diff options
Diffstat (limited to 'etc')
221 files changed, 641 insertions, 397 deletions
diff --git a/etc/apparmor/firejail-base b/etc/apparmor/firejail-base index 41e4ac2bf..6e286d4af 100644 --- a/etc/apparmor/firejail-base +++ b/etc/apparmor/firejail-base | |||
@@ -1,26 +1,27 @@ | |||
1 | ######################################### | 1 | ######################################### |
2 | # Firejail base abstraction drop-in | 2 | # Firejail base abstraction drop-in |
3 | ######################################### | 3 | # |
4 | |||
5 | # Adds basic Firejail support to AppArmor profiles. | 4 | # Adds basic Firejail support to AppArmor profiles. |
6 | # Please note: Firejail's nonewprivs and seccomp options | 5 | # Please note: Firejail's nonewprivs and seccomp options |
7 | # are not compatible with AppArmor profile transitions. | 6 | # are not compatible with AppArmor profile transitions. |
7 | # Also there is no support for Firejail chroot options. | ||
8 | ######################################### | ||
8 | 9 | ||
9 | # Discovery of process names | 10 | # Discovery of process names |
10 | owner /{,run/firejail/mnt/oroot/}proc/@{pid}/comm r, | 11 | owner /proc/@{pid}/comm r, |
11 | 12 | ||
12 | ########## | 13 | ########## |
13 | # Following paths only exist inside a Firejail sandbox | 14 | # Following paths only exist inside a Firejail sandbox |
14 | ########## | 15 | ########## |
15 | 16 | ||
16 | # Library preloading | 17 | # Library preloading |
17 | /{,run/firejail/mnt/oroot/}{,var/}run/firejail/lib/*.so mr, | 18 | /{,var/}run/firejail/lib/*.so mr, |
18 | 19 | ||
19 | # Supporting seccomp | 20 | # Supporting seccomp |
20 | owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/seccomp/seccomp.postexec r, | 21 | owner /{,var/}run/firejail/mnt/seccomp/seccomp.postexec r, |
21 | 22 | ||
22 | # Supporting trace | 23 | # Supporting trace |
23 | owner /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/trace w, | 24 | owner /{,var/}run/firejail/mnt/trace w, |
24 | 25 | ||
25 | # Supporting tracelog | 26 | # Supporting tracelog |
26 | /{,run/firejail/mnt/oroot/}{,var/}run/firejail/mnt/fslogger r, | 27 | /{,var/}run/firejail/mnt/fslogger r, |
diff --git a/etc/ids.config b/etc/ids.config index 09b0ae912..ff55416ca 100644 --- a/etc/ids.config +++ b/etc/ids.config | |||
@@ -37,6 +37,7 @@ include ids.config.local | |||
37 | 37 | ||
38 | ### shells local ### | 38 | ### shells local ### |
39 | # bash | 39 | # bash |
40 | ${HOME}/.bash_aliases | ||
40 | ${HOME}/.bash_login | 41 | ${HOME}/.bash_login |
41 | ${HOME}/.bash_logout | 42 | ${HOME}/.bash_logout |
42 | ${HOME}/.bash_profile | 43 | ${HOME}/.bash_profile |
@@ -99,10 +100,24 @@ ${HOME}/.xsessionrc | |||
99 | ### window/desktop manager ### | 100 | ### window/desktop manager ### |
100 | ${HOME}/Desktop/*.desktop | 101 | ${HOME}/Desktop/*.desktop |
101 | ${HOME}/.config/autostart | 102 | ${HOME}/.config/autostart |
103 | ${HOME}/.config/autostart-scripts | ||
102 | ${HOME}/.config/lxsession/LXDE/autostart | 104 | ${HOME}/.config/lxsession/LXDE/autostart |
105 | ${HOME}/.config/openbox/autostart | ||
106 | ${HOME}/.config/openbox/environment | ||
107 | ${HOME}/.config/plasma-workspace/env | ||
108 | ${HOME}/.config/plasma-workspace/shutdown | ||
103 | ${HOME}/.gnomerc | 109 | ${HOME}/.gnomerc |
104 | ${HOME}/.gtkrc | 110 | ${HOME}/.gtkrc |
111 | ${HOME}/.kde/Autostart | ||
112 | ${HOME}/.kde/env | ||
113 | ${HOME}/.kde/share/autostart | ||
114 | ${HOME}/.kde/shutdown | ||
115 | ${HOME}/.kde4/Autostart | ||
116 | ${HOME}/.kde4/env | ||
117 | ${HOME}/.kde4/share/autostart | ||
118 | ${HOME}/.kde4/shutdown | ||
105 | ${HOME}/.kderc | 119 | ${HOME}/.kderc |
120 | ${HOME}/.local/share/autostart | ||
106 | 121 | ||
107 | ### security ### | 122 | ### security ### |
108 | /etc/aide | 123 | /etc/aide |
@@ -123,6 +138,7 @@ ${HOME}/.kderc | |||
123 | /etc/tripwire | 138 | /etc/tripwire |
124 | ${HOME}/.config/firejail | 139 | ${HOME}/.config/firejail |
125 | ${HOME}/.gnupg | 140 | ${HOME}/.gnupg |
141 | ${HOME}/.pam_environment | ||
126 | 142 | ||
127 | ### network security ### | 143 | ### network security ### |
128 | /etc/ca-certificates* | 144 | /etc/ca-certificates* |
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 67c78a483..5d41e6607 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -5,4 +5,11 @@ include allow-ssh.local | |||
5 | noblacklist ${HOME}/.ssh | 5 | noblacklist ${HOME}/.ssh |
6 | noblacklist /etc/ssh | 6 | noblacklist /etc/ssh |
7 | noblacklist /etc/ssh/ssh_config | 7 | noblacklist /etc/ssh/ssh_config |
8 | noblacklist ${PATH}/ssh | ||
8 | noblacklist /tmp/ssh-* | 9 | noblacklist /tmp/ssh-* |
10 | # Arch Linux and derivatives | ||
11 | noblacklist /usr/lib/ssh | ||
12 | # Debian/Ubuntu and derivatives | ||
13 | noblacklist /usr/lib/openssh | ||
14 | # Fedora and derivatives | ||
15 | noblacklist /usr/libexec/openssh | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index ae84ee38a..04f4bf2d6 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -458,7 +458,7 @@ blacklist /sbin | |||
458 | blacklist /usr/local/sbin | 458 | blacklist /usr/local/sbin |
459 | blacklist /usr/sbin | 459 | blacklist /usr/sbin |
460 | 460 | ||
461 | # system management | 461 | # system management and various SUID executables |
462 | blacklist ${PATH}/at | 462 | blacklist ${PATH}/at |
463 | blacklist ${PATH}/busybox | 463 | blacklist ${PATH}/busybox |
464 | blacklist ${PATH}/chage | 464 | blacklist ${PATH}/chage |
@@ -493,6 +493,25 @@ blacklist ${PATH}/umount | |||
493 | blacklist ${PATH}/unix_chkpwd | 493 | blacklist ${PATH}/unix_chkpwd |
494 | blacklist ${PATH}/xev | 494 | blacklist ${PATH}/xev |
495 | blacklist ${PATH}/xinput | 495 | blacklist ${PATH}/xinput |
496 | # from 0.9.67 | ||
497 | blacklist /usr/lib/openssh | ||
498 | blacklist /usr/lib/ssh | ||
499 | blacklist /usr/libexec/openssh | ||
500 | blacklist ${PATH}/passwd | ||
501 | blacklist /usr/lib/xorg/Xorg.wrap | ||
502 | blacklist /usr/lib/policykit-1/polkit-agent-helper-1 | ||
503 | blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper | ||
504 | blacklist /usr/lib/eject/dmcrypt-get-device | ||
505 | blacklist /usr/lib/chromium/chrome-sandbox | ||
506 | blacklist /usr/lib/vmware | ||
507 | blacklist ${PATH}/suexec | ||
508 | blacklist /usr/lib/squid/basic_pam_auth | ||
509 | blacklist ${PATH}/slock | ||
510 | blacklist ${PATH}/physlock | ||
511 | blacklist ${PATH}/schroot | ||
512 | blacklist ${PATH}/wshowkeys | ||
513 | blacklist ${PATH}/pmount | ||
514 | blacklist ${PATH}/pumount | ||
496 | 515 | ||
497 | # other SUID binaries | 516 | # other SUID binaries |
498 | blacklist /usr/lib/virtualbox | 517 | blacklist /usr/lib/virtualbox |
@@ -563,8 +582,7 @@ blacklist ${HOME}/sent | |||
563 | # kernel configuration | 582 | # kernel configuration |
564 | blacklist /proc/config.gz | 583 | blacklist /proc/config.gz |
565 | 584 | ||
566 | # prevent DNS malware attempting to communicate with the server | 585 | # prevent DNS malware attempting to communicate with the server using regular DNS tools |
567 | # using regular DNS tools | ||
568 | blacklist ${PATH}/dig | 586 | blacklist ${PATH}/dig |
569 | blacklist ${PATH}/dlint | 587 | blacklist ${PATH}/dlint |
570 | blacklist ${PATH}/dns2tcp | 588 | blacklist ${PATH}/dns2tcp |
@@ -582,8 +600,14 @@ blacklist ${PATH}/nslookup | |||
582 | blacklist ${PATH}/resolvectl | 600 | blacklist ${PATH}/resolvectl |
583 | blacklist ${PATH}/unbound-host | 601 | blacklist ${PATH}/unbound-host |
584 | 602 | ||
603 | # prevent an intruder to guess passwords using regular network tools | ||
604 | blacklist ${PATH}/ftp | ||
605 | blacklist ${PATH}/ssh | ||
606 | blacklist ${PATH}/telnet | ||
607 | |||
585 | # rest of ${RUNUSER} | 608 | # rest of ${RUNUSER} |
586 | blacklist ${RUNUSER}/*.lock | 609 | blacklist ${RUNUSER}/*.lock |
587 | blacklist ${RUNUSER}/inaccessible | 610 | blacklist ${RUNUSER}/inaccessible |
588 | blacklist ${RUNUSER}/pk-debconf-socket | 611 | blacklist ${RUNUSER}/pk-debconf-socket |
589 | blacklist ${RUNUSER}/update-notifier.pid | 612 | blacklist ${RUNUSER}/update-notifier.pid |
613 | |||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 6734e220a..254d05e8e 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -51,10 +51,182 @@ blacklist ${HOME}/.blobby | |||
51 | blacklist ${HOME}/.bogofilter | 51 | blacklist ${HOME}/.bogofilter |
52 | blacklist ${HOME}/.bundle | 52 | blacklist ${HOME}/.bundle |
53 | blacklist ${HOME}/.bzf | 53 | blacklist ${HOME}/.bzf |
54 | blacklist ${HOME}/.cache/0ad | ||
55 | blacklist ${HOME}/.cache/8pecxstudios | ||
56 | blacklist ${HOME}/.cache/Authenticator | ||
57 | blacklist ${HOME}/.cache/BraveSoftware | ||
58 | blacklist ${HOME}/.cache/Clementine | ||
59 | blacklist ${HOME}/.cache/ENCOM/Spectral | ||
