diff options
Diffstat (limited to 'etc/profile-m-z')
301 files changed, 480 insertions, 10 deletions
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile index 930d49db2..23b44dbf5 100644 --- a/etc/profile-m-z/Maelstrom.profile +++ b/etc/profile-m-z/Maelstrom.profile | |||
@@ -43,3 +43,5 @@ private-tmp | |||
43 | 43 | ||
44 | dbus-user none | 44 | dbus-user none |
45 | dbus-system none | 45 | dbus-system none |
46 | |||
47 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile index 6286f066e..08283bd33 100644 --- a/etc/profile-m-z/Mathematica.profile +++ b/etc/profile-m-z/Mathematica.profile | |||
@@ -27,3 +27,5 @@ nonewprivs | |||
27 | noroot | 27 | noroot |
28 | notv | 28 | notv |
29 | seccomp | 29 | seccomp |
30 | |||
31 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index cc52f053f..902fc9a6a 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index cf597c215..1e9af5769 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 58 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 6bf69d055..6140de60f 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile | |||
@@ -52,3 +52,4 @@ private-dev | |||
52 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 52 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index e13337b7c..2ea185ec0 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile | |||
@@ -34,3 +34,5 @@ disable-mnt | |||
34 | private-bin awk,bash,dig,sh,Viber | 34 | private-bin awk,bash,dig,sh,Viber |
35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 | 35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 |
36 | private-tmp | 36 | private-tmp |
37 | |||
38 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile index 53cecd4b1..97b9d2898 100644 --- a/etc/profile-m-z/XMind.profile +++ b/etc/profile-m-z/XMind.profile | |||
@@ -35,3 +35,4 @@ private-bin cp,sh,XMind | |||
35 | private-tmp | 35 | private-tmp |
36 | private-dev | 36 | private-dev |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index bda639232..2fc1d1b8a 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile | |||
@@ -40,3 +40,5 @@ private | |||
40 | private-dev | 40 | private-dev |
41 | # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf | 41 | # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf |
42 | #private-tmp | 42 | #private-tmp |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index 223370f30..8bf79f554 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile | |||
@@ -44,3 +44,5 @@ private | |||
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf | 45 | private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf |
46 | private-tmp | 46 | private-tmp |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile index 89024f976..6ddc24bf6 100644 --- a/etc/profile-m-z/ZeGrapher.profile +++ b/etc/profile-m-z/ZeGrapher.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile index e8fba41c3..24158d062 100644 --- a/etc/profile-m-z/macrofusion.profile +++ b/etc/profile-m-z/macrofusion.profile | |||
@@ -42,3 +42,5 @@ private-tmp | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index 76fc6e6da..e5d994b57 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 4ec6ef82e..e9d245a6d 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -58,3 +58,4 @@ private-cache | |||
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
60 | memory-deny-write-execute | 60 | memory-deny-write-execute |
61 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index b8d221dc3..0e3f9e6e2 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile | |||
@@ -65,3 +65,4 @@ dbus-system none | |||
65 | memory-deny-write-execute | 65 | memory-deny-write-execute |
66 | read-only ${HOME} | 66 | read-only ${HOME} |
67 | #read-only /tmp # breaks mandoc (see #4927) | 67 | #read-only /tmp # breaks mandoc (see #4927) |
68 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile index ede669c08..5ee4d0cb5 100644 --- a/etc/profile-m-z/manaplus.profile +++ b/etc/profile-m-z/manaplus.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index fe0077f3d..7066f4229 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -60,3 +60,5 @@ dbus-user filter | |||
60 | dbus-user.own com.github.fabiocolacio.marker | 60 | dbus-user.own com.github.fabiocolacio.marker |
61 | dbus-user.talk ca.desrt.dconf | 61 | dbus-user.talk ca.desrt.dconf |
62 | dbus-system none | 62 | dbus-system none |
63 | |||
64 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index a78927cc5..176506ff2 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile | |||
@@ -38,3 +38,4 @@ private-dev | |||
38 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 38 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index 00f0bd9a3..e3a5c6ab6 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile index a59f5e139..337c2d6e5 100644 --- a/etc/profile-m-z/mate-color-select.profile +++ b/etc/profile-m-z/mate-color-select.profile | |||
@@ -38,3 +38,4 @@ private-lib | |||
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
41 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index 3720c824e..e80b220b7 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile | |||
@@ -42,3 +42,4 @@ private-dev | |||
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 1df04c117..1ebe9aaba 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile | |||
@@ -31,3 +31,5 @@ seccomp | |||
31 | private-bin mcabber | 31 | private-bin mcabber |
32 | private-dev | 32 | private-dev |
33 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl | 33 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl |
34 | |||
35 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index e654cc16e..a3ff768b7 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile | |||
@@ -70,3 +70,4 @@ read-write ${HOME}/.local/share/mcomix | |||
70 | read-write ${HOME}/.local/share | 70 | read-write ${HOME}/.local/share |
71 | # used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails | 71 | # used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails |
72 | read-write ${HOME}/.thumbnails | 72 | read-write ${HOME}/.thumbnails |
73 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 63b07d474..e1025a1fb 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 35d59d439..12d692b72 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile | |||
@@ -49,3 +49,4 @@ dbus-user none | |||
49 | dbus-system none | 49 | dbus-system none |
50 | 50 | ||
51 | memory-deny-write-execute | 51 | memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index f0ef7d010..19ce6fcd1 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile | |||
@@ -51,3 +51,4 @@ private-cache | |||
51 | private-dev | 51 | private-dev |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile index a28a66786..73fd65bcd 100644 --- a/etc/profile-m-z/megaglest.profile +++ b/etc/profile-m-z/megaglest.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index dddc7f977..634694363 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -78,3 +78,4 @@ private-dev | |||
78 | private-tmp | 78 | private-tmp |
79 | 79 | ||
80 | read-only ${HOME}/.ssh | 80 | read-only ${HOME}/.ssh |
81 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile index 4f9bcea71..f2626b0c1 100644 --- a/etc/profile-m-z/mendeleydesktop.profile +++ b/etc/profile-m-z/mendeleydesktop.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index 08b155a27..cd4938ec6 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile | |||
@@ -61,3 +61,4 @@ read-write ${HOME}/.config/menus | |||
61 | read-write ${HOME}/.gnome/apps | 61 | read-write ${HOME}/.gnome/apps |
62 | read-write ${HOME}/.local/share/applications | 62 | read-write ${HOME}/.local/share/applications |
63 | read-write ${HOME}/.local/share/flatpak/exports | 63 | read-write ${HOME}/.local/share/flatpak/exports |
64 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile index 47b4cf8c9..db87b21bc 100644 --- a/etc/profile-m-z/meteo-qt.profile +++ b/etc/profile-m-z/meteo-qt.profile | |||
@@ -51,3 +51,4 @@ dbus-user none | |||
51 | dbus-system none | 51 | dbus-system none |
52 | 52 | ||
53 | memory-deny-write-execute | 53 | memory-deny-write-execute |
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile index eb037f51b..d1655fabb 100644 --- a/etc/profile-m-z/midori.profile +++ b/etc/profile-m-z/midori.profile | |||
@@ -62,3 +62,5 @@ tracelog | |||
62 | 62 | ||
63 | disable-mnt | 63 | disable-mnt |
64 | private-tmp | 64 | private-tmp |
65 | |||
66 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index 8f1cd0bc6..a26896b19 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile | |||
@@ -48,3 +48,4 @@ dbus-user none | |||
48 | dbus-system none | 48 | dbus-system none |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 22684be39..e6bf86802 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -56,3 +56,5 @@ private-tmp | |||
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index 3d7ede3dc..15474c96e 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile | |||
@@ -61,3 +61,5 @@ private-tmp | |||
61 | 61 | ||
62 | dbus-user none | 62 | dbus-user none |
63 | dbus-system none | 63 | dbus-system none |
64 | |||
65 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 385edbd7a..ce938c867 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile | |||
@@ -58,3 +58,5 @@ private-tmp | |||
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 2b05bbfde..d36c0fc81 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile | |||
@@ -58,3 +58,5 @@ private-tmp | |||
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 707ef34e9..34721b4a3 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index fdaf885bd..46320f8ea 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -50,3 +50,4 @@ dbus-system none | |||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
51 | read-only ${HOME} | 51 | read-only ${HOME} |
52 | read-write ${HOME}/.moc | 52 | read-write ${HOME}/.moc |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile index e87c82e30..8e597fa99 100644 --- a/etc/profile-m-z/mousepad.profile +++ b/etc/profile-m-z/mousepad.profile | |||
@@ -37,3 +37,5 @@ private-bin mousepad | |||
37 | private-dev | 37 | private-dev |
38 | private-lib | 38 | private-lib |
39 | private-tmp | 39 | private-tmp |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 0dd9f7b43..89cee657d 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index e1b26aaf0..77ad30d0c 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile | |||
@@ -46,7 +46,8 @@ private-dev | |||
46 | private-etc alternatives,ld.so.cache,ld.so.preload | 46 | private-etc alternatives,ld.so.cache,ld.so.preload |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | memory-deny-write-execute | ||
50 | |||
51 | dbus-user none | 49 | dbus-user none |
52 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | memory-deny-write-execute | ||
