diff options
Diffstat (limited to 'etc')
318 files changed, 318 insertions, 320 deletions
diff --git a/etc/profile-a-l/1password.profile b/etc/profile-a-l/1password.profile index bc8bfae0d..b340ad228 100644 --- a/etc/profile-a-l/1password.profile +++ b/etc/profile-a-l/1password.profile | |||
@@ -11,7 +11,7 @@ noblacklist ${HOME}/.config/1Password | |||
11 | mkdir ${HOME}/.config/1Password | 11 | mkdir ${HOME}/.config/1Password |
12 | whitelist ${HOME}/.config/1Password | 12 | whitelist ${HOME}/.config/1Password |
13 | 13 | ||
14 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 14 | private-etc @tls-ca |
15 | 15 | ||
16 | # Needed for keychain things, talking to Firefox, possibly other things? Not sure how to narrow down | 16 | # Needed for keychain things, talking to Firefox, possibly other things? Not sure how to narrow down |
17 | ignore dbus-user none | 17 | ignore dbus-user none |
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index eb7a5254f..a0eed24ca 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | private-bin abiword | 41 | private-bin abiword |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd | 44 | private-etc @x11 |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | # dbus-user none | 47 | # dbus-user none |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 96c56d85d..7a36302f1 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -49,7 +49,7 @@ tracelog | |||
49 | private-bin agetpkg,python3 | 49 | private-bin agetpkg,python3 |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 52 | private-etc @tls-ca |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 9612ffdd2..22a303cdd 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | # private-bin alacarte,bash,python*,sh | 52 | # private-bin alacarte,bash,python*,sh |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg | 55 | private-etc @tls-ca,@x11,mime.types |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 0f7407f05..9f9bd975a 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin alienarena | 43 | private-bin alienarena |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11 | 46 | private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,rpc,services |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 4e994c025..5ccb9896f 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -90,7 +90,7 @@ disable-mnt | |||
90 | private-bin alpine | 90 | private-bin alpine |
91 | private-cache | 91 | private-cache |
92 | private-dev | 92 | private-dev |
93 | private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg | 93 | private-etc @tls-ca,@x11,c-client.cf,host.conf,krb5.keytab,mailcap,mime.types,pine.conf,pinerc.fixed,rpc,services,terminfo |
94 | private-tmp | 94 | private-tmp |
95 | writable-run-user | 95 | writable-run-user |
96 | writable-var | 96 | writable-var |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index 466f60bda..442b5a481 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin anki,python* | 49 | private-bin anki,python* |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf | 52 | private-etc @tls-ca,@x11,Trolltech.conf |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index dab91fe7d..4ad6ac6bc 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -62,7 +62,7 @@ disable-mnt | |||
62 | private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex | 62 | private-bin apostrophe,fmtutil,kpsewhich,mktexfmt,pandoc,pdftex,perl,python3*,sh,xdvipdfmx,xelatex,xetex |
63 | private-cache | 63 | private-cache |
64 | private-dev | 64 | private-dev |
65 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,texlive,X11 | 65 | private-etc @x11,texlive |
66 | private-tmp | 66 | private-tmp |
67 | 67 | ||
68 | dbus-user filter | 68 | dbus-user filter |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 17eb2451c..2e9e75737 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -45,7 +45,7 @@ private-bin aria2c,gzip | |||
45 | # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). | 45 | # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). |
46 | #private-cache | 46 | #private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.cache,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | 48 | private-etc @tls-ca,groups |
49 | private-lib libreadline.so.* | 49 | private-lib libreadline.so.* |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index ed0629c9b..1c2fbcccc 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor | 43 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,resolv.conf,ssl,tor | 45 | private-etc @tls-ca,tor |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | restrict-namespaces | 48 | restrict-namespaces |
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index b1347b0d9..897140857 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -54,7 +54,7 @@ disable-mnt | |||
54 | private-bin artha,enchant,notify-send | 54 | private-bin artha,enchant,notify-send |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 57 | private-etc |
58 | private-lib libnotify.so.* | 58 | private-lib libnotify.so.* |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile index b2bc17c67..672286087 100644 --- a/etc/profile-a-l/atool.profile +++ b/etc/profile-a-l/atool.profile | |||
@@ -13,7 +13,7 @@ include allow-perl.inc | |||
13 | noroot | 13 | noroot |
14 | 14 | ||
15 | # without login.defs atool complains and uses UID/GID 1000 by default | 15 | # without login.defs atool complains and uses UID/GID 1000 by default |
16 | private-etc alternatives,group,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf | 16 | private-etc |
17 | private-tmp | 17 | private-tmp |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index f24aff108..d0513d2a7 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | 41 | ||
42 | private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote | 42 | private-bin 7z,7za,7zr,atril,atril-previewer,atril-thumbnailer,sh,tar,unrar,unzip,zipnote |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 44 | private-etc |
45 | # atril uses webkit gtk to display epub files | 45 | # atril uses webkit gtk to display epub files |
46 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 | 46 | # waiting for globbing support in private-lib; for now hardcoding it to webkit2gtk-4.0 |
47 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit | 47 | #private-lib webkit2gtk-4.0 - problems on Arch with the new version of WebKit |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 74dba7411..deba11a47 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | disable-mnt | 43 | disable-mnt |
44 | # private-bin audio-recorder | 44 | # private-bin audio-recorder |
45 | private-cache | 45 | private-cache |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user filter | 49 | dbus-user filter |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 73a2e1806..215f22fd0 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin authenticator-rs | 46 | private-bin authenticator-rs |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg | 49 | private-etc @tls-ca,@x11 |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 02c1d8768..96c70a838 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -38,7 +38,7 @@ seccomp | |||
38 | disable-mnt | 38 | disable-mnt |
39 | # private-bin authenticator,python* | 39 | # private-bin authenticator,python* |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 41 | private-etc @tls-ca |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | # makes settings immutable | 44 | # makes settings immutable |
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index b60b5715c..9ca947106 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin ballbuster | 44 | private-bin ballbuster |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index 85a1a58c7..3fb2a82c3 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | # private-bin bibletime | 51 | # private-bin bibletime |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf | 54 | private-etc @tls-ca,sword,sword.conf |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index b6b52601e..53d212e34 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin bijiben | 50 | private-bin bijiben |
51 | # private-cache -- access to .cache/tracker is required | 51 | # private-cache -- access to .cache/tracker is required |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 53 | private-etc @x11 |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user filter | 56 | dbus-user filter |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index f8114c71b..ba30c3654 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -23,7 +23,7 @@ no3d | |||
23 | nosound | 23 | nosound |
24 | 24 | ||
25 | ?HAS_APPIMAGE: ignore private-dev | 25 | ?HAS_APPIMAGE: ignore private-dev |
26 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 26 | private-etc @tls-ca |
27 | private-opt Bitwarden | 27 | private-opt Bitwarden |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 9badb4357..6dd540943 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -34,7 +34,7 @@ seccomp | |||
34 | # private-bin bash,bless,mono,sh | 34 | # private-bin bash,bless,mono,sh |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,mono | 37 | private-etc mono |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 6e7a87e5f..dccdae924 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin blobby | 41 | private-bin blobby |
42 | private-dev | 42 | private-dev |
43 | private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pulse | 43 | private-etc @x11 |
44 | private-lib | 44 | private-lib |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index e6926ee29..fc0a76945 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin blobwars | 42 | private-bin blobwars |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 45 | private-etc |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile index fbc7c9056..c5c2e33eb 100644 --- a/etc/profile-a-l/bsdtar.profile +++ b/etc/profile-a-l/bsdtar.profile | |||
@@ -6,7 +6,7 @@ include bsdtar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd | 9 | private-etc |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include archiver-common.profile | 12 | include archiver-common.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index b2248ad06..df94ac859 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | disable-mnt | 45 | disable-mnt |
46 | private-bin cameramonitor,python* | 46 | private-bin cameramonitor,python* |
47 | private-cache | 47 | private-cache |
48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 48 | private-etc |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | # dbus-user none | 51 | # dbus-user none |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 4c8afd895..a0fe8ddf1 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -16,7 +16,7 @@ noblacklist ${HOME}/.cargo/credentials.toml | |||
16 | #whitelist ${HOME}/.rustup | 16 | #whitelist ${HOME}/.rustup |
17 | 17 | ||
18 | #private-bin cargo,rustc | 18 | #private-bin cargo,rustc |
19 | private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl | 19 | private-etc @tls-ca,host.conf,magic,magic.mgc,rpc,services |
20 | 20 | ||
21 | memory-deny-write-execute | 21 | memory-deny-write-execute |
22 | 22 | ||
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index e4e32b265..17887b6cc 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -38,7 +38,7 @@ disable-mnt | |||
38 | private-bin cawbird | 38 | private-bin cawbird |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg | 41 | private-etc @tls-ca,@x11,host.conf,mime.types |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | # dbus-user none | 44 | # dbus-user none |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 0c4335e8f..f06ac3b01 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | 52 | ||
53 | private-bin celluloid,env,gnome-mpv,python*,youtube-dl | 53 | private-bin celluloid,env,gnome-mpv,python*,youtube-dl |
54 | private-cache | 54 | private-cache |
55 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg | 55 | private-etc @tls-ca,@x11,libva.conf,pkcs11,selinux |
56 | private-dev | 56 | private-dev |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile index 4dfd85740..ed3153ec7 100644 --- a/etc/profile-a-l/chatterino.profile +++ b/etc/profile-a-l/chatterino.profile | |||
@@ -70,7 +70,7 @@ private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamli | |||
70 | # private-cache may cause issues with mpv (see #2838) | 70 | # private-cache may cause issues with mpv (see #2838) |
71 | private-cache | 71 | private-cache |
72 | private-dev | 72 | private-dev |
73 | private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11 | 73 | private-etc @tls-ca,@x11,dbus-1,rpc,services,Trolltech.conf |
74 | private-srv none | 74 | private-srv none |
75 | private-tmp | 75 | private-tmp |
76 | 76 | ||
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index 8aed77c04..93d9c9a8b 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin cheese | 51 | private-bin cheese |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 54 | private-etc @x11,clutter-1.0 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 4f4e8e7bf..3b8eb7bbd 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin bash,clawsker,perl,sh,which | 43 | private-bin bash,clawsker,perl,sh,which |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 46 | private-etc |
47 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* | 47 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index ad6332f78..cc7a43609 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -26,6 +26,6 @@ protocol unix,inet,inet6 | |||
26 | seccomp | 26 | seccomp |
27 | 27 | ||
28 | private-bin cmus | 28 | private-bin cmus |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 29 | private-etc @tls-ca |
30 | 30 | ||
31 | restrict-namespaces | 31 | restrict-namespaces |
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile index c341c4ea2..aa053e2f7 100644 --- a/etc/profile-a-l/cointop.profile +++ b/etc/profile-a-l/cointop.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin cointop | 52 | private-bin cointop |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 55 | private-etc @tls-ca,host.conf,rpc,services |
56 | private-lib | 56 | private-lib |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index 442d50259..50f8f67f3 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin colorful | 44 | private-bin colorful |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pulse | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 990b6bc5a..8b7d2317c 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin com.github.bleakgrey.tootle | 44 | private-bin com.github.bleakgrey.tootle |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 47 | private-etc @tls-ca,@x11,host.conf,mime.types |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | # Settings are immutable | 50 | # Settings are immutable |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index 5f2a1c3e6..ab389d3ee 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin com.github.dahenson.agenda | 51 | private-bin com.github.dahenson.agenda |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 54 | private-etc @x11 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index 21f37494b..f4533b537 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -54,7 +54,7 @@ disable-mnt | |||
54 | private-bin com.github.johnfactotum.Foliate,gjs | 54 | private-bin com.github.johnfactotum.Foliate,gjs |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc alternatives,dconf,fonts,gconf,gtk-3.0,ld.so.cache,ld.so.preload | 57 | private-etc @x11,gconf |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
60 | read-only ${HOME} | 60 | read-only ${HOME} |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 07a6a6813..22a64cb35 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin com.github.phase1geo.minder | 51 | private-bin com.github.phase1geo.minder |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,passwd,X11,xdg | 54 | private-etc @x11,mime.types |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile index fd4494e92..eee98ba8d 100644 --- a/etc/profile-a-l/com.github.tchx84.Flatseal.profile +++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin com.github.tchx84.Flatseal,gjs | 51 | private-bin com.github.tchx84.Flatseal,gjs |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 54 | private-etc @x11 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 793de8ab4..21b576fb7 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | disable-mnt | 39 | disable-mnt |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,ssl | 42 | private-etc @tls-ca |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 842191f3f..601daacfa 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -38,7 +38,7 @@ seccomp | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin crow | 39 | private-bin crow |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 41 | private-etc @tls-ca,@x11 |
42 | private-opt none | 42 | private-opt none |
43 | private-tmp | 43 | private-tmp |
44 | private-srv none | 44 | private-srv none |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index 63d89ec36..7dd5ca260 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin d-feet,python* | 49 | private-bin d-feet,python* |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id | 52 | private-etc dbus-1 |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 55 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index b259c7e93..80790bb0c 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -50,7 +50,7 @@ private | |||
50 | private-bin dbus-send | 50 | private-bin dbus-send |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload | 53 | private-etc dbus-1 |
