diff options
Diffstat (limited to 'etc')
160 files changed, 319 insertions, 155 deletions
diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index d988fd41a..69dfbecfe 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer | 47 | private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | # private-etc none | 50 | # private-etc alternatives |
51 | # private-lib | 51 | # private-lib |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile index 1135b850b..f63a8b9ef 100644 --- a/etc/QOwnNotes.profile +++ b/etc/QOwnNotes.profile | |||
@@ -49,7 +49,7 @@ tracelog | |||
49 | disable-mnt | 49 | disable-mnt |
50 | private-bin QOwnNotes,gio | 50 | private-bin QOwnNotes,gio |
51 | private-dev | 51 | private-dev |
52 | private-etc fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies | 52 | private-etc alternatives,fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | noexec ${HOME} | 55 | noexec ${HOME} |
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index a95c8989a..d9b7f8c26 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -39,5 +39,5 @@ private | |||
39 | # private-bin Xephyr,sh,xkbcomp | 39 | # private-bin Xephyr,sh,xkbcomp |
40 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls | 40 | # private-bin Xephyr,sh,xkbcomp,strace,bash,cat,ls |
41 | private-dev | 41 | private-dev |
42 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 42 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 967946a6c..ed07485d6 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -41,5 +41,5 @@ private | |||
41 | # private-bin Xvfb,sh,xkbcomp | 41 | # private-bin Xvfb,sh,xkbcomp |
42 | # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls | 42 | # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls |
43 | private-dev | 43 | private-dev |
44 | private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname | 44 | private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/amarok.profile b/etc/amarok.profile index 6f2e6b3cc..6cec3befc 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -31,5 +31,5 @@ shell none | |||
31 | 31 | ||
32 | # private-bin amarok | 32 | # private-bin amarok |
33 | private-dev | 33 | private-dev |
34 | # private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 34 | # private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/ardour5.profile b/etc/ardour5.profile index 3c207b5b3..377ce0a2c 100644 --- a/etc/ardour5.profile +++ b/etc/ardour5.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm | 36 | #private-bin sh,ardour4,ardour5,ardour5-copy-mixer,ardour5-export,ardour5-fix_bbtppq,grep,sed,ldd,nm |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | #private-etc pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf | 39 | #private-etc alternatives,pulse,X11,alternatives,ardour4,ardour5,fonts,machine-id,asound.conf |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 3015349b7..56ed081e6 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin aria2c,gzip | 37 | private-bin aria2c,gzip |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc ca-certificates,ssl | 40 | private-etc alternatives,ca-certificates,ssl |
41 | private-lib libreadline.so.* | 41 | private-lib libreadline.so.* |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/ark.profile b/etc/ark.profile index 37211682c..b60674f95 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -34,7 +34,7 @@ seccomp | |||
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh | 36 | private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh |
37 | #private-etc smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg | 37 | #private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg |
38 | 38 | ||
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/arm.profile b/etc/arm.profile index 288dd972a..217b61d09 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig | 45 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig |
46 | private-dev | 46 | private-dev |
47 | private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies | 47 | private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/artha.profile b/etc/artha.profile index 7b0c6735b..431fc3ed1 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin artha,enchant,notify-send | 37 | private-bin artha,enchant,notify-send |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts | 40 | private-etc alternatives,fonts |
41 | private-lib libnotify.so.* | 41 | private-lib libnotify.so.* |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/atool.profile b/etc/atool.profile index d5daeabbe..c82108cef 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -43,5 +43,5 @@ private-cache | |||
43 | # private-bin atool | 43 | # private-bin atool |
44 | private-dev | 44 | private-dev |
45 | # without login.defs atool complains and uses UID/GID 1000 by default | 45 | # without login.defs atool complains and uses UID/GID 1000 by default |
46 | private-etc passwd,group,login.defs | 46 | private-etc alternatives,passwd,group,login.defs |
47 | private-tmp | 47 | private-tmp |
diff --git a/etc/atril.profile b/etc/atril.profile index 92fae21d4..aca945ba3 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | 41 | ||
42 | private-bin atril, atril-previewer, atril-thumbnailer | 42 | private-bin atril, atril-previewer, atril-thumbnailer |
43 | private-dev | 43 | private-dev |
44 | private-etc fonts,ld.so.cache | 44 | private-etc alternatives,fonts,ld.so.cache |
45 | # atril uses webkit gtk to display epub files | 45 | # atril uses webkit gtk to display epub files |
46 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 | 46 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 |
47 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit | 47 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit |
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 9656bb3d7..fc86001be 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
@@ -40,7 +40,7 @@ disable-mnt | |||
40 | # private-bin authenticator | 40 | # private-bin authenticator |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc fonts,ld.so.cache | 43 | private-etc alternatives,fonts,ld.so.cache |
44 | # private-lib | 44 | # private-lib |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index 07cb889e4..6e40054f7 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -44,5 +44,5 @@ shell none | |||
44 | 44 | ||
45 | # private-bin bibletime,qt5ct | 45 | # private-bin bibletime,qt5ct |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies | 47 | private-etc alternatives,fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 46ce0775b..def292118 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin bitcoin-qt | 42 | private-bin bitcoin-qt |
43 | private-dev | 43 | private-dev |
44 | # Causes problem with loading of libGL.so | 44 | # Causes problem with loading of libGL.so |
45 | #private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 45 | #private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
46 | # Works, but QT complains about OpenSSL a bit. | 46 | # Works, but QT complains about OpenSSL a bit. |
47 | #private-lib | 47 | #private-lib |
48 | private-tmp | 48 | private-tmp |
diff --git a/etc/bless.profile b/etc/bless.profile index cc03107a5..8315f4563 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | # private-bin bless,sh,bash,mono | 35 | # private-bin bless,sh,bash,mono |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc fonts,mono | 38 | private-etc alternatives,fonts,mono |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 8ab9472ac..5021db254 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -30,7 +30,7 @@ tracelog | |||
30 | # private-bin brasero | 30 | # private-bin brasero |
31 | private-cache | 31 | private-cache |
32 | # private-dev | 32 | # private-dev |
33 | # private-etc fonts | 33 | # private-etc alternatives,fonts |
34 | # private-tmp | 34 | # private-tmp |
35 | 35 | ||
36 | memory-deny-write-execute | 36 | memory-deny-write-execute |
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index f6864386e..9e45b1fd6 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
@@ -37,4 +37,4 @@ tracelog | |||
37 | # support compressed archives | 37 | # support compressed archives |
38 | private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive | 38 | private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive |
39 | private-dev | 39 | private-dev |
40 | private-etc passwd,group,localtime | 40 | private-etc alternatives,passwd,group,localtime |
diff --git a/etc/caja.profile b/etc/caja.profile index f938792cd..49516de8c 100644 --- a/etc/caja.profile +++ b/etc/caja.profile | |||
@@ -41,5 +41,5 @@ tracelog | |||
41 | # caja needs to be able to start arbitrary applications so we cannot blacklist their files | 41 | # caja needs to be able to start arbitrary applications so we cannot blacklist their files |
42 | # private-bin caja | 42 | # private-bin caja |
43 | # private-dev | 43 | # private-dev |
44 | # private-etc fonts | 44 | # private-etc alternatives,fonts |
45 | # private-tmp | 45 | # private-tmp |
