diff options
Diffstat (limited to 'etc')
105 files changed, 138 insertions, 220 deletions
diff --git a/etc/akonadi_control.profile b/etc/akonadi_control.profile index 4d40e6594..1c16f940e 100644 --- a/etc/akonadi_control.profile +++ b/etc/akonadi_control.profile | |||
@@ -22,6 +22,7 @@ noblacklist /usr/sbin | |||
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
25 | include disable-exec.inc | ||
25 | include disable-interpreters.inc | 26 | include disable-interpreters.inc |
26 | include disable-passwdmgr.inc | 27 | include disable-passwdmgr.inc |
27 | include disable-programs.inc | 28 | include disable-programs.inc |
@@ -51,5 +52,3 @@ tracelog | |||
51 | private-dev | 52 | private-dev |
52 | # private-tmp - breaks programs that depend on akonadi | 53 | # private-tmp - breaks programs that depend on akonadi |
53 | 54 | ||
54 | noexec ${HOME} | ||
55 | noexec /tmp | ||
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index e28733c63..e353326df 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -12,6 +12,7 @@ noblacklist /var/lib/pacman | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -44,5 +45,3 @@ private-dev | |||
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | memory-deny-write-execute | 47 | memory-deny-write-execute |
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/ark.profile b/etc/ark.profile index b60674f95..9214e96ff 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/arkrc | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,ba | |||
39 | private-dev | 40 | private-dev |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/artha.profile b/etc/artha.profile index 2e4c9071f..8ef5124de 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/enchant | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -42,5 +43,3 @@ private-lib libnotify.so.* | |||
42 | private-tmp | 43 | private-tmp |
43 | 44 | ||
44 | memory-deny-write-execute | 45 | memory-deny-write-execute |
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/assogiate.profile b/etc/assogiate.profile index 1161c24fe..577a20093 100644 --- a/etc/assogiate.profile +++ b/etc/assogiate.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${PICTURES} | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -45,5 +46,3 @@ private-lib gnome-vfs-2.0,libattr.so.*,libacl.so.*,libfam.so.* | |||
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | memory-deny-write-execute | 48 | memory-deny-write-execute |
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
diff --git a/etc/asunder.profile b/etc/asunder.profile index 3167dfe12..fa2479051 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${MUSIC} | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | # mdwe is disabled due to breaking hardware accelerated decoding | 41 | # mdwe is disabled due to breaking hardware accelerated decoding |
41 | # memory-deny-write-execute | 42 | # memory-deny-write-execute |
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/atril.profile b/etc/atril.profile index aca945ba3..2f39af823 100644 --- a/etc/atril.profile +++ b/etc/atril.profile | |||
@@ -15,6 +15,7 @@ noblacklist ${DOCUMENTS} | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -49,5 +50,3 @@ private-tmp | |||
49 | 50 | ||
50 | # webkit gtk killed by memory-deny-write-execute | 51 | # webkit gtk killed by memory-deny-write-execute |
51 | #memory-deny-write-execute | 52 | #memory-deny-write-execute |
52 | noexec ${HOME} | ||
53 | noexec /tmp | ||
diff --git a/etc/audacious.profile b/etc/audacious.profile index 590d3ffa3..4d0c93047 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${MUSIC} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -40,5 +41,3 @@ private-dev | |||
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | memory-deny-write-execute | 43 | memory-deny-write-execute |
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/audacity.profile b/etc/audacity.profile index 4dd412359..200d3a387 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${MUSIC} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-dev | |||
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | memory-deny-write-execute | 44 | memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/authenticator.profile b/etc/authenticator.profile index 7f5090251..339b51239 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile | |||
@@ -14,6 +14,7 @@ noblacklist /usr/lib/python3* | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-etc alternatives,fonts,ld.so.cache | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | # memory-deny-write-execute - breaks on Arch | 46 | # memory-deny-write-execute - breaks on Arch |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/celluloid.profile b/etc/celluloid.profile index 1f61ff9f5..5604a16b9 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile | |||
@@ -21,6 +21,7 @@ noblacklist /usr/local/lib/python3* | |||
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
24 | include disable-exec.inc | ||
24 | include disable-interpreters.inc | 25 | include disable-interpreters.inc |
25 | include disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
26 | include disable-programs.inc | 27 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-etc alternatives,ca-certificates,ssl,pki,pkcs11,hosts,machine-id,localti | |||
47 | private-dev | 48 | private-dev |
48 | private-tmp | 49 | private-tmp |
49 | 50 | ||
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index fe2648792..5afbf2d56 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
@@ -18,6 +18,7 @@ noblacklist /usr/share/perl* | |||
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
23 | include disable-programs.inc | 24 | include disable-programs.inc |
@@ -50,5 +51,3 @@ private-lib perl* | |||
50 | private-tmp | 51 | private-tmp |
51 | 52 | ||
52 | memory-deny-write-execute | 53 | memory-deny-write-execute |
53 | noexec ${HOME} | ||
54 | noexec /tmp | ||
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index a182e5d20..3c7423316 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -6,11 +6,15 @@ include chromium-common.local | |||
6 | # already included by caller profile | 6 | # already included by caller profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} breaks DRM binaries. | ||
10 | ignore noexec ${HOME} | ||
11 | |||
9 | noblacklist ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
10 | noblacklist ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
11 | 14 | ||
12 | include disable-common.inc | 15 | include disable-common.inc |
13 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
15 | include disable-programs.inc | 19 | include disable-programs.inc |
16 | 20 | ||
@@ -37,9 +41,5 @@ disable-mnt | |||
37 | private-dev | 41 | private-dev |
38 | # private-tmp - problems with multiple browser sessions | 42 | # private-tmp - problems with multiple browser sessions |
39 | 43 | ||
40 | # breaks DRM binaries | ||
41 | #noexec ${HOME} | ||
42 | noexec /tmp | ||
43 | |||
44 | # the file dialog needs to work without d-bus | 44 | # the file dialog needs to work without d-bus |