54 | private-lib libpcre* | 54 | private-lib libpcre* |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 876e637b2..e2e2492bc 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin dconf-editor | 42 | private-bin dconf-editor |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id | 45 | private-etc @x11 |
46 | private-lib | 46 | private-lib |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index 5136445da..2b2ada742 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin dconf,gsettings | 45 | private-bin dconf,gsettings |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,dconf,ld.so.cache,ld.so.preload | 48 | private-etc @x11 |
49 | private-lib | 49 | private-lib |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 8ea5d178e..9811c90d6 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr | 45 | private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr |
46 | private-cache | 46 | private-cache |
47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index ef31fc3eb..066cdc8b0 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin devhelp | 41 | private-bin devhelp |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,ssl | 44 | private-etc @tls-ca,@x11 |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | # makes settings immutable | 47 | # makes settings immutable |
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 0579547af..4461c2a82 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin devilspie | 47 | private-bin devilspie |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ld.so.cache,ld.so.preload | 50 | private-etc |
51 | private-lib gconv | 51 | private-lib gconv |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 3ee58147a..7c0fee9c3 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -48,7 +48,7 @@ tracelog | |||
48 | disable-mnt | 48 | disable-mnt |
49 | private-bin bash,dig,sh | 49 | private-bin bash,dig,sh |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf | 51 | private-etc |
52 | # Add the next line to your dig.local on non Debian/Ubuntu OS (see issue #3038). | 52 | # Add the next line to your dig.local on non Debian/Ubuntu OS (see issue #3038). |
53 | #private-lib | 53 | #private-lib |
54 | private-tmp | 54 | private-tmp |
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index bf49c8d48..6f01600eb 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -24,7 +24,7 @@ whitelist ${HOME}/.config/BetterDiscord | |||
24 | whitelist ${HOME}/.local/share/betterdiscordctl | 24 | whitelist ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin awk,bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,which,xdg-mime,xdg-open,zsh | 26 | private-bin awk,bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],fish,grep,head,sed,sh,tclsh,tr,which,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc @tls-ca,password |
28 | 28 | ||
29 | join-or-start discord | 29 | join-or-start discord |
30 | 30 | ||
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 15f6e441d..bf77828be 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -39,7 +39,7 @@ seccomp | |||
39 | private-bin display,python* | 39 | private-bin display,python* |
40 | private-dev | 40 | private-dev |
41 | # On Debian-based systems, display is a symlink in /etc/alternatives | 41 | # On Debian-based systems, display is a symlink in /etc/alternatives |
42 | private-etc alternatives,ImageMagick-6,ImageMagick-7,ld.so.cache,ld.so.preload | 42 | private-etc ImageMagick-6,ImageMagick-7 |
43 | private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,ImageMagick*,libfreetype.so.*,libltdl.so.*,libMagickWand-*.so.*,libXext.so.* | 43 | private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,ImageMagick*,libfreetype.so.*,libltdl.so.*,libMagickWand-*.so.*,libXext.so.* |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index acaf2e021..d4734bf22 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -54,7 +54,7 @@ private-bin bash,dolphin-emu,dolphin-emu-x11,sh | |||
54 | private-cache | 54 | private-cache |
55 | # Add the next line to your dolphin-emu.local if you do not need controller support. | 55 | # Add the next line to your dolphin-emu.local if you do not need controller support. |
56 | #private-dev | 56 | #private-dev |
57 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | 57 | private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services,Trolltech.conf |
58 | private-opt none | 58 | private-opt none |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 9d9fa291b..79366b8ee 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -44,7 +44,7 @@ seccomp !chroot | |||
44 | private-bin drawio | 44 | private-bin drawio |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 920eb7697..40fd8be7c 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | #private-bin bash,easystroke,sh | 44 | #private-bin bash,easystroke,sh |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd | 47 | private-etc |
48 | # breaks custom shell command functionality | 48 | # breaks custom shell command functionality |
49 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 49 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
50 | private-tmp | 50 | private-tmp |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index d0d0f2168..4872223f1 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -29,7 +29,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini | |||
29 | machine-id | 29 | machine-id |
30 | nosound | 30 | nosound |
31 | 31 | ||
32 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 32 | private-etc @tls-ca,@x11 |
33 | private-opt ElectronMail | 33 | private-opt ElectronMail |
34 | 34 | ||
35 | dbus-user filter | 35 | dbus-user filter |
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index 78a996f71..48ce0aa22 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -46,7 +46,7 @@ private-bin electrum,python* | |||
46 | private-cache | 46 | private-cache |
47 | ?HAS_APPIMAGE: ignore private-dev | 47 | ?HAS_APPIMAGE: ignore private-dev |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl | 49 | private-etc @tls-ca,@x11 |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # dbus-user none | 52 | # dbus-user none |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 0d5d18fe2..d989e850a 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -69,7 +69,7 @@ tracelog | |||
69 | # disable-mnt | 69 | # disable-mnt |
70 | private-cache | 70 | private-cache |
71 | private-dev | 71 | private-dev |
72 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,localtime,machine-id,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,timezone,xdg | 72 | private-etc @tls-ca,@x11,gnupg,groups,hosts.conf,mailname,selinux,timezone |
73 | private-tmp | 73 | private-tmp |
74 | # encrypting and signing email | 74 | # encrypting and signing email |
75 | writable-run-user | 75 | writable-run-user |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index 37a6c088b..051c75fc1 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -47,7 +47,7 @@ x11 none | |||
47 | private-bin enchant,enchant-* | 47 | private-bin enchant,enchant-* |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ld.so.cache,ld.so.preload | 50 | private-etc |
51 | private-lib | 51 | private-lib |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index 83abb551e..c487a5add 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | 46 | ||
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 49 | private-etc @x11 |
50 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 50 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 2fe0a4af4..fa6674f6e 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin equalx,gs,pdflatex,pdftocairo | 53 | private-bin equalx,gs,pdflatex,pdftocairo |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.cache,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf | 56 | private-etc @x11,equalx,equalx.conf,latexmk.conf,papersize,texlive,Trolltech.conf |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index 95115d484..75a3958ad 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -54,7 +54,7 @@ tracelog | |||
54 | private-bin evince,evince-previewer,evince-thumbnailer,sh | 54 | private-bin evince,evince-previewer,evince-thumbnailer,sh |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd | 57 | private-etc |
58 | # private-lib might break two-page-view on some systems | 58 | # private-lib might break two-page-view on some systems |
59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* | 59 | private-lib evince,gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,gconv,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libarchive.so.*,libdjvulibre.so.*,libgconf-2.so.*,libgraphite2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,libspectre.so.* |
60 | private-tmp | 60 | private-tmp |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 45331487c..a8be4828f 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -47,7 +47,7 @@ x11 none | |||
47 | #private-bin exiftool,perl | 47 | #private-bin exiftool,perl |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ld.so.cache,ld.so.preload | 50 | private-etc |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 2daf1ff15..0d260f429 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | # private-bin falkon | 47 | # private-bin falkon |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | 50 | private-etc @tls-ca,@x11,adobe,mailcap,mime.types,selinux |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | # dbus-user filter | 53 | # dbus-user filter |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 248cb5b49..77e16a56b 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -42,7 +42,7 @@ private | |||
42 | private-bin bash,fdns,sh | 42 | private-bin bash,fdns,sh |
43 | private-cache | 43 | private-cache |
44 | #private-dev | 44 | #private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl | 45 | private-etc @tls-ca,fdns |
46 | # private-lib | 46 | # private-lib |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/feh-network.inc.profile b/etc/profile-a-l/feh-network.inc.profile index 7293e89a8..4b45cd198 100644 --- a/etc/profile-a-l/feh-network.inc.profile +++ b/etc/profile-a-l/feh-network.inc.profile | |||
@@ -5,4 +5,4 @@ include feh-network.inc.local | |||
5 | ignore net none | 5 | ignore net none |
6 | netfilter | 6 | netfilter |
7 | protocol unix,inet,inet6 | 7 | protocol unix,inet,inet6 |
8 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 8 | private-etc @tls-ca |
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index be5ab8627..82b3f7645 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile | |||
@@ -35,7 +35,7 @@ seccomp | |||
35 | private-bin feh,jpegexiforient,jpegtran | 35 | private-bin feh,jpegexiforient,jpegtran |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,feh,ld.so.cache,ld.so.preload | 38 | private-etc feh |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 160f26f78..b7d54f05d 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | private-bin ffmpeg | 47 | private-bin ffmpeg |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pkcs11,pki,resolv.conf,ssl | 50 | private-etc @tls-ca,pkcs11 |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-a-l/ffplay.profile b/etc/profile-a-l/ffplay.profile index 52abb99d4..5cffd4980 100644 --- a/etc/profile-a-l/ffplay.profile +++ b/etc/profile-a-l/ffplay.profile | |||
@@ -14,7 +14,7 @@ ignore nogroups | |||
14 | ignore nosound | 14 | ignore nosound |
15 | 15 | ||
16 | private-bin ffplay | 16 | private-bin ffplay |
17 | private-etc alsa,alternatives,asound.conf,group,ld.so.cache,ld.so.preload | 17 | private-etc |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include ffmpeg.profile | 20 | include ffmpeg.profile |
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index ef4e0e117..4f39bec55 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd | 42 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg | 45 | private-etc @x11 |
46 | # private-tmp | 46 | # private-tmp |
47 | 47 | ||
48 | dbus-system none | 48 | dbus-system none |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 57c9b5dfb..42d12c5d9 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -57,9 +57,7 @@ seccomp !chroot | |||
57 | 57 | ||
58 | disable-mnt | 58 | disable-mnt |
59 | ?BROWSER_DISABLE_U2F: private-dev | 59 | ?BROWSER_DISABLE_U2F: private-dev |
60 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 60 | # private-etc below works fine on most distributions. There could be some problems on CentOS. |
61 | # Add it to your firefox-common.local if you want to enable it. | ||
62 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | ||
63 | private-etc @tls-ca,@x11,mailcap,mime.types,os-release | 61 | private-etc @tls-ca,@x11,mailcap,mime.types,os-release |
64 | private-tmp | 62 | private-tmp |
65 | 63 | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 0984055a3..3f4432857 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -51,7 +51,7 @@ tracelog | |||
51 | disable-mnt | 51 | disable-mnt |
52 | private-bin flameshot | 52 | private-bin flameshot |
53 | private-cache | 53 | private-cache |
54 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl | 54 | private-etc @tls-ca |
55 | private-dev | 55 | private-dev |
56 | #private-tmp | 56 | #private-tmp |
57 | 57 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index a614d7d9f..24d8e4c2f 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin fractal | 46 | private-bin fractal |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 49 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index bcde18b36..bdc5fa557 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -18,7 +18,7 @@ mkdir ${HOME}/.config/FreeTube | |||
18 | whitelist ${HOME}/.config/FreeTube | 18 | whitelist ${HOME}/.config/FreeTube |
19 | 19 | ||
20 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh | 20 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh |
21 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 21 | private-etc @tls-ca,@x11,host.conf,mime.types |
22 | 22 | ||
23 | dbus-user filter | 23 | dbus-user filter |
24 | dbus-user.own org.mpris.MediaPlayer2.chromium.* | 24 | dbus-user.own org.mpris.MediaPlayer2.chromium.* |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index 067fe3caa..d9ee054ab 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin frogatto,sh | 44 | private-bin frogatto,sh |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index d4d578dd4..ed7b32f6e 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -58,7 +58,7 @@ disable-mnt | |||
58 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh | 58 | private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python*,sh,zsh |
59 | private-cache | 59 | private-cache |
60 | private-dev | 60 | private-dev |
61 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,xdg | 61 | private-etc @tls-ca,@x11 |
62 | private-tmp | 62 | private-tmp |
63 | writable-run-user | 63 | writable-run-user |
64 | 64 | ||
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 0fba8ac07..96ded592d 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin galculator | 42 | private-bin galculator |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 45 | private-etc |
46 | private-lib | 46 | private-lib |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile index 2947873ef..9c8200dc4 100644 --- a/etc/profile-a-l/gallery-dl.profile +++ b/etc/profile-a-l/gallery-dl.profile | |||
@@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/gallery-dl | |||
12 | noblacklist ${HOME}/.gallery-dl.conf | 12 | noblacklist ${HOME}/.gallery-dl.conf |
13 | 13 | ||
14 | private-bin gallery-dl | 14 | private-bin gallery-dl |
15 | private-etc alternatives,gallery-dl.conf,ld.so.cache,ld.so.preload | 15 | private-etc gallery-dl.conf |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include youtube-dl.profile | 18 | include youtube-dl.profile |
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 106e0eda6..baf8f614e 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -48,7 +48,7 @@ private | |||
48 | private-bin gapplication | 48 | private-bin gapplication |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.cache,ld.so.preload | 51 | private-etc |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | # Add the next line to your gapplication.local to filter D-Bus names. | 54 | # Add the next line to your gapplication.local to filter D-Bus names. |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 313b34a53..ad37312a8 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl | 38 | private-etc @tls-ca |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 5b434342b..ead78d983 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* | 53 | private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,fonts,gconf,ld.so.cache,ld.so.preload | 56 | private-etc gconf |
57 | private-lib GConf,libpython*,python2* | 57 | private-lib GConf,libpython*,python2* |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 6aaf1ab05..a19a20ba7 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -75,7 +75,7 @@ tracelog | |||
75 | #private-bin geary,sh | 75 | #private-bin geary,sh |
76 | private-cache | 76 | private-cache |
77 | private-dev | 77 | private-dev |
78 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mailcap,mime.types,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg | 78 | private-etc @tls-ca,@x11,mailcap,mime.types |
79 | private-tmp | 79 | private-tmp |
80 | 80 | ||
81 | dbus-user filter | 81 | dbus-user filter |
diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index cda47a7e9..3a929774a 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | #private-bin bash,geekbench*,sh -- #4576 | 47 | #private-bin bash,geekbench*,sh -- #4576 |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,group,ld.so.cache,ld.so.preload,lsb-release,passwd | 50 | private-etc lsb-release |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index d3d49433b..1c97ad21c 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -60,7 +60,7 @@ disable-mnt | |||
