3551). |
76 | private-tmp | 77 | private-tmp |
77 | 78 | ||
78 | read-only ${HOME}/.ssh | 79 | read-only ${HOME}/.ssh |
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 24782c033..2c6e047d8 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -38,8 +38,7 @@ noblacklist ${HOME}/sent | |||
38 | blacklist /tmp/.X11-unix | 38 | blacklist /tmp/.X11-unix |
39 | blacklist ${RUNUSER}/wayland-* | 39 | blacklist ${RUNUSER}/wayland-* |
40 | 40 | ||
41 | # Uncomment or put them in mutt.local for oauth.py,S/MIME | 41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. |
42 | |||
43 | #include allow-perl.inc | 42 | #include allow-perl.inc |
44 | #include allow-python2.inc | 43 | #include allow-python2.inc |
45 | #include allow-python3.inc | 44 | #include allow-python3.inc |
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 4e7c902d9..53dd3a05a 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/Nextcloud | 9 | noblacklist ${HOME}/Nextcloud |
10 | noblacklist ${HOME}/.config/Nextcloud | 10 | noblacklist ${HOME}/.config/Nextcloud |
11 | noblacklist ${HOME}/.local/share/Nextcloud | 11 | noblacklist ${HOME}/.local/share/Nextcloud |
12 | # Uncomment or put in your nextcloud.local to allow sync with more directories. | 12 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
13 | #noblacklist ${DOCUMENTS} | 13 | #noblacklist ${DOCUMENTS} |
14 | #noblacklist ${MUSIC} | 14 | #noblacklist ${MUSIC} |
15 | #noblacklist ${PICTURES} | 15 | #noblacklist ${PICTURES} |
@@ -30,7 +30,7 @@ mkdir ${HOME}/.local/share/Nextcloud | |||
30 | whitelist ${HOME}/Nextcloud | 30 | whitelist ${HOME}/Nextcloud |
31 | whitelist ${HOME}/.config/Nextcloud | 31 | whitelist ${HOME}/.config/Nextcloud |
32 | whitelist ${HOME}/.local/share/Nextcloud | 32 | whitelist ${HOME}/.local/share/Nextcloud |
33 | # Uncomment or put in your nextcloud.local to allow sync with more directories. | 33 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
34 | #whitelist ${DOCUMENTS} | 34 | #whitelist ${DOCUMENTS} |
35 | #whitelist ${MUSIC} | 35 | #whitelist ${MUSIC} |
36 | #whitelist ${PICTURES} | 36 | #whitelist ${PICTURES} |
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 2fbbef832..1b5da8d27 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile | |||
@@ -51,9 +51,11 @@ private-dev | |||
51 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 51 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | |||
55 | # Add the next lines to your nheko.local to enable notification support. | ||
56 | #ignore dbus-user none | ||
57 | #dbus-user filter | ||
58 | #dbus-user.talk org.freedesktop.Notifications | ||
59 | #dbus-user.talk org.kde.StatusNotifierWatcher | ||
54 | dbus-user none | 60 | dbus-user none |
55 | # Comment the above line and uncomment below lines for notification popups | ||
56 | # dbus-user filter | ||
57 | # dbus-user.talk org.freedesktop.Notifications | ||
58 | # dbus-user.talk org.kde.StatusNotifierWatcher | ||
59 | dbus-system none | 61 | dbus-system none |
diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile index e95e875be..f51d58782 100644 --- a/etc/profile-m-z/npm.profile +++ b/etc/profile-m-z/npm.profile | |||
@@ -15,7 +15,7 @@ noblacklist ${HOME}/.npm | |||
15 | noblacklist ${HOME}/.npmrc | 15 | noblacklist ${HOME}/.npmrc |
16 | 16 | ||
17 | # If you want whitelisting, change ${HOME}/Projects below to your npm projects directory | 17 | # If you want whitelisting, change ${HOME}/Projects below to your npm projects directory |
18 | # and uncomment the lines below. | 18 | # and add the next lines to your npm.local. |
19 | #mkdir ${HOME}/.node-gyp | 19 | #mkdir ${HOME}/.node-gyp |
20 | #mkdir ${HOME}/.npm | 20 | #mkdir ${HOME}/.npm |
21 | #mkfile ${HOME}/.npmrc | 21 | #mkfile ${HOME}/.npmrc |