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index ed8a7eee3..1d875c3c4 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile | |||
@@ -55,3 +55,4 @@ private-tmp | |||
55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
56 | 56 | ||
57 | read-only ${HOME} | 57 | read-only ${HOME} |
58 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile index 604db8105..d1c4bd24f 100644 --- a/etc/profile-m-z/mpd.profile +++ b/etc/profile-m-z/mpd.profile | |||
@@ -41,3 +41,4 @@ private-cache | |||
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index d03879836..12650dbc9 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile | |||
@@ -42,3 +42,4 @@ dbus-user none | |||
42 | dbus-system none | 42 | dbus-system none |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index ebb4b0e73..7d9ff39ad 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile | |||
@@ -37,3 +37,5 @@ seccomp | |||
37 | private-bin mplayer | 37 | private-bin mplayer |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | |||
41 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index 9dcdd34a3..e73e3142c 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile | |||
@@ -68,3 +68,4 @@ private-tmp | |||
68 | 68 | ||
69 | dbus-user none | 69 | dbus-user none |
70 | dbus-system none | 70 | dbus-system none |
71 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index 4ea5740c2..c9706999a 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -86,3 +86,5 @@ private-dev | |||
86 | 86 | ||
87 | dbus-user none | 87 | dbus-user none |
88 | dbus-system none | 88 | dbus-system none |
89 | |||
90 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index f4d8d7f6a..4f7ae09b9 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -56,3 +56,5 @@ private-tmp | |||
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 7eb8efae6..d979e7401 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
42 | dbus-system none | 42 | dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index 5467718e2..363c6fe4a 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 283840c17..73107680c 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile | |||
@@ -49,3 +49,4 @@ disable-mnt | |||
49 | private-dev | 49 | private-dev |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index e2530efc7..ef09e6fca 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile | |||
@@ -42,3 +42,4 @@ private-bin mumble | |||
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 44 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 1876dc5ca..954016c2c 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile | |||
@@ -44,3 +44,4 @@ dbus-system none | |||
44 | 44 | ||
45 | memory-deny-write-execute | 45 | memory-deny-write-execute |
46 | read-only ${HOME} | 46 | read-only ${HOME} |
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile index 093767c27..f97c6f271 100644 --- a/etc/profile-m-z/mupen64plus.profile +++ b/etc/profile-m-z/mupen64plus.profile | |||
@@ -31,3 +31,5 @@ seccomp | |||
31 | 31 | ||
32 | dbus-user none | 32 | dbus-user none |
33 | dbus-system none | 33 | dbus-system none |
34 | |||
35 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile index fa4a37bf8..ca951f70c 100644 --- a/etc/profile-m-z/musescore.profile +++ b/etc/profile-m-z/musescore.profile | |||
@@ -39,3 +39,5 @@ tracelog | |||
39 | 39 | ||
40 | # private-bin musescore,mscore | 40 | # private-bin musescore,mscore |
41 | private-tmp | 41 | private-tmp |
42 | |||
43 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 9f83bb428..01b8d20b3 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 796d7fbb0..d2032dcf6 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile | |||
@@ -35,3 +35,4 @@ disable-mnt | |||
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl | 36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl |
37 | 37 | ||
38 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 6c6341d40..52d30669f 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -146,3 +146,4 @@ read-only ${HOME}/.elinks | |||
146 | read-only ${HOME}/.nanorc | 146 | read-only ${HOME}/.nanorc |
147 | read-only ${HOME}/.signature | 147 | read-only ${HOME}/.signature |
148 | read-only ${HOME}/.w3m | 148 | read-only ${HOME}/.w3m |
149 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index 41519bbb1..18117965e 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index e8cee2538..a20eb3828 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile index 2c7e36a35..b979e1aee 100644 --- a/etc/profile-m-z/natron.profile +++ b/etc/profile-m-z/natron.profile | |||
@@ -34,3 +34,5 @@ private-bin natron,Natron,NatronRenderer | |||
34 | 34 | ||
35 | dbus-user none | 35 | dbus-user none |
36 | dbus-system none | 36 | dbus-system none |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile index 010f823d0..09687199b 100644 --- a/etc/profile-m-z/ncdu.profile +++ b/etc/profile-m-z/ncdu.profile | |||
@@ -35,3 +35,4 @@ dbus-user none | |||
35 | dbus-system none | 35 | dbus-system none |
36 | 36 | ||
37 | memory-deny-write-execute | 37 | memory-deny-write-execute |
38 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index a50fdd072..fde1d4d2c 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile | |||
@@ -62,3 +62,5 @@ dbus-user.talk org.freedesktop.Notifications | |||
62 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | 62 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
63 | dbus-user.talk org.kde.kwalletd5 | 63 | dbus-user.talk org.kde.kwalletd5 |
64 | dbus-system none | 64 | dbus-system none |
65 | |||
66 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 9000b7972..c255a85c9 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -129,3 +129,4 @@ read-only ${HOME}/.elinks | |||
129 | read-only ${HOME}/.nanorc | 129 | read-only ${HOME}/.nanorc |
130 | read-only ${HOME}/.signature | 130 | read-only ${HOME}/.signature |
131 | read-only ${HOME}/.w3m | 131 | read-only ${HOME}/.w3m |
132 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 60fc2fa65..4d5265397 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile index d130d5b3a..c07bb7107 100644 --- a/etc/profile-m-z/nethack-vultures.profile +++ b/etc/profile-m-z/nethack-vultures.profile | |||
@@ -42,3 +42,5 @@ writable-var | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile index 9cb7457e5..a43889349 100644 --- a/etc/profile-m-z/nethack.profile +++ b/etc/profile-m-z/nethack.profile | |||
@@ -44,3 +44,4 @@ dbus-user none | |||
44 | dbus-system none | 44 | dbus-system none |
45 | 45 | ||
46 | #memory-deny-write-execute | 46 | #memory-deny-write-execute |
47 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile index 0ddb7bbbe..467ce5829 100644 --- a/etc/profile-m-z/netsurf.profile +++ b/etc/profile-m-z/netsurf.profile | |||
@@ -32,3 +32,5 @@ seccomp | |||
32 | tracelog | 32 | tracelog |
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | |||
36 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index b9a25b66c..68b0ce2ea 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index 10f9240b7..b80a0a151 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile | |||
@@ -59,3 +59,4 @@ dbus-user none | |||
59 | dbus-system none | 59 | dbus-system none |
60 | 60 | ||
61 | memory-deny-write-execute | 61 | memory-deny-write-execute |
62 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 4da14beae..59f16bb10 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile | |||
@@ -57,3 +57,5 @@ dbus-user none | |||
57 | #dbus-user.own com.gitlab.newsflash | 57 | #dbus-user.own com.gitlab.newsflash |
58 | #dbus-user.talk org.freedesktop.Notifications | 58 | #dbus-user.talk org.freedesktop.Notifications |
59 | dbus-system none | 59 | dbus-system none |
60 | |||
61 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 95f9f5d14..c26942c81 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -69,3 +69,5 @@ dbus-user filter | |||
69 | dbus-user.talk org.freedesktop.secrets | 69 | dbus-user.talk org.freedesktop.secrets |
70 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | 70 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
71 | dbus-system none | 71 | dbus-system none |
72 | |||
73 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 662584892..4e4c7bfe7 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile | |||
@@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.secrets | |||
56 | # Add the next line to your nheko.local to enable notification support. | 56 | # Add the next line to your nheko.local to enable notification support. |
57 | #dbus-user.talk org.freedesktop.Notifications | 57 | #dbus-user.talk org.freedesktop.Notifications |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile index 22c8b1782..568899eea 100644 --- a/etc/profile-m-z/nicotine.profile +++ b/etc/profile-m-z/nicotine.profile | |||
@@ -59,3 +59,5 @@ private-tmp | |||
59 | 59 | ||
60 | dbus-user none | 60 | dbus-user none |
61 | dbus-system none | 61 | dbus-system none |
62 | |||
63 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index b4da229c4..cefe9fa79 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile | |||
@@ -49,3 +49,4 @@ private-tmp | |||
49 | # dbus-system none | 49 | # dbus-system none |
50 | 50 | ||
51 | # memory-deny-write-execute | 51 | # memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 2ba125a02..f185a04ee 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -100,3 +100,4 @@ dbus-system none | |||
100 | 100 | ||
101 | # Add the next line to your nodejs-common.local if you prefer to disable gatsby telemetry. | 101 | # Add the next line to your nodejs-common.local if you prefer to disable gatsby telemetry. |
102 | #env GATSBY_TELEMETRY_DISABLED=1 | 102 | #env GATSBY_TELEMETRY_DISABLED=1 |
103 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 733de1096..ac8336331 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -42,3 +42,5 @@ private-cache | |||
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl | 43 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl |
44 | private-tmp | 44 | private-tmp |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 7e9290513..11d6bd795 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -57,3 +57,4 @@ dbus-system none | |||
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | read-only ${HOME} | 59 | read-only ${HOME} |
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index 160385d70..37d9f593c 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index 1f8334d08..6f415d60a 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile | |||
@@ -51,3 +51,4 @@ read-write ${HOME}/.local/share/nvim | |||
51 | read-write ${HOME}/.local/state/nvim | 51 | read-write ${HOME}/.local/state/nvim |
52 | read-write ${HOME}/.vim | 52 | read-write ${HOME}/.vim |
53 | read-write ${HOME}/.vimrc | 53 | read-write ${HOME}/.vimrc |
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile index a86ef478a..8acf09e90 100644 --- a/etc/profile-m-z/nylas.profile +++ b/etc/profile-m-z/nylas.profile | |||