60 | private-bin gfeeds,python3* | 60 | private-bin gfeeds,python3* |
61 | # private-cache -- feeds are stored in ~/.cache | 61 | # private-cache -- feeds are stored in ~/.cache |
62 | private-dev | 62 | private-dev |
63 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,fonts,gconf,group,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg | 63 | private-etc @tls-ca,@x11,dbus-1,gconf,host.conf,mime.types,rpc,services |
64 | private-tmp | 64 | private-tmp |
65 | 65 | ||
66 | dbus-user filter | 66 | dbus-user filter |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index 02c4f9509..11d5f620c 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin gget | 48 | private-bin gget |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 51 | private-etc @tls-ca |
52 | private-lib | 52 | private-lib |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 9c719ddb1..1c023f369 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -51,7 +51,7 @@ private-bin context,gettext,ghostwriter,latex,mktexfmt,pandoc,pdflatex,pdfroff,p | |||
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 53 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
54 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,dconf,firejail,fonts,gconf,groups,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,protocols,resolv.conf,rpc,services,ssl,texlive,Trolltech.conf,X11,xdg | 54 | private-etc @tls-ca,@x11,dbus-1,firejail,gconf,groups,host.conf,mime.types,rpc,services,texlive,Trolltech.conf |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index f29929a72..717519112 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -59,7 +59,7 @@ seccomp !mbind | |||
59 | tracelog | 59 | tracelog |
60 | 60 | ||
61 | private-dev | 61 | private-dev |
62 | private-etc @x11,gcrypt,python* | 62 | private-etc @tls-ca,@x11,python* |
63 | private-tmp | 63 | private-tmp |
64 | 64 | ||
65 | dbus-user none | 65 | dbus-user none |
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index d315619b7..6eea076f7 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -51,7 +51,7 @@ tracelog | |||
51 | disable-mnt | 51 | disable-mnt |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,ld.so.cache,ld.so.preload | 54 | private-etc |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 2f7068d68..34203ad4a 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -69,7 +69,7 @@ tracelog | |||
69 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed | 69 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed |
70 | private-cache | 70 | private-cache |
71 | private-dev | 71 | private-dev |
72 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg | 72 | private-etc @tls-ca,@x11,gitconfig,host.conf,mime.types,selinux,ssh |
73 | private-tmp | 73 | private-tmp |
74 | writable-run-user | 74 | writable-run-user |
75 | 75 | ||
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 0f9ed9592..e3cf87c87 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -36,7 +36,7 @@ seccomp | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin bash,env,gitter | 38 | private-bin bash,env,gitter |
39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,pulse,resolv.conf,ssl | 39 | private-etc @tls-ca |
40 | private-opt Gitter | 40 | private-opt Gitter |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index 92ba70113..fbfbdd204 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin gl-117 | 43 | private-bin gl-117 |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse | 46 | private-etc @x11,bumblebee,glvnd |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index d61b566d8..5aa69f714 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin glaxium | 43 | private-bin glaxium |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alsa,alternatives,asound.conf,bumblebee,drirc,glvnd,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pulse | 46 | private-etc @x11,bumblebee,glvnd |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index b337dc4d5..f3e045000 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | disable-mnt | 43 | disable-mnt |
44 | #private-bin gmpc | 44 | #private-bin gmpc |
45 | private-cache | 45 | private-cache |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | writable-run-user | 48 | writable-run-user |
49 | 49 | ||
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index b0d3f1d34..70a302138 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -44,7 +44,7 @@ private | |||
44 | private-bin gnome-calendar | 44 | private-bin gnome-calendar |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl | 47 | private-etc @tls-ca,@x11 |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user filter | 50 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 2e11f335b..9e9730e53 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin gjs,gnome-characters | 48 | private-bin gjs,gnome-characters |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,pango,X11,xdg | 51 | private-etc @x11,gconf,mime.types |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | # Add the next lines to your gnome-characters.local if you don't need access to recently used chars. | 54 | # Add the next lines to your gnome-characters.local if you don't need access to recently used chars. |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 78bd54b64..9f5174b9e 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin fairymax,gnome-chess,gnuchess,hoichess | 49 | private-bin fairymax,gnome-chess,gnuchess,hoichess |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload | 52 | private-etc @x11,gnome-chess |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | restrict-namespaces | 55 | restrict-namespaces |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 5563afcbd..f290b26de 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin gnome-clocks,gsound-play | 41 | private-bin gnome-clocks,gsound-play |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,resolv.conf,ssl | 44 | private-etc @tls-ca,@x11,pkcs11 |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | restrict-namespaces | 47 | restrict-namespaces |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index f0493c645..4f436202c 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -41,7 +41,7 @@ private | |||
41 | private-bin gnome-hexgl | 41 | private-bin gnome-hexgl |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse | 44 | private-etc |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 43e0a1ec1..b15439aee 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 49 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
50 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive | 50 | private-etc @x11,latexmk.conf,texlive |
51 | 51 | ||
52 | dbus-system none | 52 | dbus-system none |
53 | 53 | ||
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index b619b0f27..61f4f4107 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -39,7 +39,7 @@ disable-mnt | |||
39 | private-bin gnome-logs | 39 | private-bin gnome-logs |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id | 42 | private-etc |
43 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 43 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
44 | private-tmp | 44 | private-tmp |
45 | writable-var-log | 45 | writable-var-log |
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index d14b2a5a1..17f52e588 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -63,7 +63,7 @@ disable-mnt | |||
63 | private-bin gjs,gnome-maps | 63 | private-bin gjs,gnome-maps |
64 | # private-cache -- gnome-maps cache all maps/satelite-images | 64 | # private-cache -- gnome-maps cache all maps/satelite-images |
65 | private-dev | 65 | private-dev |
66 | private-etc alternatives,ca-certificates,clutter-1.0,crypto-policies,dconf,drirc,fonts,gconf,gcrypt,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pkcs11,pki,protocols,resolv.conf,rpc,services,ssl,X11,xdg | 66 | private-etc @tls-ca,@x11,clutter-1.0,gconf,host.conf,mime.types,pkcs11,rpc,services |
67 | private-tmp | 67 | private-tmp |
68 | 68 | ||
69 | dbus-user filter | 69 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index ec033dbf0..087353d45 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | # private-bin calls a file manager - whatever is installed! | 41 | # private-bin calls a file manager - whatever is installed! |
42 | #private-bin env,gio-launch-desktop,gnome-music,python*,yelp | 42 | #private-bin env,gio-launch-desktop,gnome-music,python*,yelp |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg | 44 | private-etc @x11,selinux |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | restrict-namespaces | 47 | restrict-namespaces |
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index 0d7fb2de8..450e76082 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin gnome-passwordsafe,python3* | 52 | private-bin gnome-passwordsafe,python3* |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd | 55 | private-etc @x11 |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user filter | 58 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 6d90773aa..ac0fb555d 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -33,7 +33,7 @@ seccomp | |||
33 | disable-mnt | 33 | disable-mnt |
34 | private-cache | 34 | private-cache |
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 36 | private-etc |
37 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 37 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index fb019227f..9906b15d9 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin gnome-pomodoro | 43 | private-bin gnome-pomodoro |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id | 46 | private-etc @x11 |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user filter | 49 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 75f3199e2..aa1ded516 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -46,7 +46,7 @@ seccomp | |||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin gnome-recipes,tar | 47 | private-bin gnome-recipes,tar |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,ssl | 49 | private-etc @tls-ca |
50 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* | 50 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 74238a109..25be407b5 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | disable-mnt | 41 | disable-mnt |
42 | private-bin gnome-screenshot | 42 | private-bin gnome-screenshot |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,machine-id | 44 | private-etc @x11 |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user filter | 47 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index d07bd80a7..f278b332b 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | disable-mnt | 39 | disable-mnt |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg | 42 | private-etc @games,@x11 |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | restrict-namespaces | 45 | restrict-namespaces |
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 4c74c0a61..f4e985342 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin gnome-system-log | 42 | private-bin gnome-system-log |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id | 45 | private-etc |
46 | private-lib | 46 | private-lib |
47 | private-tmp | 47 | private-tmp |
48 | writable-var-log | 48 | writable-var-log |
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index ae7ea83d8..5c375de2d 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin gnome-todo | 45 | private-bin gnome-todo |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,passwd,xdg | 48 | private-etc @x11 |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index c9145d78e..c03d41f06 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pango,passwd,X11 | 43 | private-etc @x11,gconf |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user filter | 46 | dbus-user filter |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index d7944ae24..c6ce0c2c0 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin gnote | 50 | private-bin gnote |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pango,X11 | 53 | private-etc @x11 |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user filter | 56 | dbus-user filter |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index bdbcf9baf..025cb74b6 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -42,7 +42,7 @@ private | |||
42 | private-bin gnubik | 42 | private-bin gnubik |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,drirc,fonts,gtk-2.0,ld.so.cache,ld.so.preload | 45 | private-etc @x11 |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 36a2cae07..5e41384ab 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | # private-bin godot | 37 | # private-bin godot |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,ld.so.cache,ld.so.preload,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl | 40 | private-etc @games,@tls-ca,@x11,mono |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile index 327648cd1..822e5ffc2 100644 --- a/etc/profile-a-l/goldendict.profile +++ b/etc/profile-a-l/goldendict.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin goldendict | 50 | private-bin goldendict |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 53 | private-etc @tls-ca |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index da7c24581..58769643a 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin env,python3*,sh,w3m | 53 | private-bin env,python3*,sh,w3m |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 56 | private-etc @tls-ca,host.conf,rpc,services |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 1012f5774..0525995c3 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | private-bin gpicview | 40 | private-bin gpicview |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd | 43 | private-etc |
44 | private-lib | 44 | private-lib |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 53a6f94e2..99c840a27 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | 35 | ||
36 | private-bin gpredict | 36 | private-bin gpredict |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 38 | private-etc @tls-ca |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | 41 | restrict-namespaces |
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 368482fa3..a0d2247e0 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin gradio | 44 | private-bin gradio |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 47 | private-etc @tls-ca,@x11,host.conf |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user filter | 50 | dbus-user filter |
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 02a49134c..19af7c0b9 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -39,7 +39,7 @@ private | |||
39 | private-bin gravity-beams-and-evaporating-stars | 39 | private-bin gravity-beams-and-evaporating-stars |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 42 | private-etc |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index 5fd92fd4f..eb09fe381 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin gtk-update-icon-cache | 45 | private-bin gtk-update-icon-cache |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,ld.so.cache,ld.so.preload | 48 | private-etc |
49 | private-lib | 49 | private-lib |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile index 68b78ec62..ef4aad4da 100644 --- a/etc/profile-a-l/gucharmap.profile +++ b/etc/profile-a-l/gucharmap.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin gnome-character-map,gucharmap | 42 | private-bin gnome-character-map,gucharmap |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,dbus-1,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,X11,xdg | 45 | private-etc @x11,dbus-1,gconf,mime.types |
46 | private-lib | 46 | private-lib |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index db307e940..467bee3a0 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin guvcview | 47 | private-bin guvcview |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alsa,alternatives,asound.conf,bumblebee,dconf,drirc,fonts,glvnd,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nvidia,pango,pulse,X11 | 50 | private-etc @x11,bumblebee,glvnd |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 8f7f74e0d..4be71f6d3 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -46,7 +46,7 @@ seccomp | |||
46 | 46 | ||
47 | private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 | 47 | private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,xdg | 49 | private-etc @x11,gimp |
50 | 50 | ||
51 | # dbus-user none | 51 | # dbus-user none |
52 | # dbus-system none | 52 | # dbus-system none |
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index 91b73e8e9..ffe65c762 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin homebank | 49 | private-bin homebank |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11 | 52 | private-etc @tls-ca,@x11,mime.types,selinux |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index b33709ef0..3f7901d3f 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private | 43 | private |
44 | private-bin bash,host,sh | 44 | private-bin bash,host,sh |
45 | private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf | 45 | private-etc |
46 | private-dev | 46 | private-dev |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 13dc06ecc..72d28ed08 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -43,7 +43,7 @@ private-bin hyperrogue | |||
43 | private-cache | 43 | private-cache |
44 | private-cwd | 44 | private-cwd |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index 757af67b0..e295729d7 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -67,7 +67,7 @@ seccomp | |||