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index ae18cfff9..be3618e31 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile | |||
@@ -26,7 +26,7 @@ apparmor | |||
26 | caps.drop all | 26 | caps.drop all |
27 | ipc-namespace | 27 | ipc-namespace |
28 | # net none - breaks update functionality and AppArmor on Ubuntu systems | 28 | # net none - breaks update functionality and AppArmor on Ubuntu systems |
29 | # uncomment (or put 'net none' in your ocenaudio.local) when needed | 29 | # Add 'net none' to your ocenaudio.local when you want that functionality. |
30 | #net none | 30 | #net none |
31 | netfilter | 31 | netfilter |
32 | no3d | 32 | no3d |
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 270d64c1e..89b146619 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile | |||
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.config/openmw | 22 | mkdir ${HOME}/.config/openmw |
23 | mkdir ${HOME}/.local/share/openmw | 23 | mkdir ${HOME}/.local/share/openmw |
24 | whitelist ${HOME}/.config/openmw | 24 | whitelist ${HOME}/.config/openmw |
25 | # Copy Morrowind data files into the following directory or load it from /mnt | 25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. |
26 | # or whitelist it in a openmw.local | 26 | # Alternatively you can whitelist custom paths in your openmw.local. |
27 | whitelist ${HOME}/.local/share/openmw | 27 | whitelist ${HOME}/.local/share/openmw |
28 | whitelist /usr/share/openmw | 28 | whitelist /usr/share/openmw |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
@@ -36,7 +36,7 @@ caps.drop all | |||
36 | ipc-namespace | 36 | ipc-namespace |
37 | net none | 37 | net none |
38 | netfilter | 38 | netfilter |
39 | # Uncomment the following line if installing from disc | 39 | # Add 'ignore nodvd' to your openmw.local when installing from disc. |
40 | nodvd | 40 | nodvd |
41 | nogroups | 41 | nogroups |
42 | nonewprivs | 42 | nonewprivs |
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index c25c4ae66..a6dab2a9a 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile | |||
@@ -6,7 +6,7 @@ include pcsxr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Note: you must whitelist your games folder in a pcsxr.local | 9 | # Note: you must whitelist your games folder in your pcsxr.local |
10 | 10 | ||
11 | noblacklist ${HOME}/.pcsxr | 11 | noblacklist ${HOME}/.pcsxr |
12 | 12 | ||
@@ -32,7 +32,7 @@ caps.drop all | |||
32 | ipc-namespace | 32 | ipc-namespace |
33 | net none | 33 | net none |
34 | netfilter | 34 | netfilter |
35 | # Uncomment the following line if not loading games from disc | 35 | # Add the next line to your pcsxr.local when not loading games from disc. |
36 | #nodvd | 36 | #nodvd |
37 | nogroups | 37 | nogroups |
38 | nonewprivs | 38 | nonewprivs |
@@ -47,7 +47,7 @@ tracelog | |||
47 | 47 | ||
48 | private-bin pcsxr | 48 | private-bin pcsxr |
49 | private-cache | 49 | private-cache |
50 | # uncomment the following line if you do not need controller support | 50 | # Add the next line to your pcsxr.local if you do not need controller support. |
51 | #private-dev | 51 | #private-dev |
52 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 52 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
53 | private-opt none | 53 | private-opt none |
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index 263d99c83..1f73c1d89 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile | |||
@@ -6,7 +6,7 @@ include ppsspp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Note: you must whitelist your games folder in a ppsspp.local | 9 | # Note: you must whitelist your games folder in your ppsspp.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/ppsspp | 11 | noblacklist ${HOME}/.config/ppsspp |
12 | 12 | ||
@@ -42,7 +42,7 @@ seccomp | |||
42 | shell none | 42 | shell none |
43 | 43 | ||