45 | env NO_CHROME_KDE_FILE_DIALOG=1 | 45 | env NO_CHROME_KDE_FILE_DIALOG=1 |
diff --git a/etc/clawsker.profile b/etc/clawsker.profile index c0f417915..c519ecedb 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile | |||
@@ -17,6 +17,7 @@ noblacklist /usr/share/perl* | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
@@ -51,5 +52,3 @@ private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1 | |||
51 | private-tmp | 52 | private-tmp |
52 | 53 | ||
53 | # memory-deny-write-execute - breaks on Arch | 54 | # memory-deny-write-execute - breaks on Arch |
54 | noexec ${HOME} | ||
55 | noexec /tmp | ||
diff --git a/etc/clipit.profile b/etc/clipit.profile index 052d0464b..6e4d3fbaf 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/clipit | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-cache | |||
39 | private-dev | 40 | private-dev |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/d-feet.profile b/etc/d-feet.profile index 05314fa18..92bd5e1a4 100644 --- a/etc/d-feet.profile +++ b/etc/d-feet.profile | |||
@@ -16,6 +16,7 @@ noblacklist /usr/lib/python3* | |||
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | ||
19 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 22 | include disable-programs.inc |
@@ -51,5 +52,3 @@ private-etc alternatives,dbus-1,fonts,machine-id | |||
51 | private-tmp | 52 | private-tmp |
52 | 53 | ||
53 | # memory-deny-write-execute - Breaks on Arch | 54 | # memory-deny-write-execute - Breaks on Arch |
54 | noexec ${HOME} | ||
55 | noexec /tmp | ||
diff --git a/etc/dconf-editor.profile b/etc/dconf-editor.profile index 103a2ed93..1174a5bba 100644 --- a/etc/dconf-editor.profile +++ b/etc/dconf-editor.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-lib | |||
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | # memory-deny-write-execute | 44 | # memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/dconf.profile b/etc/dconf.profile index d2376cc35..2c7c9f638 100644 --- a/etc/dconf.profile +++ b/etc/dconf.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -44,5 +45,3 @@ private-lib | |||
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | memory-deny-write-execute | 47 | memory-deny-write-execute |
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/devhelp.profile b/etc/devhelp.profile index 897357fdf..4e618b7ea 100644 --- a/etc/devhelp.profile +++ b/etc/devhelp.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 15 | include disable-programs.inc |
@@ -41,7 +42,5 @@ private-etc alternatives,dconf,fonts,ld.so.cache,machine-id,ssl | |||
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | # memory-deny-write-execute - Breaks on Arch | 44 | # memory-deny-write-execute - Breaks on Arch |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
46 | 45 | ||
47 | read-only ${HOME} | 46 | read-only ${HOME} |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index ffab615d1..2d100c4b0 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.devilspie | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -44,7 +45,5 @@ private-lib gconv | |||
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | memory-deny-write-execute | 47 | memory-deny-write-execute |
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
49 | 48 | ||
50 | read-only ${HOME} | 49 | read-only ${HOME} |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index b89bf122b..2f599366b 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/devilspie2 | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -44,7 +45,5 @@ private-lib gconv | |||
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | memory-deny-write-execute | 47 | memory-deny-write-execute |
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
49 | 48 | ||
50 | read-only ${HOME} | 49 | read-only ${HOME} |
diff --git a/etc/digikam.profile b/etc/digikam.profile index cc0e98ba3..e9c89a1b9 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${PICTURES} | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -40,5 +41,3 @@ shell none | |||
40 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies | 41 | # private-etc alternatives,ca-certificates,ssl,pki,crypto-policies |
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/disable-exec.inc b/etc/disable-exec.inc new file mode 100644 index 000000000..c535af7d4 --- /dev/null +++ b/etc/disable-exec.inc | |||
@@ -0,0 +1,11 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include disable-exec.local | ||
4 | |||
5 | noexec ${HOME} | ||
6 | noexec ${RUNUSER} | ||
7 | noexec /dev/shm | ||
8 | noexec /tmp | ||
9 | # /var/tmp is noexec by default | ||
10 | # just in case there is a keep-var-tmp option: | ||
11 | noexec /var/tmp | ||
diff --git a/etc/enchant.profile b/etc/enchant.profile index 7d304feb7..288d8799c 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/enchant | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-lib | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | memory-deny-write-execute | 46 | memory-deny-write-execute |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/engrampa.profile b/etc/engrampa.profile index 670808de2..562e8f542 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -38,5 +39,3 @@ private-dev | |||
38 | # private-tmp | 39 | # private-tmp |
39 | 40 | ||
40 | memory-deny-write-execute | 41 | memory-deny-write-execute |
41 | noexec ${HOME} | ||
42 | noexec /tmp | ||
diff --git a/etc/eog.profile b/etc/eog.profile index 57931b794..f296cbcb4 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.steam | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-lib eog,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | |||
47 | private-tmp | 48 | private-tmp |
48 | 49 | ||
49 | # memory-deny-write-execute | 50 | # memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 1838ce273..62eff69ab 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -15,6 +15,7 @@ noblacklist /usr/share/perl* | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -46,5 +47,3 @@ private-etc alternatives | |||
46 | private-tmp | 47 | private-tmp |
47 | 48 | ||
48 | memory-deny-write-execute | 49 | memory-deny-write-execute |
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index aa7a91928..a1c311e42 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${VIDEOS} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -48,5 +49,3 @@ private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf | |||
48 | private-tmp | 49 | private-tmp |
49 | 50 | ||
50 | # memory-deny-write-execute - it breaks old versions of ffmpeg | 51 | # memory-deny-write-execute - it breaks old versions of ffmpeg |
51 | noexec ${HOME} | ||
52 | noexec /tmp | ||
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index dbb3fa93c..ad52b0e97 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-dev | |||
41 | # private-tmp | 42 | # private-tmp |
42 | 43 | ||
43 | # memory-deny-write-execute | 44 | # memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/file.profile b/etc/file.profile index e084e80c2..c304b4efe 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -10,6 +10,7 @@ include globals.local | |||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | ||
