diff options
Diffstat (limited to 'etc')
41 files changed, 43 insertions, 43 deletions
diff --git a/etc/amarok.profile b/etc/amarok.profile index dab23c218..d7ce6b7ea 100644 --- a/etc/amarok.profile +++ b/etc/amarok.profile | |||
@@ -29,5 +29,5 @@ shell none | |||
29 | 29 | ||
30 | # private-bin amarok | 30 | # private-bin amarok |
31 | private-dev | 31 | private-dev |
32 | # private-etc none,machine-id,pulse,asound.conf | 32 | # private-etc none,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/arm.profile b/etc/arm.profile index a89ee86cc..bebf05366 100644 --- a/etc/arm.profile +++ b/etc/arm.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig | 43 | private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig |
44 | private-dev | 44 | private-dev |
45 | private-etc tor,passwd | 45 | private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | noexec ${HOME} | 48 | noexec ${HOME} |
diff --git a/etc/bibletime.profile b/etc/bibletime.profile index b84e8186b..fef7474a9 100644 --- a/etc/bibletime.profile +++ b/etc/bibletime.profile | |||
@@ -38,5 +38,5 @@ tracelog | |||
38 | 38 | ||
39 | # private-bin bibletime,qt5ct | 39 | # private-bin bibletime,qt5ct |
40 | private-dev | 40 | private-dev |
41 | private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id | 41 | private-etc fonts,resolv.conf,sword,sword.conf,passwd,machine-id,ca-certificates,ssl,pki,crypto-policies |
42 | private-tmp | 42 | private-tmp |
diff --git a/etc/bitcoin-qt.profile b/etc/bitcoin-qt.profile index 84c2c77de..efc11cc9c 100644 --- a/etc/bitcoin-qt.profile +++ b/etc/bitcoin-qt.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | private-bin bitcoin-qt | 40 | private-bin bitcoin-qt |
41 | private-dev | 41 | private-dev |
42 | # Causes problem with loading of libGL.so | 42 | # Causes problem with loading of libGL.so |
43 | #private-etc fonts | 43 | #private-etc fonts,ca-certificates,ssl,pki,crypto-policies |
44 | # Works, but QT complains about OpenSSL a bit. | 44 | # Works, but QT complains about OpenSSL a bit. |
45 | #private-lib | 45 | #private-lib |
46 | private-tmp | 46 | private-tmp |
diff --git a/etc/cmus.profile b/etc/cmus.profile index 36478ef85..a9f76ec80 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile | |||
@@ -26,4 +26,4 @@ seccomp | |||
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin cmus | 28 | private-bin cmus |
29 | private-etc group,machine-id,pulse,asound.conf | 29 | private-etc group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/curl.profile b/etc/curl.profile index 1d2515f51..d1a682e60 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -31,7 +31,7 @@ shell none | |||
31 | # private-bin curl | 31 | # private-bin curl |
32 | private-cache | 32 | private-cache |
33 | private-dev | 33 | private-dev |
34 | # private-etc resolv.conf | 34 | # private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | noexec ${HOME} | 37 | noexec ${HOME} |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 2e1947419..5a0e70ef1 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | 36 | ||
37 | # private-bin program | 37 | # private-bin program |
38 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 38 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |
39 | # private-etc none | 39 | # private-etc none,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/dino.profile b/etc/dino.profile index 5c9d44140..a39ec8931 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin dino | 36 | private-bin dino |
37 | private-dev | 37 | private-dev |
38 | # private-etc fonts # breaks server connection | 38 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies # breaks server connection |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index 9f0e02525..b835ce401 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -24,9 +24,9 @@ novideo | |||
24 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
25 | seccomp | 25 | seccomp |
26 | 26 | ||
27 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep | 27 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh |
28 | private-dev | 28 | private-dev |
29 | private-etc fonts,machine-id,localtime,ld.so.cache | 29 | private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies |
30 | private-tmp | 30 | private-tmp |
31 | 31 | ||
32 | noexec ${HOME} | 32 | noexec ${HOME} |
diff --git a/etc/elinks.profile b/etc/elinks.profile index 61fbab3cc..6eeef738e 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -34,5 +34,5 @@ tracelog | |||
34 | # private-bin elinks | 34 | # private-bin elinks |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc none | 37 | # private-etc none,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
diff --git a/etc/flameshot.profile b/etc/flameshot.profile index 7c2bc8c11..8dbd74cc1 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile | |||