44 | private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL | 44 | private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL |
45 | # uncomment the following line if you do not need controller support | 45 | # Add the next line to your ppsspp.local if you do not need controller support. |
46 | #private-dev | 46 | #private-dev |
47 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 47 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
48 | private-opt ppsspp | 48 | private-opt ppsspp |
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index d3112ae95..376743b8d 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile | |||
@@ -6,8 +6,8 @@ include psi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Uncomment for GPG | 9 | # Add the next line to your psi.local to enable GPG support. |
10 | # noblacklist ${HOME}/.gnupg | 10 | #noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.cache/psi | 11 | noblacklist ${HOME}/.cache/psi |
12 | noblacklist ${HOME}/.cache/Psi | 12 | noblacklist ${HOME}/.cache/Psi |
13 | noblacklist ${HOME}/.config/psi | 13 | noblacklist ${HOME}/.config/psi |
@@ -23,28 +23,28 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | # Uncomment for GPG | 26 | # Add the next line to your psi.local to enable GPG support. |
27 | # mkdir ${HOME}/.gnupg | 27 | #mkdir ${HOME}/.gnupg |
28 | mkdir ${HOME}/.cache/psi | 28 | mkdir ${HOME}/.cache/psi |
29 | mkdir ${HOME}/.cache/Psi | 29 | mkdir ${HOME}/.cache/Psi |
30 | mkdir ${HOME}/.config/psi | 30 | mkdir ${HOME}/.config/psi |
31 | mkdir ${HOME}/.local/share/psi | 31 | mkdir ${HOME}/.local/share/psi |
32 | mkdir ${HOME}/.local/share/Psi | 32 | mkdir ${HOME}/.local/share/Psi |
33 | # Uncomment for GPG | 33 | # Add the next line to your psi.local to enable GPG support. |
34 | # whitelist ${HOME}/.gnupg | 34 | #whitelist ${HOME}/.gnupg |
35 | whitelist ${HOME}/.cache/psi | 35 | whitelist ${HOME}/.cache/psi |
36 | whitelist ${HOME}/.cache/Psi | 36 | whitelist ${HOME}/.cache/Psi |
37 | whitelist ${HOME}/.config/psi | 37 | whitelist ${HOME}/.config/psi |
38 | whitelist ${HOME}/.local/share/psi | 38 | whitelist ${HOME}/.local/share/psi |
39 | whitelist ${HOME}/.local/share/Psi | 39 | whitelist ${HOME}/.local/share/Psi |
40 | whitelist ${DOWNLOADS} | 40 | whitelist ${DOWNLOADS} |
41 | # Uncomment for GPG | 41 | # Add the next lines to your psi.local to enable GPG support. |
42 | # whitelist /usr/share/gnupg | 42 | #whitelist /usr/share/gnupg |
43 | # whitelist /usr/share/gnupg2 | 43 | #whitelist /usr/share/gnupg2 |
44 | whitelist /usr/share/psi | 44 | whitelist /usr/share/psi |
45 | # Uncomment for GPG | 45 | # Add the next lines to your psi.local to enable GPG support. |
46 | # whitelist ${RUNUSER}/gnupg | 46 | #whitelist ${RUNUSER}/gnupg |
47 | # whitelist ${RUNUSER}/keyring | 47 | #whitelist ${RUNUSER}/keyring |
48 | include whitelist-common.inc | 48 | include whitelist-common.inc |
49 | include whitelist-runuser-common.inc | 49 | include whitelist-runuser-common.inc |
50 | include whitelist-usr-share-common.inc | 50 | include whitelist-usr-share-common.inc |
@@ -63,11 +63,11 @@ nou2f | |||
63 | protocol unix,inet,inet6,netlink | 63 | protocol unix,inet,inet6,netlink |
64 | seccomp !chroot | 64 | seccomp !chroot |
65 | shell none | 65 | shell none |
66 | # breaks on Arch | 66 | #tracelog - breaks on Arch |
67 | # tracelog | ||
68 | 67 | ||
69 | disable-mnt | 68 | disable-mnt |
70 | # Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG | 69 | # Add the next line to your psi.local to enable GPG support. |
70 | #private-bin gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet | ||
71 | private-bin getopt,psi | 71 | private-bin getopt,psi |
72 | private-cache | 72 | private-cache |
73 | private-dev | 73 | private-dev |