@@ -35,3 +35,5 @@ protocol unix,inet,inet6,netlink | |||
35 | seccomp | 35 | seccomp |
36 | 36 | ||
37 | private-dev | 37 | private-dev |
38 | |||
39 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index f58f4fd1c..4f767f046 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile | |||
@@ -51,3 +51,5 @@ private-tmp | |||
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
53 | dbus-system none | 53 | dbus-system none |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile index 91abdc032..82e7a4137 100644 --- a/etc/profile-m-z/obs.profile +++ b/etc/profile-m-z/obs.profile | |||
@@ -40,3 +40,4 @@ private-cache | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 0ce3aa088..87c665cba 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile | |||
@@ -59,3 +59,5 @@ private-tmp | |||
59 | 59 | ||
60 | dbus-user none | 60 | dbus-user none |
61 | dbus-system none | 61 | dbus-system none |
62 | |||
63 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 38751aa25..25da2139f 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile | |||
@@ -44,3 +44,4 @@ dbus-user none | |||
44 | dbus-system none | 44 | dbus-system none |
45 | 45 | ||
46 | read-only ${HOME} | 46 | read-only ${HOME} |
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 265ed1490..568b6566e 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -69,4 +69,5 @@ private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,mach | |||
69 | 69 | ||
70 | # memory-deny-write-execute | 70 | # memory-deny-write-execute |
71 | 71 | ||
72 | restrict-namespaces | ||
72 | join-or-start okular | 73 | join-or-start okular |
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index e9d6ac028..913b499d3 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile | |||
@@ -53,3 +53,5 @@ private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.pr | |||
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index db923056a..47ac9fc05 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile | |||
@@ -65,3 +65,4 @@ dbus-user.talk org.freedesktop.secrets | |||
65 | dbus-system none | 65 | dbus-system none |
66 | 66 | ||
67 | memory-deny-write-execute | 67 | memory-deny-write-execute |
68 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index 730ed271d..f6b070ab3 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile | |||
@@ -39,3 +39,5 @@ private-tmp | |||
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
41 | dbus-system none | 41 | dbus-system none |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 87366547f..053f54b48 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index b49fd9932..6a256593c 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile | |||
@@ -18,3 +18,4 @@ seccomp | |||
18 | 18 | ||
19 | read-only ${HOME}/.config/openbox/autostart | 19 | read-only ${HOME}/.config/openbox/autostart |
20 | read-only ${HOME}/.config/openbox/environment | 20 | read-only ${HOME}/.config/openbox/environment |
21 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile index 3001a355d..a7d147ec9 100644 --- a/etc/profile-m-z/opencity.profile +++ b/etc/profile-m-z/opencity.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile index 5f05480d8..3449ac686 100644 --- a/etc/profile-m-z/openclonk.profile +++ b/etc/profile-m-z/openclonk.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 8fe18f12b..be97552ab 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile | |||
@@ -58,3 +58,5 @@ private-tmp | |||
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
60 | dbus-system none | 60 | dbus-system none |
61 | |||
62 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile index e867eccc3..0082be581 100644 --- a/etc/profile-m-z/openshot.profile +++ b/etc/profile-m-z/openshot.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user filter | 47 | dbus-user filter |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile index 05b1d222d..fd8f70531 100644 --- a/etc/profile-m-z/openstego.profile +++ b/etc/profile-m-z/openstego.profile | |||
@@ -55,3 +55,5 @@ private-tmp | |||
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
57 | dbus-system none | 57 | dbus-system none |
58 | |||
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile index 19ba69b14..6e5c09eda 100644 --- a/etc/profile-m-z/openttd.profile +++ b/etc/profile-m-z/openttd.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile index 250e07004..fa16c05e2 100644 --- a/etc/profile-m-z/orage.profile +++ b/etc/profile-m-z/orage.profile | |||
@@ -36,3 +36,4 @@ private-cache | |||
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index a2c3e7d1d..f12838b72 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 7af611cc4..028c6fe90 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile | |||
@@ -56,3 +56,5 @@ private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts | |||
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index acb2ce176..24701b657 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -22,5 +22,8 @@ ignore seccomp | |||
22 | #private-etc palemoon | 22 | #private-etc palemoon |
23 | #private-opt palemoon | 23 | #private-opt palemoon |
24 | 24 | ||
25 | restrict-namespaces | ||
26 | ignore restrict-namespaces | ||
27 | |||
25 | # Redirect | 28 | # Redirect |
26 | include firefox-common.profile | 29 | include firefox-common.profile |
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index aac1fc5b6..2610ae67a 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index ca54d7ad4..fb629669a 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile | |||
@@ -27,3 +27,5 @@ seccomp | |||
27 | private-bin dbus-launch,parole | 27 | private-bin dbus-launch,parole |
28 | private-cache | 28 | private-cache |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl | 29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl |
30 | |||
31 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 573410630..5a0f69f79 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile | |||
@@ -48,3 +48,4 @@ dbus-user none | |||
48 | dbus-system none | 48 | dbus-system none |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index d21157325..88cfd3352 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile | |||
@@ -53,3 +53,4 @@ dbus-system none | |||
53 | 53 | ||
54 | # mdwe is broken under Wayland, but works under Xorg. | 54 | # mdwe is broken under Wayland, but works under Xorg. |
55 | #memory-deny-write-execute | 55 | #memory-deny-write-execute |
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index 9a1e7d420..784d82736 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 0441c9e04..2e38dde3b 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile | |||
@@ -40,3 +40,4 @@ dbus-user none | |||
40 | dbus-system none | 40 | dbus-system none |
41 | 41 | ||
42 | memory-deny-write-execute | 42 | memory-deny-write-execute |
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile index 463deca4c..81115b2e3 100644 --- a/etc/profile-m-z/pdfmod.profile +++ b/etc/profile-m-z/pdfmod.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile index 3e56a9c1d..34f8387af 100644 --- a/etc/profile-m-z/pdfsam.profile +++ b/etc/profile-m-z/pdfsam.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index 482181c86..7ece10835 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 9809a488f..24a1bc979 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -59,3 +59,4 @@ dbus-user.talk org.gnome.Shell.Screencast | |||
59 | dbus-system none | 59 | dbus-system none |
60 | 60 | ||
61 | memory-deny-write-execute | 61 | memory-deny-write-execute |
62 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile index e79e5cbc8..c740f5576 100644 --- a/etc/profile-m-z/penguin-command.profile +++ b/etc/profile-m-z/penguin-command.profile | |||
@@ -39,3 +39,5 @@ private-tmp | |||
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
41 | dbus-system none | 41 | dbus-system none |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 9f8e094fb..dcb52c846 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile index 2350f83a2..b007e3ca9 100644 --- a/etc/profile-m-z/picard.profile +++ b/etc/profile-m-z/picard.profile | |||
@@ -40,3 +40,4 @@ seccomp | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index 904c17e09..2dc49a28d 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile | |||
@@ -45,3 +45,5 @@ tracelog | |||
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-tmp | 47 | private-tmp |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 440ee7800..3664e1469 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ping-hardened.inc.profile b/etc/profile-m-z/ping-hardened.inc.profile index eda53654a..e3288d2b1 100644 --- a/etc/profile-m-z/ping-hardened.inc.profile +++ b/etc/profile-m-z/ping-hardened.inc.profile | |||
@@ -9,3 +9,4 @@ protocol unix,inet,inet6 | |||
9 | seccomp | 9 | seccomp |
10 | 10 | ||
11 | memory-deny-write-execute | 11 | memory-deny-write-execute |
12 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index dcb2134c7..2a7967de7 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile | |||
@@ -68,3 +68,4 @@ dbus-user none | |||
68 | dbus-system none | 68 | dbus-system none |
69 | 69 | ||
70 | read-only ${HOME} | 70 | read-only ${HOME} |
71 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index 14ac487ab..419dd5d1a 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile index d5a1b1141..e084a7933 100644 --- a/etc/profile-m-z/pinta.profile +++ b/etc/profile-m-z/pinta.profile | |||
@@ -38,3 +38,5 @@ private-tmp | |||
38 | 38 | ||
39 | dbus-user none | 39 | dbus-user none |
40 | dbus-system none | 40 | dbus-system none |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile index cf79adc6f..dc447def2 100644 --- a/etc/profile-m-z/pioneer.profile +++ b/etc/profile-m-z/pioneer.profile | |||
@@ -44,3 +44,5 @@ private-tmp | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pithos.profile b/etc/profile-m-z/pithos.profile index 9db4459e1..714ebd86d 100644 --- a/etc/profile-m-z/pithos.profile +++ b/etc/profile-m-z/pithos.profile | |||
@@ -40,3 +40,4 @@ private-bin env,pithos,python* | |||
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile index 773454c53..5ad20aafc 100644 --- a/etc/profile-m-z/pitivi.profile +++ b/etc/profile-m-z/pitivi.profile | |||
@@ -39,3 +39,4 @@ seccomp | |||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile index fb426681e..49bd8c318 100644 --- a/etc/profile-m-z/pix.profile +++ b/etc/profile-m-z/pix.profile | |||
@@ -34,3 +34,5 @@ private-bin pix | |||
34 | private-cache | 34 | private-cache |
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | |||
38 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 2af311269..88173edca 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile | |||
@@ -56,3 +56,4 @@ read-only ${HOME} | |||