60 | blacklist ${HOME}/.cache/Enox | ||
61 | blacklist ${HOME}/.cache/Enpass | ||
62 | blacklist ${HOME}/.cache/Ferdi | ||
63 | blacklist ${HOME}/.cache/Flavio Tordini | ||
64 | blacklist ${HOME}/.cache/Franz | ||
65 | blacklist ${HOME}/.cache/GoldenDict | ||
66 | blacklist ${HOME}/.cache/INRIA | ||
67 | blacklist ${HOME}/.cache/INRIA/Natron | ||
68 | blacklist ${HOME}/.cache/JetBrains/CLion* | ||
69 | blacklist ${HOME}/.cache/KDE/neochat | ||
70 | blacklist ${HOME}/.cache/Mendeley Ltd. | ||
71 | blacklist ${HOME}/.cache/MusicBrainz | ||
72 | blacklist ${HOME}/.cache/NewsFlashGTK | ||
73 | blacklist ${HOME}/.cache/Otter | ||
74 | blacklist ${HOME}/.cache/PawelStolowski | ||
75 | blacklist ${HOME}/.cache/Psi | ||
76 | blacklist ${HOME}/.cache/QuiteRss | ||
77 | blacklist ${HOME}/.cache/Quotient/quaternion | ||
78 | blacklist ${HOME}/.cache/Shortwave | ||
79 | blacklist ${HOME}/.cache/Tox | ||
80 | blacklist ${HOME}/.cache/Zeal | ||
81 | blacklist ${HOME}/.cache/agenda | ||
82 | blacklist ${HOME}/.cache/akonadi* | ||
83 | blacklist ${HOME}/.cache/atril | ||
84 | blacklist ${HOME}/.cache/attic | ||
85 | blacklist ${HOME}/.cache/babl | ||
86 | blacklist ${HOME}/.cache/bnox | ||
87 | blacklist ${HOME}/.cache/borg | ||
88 | blacklist ${HOME}/.cache/calibre | ||
89 | blacklist ${HOME}/.cache/cantata | ||
90 | blacklist ${HOME}/.cache/champlain | ||
91 | blacklist ${HOME}/.cache/chromium | ||
92 | blacklist ${HOME}/.cache/chromium-dev | ||
93 | blacklist ${HOME}/.cache/cliqz | ||
94 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | ||
95 | blacklist ${HOME}/.cache/darktable | ||
96 | blacklist ${HOME}/.cache/deja-dup | ||
97 | blacklist ${HOME}/.cache/discover | ||
98 | blacklist ${HOME}/.cache/dnox | ||
99 | blacklist ${HOME}/.cache/dolphin | ||
100 | blacklist ${HOME}/.cache/dolphin-emu | ||
101 | blacklist ${HOME}/.cache/ephemeral | ||
102 | blacklist ${HOME}/.cache/epiphany | ||
103 | blacklist ${HOME}/.cache/evolution | ||
104 | blacklist ${HOME}/.cache/falkon | ||
105 | blacklist ${HOME}/.cache/feedreader | ||
106 | blacklist ${HOME}/.cache/firedragon | ||
107 | blacklist ${HOME}/.cache/flaska.net/trojita | ||
108 | blacklist ${HOME}/.cache/folks | ||
109 | blacklist ${HOME}/.cache/font-manager | ||
110 | blacklist ${HOME}/.cache/fossamail | ||
111 | blacklist ${HOME}/.cache/fractal | ||
112 | blacklist ${HOME}/.cache/freecol | ||
113 | blacklist ${HOME}/.cache/gajim | ||
114 | blacklist ${HOME}/.cache/geary | ||
115 | blacklist ${HOME}/.cache/geeqie | ||
116 | blacklist ${HOME}/.cache/gegl-0.4 | ||
117 | blacklist ${HOME}/.cache/gfeeds | ||
118 | blacklist ${HOME}/.cache/gimp | ||
119 | blacklist ${HOME}/.cache/gnome-boxes | ||
120 | blacklist ${HOME}/.cache/gnome-builder | ||
121 | blacklist ${HOME}/.cache/gnome-control-center | ||
122 | blacklist ${HOME}/.cache/gnome-recipes | ||
123 | blacklist ${HOME}/.cache/gnome-screenshot | ||
124 | blacklist ${HOME}/.cache/gnome-software | ||
125 | blacklist ${HOME}/.cache/gnome-twitch | ||
126 | blacklist ${HOME}/.cache/godot | ||
127 | blacklist ${HOME}/.cache/google-chrome | ||
128 | blacklist ${HOME}/.cache/google-chrome-beta | ||
129 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
130 | blacklist ${HOME}/.cache/gradio | ||
131 | blacklist ${HOME}/.cache/gummi | ||
132 | blacklist ${HOME}/.cache/icedove | ||
133 | blacklist ${HOME}/.cache/inkscape | ||
134 | blacklist ${HOME}/.cache/inox | ||
135 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot | ||
136 | blacklist ${HOME}/.cache/iridium | ||
137 | blacklist ${HOME}/.cache/kcmshell5 | ||
138 | blacklist ${HOME}/.cache/kdenlive | ||
139 | blacklist ${HOME}/.cache/keepassxc | ||
140 | blacklist ${HOME}/.cache/kfind | ||
141 | blacklist ${HOME}/.cache/kinfocenter | ||
142 | blacklist ${HOME}/.cache/kmail2 | ||
143 | blacklist ${HOME}/.cache/krunner | ||
144 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | ||
145 | blacklist ${HOME}/.cache/kscreenlocker_greet | ||
146 | blacklist ${HOME}/.cache/ksmserver-logout-greeter | ||
147 | blacklist ${HOME}/.cache/ksplashqml | ||
148 | blacklist ${HOME}/.cache/kube | ||
149 | blacklist ${HOME}/.cache/kwin | ||
150 | blacklist ${HOME}/.cache/libgweather | ||
151 | blacklist ${HOME}/.cache/librewolf | ||
152 | blacklist ${HOME}/.cache/liferea | ||
153 | blacklist ${HOME}/.cache/lutris | ||
154 | blacklist ${HOME}/.cache/marker | ||
155 | blacklist ${HOME}/.cache/matrix-mirage | ||
156 | blacklist ${HOME}/.cache/microsoft-edge-beta | ||
157 | blacklist ${HOME}/.cache/microsoft-edge-dev | ||
158 | blacklist ${HOME}/.cache/midori | ||
159 | blacklist ${HOME}/.cache/minetest | ||
160 | blacklist ${HOME}/.cache/mirage | ||
161 | blacklist ${HOME}/.cache/moonchild productions/basilisk | ||
162 | blacklist ${HOME}/.cache/moonchild productions/pale moon | ||
163 | blacklist ${HOME}/.cache/mozilla | ||
164 | blacklist ${HOME}/.cache/ms-excel-online | ||
165 | blacklist ${HOME}/.cache/ms-office-online | ||
166 | blacklist ${HOME}/.cache/ms-onenote-online | ||
167 | blacklist ${HOME}/.cache/ms-outlook-online | ||
168 | blacklist ${HOME}/.cache/ms-powerpoint-online | ||
169 | blacklist ${HOME}/.cache/ms-skype-online | ||
170 | blacklist ${HOME}/.cache/ms-word-online | ||
171 | blacklist ${HOME}/.cache/mutt | ||
172 | blacklist ${HOME}/.cache/mypaint | ||
173 | blacklist ${HOME}/.cache/netsurf | ||
174 | blacklist ${HOME}/.cache/nheko | ||
175 | blacklist ${HOME}/.cache/okular | ||
176 | blacklist ${HOME}/.cache/opera | ||
177 | blacklist ${HOME}/.cache/opera-beta | ||
178 | blacklist ${HOME}/.cache/org.gabmus.gfeeds | ||
179 | blacklist ${HOME}/.cache/org.gnome.Books | ||
180 | blacklist ${HOME}/.cache/org.gnome.Maps | ||
181 | blacklist ${HOME}/.cache/pdfmod | ||
182 | blacklist ${HOME}/.cache/peek | ||
183 | blacklist ${HOME}/.cache/pip | ||
184 | blacklist ${HOME}/.cache/pipe-viewer | ||
185 | blacklist ${HOME}/.cache/plasmashell | ||
186 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | ||
187 | blacklist ${HOME}/.cache/psi | ||
188 | blacklist ${HOME}/.cache/qBittorrent | ||
189 | blacklist ${HOME}/.cache/quodlibet | ||
190 | blacklist ${HOME}/.cache/qupzilla | ||
191 | blacklist ${HOME}/.cache/qutebrowser | ||
192 | blacklist ${HOME}/.cache/rednotebook | ||
193 | blacklist ${HOME}/.cache/rhythmbox | ||
194 | blacklist ${HOME}/.cache/shotwell | ||
195 | blacklist ${HOME}/.cache/simple-scan | ||
196 | blacklist ${HOME}/.cache/slimjet | ||
197 | blacklist ${HOME}/.cache/smuxi | ||
198 | blacklist ${HOME}/.cache/snox | ||
199 | blacklist ${HOME}/.cache/spotify | ||
200 | blacklist ${HOME}/.cache/straw-viewer | ||
201 | blacklist ${HOME}/.cache/strawberry | ||
202 | blacklist ${HOME}/.cache/supertuxkart | ||
203 | blacklist ${HOME}/.cache/systemsettings | ||
204 | blacklist ${HOME}/.cache/telepathy | ||
205 | blacklist ${HOME}/.cache/thunderbird | ||
206 | blacklist ${HOME}/.cache/torbrowser | ||
207 | blacklist ${HOME}/.cache/transmission | ||
208 | blacklist ${HOME}/.cache/ungoogled-chromium | ||
209 | blacklist ${HOME}/.cache/vivaldi | ||
210 | blacklist ${HOME}/.cache/vivaldi-snapshot | ||
211 | blacklist ${HOME}/.cache/vlc | ||
212 | blacklist ${HOME}/.cache/vmware | ||
213 | blacklist ${HOME}/.cache/warsow-2.1 | ||
214 | blacklist ${HOME}/.cache/waterfox | ||
215 | blacklist ${HOME}/.cache/wesnoth | ||
216 | blacklist ${HOME}/.cache/winetricks | ||
217 | blacklist ${HOME}/.cache/xmms2 | ||
218 | blacklist ${HOME}/.cache/xournalpp | ||
219 | blacklist ${HOME}/.cache/xreader | ||
220 | blacklist ${HOME}/.cache/yandex-browser | ||
221 | blacklist ${HOME}/.cache/yandex-browser-beta | ||
222 | blacklist ${HOME}/.cache/youtube-dl | ||
223 | blacklist ${HOME}/.cache/youtube-viewer | ||
224 | blacklist ${HOME}/.cache/yt-dlp | ||
225 | blacklist ${HOME}/.cache/zim | ||
54 | blacklist ${HOME}/.cargo | 226 | blacklist ${HOME}/.cargo |
55 | blacklist ${HOME}/.claws-mail | 227 | blacklist ${HOME}/.claws-mail |
56 | blacklist ${HOME}/.cliqz | ||
57 | blacklist ${HOME}/.clion* | 228 | blacklist ${HOME}/.clion* |
229 | blacklist ${HOME}/.cliqz | ||
58 | blacklist ${HOME}/.clonk | 230 | blacklist ${HOME}/.clonk |
59 | blacklist ${HOME}/.config/0ad | 231 | blacklist ${HOME}/.config/0ad |
60 | blacklist ${HOME}/.config/2048-qt | 232 | blacklist ${HOME}/.config/2048-qt |
@@ -93,8 +265,8 @@ blacklist ${HOME}/.config/Google Play Music Desktop Player | |||
93 | blacklist ${HOME}/.config/Gpredict | 265 | blacklist ${HOME}/.config/Gpredict |
94 | blacklist ${HOME}/.config/INRIA | 266 | blacklist ${HOME}/.config/INRIA |
95 | blacklist ${HOME}/.config/InSilmaril | 267 | blacklist ${HOME}/.config/InSilmaril |
96 | blacklist ${HOME}/.config/Jitsi Meet | ||
97 | blacklist ${HOME}/.config/JetBrains/CLion* | 268 | blacklist ${HOME}/.config/JetBrains/CLion* |