13 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 15 | include disable-programs.inc |
15 | 16 | ||
@@ -41,5 +42,3 @@ private-etc alternatives,magic.mgc,magic,localtime | |||
41 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* | 42 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* |
42 | 43 | ||
43 | memory-deny-write-execute | 44 | memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 3089b7ce8..a2a34f33f 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -6,6 +6,9 @@ include firefox-common.local | |||
6 | # already included by caller profile | 6 | # already included by caller profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} breaks DRM binaries. | ||
10 | ignore noexec ${HOME} | ||
11 | |||
9 | # Uncomment the following line to allow access to common programs/addons/plugins. | 12 | # Uncomment the following line to allow access to common programs/addons/plugins. |
10 | #include firefox-common-addons.inc | 13 | #include firefox-common-addons.inc |
11 | 14 | ||
@@ -14,6 +17,7 @@ noblacklist ${HOME}/.local/share/pki | |||
14 | 17 | ||
15 | include disable-common.inc | 18 | include disable-common.inc |
16 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
18 | include disable-programs.inc | 22 | include disable-programs.inc |
19 | 23 | ||
@@ -55,7 +59,3 @@ private-dev | |||
55 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 59 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
56 | #private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache | 60 | #private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache |
57 | private-tmp | 61 | private-tmp |
58 | |||
59 | # Breaks DRM binaries. | ||
60 | #noexec ${HOME} | ||
61 | noexec /tmp | ||
diff --git a/etc/font-manager.profile b/etc/font-manager.profile index 49c50da71..3b4a1e3a2 100644 --- a/etc/font-manager.profile +++ b/etc/font-manager.profile | |||
@@ -17,6 +17,7 @@ noblacklist /usr/lib/python3* | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
@@ -52,5 +53,3 @@ private-dev | |||
52 | private-tmp | 53 | private-tmp |
53 | 54 | ||
54 | #memory-deny-write-execute - Breaks on Arch | 55 | #memory-deny-write-execute - Breaks on Arch |
55 | noexec ${HOME} | ||
56 | noexec /tmp | ||
diff --git a/etc/galculator.profile b/etc/galculator.profile index 203d0a455..92b400572 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/galculator | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-lib | |||
47 | private-tmp | 48 | private-tmp |
48 | 49 | ||
49 | memory-deny-write-execute | 50 | memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/gcloud.profile b/etc/gcloud.profile index d9df8fd37..a08aebf2c 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile | |||
@@ -5,12 +5,16 @@ include gcloud.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # noexec ${HOME} will break user-local installs of gcloud tooling | ||
9 | ignore noexec ${HOME} | ||
10 | |||
8 | noblacklist ${HOME}/.boto | 11 | noblacklist ${HOME}/.boto |
9 | noblacklist ${HOME}/.config/gcloud | 12 | noblacklist ${HOME}/.config/gcloud |
10 | noblacklist /var/run/docker.sock | 13 | noblacklist /var/run/docker.sock |
11 | 14 | ||
12 | include disable-common.inc | 15 | include disable-common.inc |
13 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
14 | include disable-programs.inc | 18 | include disable-programs.inc |
15 | 19 | ||
16 | apparmor | 20 | apparmor |
@@ -34,8 +38,3 @@ disable-mnt | |||
34 | private-dev | 38 | private-dev |
35 | private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache | 39 | private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache |
36 | private-tmp | 40 | private-tmp |
37 | |||
38 | noexec /tmp | ||
39 | |||
40 | # will break user-local installs of gcloud tooling | ||
41 | # noexec ${HOME} | ||
diff --git a/etc/gconf.profile b/etc/gconf.profile index 94af21833..4a2d433ef 100644 --- a/etc/gconf.profile +++ b/etc/gconf.profile | |||
@@ -16,6 +16,7 @@ noblacklist /usr/lib/python2* | |||
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | ||
19 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 22 | include disable-programs.inc |
@@ -53,5 +54,3 @@ private-lib libpython*,python2* | |||
53 | private-tmp | 54 | private-tmp |
54 | 55 | ||
55 | memory-deny-write-execute | 56 | memory-deny-write-execute |
56 | noexec ${HOME} | ||
57 | noexec /tmp | ||
diff --git a/etc/gedit.profile b/etc/gedit.profile index a583c534f..6b99ec580 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.python-history | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | # include disable-devel.inc | 15 | # include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | # include disable-interpreters.inc | 17 | # include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -44,5 +45,3 @@ private-dev | |||
44 | private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell | 45 | private-lib /usr/bin/gedit,libtinfo.so.*,libreadline.so.*,gedit,libgspell-1.so.*,gconv,aspell |
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/geekbench.profile b/etc/geekbench.profile index 425fb7bb5..764c68131 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -46,7 +47,5 @@ private-opt none | |||
46 | private-tmp | 47 | private-tmp |
47 | 48 | ||
48 | # memory-deny-write-execute - Breaks on Arch | 49 | # memory-deny-write-execute - Breaks on Arch |
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
51 | 50 | ||
52 | read-only ${HOME} | 51 | read-only ${HOME} |
diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 615e6d01c..76011df19 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${PICTURES} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -53,5 +54,3 @@ private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dcon | |||
53 | #private-lib | 54 | #private-lib |
54 | private-tmp | 55 | private-tmp |
55 | 56 | ||
56 | noexec ${HOME} | ||
57 | noexec /tmp | ||
diff --git a/etc/gimp.profile b/etc/gimp.profile index 9b14b1fe8..91001cd30 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -6,12 +6,17 @@ include gimp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory | ||
10 | # if you are not using external plugins, you can disable ignore noexec statement below | ||
11 | ignore noexec ${HOME} | ||
12 | |||
9 | noblacklist ${HOME}/.config/GIMP | 13 | noblacklist ${HOME}/.config/GIMP |
10 | noblacklist ${HOME}/.gimp* | 14 | noblacklist ${HOME}/.gimp* |
11 | noblacklist ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
12 | noblacklist ${PICTURES} | 16 | noblacklist ${PICTURES} |
13 | 17 | ||
14 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-exec.inc | ||
15 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 21 | include disable-programs.inc |
17 | include disable-xdg.inc | 22 | include disable-xdg.inc |
@@ -35,8 +40,3 @@ shell none | |||
35 | 40 | ||
36 | private-dev | 41 | private-dev |
37 | private-tmp | 42 | private-tmp |
38 | |||
39 | # gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory | ||
40 | # if you are not using external plugins, you can enable noexec statement below | ||
