5 files changed, 15 insertions, 146 deletions
diff --git a/etc/profile-m-z/Thunar.profile b/etc/profile-m-z/Thunar.profile
index 761440ccc..28acb414b 100644
--- a/etc/profile-m-z/Thunar.profile
+++ b/etc/profile-m-z/Thunar.profile
@@ -6,28 +6,7 @@ include Thunar.local
 # Persistent global definitions
 include globals.local
-noblacklist ${HOME}/.local/share/Trash
+# Put 'ignore noroot' in your pcmanfm.local if you use MPV+Vulkan (see issue #3012)
-noblacklist ${HOME}/.config/Thunar
-noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
-include disable-common.inc
+# Redirect
-include disable-devel.inc
+include file-manager-common.profile
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-# include disable-programs.inc
-allusers
-caps.drop all
-netfilter
-no3d
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
diff --git a/etc/profile-m-z/nautilus.profile b/etc/profile-m-z/nautilus.profile
index e003488de..e54bea228 100644
--- a/etc/profile-m-z/nautilus.profile
+++ b/etc/profile-m-z/nautilus.profile
@@ -9,36 +9,7 @@ include globals.local
 # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a nautilus process running on gnome desktops firejail will have no effect.
-noblacklist ${HOME}/.config/nautilus
+# Put 'ignore noroot' in your nautilus.local if you use MPV+Vulkan (see issue #3012)
-noblacklist ${HOME}/.local/share/Trash
-noblacklist ${HOME}/.local/share/nautilus
-noblacklist ${HOME}/.local/share/nautilus-python
-# Allow python (blacklisted by disable-interpreters.inc)
+# Redirect
-include allow-python2.inc
+include file-manager-common.profile
-include allow-python3.inc
-include disable-common.inc
-include disable-devel.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-# include disable-programs.inc
-allusers
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
-# private-bin nautilus
-# private-dev
-# private-tmp
diff --git a/etc/profile-m-z/nemo.profile b/etc/profile-m-z/nemo.profile
index 6a62a3a0c..1b3333e8c 100644
--- a/etc/profile-m-z/nemo.profile
+++ b/etc/profile-m-z/nemo.profile
@@ -6,33 +6,7 @@ include nemo.local
 # Persistent global definitions
 include globals.local
-noblacklist ${HOME}/.config/nemo
+# Put 'ignore noroot' in your nemo.local if you use MPV+Vulkan (see issue #3012)
-noblacklist ${HOME}/.local/share/Trash
-noblacklist ${HOME}/.local/share/nemo
-noblacklist ${HOME}/.local/share/nemo-python
-# Allow python (blacklisted by disable-interpreters.inc)
-include allow-python2.inc
-include allow-python3.inc
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-allusers
-caps.drop all
-netfilter
-no3d
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
+# Redirect
+include file-manager-common.profile
diff --git a/etc/profile-m-z/pcmanfm.profile b/etc/profile-m-z/pcmanfm.profile
index 4e53f9d6e..5718ab164 100644
--- a/etc/profile-m-z/pcmanfm.profile
+++ b/etc/profile-m-z/pcmanfm.profile
@@ -6,30 +6,7 @@ include pcmanfm.local
 # Persistent global definitions
 include globals.local
-noblacklist ${HOME}/.local/share/Trash
+# Put 'ignore noroot' in your pcmanfm.local if you use MPV+Vulkan (see issue #3012)
-# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
-# noblacklist ${HOME}/.config/pcmanfm
-include disable-common.inc
+# Redirect
-include disable-devel.inc
+include file-manager-common.profile
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-# include disable-programs.inc
-allusers
-caps.drop all
-# net none - see issue #1467, computer:/// location broken
-no3d
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-# dbus-user none
-# dbus-system none
diff --git a/etc/profile-m-z/ranger.profile b/etc/profile-m-z/ranger.profile
index af033af1a..8b3fe97d8 100644
--- a/etc/profile-m-z/ranger.profile
+++ b/etc/profile-m-z/ranger.profile
@@ -6,39 +6,7 @@ include ranger.local
 # Persistent global definitions
 include globals.local
-noblacklist ${HOME}/.config/nano
+# Put 'ignore noroot' in your ranger.local if you use MPV+Vulkan (see issue #3012)
-noblacklist ${HOME}/.config/ranger
-noblacklist ${HOME}/.nanorc
-# Allow python (blacklisted by disable-interpreters.inc)
+# Redirect
-include allow-python2.inc
+include file-manager-common.profile
-include allow-python3.inc
-# Allow perl
-include allow-perl.inc
-include disable-common.inc
-include disable-devel.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-allusers
-caps.drop all
-net none
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-#x11 none
-private-dev
-dbus-user none
-dbus-system none

diff --git a/etc/profile-m-z/Thunar.profile b/etc/profile-m-z/Thunar.profile index 761440ccc..28acb414b 100644 --- a/etc/profile-m-z/Thunar.profile +++ b/etc/profile-m-z/Thunar.profile
@@ -6,28 +6,7 @@ include Thunar.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${HOME}/.local/share/Trash	9	# Put 'ignore noroot' in your pcmanfm.local if you use MPV+Vulkan (see issue #3012)
10	noblacklist ${HOME}/.config/Thunar
11	noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
12		10
13	include disable-common.inc	11	# Redirect
14	include disable-devel.inc	12	include file-manager-common.profile
15	include disable-interpreters.inc
16	include disable-passwdmgr.inc
17	# include disable-programs.inc
18
19	allusers
20	caps.drop all
21	netfilter
22	no3d
23	nodvd
24	nogroups
25	nonewprivs
26	noroot
27	nosound
28	notv
29	novideo
30	protocol unix
31	seccomp
32	shell none
33	tracelog


