diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-common.inc | 10 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/digikam.profile | 6 | ||||
-rw-r--r-- | etc/profile-a-l/dino.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/okular.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/pycharm-community.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/rpcs3.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/wireshark.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/yelp.profile | 6 |
9 files changed, 25 insertions, 17 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 1b0e00bc6..37ca604b7 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -33,7 +33,8 @@ blacklist-nolog ${HOME}/.viminfo | |||
33 | blacklist-nolog /tmp/clipmenu* | 33 | blacklist-nolog /tmp/clipmenu* |
34 | 34 | ||
35 | # X11 session autostart | 35 | # X11 session autostart |
36 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs | 36 | # this will kill --x11=xpra cmdline option for all programs |
37 | #blacklist ${HOME}/.xpra | ||
37 | blacklist ${HOME}/.Xsession | 38 | blacklist ${HOME}/.Xsession |
38 | blacklist ${HOME}/.blackbox | 39 | blacklist ${HOME}/.blackbox |
39 | blacklist ${HOME}/.config/autostart | 40 | blacklist ${HOME}/.config/autostart |
@@ -241,8 +242,9 @@ blacklist /var/lib/mysql/mysql.sock | |||
241 | blacklist /var/lib/mysqld/mysql.sock | 242 | blacklist /var/lib/mysqld/mysql.sock |
242 | blacklist /var/lib/pacman | 243 | blacklist /var/lib/pacman |
243 | blacklist /var/lib/upower | 244 | blacklist /var/lib/upower |
244 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for | 245 | # a virtual /var/log directory (mostly empty) is build up by default for every |
245 | # every sandbox, unless --writable-var-log switch is activated | 246 | # sandbox, unless --writable-var-log switch is activated |
247 | #blacklist /var/log | ||
246 | blacklist /var/mail | 248 | blacklist /var/mail |
247 | blacklist /var/opt | 249 | blacklist /var/opt |
248 | blacklist /var/run/acpid.socket | 250 | blacklist /var/run/acpid.socket |
@@ -611,8 +613,8 @@ blacklist /tmp/tmux-* | |||
611 | blacklist ${PATH}/gnome-terminal | 613 | blacklist ${PATH}/gnome-terminal |
612 | blacklist ${PATH}/gnome-terminal.wrapper | 614 | blacklist ${PATH}/gnome-terminal.wrapper |
613 | blacklist ${PATH}/kgx | 615 | blacklist ${PATH}/kgx |
614 | # blacklist ${PATH}/konsole | ||
615 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 | 616 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 |
617 | #blacklist ${PATH}/konsole | ||
616 | blacklist ${PATH}/lilyterm | 618 | blacklist ${PATH}/lilyterm |
617 | blacklist ${PATH}/lxterminal | 619 | blacklist ${PATH}/lxterminal |
618 | blacklist ${PATH}/mate-terminal | 620 | blacklist ${PATH}/mate-terminal |
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index 878e0fe1d..ea24aa102 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -39,7 +39,9 @@ blacklist ${PATH}/curl | |||
39 | blacklist ${PATH}/wget | 39 | blacklist ${PATH}/wget |
40 | blacklist ${PATH}/wget2 | 40 | blacklist ${PATH}/wget2 |
41 | 41 | ||
42 | #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector. | 42 | # This prevents access to passwords saved in GNOME Keyring and KWallet, also |
43 | # breaks Gnome connector. | ||
44 | #dbus-user none | ||
43 | 45 | ||
44 | # The file dialog needs to work without d-bus. | 46 | # The file dialog needs to work without d-bus. |
45 | ?HAS_NODBUS: env NO_CHROME_KDE_FILE_DIALOG=1 | 47 | ?HAS_NODBUS: env NO_CHROME_KDE_FILE_DIALOG=1 |
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 05f0dfba8..7c0b902b9 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -37,8 +37,10 @@ protocol unix,inet,inet6,netlink | |||
37 | # QtWebengine needs chroot to set up its own sandbox | 37 | # QtWebengine needs chroot to set up its own sandbox |
38 | seccomp !chroot | 38 | seccomp !chroot |
39 | 39 | ||
40 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 40 | # private-dev prevents libdc1394 from loading; this lib is used to connect to a |
41 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl | 41 | # camera device |