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index 78159527a..4bce35d16 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -7,9 +7,8 @@ include rsync.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Warning: This profile is writte to use rsync as an client for downloading, | 10 | # WARNING: this profile is designed to use rsync as a client for downloading, |
11 | # it is not writen to use rsync as an daemon (rsync --daemon) or to create backups. | 11 | # not as a daemon (rsync --daemon) nor to create backups. |
12 | |||
13 | # Usage: firejail --profile=rsync-download_only rsync | 12 | # Usage: firejail --profile=rsync-download_only rsync |
14 | 13 | ||
15 | blacklist /tmp/.X11-unix | 14 | blacklist /tmp/.X11-unix |
@@ -24,7 +23,7 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 23 | include disable-shell.inc |
25 | include disable-xdg.inc | 24 | include disable-xdg.inc |
26 | 25 | ||
27 | # Uncomment or add to rsync.local to enable extra hardening | 26 | # Add the next line to your rsync-download_only.local to enable extra hardening. |
28 | #whitelist ${DOWNLOADS} | 27 | #whitelist ${DOWNLOADS} |
29 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
30 | 29 | ||
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 6f971b96b..970545ff6 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -16,10 +16,9 @@ noblacklist ${HOME}/.local/share/rtv | |||
16 | include allow-python2.inc | 16 | include allow-python2.inc |
17 | include allow-python3.inc | 17 | include allow-python3.inc |
18 | 18 | ||
19 | # You can configure rtv to open different type of links | 19 | # You can configure rtv to open different type of links in external applications. |
20 | # in external applications. Configuration here: | 20 | # Configuration: https://github.com/michael-lazar/rtv#viewing-media-links. |
21 | # https://github.com/michael-lazar/rtv#viewing-media-links | 21 | # Add the next line to your rtv.local to enable external application support. |
22 | # Uncomment or put in rtv.local for external application support | ||
23 | #include rtv-addons.profile | 22 | #include rtv-addons.profile |
24 | include disable-common.inc | 23 | include disable-common.inc |
25 | include disable-devel.inc | 24 | include disable-devel.inc |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 065409e78..2b82e5d06 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | # whitelisting in ${HOME} breaks file encryption feature of nautilus. | 24 | # whitelisting in ${HOME} breaks file encryption feature of nautilus. |
25 | # once #2882 is fixed this can be uncommented and nowhitelisted in seahorse-tool.profile | 25 | # Once #2882 is fixed this can be activated here and nowhitelisted in seahorse-tool.profile. |
26 | #mkdir ${HOME}/.gnupg | 26 | #mkdir ${HOME}/.gnupg |
27 | #mkdir ${HOME}/.ssh | 27 | #mkdir ${HOME}/.ssh |
28 | #whitelist ${HOME}/.gnupg | 28 | #whitelist ${HOME}/.gnupg |
diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile index 65da5d0de..dc3fdaf34 100644 --- a/etc/profile-m-z/servo.profile +++ b/etc/profile-m-z/servo.profile | |||
@@ -17,7 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | # Add a whitelist for the directory where servo is installed and uncomment the lines below. | 20 | # Add the next lines to your servo.local to turn this into a whitelisting profile. |
21 | # You will need to add a whitelist for the directory where servo is installed. | ||
21 | #whitelist ${DOWNLOADS} | 22 | #whitelist ${DOWNLOADS} |
22 | #include whitelist-common.inc | 23 | #include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 73d2556ac..144763332 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile | |||
@@ -6,7 +6,7 @@ include spectacle.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Uncomment the following lines to use sharing services. | 9 | # Add the next lines to your spectacle.local to use sharing services. |
10 | #netfilter | 10 | #netfilter |