@@ -33,7 +33,7 @@ shell none | |||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin flameshot | 34 | private-bin flameshot |
35 | private-cache | 35 | private-cache |
36 | private-etc fonts,ca-certificates,ld.so.conf,resolv.conf,ssl | 36 | private-etc fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
37 | private-dev | 37 | private-dev |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
diff --git a/etc/gitter.profile b/etc/gitter.profile index 2edbf8a4e..b5bedb66d 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin bash,env,gitter | 36 | private-bin bash,env,gitter |
37 | private-etc fonts,pulse,resolv.conf | 37 | private-etc fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
38 | private-opt Gitter | 38 | private-opt Gitter |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/gjs.profile b/etc/gjs.profile index 9d439782c..6110cb71e 100644 --- a/etc/gjs.profile +++ b/etc/gjs.profile | |||
@@ -32,5 +32,5 @@ tracelog | |||
32 | 32 | ||
33 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather | 33 | # private-bin gjs,gnome-books,gnome-documents,gnome-photos,gnome-maps,gnome-weather |
34 | private-dev | 34 | private-dev |
35 | # private-etc fonts | 35 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies |
36 | private-tmp | 36 | private-tmp |
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 4251f70ed..b0a6cf80e 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -32,7 +32,7 @@ tracelog | |||
32 | disable-mnt | 32 | disable-mnt |
33 | # private-bin gnome-clocks | 33 | # private-bin gnome-clocks |
34 | private-dev | 34 | private-dev |
35 | # private-etc fonts | 35 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies |
36 | private-tmp | 36 | private-tmp |
37 | 37 | ||
38 | noexec ${HOME} | 38 | noexec ${HOME} |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index da73d9450..b747743fc 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | disable-mnt | 35 | disable-mnt |
36 | # private-bin gjs gnome-maps | 36 | # private-bin gjs gnome-maps |
37 | private-dev | 37 | private-dev |
38 | # private-etc fonts | 38 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | noexec ${HOME} | 41 | noexec ${HOME} |
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile index 28c9e6d86..f2c6acac5 100644 --- a/etc/gnome-weather.profile +++ b/etc/gnome-weather.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | disable-mnt | 36 | disable-mnt |
37 | # private-bin gjs gnome-weather | 37 | # private-bin gjs gnome-weather |
38 | private-dev | 38 | private-dev |
39 | # private-etc fonts | 39 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | noexec ${HOME} | 42 | noexec ${HOME} |
diff --git a/etc/goobox.profile b/etc/goobox.profile index 680e14a49..ca92b1540 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -29,5 +29,5 @@ tracelog | |||
29 | 29 | ||
30 | # private-bin goobox | 30 | # private-bin goobox |
31 | private-dev | 31 | private-dev |
32 | # private-etc fonts,machine-id,pulse,asound.conf | 32 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
33 | # private-tmp | 33 | # private-tmp |
diff --git a/etc/gpredict.profile b/etc/gpredict.profile index 51f384751..58f79ac14 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile | |||
@@ -31,7 +31,7 @@ tracelog | |||
31 | 31 | ||
32 | private-bin gpredict | 32 | private-bin gpredict |
33 | private-dev | 33 | private-dev |
34 | private-etc fonts,resolv.conf | 34 | private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | noexec ${HOME} | 37 | noexec ${HOME} |
diff --git a/etc/lynx.profile b/etc/lynx.profile index 0f4de2fee..a63e1b7b4 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -32,5 +32,5 @@ tracelog | |||
32 | # private-bin lynx | 32 | # private-bin lynx |
33 | private-cache | 33 | private-cache |
34 | private-dev | 34 | private-dev |
35 | # private-etc none | 35 | # private-etc none,ca-certificates,ssl,pki,crypto-policies |
36 | private-tmp | 36 | private-tmp |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 6c9ed4499..b0bd99519 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin mate-dictionary | 37 | private-bin mate-dictionary |
38 | private-etc fonts,resolv.conf | 38 | private-etc fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | private-opt mate-dictionary | 39 | private-opt mate-dictionary |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 860de3f0a..46f6b90ce 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile | |||
@@ -28,4 +28,4 @@ shell none | |||
28 | 28 | ||
29 | private-bin mcabber | 29 | private-bin mcabber |
30 | private-dev | 30 | private-dev |
31 | private-etc null | 31 | private-etc none,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 49bc4ad37..cedc5eff4 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile | |||
@@ -36,7 +36,7 @@ tracelog | |||
36 | 36 | ||
37 | disable-mnt | 37 | disable-mnt |