diff --git a/etc/clawsker.profile b/etc/clawsker.profile index e863a6a45..d50882c75 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | private-bin clawsker,perl | 44 | private-bin clawsker,perl |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts | 47 | private-etc alternatives,fonts |
48 | private-lib girepository-1.*,libgirepository-1.*,perl* | 48 | private-lib girepository-1.*,libgirepository-1.*,perl* |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/cmus.profile b/etc/cmus.profile index ee6600b76..e602c4e2a 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -27,4 +27,4 @@ seccomp | |||
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin cmus | 29 | private-bin cmus |
30 | private-etc group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 30 | private-etc alternatives,group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/crow.profile b/etc/crow.profile new file mode 100644 index 000000000..93f71cef8 --- /dev/null +++ b/etc/crow.profile | |||
@@ -0,0 +1,46 @@ | |||
1 | # Firejail profile for crow | ||
2 | # Description: A translator that allows to translate and say selected text using Google, Yandex and Bing translate API | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include crow.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | mkdir ${HOME}/.config/crow | ||
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | ||
11 | whitelist ${HOME}/.config/crow | ||
12 | whitelist ${HOME}/.cache/gstreamer-1.0 | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | include whitelist-common.inc | ||
22 | |||
23 | caps.drop all | ||
24 | netfilter | ||
25 | no3d | ||
26 | nodvd | ||
27 | nogroups | ||
28 | nonewprivs | ||
29 | noroot | ||
30 | notv | ||
31 | nou2f | ||
32 | novideo | ||
33 | protocol unix,inet,inet6,netlink | ||
34 | seccomp | ||
35 | shell none | ||
36 | |||
37 | disable-mnt | ||
38 | private-bin crow | ||
39 | private-dev | ||
40 | private-etc alternatives,ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies | ||
41 | private-opt none | ||
42 | private-tmp | ||
43 | private-srv none | ||
44 | |||
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/curl.profile b/etc/curl.profile index d20e00740..1783f1337 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -33,7 +33,7 @@ shell none | |||
33 | # private-bin curl | 33 | # private-bin curl |
34 | private-cache | 34 | private-cache |
35 | private-dev | 35 | private-dev |
36 | # private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies | 36 | # private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/default.profile b/etc/default.profile index 14ea0ae17..917e42287 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -37,7 +37,7 @@ seccomp | |||
37 | # private-bin program | 37 | # private-bin program |
38 | # private-cache | 38 | # private-cache |
39 | # private-dev | 39 | # private-dev |
40 | # private-etc none | 40 | # private-etc alternatives |
41 | # private-lib | 41 | # private-lib |
42 | # private-tmp | 42 | # private-tmp |
43 | 43 | ||
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index b3558a038..a809bee0c 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin devilspie | 37 | private-bin devilspie |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc none | 40 | private-etc alternatives |
41 | private-lib gconv | 41 | private-lib gconv |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 4ab2634e8..d8c10413b 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private-bin devilspie2 | 37 | private-bin devilspie2 |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc none | 40 | private-etc alternatives |
41 | private-lib gconv | 41 | private-lib gconv |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/dig.profile b/etc/dig.profile index 8a0ba8f09..f5b26c195 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -40,7 +40,7 @@ private | |||
40 | private-bin sh,bash,dig | 40 | private-bin sh,bash,dig |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | # private-etc resolv.conf | 43 | # private-etc alternatives,resolv.conf |
44 | private-lib | 44 | private-lib |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/digikam.profile b/etc/digikam.profile index ccc0a6544..cc0e98ba3 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | # private-bin program | 38 | # private-bin program |
39 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 39 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |
40 | # private-etc ca-certificates,ssl,pki,crypto-policies | 40 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
diff --git a/etc/dino.profile b/etc/dino.profile index 9844ce81a..76f63fdc8 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin dino | 37 | private-bin dino |
38 | private-dev | 38 | private-dev |
39 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection | 39 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index f98f247d5..80ea918df 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -305,6 +305,7 @@ blacklist ${HOME}/.msmtprc | |||
305 | blacklist ${HOME}/.mutt | 305 | blacklist ${HOME}/.mutt |
306 | blacklist ${HOME}/.muttrc | 306 | blacklist ${HOME}/.muttrc |
307 | blacklist ${HOME}/.netrc | 307 | blacklist ${HOME}/.netrc |
308 | blacklist ${HOME}/.nyx | ||
308 | blacklist ${HOME}/.pki | 309 | blacklist ${HOME}/.pki |
309 | blacklist ${HOME}/.local/share/pki | 310 | blacklist ${HOME}/.local/share/pki |
310 | blacklist ${HOME}/.smbcredentials | 311 | blacklist ${HOME}/.smbcredentials |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 32c3ddb07..39aab61c1 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -201,6 +201,7 @@ blacklist ${HOME}/.config/mono | |||
201 | blacklist ${HOME}/.config/mpd | 201 | blacklist ${HOME}/.config/mpd |
202 | blacklist ${HOME}/.config/mpv | 202 | blacklist ${HOME}/.config/mpv |
203 | blacklist ${HOME}/.config/mupen64plus | 203 | blacklist ${HOME}/.config/mupen64plus |
204 | blacklist ${HOME}/.config/mypaint | ||
204 | blacklist ${HOME}/.config/nautilus | 205 | blacklist ${HOME}/.config/nautilus |
205 | blacklist ${HOME}/.config/nemo | 206 | blacklist ${HOME}/.config/nemo |
206 | blacklist ${HOME}/.config/netsurf | 207 | blacklist ${HOME}/.config/netsurf |
@@ -450,6 +451,7 @@ blacklist ${HOME}/.local/share/midori | |||
450 | blacklist ${HOME}/.local/share/multimc | 451 | blacklist ${HOME}/.local/share/multimc |
451 | blacklist ${HOME}/.local/share/multimc5 | 452 | blacklist ${HOME}/.local/share/multimc5 |
452 | blacklist ${HOME}/.local/share/mupen64plus | 453 | blacklist ${HOME}/.local/share/mupen64plus |
454 | blacklist ${HOME}/.local/share/mypaint | ||
453 | blacklist ${HOME}/.local/share/nautilus | 455 | blacklist ${HOME}/.local/share/nautilus |
454 | blacklist ${HOME}/.local/share/nautilus-python | 456 | blacklist ${HOME}/.local/share/nautilus-python |
455 | blacklist ${HOME}/.local/share/nemo | 457 | blacklist ${HOME}/.local/share/nemo |
@@ -612,6 +614,7 @@ blacklist ${HOME}/.cache/moonchild productions/basilisk | |||
612 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 614 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
613 | blacklist ${HOME}/.cache/mozilla | 615 | blacklist ${HOME}/.cache/mozilla |
614 | blacklist ${HOME}/.cache/mutt | 616 | blacklist ${HOME}/.cache/mutt |
617 | blacklist ${HOME}/.cache/mypaint | ||
615 | blacklist ${HOME}/.cache/nheko/nheko | 618 | blacklist ${HOME}/.cache/nheko/nheko |
616 | blacklist ${HOME}/.cache/netsurf | 619 | blacklist ${HOME}/.cache/netsurf |
617 | blacklist ${HOME}/.cache/okular | 620 | blacklist ${HOME}/.cache/okular |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index 9c6a40e8a..c520454e8 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -27,7 +27,7 @@ seccomp | |||
27 | 27 | ||
28 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh | 28 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh |
29 | private-dev | 29 | private-dev |
30 | private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf | 30 | private-etc alternatives,fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf |
31 | private-tmp | 31 | private-tmp |
32 | 32 | ||
33 | noexec ${HOME} | 33 | noexec ${HOME} |
diff --git a/etc/display.profile b/etc/display.profile index 3182aebbe..ff19365ad 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -39,5 +39,6 @@ shell none | |||
39 | 39 | ||
40 | private-bin display,python* | 40 | private-bin display,python* |
41 | private-dev | 41 | private-dev |
42 | # private-etc none - on Debian-based systems display is a symlink in /etc/alternatives | 42 | # On Debian-based systems, display is a symlink in /etc/alternatives |
43 | private-etc alternatives | ||
43 | private-tmp | 44 | private-tmp |
diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 31cc48e9f..44156f97e 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile | |||
@@ -36,7 +36,7 @@ disable-mnt | |||
36 | private-bin easystroke,bash,sh | 36 | private-bin easystroke,bash,sh |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc fonts | 39 | private-etc alternatives,fonts |