41 | # noexec ${HOME} | ||
42 | noexec /tmp | ||
diff --git a/etc/git.profile b/etc/git.profile index 575793f58..44e3474f8 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -21,6 +21,7 @@ noblacklist ${HOME}/.vim | |||
21 | noblacklist ${HOME}/.viminfo | 21 | noblacklist ${HOME}/.viminfo |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-exec.inc | ||
24 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
25 | include disable-programs.inc | 26 | include disable-programs.inc |
26 | 27 | ||
@@ -46,5 +47,3 @@ private-cache | |||
46 | private-dev | 47 | private-dev |
47 | 48 | ||
48 | memory-deny-write-execute | 49 | memory-deny-write-execute |
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index eb124a4e8..c9ad4831f 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | ||
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-programs.inc | 15 | include disable-programs.inc |
@@ -45,5 +46,3 @@ private-dev | |||
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | # memory-deny-write-execute | 48 | # memory-deny-write-execute |
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 32a7ca918..cb73a9477 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-dev | |||
39 | private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf | 40 | private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/gnome-keyring.profile b/etc/gnome-keyring.profile index 88898a816..47d8ca2c0 100644 --- a/etc/gnome-keyring.profile +++ b/etc/gnome-keyring.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.gnupg | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-dev | |||
47 | private-tmp | 48 | private-tmp |
48 | 49 | ||
49 | memory-deny-write-execute | 50 | memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index 9ea4fb9f6..c7cbd8388 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -46,8 +47,6 @@ private-tmp | |||
46 | writable-var-log | 47 | writable-var-log |
47 | 48 | ||
48 | memory-deny-write-execute | 49 | memory-deny-write-execute |
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
51 | 50 | ||
52 | # comment this if you export logs to a file in your ${HOME} | 51 | # comment this if you export logs to a file in your ${HOME} |
53 | read-only ${HOME} | 52 | read-only ${HOME} |
diff --git a/etc/gnome-maps.profile b/etc/gnome-maps.profile index 6ce44e7ce..97de9c2be 100644 --- a/etc/gnome-maps.profile +++ b/etc/gnome-maps.profile | |||
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.local/share/flatpak | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-dev | |||
43 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies | 44 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies |
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile index 10ed8935a..bb11c64a8 100644 --- a/etc/gnome-schedule.profile +++ b/etc/gnome-schedule.profile | |||
@@ -43,6 +43,7 @@ noblacklist /usr/lib/python3* | |||
43 | 43 | ||
44 | include disable-common.inc | 44 | include disable-common.inc |
45 | include disable-devel.inc | 45 | include disable-devel.inc |
46 | include disable-exec.inc | ||
46 | include disable-interpreters.inc | 47 | include disable-interpreters.inc |
47 | include disable-passwdmgr.inc | 48 | include disable-passwdmgr.inc |
48 | include disable-programs.inc | 49 | include disable-programs.inc |
@@ -73,5 +74,3 @@ private-dev | |||
73 | # private-etc alternatives | 74 | # private-etc alternatives |
74 | writable-var | 75 | writable-var |
75 | 76 | ||
76 | noexec ${HOME} | ||
77 | noexec /tmp | ||
diff --git a/etc/gnome-system-log.profile b/etc/gnome-system-log.profile index 69b0fe75c..c6af31ede 100644 --- a/etc/gnome-system-log.profile +++ b/etc/gnome-system-log.profile | |||
@@ -10,6 +10,7 @@ noblacklist /var/log | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -49,8 +50,6 @@ private-tmp | |||
49 | writable-var-log | 50 | writable-var-log |
50 | 51 | ||
51 | memory-deny-write-execute | 52 | memory-deny-write-execute |
52 | noexec ${HOME} | ||
53 | noexec /tmp | ||
54 | 53 | ||
55 | # uncomment this if you never export logs to a file in your ${HOME} | 54 | # uncomment this if you never export logs to a file in your ${HOME} |
56 | #read-only ${HOME} | 55 | #read-only ${HOME} |
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 4c66e3772..17371aec0 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/gpicview | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-lib | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | memory-deny-write-execute | 46 | memory-deny-write-execute |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index ee514ac71..9507188fc 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 15 | include disable-programs.inc |
@@ -43,7 +44,5 @@ private-lib | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | memory-deny-write-execute | 46 | memory-deny-write-execute |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
48 | 47 | ||
49 | read-only ${HOME} | 48 | read-only ${HOME} |
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 790e4920d..d4af3ed1a 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -19,6 +19,7 @@ noblacklist ${HOME}/.local/share/org.kde.gwenview | |||
19 | 19 | ||
20 | include disable-common.inc | 20 | include disable-common.inc |
21 | include disable-devel.inc | 21 | include disable-devel.inc |
22 | include disable-exec.inc | ||
22 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 25 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-dev | |||
47 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 48 | private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
48 | 49 | ||
49 | # memory-deny-write-execute | 50 | # memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index a98f80bc7..324c629e3 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${VIDEOS} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -35,5 +36,3 @@ shell none | |||
35 | private-dev | 36 | private-dev |
36 | private-tmp | 37 | private-tmp |
37 | 38 | ||
38 | noexec ${HOME} | ||
39 | noexec /tmp | ||
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 24fd29fbe..ade50048e 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${PICTURES} | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-dev | |||
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | memory-deny-write-execute | 44 | memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index ba0a2c9f9..8e19d3a7c 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -20,6 +20,7 @@ noblacklist /usr/lib/python3* | |||
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
23 | include disable-exec.inc | ||
23 | include disable-interpreters.inc | 24 | include disable-interpreters.inc |
24 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
25 | include disable-programs.inc | 26 | include disable-programs.inc |
@@ -50,5 +51,3 @@ private-dev | |||
50 | private-tmp | 51 | private-tmp |
51 | 52 | ||
52 | # memory-deny-write-execute | 53 | # memory-deny-write-execute |
53 | noexec ${HOME} | ||
54 | noexec /tmp | ||