56 | read-only /var/log/apt/history.log | 56 | read-only /var/log/apt/history.log |
57 | read-only /var/log/dnf.rpm.log | 57 | read-only /var/log/dnf.rpm.log |
58 | read-only /var/log/pacman.log | 58 | read-only /var/log/pacman.log |
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile index 0e4a06b44..efcdaa661 100644 --- a/etc/profile-m-z/pluma.profile +++ b/etc/profile-m-z/pluma.profile | |||
@@ -48,4 +48,5 @@ private-tmp | |||
48 | # dbus-user none | 48 | # dbus-user none |
49 | # dbus-system none | 49 | # dbus-system none |
50 | 50 | ||
51 | restrict-namespaces | ||
51 | join-or-start pluma | 52 | join-or-start pluma |
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 2140d1a21..62927f9f7 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile | |||
@@ -57,3 +57,4 @@ dbus-system none | |||
57 | read-only ${HOME} | 57 | read-only ${HOME} |
58 | read-write ${HOME}/.config/PacmanLogViewer | 58 | read-write ${HOME}/.config/PacmanLogViewer |
59 | read-only /var/log/pacman.log | 59 | read-only /var/log/pacman.log |
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index ad30c5703..8e2c39b83 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -53,3 +53,4 @@ dbus-user none | |||
53 | dbus-system none | 53 | dbus-system none |
54 | 54 | ||
55 | memory-deny-write-execute | 55 | memory-deny-write-execute |
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile index 068fd3412..dd730bf76 100644 --- a/etc/profile-m-z/polari.profile +++ b/etc/profile-m-z/polari.profile | |||
@@ -49,3 +49,4 @@ disable-mnt | |||
49 | private-dev | 49 | private-dev |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index bf5d9a9c3..58528c372 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index 9faa1fcd6..73b377712 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile | |||
@@ -35,3 +35,4 @@ private-dev | |||
35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 13f48b048..ddc6524a5 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile index 8f8b2fff4..af117c3b5 100644 --- a/etc/profile-m-z/psi-plus.profile +++ b/etc/profile-m-z/psi-plus.profile | |||
@@ -42,3 +42,5 @@ seccomp !chroot | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
45 | |||
46 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index 943b8d3ac..be06c5d89 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile | |||
@@ -75,3 +75,5 @@ private-tmp | |||
75 | 75 | ||
76 | dbus-user none | 76 | dbus-user none |
77 | dbus-system none | 77 | dbus-system none |
78 | |||
79 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 358cc36da..ba71ab29d 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile | |||
@@ -43,3 +43,4 @@ private-dev | |||
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg | 43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 2a0f4288f..9605da3ac 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile | |||
@@ -63,3 +63,4 @@ dbus-user none | |||
63 | dbus-system none | 63 | dbus-system none |
64 | 64 | ||
65 | # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo | 65 | # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo |
66 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index f24916630..71374a8c8 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile | |||
@@ -64,3 +64,4 @@ read-write ${HOME}/.config/PawelStolowski | |||
64 | read-write ${HOME}/.local/share/PawelStolowski | 64 | read-write ${HOME}/.local/share/PawelStolowski |
65 | #to allow ${HOME}/.local/share/recently-used.xbel | 65 | #to allow ${HOME}/.local/share/recently-used.xbel |
66 | read-write ${HOME}/.local/share | 66 | read-write ${HOME}/.local/share |
67 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile index 034a2b7c1..8484d3705 100644 --- a/etc/profile-m-z/qemu-launcher.profile +++ b/etc/profile-m-z/qemu-launcher.profile | |||
@@ -25,3 +25,4 @@ private-cache | |||
25 | private-tmp | 25 | private-tmp |
26 | 26 | ||
27 | noexec /tmp | 27 | noexec /tmp |
28 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qemu-system-x86_64.profile b/etc/profile-m-z/qemu-system-x86_64.profile index e565e0165..495c469f7 100644 --- a/etc/profile-m-z/qemu-system-x86_64.profile +++ b/etc/profile-m-z/qemu-system-x86_64.profile | |||
@@ -24,3 +24,4 @@ private-cache | |||
24 | private-tmp | 24 | private-tmp |
25 | 25 | ||
26 | noexec /tmp | 26 | noexec /tmp |
27 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 2f8c42548..d4b71f972 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile | |||
@@ -56,3 +56,5 @@ private-tmp | |||
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile index d0a14b079..f183f6e0e 100644 --- a/etc/profile-m-z/qlipper.profile +++ b/etc/profile-m-z/qlipper.profile | |||
@@ -35,3 +35,4 @@ private-cache | |||
35 | private-dev | 35 | private-dev |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile index a3fd56186..ecd62a7d1 100644 --- a/etc/profile-m-z/qmmp.profile +++ b/etc/profile-m-z/qmmp.profile | |||
@@ -36,3 +36,5 @@ private-tmp | |||
36 | 36 | ||
37 | dbus-user none | 37 | dbus-user none |
38 | dbus-system none | 38 | dbus-system none |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index f6576ae2f..037cc96ec 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile index 17142a47f..4caa0917f 100644 --- a/etc/profile-m-z/qpdfview.profile +++ b/etc/profile-m-z/qpdfview.profile | |||
@@ -43,3 +43,5 @@ private-tmp | |||
43 | # needs D-Bus when started from a file manager | 43 | # needs D-Bus when started from a file manager |
44 | # dbus-user none | 44 | # dbus-user none |
45 | # dbus-system none | 45 | # dbus-system none |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index e7566cbe4..09b70756b 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
@@ -54,3 +54,4 @@ dbus-user none | |||
54 | dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | memory-deny-write-execute | 56 | memory-deny-write-execute |
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index c0d737f00..f95720d71 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile | |||
@@ -49,3 +49,4 @@ dbus-user none | |||
49 | dbus-system none | 49 | dbus-system none |
50 | 50 | ||
51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/quassel.profile b/etc/profile-m-z/quassel.profile index c65089e20..4589c9e4a 100644 --- a/etc/profile-m-z/quassel.profile +++ b/etc/profile-m-z/quassel.profile | |||
@@ -24,3 +24,5 @@ seccomp !chroot | |||
24 | 24 | ||
25 | private-cache | 25 | private-cache |
26 | private-tmp | 26 | private-tmp |
27 | |||
28 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index 686562646..ad45a26d5 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile | |||
@@ -51,3 +51,5 @@ private-tmp | |||
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
53 | dbus-system none | 53 | dbus-system none |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile index 761eb7215..a59f01f85 100644 --- a/etc/profile-m-z/quiterss.profile +++ b/etc/profile-m-z/quiterss.profile | |||
@@ -52,3 +52,4 @@ private-bin quiterss | |||
52 | private-dev | 52 | private-dev |
53 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,X11 | 53 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,X11 |
54 | 54 | ||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 345e85cdf..ea49684e3 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile | |||
@@ -63,3 +63,5 @@ private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf, | |||
63 | private-tmp | 63 | private-tmp |
64 | 64 | ||
65 | dbus-system none | 65 | dbus-system none |
66 | |||
67 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index 3bdfb2cec..b83a0ce2d 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -48,7 +48,7 @@ notv | |||
48 | protocol unix,inet,inet6,netlink | 48 | protocol unix,inet,inet6,netlink |
49 | # blacklisting of chroot system calls breaks qt webengine | 49 | # blacklisting of chroot system calls breaks qt webengine |
50 | seccomp !chroot,!name_to_handle_at | 50 | seccomp !chroot,!name_to_handle_at |
51 | # tracelog | 51 | #tracelog |
52 | 52 | ||
53 | disable-mnt | 53 | disable-mnt |
54 | private-cache | 54 | private-cache |
@@ -65,3 +65,5 @@ dbus-user.talk org.freedesktop.Notifications | |||
65 | # with the above lines (might depend on the portal implementation). | 65 | # with the above lines (might depend on the portal implementation). |
66 | #ignore noroot | 66 | #ignore noroot |
67 | dbus-system none | 67 | dbus-system none |
68 | |||
69 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile index 3042d5e3f..e320d82f7 100644 --- a/etc/profile-m-z/raincat.profile +++ b/etc/profile-m-z/raincat.profile | |||
@@ -46,3 +46,4 @@ private-tmp | |||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | 48 | ||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile index a14d7862b..38a093337 100644 --- a/etc/profile-m-z/rambox.profile +++ b/etc/profile-m-z/rambox.profile | |||
@@ -35,4 +35,6 @@ protocol unix,inet,inet6,netlink | |||
35 | # electron-based application, needing chroot | 35 | # electron-based application, needing chroot |
36 | #seccomp | 36 | #seccomp |
37 | seccomp !chroot | 37 | seccomp !chroot |
38 | # tracelog | 38 | #tracelog |
39 | |||
40 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index e738d8cb3..774b46b28 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile index 7ee79d4c5..1295ce00d 100644 --- a/etc/profile-m-z/rednotebook.profile +++ b/etc/profile-m-z/rednotebook.profile | |||
@@ -63,3 +63,5 @@ private-tmp | |||
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
65 | dbus-system none | 65 | dbus-system none |
66 | |||
67 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile index e5564a532..cfc68a697 100644 --- a/etc/profile-m-z/redshift.profile +++ b/etc/profile-m-z/redshift.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 82653c209..571381f57 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile | |||
@@ -52,3 +52,4 @@ dbus-system none | |||
52 | 52 | ||
53 | # never write anything | 53 | # never write anything |
54 | read-only ${HOME} | 54 | read-only ${HOME} |
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index 79630f09c..208f57710 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile | |||
@@ -42,3 +42,4 @@ private-cache | |||
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/retroarch.profile b/etc/profile-m-z/retroarch.profile index cb5544f5f..91486dc23 100644 --- a/etc/profile-m-z/retroarch.profile +++ b/etc/profile-m-z/retroarch.profile | |||
@@ -51,3 +51,5 @@ private-tmp | |||
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
53 | dbus-system none | 53 | dbus-system none |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index b4eabf7ee..dccd93429 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile | |||
@@ -63,3 +63,5 @@ dbus-user.talk org.freedesktop.Notifications | |||
63 | dbus-user.talk org.gnome.SettingsDaemon.MediaKeys | 63 | dbus-user.talk org.gnome.SettingsDaemon.MediaKeys |