40 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 40 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/electrum.profile b/etc/electrum.profile index d24a31299..a290683de 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin electrum,python* | 47 | private-bin electrum,python* |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id | 50 | private-etc alternatives,fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | noexec ${HOME} | 53 | noexec ${HOME} |
diff --git a/etc/elinks.profile b/etc/elinks.profile index 6643c5fda..842a0db04 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | # private-bin elinks | 36 | # private-bin elinks |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | # private-etc ca-certificates,ssl,pki,crypto-policies | 39 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/enchant.profile b/etc/enchant.profile index e29e542ab..1d3d33d68 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | # private-bin enchant, enchant-* | 35 | # private-bin enchant, enchant-* |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc none | 38 | private-etc alternatives |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | # memory-deny-write-execute | 41 | # memory-deny-write-execute |
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index b9f2632c4..670808de2 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin engrampa | 35 | # private-bin engrampa |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts | 37 | # private-etc alternatives,fonts |
38 | # private-tmp | 38 | # private-tmp |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
diff --git a/etc/eog.profile b/etc/eog.profile index 75d343d4e..d448b7c6c 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -39,7 +39,7 @@ shell none | |||
39 | private-bin eog | 39 | private-bin eog |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc fonts | 42 | private-etc alternatives,fonts |
43 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 43 | private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/eom.profile b/etc/eom.profile index 7d84cd3b4..c34331da6 100644 --- a/etc/eom.profile +++ b/etc/eom.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | 39 | ||
40 | private-bin eom | 40 | private-bin eom |
41 | private-dev | 41 | private-dev |
42 | private-etc fonts | 42 | private-etc alternatives,fonts |
43 | private-lib | 43 | private-lib |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/etr.profile b/etc/etr.profile index 6c3db897b..cf13a42de 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -31,5 +31,5 @@ shell none | |||
31 | 31 | ||
32 | # private-bin etr | 32 | # private-bin etr |
33 | private-dev | 33 | private-dev |
34 | # private-etc none | 34 | # private-etc alternatives |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/evince.profile b/etc/evince.profile index b9ff3c121..e9b530ece 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | 39 | ||
40 | private-bin evince,evince-previewer,evince-thumbnailer | 40 | private-bin evince,evince-previewer,evince-thumbnailer |
41 | private-dev | 41 | private-dev |
42 | private-etc fonts,machine-id | 42 | private-etc alternatives,fonts,machine-id |
43 | 43 | ||
44 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv | 44 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv |
45 | 45 | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 3eac35bac..37e01f8d3 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -39,5 +39,5 @@ tracelog | |||
39 | # private-bin exiftool,perl | 39 | # private-bin exiftool,perl |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc none | 42 | private-etc alternatives |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/feh-network.inc b/etc/feh-network.inc new file mode 100644 index 000000000..b74486f4f --- /dev/null +++ b/etc/feh-network.inc | |||
@@ -0,0 +1,2 @@ | |||
1 | ignore net none | ||
2 | private-etc resolv.conf,ca-certificates,ssl | ||
diff --git a/etc/feh.profile b/etc/feh.profile index ddf0fa154..f020bace5 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -12,6 +12,11 @@ include disable-interpreters.inc | |||
12 | include disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 13 | include disable-programs.inc |
14 | 14 | ||
15 | # This profile disables network access | ||
16 | # In order to enable network access, | ||
17 | # uncomment the following or put it in your feh.local: | ||
18 | # include feh-network.inc | ||
19 | |||
15 | caps.drop all | 20 | caps.drop all |
16 | net none | 21 | net none |
17 | no3d | 22 | no3d |
@@ -31,5 +36,5 @@ shell none | |||
31 | private-bin feh,jpegexiforient,jpegtran | 36 | private-bin feh,jpegexiforient,jpegtran |
32 | private-cache | 37 | private-cache |
33 | private-dev | 38 | private-dev |
34 | private-etc feh | 39 | private-etc alternatives,feh |
35 | private-tmp | 40 | private-tmp |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index d79b4de4b..e4863bfc0 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin file-roller | 35 | # private-bin file-roller |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts | 37 | # private-etc alternatives,fonts |
38 | # private-tmp | 38 | # private-tmp |
39 | 39 | ||
40 | #memory-deny-write-execute - breaks on Arch | 40 | #memory-deny-write-execute - breaks on Arch |
diff --git a/etc/file.profile b/etc/file.profile index f2f9f25f9..0769f8887 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -34,7 +34,7 @@ x11 none | |||
34 | #private-bin file | 34 | #private-bin file |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc magic.mgc,magic,localtime | 37 | private-etc alternatives,magic.mgc,magic,localtime |
38 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* | 38 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 7c65be7cb..69920aa5f 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -51,7 +51,7 @@ shell none | |||
51 | disable-mnt | 51 | disable-mnt |
52 | private-dev | 52 | private-dev |
53 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 53 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
54 | #private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache | 54 | #private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | # breaks DRM binaries | 57 | # breaks DRM binaries |
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index d665d1851..1c5f90f42 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin flameshot | 36 | private-bin flameshot |
37 | private-cache | 37 | private-cache |
38 | private-etc fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 3697252e7..ed3b4490f 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -35,5 +35,5 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | # private-bin frozen-bubble | 36 | # private-bin frozen-bubble |
37 | private-dev | 37 | private-dev |
38 | # private-etc none | 38 | # private-etc alternatives |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/gajim.profile b/etc/gajim.profile index a957b07b0..efe85f3aa 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager | 48 | private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager |
49 | private-dev | 49 | private-dev |
50 | private-etc alsa,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl | 50 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | noexec ${HOME} | 53 | noexec ${HOME} |
diff --git a/etc/galculator.profile b/etc/galculator.profile index 323c880a8..509d9bd05 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -38,6 +38,6 @@ tracelog | |||
38 | 38 | ||
39 | private-bin galculator | 39 | private-bin galculator |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts | 41 | private-etc alternatives,fonts |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index 5aa73b38f..d9df8fd37 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
@@ -32,7 +32,7 @@ tracelog | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-dev | 34 | private-dev |
35 | private-etc ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache | 35 | private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | noexec /tmp | 38 | noexec /tmp |
diff --git a/etc/gedit.profile b/etc/gedit.profile index af0a3da56..a583c534f 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | # private-bin gedit | 41 | # private-bin gedit |
42 | private-dev | 42 | private-dev |
43 | # private-etc fonts | 43 | # private-etc alternatives,fonts |
44 | private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell | 44 | private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/geeqie.profile b/etc/geeqie.profile index a7d82b5fb..adfc3ef1c 100644 --- a/etc/geeqie.profile +++ b/etc/geeqie.profile | |||
@@ -31,4 +31,4 @@ shell none | |||
31 | 31 | ||
32 | # private-bin geeqie | 32 | # private-bin geeqie |
33 | private-dev | 33 | private-dev |
34 | # private-etc X11 | 34 | # private-etc alternatives,X11 |
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index bdca281ed..11686e0e9 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | #private-bin ghostwriter,pandoc | 52 | #private-bin ghostwriter,pandoc |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id | 55 | private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id |