67 | disable-mnt | 67 | disable-mnt |
68 | private-cache | 68 | private-cache |
69 | private-dev | 69 | private-dev |
70 | private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | 70 | private-etc @tls-ca,@x11,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk |
71 | private-tmp | 71 | private-tmp |
72 | 72 | ||
73 | restrict-namespaces | 73 | restrict-namespaces |
diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile index cb2f30350..4730802a2 100644 --- a/etc/profile-a-l/io.github.lainsce.Notejot.profile +++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin io.github.lainsce.Notejot | 50 | private-bin io.github.lainsce.Notejot |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | 53 | private-etc @x11 |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user filter | 56 | dbus-user filter |
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index 983c31bcb..7eabbca84 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile | |||
@@ -49,7 +49,7 @@ private-bin bash,ipcalc,ipcalc-ng,perl,sh | |||
49 | # private-cache | 49 | # private-cache |
50 | private-dev | 50 | private-dev |
51 | # empty etc directory | 51 | # empty etc directory |
52 | private-etc alternatives,ld.so.cache,ld.so.preload | 52 | private-etc |
53 | private-lib | 53 | private-lib |
54 | private-opt none | 54 | private-opt none |
55 | private-tmp | 55 | private-tmp |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 3136b412e..0cdfa2ace 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | 33 | ||
34 | private-bin bash,jerry,sh,stockfish | 34 | private-bin bash,jerry,sh,stockfish |
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload | 36 | private-etc @x11 |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | dbus-user none | 39 | dbus-user none |
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index edb7ed840..8c85d1043 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile | |||
@@ -21,7 +21,7 @@ mkdir ${HOME}/.config/Jitsi Meet | |||
21 | whitelist ${HOME}/.config/Jitsi Meet | 21 | whitelist ${HOME}/.config/Jitsi Meet |
22 | 22 | ||
23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh | 23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh |
24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 24 | private-etc @tls-ca,@x11,bumblebee,glvnd,host.conf,mime.types,rpc,services |
25 | 25 | ||
26 | # Redirect | 26 | # Redirect |
27 | include electron.profile | 27 | include electron.profile |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index 66d63283a..cefceefed 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -40,7 +40,7 @@ disable-mnt | |||
40 | private-bin jumpnbump | 40 | private-bin jumpnbump |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ld.so.cache,ld.so.preload | 43 | private-etc |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index bde52f30e..a4e67cf6b 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin kalgebra,kalgebramobile | 41 | private-bin kalgebra,kalgebramobile |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 44 | private-etc |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index c01000af1..0ed2cf48a 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | # private-bin kazam,python* | 48 | # private-bin kazam,python* |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,X11,xdg | 51 | private-etc @x11,selinux |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-system none | 54 | dbus-system none |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index ea56f2d39..cfb756c43 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -59,7 +59,7 @@ disable-mnt | |||
59 | private-bin kcalc | 59 | private-bin kcalc |
60 | private-cache | 60 | private-cache |
61 | private-dev | 61 | private-dev |
62 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.conf | 62 | private-etc |
63 | # private-lib - problems on Arch | 63 | # private-lib - problems on Arch |
64 | private-tmp | 64 | private-tmp |
65 | 65 | ||
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index 935fe3933..4644d598d 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | 40 | ||
41 | private-bin keepassx,keepassx2 | 41 | private-bin keepassx,keepassx2 |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 43 | private-etc |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 80374690c..f7959ca81 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -89,7 +89,7 @@ private-bin keepassxc,keepassxc-cli,keepassxc-proxy | |||
89 | # hardware keys) on /dev after it has already started; add "ignore private-dev" | 89 | # hardware keys) on /dev after it has already started; add "ignore private-dev" |
90 | # to keepassxc.local if this is an issue (see #4883). | 90 | # to keepassxc.local if this is an issue (see #4883). |
91 | private-dev | 91 | private-dev |
92 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 92 | private-etc |
93 | private-tmp | 93 | private-tmp |
94 | 94 | ||
95 | dbus-user filter | 95 | dbus-user filter |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 424fb006e..651571fd9 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | 36 | ||
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 39 | private-etc @tls-ca,@x11 |
40 | private-tmp | 40 | private-tmp |
41 | private-opt none | 41 | private-opt none |
42 | private-srv none | 42 | private-srv none |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 5a028aeea..2e369b945 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -43,7 +43,7 @@ seccomp !chroot | |||
43 | disable-mnt | 43 | disable-mnt |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 46 | private-etc @tls-ca |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index 0785b904d..faf6a2d08 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin bash,klavaro,sh,tclsh,tclsh* | 44 | private-bin bash,klavaro,sh,tclsh,tclsh* |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | private-opt none | 49 | private-opt none |
50 | private-srv none | 50 | private-srv none |
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 68ef6111a..b5ce96e70 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin ktouch | 45 | private-bin ktouch |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id | 48 | private-etc @x11 |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 0cdfe4f10..7204549e2 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -67,7 +67,7 @@ tracelog | |||
67 | private-bin kube,sink_synchronizer | 67 | private-bin kube,sink_synchronizer |
68 | private-cache | 68 | private-cache |
69 | private-dev | 69 | private-dev |
70 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg | 70 | private-etc @tls-ca,@x11,selinux |
71 | private-tmp | 71 | private-tmp |
72 | writable-run-user | 72 | writable-run-user |
73 | 73 | ||
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 7ecf26d8e..589811643 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin kwin_x11 | 43 | private-bin kwin_x11 |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg | 45 | private-etc @x11 |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | restrict-namespaces | 48 | restrict-namespaces |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 18a024c7e..34fe2ace6 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | 46 | ||
47 | private-bin kbuildsycoca4,kdeinit4,kwrite | 47 | private-bin kbuildsycoca4,kdeinit4,kwrite |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,pulse,xdg | 49 | private-etc @x11 |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # dbus-user none | 52 | # dbus-user none |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile index 025156d2d..4440757ad 100644 --- a/etc/profile-a-l/lifeograph.profile +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin lifeograph | 48 | private-bin lifeograph |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | 51 | private-etc @x11 |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user filter | 54 | dbus-user filter |
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 22a4a2a2a..838d619b7 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin sh | 50 | private-bin sh |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 53 | private-etc @tls-ca |
54 | # Add the next line to your links-common.local to allow external media players. | 54 | # Add the next line to your links-common.local to allow external media players. |
55 | # private-etc alsa,asound.conf,machine-id,openal,pulse | 55 | # private-etc alsa,asound.conf,machine-id,openal,pulse |
56 | private-tmp | 56 | private-tmp |
diff --git a/etc/profile-a-l/linuxqq.profile b/etc/profile-a-l/linuxqq.profile index 8855f09f5..83f3d11d3 100644 --- a/etc/profile-a-l/linuxqq.profile +++ b/etc/profile-a-l/linuxqq.profile | |||
@@ -23,7 +23,7 @@ noprinters | |||
23 | 23 | ||
24 | # If you don't need/want to save anything to disk you can add `private` to your linuxqq.local. | 24 | # If you don't need/want to save anything to disk you can add `private` to your linuxqq.local. |
25 | #private | 25 | #private |
26 | private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg | 26 | private-etc @tls-ca,@x11,host.conf,os-release |
27 | private-opt QQ | 27 | private-opt QQ |
28 | 28 | ||
29 | dbus-user filter | 29 | dbus-user filter |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index 78b78662b..bb13e0301 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -36,7 +36,7 @@ protocol unix,inet,inet6 | |||
36 | seccomp | 36 | seccomp |
37 | 37 | ||
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 39 | private-etc @tls-ca,@x11,host.conf |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | restrict-namespaces | 42 | restrict-namespaces |
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index ae2f2d434..c3366acef 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -32,7 +32,7 @@ apparmor | |||
32 | machine-id | 32 | machine-id |
33 | 33 | ||
34 | # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex | 34 | # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex |
35 | private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg | 35 | private-etc @x11,lyx,mime.types,texmf |
36 | 36 | ||
37 | # Redirect | 37 | # Redirect |
38 | include latex-common.profile | 38 | include latex-common.profile |
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index 902fc9a6a..e75de80ac 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile | |||
@@ -47,7 +47,7 @@ private-bin PCSX2 | |||
47 | private-cache | 47 | private-cache |
48 | # Add the next line to your PCSX2.local if you do not need controller support. | 48 | # Add the next line to your PCSX2.local if you do not need controller support. |
49 | #private-dev | 49 | #private-dev |
50 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 50 | private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services |
51 | private-opt none | 51 | private-opt none |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index 22c4c4631..f8b5cec13 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile | |||
@@ -71,7 +71,7 @@ disable-mnt | |||
71 | private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer | 71 | private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer |
72 | private-cache | 72 | private-cache |
73 | private-dev | 73 | private-dev |
74 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,login.defs,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 74 | private-etc @tls-ca |
75 | private-tmp | 75 | private-tmp |
76 | 76 | ||
77 | dbus-user none | 77 | dbus-user none |
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 6140de60f..eed839041 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile | |||
@@ -49,7 +49,7 @@ tracelog | |||
49 | disable-mnt | 49 | disable-mnt |
50 | private-bin gio,QOwnNotes | 50 | private-bin gio,QOwnNotes |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 52 | private-etc @tls-ca,host.conf |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | restrict-namespaces | 55 | restrict-namespaces |
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index 2ea185ec0..34d500bb1 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile | |||
@@ -32,7 +32,7 @@ seccomp !chroot | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin awk,bash,dig,sh,Viber | 34 | private-bin awk,bash,dig,sh,Viber |
35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 | 35 | private-etc @tls-ca,@x11,mailcap,proxychains.conf |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | # restrict-namespaces | 38 | # restrict-namespaces |
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index 8bf79f554..ee19fa3b0 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile | |||
@@ -42,7 +42,7 @@ private | |||
42 | # private-bin sh,xkbcomp,Xvfb | 42 | # private-bin sh,xkbcomp,Xvfb |
43 | # private-bin bash,cat,ls,sh,strace,xkbcomp,Xvfb | 43 | # private-bin bash,cat,ls,sh,strace,xkbcomp,Xvfb |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf | 45 | private-etc gai.conf,host.conf |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | restrict-namespaces | 48 | restrict-namespaces |
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index e5d994b57..d9990825a 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin magicor,python2* | 44 | private-bin magicor,python2* |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index 0e3f9e6e2..6cb523727 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile | |||
@@ -56,7 +56,7 @@ disable-mnt | |||
56 | #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim | 56 | #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim |
57 | private-cache | 57 | private-cache |
58 | private-dev | 58 | private-dev |
59 | private-etc alternatives,fonts,groff,group,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,login.defs,man_db.conf,manpath.config,passwd,selinux,sysless,xdg | 59 | private-etc @x11,groff,man_db.conf,manpath.config,selinux,sysless |
60 | #private-tmp | 60 | #private-tmp |
61 | 61 | ||
62 | dbus-user none | 62 | dbus-user none |
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index 7066f4229..acaaa113a 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -53,7 +53,7 @@ tracelog | |||
53 | private-bin marker,python3* | 53 | private-bin marker,python3* |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,dconfgtk-3.0,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,pango,X11 | 56 | private-etc @x11,dconfgtk-3.0 |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user filter | 59 | dbus-user filter |
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index 176506ff2..95a16cbb8 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | 35 | ||
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 38 | private-etc |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | restrict-namespaces | 41 | restrict-namespaces |
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index e3a5c6ab6..ee780333d 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile | |||
@@ -41,7 +41,7 @@ seccomp | |||
41 | 41 | ||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin mate-calc,mate-calculator | 43 | private-bin mate-calc,mate-calculator |
44 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 44 | private-etc @x11 |
45 | private-dev | 45 | private-dev |
46 | private-opt none | 46 | private-opt none |
47 | private-tmp | 47 | private-tmp |
diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile index 337c2d6e5..37cae5c70 100644 --- a/etc/profile-m-z/mate-color-select.profile +++ b/etc/profile-m-z/mate-color-select.profile | |||
@@ -32,7 +32,7 @@ seccomp | |||
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin mate-color-select | 34 | private-bin mate-color-select |
35 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 35 | private-etc |
36 | private-dev | 36 | private-dev |
37 | private-lib | 37 | private-lib |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index e80b220b7..b56317037 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile | |||
@@ -36,7 +36,7 @@ seccomp | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin mate-dictionary | 38 | private-bin mate-dictionary |
39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 39 | private-etc @tls-ca |
40 | private-opt mate-dictionary | 40 | private-opt mate-dictionary |
41 | private-dev | 41 | private-dev |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile index 3c2bf4fa3..f4eb6d404 100644 --- a/etc/profile-m-z/mattermost-desktop.profile +++ b/etc/profile-m-z/mattermost-desktop.profile | |||
@@ -17,7 +17,7 @@ include disable-shell.inc | |||
17 | mkdir ${HOME}/.config/Mattermost | 17 | mkdir ${HOME}/.config/Mattermost |
18 | whitelist ${HOME}/.config/Mattermost | 18 | whitelist ${HOME}/.config/Mattermost |
19 | 19 | ||
20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc @tls-ca |
21 | 21 | ||
22 | # Not tested | 22 | # Not tested |
23 | #dbus-user filter | 23 | #dbus-user filter |
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 1ebe9aaba..d880228de 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile | |||
@@ -30,6 +30,6 @@ seccomp | |||
30 | 30 | ||
31 | private-bin mcabber | 31 | private-bin mcabber |
32 | private-dev | 32 | private-dev |
33 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl | 33 | private-etc @tls-ca |
34 | 34 | ||
35 | restrict-namespaces | 35 | restrict-namespaces |
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index a3ff768b7..a288f1972 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile | |||
@@ -57,7 +57,7 @@ private-bin 7z,lha,mcomix,mutool,python*,rar,sh,unrar,unzip | |||
57 | private-cache | 57 | private-cache |
58 | private-dev | 58 | private-dev |
59 | # mcomix <= 1.2 uses gtk-2.0 | 59 | # mcomix <= 1.2 uses gtk-2.0 |