269 | blacklist ${HOME}/.config/Jitsi Meet | ||
98 | blacklist ${HOME}/.config/KDE/neochat | 270 | blacklist ${HOME}/.config/KDE/neochat |
99 | blacklist ${HOME}/.config/KeePass | 271 | blacklist ${HOME}/.config/KeePass |
100 | blacklist ${HOME}/.config/KeePassXCrc | 272 | blacklist ${HOME}/.config/KeePassXCrc |
@@ -948,6 +1120,7 @@ blacklist ${HOME}/TeamSpeak3-Client-linux_x86 | |||
948 | blacklist ${HOME}/hyperrogue.ini | 1120 | blacklist ${HOME}/hyperrogue.ini |
949 | blacklist ${HOME}/i2p | 1121 | blacklist ${HOME}/i2p |
950 | blacklist ${HOME}/mps | 1122 | blacklist ${HOME}/mps |
1123 | blacklist ${HOME}/openstego.ini | ||
951 | blacklist ${HOME}/wallet.dat | 1124 | blacklist ${HOME}/wallet.dat |
952 | blacklist ${HOME}/yt-dlp.conf | 1125 | blacklist ${HOME}/yt-dlp.conf |
953 | blacklist ${RUNUSER}/*firefox* | 1126 | blacklist ${RUNUSER}/*firefox* |
@@ -958,177 +1131,3 @@ blacklist /var/games/slashem | |||
958 | blacklist /var/games/vulturesclaw | 1131 | blacklist /var/games/vulturesclaw |
959 | blacklist /var/games/vultureseye | 1132 | blacklist /var/games/vultureseye |
960 | blacklist /var/lib/games/Maelstrom-Scores | 1133 | blacklist /var/lib/games/Maelstrom-Scores |
961 | |||
962 | # ${HOME}/.cache directory | ||
963 | blacklist ${HOME}/.cache/0ad | ||
964 | blacklist ${HOME}/.cache/8pecxstudios | ||
965 | blacklist ${HOME}/.cache/Authenticator | ||
966 | blacklist ${HOME}/.cache/BraveSoftware | ||
967 | blacklist ${HOME}/.cache/Clementine | ||
968 | blacklist ${HOME}/.cache/ENCOM/Spectral | ||
969 | blacklist ${HOME}/.cache/Enox | ||
970 | blacklist ${HOME}/.cache/Enpass | ||
971 | blacklist ${HOME}/.cache/Ferdi | ||
972 | blacklist ${HOME}/.cache/Flavio Tordini | ||
973 | blacklist ${HOME}/.cache/Franz | ||
974 | blacklist ${HOME}/.cache/GoldenDict | ||
975 | blacklist ${HOME}/.cache/INRIA | ||
976 | blacklist ${HOME}/.cache/INRIA/Natron | ||
977 | blacklist ${HOME}/.cache/KDE/neochat | ||
978 | blacklist ${HOME}/.cache/Mendeley Ltd. | ||
979 | blacklist ${HOME}/.cache/MusicBrainz | ||
980 | blacklist ${HOME}/.cache/NewsFlashGTK | ||
981 | blacklist ${HOME}/.cache/Otter | ||
982 | blacklist ${HOME}/.cache/PawelStolowski | ||
983 | blacklist ${HOME}/.cache/Psi | ||
984 | blacklist ${HOME}/.cache/QuiteRss | ||
985 | blacklist ${HOME}/.cache/Quotient/quaternion | ||
986 | blacklist ${HOME}/.cache/Shortwave | ||
987 | blacklist ${HOME}/.cache/Tox | ||
988 | blacklist ${HOME}/.cache/Zeal | ||
989 | blacklist ${HOME}/.cache/agenda | ||
990 | blacklist ${HOME}/.cache/akonadi* | ||
991 | blacklist ${HOME}/.cache/atril | ||
992 | blacklist ${HOME}/.cache/attic | ||
993 | blacklist ${HOME}/.cache/babl | ||
994 | blacklist ${HOME}/.cache/bnox | ||
995 | blacklist ${HOME}/.cache/borg | ||
996 | blacklist ${HOME}/.cache/calibre | ||
997 | blacklist ${HOME}/.cache/cantata | ||
998 | blacklist ${HOME}/.cache/champlain | ||
999 | blacklist ${HOME}/.cache/chromium | ||
1000 | blacklist ${HOME}/.cache/chromium-dev | ||
1001 | blacklist ${HOME}/.cache/cliqz | ||
1002 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | ||
1003 | blacklist ${HOME}/.cache/darktable | ||
1004 | blacklist ${HOME}/.cache/deja-dup | ||
1005 | blacklist ${HOME}/.cache/discover | ||
1006 | blacklist ${HOME}/.cache/dnox | ||
1007 | blacklist ${HOME}/.cache/dolphin | ||
1008 | blacklist ${HOME}/.cache/dolphin-emu | ||
1009 | blacklist ${HOME}/.cache/ephemeral | ||
1010 | blacklist ${HOME}/.cache/epiphany | ||
1011 | blacklist ${HOME}/.cache/evolution | ||
1012 | blacklist ${HOME}/.cache/falkon | ||
1013 | blacklist ${HOME}/.cache/feedreader | ||
1014 | blacklist ${HOME}/.cache/firedragon | ||
1015 | blacklist ${HOME}/.cache/flaska.net/trojita | ||
1016 | blacklist ${HOME}/.cache/folks | ||
1017 | blacklist ${HOME}/.cache/font-manager | ||
1018 | blacklist ${HOME}/.cache/fossamail | ||
1019 | blacklist ${HOME}/.cache/fractal | ||
1020 | blacklist ${HOME}/.cache/freecol | ||
1021 | blacklist ${HOME}/.cache/gajim | ||
1022 | blacklist ${HOME}/.cache/geary | ||
1023 | blacklist ${HOME}/.cache/geeqie | ||
1024 | blacklist ${HOME}/.cache/gegl-0.4 | ||
1025 | blacklist ${HOME}/.cache/gfeeds | ||
1026 | blacklist ${HOME}/.cache/gimp | ||
1027 | blacklist ${HOME}/.cache/gnome-boxes | ||
1028 | blacklist ${HOME}/.cache/gnome-builder | ||
1029 | blacklist ${HOME}/.cache/gnome-control-center | ||
1030 | blacklist ${HOME}/.cache/gnome-recipes | ||
1031 | blacklist ${HOME}/.cache/gnome-screenshot | ||
1032 | blacklist ${HOME}/.cache/gnome-software | ||
1033 | blacklist ${HOME}/.cache/gnome-twitch | ||
1034 | blacklist ${HOME}/.cache/godot | ||
1035 | blacklist ${HOME}/.cache/google-chrome | ||
1036 | blacklist ${HOME}/.cache/google-chrome-beta | ||
1037 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
1038 | blacklist ${HOME}/.cache/gradio | ||
1039 | blacklist ${HOME}/.cache/gummi | ||
1040 | blacklist ${HOME}/.cache/icedove | ||
1041 | blacklist ${HOME}/.cache/inkscape | ||
1042 | blacklist ${HOME}/.cache/inox | ||
1043 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot | ||
1044 | blacklist ${HOME}/.cache/iridium | ||
1045 | blacklist ${HOME}/.cache/JetBrains/CLion* | ||
1046 | blacklist ${HOME}/.cache/kcmshell5 | ||
1047 | blacklist ${HOME}/.cache/kdenlive | ||
1048 | blacklist ${HOME}/.cache/keepassxc | ||
1049 | blacklist ${HOME}/.cache/kfind | ||
1050 | blacklist ${HOME}/.cache/kinfocenter | ||
1051 | blacklist ${HOME}/.cache/kmail2 | ||
1052 | blacklist ${HOME}/.cache/krunner | ||
1053 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | ||
1054 | blacklist ${HOME}/.cache/kscreenlocker_greet | ||
1055 | blacklist ${HOME}/.cache/ksmserver-logout-greeter | ||
1056 | blacklist ${HOME}/.cache/ksplashqml | ||
1057 | blacklist ${HOME}/.cache/kube | ||
1058 | blacklist ${HOME}/.cache/kwin | ||
1059 | blacklist ${HOME}/.cache/libgweather | ||
1060 | blacklist ${HOME}/.cache/librewolf | ||
1061 | blacklist ${HOME}/.cache/liferea | ||
1062 | blacklist ${HOME}/.cache/lutris | ||
1063 | blacklist ${HOME}/.cache/marker | ||
1064 | blacklist ${HOME}/.cache/matrix-mirage | ||
1065 | blacklist ${HOME}/.cache/microsoft-edge-beta | ||
1066 | blacklist ${HOME}/.cache/microsoft-edge-dev | ||
1067 | blacklist ${HOME}/.cache/midori | ||
1068 | blacklist ${HOME}/.cache/minetest | ||
1069 | blacklist ${HOME}/.cache/mirage | ||
1070 | blacklist ${HOME}/.cache/moonchild productions/basilisk | ||
1071 | blacklist ${HOME}/.cache/moonchild productions/pale moon | ||
1072 | blacklist ${HOME}/.cache/mozilla | ||
1073 | blacklist ${HOME}/.cache/ms-excel-online | ||
1074 | blacklist ${HOME}/.cache/ms-office-online | ||
1075 | blacklist ${HOME}/.cache/ms-onenote-online | ||
1076 | blacklist ${HOME}/.cache/ms-outlook-online | ||
1077 | blacklist ${HOME}/.cache/ms-powerpoint-online | ||
1078 | blacklist ${HOME}/.cache/ms-skype-online | ||
1079 | blacklist ${HOME}/.cache/ms-word-online | ||
1080 | blacklist ${HOME}/.cache/mutt | ||
1081 | blacklist ${HOME}/.cache/mypaint | ||
1082 | blacklist ${HOME}/.cache/netsurf | ||
1083 | blacklist ${HOME}/.cache/nheko | ||
1084 | blacklist ${HOME}/.cache/okular | ||
1085 | blacklist ${HOME}/.cache/opera | ||
1086 | blacklist ${HOME}/.cache/opera-beta | ||
1087 | blacklist ${HOME}/.cache/org.gabmus.gfeeds | ||
1088 | blacklist ${HOME}/.cache/org.gnome.Books | ||
1089 | blacklist ${HOME}/.cache/org.gnome.Maps | ||
1090 | blacklist ${HOME}/.cache/pdfmod | ||
1091 | blacklist ${HOME}/.cache/peek | ||
1092 | blacklist ${HOME}/.cache/pip | ||
1093 | blacklist ${HOME}/.cache/pipe-viewer | ||
1094 | blacklist ${HOME}/.cache/plasmashell | ||
1095 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | ||
1096 | blacklist ${HOME}/.cache/psi | ||
1097 | blacklist ${HOME}/.cache/qBittorrent | ||
1098 | blacklist ${HOME}/.cache/quodlibet | ||
1099 | blacklist ${HOME}/.cache/qupzilla | ||
1100 | blacklist ${HOME}/.cache/qutebrowser | ||
1101 | blacklist ${HOME}/.cache/rednotebook | ||
1102 | blacklist ${HOME}/.cache/rhythmbox | ||
1103 | blacklist ${HOME}/.cache/shotwell | ||
1104 | blacklist ${HOME}/.cache/simple-scan | ||
1105 | blacklist ${HOME}/.cache/slimjet | ||
1106 | blacklist ${HOME}/.cache/smuxi | ||
1107 | blacklist ${HOME}/.cache/snox | ||
1108 | blacklist ${HOME}/.cache/spotify | ||
1109 | blacklist ${HOME}/.cache/straw-viewer | ||
1110 | blacklist ${HOME}/.cache/strawberry | ||
1111 | blacklist ${HOME}/.cache/supertuxkart | ||
1112 | blacklist ${HOME}/.cache/systemsettings | ||
1113 | blacklist ${HOME}/.cache/telepathy | ||
1114 | blacklist ${HOME}/.cache/thunderbird | ||
1115 | blacklist ${HOME}/.cache/torbrowser | ||
1116 | blacklist ${HOME}/.cache/transmission | ||
1117 | blacklist ${HOME}/.cache/ungoogled-chromium | ||
1118 | blacklist ${HOME}/.cache/vivaldi | ||
1119 | blacklist ${HOME}/.cache/vivaldi-snapshot | ||