diff --git a/etc/kate.profile b/etc/kate.profile index 4a78d718f..3035393c4 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -6,6 +6,8 @@ include kate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | ignore noexec ${HOME} | ||
10 | |||
9 | noblacklist ${HOME}/.config/katemetainfos | 11 | noblacklist ${HOME}/.config/katemetainfos |
10 | noblacklist ${HOME}/.config/katepartrc | 12 | noblacklist ${HOME}/.config/katepartrc |
11 | noblacklist ${HOME}/.config/katerc | 13 | noblacklist ${HOME}/.config/katerc |
@@ -16,6 +18,7 @@ noblacklist ${HOME}/.local/share/kate | |||
16 | 18 | ||
17 | include disable-common.inc | 19 | include disable-common.inc |
18 | # include disable-devel.inc | 20 | # include disable-devel.inc |
21 | include disable-exec.inc | ||
19 | # include disable-interpreters.inc | 22 | # include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 24 | include disable-programs.inc |
@@ -45,7 +48,4 @@ private-dev | |||
45 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg | 48 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg |
46 | private-tmp | 49 | private-tmp |
47 | 50 | ||
48 | # noexec ${HOME} | ||
49 | noexec /tmp | ||
50 | |||
51 | join-or-start kate | 51 | join-or-start kate |
diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 8baefaa98..8c641802b 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
13 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 15 | include disable-programs.inc |
@@ -45,5 +46,3 @@ private-dev | |||
45 | # private-lib - problems on Arch | 46 | # private-lib - problems on Arch |
46 | private-tmp | 47 | private-tmp |
47 | 48 | ||
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index f7b5c89b3..82c8c6793 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile | |||
@@ -6,12 +6,15 @@ include kdenlive.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | ignore noexec ${HOME} | ||
10 | |||
9 | noblacklist ${HOME}/.cache/kdenlive | 11 | noblacklist ${HOME}/.cache/kdenlive |
10 | noblacklist ${HOME}/.config/kdenliverc | 12 | noblacklist ${HOME}/.config/kdenliverc |
11 | noblacklist ${HOME}/.local/share/kdenlive | 13 | noblacklist ${HOME}/.local/share/kdenlive |
12 | 14 | ||
13 | include disable-common.inc | 15 | include disable-common.inc |
14 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -33,6 +36,3 @@ shell none | |||
33 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt | 36 | private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt |
34 | private-dev | 37 | private-dev |
35 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 | 38 | # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 |
36 | |||
37 | # noexec ${HOME} | ||
38 | noexec /tmp | ||
diff --git a/etc/klavaro.profile b/etc/klavaro.profile index 04b4a5ae5..5ad5e2699 100644 --- a/etc/klavaro.profile +++ b/etc/klavaro.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/klavaro | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -51,5 +52,3 @@ private-opt none | |||
51 | private-srv none | 52 | private-srv none |
52 | 53 | ||
53 | memory-deny-write-execute | 54 | memory-deny-write-execute |
54 | noexec ${HOME} | ||
55 | noexec /tmp | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index 1f8403ef1..009b2c063 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -31,6 +31,7 @@ noblacklist /tmp/akonadi-* | |||
31 | 31 | ||
32 | include disable-common.inc | 32 | include disable-common.inc |
33 | include disable-devel.inc | 33 | include disable-devel.inc |
34 | include disable-exec.inc | ||
34 | include disable-interpreters.inc | 35 | include disable-interpreters.inc |
35 | include disable-passwdmgr.inc | 36 | include disable-passwdmgr.inc |
36 | include disable-programs.inc | 37 | include disable-programs.inc |
@@ -58,5 +59,3 @@ writable-run-user | |||
58 | private-dev | 59 | private-dev |
59 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments | 60 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments |
60 | 61 | ||
61 | noexec ${HOME} | ||
62 | noexec /tmp | ||
diff --git a/etc/kodi.profile b/etc/kodi.profile index 303310591..9925f131b 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -6,6 +6,9 @@ include kodi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} breaks plugins | ||
10 | ignore noexec ${HOME} | ||
11 | |||
9 | noblacklist ${HOME}/.kodi | 12 | noblacklist ${HOME}/.kodi |
10 | noblacklist ${MUSIC} | 13 | noblacklist ${MUSIC} |
11 | noblacklist ${PICTURES} | 14 | noblacklist ${PICTURES} |
@@ -19,6 +22,7 @@ noblacklist /usr/lib/python3* | |||
19 | 22 | ||
20 | include disable-common.inc | 23 | include disable-common.inc |
21 | include disable-devel.inc | 24 | include disable-devel.inc |
25 | include disable-exec.inc | ||
22 | include disable-interpreters.inc | 26 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 27 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 28 | include disable-programs.inc |
@@ -40,7 +44,3 @@ tracelog | |||
40 | 44 | ||
41 | private-dev | 45 | private-dev |
42 | private-tmp | 46 | private-tmp |
43 | |||
44 | # breaks plugins | ||
45 | #noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/krita.profile b/etc/krita.profile index 3313106a2..5d9c90440 100644 --- a/etc/krita.profile +++ b/etc/krita.profile | |||
@@ -6,6 +6,9 @@ include krita.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} may break krita, see issue #1953 | ||
10 | ignore noexec ${HOME} | ||
11 | |||
9 | noblacklist ${HOME}/.config/kritarc | 12 | noblacklist ${HOME}/.config/kritarc |
10 | noblacklist ${HOME}/.local/share/krita | 13 | noblacklist ${HOME}/.local/share/krita |
11 | noblacklist ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
@@ -19,6 +22,7 @@ noblacklist /usr/lib/python3* | |||
19 | 22 | ||
20 | include disable-common.inc | 23 | include disable-common.inc |
21 | include disable-devel.inc | 24 | include disable-devel.inc |
25 | include disable-exec.inc | ||
22 | include disable-interpreters.inc | 26 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 27 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 28 | include disable-programs.inc |
@@ -45,7 +49,3 @@ shell none | |||
45 | private-cache | 49 | private-cache |
46 | private-dev | 50 | private-dev |
47 | private-tmp | 51 | private-tmp |
48 | |||
49 | # noexec ${HOME} may break krita, see issue #1953 | ||
50 | # noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index bc4fba97d..9b0640eab 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -17,6 +17,7 @@ noblacklist ${DOCUMENTS} | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
@@ -47,7 +48,5 @@ private-dev | |||
47 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg | 48 | private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg |
48 | private-tmp | 49 | private-tmp |
49 | 50 | ||
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
52 | 51 | ||
53 | join-or-start kwrite | 52 | join-or-start kwrite |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 0e6c86b80..6e77cd741 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -19,6 +19,7 @@ noblacklist /usr/share/java | |||
19 | 19 | ||
20 | include disable-common.inc | 20 | include disable-common.inc |
