diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/exiftool.profile | 2 | ||||
-rw-r--r-- | etc/firefox-common.profile | 2 | ||||
-rw-r--r-- | etc/libreoffice.profile | 3 | ||||
-rw-r--r-- | etc/ocenaudio.profile | 4 | ||||
-rw-r--r-- | etc/sysprof.profile | 2 |
5 files changed, 4 insertions, 9 deletions
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 2ee4aae6f..f694ea212 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -41,7 +41,7 @@ shell none | |||
41 | tracelog | 41 | tracelog |
42 | 42 | ||
43 | # To support exiftool in private-bin on Arch Linux (and derivatives), symlink /usr/bin/vendor_perl/exiftool to /usr/bin/exiftool and uncomment the below. | 43 | # To support exiftool in private-bin on Arch Linux (and derivatives), symlink /usr/bin/vendor_perl/exiftool to /usr/bin/exiftool and uncomment the below. |
44 | # Users on non-Arch Linux distributions can safely uncomment the below to enable extra hardening. | 44 | # Users on non-Arch Linux distributions can safely uncomment (or put in exiftool.local) the line below to enable extra hardening. |
45 | #private-bin exiftool,perl | 45 | #private-bin exiftool,perl |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 080d9e81a..bccbb3412 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -9,7 +9,7 @@ include firefox-common.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | # Uncomment the following line to allow access to common programs/addons/plugins. | 12 | # Uncomment the following line (or put it in your firefox-common.local) to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.inc | 13 | #include firefox-common-addons.inc |
14 | 14 | ||
15 | noblacklist ${HOME}/.pki | 15 | noblacklist ${HOME}/.pki |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 6e77cd741..5bb943323 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -29,9 +29,7 @@ include whitelist-var-common.inc | |||
29 | # comment the next line to use the ubuntu profile instead of firejail's apparmor profile | 29 | # comment the next line to use the ubuntu profile instead of firejail's apparmor profile |
30 | apparmor | 30 | apparmor |
31 | caps.drop all | 31 | caps.drop all |
32 | #machine-id | ||
33 | netfilter | 32 | netfilter |
34 | #nodbus | ||
35 | nodvd | 33 | nodvd |
36 | nogroups | 34 | nogroups |
37 | # comment nonewprivs when using the ubuntu 18.04/debian 10 apparmor profile | 35 | # comment nonewprivs when using the ubuntu 18.04/debian 10 apparmor profile |
@@ -50,5 +48,4 @@ tracelog | |||
50 | private-dev | 48 | private-dev |
51 | private-tmp | 49 | private-tmp |
52 | 50 | ||
53 | |||
54 | join-or-start libreoffice | 51 | join-or-start libreoffice |
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index ceeb59384..b2249f63b 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile | |||
@@ -24,7 +24,7 @@ ipc-namespace | |||
24 | # net none breaks AppArmor on Ubuntu systems | 24 | # net none breaks AppArmor on Ubuntu systems |
25 | netfilter | 25 | netfilter |
26 | no3d | 26 | no3d |
27 | # nodbus - breaks preferences, comment when needed | 27 | # nodbus - breaks preferences, comment (or put 'ignore nodbus' in your oceanaudio.local) when needed |
28 | nodbus | 28 | nodbus |
29 | nodvd | 29 | nodvd |
30 | nogroups | 30 | nogroups |
@@ -39,12 +39,10 @@ shell none | |||
39 | tracelog | 39 | tracelog |
40 | 40 | ||
41 | # disable-mnt | 41 | # disable-mnt |
42 | # private | ||
43 | private-bin ocenaudio | 42 | private-bin ocenaudio |
44 | private-cache | 43 | private-cache |
45 | private-dev | 44 | private-dev |
46 | private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse | 45 | private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse |
47 | # private-lib | ||
48 | private-tmp | 46 | private-tmp |
49 | 47 | ||
50 | # memory-deny-write-execute - breaks on Arch | 48 | # memory-deny-write-execute - breaks on Arch |
diff --git a/etc/sysprof.profile b/etc/sysprof.profile index 3cfea5c5e..e978e03f2 100644 --- a/etc/sysprof.profile +++ b/etc/sysprof.profile | |||
@@ -24,7 +24,7 @@ no3d | |||
24 | nodvd | 24 | nodvd |
25 | nogroups | 25 | nogroups |
26 | nonewprivs | 26 | nonewprivs |
27 | # Ubuntu 16.04 version needs root privileges - uncomment if you don't use that | 27 | # Ubuntu 16.04 version needs root privileges - uncomment or put in sysprof.local if you don't use that |
28 | #noroot | 28 | #noroot |
29 | nosound | 29 | nosound |
30 | notv | 30 | notv |