64 | dbus-system filter | 64 | dbus-system filter |
65 | dbus-system.talk org.freedesktop.Avahi | 65 | dbus-system.talk org.freedesktop.Avahi |
66 | |||
67 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile index a05c1f310..d5cb77fff 100644 --- a/etc/profile-m-z/ricochet.profile +++ b/etc/profile-m-z/ricochet.profile | |||
@@ -39,3 +39,4 @@ private-bin ricochet,tor | |||
39 | private-dev | 39 | private-dev |
40 | #private-etc alternatives,alternatives,ca-certificates,crypto-policies,fonts,pki,ssl,tor,X11 | 40 | #private-etc alternatives,alternatives,ca-certificates,crypto-policies,fonts,pki,ssl,tor,X11 |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile index 5740fcfc4..33878e999 100644 --- a/etc/profile-m-z/ripperx.profile +++ b/etc/profile-m-z/ripperx.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
42 | dbus-system none | 42 | dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile index 6dcf2121b..4562616d2 100644 --- a/etc/profile-m-z/ristretto.profile +++ b/etc/profile-m-z/ristretto.profile | |||
@@ -39,3 +39,4 @@ private-cache | |||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile index afd9da70a..186e31b46 100644 --- a/etc/profile-m-z/rpcs3.profile +++ b/etc/profile-m-z/rpcs3.profile | |||
@@ -59,3 +59,5 @@ private-tmp | |||
59 | 59 | ||
60 | dbus-user none | 60 | dbus-user none |
61 | dbus-system none | 61 | dbus-system none |
62 | |||
63 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index a3cb0122c..91b18678f 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -55,3 +55,4 @@ dbus-user none | |||
55 | dbus-system none | 55 | dbus-system none |
56 | 56 | ||
57 | memory-deny-write-execute | 57 | memory-deny-write-execute |
58 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile index cd84ce05e..87aa69bcb 100644 --- a/etc/profile-m-z/rtin.profile +++ b/etc/profile-m-z/rtin.profile | |||
@@ -5,4 +5,5 @@ | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include rtin.local | 6 | include rtin.local |
7 | 7 | ||
8 | # Redirect | ||
8 | include tin.profile | 9 | include tin.profile |
diff --git a/etc/profile-m-z/rtorrent.profile b/etc/profile-m-z/rtorrent.profile index 8c52e3161..a1c735645 100644 --- a/etc/profile-m-z/rtorrent.profile +++ b/etc/profile-m-z/rtorrent.profile | |||
@@ -31,3 +31,5 @@ private-bin rtorrent | |||
31 | private-cache | 31 | private-cache |
32 | private-dev | 32 | private-dev |
33 | private-tmp | 33 | private-tmp |
34 | |||
35 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index c4047ebd4..565925e7a 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -62,3 +62,5 @@ private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,host | |||
62 | 62 | ||
63 | dbus-user none | 63 | dbus-user none |
64 | dbus-system none | 64 | dbus-system none |
65 | |||
66 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile index c299dd13a..f7ef54f5c 100644 --- a/etc/profile-m-z/sayonara.profile +++ b/etc/profile-m-z/sayonara.profile | |||
@@ -33,3 +33,4 @@ private-bin sayonara | |||
33 | private-dev | 33 | private-dev |
34 | private-tmp | 34 | private-tmp |
35 | 35 | ||
36 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile index f8f9c681c..8f5c00f4a 100644 --- a/etc/profile-m-z/scallion.profile +++ b/etc/profile-m-z/scallion.profile | |||
@@ -41,3 +41,5 @@ private-tmp | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index 838286665..a1a0176b9 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 316bad98a..6dfb50c5a 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile index b9d1e59aa..34cf783fe 100644 --- a/etc/profile-m-z/scribus.profile +++ b/etc/profile-m-z/scribus.profile | |||
@@ -61,3 +61,5 @@ private-tmp | |||
61 | 61 | ||
62 | dbus-user none | 62 | dbus-user none |
63 | dbus-system none | 63 | dbus-system none |
64 | |||
65 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sdat2img.profile b/etc/profile-m-z/sdat2img.profile index a353bc495..c0f9e8aa5 100644 --- a/etc/profile-m-z/sdat2img.profile +++ b/etc/profile-m-z/sdat2img.profile | |||
@@ -41,3 +41,5 @@ private-dev | |||
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile index 00ae021fd..184a06958 100644 --- a/etc/profile-m-z/seafile-applet.profile +++ b/etc/profile-m-z/seafile-applet.profile | |||
@@ -59,3 +59,5 @@ private-tmp | |||
59 | 59 | ||
60 | dbus-user none | 60 | dbus-user none |
61 | dbus-system none | 61 | dbus-system none |
62 | |||
63 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 45b12f2c8..7ff252ec7 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index af7abc1d9..0b7232cc4 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -67,3 +67,5 @@ dbus-user.own org.gnome.seahorse | |||
67 | dbus-user.own org.gnome.seahorse.Application | 67 | dbus-user.own org.gnome.seahorse.Application |
68 | dbus-user.talk org.freedesktop.secrets | 68 | dbus-user.talk org.freedesktop.secrets |
69 | dbus-system none | 69 | dbus-system none |
70 | |||
71 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index 5210a594c..c2dbbc2c6 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile | |||
@@ -57,3 +57,5 @@ tracelog | |||
57 | disable-mnt | 57 | disable-mnt |
58 | # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl | 58 | # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl |
59 | writable-run-user | 59 | writable-run-user |
60 | |||
61 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 8d8a1dac6..5b71fe6c3 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -83,6 +83,9 @@ private-dev | |||
83 | # private-lib | 83 | # private-lib |
84 | # private-opt none | 84 | # private-opt none |
85 | private-tmp | 85 | private-tmp |
86 | # writable-run-user | ||
87 | # writable-var | ||
88 | # writable-var-log | ||
86 | 89 | ||
87 | dbus-user none | 90 | dbus-user none |
88 | # dbus-system none | 91 | # dbus-system none |
@@ -90,7 +93,4 @@ dbus-user none | |||
90 | # deterministic-shutdown | 93 | # deterministic-shutdown |
91 | # memory-deny-write-execute | 94 | # memory-deny-write-execute |
92 | # read-only ${HOME} | 95 | # read-only ${HOME} |
93 | # restrict-namespaces | 96 | restrict-namespaces |
94 | # writable-run-user | ||
95 | # writable-var | ||
96 | # writable-var-log | ||
diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile index 6eeba9eb6..65fef339e 100644 --- a/etc/profile-m-z/servo.profile +++ b/etc/profile-m-z/servo.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index 49c4646ed..cf6b37db6 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index 22cb272c5..cd2a9f13e 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile | |||
@@ -47,3 +47,5 @@ private-cache | |||
47 | private-dev | 47 | private-dev |
48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | 48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg |
49 | private-tmp | 49 | private-tmp |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile index e2cbce2f5..ec0380ce7 100644 --- a/etc/profile-m-z/shotcut.profile +++ b/etc/profile-m-z/shotcut.profile | |||
@@ -35,3 +35,5 @@ private-dev | |||
35 | 35 | ||
36 | dbus-user none | 36 | dbus-user none |
37 | dbus-system none | 37 | dbus-system none |
38 | |||
39 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index 44898a2e9..d33a97ffc 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile | |||
@@ -57,3 +57,5 @@ dbus-user.own org.gnome.Shotwell | |||
57 | dbus-user.talk ca.desrt.dconf | 57 | dbus-user.talk ca.desrt.dconf |
58 | dbus-user.talk org.gtk.vfs.UDisks2VolumeMonitor | 58 | dbus-user.talk org.gtk.vfs.UDisks2VolumeMonitor |
59 | dbus-system none | 59 | dbus-system none |
60 | |||
61 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index b70275d0d..d2b604df5 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile | |||
@@ -48,3 +48,5 @@ private-dev | |||
48 | # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try | 48 | # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try |
49 | #private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl | 49 | #private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl |
50 | private-tmp | 50 | private-tmp |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/silentarmy.profile b/etc/profile-m-z/silentarmy.profile index 74a51208c..96e4cf283 100644 --- a/etc/profile-m-z/silentarmy.profile +++ b/etc/profile-m-z/silentarmy.profile | |||
@@ -37,3 +37,4 @@ private-dev | |||
37 | private-opt none | 37 | private-opt none |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile index 4d13a3ad3..14846cf58 100644 --- a/etc/profile-m-z/simple-scan.profile +++ b/etc/profile-m-z/simple-scan.profile | |||
@@ -38,3 +38,5 @@ tracelog | |||
38 | # private-dev | 38 | # private-dev |
39 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl | 39 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl |
40 | # private-tmp | 40 | # private-tmp |
41 | |||
42 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile index a68de8f40..6ee9ea6ba 100644 --- a/etc/profile-m-z/simplescreenrecorder.profile +++ b/etc/profile-m-z/simplescreenrecorder.profile | |||
@@ -36,3 +36,5 @@ tracelog | |||
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index 733ea6413..6ba735556 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile | |||
@@ -39,3 +39,5 @@ private-tmp | |||
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
41 | dbus-system none | 41 | dbus-system none |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile index 1e60fb083..6b73b2289 100644 --- a/etc/profile-m-z/skanlite.profile +++ b/etc/profile-m-z/skanlite.profile | |||
@@ -33,3 +33,5 @@ seccomp !ioperm | |||
33 | 33 | ||
34 | # dbus-user none | 34 | # dbus-user none |
35 | # dbus-system none | 35 | # dbus-system none |
36 | |||
37 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile index 8ec692657..3ad182b9e 100644 --- a/etc/profile-m-z/slashem.profile +++ b/etc/profile-m-z/slashem.profile | |||
@@ -44,3 +44,4 @@ dbus-user none | |||
44 | dbus-system none | 44 | dbus-system none |
45 | 45 | ||
46 | #memory-deny-write-execute | 46 | #memory-deny-write-execute |
47 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile index 00770798e..0ab398ebd 100644 --- a/etc/profile-m-z/smplayer.profile +++ b/etc/profile-m-z/smplayer.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | # problems with KDE | 52 | # problems with KDE |
53 | # dbus-user none | 53 | # dbus-user none |
54 | # dbus-system none | 54 | # dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index a3a519511..b617444af 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile | |||
@@ -45,3 +45,4 @@ seccomp | |||
45 | private-dev | 45 | private-dev |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index 9c93845f5..ffed9d44c 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index ff8ba38b4..b4658b7af 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