21 | include disable-devel.inc | 21 | include disable-devel.inc |
22 | include disable-exec.inc | ||
22 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
23 | include disable-programs.inc | 24 | include disable-programs.inc |
24 | 25 | ||
@@ -49,7 +50,5 @@ tracelog | |||
49 | private-dev | 50 | private-dev |
50 | private-tmp | 51 | private-tmp |
51 | 52 | ||
52 | noexec ${HOME} | ||
53 | noexec /tmp | ||
54 | 53 | ||
55 | join-or-start libreoffice | 54 | join-or-start libreoffice |
diff --git a/etc/masterpdfeditor.profile b/etc/masterpdfeditor.profile index 4bb46b5c9..ce6486115 100644 --- a/etc/masterpdfeditor.profile +++ b/etc/masterpdfeditor.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.masterpdfeditor | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-dev | |||
41 | private-etc alternatives,fonts | 42 | private-etc alternatives,fonts |
42 | private-tmp | 43 | private-tmp |
43 | 44 | ||
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 6bb393376..d2681f32d 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -10,6 +10,7 @@ blacklist /tmp/.X11-unix | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-etc alternatives | |||
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | memory-deny-write-execute | 44 | memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/meld.profile b/etc/meld.profile index af3f501e3..4e298e4e7 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -15,6 +15,7 @@ noblacklist /usr/share/python* | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -46,5 +47,3 @@ private-dev | |||
46 | # private-etc fonts,alternatives | 47 | # private-etc fonts,alternatives |
47 | private-tmp | 48 | private-tmp |
48 | 49 | ||
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index f057bdd9e..0808c5a1a 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile | |||
@@ -24,6 +24,7 @@ noblacklist ${VIDEOS} | |||
24 | 24 | ||
25 | include disable-common.inc | 25 | include disable-common.inc |
26 | include disable-devel.inc | 26 | include disable-devel.inc |
27 | include disable-exec.inc | ||
27 | include disable-interpreters.inc | 28 | include disable-interpreters.inc |
28 | include disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
29 | include disable-programs.inc | 30 | include disable-programs.inc |
@@ -57,5 +58,3 @@ private-bin mpsyt,mplayer,mpv,youtube-dl,python*,env,ffmpeg | |||
57 | private-dev | 58 | private-dev |
58 | private-tmp | 59 | private-tmp |
59 | 60 | ||
60 | noexec ${HOME} | ||
61 | noexec /tmp | ||
diff --git a/etc/mpv.profile b/etc/mpv.profile index cf113c1bb..c2ae9c6f9 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile | |||
@@ -21,6 +21,7 @@ noblacklist /usr/local/lib/python3* | |||
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
24 | include disable-exec.inc | ||
24 | include disable-interpreters.inc | 25 | include disable-interpreters.inc |
25 | include disable-passwdmgr.inc | 26 | include disable-passwdmgr.inc |
26 | include disable-programs.inc | 27 | include disable-programs.inc |
diff --git a/etc/mypaint.profile b/etc/mypaint.profile index 21fd841cf..615bb60d1 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile | |||
@@ -15,6 +15,7 @@ noblacklist ${PICTURES} | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -44,5 +45,3 @@ private-dev | |||
44 | private-etc alternatives,fonts,gtk-3.0,dconf | 45 | private-etc alternatives,fonts,gtk-3.0,dconf |
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/nano.profile b/etc/nano.profile index ed172b37c..50e251d49 100644 --- a/etc/nano.profile +++ b/etc/nano.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.nanorc | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-dev | |||
43 | private-etc alternatives,nanorc | 44 | private-etc alternatives,nanorc |
44 | 45 | ||
45 | memory-deny-write-execute | 46 | memory-deny-write-execute |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/netactview.profile b/etc/netactview.profile index 58235c31b..c91822a9d 100644 --- a/etc/netactview.profile +++ b/etc/netactview.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.netactview | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-lib | |||
47 | private-tmp | 48 | private-tmp |
48 | 49 | ||
49 | memory-deny-write-execute | 50 | memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/ocenaudio.profile b/etc/ocenaudio.profile index be218e3a8..ceeb59384 100644 --- a/etc/ocenaudio.profile +++ b/etc/ocenaudio.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${MUSIC} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-etc alternatives,asound.conf,fonts,ld.so.cache,pulse | |||
47 | private-tmp | 48 | private-tmp |
48 | 49 | ||
49 | # memory-deny-write-execute - breaks on Arch | 50 | # memory-deny-write-execute - breaks on Arch |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/okular.profile b/etc/okular.profile index 0192a1d3d..48e45ca3f 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -20,6 +20,7 @@ noblacklist ${DOCUMENTS} | |||
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
23 | include disable-exec.inc | ||
23 | include disable-interpreters.inc | 24 | include disable-interpreters.inc |
24 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
25 | include disable-programs.inc | 26 | include disable-programs.inc |
@@ -52,7 +53,5 @@ private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg | |||
52 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients | 53 | # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients |
53 | 54 | ||
54 | # memory-deny-write-execute | 55 | # memory-deny-write-execute |
55 | noexec ${HOME} | ||
56 | noexec /tmp | ||
57 | 56 | ||
58 | join-or-start okular | 57 | join-or-start okular |
diff --git a/etc/openshot.profile b/etc/openshot.profile index e383ecf06..acd1fd658 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile | |||
@@ -17,6 +17,7 @@ noblacklist /usr/lib/python3* | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
@@ -40,5 +41,3 @@ shell none | |||
40 | private-dev | 41 | private-dev |
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile index 6bda9e7d3..b3faca12c 100644 --- a/etc/pavucontrol.profile +++ b/etc/pavucontrol.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/pavucontrol.ini | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-lib | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | memory-deny-write-execute | 46 | memory-deny-write-execute |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/pluma.profile b/etc/pluma.profile index a8b1e4cc6..25142bc18 100644 --- a/etc/pluma.profile +++ b/etc/pluma.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/pluma | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -42,7 +43,5 @@ private-lib pluma | |||
42 | private-tmp | 43 | private-tmp |
43 | 44 | ||
44 | memory-deny-write-execute | 45 | memory-deny-write-execute |
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
47 | 46 | ||
48 | join-or-start pluma | 47 | join-or-start pluma |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 7b1f05574..156a48170 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -19,6 +19,7 @@ noblacklist /usr/lib/python3* | |||