1120 | blacklist ${HOME}/.cache/vlc | ||
1121 | blacklist ${HOME}/.cache/vmware | ||
1122 | blacklist ${HOME}/.cache/warsow-2.1 | ||
1123 | blacklist ${HOME}/.cache/waterfox | ||
1124 | blacklist ${HOME}/.cache/wesnoth | ||
1125 | blacklist ${HOME}/.cache/winetricks | ||
1126 | blacklist ${HOME}/.cache/xmms2 | ||
1127 | blacklist ${HOME}/.cache/xournalpp | ||
1128 | blacklist ${HOME}/.cache/xreader | ||
1129 | blacklist ${HOME}/.cache/yandex-browser | ||
1130 | blacklist ${HOME}/.cache/yandex-browser-beta | ||
1131 | blacklist ${HOME}/.cache/youtube-dl | ||
1132 | blacklist ${HOME}/.cache/youtube-viewer | ||
1133 | blacklist ${HOME}/.cache/yt-dlp | ||
1134 | blacklist ${HOME}/.cache/zim | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 256e2115a..0e7126458 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin abiword | 42 | private-bin abiword |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc fonts,gtk-3.0,ld.so.preload,passwd | 45 | private-etc alternatives,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # dbus-user none | 48 | # dbus-user none |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 8652ae5f1..dd3b2e59b 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -50,7 +50,7 @@ tracelog | |||
50 | private-bin agetpkg,python3 | 50 | private-bin agetpkg,python3 |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc ca-certificates,crypto-policies,ld.so.preload,pki,resolv.conf,ssl | 53 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 9b74b4d29..5a528595b 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | # private-bin alacarte,bash,python*,sh | 53 | # private-bin alacarte,bash,python*,sh |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg | 56 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,login.defs,mime.types,nsswitch.conf,passwd,pki,X11,xdg |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index b6e931be5..f6d711b2e 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin anki,python* | 50 | private-bin anki,python* |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf | 53 | private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl,Trolltech.conf |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index e96def048..8aef75cd1 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -45,7 +45,7 @@ private-bin aria2c,gzip | |||
45 | # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). | 45 | # Add 'private-cache' to your aria2c.local if you don't use Lutris/winetricks (see issue #2772). |
46 | #private-cache | 46 | #private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl | 48 | private-etc alternatives,ca-certificates,crypto-policies,groups,ld.so.cache,ld.so.preload,login.defs,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl |
49 | private-lib libreadline.so.* | 49 | private-lib libreadline.so.* |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 98ae01950..6676d42e9 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -43,6 +43,6 @@ tracelog | |||
43 | disable-mnt | 43 | disable-mnt |
44 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor | 44 | private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,passwd,pki,ssl,tor | 46 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index adf4e16ee..254f3f571 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -56,7 +56,7 @@ disable-mnt | |||
56 | private-bin artha,enchant,notify-send | 56 | private-bin artha,enchant,notify-send |
57 | private-cache | 57 | private-cache |
58 | private-dev | 58 | private-dev |
59 | private-etc alternatives,fonts,ld.so.preload,machine-id | 59 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
60 | private-lib libnotify.so.* | 60 | private-lib libnotify.so.* |
61 | private-tmp | 61 | private-tmp |
62 | 62 | ||
diff --git a/etc/profile-a-l/atool.profile b/etc/profile-a-l/atool.profile index 272f9906d..6399bc1a3 100644 --- a/etc/profile-a-l/atool.profile +++ b/etc/profile-a-l/atool.profile | |||
@@ -13,7 +13,7 @@ include allow-perl.inc | |||
13 | noroot | 13 | noroot |
14 | 14 | ||
15 | # without login.defs atool complains and uses UID/GID 1000 by default | 15 | # without login.defs atool complains and uses UID/GID 1000 by default |
16 | private-etc alternatives,group,ld.so.preload,login.defs,passwd | 16 | private-etc alternatives,group,ld.so.cache,ld.so.preload,login.defs,passwd |
17 | private-tmp | 17 | private-tmp |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 8fefc1eb7..a8af1928b 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin authenticator-rs | 47 | private-bin authenticator-rs |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,pki,resolv.conf,ssl,xdg | 50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user filter | 53 | dbus-user filter |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 2080aad62..be3543b08 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -66,7 +66,7 @@ tracelog | |||
66 | private-bin balsa,balsa-ab,gpg,gpg-agent,gpg2,gpgsm | 66 | private-bin balsa,balsa-ab,gpg,gpg-agent,gpg2,gpgsm |
67 | private-cache | 67 | private-cache |
68 | private-dev | 68 | private-dev |
69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.preload,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg | 69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,groups,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,mailname,passwd,pki,resolv.conf,selinux,ssl,xdg |
70 | private-tmp | 70 | private-tmp |
71 | writable-run-user | 71 | writable-run-user |
72 | writable-var | 72 | writable-var |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index 24db11c7e..be29ce8a7 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | # private-bin bibletime,qt5ct | 52 | # private-bin bibletime,qt5ct |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pki,resolv.conf,ssl,sword,sword.conf |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 61cd792b1..b86232860 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin bijiben | 51 | private-bin bijiben |
52 | # private-cache -- access to .cache/tracker is required | 52 | # private-cache -- access to .cache/tracker is required |
53 | private-dev | 53 | private-dev |
54 | private-etc dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload | 54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index 91ce57966..f8114c71b 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -23,7 +23,7 @@ no3d | |||
23 | nosound | 23 | nosound |
24 | 24 | ||
25 | ?HAS_APPIMAGE: ignore private-dev | 25 | ?HAS_APPIMAGE: ignore private-dev |
26 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 26 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
27 | private-opt Bitwarden | 27 | private-opt Bitwarden |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 8d8787174..3e20ed133 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -35,7 +35,7 @@ shell none | |||
35 | # private-bin bash,bless,mono,sh | 35 | # private-bin bash,bless,mono,sh |
36 | private-cache | 36 | private-cache |
37 | private-dev | 37 | private-dev |
38 | private-etc alternatives,fonts,ld.so.preload,mono | 38 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,mono |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
41 | dbus-user none | 41 | dbus-user none |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 7179bf4a5..d7df3bc49 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | disable-mnt | 41 | disable-mnt |
42 | private-bin blobby | 42 | private-bin blobby |
43 | private-dev | 43 | private-dev |
44 | private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.preload,login.defs,machine-id,passwd,pulse | 44 | private-etc alsa,alternatives,asound.conf,drirc,group,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,passwd,pulse |
45 | private-lib | 45 | private-lib |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 66f38b358..cc2fda3f2 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin blobwars | 43 | private-bin blobwars |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc ld.so.preload,machine-id | 46 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile index dbfc90996..fbc7c9056 100644 --- a/etc/profile-a-l/bsdtar.profile +++ b/etc/profile-a-l/bsdtar.profile | |||
@@ -6,7 +6,7 @@ include bsdtar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | private-etc alternatives,group,ld.so.preload,localtime,passwd | 9 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include archiver-common.profile | 12 | include archiver-common.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index d3c25d451..92c455144 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -46,7 +46,7 @@ tracelog | |||
46 | disable-mnt | 46 | disable-mnt |
47 | private-bin cameramonitor,python* | 47 | private-bin cameramonitor,python* |
48 | private-cache | 48 | private-cache |