56 | # Breaks Translation | 56 | # Breaks Translation |
57 | #private-lib | 57 | #private-lib |
58 | private-tmp | 58 | private-tmp |
diff --git a/etc/github-desktop.profile b/etc/github-desktop.profile index 9ac212fe8..934ac7c40 100644 --- a/etc/github-desktop.profile +++ b/etc/github-desktop.profile | |||
@@ -39,7 +39,7 @@ disable-mnt | |||
39 | private-cache | 39 | private-cache |
40 | ?HAS_APPIMAGE: ignore private-dev | 40 | ?HAS_APPIMAGE: ignore private-dev |
41 | private-dev | 41 | private-dev |
42 | # private-etc none | 42 | # private-etc alternatives |
43 | # private-lib | 43 | # private-lib |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index d8439fa79..d84f01f20 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin bash,env,gitter | 37 | private-bin bash,env,gitter |
38 | private-etc fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | private-opt Gitter | 39 | private-opt Gitter |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 9c7aa5700..f119e5b34 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather | 35 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index c748cf7e3..b880980bc 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | # private-bin gjs gnome-books | 38 | # private-bin gjs gnome-books |
39 | private-dev | 39 | private-dev |
40 | # private-etc fonts | 40 | # private-etc alternatives,fonts |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index fbd8c22c0..42aa3ea2c 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin fairymax,gnome-chess,hoichess | 36 | private-bin fairymax,gnome-chess,hoichess |
37 | private-dev | 37 | private-dev |
38 | private-etc fonts,gnome-chess | 38 | private-etc alternatives,fonts,gnome-chess |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 54356a1b7..83ece0fce 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | disable-mnt | 34 | disable-mnt |
35 | # private-bin gnome-clocks | 35 | # private-bin gnome-clocks |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index f89684219..c429c7697 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin gnome-logs | 38 | private-bin gnome-logs |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts,localtime,machine-id | 40 | private-etc alternatives,fonts,localtime,machine-id |
41 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 41 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
42 | private-tmp | 42 | private-tmp |
43 | writable-var-log | 43 | writable-var-log |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 2d2f5aa6d..b963c17dd 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | disable-mnt | 38 | disable-mnt |
39 | # private-bin gjs gnome-maps | 39 | # private-bin gjs gnome-maps |
40 | private-dev | 40 | private-dev |
41 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 41 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 54e055358..c4dedcf1c 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | private-bin gnome-music,python*,env,gio-launch-desktop,yelp | 41 | private-bin gnome-music,python*,env,gio-launch-desktop,yelp |
42 | private-dev | 42 | private-dev |
43 | private-etc fonts,machine-id,pulse,asound.conf | 43 | private-etc alternatives,fonts,machine-id,pulse,asound.conf |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | noexec ${HOME} | 46 | noexec ${HOME} |
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 2e3356607..c48ca50a5 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | # private-bin gjs gnome-photos | 35 | # private-bin gjs gnome-photos |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts | 37 | # private-etc alternatives,fonts |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/gnome-pie.profile b/etc/gnome-pie.profile index cef741eb3..01c65a5a4 100644 --- a/etc/gnome-pie.profile +++ b/etc/gnome-pie.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts | 37 | private-etc alternatives,fonts |
38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 761c604ff..e516566d7 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile | |||
@@ -38,7 +38,7 @@ shell none | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin gnome-recipes,tar | 39 | private-bin gnome-recipes,tar |
40 | private-dev | 40 | private-dev |
41 | private-etc ca-certificates,fonts,ssl,crypto-policies,pki | 41 | private-etc alternatives,ca-certificates,fonts,ssl,crypto-policies,pki |
42 | # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) | 42 | # private-lib works for me with Gnome Shell 3.26.2, Mutter WM (Arch Linux) |
43 | # not widely tested though, leaving it to devs discretion to enable it later | 43 | # not widely tested though, leaving it to devs discretion to enable it later |
44 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 | 44 | #private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.4,libgnutls.so.30,libjpeg.so.8,libp11-kit.so.0,libproxy.so.1,librsvg-2.so.2 |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 6b5f5480d..baa5d39fd 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | disable-mnt | 38 | disable-mnt |
39 | # private-bin gjs gnome-weather | 39 | # private-bin gjs gnome-weather |
40 | private-dev | 40 | private-dev |
41 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 41 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/goobox.profile b/etc/goobox.profile index 3cc159eb2..be332665e 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -31,5 +31,5 @@ tracelog | |||
31 | 31 | ||
32 | # private-bin goobox | 32 | # private-bin goobox |
33 | private-dev | 33 | private-dev |
34 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 34 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
35 | # private-tmp | 35 | # private-tmp |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index d3e1123f3..af9680b49 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -34,6 +34,6 @@ tracelog | |||
34 | 34 | ||
35 | private-bin gpicview | 35 | private-bin gpicview |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts | 37 | private-etc alternatives,fonts |
38 | private-lib | 38 | private-lib |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 76a10f697..38897f184 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | 33 | ||
34 | private-bin gpredict | 34 | private-bin gpredict |
35 | private-dev | 35 | private-dev |
36 | private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 36 | private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/gradio.profile b/etc/gradio.profile index e7f415090..eec7376b4 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile | |||
@@ -34,7 +34,7 @@ protocol unix,inet,inet6 | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 37 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index e90578333..790e4920d 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | 44 | ||
45 | private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 | 45 | private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 47 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
48 | 48 | ||
49 | # memory-deny-write-execute | 49 | # memory-deny-write-execute |
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/highlight.profile b/etc/highlight.profile index ae2cce0b4..243643aea 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | private-bin highlight | 34 | private-bin highlight |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 6f860a3d4..2011759e3 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | # private-bin img2txt | 34 | # private-bin img2txt |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/kate.profile b/etc/kate.profile index cce36eacc..4a78d718f 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | 42 | ||
43 | # private-bin kate,kbuildsycoca4,kdeinit4 | 43 | # private-bin kate,kbuildsycoca4,kdeinit4 |
44 | private-dev | 44 | private-dev |
45 | # private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg | 45 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # noexec ${HOME} | 48 | # noexec ${HOME} |
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index fc9386618..357eb435d 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | 41 | ||
42 | private-bin keepassx,keepassx2 | 42 | private-bin keepassx,keepassx2 |
43 | private-dev | 43 | private-dev |
44 | private-etc fonts,machine-id | 44 | private-etc alternatives,fonts,machine-id |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 448f5455f..d565373f4 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | 42 | ||
43 | private-bin keepassxc | 43 | private-bin keepassxc |
44 | private-dev | 44 | private-dev |
45 | private-etc fonts,ld.so.cache,machine-id | 45 | private-etc alternatives,fonts,ld.so.cache,machine-id |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # 2.2.4 crashes on database open | 48 | # 2.2.4 crashes on database open |