49 | dbus-system none | 49 | dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sol.profile b/etc/profile-m-z/sol.profile index 833b905fe..e2be4e9e0 100644 --- a/etc/profile-m-z/sol.profile +++ b/etc/profile-m-z/sol.profile | |||
@@ -44,3 +44,4 @@ dbus-user none | |||
44 | dbus-system none | 44 | dbus-system none |
45 | 45 | ||
46 | # memory-deny-write-execute | 46 | # memory-deny-write-execute |
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/songrec.profile b/etc/profile-m-z/songrec.profile index 2e26fbb52..9261c1e3f 100644 --- a/etc/profile-m-z/songrec.profile +++ b/etc/profile-m-z/songrec.profile | |||
@@ -51,3 +51,5 @@ private-tmp | |||
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
53 | dbus-system none | 53 | dbus-system none |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile index f8b87065b..f5ac6c739 100644 --- a/etc/profile-m-z/sound-juicer.profile +++ b/etc/profile-m-z/sound-juicer.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | # dbus-user none | 41 | # dbus-user none |
42 | # dbus-system none | 42 | # dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile index d32ba87fc..843080cc8 100644 --- a/etc/profile-m-z/soundconverter.profile +++ b/etc/profile-m-z/soundconverter.profile | |||
@@ -47,3 +47,4 @@ private-cache | |||
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 7637eb868..5a1314315 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile | |||
@@ -65,3 +65,5 @@ dbus-user.talk org.freedesktop.FileManager1 | |||
65 | #dbus-user.talk org.kde.JobViewServer | 65 | #dbus-user.talk org.kde.JobViewServer |
66 | #dbus-user.talk org.kde.kglobalaccel | 66 | #dbus-user.talk org.kde.kglobalaccel |
67 | dbus-system none | 67 | dbus-system none |
68 | |||
69 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index f83fe9a17..4bc23fc04 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile | |||
@@ -53,3 +53,5 @@ dbus-user filter | |||
53 | # Add the next line to your spectral.local to enable notification support. | 53 | # Add the next line to your spectral.local to enable notification support. |
54 | #dbus-user.talk org.freedesktop.Notifications | 54 | #dbus-user.talk org.freedesktop.Notifications |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 8c089a5af..d21f49e61 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile | |||
@@ -49,3 +49,4 @@ dbus-user none | |||
49 | dbus-system none | 49 | dbus-system none |
50 | 50 | ||
51 | memory-deny-write-execute | 51 | memory-deny-write-execute |
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index bfa3a805a..721e39cd4 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | # dbus needed for MPRIS | 53 | # dbus needed for MPRIS |
54 | # dbus-user none | 54 | # dbus-user none |
55 | # dbus-system none | 55 | # dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 0808685d1..b6eee5293 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile | |||
@@ -49,3 +49,4 @@ private-tmp | |||
49 | # dbus-system none | 49 | # dbus-system none |
50 | 50 | ||
51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 51 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 35bcdca7c..76755def4 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -33,3 +33,5 @@ writable-run-user | |||
33 | 33 | ||
34 | dbus-user none | 34 | dbus-user none |
35 | dbus-system none | 35 | dbus-system none |
36 | |||
37 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index c68b82b54..a7956a76e 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | deterministic-shutdown | 52 | deterministic-shutdown |
53 | memory-deny-write-execute | 53 | memory-deny-write-execute |
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 7a59274bf..868c724d2 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile | |||
@@ -42,3 +42,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostnam | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 5e5a8e9bb..f807afdc7 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -178,7 +178,8 @@ private-dev | |||
178 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan | 178 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan |
179 | private-tmp | 179 | private-tmp |
180 | 180 | ||
181 | # dbus-user none | 181 | #dbus-user none |
182 | # dbus-system none | 182 | #dbus-system none |
183 | 183 | ||
184 | read-only ${HOME}/.config/MangoHud | 184 | read-only ${HOME}/.config/MangoHud |
185 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile index ecb5201e0..c83ff40f8 100644 --- a/etc/profile-m-z/stellarium.profile +++ b/etc/profile-m-z/stellarium.profile | |||
@@ -43,3 +43,4 @@ private-bin stellarium | |||
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index a6723e9de..e9d2ca430 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile | |||
@@ -46,3 +46,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostnam | |||
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile index 506a38145..8c14ca51f 100644 --- a/etc/profile-m-z/strings.profile +++ b/etc/profile-m-z/strings.profile | |||
@@ -54,3 +54,4 @@ dbus-system none | |||
54 | 54 | ||
55 | memory-deny-write-execute | 55 | memory-deny-write-execute |
56 | read-only ${HOME} | 56 | read-only ${HOME} |
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index b222b5be2..896d4bc3e 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 52 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index b082cc761..1f532d76c 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 7616217ff..b4eb70fcb 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -60,3 +60,5 @@ private-srv none | |||
60 | 60 | ||
61 | dbus-user none | 61 | dbus-user none |
62 | dbus-system none | 62 | dbus-system none |
63 | |||
64 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 78432bf43..3508e11b0 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile | |||
@@ -36,3 +36,4 @@ private-dev | |||
36 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl | 36 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile index 46f5348fd..7b6a87b31 100644 --- a/etc/profile-m-z/sushi.profile +++ b/etc/profile-m-z/sushi.profile | |||
@@ -45,3 +45,4 @@ read-only /media | |||
45 | read-only /run/mount | 45 | read-only /run/mount |
46 | read-only /run/media | 46 | read-only /run/media |
47 | read-only ${HOME} | 47 | read-only ${HOME} |
48 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sway.profile b/etc/profile-m-z/sway.profile index 046d1b4be..f71905150 100644 --- a/etc/profile-m-z/sway.profile +++ b/etc/profile-m-z/sway.profile | |||
@@ -17,3 +17,5 @@ netfilter | |||
17 | noroot | 17 | noroot |
18 | protocol unix,inet,inet6 | 18 | protocol unix,inet,inet6 |
19 | seccomp | 19 | seccomp |
20 | |||
21 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile index 4c290aa01..a2bb7d8e5 100644 --- a/etc/profile-m-z/synfigstudio.profile +++ b/etc/profile-m-z/synfigstudio.profile | |||
@@ -36,3 +36,5 @@ private-tmp | |||
36 | 36 | ||
37 | dbus-user none | 37 | dbus-user none |
38 | dbus-system none | 38 | dbus-system none |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index a0a2ec7bc..cef029401 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -74,3 +74,4 @@ dbus-user.own org.gnome.Sysprof3 | |||
74 | dbus-user.talk ca.desrt.dconf | 74 | dbus-user.talk ca.desrt.dconf |
75 | 75 | ||
76 | # memory-deny-write-execute - breaks on Arch | 76 | # memory-deny-write-execute - breaks on Arch |
77 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index 57301a54d..bc8444efd 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile | |||
@@ -44,3 +44,4 @@ private-dev | |||
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | memory-deny-write-execute | 46 | memory-deny-write-execute |
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile index 31df5b97c..41da4ee13 100644 --- a/etc/profile-m-z/teamspeak3.profile +++ b/etc/profile-m-z/teamspeak3.profile | |||
@@ -39,3 +39,4 @@ disable-mnt | |||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | # restrict-namespaces | ||
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile index a253f9a76..f01cc1c74 100644 --- a/etc/profile-m-z/teeworlds.profile +++ b/etc/profile-m-z/teeworlds.profile | |||
@@ -43,3 +43,5 @@ private-tmp | |||
43 | 43 | ||
44 | dbus-user none | 44 | dbus-user none |
45 | dbus-system none | 45 | dbus-system none |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index bdae44ad0..886d303c8 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile | |||
@@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.Notifications | |||
56 | dbus-user.talk org.gnome.Mutter.IdleMonitor | 56 | dbus-user.talk org.gnome.Mutter.IdleMonitor |
57 | dbus-user.talk org.freedesktop.ScreenSaver | 57 | dbus-user.talk org.freedesktop.ScreenSaver |
58 | dbus-system none | 58 | dbus-system none |
59 | |||
60 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile index 527c3c99f..13a47c958 100644 --- a/etc/profile-m-z/telnet.profile +++ b/etc/profile-m-z/telnet.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | noexec ${HOME} | 53 | noexec ${HOME} |
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index 4af30acc0..9249e33c8 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index 3dad84480..f49738f2b 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile | |||
@@ -32,3 +32,4 @@ private-cache | |||
32 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 32 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index 0ca9cc1ce..3cbf90660 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -65,3 +65,4 @@ dbus-user none | |||
65 | dbus-system none | 65 | dbus-system none |
66 | 66 | ||
67 | memory-deny-write-execute | 67 | memory-deny-write-execute |
68 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index bb710edc3..a855ff839 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile | |||
@@ -42,3 +42,5 @@ private-dev | |||
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile index ba7672068..275b170ff 100644 --- a/etc/profile-m-z/tor.profile +++ b/etc/profile-m-z/tor.profile | |||
@@ -48,3 +48,5 @@ private-dev | |||
48 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor | 48 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor |
49 | private-tmp | 49 | private-tmp |
50 | writable-var | 50 | writable-var |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 9d66c5fa4..fab792826 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -63,3 +63,5 @@ private-tmp | |||
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
65 | dbus-system none | 65 | dbus-system none |
66 | |||
67 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile index dfc20fc00..f83a74e9c 100644 --- a/etc/profile-m-z/torcs.profile +++ b/etc/profile-m-z/torcs.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index 9ecc1e5ea..e21d37040 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile | |||
@@ -57,3 +57,5 @@ private-tmp | |||