11 | #ignore net none | 11 | #ignore net none |
12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl | 12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index 093661d8c..bf0f9f3a1 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile | |||
@@ -50,8 +50,9 @@ private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts, | |||
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
53 | # Comment the above line and uncomment below lines for notification popups | 53 | # Add the next lines to your spectral.local to enable notification support. |
54 | # dbus-user filter | 54 | #ignore dbus-user none |
55 | # dbus-user.talk org.freedesktop.Notifications | 55 | #dbus-user filter |
56 | # dbus-user.talk org.kde.StatusNotifierWatcher | 56 | #dbus-user.talk org.freedesktop.Notifications |
57 | #dbus-user.talk org.kde.StatusNotifierWatcher | ||
57 | dbus-system none | 58 | dbus-system none |
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 1b20f5d3d..6a0ed46e0 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -50,7 +50,7 @@ tracelog | |||
50 | disable-mnt | 50 | disable-mnt |
51 | private-bin supertuxkart | 51 | private-bin supertuxkart |
52 | private-cache | 52 | private-cache |
53 | # uncomment the following line if you do not need controller support | 53 | # Add the next line to your supertuxkart.local if you do not need controller support. |
54 | #private-dev | 54 | #private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl | 55 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,ssl |
56 | private-tmp | 56 | private-tmp |
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 50506d100..328812b04 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile | |||
@@ -19,7 +19,7 @@ dbus-user filter | |||
19 | dbus-user.talk ca.desrt.dconf | 19 | dbus-user.talk ca.desrt.dconf |
20 | dbus-user.talk org.freedesktop.secrets | 20 | dbus-user.talk org.freedesktop.secrets |
21 | dbus-user.talk org.gnome.keyring.SystemPrompter | 21 | dbus-user.talk org.gnome.keyring.SystemPrompter |
22 | # Uncomment below for notifications (or put them in your sylpheed.local) | 22 | # Add the next line to your sylpheed.local to enable notifications. |
23 | # dbus-user.talk org.freedesktop.Notifications | 23 | # dbus-user.talk org.freedesktop.Notifications |
24 | 24 | ||
25 | # Redirect | 25 | # Redirect |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 5cb5caf8d..3cbfe8d8b 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -37,7 +37,7 @@ include whitelist-var-common.inc | |||
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
39 | 39 | ||
40 | # Uncomment the line below or put 'apparmor' in your torbrowser-launcher.local. | 40 | # Add 'apparmor' to your torbrowser-launcher.local to enable AppArmor support. |
41 | # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need | 41 | # IMPORTANT: the relevant rule in /etc/apparmor.d/local/firejail-default will need |
42 | # to be uncommented too for this to work as expected. | 42 | # to be uncommented too for this to work as expected. |
43 | #apparmor | 43 | #apparmor |
@@ -53,8 +53,7 @@ novideo | |||
53 | protocol unix,inet,inet6 | 53 | protocol unix,inet,inet6 |
54 | seccomp !chroot | 54 | seccomp !chroot |
55 | shell none | 55 | shell none |
56 | # tracelog may cause issues, see github issue #1930 | 56 | #tracelog - may cause issues, see #1930 |
57 | #tracelog | ||
58 | 57 | ||
59 | disable-mnt | 58 | disable-mnt |
60 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity | 59 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity |
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index 0117af376..0cb6d34d2 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -37,9 +37,8 @@ nonewprivs | |||
37 | noroot | 37 | noroot |
38 | notv | 38 | notv |
39 | nou2f | 39 | nou2f |