diff --git a/etc/klavaro.profile b/etc/klavaro.profile index 890cde3db..04b4a5ae5 100644 --- a/etc/klavaro.profile +++ b/etc/klavaro.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin klavaro,tclsh,tclsh*,bash | 45 | private-bin klavaro,tclsh,tclsh*,bash |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc fonts | 48 | private-etc alternatives,fonts |
49 | private-tmp | 49 | private-tmp |
50 | private-opt none | 50 | private-opt none |
51 | private-srv none | 51 | private-srv none |
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 653283150..834f6f2dd 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin kwin_x11 | 38 | private-bin kwin_x11 |
39 | private-dev | 39 | private-dev |
40 | private-etc drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg | 40 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 9922cb0b5..bc4fba97d 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | 44 | ||
45 | private-bin kwrite,kbuildsycoca4,kdeinit4 | 45 | private-bin kwrite,kbuildsycoca4,kdeinit4 |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 47 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 6e53fc62b..047424e5e 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -38,7 +38,7 @@ seccomp | |||
38 | shell none | 38 | shell none |
39 | 39 | ||
40 | private-dev | 40 | private-dev |
41 | private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id | 41 | private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/lynx.profile b/etc/lynx.profile index e8d44823b..2f043c9b9 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | # private-bin lynx | 34 | # private-bin lynx |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index e35ddd2a7..56433df41 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | private-bin masterpdfeditor* | 41 | private-bin masterpdfeditor* |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc fonts | 44 | private-etc alternatives,fonts |
45 | # private-lib | 45 | # private-lib |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index e3220076d..1d3c21e3f 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -39,7 +39,7 @@ shell none | |||
39 | 39 | ||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin mate-calc,mate-calculator | 41 | private-bin mate-calc,mate-calculator |
42 | private-etc fonts | 42 | private-etc alternatives,fonts |
43 | private-dev | 43 | private-dev |
44 | private-opt none | 44 | private-opt none |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 1ba744d5a..a344f70e1 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin mate-color-select | 36 | private-bin mate-color-select |
37 | private-etc fonts | 37 | private-etc alternatives,fonts |
38 | private-dev | 38 | private-dev |
39 | private-lib | 39 | private-lib |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index ba179dfdd..196f5b2c3 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin mate-dictionary | 38 | private-bin mate-dictionary |
39 | private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 39 | private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
40 | private-opt mate-dictionary | 40 | private-opt mate-dictionary |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index ea4cb0250..c65a25edc 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -30,4 +30,4 @@ shell none | |||
30 | 30 | ||
31 | private-bin mcabber | 31 | private-bin mcabber |
32 | private-dev | 32 | private-dev |
33 | private-etc ca-certificates,ssl,pki,crypto-policies | 33 | private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 115444e0f..32a269fd3 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | private-bin mediainfo | 34 | private-bin mediainfo |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc none | 37 | private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/min.profile b/etc/min.profile index 80baedff7..6101ac2e6 100644 --- a/etc/min.profile +++ b/etc/min.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 48 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
49 | private-etc ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache | 49 | private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # memory-deny-write-execute | 52 | # memory-deny-write-execute |
diff --git a/etc/minetest.profile b/etc/minetest.profile index 17b39f7c6..aa50847ea 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
@@ -38,7 +38,7 @@ disable-mnt | |||
38 | private-bin minetest | 38 | private-bin minetest |
39 | private-dev | 39 | private-dev |
40 | # private-etc needs to be updated, see #1702 | 40 | # private-etc needs to be updated, see #1702 |
41 | #private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 41 | #private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | noexec ${HOME} | 44 | noexec ${HOME} |
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 6c8cb213f..6334ecd41 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin bash,fonts,env,jak,ms-office,python*,sh | 39 | private-bin bash,fonts,env,jak,ms-office,python*,sh |
40 | private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies | 40 | private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 011e85c0e..59ad36305 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | # private-bin mupdf,sh,tempfile,rm | 38 | # private-bin mupdf,sh,tempfile,rm |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts | 40 | private-etc alternatives,fonts |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | # mupdf will never write anything | 43 | # mupdf will never write anything |
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index d5fde525e..54d9fb16e 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -21,7 +21,7 @@ nodvd | |||
21 | nogroups | 21 | nogroups |
22 | nonewprivs | 22 | nonewprivs |
23 | noroot | 23 | noroot |
24 | nogroups | 24 | nogroups |
25 | nosound | 25 | nosound |
26 | notv | 26 | notv |
27 | nou2f | 27 | nou2f |
@@ -31,7 +31,7 @@ seccomp | |||
31 | 31 | ||
32 | disable-mnt | 32 | disable-mnt |
33 | private-dev | 33 | private-dev |
34 | private-etc machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 34 | private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
35 | 35 | ||
36 | noexec ${HOME} | 36 | noexec ${HOME} |
37 | noexec /tmp | 37 | noexec /tmp |
diff --git a/etc/mypaint-ora-thumbnailer.profile b/etc/mypaint-ora-thumbnailer.profile new file mode 100644 index 000000000..59b3024ed --- /dev/null +++ b/etc/mypaint-ora-thumbnailer.profile | |||
@@ -0,0 +1,5 @@ | |||
1 | # Firejail profile alias for mypaint-ora-thumbnailer | ||
2 | # This file is overwritten after every install/update | ||
3 | |||
4 | # Redirect | ||
5 | include mypaint.profile | ||
diff --git a/etc/mypaint.profile b/etc/mypaint.profile new file mode 100644 index 000000000..21fd841cf --- /dev/null +++ b/etc/mypaint.profile | |||
@@ -0,0 +1,48 @@ | |||
1 | # Firejail profile for mypaint | ||
2 | # Description: A fast and easy graphics application for digital painters | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include mypaint.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/mypaint | ||
10 | noblacklist ${HOME}/.config/mypaint | ||
11 | noblacklist ${HOME}/.local/share/mypaint | ||
12 | noblacklist ${PATH}/python2* | ||
13 | noblacklist /usr/lib/python2* | ||
14 | noblacklist ${PICTURES} | ||
15 | |||
16 | include disable-common.inc | ||
17 | include disable-devel.inc | ||
18 | include disable-interpreters.inc | ||
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | machine-id | ||
26 | net none | ||
27 | no3d | ||
28 | nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix | ||
38 | seccomp | ||
39 | shell none | ||
40 | tracelog | ||
41 | |||
42 | private-cache | ||
43 | private-dev | ||
44 | private-etc alternatives,fonts,gtk-3.0,dconf | ||
45 | private-tmp | ||
46 | |||
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 13fe9a9e1..b5e65e3ee 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile | |||
@@ -42,5 +42,5 @@ tracelog | |||
42 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files | 42 | # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files |
43 | # private-bin nautilus | 43 | # private-bin nautilus |
44 | # private-dev | 44 | # private-dev |
45 | # private-etc fonts | 45 | # private-etc alternatives,fonts |
46 | # private-tmp | 46 | # private-tmp |
diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index 67c651429..bf8fff7cd 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui | 41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl | 44 | private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,machine-id,nsswitch.conf,ssl |
45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare | 45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/nyx.profile b/etc/nyx.profile new file mode 100644 index 000000000..2a078ef0f --- /dev/null +++ b/etc/nyx.profile | |||
@@ -0,0 +1,51 @@ | |||
1 | # Firejail profile for nyx | ||
2 | # Description: Command-line status monitor for tor | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include nyx.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${PATH}/python2* | ||
10 | noblacklist ${PATH}/python3* | ||
11 | noblacklist /usr/lib/python2* | ||