diff --git a/etc/profile-m-z/nautilus.profile b/etc/profile-m-z/nautilus.profile index e003488de..e54bea228 100644 --- a/etc/profile-m-z/nautilus.profile +++ b/etc/profile-m-z/nautilus.profile
@@ -9,36 +9,7 @@ include globals.local
9	# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there	9	# Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
10	# is already a nautilus process running on gnome desktops firejail will have no effect.	10	# is already a nautilus process running on gnome desktops firejail will have no effect.
11		11
12	noblacklist ${HOME}/.config/nautilus	12	# Put 'ignore noroot' in your nautilus.local if you use MPV+Vulkan (see issue #3012)
13	noblacklist ${HOME}/.local/share/Trash
14	noblacklist ${HOME}/.local/share/nautilus
15	noblacklist ${HOME}/.local/share/nautilus-python
16		13
17	# Allow python (blacklisted by disable-interpreters.inc)	14	# Redirect
18	include allow-python2.inc	15	include file-manager-common.profile
19	include allow-python3.inc
20
21	include disable-common.inc
22	include disable-devel.inc
23	include disable-interpreters.inc
24	include disable-passwdmgr.inc
25	# include disable-programs.inc
26
27	allusers
28	caps.drop all
29	netfilter
30	nodvd
31	nogroups
32	nonewprivs
33	noroot
34	notv
35	novideo
36	protocol unix
37	seccomp
38	shell none
39	tracelog
40
41	# nautilus needs to be able to start arbitrary applications so we cannot blacklist their files
42	# private-bin nautilus
43	# private-dev
44	# private-tmp


diff --git a/etc/profile-m-z/nemo.profile b/etc/profile-m-z/nemo.profile index 6a62a3a0c..1b3333e8c 100644 --- a/etc/profile-m-z/nemo.profile +++ b/etc/profile-m-z/nemo.profile
@@ -6,33 +6,7 @@ include nemo.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${HOME}/.config/nemo	9	# Put 'ignore noroot' in your nemo.local if you use MPV+Vulkan (see issue #3012)
10	noblacklist ${HOME}/.local/share/Trash
11	noblacklist ${HOME}/.local/share/nemo
12	noblacklist ${HOME}/.local/share/nemo-python
13
14	# Allow python (blacklisted by disable-interpreters.inc)
15	include allow-python2.inc
16	include allow-python3.inc
17
18	include disable-common.inc
19	include disable-devel.inc
20	include disable-exec.inc
21	include disable-interpreters.inc
22	include disable-passwdmgr.inc
23
24	allusers
25	caps.drop all
26	netfilter
27	no3d
28	nodvd
29	nogroups
30	nonewprivs
31	noroot
32	nosound
33	notv
34	novideo
35	protocol unix,inet,inet6
36	seccomp
37	shell none
38		10
		11	# Redirect
		12	include file-manager-common.profile


diff --git a/etc/profile-m-z/pcmanfm.profile b/etc/profile-m-z/pcmanfm.profile index 4e53f9d6e..5718ab164 100644 --- a/etc/profile-m-z/pcmanfm.profile +++ b/etc/profile-m-z/pcmanfm.profile
@@ -6,30 +6,7 @@ include pcmanfm.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${HOME}/.local/share/Trash	9	# Put 'ignore noroot' in your pcmanfm.local if you use MPV+Vulkan (see issue #3012)
10	# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
11	# noblacklist ${HOME}/.config/pcmanfm
12		10
13	include disable-common.inc	11	# Redirect
14	include disable-devel.inc	12	include file-manager-common.profile
15	include disable-interpreters.inc
16	include disable-passwdmgr.inc
17	# include disable-programs.inc
18
19	allusers
20	caps.drop all
21	# net none - see issue #1467, computer:/// location broken
22	no3d
23	nodvd
24	nonewprivs
25	noroot
26	nosound
27	notv
28	novideo
29	protocol unix
30	seccomp
31	shell none
32	tracelog
33
34	# dbus-user none
35	# dbus-system none


diff --git a/etc/profile-m-z/ranger.profile b/etc/profile-m-z/ranger.profile index af033af1a..8b3fe97d8 100644 --- a/etc/profile-m-z/ranger.profile +++ b/etc/profile-m-z/ranger.profile
@@ -6,39 +6,7 @@ include ranger.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${HOME}/.config/nano	9	# Put 'ignore noroot' in your ranger.local if you use MPV+Vulkan (see issue #3012)
10	noblacklist ${HOME}/.config/ranger
11	noblacklist ${HOME}/.nanorc
12		10
13	# Allow python (blacklisted by disable-interpreters.inc)	11	# Redirect
14	include allow-python2.inc	12	include file-manager-common.profile
15	include allow-python3.inc
16
17	# Allow perl
18	include allow-perl.inc
19
20	include disable-common.inc
21	include disable-devel.inc
22	include disable-interpreters.inc
23	include disable-passwdmgr.inc
24	include disable-programs.inc
25
26	allusers
27	caps.drop all
28	net none
29	nodvd
30	nogroups
31	nonewprivs
32	noroot
33	nosound
34	notv
35	nou2f
36	novideo
37	protocol unix
38	seccomp
39	#x11 none
40
41	private-dev
42
43	dbus-user none
44	dbus-system none