57 | # makes settings immutable | 57 | # makes settings immutable |
58 | # dbus-user none | 58 | # dbus-user none |
59 | dbus-system none | 59 | dbus-system none |
60 | |||
61 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index 6d7751953..f30b0aef6 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile | |||
@@ -36,3 +36,5 @@ tracelog | |||
36 | # private-bin tracker | 36 | # private-bin tracker |
37 | # private-dev | 37 | # private-dev |
38 | # private-tmp | 38 | # private-tmp |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index 6dcdf64b6..9937b7c11 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 78df412d7..0a9029c97 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index 4bcc0affe..21c09067e 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile | |||
@@ -50,3 +50,5 @@ private-tmp | |||
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
52 | dbus-system none | 52 | dbus-system none |
53 | |||
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index eb3ae356a..63e964355 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -61,3 +61,4 @@ dbus-user.talk org.freedesktop.secrets | |||
61 | dbus-system none | 61 | dbus-system none |
62 | 62 | ||
63 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 63 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
64 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile index 58f600259..f02532936 100644 --- a/etc/profile-m-z/truecraft.profile +++ b/etc/profile-m-z/truecraft.profile | |||
@@ -36,3 +36,4 @@ disable-mnt | |||
36 | private-dev | 36 | private-dev |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile index 807d43281..ab2b359e4 100644 --- a/etc/profile-m-z/tuxguitar.profile +++ b/etc/profile-m-z/tuxguitar.profile | |||
@@ -43,3 +43,5 @@ tracelog | |||
43 | 43 | ||
44 | private-dev | 44 | private-dev |
45 | private-tmp | 45 | private-tmp |
46 | |||
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile index 6c1dcc603..518dc95c7 100644 --- a/etc/profile-m-z/tvbrowser.profile +++ b/etc/profile-m-z/tvbrowser.profile | |||
@@ -50,3 +50,5 @@ private-tmp | |||
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
52 | dbus-system none | 52 | dbus-system none |
53 | |||
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/udiskie.profile b/etc/profile-m-z/udiskie.profile index e9a2745bf..7e3c7ac5a 100644 --- a/etc/profile-m-z/udiskie.profile +++ b/etc/profile-m-z/udiskie.profile | |||
@@ -42,3 +42,5 @@ private-cache | |||
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg | 43 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg |
44 | private-tmp | 44 | private-tmp |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile index 3629f66f8..3d8f59df6 100644 --- a/etc/profile-m-z/uefitool.profile +++ b/etc/profile-m-z/uefitool.profile | |||
@@ -36,3 +36,5 @@ private-tmp | |||
36 | 36 | ||
37 | dbus-user none | 37 | dbus-user none |
38 | dbus-system none | 38 | dbus-system none |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile index 948f61801..d8840fad3 100644 --- a/etc/profile-m-z/uget-gtk.profile +++ b/etc/profile-m-z/uget-gtk.profile | |||
@@ -36,3 +36,5 @@ seccomp | |||
36 | private-bin uget-gtk | 36 | private-bin uget-gtk |
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index d18c9fe94..63d84688c 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
@@ -52,3 +52,4 @@ dbus-user none | |||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
54 | memory-deny-write-execute | 54 | memory-deny-write-execute |
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 70c54a6bd..6ec6ea609 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile | |||
@@ -56,3 +56,4 @@ dbus-user none | |||
56 | dbus-system none | 56 | dbus-system none |
57 | 57 | ||
58 | memory-deny-write-execute | 58 | memory-deny-write-execute |
59 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile index 755d087ea..3e2b28dec 100644 --- a/etc/profile-m-z/unknown-horizons.profile +++ b/etc/profile-m-z/unknown-horizons.profile | |||
@@ -41,3 +41,4 @@ private-tmp | |||
41 | 41 | ||
42 | # doesn't work - maybe all Tcl/Tk programs have this problem | 42 | # doesn't work - maybe all Tcl/Tk programs have this problem |
43 | # memory-deny-write-execute | 43 | # memory-deny-write-execute |
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index bb53917cf..f85e52273 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile | |||
@@ -46,3 +46,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so | |||
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | memory-deny-write-execute | 48 | memory-deny-write-execute |
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 7ac23bcb9..29d88832c 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile | |||
@@ -44,3 +44,5 @@ private-etc alternatives,ld.so.cache,ld.so.preload | |||
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
47 | |||
48 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index dcdae279f..dfda684e3 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile | |||
@@ -39,3 +39,5 @@ notv | |||
39 | protocol unix,inet,inet6 | 39 | protocol unix,inet,inet6 |
40 | seccomp | 40 | seccomp |
41 | tracelog | 41 | tracelog |
42 | |||
43 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index 6d7fa94e7..cdf615a02 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile | |||
@@ -50,3 +50,4 @@ dbus-user none | |||
50 | dbus-system none | 50 | dbus-system none |
51 | 51 | ||
52 | #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) | 52 | #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) |
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile index 65f1e2619..6ec74edd8 100644 --- a/etc/profile-m-z/viking.profile +++ b/etc/profile-m-z/viking.profile | |||
@@ -34,3 +34,4 @@ seccomp | |||
34 | private-dev | 34 | private-dev |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile index a6e05a32a..6847f1f5e 100644 --- a/etc/profile-m-z/vim.profile +++ b/etc/profile-m-z/vim.profile | |||
@@ -32,3 +32,5 @@ protocol unix,inet,inet6 | |||
32 | seccomp | 32 | seccomp |
33 | 33 | ||
34 | private-dev | 34 | private-dev |
35 | |||
36 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index b9b40e348..34e580085 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -53,3 +53,5 @@ dbus-user.talk org.freedesktop.ScreenSaver | |||
53 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | 53 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher |
54 | dbus-user.talk org.mpris.MediaPlayer2.Player | 54 | dbus-user.talk org.mpris.MediaPlayer2.Player |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index 1703c95e1..ba4136413 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile index dbfbcca8a..be1ef153b 100644 --- a/etc/profile-m-z/vym.profile +++ b/etc/profile-m-z/vym.profile | |||
@@ -33,3 +33,4 @@ disable-mnt | |||
33 | private-dev | 33 | private-dev |
34 | private-tmp | 34 | private-tmp |
35 | 35 | ||
36 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index f5744e52c..fab5315aa 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -68,3 +68,4 @@ dbus-user none | |||
68 | dbus-system none | 68 | dbus-system none |
69 | 69 | ||
70 | memory-deny-write-execute | 70 | memory-deny-write-execute |
71 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 6b32a1613..37a8f78bb 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index 0e3b88a02..c7f1d4c50 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile | |||
@@ -54,3 +54,5 @@ private-tmp | |||
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
56 | dbus-system none | 56 | dbus-system none |
57 | |||
58 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 3e2c9b929..50c776412 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile | |||
@@ -47,3 +47,5 @@ disable-mnt | |||
47 | private-bin bash,dash,sh,warzone2100,which | 47 | private-bin bash,dash,sh,warzone2100,which |
48 | private-dev | 48 | private-dev |
49 | private-tmp | 49 | private-tmp |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index ec6a0d7ab..6e5a63911 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile | |||
@@ -42,3 +42,5 @@ seccomp | |||
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-tmp | 44 | private-tmp |
45 | |||
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile index 057e75372..b42d4c380 100644 --- a/etc/profile-m-z/webui-aria2.profile +++ b/etc/profile-m-z/webui-aria2.profile | |||
@@ -36,3 +36,5 @@ private-tmp | |||
36 | 36 | ||
37 | dbus-user none | 37 | dbus-user none |
38 | dbus-system none | 38 | dbus-system none |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile index 07babd502..b190bf5ff 100644 --- a/etc/profile-m-z/weechat.profile +++ b/etc/profile-m-z/weechat.profile | |||
@@ -28,3 +28,5 @@ seccomp | |||
28 | # no private-bin support for various reasons: | 28 | # no private-bin support for various reasons: |
29 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, | 29 | # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, |
30 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins | 30 | # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins |
31 | |||
32 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile index 345b26a2c..b6f29cfbf 100644 --- a/etc/profile-m-z/wesnoth.profile +++ b/etc/profile-m-z/wesnoth.profile | |||
@@ -36,3 +36,5 @@ seccomp | |||
36 | 36 | ||
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | |||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 1258b6fce..5e1823593 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile | |||
@@ -61,3 +61,4 @@ dbus-user none | |||
61 | dbus-system none | 61 | dbus-system none |
62 | 62 | ||
63 | memory-deny-write-execute | 63 | memory-deny-write-execute |
64 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 4891af458..d8c72ac8b 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -54,3 +54,4 @@ dbus-user none | |||
54 | dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | memory-deny-write-execute | 56 | memory-deny-write-execute |
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile index 99a3fae8c..30a471fac 100644 --- a/etc/profile-m-z/widelands.profile +++ b/etc/profile-m-z/widelands.profile | |||
@@ -45,3 +45,5 @@ private-tmp | |||
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
48 | |||
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index f30fc971f..1e2b164b9 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile | |||
@@ -40,3 +40,5 @@ notv | |||
40 | seccomp | 40 | seccomp |
41 | 41 | ||
42 | private-dev | 42 | private-dev |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index 0a13c25aa..5823a2ad7 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -52,3 +52,5 @@ private-tmp | |||
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
54 | dbus-system none | 54 | dbus-system none |
55 | |||
56 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 8f9c44d7d..ccc2e8dd0 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -49,3 +49,5 @@ private-tmp | |||