60 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,X11,xdg | 60 | private-etc @x11,gconf,mime.types |
61 | private-tmp | 61 | private-tmp |
62 | 62 | ||
63 | dbus-user none | 63 | dbus-user none |
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index e1025a1fb..d3b3c6d48 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin mdr | 44 | private-bin mdr |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ld.so.cache,ld.so.preload | 47 | private-etc |
48 | private-lib | 48 | private-lib |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 12d692b72..01edd23ab 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile | |||
@@ -42,7 +42,7 @@ x11 none | |||
42 | private-bin mediainfo | 42 | private-bin mediainfo |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ld.so.cache,ld.so.preload | 45 | private-etc |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index cd4938ec6..a67ef9101 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile | |||
@@ -51,7 +51,7 @@ tracelog | |||
51 | disable-mnt | 51 | disable-mnt |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg | 54 | private-etc @tls-ca,@x11,mime.types,selinux |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index a26896b19..48ac0ec69 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile | |||
@@ -41,7 +41,7 @@ private | |||
41 | private-bin mindless | 41 | private-bin mindless |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 44 | private-etc |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index e6bf86802..86378527b 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -50,7 +50,7 @@ private-cache | |||
50 | private-dev | 50 | private-dev |
51 | # If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>' | 51 | # If multiplayer or realms break, add 'private-etc <your-own-java-folder-from-/etc>' |
52 | # or 'ignore private-etc' to your minecraft-launcher.local. | 52 | # or 'ignore private-etc' to your minecraft-launcher.local. |
53 | private-etc alternatives,asound.conf,ati,ca-certificates,crypto-policies,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,login.defs,machine-id,mime.types,nvidia,passwd,pki,pulse,resolv.conf,selinux,services,ssl,timezone,X11,xdg | 53 | private-etc @tls-ca,@x11,host.conf,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-14-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,mime.types,selinux,services,timezone |
54 | private-opt minecraft-launcher | 54 | private-opt minecraft-launcher |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index ce938c867..20e956cff 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin minitube | 53 | private-bin minitube |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 56 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index d36c0fc81..7c5b3aee4 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin ldconfig,mirage | 53 | private-bin ldconfig,mirage |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 56 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 34721b4a3..4943a80af 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -43,7 +43,7 @@ private | |||
43 | private-bin mirrormagic | 43 | private-bin mirrormagic |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index 46320f8ea..2ba03ec97 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | private-bin mocp | 41 | private-bin mocp |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 44 | private-etc @tls-ca |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 89cee657d..ed344ba3f 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | private-bin mp3splt-gtk | 36 | private-bin mp3splt-gtk |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pulse | 39 | private-etc @games,@x11 |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index 77ad30d0c..ef4635075 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin flacsplt,mp3splt,mp3wrap,oggsplt | 43 | private-bin flacsplt,mp3splt,mp3wrap,oggsplt |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ld.so.cache,ld.so.preload | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index 94b342865..a9631733c 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile | |||
@@ -48,7 +48,7 @@ seccomp | |||
48 | private-bin mpDris2,notify-send,python* | 48 | private-bin mpDris2,notify-send,python* |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,resolv.conf | 51 | private-etc |
52 | private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* | 52 | private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index 4f7ae09b9..fd79e2a80 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin love,mrrescue,sh | 51 | private-bin love,mrrescue,sh |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 54 | private-etc |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index d979e7401..91e990cf6 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin bash,env,fonts,jak,ms-office,python*,sh | 36 | private-bin bash,env,fonts,jak,ms-office,python*,sh |
37 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 37 | private-etc @tls-ca |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/profile-m-z/mupdf-x11-curl.profile b/etc/profile-m-z/mupdf-x11-curl.profile index 006f64ba8..f8dec6e7d 100644 --- a/etc/profile-m-z/mupdf-x11-curl.profile +++ b/etc/profile-m-z/mupdf-x11-curl.profile | |||
@@ -12,7 +12,7 @@ ignore net none | |||
12 | netfilter | 12 | netfilter |
13 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | 14 | ||
15 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 15 | private-etc @tls-ca |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include mupdf.profile | 18 | include mupdf.profile |
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 954016c2c..1e92b07bf 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile | |||
@@ -36,7 +36,7 @@ seccomp | |||
36 | tracelog | 36 | tracelog |
37 | 37 | ||
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 39 | private-etc |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 01b8d20b3..0da6a8c3d 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin musictube | 49 | private-bin musictube |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 52 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index d2032dcf6..7ce7fbd19 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile | |||
@@ -33,6 +33,6 @@ seccomp !chroot | |||
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl | 36 | private-etc @tls-ca |
37 | 37 | ||
38 | # restrict-namespaces | 38 | # restrict-namespaces |
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 904b0cd7c..c96dca73a 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -124,7 +124,7 @@ tracelog | |||
124 | # disable-mnt | 124 | # disable-mnt |
125 | private-cache | 125 | private-cache |
126 | private-dev | 126 | private-dev |
127 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg | 127 | private-etc @tls-ca,@x11,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,terminfo |
128 | private-tmp | 128 | private-tmp |
129 | writable-run-user | 129 | writable-run-user |
130 | writable-var | 130 | writable-var |
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index 18117965e..774865a38 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | 42 | ||
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload | 45 | private-etc @x11 |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 74403c335..6b4074dfb 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -48,7 +48,7 @@ private-dev | |||
48 | # Add the next lines to your nano.local if you want to edit files in /etc directly. | 48 | # Add the next lines to your nano.local if you want to edit files in /etc directly. |
49 | #ignore private-etc | 49 | #ignore private-etc |
50 | #writable-etc | 50 | #writable-etc |
51 | private-etc alternatives,ld.so.cache,ld.so.preload,nanorc | 51 | private-etc nanorc |
52 | # Add the next line to your nano.local if you want to edit files in /var directly. | 52 | # Add the next line to your nano.local if you want to edit files in /var directly. |
53 | #writable-var | 53 | #writable-var |
54 | 54 | ||
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index fde1d4d2c..244e01cc5 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile | |||
@@ -53,7 +53,7 @@ tracelog | |||
53 | disable-mnt | 53 | disable-mnt |
54 | private-bin neochat | 54 | private-bin neochat |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,fonts,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | 56 | private-etc @tls-ca,@x11,dbus-1,host.conf,mime.types,rpc,services,Trolltech.conf |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user filter | 59 | dbus-user filter |
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index f343226ae..4f311b155 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -116,7 +116,7 @@ tracelog | |||
116 | # disable-mnt | 116 | # disable-mnt |
117 | private-cache | 117 | private-cache |
118 | private-dev | 118 | private-dev |
119 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg | 119 | private-etc @tls-ca,@x11,gnupg,hosts.conf,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver |
120 | private-tmp | 120 | private-tmp |
121 | writable-run-user | 121 | writable-run-user |
122 | writable-var | 122 | writable-var |
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 1ede42405..b0828cd76 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin netactview,netactview_polkit | 44 | private-bin netactview,netactview_polkit |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf | 47 | private-etc |
48 | private-lib | 48 | private-lib |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index 68b0ce2ea..a7c404201 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin neverball | 43 | private-bin neverball |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index b80a0a151..a08fbad36 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin gzip,lynx,newsboat,sh,w3m | 52 | private-bin gzip,lynx,newsboat,sh,w3m |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo | 55 | private-etc @tls-ca,lynx.cfg,lynx.lss,terminfo |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 59f16bb10..c7c8abc0b 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin com.gitlab.newsflash,newsflash | 50 | private-bin com.gitlab.newsflash,newsflash |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pango,pki,resolv.conf,ssl,X11 | 53 | private-etc @tls-ca,@x11 |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index c26942c81..32a65f0c5 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -61,7 +61,7 @@ tracelog | |||
61 | disable-mnt | 61 | disable-mnt |
62 | private-bin nextcloud,nextcloud-desktop | 62 | private-bin nextcloud,nextcloud-desktop |
63 | private-cache | 63 | private-cache |
64 | private-etc alternatives,ca-certificates,crypto-policies,drirc,fonts,gcrypt,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,Nextcloud,nsswitch.conf,os-release,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | 64 | private-etc @tls-ca,@x11,host.conf,Nextcloud,os-release,selinux |
65 | private-dev | 65 | private-dev |
66 | private-tmp | 66 | private-tmp |
67 | 67 | ||
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 4e4c7bfe7..a0565c77d 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin nheko | 47 | private-bin nheko |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 50 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user filter | 53 | dbus-user filter |
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index cefe9fa79..7a97ca825 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui | 41 | private-bin awk,grep,nitroshare,nitroshare-cli,nitroshare-nmh,nitroshare-send,nitroshare-ui |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,ssl | 44 | private-etc @tls-ca,@x11 |
45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare | 45 | # private-lib libnitroshare.so.*,libqhttpengine.so.*,libqmdnsengine.so.*,nitroshare |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index f185a04ee..f3b0c8a49 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -92,7 +92,7 @@ seccomp.block-secondary | |||
92 | 92 | ||
93 | disable-mnt | 93 | disable-mnt |
94 | private-dev | 94 | private-dev |
95 | private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg | 95 | private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services |
96 | #private-tmp | 96 | #private-tmp |
97 | 97 | ||
98 | dbus-user none | 98 | dbus-user none |
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index ac8336331..87373a02b 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | #private-bin nomacs | 40 | #private-bin nomacs |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl | 43 | private-etc @tls-ca,@x11 |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | 46 | restrict-namespaces |
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 11d6bd795..f0f2cca2e 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -48,7 +48,7 @@ private | |||
48 | private-bin notify-send | 48 | private-bin notify-send |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.cache,ld.so.preload | 51 | private-etc |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user filter | 54 | dbus-user filter |
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index 5866cda47..dcd76f2ad 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | 45 | ||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin bash,nslookup,sh | 47 | private-bin bash,nslookup,sh |
48 | private-etc alternatives,ld.so.cache,ld.so.preload,login.defs,passwd,resolv.conf | 48 | private-etc |
49 | private-dev | 49 | private-dev |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index 9f4a6ec46..452cda5e5 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile | |||
@@ -18,7 +18,7 @@ whitelist ${HOME}/.config/nuclear | |||
18 | no3d | 18 | no3d |
19 | 19 | ||
20 | # private-bin nuclear | 20 | # private-bin nuclear |
21 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
22 | private-opt nuclear | 22 | private-opt nuclear |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index 4f767f046..4355fd0c7 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin nyx,python* | 44 | private-bin nyx,python* |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,passwd,tor | 47 | private-etc tor |
48 | private-opt none | 48 | private-opt none |
49 | private-srv none | 49 | private-srv none |
50 | private-tmp | 50 | private-tmp |
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 87c665cba..830483bd4 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile | |||
@@ -53,7 +53,7 @@ tracelog | |||
53 | private-bin ocenaudio,ocenvst | 53 | private-bin ocenaudio,ocenvst |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 56 | private-etc @tls-ca,@x11,mime.types |
57 | private-opt ocenaudio | 57 | private-opt ocenaudio |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 25da2139f..73b72efc2 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile | |||
@@ -37,7 +37,7 @@ x11 none | |||
37 | private-bin odt2txt | 37 | private-bin odt2txt |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,ld.so.cache,ld.so.preload | 40 | private-etc |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 568b6566e..8e0758c37 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -61,7 +61,7 @@ tracelog | |||
61 | 61 | ||
62 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar | 62 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar |
63 | private-dev | 63 | private-dev |
64 | private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,machine-id,passwd,xdg | 64 | private-etc @x11,cups |
65 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients | 65 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients |
66 | 66 | ||
67 | # dbus-user none | 67 | # dbus-user none |
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index 913b499d3..a142598b7 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-cache | 49 | private-cache |
50 | private-bin onboard,python*,tput | 50 | private-bin onboard,python*,tput |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg | 52 | private-etc @x11,dbus-1,mime.types,selinux |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-system none | 55 | dbus-system none |
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 053f54b48..1600db144 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity | 42 | private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,openal,passwd,selinux,udev,xdg | 45 | private-etc @games,@x11,selinux,udev |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index be97552ab..507d6d634 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard | 52 | private-bin bsatool,esmtool,niftest,openmw,openmw-cs,openmw-essimporter,openmw-iniimporter,openmw-launcher,openmw-wizard |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alsa,alternatives,asound.conf,bumblebee,drirc,fonts,glvnd,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nvidia,openmw,pango,passwd,pulse,Trolltech.conf,X11,xdg | 55 | private-etc @x11,bumblebee,glvnd,mime.types,openmw,Trolltech.conf |
56 | private-opt none | 56 | private-opt none |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 028c6fe90..420ceece3 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin bash,otter-browser,sh,which | 52 | private-bin bash,otter-browser,sh,which |
53 | private-cache | 53 | private-cache |
54 | ?BROWSER_DISABLE_U2F: private-dev | 54 | ?BROWSER_DISABLE_U2F: private-dev |
55 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 55 | private-etc @tls-ca,@x11,mailcap,mime.types,selinux |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-system none | 58 | dbus-system none |
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index 2610ae67a..0a906718a 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile | |||
@@ -49,7 +49,7 @@ x11 none | |||