38 | private-bin bash,fonts,env,jak,ms-office,python*,sh | 38 | private-bin bash,fonts,env,jak,ms-office,python*,sh |
39 | private-etc ca-certificates,resolv.conf,ssl | 39 | private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies |
40 | private-dev | 40 | private-dev |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index b572f13d2..87aac6727 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile | |||
@@ -30,7 +30,7 @@ seccomp | |||
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | private-dev | 32 | private-dev |
33 | private-etc none,machine-id,pulse,asound.conf | 33 | private-etc none,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
34 | 34 | ||
35 | noexec ${HOME} | 35 | noexec ${HOME} |
36 | noexec /tmp | 36 | noexec /tmp |
diff --git a/etc/parole.profile b/etc/parole.profile index 17d31af15..df8f8e194 100644 --- a/etc/parole.profile +++ b/etc/parole.profile | |||
@@ -26,4 +26,4 @@ shell none | |||
26 | 26 | ||
27 | private-bin parole,dbus-launch | 27 | private-bin parole,dbus-launch |
28 | private-cache | 28 | private-cache |
29 | private-etc passwd,group,fonts,machine-id,pulse,asound.conf | 29 | private-etc passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/ping.profile b/etc/ping.profile index db5390a41..2b20bf8c9 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -40,7 +40,7 @@ private | |||
40 | #private-bin has mammoth problems with execvp: "No such file or directory" | 40 | #private-bin has mammoth problems with execvp: "No such file or directory" |
41 | private-dev | 41 | private-dev |
42 | # /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! | 42 | # /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! |
43 | #private-etc resolv.conf,hosts | 43 | #private-etc resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | # memory-deny-write-execute is built using seccomp; nonewprivs will kill it | 46 | # memory-deny-write-execute is built using seccomp; nonewprivs will kill it |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 2017beee4..eb15ff445 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -51,7 +51,7 @@ shell none | |||
51 | 51 | ||
52 | private-bin qbittorrent,python* | 52 | private-bin qbittorrent,python* |
53 | private-dev | 53 | private-dev |
54 | # private-etc X11,fonts,xdg,resolv.conf | 54 | # private-etc X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
55 | # private-lib - problems on Arch | 55 | # private-lib - problems on Arch |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 26697eeaa..92a8bbf28 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin qtox | 36 | private-bin qtox |
37 | private-etc fonts,resolv.conf,ld.so.cache,localtime | 37 | private-etc fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies |
38 | private-dev | 38 | private-dev |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile index da1ca2281..e73e8a5e1 100644 --- a/etc/qupzilla.profile +++ b/etc/qupzilla.profile | |||
@@ -33,7 +33,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res | |||
33 | # tracelog | 33 | # tracelog |
34 | 34 | ||
35 | private-dev | 35 | private-dev |
36 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id | 36 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies |
37 | # private-tmp - interferes with the opening of downloaded files | 37 | # private-tmp - interferes with the opening of downloaded files |
38 | 38 | ||
39 | noexec ${HOME} | 39 | noexec ${HOME} |
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index e23e7c756..2e2143a54 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | disable-mnt | 35 | disable-mnt |
36 | private-bin ricochet,tor | 36 | private-bin ricochet,tor |
37 | private-dev | 37 | private-dev |
38 | #private-etc fonts,tor,X11,alternatives | 38 | #private-etc fonts,tor,X11,alternatives,ca-certificates,ssl,pki,crypto-policies |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
41 | noexec /tmp | 41 | noexec /tmp |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index dc2fd8e30..365fd3a53 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -47,4 +47,4 @@ seccomp | |||
47 | tracelog | 47 | tracelog |
48 | 48 | ||
49 | disable-mnt | 49 | disable-mnt |
50 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id | 50 | # private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse,machine-id,ca-certificates,ssl,pki,crypto-policies |
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile index 3e8a4e41b..a15576478 100644 --- a/etc/simple-scan.profile +++ b/etc/simple-scan.profile | |||
@@ -32,5 +32,5 @@ tracelog | |||
32 | 32 | ||
33 | # private-bin simple-scan | 33 | # private-bin simple-scan |
34 | # private-dev | 34 | # private-dev |
35 | # private-etc fonts | 35 | # private-etc fonts,ca-certificates,ssl,pki,crypto-policies |
36 | # private-tmp | 36 | # private-tmp |