49 | private-etc alternatives,fonts,ld.so.preload | 49 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | # dbus-user none | 52 | # dbus-user none |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index ceba03269..c7a98250e 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -39,7 +39,7 @@ disable-mnt | |||
39 | private-bin cawbird | 39 | private-bin cawbird |
40 | private-cache | 40 | private-cache |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg | 42 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,resolv.conf,ssl,X11,xdg |
43 | private-tmp | 43 | private-tmp |
44 | 44 | ||
45 | # dbus-user none | 45 | # dbus-user none |
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index 7fbc82aba..713d8a5e4 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin cheese | 52 | private-bin cheese |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.preload | 55 | private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0,ld.so.cache,ld.so.preload |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user filter | 58 | dbus-user filter |
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index c42243e02..7bfb61688 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -11,6 +11,7 @@ include chromium-common.local | |||
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | noblacklist /usr/lib/chromium/chrome-sandbox | ||
14 | 15 | ||
15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser | 16 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser |
16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector | 17 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector |
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 5eb2cb621..677d2b7eb 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin bash,clawsker,perl,sh,which | 44 | private-bin bash,clawsker,perl,sh,which |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.preload | 47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
48 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* | 48 | private-lib girepository-1.*,libdbus-glib-1.so.*,libetpan.so.*,libgirepository-1.*,libgtk-3.so.*,libgtk-x11-2.0.so.*,libstartup-notification-1.so.*,perl* |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index e51dd6bed..7421debe0 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -27,4 +27,4 @@ seccomp | |||
27 | shell none | 27 | shell none |
28 | 28 | ||
29 | private-bin cmus | 29 | private-bin cmus |
30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 6f08bc378..27780b669 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin com.github.bleakgrey.tootle | 45 | private-bin com.github.bleakgrey.tootle |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 48 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | # Settings are immutable | 51 | # Settings are immutable |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index d33b89e7c..0e29d90de 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin com.github.dahenson.agenda | 52 | private-bin com.github.dahenson.agenda |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc dconf,fonts,gtk-3.0,ld.so.preload | 55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user filter | 58 | dbus-user filter |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index c75a09a51..24222164b 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -55,7 +55,7 @@ disable-mnt | |||
55 | private-bin com.github.johnfactotum.Foliate,gjs | 55 | private-bin com.github.johnfactotum.Foliate,gjs |
56 | private-cache | 56 | private-cache |
57 | private-dev | 57 | private-dev |
58 | private-etc dconf,fonts,gconf,gtk-3.0,ld.so.preload | 58 | private-etc alternatives,dconf,fonts,gconf,gtk-3.0,ld.so.cache,ld.so.preload |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
61 | read-only ${HOME} | 61 | read-only ${HOME} |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 1d623fa09..099253b21 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -40,7 +40,7 @@ tracelog | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,machine-id,pki,ssl | 43 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,ssl |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index deb2c0ef8..ed1213687 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -39,7 +39,7 @@ shell none | |||
39 | disable-mnt | 39 | disable-mnt |
40 | private-bin crow | 40 | private-bin crow |
41 | private-dev | 41 | private-dev |
42 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl | 42 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl |
43 | private-opt none | 43 | private-opt none |
44 | private-tmp | 44 | private-tmp |
45 | private-srv none | 45 | private-srv none |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index 0e754c448..c75bc756f 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin d-feet,python* | 50 | private-bin d-feet,python* |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dbus-1,fonts,ld.so.preload,machine-id | 53 | private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 56 | #memory-deny-write-execute - breaks on Arch (see issue #1803) |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index c2532ed3b..e1b96f186 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -51,7 +51,7 @@ private | |||
51 | private-bin dbus-send | 51 | private-bin dbus-send |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,dbus-1,ld.so.preload | 54 | private-etc alternatives,dbus-1,ld.so.cache,ld.so.preload |
55 | private-lib libpcre* | 55 | private-lib libpcre* |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 2b43c5ea3..8c3c22dcf 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin dconf-editor | 43 | private-bin dconf-editor |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload,machine-id | 46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id |
47 | private-lib | 47 | private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index 1cbeee763..b170842c3 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin dconf,gsettings | 46 | private-bin dconf,gsettings |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,dconf,ld.so.preload | 49 | private-etc alternatives,dconf,ld.so.cache,ld.so.preload |
50 | private-lib | 50 | private-lib |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 0669a5a6c..e9b8f5c47 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | disable-mnt | 45 | disable-mnt |
46 | private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr | 46 | private-bin bash,dd,ddgtk,grep,lsblk,python*,sed,sh,tr |
47 | private-cache | 47 | private-cache |
48 | private-etc alternatives,fonts,ld.so.preload | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 19b6cffaf..a0f24c388 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | private-bin devilspie | 48 | private-bin devilspie |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.preload | 51 | private-etc alternatives,ld.so.cache,ld.so.preload |
52 | private-lib gconv | 52 | private-lib gconv |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 6eff39d40..8a8d816a3 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -40,7 +40,7 @@ shell none | |||
40 | private-bin display,python* | 40 | private-bin display,python* |
41 | private-dev | 41 | private-dev |
42 | # On Debian-based systems, display is a symlink in /etc/alternatives | 42 | # On Debian-based systems, display is a symlink in /etc/alternatives |
43 | private-etc alternatives,ld.so.preload | 43 | private-etc alternatives,ld.so.cache,ld.so.preload |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 253f5643e..df7be55de 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -45,7 +45,7 @@ shell none | |||
45 | private-bin drawio | 45 | private-bin drawio |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,ld.so.preload | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 0345f2b24..20cffae73 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | #private-bin bash,easystroke,sh | 45 | #private-bin bash,easystroke,sh |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,group,ld.so.preload,passwd | 48 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd |
49 | # breaks custom shell command functionality | 49 | # breaks custom shell command functionality |
50 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 50 | #private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
51 | private-tmp | 51 | private-tmp |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index e472f57b6..09d14045a 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -45,7 +45,7 @@ shell none | |||
45 | private-bin electron-mail | 45 | private-bin electron-mail |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg | 48 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,selinux,ssl,xdg |