40 | # Comment novideo (or add 'ignore novideo' to your vmware-view.local) if you need your webcam | 40 | # Add 'ignore novideo' to your vmware-view.local if you need your webcam. |
41 | novideo | 41 | novideo |
42 | # protocol produces a lot error messages but nothing seems to be broken | ||
43 | protocol unix,inet,inet6 | 42 | protocol unix,inet,inet6 |
44 | seccomp !iopl | 43 | seccomp !iopl |
45 | seccomp.block-secondary | 44 | seccomp.block-secondary |
@@ -50,8 +49,7 @@ disable-mnt | |||
50 | private-cache | 49 | private-cache |
51 | private-dev | 50 | private-dev |
52 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gai.conf,gconf,glvnd,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,magic,magic.mgc,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,proxychains.conf,pulse,resolv.conf,rpc,services,ssl,terminfo,vmware,vmware-tools,vmware-vix,X11,xdg | 51 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gai.conf,gconf,glvnd,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,magic,magic.mgc,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,proxychains.conf,pulse,resolv.conf,rpc,services,ssl,terminfo,vmware,vmware-tools,vmware-vix,X11,xdg |
53 | # Logs are "stored" in /tmp, comment (or add 'ignore private-tmp' to your vmware-view.local) | 52 | # Logs are kept in /tmp. Add 'ignore private-tmp' to your vmware-view.local if you need them without joining the sandbox. |
54 | # if you need them without joining the sandbox. | ||
55 | private-tmp | 53 | private-tmp |
56 | 54 | ||
57 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index d00e16fef..5241e27b3 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile | |||
@@ -21,7 +21,7 @@ mkdir ${HOME}/.cache/vmware | |||
21 | mkdir ${HOME}/.vmware | 21 | mkdir ${HOME}/.vmware |
22 | whitelist ${HOME}/.cache/vmware | 22 | whitelist ${HOME}/.cache/vmware |
23 | whitelist ${HOME}/.vmware | 23 | whitelist ${HOME}/.vmware |
24 | # Uncomment the following if you need to use "shared VM" | 24 | # Add the next lines to your vmware.local if you need to use "shared VM". |
25 | #whitelist /var/lib/vmware | 25 | #whitelist /var/lib/vmware |
26 | #writable-var | 26 | #writable-var |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
@@ -37,6 +37,7 @@ shell none | |||
37 | tracelog | 37 | tracelog |
38 | 38 | ||
39 | #disable-mnt | 39 | #disable-mnt |
40 | # Add the next line to your vmware.local to enable private-bin. | ||
40 | #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* | 41 | #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* |
41 | private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix | 42 | private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix |
42 | dbus-user none | 43 | dbus-user none |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index 0e172333a..a43835944 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -7,7 +7,7 @@ include w3m.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # Uncomment or add to your w3m.local if you want to use w3m-img on a vconsole | 10 | # Add the next lines to your w3m.local if you want to use w3m-img on a vconsole. |
11 | #ignore nogroups | 11 | #ignore nogroups |
12 | #ignore private-dev | 12 | #ignore private-dev |
13 | #ignore private-etc | 13 | #ignore private-etc |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index c6c940fa3..18f1ca79a 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -13,14 +13,15 @@ mkdir ${HOME}/.waterfox | |||
13 | whitelist ${HOME}/.cache/waterfox | 13 | whitelist ${HOME}/.cache/waterfox |
14 | whitelist ${HOME}/.waterfox | 14 | whitelist ${HOME}/.waterfox |
15 | 15 | ||
16 | # Uncomment (or add to watefox.local) the following lines if you want to | 16 | # Add the next lines to your watefox.local if you want to use the migration wizard. |
17 | # use the migration wizard. | ||