diff --git a/etc/spotify.profile b/etc/spotify.profile index 0688723c7..7f40d4399 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin spotify,bash,sh,zenity | 47 | private-bin spotify,bash,sh,zenity |
48 | private-dev | 48 | private-dev |
49 | private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf | 49 | private-etc fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
50 | private-opt spotify | 50 | private-opt spotify |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/tor.profile b/etc/tor.profile index cbe932104..6bfc1c9a6 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -44,7 +44,7 @@ private | |||
44 | private-bin tor,bash | 44 | private-bin tor,bash |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc tor,passwd | 47 | private-etc tor,passwd,ca-certificates,ssl,pki,crypto-policies |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | noexec ${HOME} | 50 | noexec ${HOME} |
diff --git a/etc/totem.profile b/etc/totem.profile index 66fac60a4..0acbc5127 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -34,7 +34,7 @@ private-bin totem | |||
34 | # totem needs access to ~/.cache/tracker or it exits | 34 | # totem needs access to ~/.cache/tracker or it exits |
35 | #private-cache | 35 | #private-cache |
36 | private-dev | 36 | private-dev |
37 | # private-etc fonts,machine-id,pulse,asound.conf | 37 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | noexec ${HOME} | 40 | noexec ${HOME} |
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 8b50859fc..f839ebfdb 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -30,7 +30,7 @@ tracelog | |||
30 | 30 | ||
31 | # private-bin transmission-cli | 31 | # private-bin transmission-cli |
32 | private-dev | 32 | private-dev |
33 | private-etc none | 33 | private-etc none,ca-certificates,ssl,pki,crypto-policies |
34 | private-tmp | 34 | private-tmp |
35 | 35 | ||
36 | memory-deny-write-execute | 36 | memory-deny-write-execute |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 34c148ee9..6bd8568d4 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -27,5 +27,5 @@ shell none | |||
27 | 27 | ||
28 | # private-bin unknown-horizons | 28 | # private-bin unknown-horizons |
29 | private-dev | 29 | private-dev |
30 | # private-etc none | 30 | # private-etc none,ca-certificates,ssl,pki,crypto-policies |
31 | private-tmp | 31 | private-tmp |
diff --git a/etc/wget.profile b/etc/wget.profile index a16d770f2..c509faecc 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -32,7 +32,7 @@ shell none | |||
32 | 32 | ||
33 | # private-bin wget | 33 | # private-bin wget |
34 | private-dev | 34 | private-dev |
35 | # private-etc resolv.conf | 35 | # private-etc resolv.conf,ca-certificates,ssl,pki,crypto-policies |
36 | # private-tmp | 36 | # private-tmp |
37 | 37 | ||
38 | noexec ${HOME} | 38 | noexec ${HOME} |
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index e65cfc43c..64d2cefd5 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile | |||
@@ -33,8 +33,8 @@ shell none | |||
33 | # Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore | 33 | # Note: The current version of Wire is located in /opt/wire-desktop/wire-desktop, and therefore |
34 | # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" | 34 | # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" |
35 | 35 | ||
36 | disable-mnt | ||
36 | private-bin wire-desktop | 37 | private-bin wire-desktop |
37 | private-dev | 38 | private-dev |
38 | private-etc fonts,machine-id,resolv.conf | 39 | private-etc fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies |
39 | disable-mnt | ||
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 2b597ba35..d45198f6a 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | 42 | ||
43 | # private-bin wireshark | 43 | # private-bin wireshark |
44 | private-dev | 44 | private-dev |
45 | # private-etc fonts,group,hosts,machine-id,passwd | 45 | # private-etc fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | noexec ${HOME} | 48 | noexec ${HOME} |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 9358fe192..14aced0d9 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
@@ -36,5 +36,5 @@ tracelog | |||
36 | 36 | ||
37 | private-bin xiphos | 37 | private-bin xiphos |
38 | private-dev | 38 | private-dev |
39 | private-etc fonts,resolv.conf,sword | 39 | private-etc fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 40 | private-tmp |
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 5873e2436..f51362b6b 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -39,7 +39,7 @@ tracelog | |||
39 | 39 | ||
40 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer | 40 | private-bin xplayer,xplayer-audio-preview,xplayer-video-thumbnailer |
41 | private-dev | 41 | private-dev |
42 | # private-etc fonts,machine-id,pulse,asound.conf | 42 | # private-etc fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | noexec ${HOME} | 45 | noexec ${HOME} |