49 | private-opt ElectronMail | 49 | private-opt ElectronMail |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index 8cfc9f797..dfbe5cee4 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -47,7 +47,7 @@ private-bin electrum,python* | |||
47 | private-cache | 47 | private-cache |
48 | ?HAS_APPIMAGE: ignore private-dev | 48 | ?HAS_APPIMAGE: ignore private-dev |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.preload,machine-id,pki,resolv.conf,ssl | 50 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | # dbus-user none | 53 | # dbus-user none |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 8673b65ca..ac73f002f 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -66,7 +66,7 @@ tracelog | |||
66 | # disable-mnt | 66 | # disable-mnt |
67 | private-cache | 67 | private-cache |
68 | private-dev | 68 | private-dev |
69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg | 69 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,groups,gtk-2.0,gtk-3.0,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mailname,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssl,xdg |
70 | private-tmp | 70 | private-tmp |
71 | # encrypting and signing email | 71 | # encrypting and signing email |
72 | writable-run-user | 72 | writable-run-user |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index 0a2e23996..eff0f64ea 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -48,7 +48,7 @@ x11 none | |||
48 | private-bin enchant,enchant-* | 48 | private-bin enchant,enchant-* |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.preload | 51 | private-etc alternatives,ld.so.cache,ld.so.preload |
52 | private-lib | 52 | private-lib |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index ddc0ce0b9..31f39e210 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -47,6 +47,6 @@ tracelog | |||
47 | 47 | ||
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload | 50 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload |
51 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* | 51 | private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* |
52 | private-tmp | 52 | private-tmp |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index fe7b912bd..0c3b790d5 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -54,7 +54,7 @@ disable-mnt | |||
54 | private-bin equalx,gs,pdflatex,pdftocairo | 54 | private-bin equalx,gs,pdflatex,pdftocairo |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf | 57 | private-etc alternatives,equalx,equalx.conf,fonts,gtk-2.0,latexmk.conf,ld.so.cache,ld.so.preload,machine-id,papersize,passwd,texlive,Trolltech.conf |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
60 | dbus-user none | 60 | dbus-user none |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 12c22ba5b..ae550e842 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -48,7 +48,7 @@ x11 none | |||
48 | #private-bin exiftool,perl | 48 | #private-bin exiftool,perl |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.preload | 51 | private-etc alternatives,ld.so.cache,ld.so.preload |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 03d6b30a1..321cb0145 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | # private-bin falkon | 47 | # private-bin falkon |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg | 50 | private-etc adobe,alternatives,asound.conf,ati,ca-certificates,crypto-policies,dconf,drirc,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,xdg |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | # dbus-user filter | 53 | # dbus-user filter |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 25e1082ad..ee775566e 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -42,7 +42,7 @@ private | |||
42 | private-bin bash,fdns,sh | 42 | private-bin bash,fdns,sh |
43 | private-cache | 43 | private-cache |
44 | #private-dev | 44 | #private-dev |
45 | private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl | 45 | private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl |
46 | # private-lib | 46 | # private-lib |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
diff --git a/etc/profile-a-l/feh-network.inc.profile b/etc/profile-a-l/feh-network.inc.profile index f9b3d58c9..7293e89a8 100644 --- a/etc/profile-a-l/feh-network.inc.profile +++ b/etc/profile-a-l/feh-network.inc.profile | |||
@@ -5,4 +5,4 @@ include feh-network.inc.local | |||
5 | ignore net none | 5 | ignore net none |
6 | netfilter | 6 | netfilter |
7 | protocol unix,inet,inet6 | 7 | protocol unix,inet,inet6 |
8 | private-etc ca-certificates,crypto-policies,hosts,ld.so.preload,pki,resolv.conf,ssl | 8 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index f2770f294..4b8d41170 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile | |||
@@ -36,7 +36,7 @@ shell none | |||
36 | private-bin feh,jpegexiforient,jpegtran | 36 | private-bin feh,jpegexiforient,jpegtran |
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,feh,ld.so.preload | 39 | private-etc alternatives,feh,ld.so.cache,ld.so.preload |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
42 | dbus-user none | 42 | dbus-user none |
diff --git a/etc/profile-a-l/ffplay.profile b/etc/profile-a-l/ffplay.profile index 2284ccbe4..52abb99d4 100644 --- a/etc/profile-a-l/ffplay.profile +++ b/etc/profile-a-l/ffplay.profile | |||
@@ -14,7 +14,7 @@ ignore nogroups | |||
14 | ignore nosound | 14 | ignore nosound |
15 | 15 | ||
16 | private-bin ffplay | 16 | private-bin ffplay |
17 | private-etc alsa,asound.conf,group,ld.so.preload | 17 | private-etc alsa,alternatives,asound.conf,group,ld.so.cache,ld.so.preload |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include ffmpeg.profile | 20 | include ffmpeg.profile |
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 54fa7dfa7..06a8f6170 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd | 43 | private-bin 7z,7za,7zr,ar,arj,atool,bash,brotli,bsdtar,bzip2,compress,cp,cpio,dpkg-deb,file-roller,gtar,gzip,isoinfo,lha,lrzip,lsar,lz4,lzip,lzma,lzop,mv,p7zip,rar,rm,rzip,sh,tar,unace,unalz,unar,uncompress,unrar,unsquashfs,unstuff,unzip,unzstd,xz,xzdec,zip,zoo,zstd |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,xdg | 46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg |
47 | # private-tmp | 47 | # private-tmp |
48 | 48 | ||
49 | dbus-system none | 49 | dbus-system none |
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 862ef6ab6..f80297022 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | disable-mnt | 52 | disable-mnt |
53 | private-bin flameshot | 53 | private-bin flameshot |
54 | private-cache | 54 | private-cache |
55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.preload,machine-id,pki,resolv.conf,ssl |
56 | private-dev | 56 | private-dev |
57 | #private-tmp | 57 | #private-tmp |
58 | 58 | ||
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index aeed313c8..cb00ce11b 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -16,7 +16,7 @@ mkdir ${HOME}/.config/FreeTube | |||
16 | whitelist ${HOME}/.config/FreeTube | 16 | whitelist ${HOME}/.config/FreeTube |
17 | 17 | ||
18 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh | 18 | private-bin electron,electron[0-9],electron[0-9][0-9],freetube,sh |
19 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 19 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include electron.profile | 22 | include electron.profile |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index efd5246d6..8419998de 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin frogatto,sh | 45 | private-bin frogatto,sh |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc ld.so.preload,machine-id | 48 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile new file mode 100644 index 000000000..29470360c --- /dev/null +++ b/etc/profile-a-l/ftp.profile | |||
@@ -0,0 +1,54 @@ | |||
1 | # Firejail profile for ftp | ||
2 | # Description: standard File Access Protocol utility | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include ftp.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${PATH}/ftp | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-proc.inc | ||
17 | include disable-programs.inc | ||
18 | #include disable-shell.inc | ||
19 | include disable-write-mnt.inc | ||
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | machine-id | ||
27 | netfilter | ||
28 | no3d | ||
29 | nodvd | ||
30 | nogroups | ||
31 | noinput | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | nosound | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol inet,inet6 | ||
39 | seccomp | ||
40 | shell none | ||
41 | tracelog | ||
42 | |||
43 | #disable-mnt | ||
44 | #private-bin PROGRAMS | ||
45 | private-cache | ||
46 | private-dev | ||
47 | #private-etc FILES | ||
48 | private-tmp | ||
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
53 | memory-deny-write-execute | ||