42 | #private-dev | ||
43 | #private-etc alternatives,ca-certificates,crypto-policies,pki,ssl | ||
42 | private-tmp | 44 | private-tmp |
43 | 45 | ||
44 | # dbus-user none | 46 | # dbus-user none |
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index fe2b59a1e..44a3f0846 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -40,7 +40,8 @@ tracelog | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-bin dino | 41 | private-bin dino |
42 | private-dev | 42 | private-dev |
43 | # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl -- breaks server connection | 43 | # breaks server connection |
44 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl | ||
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | dbus-user filter | 47 | dbus-user filter |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 8e0758c37..bf6b9249f 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -62,7 +62,8 @@ tracelog | |||
62 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar | 62 | private-bin kbuildsycoca4,kdeinit4,lpr,okular,unar,unrar |
63 | private-dev | 63 | private-dev |
64 | private-etc @x11,cups | 64 | private-etc @x11,cups |
65 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients | 65 | # on KDE we need access to the real /tmp for data exchange with email clients |
66 | #private-tmp | ||
66 | 67 | ||
67 | # dbus-user none | 68 | # dbus-user none |
68 | # dbus-system none | 69 | # dbus-system none |
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile index 875b83e8e..fa307fc88 100644 --- a/etc/profile-m-z/pycharm-community.profile +++ b/etc/profile-m-z/pycharm-community.profile | |||
@@ -34,8 +34,8 @@ nou2f | |||
34 | novideo | 34 | novideo |
35 | tracelog | 35 | tracelog |
36 | 36 | ||
37 | # private-etc alternatives,fonts,passwd - minimal required to run but will probably break | 37 | # minimum required to run but will probably break the program! |
38 | # program! | 38 | #private-etc alternatives,fonts,passwd |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile index 405ab818d..603ec8ff4 100644 --- a/etc/profile-m-z/rpcs3.profile +++ b/etc/profile-m-z/rpcs3.profile | |||
@@ -54,7 +54,8 @@ tracelog | |||
54 | 54 | ||
55 | disable-mnt | 55 | disable-mnt |
56 | #private-cache | 56 | #private-cache |
57 | #private-etc alternatives,ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl # seems to need awk | 57 | # seems to need awk |
58 | #private-etc alternatives,ca-certificates,crypto-policies,machine-id,pki,resolv.conf,ssl | ||
58 | private-tmp | 59 | private-tmp |
59 | 60 | ||
60 | dbus-user none | 61 | dbus-user none |
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index d1b757a25..dedb78d11 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -38,7 +38,8 @@ nosound | |||
38 | notv | 38 | notv |
39 | nou2f | 39 | nou2f |
40 | novideo | 40 | novideo |
41 | # protocol unix,inet,inet6,netlink,packet,bluetooth - commented out in case they bring in new protocols | 41 | # commented out in case they bring in new protocols |
42 | #protocol unix,inet,inet6,netlink,packet,bluetooth | ||
42 | #seccomp | 43 | #seccomp |
43 | tracelog | 44 | tracelog |
44 | 45 | ||
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index f5dd0c309..f957954dd 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -33,16 +33,14 @@ include whitelist-var-common.inc | |||
33 | 33 | ||
34 | apparmor | 34 | apparmor |
35 | caps.drop all | 35 | caps.drop all |
36 | # machine-id breaks sound - add the next line to your yelp.local if you don't need sound support. | 36 | #machine-id # add this to your yelp.local if you don't need sound support. |
37 | #machine-id | ||
38 | net none | 37 | net none |
39 | nodvd | 38 | nodvd |
40 | nogroups | 39 | nogroups |
41 | noinput | 40 | noinput |
42 | nonewprivs | 41 | nonewprivs |
43 | noroot | 42 | noroot |
44 | # nosound - add the next line to your yelp.local if you don't need sound support. | 43 | #nosound # add this to your yelp.local if you don't need sound support. |
45 | #nosound | ||
46 | notv | 44 | notv |
47 | nou2f | 45 | nou2f |
48 | novideo | 46 | novideo |