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
51 | dbus-system none | 51 | dbus-system none |
52 | |||
53 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index 1287faa2c..7f85e1ede 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile | |||
@@ -46,3 +46,5 @@ private-tmp | |||
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
48 | dbus-system none | 48 | dbus-system none |
49 | |||
50 | #restrict-namespaces | ||
diff --git a/etc/profile-m-z/x-terminal-emulator.profile b/etc/profile-m-z/x-terminal-emulator.profile index 141d167a8..4b88e8118 100644 --- a/etc/profile-m-z/x-terminal-emulator.profile +++ b/etc/profile-m-z/x-terminal-emulator.profile | |||
@@ -21,3 +21,4 @@ dbus-user none | |||
21 | dbus-system none | 21 | dbus-system none |
22 | 22 | ||
23 | noexec /tmp | 23 | noexec /tmp |
24 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index b8bbba072..6dd374aac 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile | |||
@@ -48,3 +48,4 @@ dbus-user none | |||
48 | dbus-system none | 48 | dbus-system none |
49 | 49 | ||
50 | #memory-deny-write-execute | 50 | #memory-deny-write-execute |
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 72e6d04a0..1b44b63e0 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -51,3 +51,4 @@ dbus-system none | |||
51 | 51 | ||
52 | memory-deny-write-execute | 52 | memory-deny-write-execute |
53 | read-only ${HOME} | 53 | read-only ${HOME} |
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xcalc.profile b/etc/profile-m-z/xcalc.profile index fef5613ad..3d808ce1f 100644 --- a/etc/profile-m-z/xcalc.profile +++ b/etc/profile-m-z/xcalc.profile | |||
@@ -40,3 +40,5 @@ private-tmp | |||
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
42 | dbus-system none | 42 | dbus-system none |
43 | |||
44 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile index a94444aab..4061e26a4 100644 --- a/etc/profile-m-z/xchat.profile +++ b/etc/profile-m-z/xchat.profile | |||
@@ -21,3 +21,5 @@ protocol unix,inet,inet6 | |||
21 | seccomp | 21 | seccomp |
22 | 22 | ||
23 | # private-bin requires perl, python*, etc. | 23 | # private-bin requires perl, python*, etc. |
24 | |||
25 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile index f117e96ab..dda803bd5 100644 --- a/etc/profile-m-z/xed.profile +++ b/etc/profile-m-z/xed.profile | |||
@@ -51,3 +51,4 @@ private-tmp | |||
51 | 51 | ||
52 | # xed uses python plugins, memory-deny-write-execute breaks python | 52 | # xed uses python plugins, memory-deny-write-execute breaks python |
53 | # memory-deny-write-execute | 53 | # memory-deny-write-execute |
54 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile index 930d2755b..141fda909 100644 --- a/etc/profile-m-z/xfburn.profile +++ b/etc/profile-m-z/xfburn.profile | |||
@@ -28,3 +28,5 @@ tracelog | |||
28 | # private-bin xfburn | 28 | # private-bin xfburn |
29 | # private-dev | 29 | # private-dev |
30 | # private-tmp | 30 | # private-tmp |
31 | |||
32 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile index 7afe69814..633a9967c 100644 --- a/etc/profile-m-z/xfce4-dict.profile +++ b/etc/profile-m-z/xfce4-dict.profile | |||
@@ -37,3 +37,4 @@ private-cache | |||
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 006e1859b..95eb2046e 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile | |||
@@ -54,3 +54,4 @@ dbus-user.talk org.xfce.Xfconf | |||
54 | dbus-system none | 54 | dbus-system none |
55 | 55 | ||
56 | # memory-deny-write-execute - breaks on Arch | 56 | # memory-deny-write-execute - breaks on Arch |
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile index 4ab8f34f4..f7d890eef 100644 --- a/etc/profile-m-z/xfce4-notes.profile +++ b/etc/profile-m-z/xfce4-notes.profile | |||
@@ -39,3 +39,4 @@ private-cache | |||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index ca4d77d73..575acc9b2 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile | |||
@@ -48,3 +48,4 @@ dbus-user none | |||
48 | dbus-system none | 48 | dbus-system none |
49 | 49 | ||
50 | # memory-deny-write-execute -- see #3790 | 50 | # memory-deny-write-execute -- see #3790 |
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index c755632ca..371db722c 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile | |||
@@ -48,3 +48,5 @@ private-cache | |||
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf | 49 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf |
50 | private-tmp | 50 | private-tmp |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile index e255ad927..ef8fd1d7f 100644 --- a/etc/profile-m-z/xmms.profile +++ b/etc/profile-m-z/xmms.profile | |||
@@ -29,3 +29,5 @@ seccomp | |||
29 | 29 | ||
30 | private-bin xmms | 30 | private-bin xmms |
31 | private-dev | 31 | private-dev |
32 | |||
33 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index 64b6bcaeb..ad1ba8ca3 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile | |||
@@ -43,3 +43,4 @@ private-opt cuda | |||
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | memory-deny-write-execute | 45 | memory-deny-write-execute |
46 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 3c5ef1ac0..9128c330b 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -53,3 +53,4 @@ dbus-system none | |||
53 | 53 | ||
54 | read-only ${HOME} | 54 | read-only ${HOME} |
55 | read-write ${HOME}/.xonotic | 55 | read-write ${HOME}/.xonotic |
56 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index 71942edab..a17464a2a 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile | |||
@@ -48,3 +48,5 @@ private-tmp | |||
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
50 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile index 33803a741..fdfb3bf59 100644 --- a/etc/profile-m-z/xpdf.profile +++ b/etc/profile-m-z/xpdf.profile | |||
@@ -42,3 +42,4 @@ dbus-user none | |||
42 | dbus-system none | 42 | dbus-system none |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index 1087d7cd0..a673d6aa3 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile | |||
@@ -47,3 +47,5 @@ private-tmp | |||
47 | # makes settings immutable | 47 | # makes settings immutable |
48 | # dbus-user none | 48 | # dbus-user none |
49 | # dbus-system none | 49 | # dbus-system none |
50 | |||
51 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile index c10ea4a63..05c12b9a2 100644 --- a/etc/profile-m-z/xpra.profile +++ b/etc/profile-m-z/xpra.profile | |||
@@ -51,3 +51,5 @@ disable-mnt | |||
51 | private-dev | 51 | private-dev |
52 | # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,nsswitch.conf,resolv.conf,X11,xpra | 52 | # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,nsswitch.conf,resolv.conf,X11,xpra |
53 | private-tmp | 53 | private-tmp |
54 | |||
55 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index ec966fc5c..ff5dc619b 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile | |||
@@ -42,3 +42,4 @@ private-etc alternatives,fonts,ld.so.cache,ld.so.preload | |||
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile index e7fa7051e..6c31df4a9 100644 --- a/etc/profile-m-z/xviewer.profile +++ b/etc/profile-m-z/xviewer.profile | |||
@@ -46,3 +46,4 @@ private-tmp | |||
46 | # dbus-system none | 46 | # dbus-system none |
47 | 47 | ||
48 | memory-deny-write-execute | 48 | memory-deny-write-execute |
49 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index ae0ccced6..6ea7fdfbd 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -74,3 +74,5 @@ read-write ${HOME}/.cache | |||
74 | # your yelp.local if you need PDF printing support. | 74 | # your yelp.local if you need PDF printing support. |
75 | #noblacklist ${DOCUMENTS} | 75 | #noblacklist ${DOCUMENTS} |
76 | #whitelist ${DOCUMENTS} | 76 | #whitelist ${DOCUMENTS} |
77 | |||
78 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index 48e18060f..c846893ef 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile | |||
@@ -53,3 +53,5 @@ private-tmp | |||
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
55 | dbus-system none | 55 | dbus-system none |
56 | |||
57 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 19e176877..4f2cc9523 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile | |||
@@ -64,3 +64,4 @@ dbus-user none | |||
64 | dbus-system none | 64 | dbus-system none |
65 | 65 | ||
66 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 66 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
67 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 28c219377..f66e2938b 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -67,3 +67,5 @@ dbus-user filter | |||
67 | dbus-user.talk org.mozilla.* | 67 | dbus-user.talk org.mozilla.* |
68 | 68 | ||
69 | dbus-system none | 69 | dbus-system none |
70 | |||
71 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile index 0caca9792..96324ebda 100644 --- a/etc/profile-m-z/zaproxy.profile +++ b/etc/profile-m-z/zaproxy.profile | |||
@@ -44,3 +44,4 @@ disable-mnt | |||
44 | private-dev | 44 | private-dev |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile index cd94a3fbd..5816ea5e3 100644 --- a/etc/profile-m-z/zart.profile +++ b/etc/profile-m-z/zart.profile | |||
@@ -35,3 +35,5 @@ private-dev | |||
35 | 35 | ||
36 | dbus-user none | 36 | dbus-user none |
37 | dbus-system none | 37 | dbus-system none |
38 | |||
39 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index 12b090d35..1daf89c84 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile | |||
@@ -59,3 +59,4 @@ dbus-system none | |||
59 | read-only ${HOME} | 59 | read-only ${HOME} |
60 | read-write ${HOME}/.config/zathura | 60 | read-write ${HOME}/.config/zathura |
61 | read-write ${HOME}/.local/share/zathura | 61 | read-write ${HOME}/.local/share/zathura |
62 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 84f6d52dd..453f40e73 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile | |||
@@ -69,3 +69,4 @@ dbus-user.talk org.mozilla.* | |||
69 | dbus-system none | 69 | dbus-system none |
70 | 70 | ||
71 | # memory-deny-write-execute - breaks on Arch | 71 | # memory-deny-write-execute - breaks on Arch |
72 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile index 7350ed5a6..a9e5aa5c3 100644 --- a/etc/profile-m-z/zim.profile +++ b/etc/profile-m-z/zim.profile | |||
@@ -68,3 +68,5 @@ private-tmp | |||
68 | 68 | ||
69 | dbus-user none | 69 | dbus-user none |
70 | dbus-system none | 70 | dbus-system none |
71 | |||
72 | restrict-namespaces | ||
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index 5f7d83a7c..b69de3be1 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile | |||
@@ -45,3 +45,5 @@ private-cache | |||
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id | 46 | private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id |
47 | private-tmp | 47 | private-tmp |
48 | |||
49 | restrict-namespaces | ||