19 | 19 | ||
20 | include disable-common.inc | 20 | include disable-common.inc |
21 | include disable-devel.inc | 21 | include disable-devel.inc |
22 | include disable-exec.inc | ||
22 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 25 | include disable-programs.inc |
@@ -59,5 +60,3 @@ private-dev | |||
59 | private-tmp | 60 | private-tmp |
60 | 61 | ||
61 | # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo | 62 | # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo |
62 | noexec ${HOME} | ||
63 | noexec /tmp | ||
diff --git a/etc/redshift.profile b/etc/redshift.profile index 351b54075..e60877172 100644 --- a/etc/redshift.profile +++ b/etc/redshift.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/redshift.conf | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -45,5 +46,3 @@ private-dev | |||
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | memory-deny-write-execute | 48 | memory-deny-write-execute |
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
diff --git a/etc/regextester.profile b/etc/regextester.profile index 19d6a89f4..c7c59bec2 100644 --- a/etc/regextester.profile +++ b/etc/regextester.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-passwdmgr.inc | 12 | include disable-passwdmgr.inc |
12 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -45,8 +46,6 @@ private-lib libgranite.so.* | |||
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | memory-deny-write-execute | 48 | memory-deny-write-execute |
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
50 | 49 | ||
51 | # never write anything | 50 | # never write anything |
52 | read-only ${HOME} | 51 | read-only ${HOME} |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 6b673a924..df874f378 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/rhythmbox | |||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | # rhythmbox is using Python | 14 | # rhythmbox is using Python |
15 | include disable-exec.inc | ||
15 | #include disable-interpreters.inc | 16 | #include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-bin rhythmbox | |||
39 | private-dev | 40 | private-dev |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/seahorse-tool.profile b/etc/seahorse-tool.profile index bbab69162..d61f860ad 100644 --- a/etc/seahorse-tool.profile +++ b/etc/seahorse-tool.profile | |||
@@ -11,6 +11,7 @@ include seahorse-tool.local | |||
11 | mkdir ${HOME}/.config/dconf | 11 | mkdir ${HOME}/.config/dconf |
12 | whitelist ${HOME}/.config/dconf | 12 | whitelist ${HOME}/.config/dconf |
13 | 13 | ||
14 | include disable-exec.inc | ||
14 | include disable-xdg.inc | 15 | include disable-xdg.inc |
15 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
16 | 17 | ||
@@ -21,8 +22,6 @@ disable-mnt | |||
21 | private-tmp | 22 | private-tmp |
22 | 23 | ||
23 | memory-deny-write-execute | 24 | memory-deny-write-execute |
24 | noexec ${HOME} | ||
25 | noexec /tmp | ||
26 | 25 | ||
27 | # Redirect | 26 | # Redirect |
28 | include gpg.profile | 27 | include gpg.profile |
diff --git a/etc/seahorse.profile b/etc/seahorse.profile index 0bf3b89fd..a24c8c3f2 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile | |||
@@ -16,6 +16,7 @@ noblacklist /etc/ssh | |||
16 | noblacklist /tmp/ssh-* | 16 | noblacklist /tmp/ssh-* |
17 | noblacklist ${HOME}/.ssh | 17 | noblacklist ${HOME}/.ssh |
18 | 18 | ||
19 | include disable-exec.inc | ||
19 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
20 | 21 | ||
21 | apparmor | 22 | apparmor |
diff --git a/etc/simplescreenrecorder.profile b/etc/simplescreenrecorder.profile index 47485fe4c..ead475e07 100644 --- a/etc/simplescreenrecorder.profile +++ b/etc/simplescreenrecorder.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${VIDEOS} | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -34,5 +35,3 @@ private-dev | |||
34 | private-tmp | 35 | private-tmp |
35 | 36 | ||
36 | memory-deny-write-execute | 37 | memory-deny-write-execute |
37 | noexec ${HOME} | ||
38 | noexec /tmp | ||
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 57ab2cde6..e347d23d6 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -13,6 +13,7 @@ noblacklist ${VIDEOS} | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -36,5 +37,3 @@ private-bin smplayer,smtube,mplayer,mpv | |||
36 | private-dev | 37 | private-dev |
37 | private-tmp | 38 | private-tmp |
38 | 39 | ||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index c7667fbed..8b0b0d53b 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -16,6 +16,7 @@ noblacklist /usr/lib/python3* | |||
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | ||
19 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 22 | include disable-programs.inc |
@@ -44,5 +45,3 @@ private-cache | |||
44 | private-dev | 45 | private-dev |
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 8122079e1..4758871d3 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${DOCUMENTS} | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -42,5 +43,3 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id, | |||
42 | private-tmp | 43 | private-tmp |
43 | 44 | ||
44 | memory-deny-write-execute | 45 | memory-deny-write-execute |
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index ba7248b73..5458120ef 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/Standard Notes | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -40,5 +41,3 @@ private-dev | |||
40 | private-tmp | 41 | private-tmp |
41 | private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg | 42 | private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg |
42 | 43 | ||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile index 009cf65df..ee2d63240 100644 --- a/etc/subdownloader.profile +++ b/etc/subdownloader.profile | |||
@@ -17,6 +17,7 @@ noblacklist /usr/lib/python3* | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
@@ -42,5 +43,3 @@ private-etc alternatives,fonts | |||
42 | private-tmp | 43 | private-tmp |
43 | 44 | ||
44 | # memory-deny-write-execute - Breaks on Arch | 45 | # memory-deny-write-execute - Breaks on Arch |
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 696ac4de0..60d80ecd4 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/supertuxkart | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
17 | include disable-xdg.inc | 18 | include disable-xdg.inc |
@@ -51,5 +52,3 @@ private-tmp | |||
51 | private-opt none | 52 | private-opt none |
52 | private-srv none | 53 | private-srv none |
53 | 54 | ||
54 | noexec ${HOME} | ||
55 | noexec /tmp | ||
diff --git a/etc/sysprof.profile b/etc/sysprof.profile index eedf4c4b4..3cfea5c5e 100644 --- a/etc/sysprof.profile +++ b/etc/sysprof.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-etc alternatives,fonts,ld.so.cache,machine-id,ssl | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | # memory-deny-write-execute - Breaks GUI on Arch | 46 | # memory-deny-write-execute - Breaks GUI on Arch |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/totem.profile b/etc/totem.profile index fd473b03c..f541d3cc2 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -13,6 +13,7 @@ noblacklist ${VIDEOS} | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-dev | |||