49 | disable-mnt | 49 | disable-mnt |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ld.so.cache,ld.so.preload,texlive,texmf | 52 | private-etc texlive,texmf |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index fb629669a..662896530 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile | |||
@@ -26,6 +26,6 @@ seccomp | |||
26 | 26 | ||
27 | private-bin dbus-launch,parole | 27 | private-bin dbus-launch,parole |
28 | private-cache | 28 | private-cache |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl | 29 | private-etc @tls-ca |
30 | 30 | ||
31 | restrict-namespaces | 31 | restrict-namespaces |
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index 1780f982c..196ce424d 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin pavucontrol | 44 | private-bin pavucontrol |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,asound.conf,avahi,fonts,ld.so.cache,ld.so.preload,machine-id,pulse,resolv.conf | 47 | private-etc avahi |
48 | private-lib | 48 | private-lib |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index 784d82736..5b3cf0fef 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile | |||
@@ -47,7 +47,7 @@ private-bin pcsxr | |||
47 | private-cache | 47 | private-cache |
48 | # Add the next line to your pcsxr.local if you do not need controller support. | 48 | # Add the next line to your pcsxr.local if you do not need controller support. |
49 | #private-dev | 49 | #private-dev |
50 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gconf,glvnd,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 50 | private-etc @tls-ca,@x11,bumblebee,gconf,glvnd,host.conf,mime.types,rpc,services |
51 | private-opt none | 51 | private-opt none |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 2e38dde3b..0ab006084 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile | |||
@@ -33,7 +33,7 @@ seccomp | |||
33 | 33 | ||
34 | private-bin pdfchain,pdftk,sh | 34 | private-bin pdfchain,pdftk,sh |
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg | 36 | private-etc @x11 |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | dbus-user none | 39 | dbus-user none |
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index 7ece10835..cb7e0809f 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile | |||
@@ -48,7 +48,7 @@ x11 none | |||
48 | private-bin pdftotext | 48 | private-bin pdftotext |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.cache,ld.so.preload | 51 | private-etc |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 24a1bc979..96744e019 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh | 48 | private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,dconf,firejail,fonts,gtk-3.0,ld.so.cache,ld.so.preload,login.defs,pango,passwd,X11 | 50 | private-etc @x11,firejail |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user filter | 53 | dbus-user filter |
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index dcb52c846..5261093d2 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin photoflare | 42 | private-bin photoflare |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,X11 | 45 | private-etc @x11,mime.types |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 3664e1469..08aa67bf7 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin pinball | 47 | private-bin pinball |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alsa,alternatives,asound.conf,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,machine-id,pulse | 50 | private-etc |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index ddb8ff867..dbb333afb 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile | |||
@@ -56,7 +56,7 @@ private | |||
56 | #private-bin ping - has mammoth problems with execvp: "No such file or directory" | 56 | #private-bin ping - has mammoth problems with execvp: "No such file or directory" |
57 | private-cache | 57 | private-cache |
58 | private-dev | 58 | private-dev |
59 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,login.defs,passwd,pki,resolv.conf,ssl | 59 | private-etc @tls-ca |
60 | private-lib | 60 | private-lib |
61 | private-tmp | 61 | private-tmp |
62 | 62 | ||
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index a86b6da04..3ff033e0b 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin pingus,pingus.bin,sh | 50 | private-bin pingus,pingus.bin,sh |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 53 | private-etc |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 88173edca..799c8f607 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile | |||
@@ -43,7 +43,7 @@ private | |||
43 | private-bin pkglog,python* | 43 | private-bin pkglog,python* |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ld.so.cache,ld.so.preload | 46 | private-etc |
47 | private-opt none | 47 | private-opt none |
48 | private-tmp | 48 | private-tmp |
49 | writable-var-log | 49 | writable-var-log |
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 62927f9f7..34e18cbd7 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin plv | 45 | private-bin plv |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 48 | private-etc |
49 | private-opt none | 49 | private-opt none |
50 | private-tmp | 50 | private-tmp |
51 | writable-var-log | 51 | writable-var-log |
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 8e2c39b83..34199a08d 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -46,7 +46,7 @@ x11 none | |||
46 | private-bin pngquant | 46 | private-bin pngquant |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ld.so.cache,ld.so.preload | 49 | private-etc |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index 58528c372..da16ae912 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile | |||
@@ -42,7 +42,7 @@ seccomp | |||
42 | private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL | 42 | private-bin ppsspp,PPSSPP,PPSSPPQt,PPSSPPSDL |
43 | # Add the next line to your ppsspp.local if you do not need controller support. | 43 | # Add the next line to your ppsspp.local if you do not need controller support. |
44 | #private-dev | 44 | #private-dev |
45 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 45 | private-etc @tls-ca,@x11,host.conf |
46 | private-opt ppsspp | 46 | private-opt ppsspp |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index 73b377712..6d766b212 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile | |||
@@ -32,7 +32,7 @@ protocol unix,inet,inet6 | |||
32 | seccomp | 32 | seccomp |
33 | 33 | ||
34 | private-dev | 34 | private-dev |
35 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 35 | private-etc @tls-ca,@x11,host.conf |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | restrict-namespaces | 38 | restrict-namespaces |
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 279536bb9..c866c3d16 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile | |||
@@ -43,7 +43,7 @@ seccomp | |||
43 | private-bin profanity | 43 | private-bin profanity |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl | 46 | private-etc @tls-ca,mime.types |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user filter | 49 | dbus-user filter |
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index be06c5d89..9d9d6e6c5 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile | |||
@@ -70,7 +70,7 @@ disable-mnt | |||
70 | private-bin getopt,psi | 70 | private-bin getopt,psi |
71 | private-cache | 71 | private-cache |
72 | private-dev | 72 | private-dev |
73 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gcrypt,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | 73 | private-etc @tls-ca,@x11,selinux |
74 | private-tmp | 74 | private-tmp |
75 | 75 | ||
76 | dbus-user none | 76 | dbus-user none |
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index ba71ab29d..e057ee565 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile | |||
@@ -40,7 +40,7 @@ seccomp | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat | 41 | private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg | 43 | private-etc @tls-ca,@x11,PyBitmessage,PyBitmessage.conf,selinux,sni-qt.conf,system-fips,Trolltech.conf |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | 46 | restrict-namespaces |
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index 71374a8c8..cb807c69e 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip | 52 | private-bin 7z,7zr,qcomicbook,rar,sh,tar,unace,unrar,unzip |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,pango,passwd,Trolltech.conf,X11,xdg | 55 | private-etc @x11,mime.types,Trolltech.conf |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index d4b71f972..9635c2e06 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile | |||
@@ -51,7 +51,7 @@ tracelog | |||
51 | disable-mnt | 51 | disable-mnt |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf | 54 | private-etc @tls-ca,QGIS,QGIS.conf,Trolltech.conf |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index cafdb98e9..1cfbaee6a 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | private-bin 7z,qnapi | 46 | private-bin 7z,qnapi |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf | 49 | private-etc |
50 | private-opt none | 50 | private-opt none |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 09b70756b..42c098487 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin qrencode | 46 | private-bin qrencode |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ld.so.cache,ld.so.preload | 49 | private-etc |
50 | private-lib libpcre* | 50 | private-lib libpcre* |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index f95720d71..ab0f9425a 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin qtox | 42 | private-bin qtox |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl | 45 | private-etc @tls-ca |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index ad45a26d5..ddd4800d8 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin quaternion | 46 | private-bin quaternion |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 49 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index ea49684e3..56bfaa917 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile | |||
@@ -59,7 +59,7 @@ tracelog | |||
59 | private-bin exfalso,operon,python*,quodlibet,sh | 59 | private-bin exfalso,operon,python*,quodlibet,sh |
60 | private-cache | 60 | private-cache |
61 | private-dev | 61 | private-dev |
62 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,passwd,pki,pulse,resolv.conf,ssl | 62 | private-etc @tls-ca,@x11 |
63 | private-tmp | 63 | private-tmp |
64 | 64 | ||
65 | dbus-system none | 65 | dbus-system none |
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index ea0e2afa7..e83484ae5 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -56,7 +56,7 @@ seccomp !chroot,!name_to_handle_at | |||
56 | disable-mnt | 56 | disable-mnt |
57 | private-cache | 57 | private-cache |
58 | private-dev | 58 | private-dev |
59 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl | 59 | private-etc @tls-ca |
60 | private-tmp | 60 | private-tmp |
61 | 61 | ||
62 | dbus-user filter | 62 | dbus-user filter |
diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile index e320d82f7..72c5f3979 100644 --- a/etc/profile-m-z/raincat.profile +++ b/etc/profile-m-z/raincat.profile | |||
@@ -39,7 +39,7 @@ private | |||
39 | private-bin raincat | 39 | private-bin raincat |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,passwd,pulse,timidity,timidity.cfg | 42 | private-etc @games,@x11 |
43 | #private-lib | 43 | #private-lib |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile index 1295ce00d..e0dea194a 100644 --- a/etc/profile-m-z/rednotebook.profile +++ b/etc/profile-m-z/rednotebook.profile | |||
@@ -58,7 +58,7 @@ disable-mnt | |||
58 | private-bin python3*,rednotebook | 58 | private-bin python3*,rednotebook |
59 | private-cache | 59 | private-cache |
60 | private-dev | 60 | private-dev |
61 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | 61 | private-etc @x11 |
62 | private-tmp | 62 | private-tmp |
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 571381f57..2e962b1ea 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin regextester | 42 | private-bin regextester |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 45 | private-etc |
46 | private-lib libgranite.so.* | 46 | private-lib libgranite.so.* |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index 91b18678f..c908319ca 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin rsync | 48 | private-bin rsync |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 51 | private-etc @tls-ca,host.conf,rpc,services |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 565925e7a..0d57e6916 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -58,7 +58,7 @@ disable-mnt | |||
58 | private-bin less,python*,rtv,sh,xdg-settings | 58 | private-bin less,python*,rtv,sh,xdg-settings |
59 | private-cache | 59 | private-cache |
60 | private-dev | 60 | private-dev |
61 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg | 61 | private-etc @tls-ca,@x11,host.conf,mailcap,mime.types,rpc,services,terminfo |
62 | 62 | ||
63 | dbus-user none | 63 | dbus-user none |
64 | dbus-system none | 64 | dbus-system none |
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 6dfb50c5a..fb4325264 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin scorchwentbonkers | 42 | private-bin scorchwentbonkers |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse | 45 | private-etc |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile index 184a06958..bbf46fe19 100644 --- a/etc/profile-m-z/seafile-applet.profile +++ b/etc/profile-m-z/seafile-applet.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin seaf-cli,seaf-daemon,seafile-applet | 53 | private-bin seaf-cli,seaf-daemon,seafile-applet |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 56 | private-etc @tls-ca,host.conf,rpc,services |
57 | #private-opt none | 57 | #private-opt none |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 7ff252ec7..5985e0da3 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -47,7 +47,7 @@ private | |||
47 | private-bin bash,dash,python*,seahorse-adventures,sh | 47 | private-bin bash,dash,python*,seahorse-adventures,sh |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 50 | private-etc |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index e6f51bff9..190082461 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -57,7 +57,7 @@ tracelog | |||
57 | disable-mnt | 57 | disable-mnt |
58 | private-cache | 58 | private-cache |
59 | private-dev | 59 | private-dev |
60 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,login.defs,nsswitch.conf,pango,passwd,pkcs11,pki,protocols,resolv.conf,rpc,services,ssh,ssl,xdg | 60 | private-etc @tls-ca,@x11,gconf,host.conf,pkcs11,rpc,services,ssh |
61 | private-tmp | 61 | private-tmp |
62 | writable-run-user | 62 | writable-run-user |
63 | 63 | ||
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index cd2a9f13e..87621de69 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin shortwave | 45 | private-bin shortwave |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | 48 | private-etc @tls-ca,@x11,gconf,host.conf,mime.types |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | restrict-namespaces | 51 | restrict-namespaces |
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index d33a97ffc..387d45cdc 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile | |||
@@ -48,7 +48,7 @@ tracelog | |||
48 | private-bin shotwell | 48 | private-bin shotwell |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 51 | private-etc |
52 | private-opt none | 52 | private-opt none |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index 2c4bdecd8..4a57bf38c 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile | |||
@@ -19,7 +19,7 @@ read-only ${HOME}/.mozilla/firefox/profiles.ini | |||
19 | mkdir ${HOME}/.config/Signal | 19 | mkdir ${HOME}/.config/Signal |
20 | whitelist ${HOME}/.config/Signal | 20 | whitelist ${HOME}/.config/Signal |
21 | 21 | ||
22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 22 | private-etc @tls-ca |
23 | 23 | ||
24 | dbus-user filter | 24 | dbus-user filter |
25 | 25 | ||
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile index a511ebb1c..a94176bf7 100644 --- a/etc/profile-m-z/slack.profile +++ b/etc/profile-m-z/slack.profile | |||
@@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Slack | |||
26 | whitelist ${HOME}/.config/Slack | 26 | whitelist ${HOME}/.config/Slack |
27 | 27 | ||
28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack | 28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe | 29 | private-etc @tls-ca,debian_version,fedora-release,os-release,redhat-release,system-release,system-release-cpe |
30 | 30 | ||
31 | # Redirect | 31 | # Redirect |
32 | include electron.profile | 32 | include electron.profile |
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index ffed9d44c..566d72733 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome | 47 | private-bin bash,mono,mono-sgen,sh,smuxi-frontend-gnome |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,mono,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | 50 | private-etc @tls-ca,@x11,mono,selinux |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index b4658b7af..f130176c1 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free | 42 | private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl | 45 | private-etc @tls-ca,SoftMaker |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 5a1314315..cf64076e3 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile | |||
@@ -55,7 +55,7 @@ disable-mnt | |||
55 | private-bin spectacle | 55 | private-bin spectacle |
56 | private-cache | 56 | private-cache |
57 | private-dev | 57 | private-dev |