18 | #noblacklist ${HOME}/.mozilla | 17 | #noblacklist ${HOME}/.mozilla |
19 | #whitelist ${HOME}/.mozilla | 18 | #whitelist ${HOME}/.mozilla |
20 | 19 | ||
21 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. | 20 | # waterfox requires a shell to launch on Arch. We can possibly remove sh though. |
21 | # Add the next line to your waterfox.local to enable private-bin. | ||
22 | #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which | 22 | #private-bin bash,dbus-launch,dbus-send,env,sh,waterfox,waterfox-classic,waterfox-current,which |
23 | # private-etc must first be enabled in firefox-common.profile | 23 | # Add the next line to your waterfox.local to enable private-etc. Note that private-etc must first be |
24 | # enabled in your firefox-common.local. | ||
24 | #private-etc waterfox | 25 | #private-etc waterfox |
25 | 26 | ||
26 | # Redirect | 27 | # Redirect |
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index f67d28618..8a7042f59 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile | |||
@@ -21,7 +21,7 @@ include disable-interpreters.inc | |||
21 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 22 | include disable-programs.inc |
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | # depending on workflow you can uncomment the below or put 'include disable-xdg.inc' in your wget.local | 24 | # Depending on workflow you can add the next line to your wget.local. |
25 | #include disable-xdg.inc | 25 | #include disable-xdg.inc |
26 | 26 | ||
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
@@ -50,7 +50,7 @@ tracelog | |||
50 | private-bin wget | 50 | private-bin wget |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | # depending on workflow you can uncomment the below or put this private-etc in your wget.local | 53 | # Depending on workflow you can add the next line to your wget.local. |
54 | #private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,wgetrc | 54 | #private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl,wgetrc |
55 | #private-tmp | 55 | #private-tmp |
56 | 56 | ||
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index 6ac74b9da..67427209f 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile | |||
@@ -24,8 +24,7 @@ include disable-programs.inc | |||
24 | # include whitelist-usr-share-common.inc | 24 | # include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | # some applications don't need allow-debuggers, comment the next line | 27 | # Some applications don't need allow-debuggers. Add 'ignore allow-debuggers' to your wine.local if you want to override this. |
28 | # if it is not necessary (or put 'ignore allow-debuggers' in your wine.local) | ||
29 | allow-debuggers | 28 | allow-debuggers |
30 | caps.drop all | 29 | caps.drop all |
31 | # net none | 30 | # net none |
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index 6e4a313e3..2b97d5b0a 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile | |||
@@ -23,7 +23,7 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | machine-id | 25 | machine-id |
26 | # Uncomment the next line (or add to wps.local) if you don't use network features. | 26 | # Add the next line to your wps.local if you don't use network features. |
27 | #net none | 27 | #net none |
28 | netfilter | 28 | netfilter |
29 | no3d | 29 | no3d |
@@ -36,7 +36,7 @@ notv | |||
36 | nou2f | 36 | nou2f |
37 | novideo | 37 | novideo |
38 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
39 | # seccomp cause some minor issues, if you can live with them enable it. | 39 | # seccomp causes some minor issues. Add the next line to your wps.local if you can live with those. |
40 | #seccomp | 40 | #seccomp |
41 | shell none | 41 | shell none |
42 | tracelog | 42 | tracelog |