39 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 40 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/transgui.profile b/etc/transgui.profile index 83191ab58..8043bfa01 100644 --- a/etc/transgui.profile +++ b/etc/transgui.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/transgui | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -48,5 +49,3 @@ private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2 | |||
48 | private-tmp | 49 | private-tmp |
49 | 50 | ||
50 | memory-deny-write-execute | 51 | memory-deny-write-execute |
51 | noexec ${HOME} | ||
52 | noexec /tmp | ||
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 65682df52..60732bcf2 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/transmission | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -40,5 +41,3 @@ private-lib | |||
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | memory-deny-write-execute | 43 | memory-deny-write-execute |
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile index c101e18b5..c67200826 100644 --- a/etc/transmission-daemon.profile +++ b/etc/transmission-daemon.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/transmission | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -41,5 +42,3 @@ private-lib | |||
41 | private-tmp | 42 | private-tmp |
42 | 43 | ||
43 | memory-deny-write-execute | 44 | memory-deny-write-execute |
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 6fd310a73..29df63573 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/transmission | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-tmp | |||
47 | 48 | ||
48 | # Causes freeze during opening file dialog in Archlinux, see issue #1855 | 49 | # Causes freeze during opening file dialog in Archlinux, see issue #1855 |
49 | # memory-deny-write-execute | 50 | # memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index f35eb0036..9fda5245f 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/transmission | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -46,5 +47,3 @@ private-dev | |||
46 | private-tmp | 47 | private-tmp |
47 | 48 | ||
48 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 | 49 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 |
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile index 7e6f67317..d9ba7be71 100644 --- a/etc/transmission-remote.profile +++ b/etc/transmission-remote.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/transmission | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -40,5 +41,3 @@ private-lib | |||
40 | private-tmp | 41 | private-tmp |
41 | 42 | ||
42 | memory-deny-write-execute | 43 | memory-deny-write-execute |
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 691b8959e..58f7af47c 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/transmission | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -38,5 +39,3 @@ private-lib | |||
38 | private-tmp | 39 | private-tmp |
39 | 40 | ||
40 | memory-deny-write-execute | 41 | memory-deny-write-execute |
41 | noexec ${HOME} | ||
42 | noexec /tmp | ||
diff --git a/etc/viewnior.profile b/etc/viewnior.profile index c958ef6cc..f9fb1cefe 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.steam | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -44,5 +45,3 @@ private-tmp | |||
44 | 45 | ||
45 | # memory-deny-write-executes breaks on Arch - see issue #1808 | 46 | # memory-deny-write-executes breaks on Arch - see issue #1808 |
46 | #memory-deny-write-execute | 47 | #memory-deny-write-execute |
47 | noexec ${HOME} | ||
48 | noexec /tmp | ||
diff --git a/etc/vlc.profile b/etc/vlc.profile index 370180b6b..64ac7a4f0 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${VIDEOS} | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-tmp | |||
39 | 40 | ||
40 | # mdwe is disabled due to breaking hardware accelerated decoding | 41 | # mdwe is disabled due to breaking hardware accelerated decoding |
41 | #memory-deny-write-execute | 42 | #memory-deny-write-execute |
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index a08b97d05..9b9757cd5 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -18,6 +18,7 @@ noblacklist /usr/share/lua | |||
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
23 | include disable-programs.inc | 24 | include disable-programs.inc |
@@ -48,5 +49,3 @@ private-dev | |||
48 | # private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies | 49 | # private-etc alternatives,fonts,group,hosts,machine-id,passwd,ca-certificates,ssl,pki,crypto-policies |
49 | private-tmp | 50 | private-tmp |
50 | 51 | ||
51 | noexec ${HOME} | ||
52 | noexec /tmp | ||
diff --git a/etc/xed.profile b/etc/xed.profile index cd565f684..a268f2b6e 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -15,6 +15,7 @@ noblacklist /usr/lib/python3* | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -47,5 +48,3 @@ private-tmp | |||
47 | 48 | ||
48 | # xed uses python plugins, memory-deny-write-execute breaks python | 49 | # xed uses python plugins, memory-deny-write-execute breaks python |
49 | # memory-deny-write-execute | 50 | # memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index 9c8c5c531..952625ef8 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -45,5 +46,3 @@ private-etc alternatives,asound.conf,fonts,pulse,machine-id | |||
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | memory-deny-write-execute | 48 | memory-deny-write-execute |
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 0df879d7c..0cfb840eb 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -18,6 +18,7 @@ noblacklist /usr/lib/python3* | |||
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
21 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
22 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
23 | include disable-programs.inc | 24 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-dev | |||
43 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies | 44 | # private-etc alternatives,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies |
44 | private-tmp | 45 | private-tmp |
45 | 46 | ||
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||
diff --git a/etc/xreader.profile b/etc/xreader.profile index e0a3ddee3..643c5a317 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${DOCUMENTS} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -42,5 +43,3 @@ private-etc alternatives,fonts,ld.so.cache | |||
42 | private-tmp | 43 | private-tmp |
43 | 44 | ||
44 | memory-deny-write-execute | 45 | memory-deny-write-execute |
45 | noexec ${HOME} | ||
46 | noexec /tmp | ||
diff --git a/etc/xviewer.profile b/etc/xviewer.profile index c73630053..b483e9404 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.steam | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -43,5 +44,3 @@ private-lib | |||
43 | private-tmp | 44 | private-tmp |
44 | 45 | ||
45 | memory-deny-write-execute | 46 | memory-deny-write-execute |
46 | noexec ${HOME} | ||
47 | noexec /tmp | ||