12 | noblacklist /usr/lib/python3* | ||
13 | |||
14 | noblacklist ${HOME}/.nyx | ||
15 | mkdir ${HOME}/.nyx | ||
16 | whitelist ${HOME}/.nyx | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-interpreters.inc | ||
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | ||
23 | include disable-xdg.inc | ||
24 | |||
25 | caps.drop all | ||
26 | netfilter | ||
27 | no3d | ||
28 | nodbus | ||
29 | nodvd | ||
30 | nogroups | ||
31 | nonewprivs | ||
32 | noroot | ||
33 | nosound | ||
34 | notv | ||
35 | nou2f | ||
36 | novideo | ||
37 | protocol unix,inet,inet6 | ||
38 | seccomp | ||
39 | shell none | ||
40 | |||
41 | disable-mnt | ||
42 | private-bin nyx,python* | ||
43 | private-cache | ||
44 | private-dev | ||
45 | private-etc alternatives,passwd,tor,fonts | ||
46 | private-opt none | ||
47 | private-srv none | ||
48 | private-tmp | ||
49 | |||
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index 10f3f68a6..4a4fa828d 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin ocenaudio | 43 | private-bin ocenaudio |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc asound.conf,fonts,ld.so.cache,pulse | 46 | private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse |
47 | # private-lib | 47 | # private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 3a1369b83..3e1739bf9 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -37,6 +37,6 @@ tracelog | |||
37 | private-bin odt2txt | 37 | private-bin odt2txt |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc none | 40 | private-etc alternatives |
41 | private-tmp | 41 | private-tmp |
42 | read-only ${HOME} | 42 | read-only ${HOME} |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 108398104..bff42fb19 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | # private-bin open-invaders | 34 | # private-bin open-invaders |
35 | private-dev | 35 | private-dev |
36 | # private-etc none | 36 | # private-etc alternatives |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/parole.profile b/etc/parole.profile index 9ad59d2e6..69ed5a2ca 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -27,4 +27,4 @@ shell none | |||
27 | 27 | ||
28 | private-bin parole,dbus-launch | 28 | private-bin parole,dbus-launch |
29 | private-cache | 29 | private-cache |
30 | private-etc passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 30 | private-etc alternatives,passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/pdfchain.profile b/etc/pdfchain.profile index f0db20b74..d9f721578 100644 --- a/etc/pdfchain.profile +++ b/etc/pdfchain.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | 34 | ||
35 | private-bin pdfchain,pdftk,sh | 35 | private-bin pdfchain,pdftk,sh |
36 | private-dev | 36 | private-dev |
37 | private-etc dconf,fonts,gtk-3.0,xdg | 37 | private-etc alternatives,dconf,fonts,gtk-3.0,xdg |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 6b2b0fba5..85e28372e 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -38,5 +38,5 @@ tracelog | |||
38 | 38 | ||
39 | private-bin pdftotext | 39 | private-bin pdftotext |
40 | private-dev | 40 | private-dev |
41 | private-etc none | 41 | private-etc alternatives |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/pingus.profile b/etc/pingus.profile index f071e664f..6b664248f 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | # private-bin pingus | 34 | # private-bin pingus |
35 | private-dev | 35 | private-dev |
36 | # private-etc none | 36 | # private-etc alternatives |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/pluma.profile b/etc/pluma.profile index 35b141c1a..a8b1e4cc6 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -37,10 +37,12 @@ tracelog | |||
37 | 37 | ||
38 | private-bin pluma | 38 | private-bin pluma |
39 | private-dev | 39 | private-dev |
40 | # private-etc fonts | 40 | # private-etc alternatives,fonts |
41 | private-lib pluma | 41 | private-lib pluma |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
45 | noexec ${HOME} | 45 | noexec ${HOME} |
46 | noexec /tmp | 46 | noexec /tmp |
47 | |||
48 | join-or-start pluma | ||
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index fc37e6fd2..0c8bfa770 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | # private-dev is disabled to allow controller support | 38 | # private-dev is disabled to allow controller support |
39 | #private-dev | 39 | #private-dev |
40 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 40 | private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
41 | private-opt ppsspp | 41 | private-opt ppsspp |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index c98f34e77..92cae0f97 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat | 43 | private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat |
44 | private-dev | 44 | private-dev |
45 | private-etc PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies | 45 | private-etc alternatives,PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | noexec ${HOME} | 48 | noexec ${HOME} |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index bb948a971..bfe8b614e 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
@@ -32,7 +32,7 @@ novideo | |||
32 | shell none | 32 | shell none |
33 | tracelog | 33 | tracelog |
34 | 34 | ||
35 | # private-etc fonts,passwd - minimal required to run but will probably break | 35 | # private-etc alternatives,fonts,passwd - minimal required to run but will probably break |
36 | # program! | 36 | # program! |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index b6b94c703..0420d38e9 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -53,7 +53,7 @@ shell none | |||
53 | 53 | ||
54 | private-bin qbittorrent,python* | 54 | private-bin qbittorrent,python* |
55 | private-dev | 55 | private-dev |
56 | # private-etc X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 56 | # private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
57 | # private-lib - problems on Arch | 57 | # private-lib - problems on Arch |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index b6cb9772a..3dc4c6a30 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin qtox | 38 | private-bin qtox |
39 | private-etc fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse | 39 | private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/quiterss.profile b/etc/quiterss.profile index ce0816114..e6c441e27 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin quiterss | 48 | private-bin quiterss |
49 | private-dev | 49 | private-dev |
50 | # private-etc X11,ssl,pki,ca-certificates,crypto-policies | 50 | # private-etc alternatives,X11,ssl,pki,ca-certificates,crypto-policies |
51 | 51 | ||
52 | noexec ${HOME} | 52 | noexec ${HOME} |
53 | noexec /tmp | 53 | noexec /tmp |
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index efee6ce84..eef0c8fa6 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -34,7 +34,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
34 | # tracelog | 34 | # tracelog |
35 | 35 | ||
36 | private-dev | 36 | private-dev |
37 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies | 37 | # private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies |
38 | # private-tmp - interferes with the opening of downloaded files | 38 | # private-tmp - interferes with the opening of downloaded files |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index cbdc28cf6..a67d6b7ca 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin ricochet,tor | 37 | private-bin ricochet,tor |
38 | private-dev | 38 | private-dev |
39 | #private-etc fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies | 39 | #private-etc alternatives,fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
42 | noexec /tmp | 42 | noexec /tmp |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 8cb291ba6..d92c62a52 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -50,4 +50,4 @@ seccomp | |||
50 | tracelog | 50 | tracelog |
51 | 51 | ||
52 | disable-mnt | 52 | disable-mnt |
53 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies | 53 | # private-etc alternatives,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/server.profile b/etc/server.profile index 3526e88ab..8da4853e7 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -43,7 +43,7 @@ private | |||
43 | # private-bin program | 43 | # private-bin program |
44 | # private-cache | 44 | # private-cache |
45 | private-dev | 45 | private-dev |
46 | # private-etc none | 46 | # private-etc alternatives |
47 | # private-lib | 47 | # private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 85cb00ef1..4ad841880 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -33,5 +33,5 @@ tracelog | |||
33 | 33 | ||
34 | # private-bin simple-scan | 34 | # private-bin simple-scan |
35 | # private-dev | 35 | # private-dev |
36 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies | 36 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
37 | # private-tmp | 37 | # private-tmp |