54 | noexec ${HOME} | ||
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index c6280c488..4efe41f8d 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin galculator | 43 | private-bin galculator |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.preload | 46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
47 | private-lib | 47 | private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-a-l/gallery-dl.profile b/etc/profile-a-l/gallery-dl.profile index a31dde21c..2947873ef 100644 --- a/etc/profile-a-l/gallery-dl.profile +++ b/etc/profile-a-l/gallery-dl.profile | |||
@@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/gallery-dl | |||
12 | noblacklist ${HOME}/.gallery-dl.conf | 12 | noblacklist ${HOME}/.gallery-dl.conf |
13 | 13 | ||
14 | private-bin gallery-dl | 14 | private-bin gallery-dl |
15 | private-etc gallery-dl.conf,ld.so.preload | 15 | private-etc alternatives,gallery-dl.conf,ld.so.cache,ld.so.preload |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include youtube-dl.profile | 18 | include youtube-dl.profile |
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 62f3659ea..ec5b733c8 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -49,7 +49,7 @@ private | |||
49 | private-bin gapplication | 49 | private-bin gapplication |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc ld.so.preload | 52 | private-etc alternatives,ld.so.cache,ld.so.preload |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | # Add the next line to your gapplication.local to filter D-Bus names. | 55 | # Add the next line to your gapplication.local to filter D-Bus names. |
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 6532d85f0..a45374d4e 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -54,7 +54,7 @@ disable-mnt | |||
54 | private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* | 54 | private-bin gconf-editor,gconf-merge-*,gconfpkg,gconftool-2,gsettings-*-convert,python2* |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc alternatives,fonts,gconf,ld.so.preload | 57 | private-etc alternatives,fonts,gconf,ld.so.cache,ld.so.preload |
58 | private-lib GConf,libpython*,python2* | 58 | private-lib GConf,libpython*,python2* |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index b78f7e647..cececd9e9 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -70,7 +70,7 @@ tracelog | |||
70 | private-bin geary | 70 | private-bin geary |
71 | private-cache | 71 | private-cache |
72 | private-dev | 72 | private-dev |
73 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.preload,pki,resolv.conf,ssl,xdg | 73 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl,xdg |
74 | private-tmp | 74 | private-tmp |
75 | 75 | ||
76 | dbus-user filter | 76 | dbus-user filter |
diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index 4812e1368..243b893b9 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile | |||
@@ -48,7 +48,7 @@ disable-mnt | |||
48 | #private-bin bash,geekbench*,sh -- #4576 | 48 | #private-bin bash,geekbench*,sh -- #4576 |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,group,ld.so.preload,lsb-release,passwd | 51 | private-etc alternatives,group,ld.so.cache,ld.so.preload,lsb-release,passwd |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index d8ca4ae41..bc1199914 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin gget | 49 | private-bin gget |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,pki,resolv.conf,ssl | 52 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
53 | private-lib | 53 | private-lib |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 010cdae06..506ab7127 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | disable-mnt | 52 | disable-mnt |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,ld.so.preload | 55 | private-etc alternatives,ld.so.cache,ld.so.preload |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index c13273321..6439c8821 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -70,7 +70,7 @@ tracelog | |||
70 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed | 70 | private-bin basename,bash,cola,envsubst,gettext,git,git-cola,git-dag,git-gui,gitk,gpg,gpg-agent,nano,ps,python*,sh,ssh,ssh-agent,tclsh,tr,wc,which,xed |
71 | private-cache | 71 | private-cache |
72 | private-dev | 72 | private-dev |
73 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg | 73 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gitconfig,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,mime.types,nsswitch.conf,passwd,pki,resolv.conf,selinux,ssh,ssl,X11,xdg |
74 | private-tmp | 74 | private-tmp |
75 | writable-run-user | 75 | writable-run-user |
76 | 76 | ||
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 36b016e02..16358d064 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin bash,env,gitter | 39 | private-bin bash,env,gitter |
40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,pulse,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,pulse,resolv.conf,ssl |
41 | private-opt Gitter | 41 | private-opt Gitter |
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index 0a1264888..e53297c06 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | #private-bin gmpc | 45 | #private-bin gmpc |
46 | private-cache | 46 | private-cache |
47 | private-etc alternatives,fonts,ld.so.preload | 47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
48 | private-tmp | 48 | private-tmp |
49 | writable-run-user | 49 | writable-run-user |
50 | 50 | ||
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index 2c1dee50c..f9df83e2a 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -45,7 +45,7 @@ private | |||
45 | private-bin gnome-calendar | 45 | private-bin gnome-calendar |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl | 48 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,pki,resolv.conf,ssl |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 6261fcc27..dc9092a93 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -50,5 +50,5 @@ disable-mnt | |||
50 | private-bin fairymax,gnome-chess,gnuchess,hoichess | 50 | private-bin fairymax,gnome-chess,gnuchess,hoichess |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.preload | 53 | private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload |
54 | private-tmp | 54 | private-tmp |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 7d33ac94e..90665add6 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -42,6 +42,6 @@ disable-mnt | |||
42 | private-bin gnome-clocks,gsound-play | 42 | private-bin gnome-clocks,gsound-play |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl | 45 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 28c7e3346..ab6279608 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -42,7 +42,7 @@ private | |||
42 | private-bin gnome-hexgl | 42 | private-bin gnome-hexgl |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alsa,asound.conf,ld.so.preload,machine-id,pulse | 45 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 1d2366365..39a6718a6 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -48,6 +48,6 @@ tracelog | |||
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed | 50 | # passwd,login.defs,firejail are a temporary workaround for #2877 and can be removed once it is fixed |
51 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.preload,login.defs,passwd,texlive | 51 | private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive |
52 | 52 | ||
53 | dbus-system none | 53 | dbus-system none |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index 3d8218e99..7ee4d8b75 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -40,7 +40,7 @@ disable-mnt | |||
40 | private-bin gnome-logs | 40 | private-bin gnome-logs |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alternatives,fonts,ld.so.preload,localtime,machine-id | 43 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id |
44 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 44 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
45 | private-tmp | 45 | private-tmp |
46 | writable-var-log | 46 | writable-var-log |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index fe8268530..7b79fa15d 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -42,6 +42,6 @@ tracelog | |||
42 | # private-bin calls a file manager - whatever is installed! | 42 | # private-bin calls a file manager - whatever is installed! |
43 | #private-bin env,gio-launch-desktop,gnome-music,python*,yelp | 43 | #private-bin env,gio-launch-desktop,gnome-music,python*,yelp |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.preload,machine-id,pulse,selinux,xdg | 45 | private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index bdc09b5ac..a96ec6f05 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin gnome-passwordsafe,python3* | 53 | private-bin gnome-passwordsafe,python3* |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,passwd | 56 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,passwd |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user filter | 59 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index fb108ee97..6d30213cb 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | disable-mnt | 34 | disable-mnt |