58 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 58 | private-etc |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
61 | dbus-user filter | 61 | dbus-user filter |
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index 4bc23fc04..492a5bbeb 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-cache | 45 | private-cache |
46 | private-bin spectral | 46 | private-bin spectral |
47 | private-dev | 47 | private-dev |
48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 48 | private-etc @tls-ca,@x11,host.conf,mime.types,selinux |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index 721e39cd4..f07b10319 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity | 45 | private-bin bash,cat,dirname,find,grep,head,rm,sh,spotify,tclsh,touch,zenity |
46 | private-dev | 46 | private-dev |
47 | # If you want to see album covers or want to use the radio, add 'ignore private-etc' to your spotify.local. | 47 | # If you want to see album covers or want to use the radio, add 'ignore private-etc' to your spotify.local. |
48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,spotify-adblock,ssl | 48 | private-etc @tls-ca,host.conf,spotify-adblock |
49 | private-opt spotify | 49 | private-opt spotify |
50 | private-srv none | 50 | private-srv none |
51 | private-tmp | 51 | private-tmp |
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 00df625c0..4e28958e4 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile | |||
@@ -41,7 +41,7 @@ seccomp.block-secondary | |||
41 | private-bin sqlitebrowser | 41 | private-bin sqlitebrowser |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl | 44 | private-etc @tls-ca |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | # breaks proxy creation | 47 | # breaks proxy creation |
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 868c724d2..95dc35741 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile | |||
@@ -38,7 +38,7 @@ seccomp !chroot | |||
38 | disable-mnt | 38 | disable-mnt |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg | 41 | private-etc @tls-ca,@x11,host.conf |
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index f807afdc7..39b4c97fa 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -175,7 +175,7 @@ seccomp.32 !process_vm_readv | |||
175 | private-dev | 175 | private-dev |
176 | # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc' | 176 | # private-etc breaks a small selection of games on some systems. Add 'ignore private-etc' |
177 | # to your steam.local to support those. | 177 | # to your steam.local to support those. |
178 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan | 178 | private-etc @tls-ca,@x11,bumblebee,dbus-1,host.conf,lsb-release,mime.types,os-release,services,vulkan |
179 | private-tmp | 179 | private-tmp |
180 | 180 | ||
181 | #dbus-user none | 181 | #dbus-user none |
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index e9d2ca430..b6b2c63d3 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin strawberry,strawberry-tagreader | 42 | private-bin strawberry,strawberry-tagreader |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 45 | private-etc @tls-ca,host.conf |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-system none | 48 | dbus-system none |
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index 896d4bc3e..6de288c46 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | 43 | ||
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index 1f532d76c..2ad107f1a 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | disable-mnt | 43 | disable-mnt |
44 | # private-bin supertux2 | 44 | # private-bin supertux2 |
45 | private-cache | 45 | private-cache |
46 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id | 46 | private-etc |
47 | private-dev | 47 | private-dev |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index b4eb70fcb..0a436b22f 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -53,7 +53,7 @@ private-bin supertuxkart | |||
53 | private-cache | 53 | private-cache |
54 | # Add the next line to your supertuxkart.local if you do not need controller support. | 54 | # Add the next line to your supertuxkart.local if you do not need controller support. |
55 | #private-dev | 55 | #private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,ld.so.cache,ld.so.preload,machine-id,openal,pki,resolv.conf,ssl | 56 | private-etc @games,@tls-ca,@x11 |
57 | private-tmp | 57 | private-tmp |
58 | private-opt none | 58 | private-opt none |
59 | private-srv none | 59 | private-srv none |
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 3508e11b0..9be7aaf3c 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile | |||
@@ -33,7 +33,7 @@ tracelog | |||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop | 34 | private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop |
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl | 36 | private-etc @tls-ca |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
39 | restrict-namespaces | 39 | restrict-namespaces |
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index cef029401..726baf336 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -62,7 +62,7 @@ disable-mnt | |||
62 | #private-bin sysprof - breaks help menu | 62 | #private-bin sysprof - breaks help menu |
63 | private-cache | 63 | private-cache |
64 | private-dev | 64 | private-dev |
65 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id,ssl | 65 | private-etc @tls-ca |
66 | # private-lib - breaks help menu | 66 | # private-lib - breaks help menu |
67 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so | 67 | #private-lib gdk-pixbuf-2.*,gio,gtk3,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*,libsysprof-2.so,libsysprof-ui-2.so |
68 | private-tmp | 68 | private-tmp |
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index a9d0a60d1..da3b4f782 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -17,7 +17,7 @@ ignore include disable-shell.inc | |||
17 | # all capabilities this is automatically read-only. | 17 | # all capabilities this is automatically read-only. |
18 | noblacklist /var/lib/pacman | 18 | noblacklist /var/lib/pacman |
19 | 19 | ||
20 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,login.defs,passwd | 20 | private-etc |
21 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* | 21 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* |
22 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 22 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
23 | writable-var | 23 | writable-var |
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index 5711c1b36..fd55daa4a 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile | |||
@@ -22,7 +22,7 @@ mkdir ${HOME}/.config/teams-for-linux | |||
22 | whitelist ${HOME}/.config/teams-for-linux | 22 | whitelist ${HOME}/.config/teams-for-linux |
23 | 23 | ||
24 | private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh | 24 | private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh |
25 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,resolv.conf,ssl | 25 | private-etc @tls-ca |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index 886d303c8..ba915c2d4 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin bash,sh,telegram,Telegram,telegram-desktop,xdg-open | 46 | private-bin bash,sh,telegram,Telegram,telegram-desktop,xdg-open |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg | 49 | private-etc @tls-ca,@x11,os-release |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index 9249e33c8..27e0cc7d1 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile | |||
@@ -40,7 +40,7 @@ seccomp | |||
40 | 40 | ||
41 | disable-mnt | 41 | disable-mnt |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl | 43 | private-etc @tls-ca,@x11,dbus-1,host.conf,java-7-openjdk,java-8-openjdk,lsb-release,mime.types |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-m-z/tesseract.profile b/etc/profile-m-z/tesseract.profile index 11a21c471..54568b7d3 100644 --- a/etc/profile-m-z/tesseract.profile +++ b/etc/profile-m-z/tesseract.profile | |||
@@ -54,7 +54,7 @@ x11 none | |||
54 | private-bin ambiguous_words,classifier_tester,cntraining,combine_lang_model,combine_tessdata,dawg2wordlist,lstmeval,lstmtraining,merge_unicharsets,mftraining,set_unicharset_properties,shapeclustering,tesseract,text2image,unicharset_extractor,wordlist2dawg | 54 | private-bin ambiguous_words,classifier_tester,cntraining,combine_lang_model,combine_tessdata,dawg2wordlist,lstmeval,lstmtraining,merge_unicharsets,mftraining,set_unicharset_properties,shapeclustering,tesseract,text2image,unicharset_extractor,wordlist2dawg |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 57 | private-etc |
58 | #private-lib libtesseract.so.* | 58 | #private-lib libtesseract.so.* |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index f49738f2b..ed8cd7369 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile | |||
@@ -29,7 +29,7 @@ tracelog | |||
29 | disable-mnt | 29 | disable-mnt |
30 | private-bin tilp | 30 | private-bin tilp |
31 | private-cache | 31 | private-cache |
32 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 32 | private-etc |
33 | private-tmp | 33 | private-tmp |
34 | 34 | ||
35 | restrict-namespaces | 35 | restrict-namespaces |
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index 3cbf90660..a03a6caa0 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -57,7 +57,7 @@ disable-mnt | |||
57 | private-bin rtin,tin | 57 | private-bin rtin,tin |
58 | private-cache | 58 | private-cache |
59 | private-dev | 59 | private-dev |
60 | private-etc alternatives,ld.so.cache,ld.so.preload,passwd,resolv.conf,terminfo,tin | 60 | private-etc terminfo,tin |
61 | private-lib terminfo | 61 | private-lib terminfo |
62 | private-tmp | 62 | private-tmp |
63 | 63 | ||
diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile index 275b170ff..b58aec926 100644 --- a/etc/profile-m-z/tor.profile +++ b/etc/profile-m-z/tor.profile | |||
@@ -45,7 +45,7 @@ private | |||
45 | private-bin bash,tor | 45 | private-bin bash,tor |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor | 48 | private-etc @tls-ca,tor |
49 | private-tmp | 49 | private-tmp |
50 | writable-var | 50 | writable-var |
51 | 51 | ||
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index fab792826..41ac6f7a7 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -58,7 +58,7 @@ seccomp !chroot | |||
58 | disable-mnt | 58 | disable-mnt |
59 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity | 59 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity |
60 | private-dev | 60 | private-dev |
61 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 61 | private-etc @tls-ca |
62 | private-tmp | 62 | private-tmp |
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index 6069be500..645c55c3b 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | private-bin geoiplookup,geoiplookup6,transgui | 44 | private-bin geoiplookup,geoiplookup6,transgui |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,resolv.conf | 47 | private-etc |
48 | private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* | 48 | private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/profile-m-z/transmission-cli.profile b/etc/profile-m-z/transmission-cli.profile index 8a1711e97..edb4db8aa 100644 --- a/etc/profile-m-z/transmission-cli.profile +++ b/etc/profile-m-z/transmission-cli.profile | |||
@@ -8,7 +8,7 @@ include transmission-cli.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin transmission-cli | 10 | private-bin transmission-cli |
11 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 11 | private-etc @tls-ca |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include transmission-common.profile | 14 | include transmission-common.profile |
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 5d28f2f10..4fc5a3aa7 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile | |||
@@ -17,7 +17,7 @@ caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | |||
17 | protocol packet | 17 | protocol packet |
18 | 18 | ||
19 | private-bin transmission-daemon | 19 | private-bin transmission-daemon |
20 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc @tls-ca |
21 | 21 | ||
22 | read-write /var/lib/transmission | 22 | read-write /var/lib/transmission |
23 | writable-var-log | 23 | writable-var-log |
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile index f93c4229c..a8dd96001 100644 --- a/etc/profile-m-z/transmission-remote-gtk.profile +++ b/etc/profile-m-z/transmission-remote-gtk.profile | |||
@@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/transmission-remote-gtk | |||
12 | mkdir ${HOME}/.config/transmission-remote-gtk | 12 | mkdir ${HOME}/.config/transmission-remote-gtk |
13 | whitelist ${HOME}/.config/transmission-remote-gtk | 13 | whitelist ${HOME}/.config/transmission-remote-gtk |
14 | 14 | ||
15 | private-etc alternatives,fonts,hostname,hosts,ld.so.cache,ld.so.preload,resolv.conf | 15 | private-etc |
16 | 16 | ||
17 | ignore memory-deny-write-execute | 17 | ignore memory-deny-write-execute |
18 | 18 | ||
diff --git a/etc/profile-m-z/transmission-remote.profile b/etc/profile-m-z/transmission-remote.profile index 565433d99..a431164f6 100644 --- a/etc/profile-m-z/transmission-remote.profile +++ b/etc/profile-m-z/transmission-remote.profile | |||
@@ -8,7 +8,7 @@ include transmission-remote.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin transmission-remote | 10 | private-bin transmission-remote |
11 | private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf | 11 | private-etc |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include transmission-common.profile | 14 | include transmission-common.profile |
diff --git a/etc/profile-m-z/transmission-show.profile b/etc/profile-m-z/transmission-show.profile index 0a5826ec4..dc667ae05 100644 --- a/etc/profile-m-z/transmission-show.profile +++ b/etc/profile-m-z/transmission-show.profile | |||
@@ -8,7 +8,7 @@ include transmission-show.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin transmission-show | 10 | private-bin transmission-show |
11 | private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf | 11 | private-etc |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include transmission-common.profile | 14 | include transmission-common.profile |
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index 63e964355..8acc6f763 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -53,7 +53,7 @@ tracelog | |||
53 | private-bin trojita | 53 | private-bin trojita |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg | 56 | private-etc @tls-ca,@x11,selinux |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user filter | 59 | dbus-user filter |
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile index d2cb0cc8a..56eacf338 100644 --- a/etc/profile-m-z/tutanota-desktop.profile +++ b/etc/profile-m-z/tutanota-desktop.profile | |||
@@ -24,7 +24,7 @@ whitelist ${HOME}/.mozilla/firefox/profiles.ini | |||
24 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 24 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
25 | 25 | ||
26 | ?HAS_APPIMAGE: ignore private-dev | 26 | ?HAS_APPIMAGE: ignore private-dev |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 27 | private-etc @tls-ca |
28 | private-opt tutanota-desktop | 28 | private-opt tutanota-desktop |
29 | 29 | ||
30 | # Redirect | 30 | # Redirect |
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index 987a2b719..1e759a760 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile | |||
@@ -18,7 +18,7 @@ mkdir ${HOME}/.config/Twitch | |||
18 | whitelist ${HOME}/.config/Twitch | 18 | whitelist ${HOME}/.config/Twitch |
19 | 19 | ||
20 | private-bin electron,electron[0-9],electron[0-9][0-9],twitch | 20 | private-bin electron,electron[0-9],electron[0-9][0-9],twitch |
21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux |
22 | private-opt Twitch | 22 | private-opt Twitch |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
diff --git a/etc/profile-m-z/udiskie.profile b/etc/profile-m-z/udiskie.profile index 7e3c7ac5a..c182326bb 100644 --- a/etc/profile-m-z/udiskie.profile +++ b/etc/profile-m-z/udiskie.profile | |||
@@ -40,7 +40,7 @@ private-bin awk,cut,dbus-send,egrep,file,grep,head,python*,readlink,sed,sh,udisk | |||
40 | # private-bin thunar | 40 | # private-bin thunar |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg | 43 | private-etc @x11,mime.types |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | restrict-namespaces | 46 | restrict-namespaces |
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 6ec6ea609..aac99aed5 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile | |||
@@ -48,7 +48,7 @@ private-bin unf | |||
48 | private-cache | 48 | private-cache |
49 | ?HAS_APPIMAGE: ignore private-dev | 49 | ?HAS_APPIMAGE: ignore private-dev |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.cache,ld.so.preload | 51 | private-etc |
52 | private-lib gcc/*/*/libgcc_s.so.* | 52 | private-lib gcc/*/*/libgcc_s.so.* |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile index 443d1f415..43d5dae5e 100644 --- a/etc/profile-m-z/unrar.profile +++ b/etc/profile-m-z/unrar.profile | |||
@@ -8,7 +8,7 @@ include unrar.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin unrar | 10 | private-bin unrar |
11 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd | 11 | private-etc |
12 | private-tmp | 12 | private-tmp |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 97df693ba..9fefe6ad3 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | # GNOME Shell integration (chrome-gnome-shell) | 10 | # GNOME Shell integration (chrome-gnome-shell) |
11 | noblacklist ${HOME}/.local/share/gnome-shell | 11 | noblacklist ${HOME}/.local/share/gnome-shell |
12 | 12 | ||