diff --git a/etc/profile-m-z/yarn.profile b/etc/profile-m-z/yarn.profile index f20225050..360bd8442 100644 --- a/etc/profile-m-z/yarn.profile +++ b/etc/profile-m-z/yarn.profile | |||
@@ -13,7 +13,8 @@ noblacklist ${HOME}/.yarn-config | |||
13 | noblacklist ${HOME}/.yarncache | 13 | noblacklist ${HOME}/.yarncache |
14 | noblacklist ${HOME}/.yarnrc | 14 | noblacklist ${HOME}/.yarnrc |
15 | 15 | ||
16 | # If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and uncomment the lines below. | 16 | # If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and |
17 | # add the next lines to you yarn.local. | ||
17 | #mkdir ${HOME}/.yarn | 18 | #mkdir ${HOME}/.yarn |
18 | #mkdir ${HOME}/.yarn-config | 19 | #mkdir ${HOME}/.yarn-config |
19 | #mkdir ${HOME}/.yarncache | 20 | #mkdir ${HOME}/.yarncache |
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index 479582b2a..a08a30b52 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -33,14 +33,14 @@ include whitelist-var-common.inc | |||
33 | 33 | ||
34 | apparmor | 34 | apparmor |
35 | caps.drop all | 35 | caps.drop all |
36 | # machine-id breaks sound - uncomment here or put it in your yelp.local if you don't need it | 36 | # machine-id breaks sound - add the next line to your yelp.local if you don't need sound support. |
37 | #machine-id | 37 | #machine-id |
38 | net none | 38 | net none |
39 | nodvd | 39 | nodvd |
40 | nogroups | 40 | nogroups |
41 | nonewprivs | 41 | nonewprivs |
42 | noroot | 42 | noroot |
43 | # nosound - uncomment here or put it in your yelp.local if you don't need it | 43 | # nosound - add the next line to your yelp.local if you don't need sound support. |
44 | #nosound | 44 | #nosound |
45 | notv | 45 | notv |
46 | nou2f | 46 | nou2f |
@@ -66,11 +66,11 @@ dbus-system none | |||
66 | # read-only ${HOME} breaks some features: | 66 | # read-only ${HOME} breaks some features: |
67 | # 1. yelp --editor-mode | 67 | # 1. yelp --editor-mode |
68 | # 2. saving the window geometry | 68 | # 2. saving the window geometry |
69 | # comment the line below or put 'ignore read-only ${HOME}' into your yelp.local if you need these features | 69 | # add 'ignore read-only ${HOME}' to your yelp.local if you need these features. |
70 | read-only ${HOME} | 70 | read-only ${HOME} |
71 | read-write ${HOME}/.cache | 71 | read-write ${HOME}/.cache |
72 | # 3. printing to PDF in ${DOCUMENTS} | 72 | # 3. printing to PDF in ${DOCUMENTS} |
73 | # additionally uncomment the lines below or put 'noblacklist ${DOCUMENTS}' and | 73 | # additionally add 'noblacklist ${DOCUMENTS}' and 'whitelist ${DOCUMENTS}' to |
74 | # 'whitelist ${DOCUMENTS}' into your yelp.local if you need printing to PDF support | 74 | # your yelp.local if you need PDF printing support. |
75 | #noblacklist ${DOCUMENTS} | 75 | #noblacklist ${DOCUMENTS} |
76 | #whitelist ${DOCUMENTS} | 76 | #whitelist ${DOCUMENTS} |
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index e8cd64c93..ac615d861 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -6,14 +6,14 @@ include zoom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Disabled until someone reported positive feedback | 9 | # Disabled until someone reports positive feedback. |
10 | ignore apparmor | 10 | ignore apparmor |
11 | ignore novideo | 11 | ignore novideo |
12 | ignore dbus-user none | 12 | ignore dbus-user none |
13 | ignore dbus-system none | 13 | ignore dbus-system none |
14 | 14 | ||
15 | # nogroups breaks webcam access on non-systemd systems (see #3711). | 15 | # nogroups breaks webcam access on non-systemd systems (see #3711). |
16 | # If you use such a system uncomment the line below or put 'ignore nogroups' in your zoom.local | 16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. |
17 | #ignore nogroups | 17 | #ignore nogroups |
18 | 18 | ||
19 | noblacklist ${HOME}/.config/zoomus.conf | 19 | noblacklist ${HOME}/.config/zoomus.conf |