diff --git a/etc/simutrans.profile b/etc/simutrans.profile index a4e4d892c..c07b1c145 100644 --- a/etc/simutrans.profile +++ b/etc/simutrans.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | # private-bin simutrans | 34 | # private-bin simutrans |
35 | private-dev | 35 | private-dev |
36 | # private-etc none | 36 | # private-etc alternatives |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/slack.profile b/etc/slack.profile index 995d49687..841998b0e 100644 --- a/etc/slack.profile +++ b/etc/slack.profile | |||
@@ -37,5 +37,5 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin slack,locale | 38 | private-bin slack,locale |
39 | private-dev | 39 | private-dev |
40 | private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id | 40 | private-etc alternatives,asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 14f9f5228..60d15735d 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin spotify,bash,sh,zenity | 47 | private-bin spotify,bash,sh,zenity |
48 | private-dev | 48 | private-dev |
49 | private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies | 49 | private-etc alternatives,fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies |
50 | private-opt spotify | 50 | private-opt spotify |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 4486c8869..0a4d38dbe 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -38,7 +38,7 @@ seccomp | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | private-etc ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg | 41 | private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg |
42 | 42 | ||
43 | noexec ${HOME} | 43 | noexec ${HOME} |
44 | noexec /tmp | 44 | noexec /tmp |
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index d3b0b27e3..b0cb52a0f 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf | 35 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 37 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec /tmp | 40 | noexec /tmp |
diff --git a/etc/steam.profile b/etc/steam.profile index 775b6c875..9d348347e 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -74,5 +74,5 @@ shell none | |||
74 | # private-dev should be commented for controllers | 74 | # private-dev should be commented for controllers |
75 | private-dev | 75 | private-dev |
76 | # private-etc breaks a small selection of games on some systems, comment to support those | 76 | # private-etc breaks a small selection of games on some systems, comment to support those |
77 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release | 77 | private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release |
78 | private-tmp | 78 | private-tmp |
diff --git a/etc/strings.profile b/etc/strings.profile index f243606ec..3ef3ffcb1 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -24,7 +24,7 @@ tracelog | |||
24 | private-bin strings | 24 | private-bin strings |
25 | private-cache | 25 | private-cache |
26 | private-dev | 26 | private-dev |
27 | private-etc none | 27 | private-etc alternatives |
28 | private-lib | 28 | private-lib |
29 | 29 | ||
30 | memory-deny-write-execute | 30 | memory-deny-write-execute |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index fc523ce0a..793e4126c 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -34,5 +34,5 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | # private-bin supertux2 | 35 | # private-bin supertux2 |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc alternatives |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 9f65a2fa1..696ac4de0 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin supertuxkart | 46 | private-bin supertuxkart |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux | 49 | private-etc alternatives,resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux |
50 | private-tmp | 50 | private-tmp |
51 | private-opt none | 51 | private-opt none |
52 | private-srv none | 52 | private-srv none |
diff --git a/etc/surf.profile b/etc/surf.profile index 3a1b1f383..4fad4a81d 100644 --- a/etc/surf.profile +++ b/etc/surf.profile | |||
@@ -32,7 +32,7 @@ tracelog | |||
32 | disable-mnt | 32 | disable-mnt |
33 | private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop | 33 | private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop |
34 | private-dev | 34 | private-dev |
35 | private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies | 35 | private-etc alternatives,passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | noexec ${HOME} | 38 | noexec ${HOME} |
diff --git a/etc/tar.profile b/etc/tar.profile index 9a5f00f65..d228051e8 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -26,7 +26,7 @@ tracelog | |||
26 | # support compressed archives | 26 | # support compressed archives |
27 | private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | 27 | private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop |
28 | private-dev | 28 | private-dev |
29 | private-etc passwd,group,localtime | 29 | private-etc alternatives,passwd,group,localtime |
30 | private-lib | 30 | private-lib |
31 | 31 | ||
32 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 32 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
diff --git a/etc/terasology.profile b/etc/terasology.profile index 22038e0b4..43865b6fb 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | 44 | ||
45 | disable-mnt | 45 | disable-mnt |
46 | private-dev | 46 | private-dev |
47 | private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies | 47 | private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index db563b25c..c3358a9e8 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -44,4 +44,4 @@ writable-run-user | |||
44 | # Redirect | 44 | # Redirect |
45 | # Uncomment if you use enigmail | 45 | # Uncomment if you use enigmail |
46 | # ignore nodbus | 46 | # ignore nodbus |
47 | include firefox.profile | 47 | include firefox-common.profile |
diff --git a/etc/tilp.profile b/etc/tilp.profile index ecacd1deb..2643c9a84 100644 --- a/etc/tilp.profile +++ b/etc/tilp.profile | |||
@@ -29,7 +29,7 @@ tracelog | |||
29 | disable-mnt | 29 | disable-mnt |
30 | private-bin tilp | 30 | private-bin tilp |
31 | private-cache | 31 | private-cache |
32 | private-etc fonts | 32 | private-etc alternatives,fonts |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | noexec ${HOME} | 35 | noexec ${HOME} |
diff --git a/etc/tor.profile b/etc/tor.profile index 04a6c3abb..418352639 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -46,7 +46,7 @@ private | |||
46 | private-bin tor,bash | 46 | private-bin tor,bash |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies | 49 | private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | noexec ${HOME} | 52 | noexec ${HOME} |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index a9244683f..2b1cc6549 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -49,7 +49,7 @@ shell none | |||
49 | disable-mnt | 49 | disable-mnt |
50 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz | 50 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz |
51 | private-dev | 51 | private-dev |
52 | private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 52 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | noexec /tmp | 55 | noexec /tmp |
diff --git a/etc/totem.profile b/etc/totem.profile index 3055ea542..fd473b03c 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -36,7 +36,7 @@ private-bin totem | |||
36 | # totem needs access to ~/.cache/tracker or it exits | 36 | # totem needs access to ~/.cache/tracker or it exits |
37 | #private-cache | 37 | #private-cache |
38 | private-dev | 38 | private-dev |
39 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 39 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/tracker.profile b/etc/tracker.profile index 6d86b2951..c1779ae3e 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -33,5 +33,5 @@ tracelog | |||
33 | 33 | ||
34 | # private-bin tracker | 34 | # private-bin tracker |
35 | # private-dev | 35 | # private-dev |
36 | # private-etc fonts | 36 | # private-etc alternatives,fonts |
37 | # private-tmp | 37 | # private-tmp |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 81b52ec7c..89b9b21dc 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | 33 | ||
34 | # private-bin transmission-cli | 34 | # private-bin transmission-cli |
35 | private-dev | 35 | private-dev |
36 | private-etc ca-certificates,ssl,pki,crypto-policies | 36 | private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | memory-deny-write-execute | 39 | memory-deny-write-execute |
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 248eb977e..6154ad15b 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -31,5 +31,5 @@ shell none | |||
31 | tracelog | 31 | tracelog |
32 | 32 | ||
33 | private-dev | 33 | private-dev |
34 | private-etc none | 34 | private-etc alternatives |
35 | private-tmp | 35 | private-tmp |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index f62f018a6..36d1319d1 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -29,5 +29,5 @@ shell none | |||
29 | 29 | ||
30 | # private-bin unknown-horizons | 30 | # private-bin unknown-horizons |
