diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/akonadi_control.profile | 2 | ||||
-rw-r--r-- | etc/baloo_file.profile | 2 | ||||
-rw-r--r-- | etc/brackets.profile | 2 | ||||
-rw-r--r-- | etc/clementine.profile | 2 | ||||
-rw-r--r-- | etc/kmail.profile | 2 | ||||
-rw-r--r-- | etc/mpd.profile | 2 | ||||
-rw-r--r-- | etc/qgis.profile | 2 | ||||
-rw-r--r-- | etc/simple-scan.profile | 2 | ||||
-rw-r--r-- | etc/skanlite.profile | 2 | ||||
-rw-r--r-- | etc/standardnotes-desktop.profile | 2 |
10 files changed, 10 insertions, 10 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 904c784c6..ffc613f1e 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
@@ -47,7 +47,7 @@ notv | |||
47 | nou2f | 47 | nou2f |
48 | novideo | 48 | novideo |
49 | # protocol unix,inet,inet6,netlink | 49 | # protocol unix,inet,inet6,netlink |
50 | # seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 50 | # seccomp !io_getevents,!io_setup,!io_submit,!ioprio_set |
51 | tracelog | 51 | tracelog |
52 | 52 | ||
53 | private-dev | 53 | private-dev |
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index f46987cc7..6f7638fa3 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -39,7 +39,7 @@ nou2f | |||
39 | novideo | 39 | novideo |
40 | protocol unix | 40 | protocol unix |
41 | # blacklisting of ioprio_set system calls breaks baloo_file | 41 | # blacklisting of ioprio_set system calls breaks baloo_file |
42 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 42 | seccomp !ioprio_set |
43 | shell none | 43 | shell none |
44 | # x11 xorg | 44 | # x11 xorg |
45 | 45 | ||
diff --git a/etc/brackets.profile b/etc/brackets.profile index b7d560bbc..13a3bef79 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile | |||
@@ -27,7 +27,7 @@ notv | |||
27 | nou2f | 27 | nou2f |
28 | novideo | 28 | novideo |
29 | protocol unix,inet,inet6,netlink | 29 | protocol unix,inet,inet6,netlink |
30 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 30 | seccomp !chroot,!ioperm |
31 | shell none | 31 | shell none |
32 | 32 | ||
33 | private-cache | 33 | private-cache |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 147b0de4b..4d92157d0 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -27,7 +27,7 @@ nou2f | |||
27 | novideo | 27 | novideo |
28 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
29 | # blacklisting of ioprio_set system calls breaks clementine | 29 | # blacklisting of ioprio_set system calls breaks clementine |
30 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 30 | seccomp !ioprio_set |
31 | 31 | ||
32 | private-dev | 32 | private-dev |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 0b602c79a..e174cf2bf 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -51,7 +51,7 @@ nou2f | |||
51 | novideo | 51 | novideo |
52 | protocol unix,inet,inet6,netlink | 52 | protocol unix,inet,inet6,netlink |
53 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls | 53 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls |
54 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 54 | seccomp !chroot,!io_getevents,!io_submit,!io_submit,!ioprio_set |
55 | # tracelog | 55 | # tracelog |
56 | 56 | ||
57 | private-dev | 57 | private-dev |
diff --git a/etc/mpd.profile b/etc/mpd.profile index 0b5ebf705..6c5963793 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -31,7 +31,7 @@ novideo | |||
31 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
32 | # blacklisting of ioprio_set system calls breaks auto-updating of | 32 | # blacklisting of ioprio_set system calls breaks auto-updating of |
33 | # MPD's database when files in music_directory are changed | 33 | # MPD's database when files in music_directory are changed |
34 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 34 | seccomp !ioprio_set |
35 | shell none | 35 | shell none |
36 | 36 | ||
37 | #private-bin bash,mpd | 37 | #private-bin bash,mpd |
diff --git a/etc/qgis.profile b/etc/qgis.profile index 80a10efce..88ed0cd81 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile | |||
@@ -45,7 +45,7 @@ notv | |||
45 | nou2f | 45 | nou2f |
46 | novideo | 46 | novideo |
47 | # blacklisting of mbind system calls breaks old version | 47 | # blacklisting of mbind system calls breaks old version |
48 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,migrate_pages,mincore,move_pages,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,set_mempolicy,syslog,umount,userfaultfd,vmsplice | 48 | seccomp !mbind |
49 | protocol unix,inet,inet6,netlink | 49 | protocol unix,inet,inet6,netlink |
50 | shell none | 50 | shell none |
51 | tracelog | 51 | tracelog |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 64441483d..a0c9e8303 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -27,7 +27,7 @@ notv | |||
27 | # novideo | 27 | # novideo |
28 | protocol unix,inet,inet6,netlink | 28 | protocol unix,inet,inet6,netlink |
29 | # blacklisting of ioperm system calls breaks simple-scan | 29 | # blacklisting of ioperm system calls breaks simple-scan |
30 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 30 | seccomp !ioperm |
31 | shell none | 31 | shell none |
32 | tracelog | 32 | tracelog |
33 | 33 | ||
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index c10be717b..6f9bfd201 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -27,7 +27,7 @@ notv | |||
27 | # novideo | 27 | # novideo |
28 | protocol unix,inet,inet6,netlink | 28 | protocol unix,inet,inet6,netlink |
29 | # blacklisting of ioperm system calls breaks skanlite | 29 | # blacklisting of ioperm system calls breaks skanlite |
30 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 30 | seccomp !ioperm |
31 | shell none | 31 | shell none |
32 | 32 | ||
33 | # private-bin kbuildsycoca4,kdeinit4,skanlite | 33 | # private-bin kbuildsycoca4,kdeinit4,skanlite |
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 5703f932a..aa6902854 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -34,7 +34,7 @@ nosound | |||
34 | notv | 34 | notv |
35 | nou2f | 35 | nou2f |
36 | protocol unix,inet,inet6,netlink | 36 | protocol unix,inet,inet6,netlink |
37 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mincore,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 37 | seccomp !chroot |
38 | 38 | ||
39 | disable-mnt | 39 | disable-mnt |
40 | private-dev | 40 | private-dev |