13 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd | 13 | private-etc |
14 | 14 | ||
15 | # Redirect | 15 | # Redirect |
16 | include archiver-common.profile | 16 | include archiver-common.profile |
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index f85e52273..046b75a87 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin utox | 42 | private-bin utox |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl | 45 | private-etc @games,@tls-ca |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | memory-deny-write-execute | 48 | memory-deny-write-execute |
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 29d88832c..a6d2a65e9 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile | |||
@@ -40,7 +40,7 @@ x11 none | |||
40 | private-bin uudeview | 40 | private-bin uudeview |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ld.so.cache,ld.so.preload | 43 | private-etc |
44 | 44 | ||
45 | dbus-user none | 45 | dbus-user none |
46 | dbus-system none | 46 | dbus-system none |
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index cdf615a02..aa8199442 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin viewnior | 43 | private-bin viewnior |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index b9a5c08e8..37e962867 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | #disable-mnt | 44 | #disable-mnt |
45 | #private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami | 45 | #private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami |
46 | private-cache | 46 | private-cache |
47 | private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl | 47 | private-etc @tls-ca,@x11,conf.d |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index ba4136413..c2fd14811 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -48,7 +48,7 @@ tracelog | |||
48 | disable-mnt | 48 | disable-mnt |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dconf,drirc,fonts,gai.conf,gconf,glvnd,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,machine-id,magic,magic.mgc,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,proxychains.conf,pulse,resolv.conf,rpc,services,ssl,terminfo,vmware,vmware-tools,vmware-vix,X11,xdg | 51 | private-etc @tls-ca,@x11,bumblebee,gai.conf,gconf,glvnd,host.conf,magic,magic.mgc,mime.types,proxychains.conf,rpc,services,terminfo,vmware,vmware-tools,vmware-vix |
52 | # Logs are kept in /tmp. Add 'ignore private-tmp' to your vmware-view.local if you need them without joining the sandbox. | 52 | # Logs are kept in /tmp. Add 'ignore private-tmp' to your vmware-view.local if you need them without joining the sandbox. |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index 74c951fe6..7619ef47b 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile | |||
@@ -38,6 +38,6 @@ tracelog | |||
38 | #disable-mnt | 38 | #disable-mnt |
39 | # Add the next line to your vmware.local to enable private-bin. | 39 | # Add the next line to your vmware.local to enable private-bin. |
40 | #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* | 40 | #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* |
41 | private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mtab,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix | 41 | private-etc @tls-ca,@x11,conf.d,mtab,vmware,vmware-installer,vmware-vix |
42 | dbus-user none | 42 | dbus-user none |
43 | dbus-system none | 43 | dbus-system none |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index 1e111f83e..edc08ca44 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -61,7 +61,7 @@ disable-mnt | |||
61 | private-bin perl,sh,w3m | 61 | private-bin perl,sh,w3m |
62 | private-cache | 62 | private-cache |
63 | private-dev | 63 | private-dev |
64 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,mailcap,nsswitch.conf,pki,resolv.conf,ssl | 64 | private-etc @tls-ca,mailcap |
65 | private-tmp | 65 | private-tmp |
66 | 66 | ||
67 | dbus-user none | 67 | dbus-user none |
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 37a8f78bb..5765613d4 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin warmux | 48 | private-bin warmux |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 51 | private-etc @tls-ca,host.conf,rpc,services |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index 8a9614fb0..62d667d57 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
@@ -22,7 +22,7 @@ whitelist ${HOME}/.config/Whalebird | |||
22 | no3d | 22 | no3d |
23 | 23 | ||
24 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird | 24 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird |
25 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 25 | private-etc @tls-ca |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index d8c72ac8b..8958564ef 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -46,7 +46,7 @@ private | |||
46 | private-bin bash,sh,whois | 46 | private-bin bash,sh,whois |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,hosts,jwhois.conf,ld.so.cache,ld.so.preload,resolv.conf,services,whois.conf | 49 | private-etc jwhois.conf,services,whois.conf |
50 | private-lib gconv | 50 | private-lib gconv |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile index d8742cd71..fc4fa2435 100644 --- a/etc/profile-m-z/wire-desktop.profile +++ b/etc/profile-m-z/wire-desktop.profile | |||
@@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Wire | |||
26 | whitelist ${HOME}/.config/Wire | 26 | whitelist ${HOME}/.config/Wire |
27 | 27 | ||
28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop | 28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop |
29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl | 29 | private-etc @tls-ca |
30 | 30 | ||
31 | # Redirect | 31 | # Redirect |
32 | include electron.profile | 32 | include electron.profile |
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index ccc2e8dd0..310e8b470 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -44,7 +44,7 @@ private | |||
44 | private-bin wordwarvi | 44 | private-bin wordwarvi |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse | 47 | private-etc |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 1b44b63e0..e85bb9f18 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -43,7 +43,7 @@ private | |||
43 | private-bin xbill | 43 | private-bin xbill |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ld.so.cache,ld.so.preload | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 95eb2046e..9c4fa8293 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin xfce4-mixer,xfconf-query | 45 | private-bin xfce4-mixer,xfconf-query |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id,pulse | 48 | private-etc |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index 575acc9b2..4d841b35c 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | disable-mnt | 41 | disable-mnt |
42 | private-bin xfce4-screenshooter,xfconf-query | 42 | private-bin xfce4-screenshooter,xfconf-query |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl | 44 | private-etc @tls-ca,@x11 |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index 371db722c..dd0bbf744 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin xiphos | 46 | private-bin xiphos |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf | 49 | private-etc @tls-ca,ssli,sword,sword.conf |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | restrict-namespaces | 52 | restrict-namespaces |
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile index 404baf607..b597dc7a2 100644 --- a/etc/profile-m-z/xlinks.profile +++ b/etc/profile-m-z/xlinks.profile | |||
@@ -14,7 +14,7 @@ include whitelist-common.inc | |||
14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' | 14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' |
15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line | 15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line |
16 | private-bin xlinks | 16 | private-bin xlinks |
17 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 17 | private-etc |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include links.profile | 20 | include links.profile |
diff --git a/etc/profile-m-z/xlinks2.profile b/etc/profile-m-z/xlinks2.profile index d7edd3543..83356fb7b 100644 --- a/etc/profile-m-z/xlinks2.profile +++ b/etc/profile-m-z/xlinks2.profile | |||
@@ -14,7 +14,7 @@ include whitelist-common.inc | |||
14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' | 14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' |
15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line | 15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line |
16 | private-bin xlinks2 | 16 | private-bin xlinks2 |
17 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 17 | private-etc |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include links2.profile | 20 | include links2.profile |
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index ad1ba8ca3..b8bf0ae96 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile | |||
@@ -37,7 +37,7 @@ disable-mnt | |||
37 | private ${HOME}/.xmr-stak | 37 | private ${HOME}/.xmr-stak |
38 | private-bin xmr-stak | 38 | private-bin xmr-stak |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 40 | private-etc @tls-ca |
41 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend | 41 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend |
42 | private-opt cuda | 42 | private-opt cuda |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 9128c330b..87e75986d 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-cache | 45 | private-cache |
46 | private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic* | 46 | private-bin blind-id,darkplaces-glx,darkplaces-sdl,dirname,ldd,netstat,ps,readlink,sh,uname,xonotic* |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 48 | private-etc @tls-ca,@x11,host.conf |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index a17464a2a..e2e97f028 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin xournal | 42 | private-bin xournal |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd | 45 | private-etc |
46 | # TODO should use private-lib | 46 | # TODO should use private-lib |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile index a23ad68df..e1c9c03e8 100644 --- a/etc/profile-m-z/xournalpp.profile +++ b/etc/profile-m-z/xournalpp.profile | |||
@@ -28,7 +28,7 @@ include whitelist-runuser-common.inc | |||
28 | #include whitelist-common.inc | 28 | #include whitelist-common.inc |
29 | 29 | ||
30 | private-bin kpsewhich,pdflatex,xournalpp | 30 | private-bin kpsewhich,pdflatex,xournalpp |
31 | private-etc alternatives,latexmk.conf,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,texlive | 31 | private-etc latexmk.conf,texlive |
32 | 32 | ||
33 | # Redirect | 33 | # Redirect |
34 | include xournal.profile | 34 | include xournal.profile |
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index ff5dc619b..6edbf9357 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | 38 | ||
39 | private-bin xreader,xreader-previewer,xreader-thumbnailer | 39 | private-bin xreader,xreader-previewer,xreader-thumbnailer |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload | 41 | private-etc |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index 6ea7fdfbd..f5dd0c309 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -55,7 +55,7 @@ disable-mnt | |||
55 | private-bin groff,man,tbl,troff,yelp | 55 | private-bin groff,man,tbl,troff,yelp |
56 | private-cache | 56 | private-cache |
57 | private-dev | 57 | private-dev |
58 | private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,groff,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,man_db.conf,openal,os-release,pulse,sgml,xml | 58 | private-etc @games,@tls-ca,@x11,cups,groff,man_db.conf,os-release,sgml,xml |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
61 | dbus-user filter | 61 | dbus-user filter |
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index c846893ef..b706bec4e 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui | 48 | private-bin atomicparsley,ffmpeg,ffprobe,python*,youtube-dl-gui |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,locale,locale.conf,passwd,pki,resolv.conf,ssl | 51 | private-etc @tls-ca,@x11 |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 4f2cc9523..8376b4989 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile | |||
@@ -57,7 +57,7 @@ tracelog | |||
57 | private-bin env,ffmpeg,python*,youtube-dl | 57 | private-bin env,ffmpeg,python*,youtube-dl |
58 | private-cache | 58 | private-cache |
59 | private-dev | 59 | private-dev |
60 | private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,pki,resolv.conf,ssl,youtube-dl.conf | 60 | private-etc @tls-ca,mime.types,youtube-dl.conf |
61 | private-tmp | 61 | private-tmp |
62 | 62 | ||
63 | dbus-user none | 63 | dbus-user none |
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index f66e2938b..9ef90eb92 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -59,7 +59,7 @@ disable-mnt | |||
59 | private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp | 59 | private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,wget2,which,xterm,youtube-dl,yt-dlp |
60 | private-cache | 60 | private-cache |
61 | private-dev | 61 | private-dev |
62 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | 62 | private-etc @tls-ca,@x11,host.conf,mime.types |
63 | private-tmp | 63 | private-tmp |
64 | 64 | ||
65 | dbus-user filter | 65 | dbus-user filter |
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index 5c4d697da..5049b740e 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile | |||
@@ -17,7 +17,7 @@ mkdir ${HOME}/.config/Youtube | |||
17 | whitelist ${HOME}/.config/Youtube | 17 | whitelist ${HOME}/.config/Youtube |
18 | 18 | ||
19 | private-bin electron,electron[0-9],electron[0-9][0-9],youtube | 19 | private-bin electron,electron[0-9],electron[0-9][0-9],youtube |
20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 20 | private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux |
21 | private-opt Youtube | 21 | private-opt Youtube |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index 2b5ffeaaf..570399557 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | |||
14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 | 14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 |
15 | 15 | ||
16 | private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier | 16 | private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux |
18 | private-opt youtubemusic-nativefier | 18 | private-opt youtubemusic-nativefier |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 6e835b03f..49d4b3b56 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile | |||
@@ -15,7 +15,7 @@ noblacklist ${HOME}/yt-dlp.conf | |||
15 | noblacklist ${HOME}/yt-dlp.conf.txt | 15 | noblacklist ${HOME}/yt-dlp.conf.txt |
16 | 16 | ||
17 | private-bin ffprobe,yt-dlp | 17 | private-bin ffprobe,yt-dlp |
18 | private-etc alternatives,ld.so.cache,ld.so.preload,yt-dlp.conf | 18 | private-etc yt-dlp.conf |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
21 | include youtube-dl.profile | 21 | include youtube-dl.profile |
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index aa466871c..f74887185 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile | |||
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtube-music-desktop-app | |||
14 | whitelist ${HOME}/.config/youtube-music-desktop-app | 14 | whitelist ${HOME}/.config/youtube-music-desktop-app |
15 | 15 | ||
16 | # private-bin env,ytmdesktop | 16 | # private-bin env,ytmdesktop |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc @tls-ca,@x11,bumblebee,host.conf,mime.types,selinux |
18 | # private-opt | 18 | # private-opt |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index 1daf89c84..35c3f1300 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile | |||
@@ -48,7 +48,7 @@ tracelog | |||
48 | private-bin zathura | 48 | private-bin zathura |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id | 51 | private-etc |
52 | # private-lib has problems on Debian 10 | 52 | # private-lib has problems on Debian 10 |
53 | #private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,zathura | 53 | #private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.*,libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,zathura |
54 | private-tmp | 54 | private-tmp |
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 453f40e73..7505fb575 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile | |||
@@ -60,7 +60,7 @@ disable-mnt | |||
60 | private-bin zeal | 60 | private-bin zeal |
61 | private-cache | 61 | private-cache |
62 | private-dev | 62 | private-dev |
63 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | 63 | private-etc @tls-ca,@x11,host.conf,mime.types,rpc,services,Trolltech.conf |
64 | private-tmp | 64 | private-tmp |
65 | 65 | ||
66 | dbus-user filter | 66 | dbus-user filter |
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile index a9e5aa5c3..69ec3a706 100644 --- a/etc/profile-m-z/zim.profile +++ b/etc/profile-m-z/zim.profile | |||
@@ -63,7 +63,7 @@ disable-mnt | |||
63 | private-bin python*,zim | 63 | private-bin python*,zim |
64 | private-cache | 64 | private-cache |
65 | private-dev | 65 | private-dev |
66 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | 66 | private-etc @x11,gconf |
67 | private-tmp | 67 | private-tmp |
68 | 68 | ||
69 | dbus-user none | 69 | dbus-user none |
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index b69de3be1..1622b3886 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin locale,zulip | 43 | private-bin locale,zulip |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id | 46 | private-etc |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | restrict-namespaces | 49 | restrict-namespaces |