31 | private-dev | 31 | private-dev |
32 | # private-etc ca-certificates,ssl,pki,crypto-policies | 32 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 00fe0887b..bc5fced9f 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -25,7 +25,7 @@ tracelog | |||
25 | 25 | ||
26 | private-bin unrar | 26 | private-bin unrar |
27 | private-dev | 27 | private-dev |
28 | private-etc passwd,group,localtime | 28 | private-etc alternatives,passwd,group,localtime |
29 | private-tmp | 29 | private-tmp |
30 | 30 | ||
31 | include default.profile | 31 | include default.profile |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 8e659c256..1859a2248 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -25,7 +25,7 @@ tracelog | |||
25 | 25 | ||
26 | private-bin unzip | 26 | private-bin unzip |
27 | private-dev | 27 | private-dev |
28 | private-etc passwd,group,localtime | 28 | private-etc alternatives,passwd,group,localtime |
29 | 29 | ||
30 | # GNOME Shell integration (chrome-gnome-shell) | 30 | # GNOME Shell integration (chrome-gnome-shell) |
31 | noblacklist ${HOME}/.local/share/gnome-shell | 31 | noblacklist ${HOME}/.local/share/gnome-shell |
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 3bd0ebe70..9710b1b9f 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -23,6 +23,6 @@ tracelog | |||
23 | private-bin uudeview | 23 | private-bin uudeview |
24 | private-cache | 24 | private-cache |
25 | private-dev | 25 | private-dev |
26 | private-etc ld.so.preload | 26 | private-etc alternatives,ld.so.preload |
27 | 27 | ||
28 | include default.profile | 28 | include default.profile |
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 4c22f8e6f..94b6c2052 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | private-bin viewnior | 38 | private-bin viewnior |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts | 41 | private-etc alternatives,fonts |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | # memory-deny-write-executes breaks on Arch - see issue #1808 | 44 | # memory-deny-write-executes breaks on Arch - see issue #1808 |
diff --git a/etc/w3m.profile b/etc/w3m.profile index c03df49cd..143ac4f63 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | # private-bin w3m | 36 | # private-bin w3m |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies | 39 | private-etc alternatives,resolv.conf,ssl,pki,ca-certificates,crypto-policies |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/webstorm.profile b/etc/webstorm.profile index 9a25727a9..4979e8186 100644 --- a/etc/webstorm.profile +++ b/etc/webstorm.profile | |||
@@ -18,10 +18,10 @@ noblacklist ${PATH}/node | |||
18 | noblacklist ${HOME}/.nvm | 18 | noblacklist ${HOME}/.nvm |
19 | 19 | ||
20 | include disable-common.inc | 20 | include disable-common.inc |
21 | include disable-passwdmgr.inc | ||
22 | include disable-programs.inc | ||
23 | include disable-devel.inc | 21 | include disable-devel.inc |
24 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | ||
24 | include disable-programs.inc | ||
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
27 | netfilter | 27 | netfilter |
diff --git a/etc/wget.profile b/etc/wget.profile index 87c0501da..c0a6f0d21 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | 35 | ||
36 | # private-bin wget | 36 | # private-bin wget |
37 | private-dev | 37 | private-dev |
38 | # private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies | 38 | # private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | # private-tmp | 39 | # private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/whois.profile b/etc/whois.profile index 78236c02f..0e9eb05a5 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -38,7 +38,7 @@ private | |||
38 | private-bin sh,bash,whois | 38 | private-bin sh,bash,whois |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | # private-etc hosts,services,whois.conf | 41 | # private-etc alternatives,hosts,services,whois.conf |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index f464a2fb9..e974e4304 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -37,5 +37,5 @@ shell none | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin wire-desktop | 38 | private-bin wire-desktop |
39 | private-dev | 39 | private-dev |
40 | private-etc fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies | 40 | private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 4f1142826..a08b97d05 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | 45 | ||
46 | # private-bin wireshark | 46 | # private-bin wireshark |
47 | private-dev | 47 | private-dev |
48 | # private-etc fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies | 48 | # private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | noexec ${HOME} | 51 | noexec ${HOME} |
diff --git a/etc/xed.profile b/etc/xed.profile index 7dffae05a..cd565f684 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | 42 | ||
43 | private-bin xed | 43 | private-bin xed |
44 | private-dev | 44 | private-dev |
45 | # private-etc fonts | 45 | # private-etc alternatives,fonts |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # xed uses python plugins, memory-deny-write-execute breaks python | 48 | # xed uses python plugins, memory-deny-write-execute breaks python |
diff --git a/etc/xfburn.profile b/etc/xfburn.profile index 3dc525755..1cb7f568a 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile | |||
@@ -29,5 +29,5 @@ tracelog | |||
29 | 29 | ||
30 | # private-bin xfburn | 30 | # private-bin xfburn |
31 | # private-dev | 31 | # private-dev |
32 | # private-etc fonts | 32 | # private-etc alternatives,fonts |
33 | # private-tmp | 33 | # private-tmp |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 6adfcd819..3ad03e2c6 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -38,5 +38,5 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xiphos | 39 | private-bin xiphos |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies | 41 | private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/xmr-stak.profile b/etc/xmr-stak.profile index 25b2b8c91..99c9676b8 100644 --- a/etc/xmr-stak.profile +++ b/etc/xmr-stak.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private ${HOME}/.xmr-stak | 37 | private ${HOME}/.xmr-stak |
38 | private-bin xmr-stak | 38 | private-bin xmr-stak |
39 | private-dev | 39 | private-dev |
40 | private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
41 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend | 41 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend |
42 | private-opt cuda | 42 | private-opt cuda |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 054cf4896..9d422a01e 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl | 37 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl |
38 | private-dev | 38 | private-dev |
39 | private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id | 39 | private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index b8297295a..0df879d7c 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 41 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
42 | private-dev | 42 | private-dev |
43 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 43 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | noexec ${HOME} | 46 | noexec ${HOME} |
diff --git a/etc/xpra.profile b/etc/xpra.profile index 23f3294bd..2ff6c2a5d 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -52,5 +52,5 @@ shell none | |||
52 | # older Xpra versions also use Xvfb | 52 | # older Xpra versions also use Xvfb |
53 | # private-bin xpra,python*,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls | 53 | # private-bin xpra,python*,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls |
54 | private-dev | 54 | private-dev |
55 | # private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 | 55 | # private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 |
56 | private-tmp | 56 | private-tmp |
diff --git a/etc/xreader.profile b/etc/xreader.profile index a879e8b04..e0a3ddee3 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xreader,xreader-previewer,xreader-thumbnailer | 39 | private-bin xreader,xreader-previewer,xreader-thumbnailer |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts,ld.so.cache | 41 | private-etc alternatives,fonts,ld.so.cache |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index e6185807e..c73630053 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xviewer | 39 | private-bin xviewer |
40 | private-dev | 40 | private-dev |
41 | #private-etc fonts | 41 | #private-etc alternatives,fonts |
42 | private-lib | 42 | private-lib |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
diff --git a/etc/zathura.profile b/etc/zathura.profile index 2eee47fa0..922284353 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | private-bin zathura | 35 | private-bin zathura |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc fonts,machine-id | 38 | private-etc alternatives,fonts,machine-id |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | read-only ${HOME}/ | 41 | read-only ${HOME}/ |