35 | private-cache | 35 | private-cache |
36 | private-dev | 36 | private-dev |
37 | private-etc alternatives,fonts,ld.so.preload,machine-id | 37 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 38 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
39 | private-tmp | 39 | private-tmp |
40 | 40 | ||
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index 256a0c69f..99d569a04 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin gnome-pomodoro | 44 | private-bin gnome-pomodoro |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id | 47 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user filter | 50 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 9a5f878fc..b2ce4a92a 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -47,7 +47,7 @@ shell none | |||
47 | disable-mnt | 47 | disable-mnt |
48 | private-bin gnome-recipes,tar | 48 | private-bin gnome-recipes,tar |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,ssl | 50 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,ssl |
51 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* | 51 | private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index a4e4ae38a..36c6693a9 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin gnome-screenshot | 43 | private-bin gnome-screenshot |
44 | private-dev | 44 | private-dev |
45 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,localtime,machine-id | 45 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,machine-id |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user filter | 48 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 859d56bd9..28a0205b9 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -40,5 +40,5 @@ tracelog | |||
40 | disable-mnt | 40 | disable-mnt |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc alsa,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,machine-id,openal,pango,pulse,xdg | 43 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index addd76f7f..02b023855 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin gnome-system-log | 43 | private-bin gnome-system-log |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.preload,localtime,machine-id | 46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,localtime,machine-id |
47 | private-lib | 47 | private-lib |
48 | private-tmp | 48 | private-tmp |
49 | writable-var-log | 49 | writable-var-log |
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index e7615e4f2..c6cd12250 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin gnome-todo | 46 | private-bin gnome-todo |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,localtime,passwd,xdg | 49 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,localtime,passwd,xdg |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index a76fbbb2c..9b4f68808 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | disable-mnt | 41 | disable-mnt |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.preload,machine-id,pango,passwd,X11 | 44 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pango,passwd,X11 |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user filter | 47 | dbus-user filter |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index deda06f8e..928f2c548 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin gnote | 51 | private-bin gnote |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc dconf,fonts,gtk-3.0,ld.so.preload,pango,X11 | 54 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pango,X11 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user filter | 57 | dbus-user filter |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index e2e154216..c895b4ce9 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -43,7 +43,7 @@ private | |||
43 | private-bin gnubik | 43 | private-bin gnubik |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc drirc,fonts,gtk-2.0,ld.so.preload | 46 | private-etc alternatives,drirc,fonts,gtk-2.0,ld.so.cache,ld.so.preload |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index f33f63497..46b362db9 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -38,7 +38,7 @@ tracelog | |||
38 | # private-bin godot | 38 | # private-bin godot |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,ld.so.preload,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl | 41 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,ld.so.cache,ld.so.preload,machine-id,mono,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | dbus-user none | 44 | dbus-user none |
diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile index 59a572319..5251ed427 100644 --- a/etc/profile-a-l/goldendict.profile +++ b/etc/profile-a-l/goldendict.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin goldendict | 50 | private-bin goldendict |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc ca-certificates,crypto-policies,fonts,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 53 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index a37c7ad77..a35813a09 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -54,7 +54,7 @@ disable-mnt | |||
54 | private-bin env,python3*,sh,w3m | 54 | private-bin env,python3*,sh,w3m |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 57 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
60 | dbus-user none | 60 | dbus-user none |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 436134e1b..26afe6e49 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | private-bin gpicview | 41 | private-bin gpicview |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,group,ld.so.preload,passwd | 44 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,passwd |
45 | private-lib | 45 | private-lib |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index e421c6a0b..511be6fcc 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -36,6 +36,6 @@ tracelog | |||
36 | 36 | ||
37 | private-bin gpredict | 37 | private-bin gpredict |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,resolv.conf,ssl | 39 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index efb6b39c6..9cc25e45c 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin gradio | 45 | private-bin gradio |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 48 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user filter | 51 | dbus-user filter |
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 10d41735a..d76ca105f 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -40,7 +40,7 @@ private | |||
40 | private-bin gravity-beams-and-evaporating-stars | 40 | private-bin gravity-beams-and-evaporating-stars |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc fonts,ld.so.preload,machine-id | 43 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index e38dc5c0c..ec8a614fd 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin gtk-update-icon-cache | 46 | private-bin gtk-update-icon-cache |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc ld.so.preload | 49 | private-etc alternatives,ld.so.cache,ld.so.preload |
50 | private-lib | 50 | private-lib |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 0baebdae1..74e0faa7f 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -44,7 +44,7 @@ private-bin hyperrogue | |||
44 | private-cache | 44 | private-cache |
45 | private-cwd ${HOME} | 45 | private-cwd ${HOME} |
46 | private-dev | 46 | private-dev |
47 | private-etc fonts,ld.so.preload,machine-id | 47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index 3200d1850..6eefd2945 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile | |||
@@ -50,7 +50,7 @@ private-bin bash,ipcalc,ipcalc-ng,perl,sh | |||
50 | # private-cache | 50 | # private-cache |
51 | private-dev | 51 | private-dev |
52 | # empty etc directory | 52 | # empty etc directory |
53 | private-etc ld.so.preload | 53 | private-etc alternatives,ld.so.cache,ld.so.preload |
54 | private-lib | 54 | private-lib |
55 | private-opt none | 55 | private-opt none |
56 | private-tmp | 56 | private-tmp |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 59260dc64..6ca977512 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -34,7 +34,7 @@ tracelog | |||
34 | 34 | ||
35 | private-bin bash,jerry,sh,stockfish | 35 | private-bin bash,jerry,sh,stockfish |
36 | private-dev | 36 | private-dev |
37 | private-etc fonts,gtk-2.0,gtk-3.0,ld.so.preload | 37 | private-etc alternatives,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index 8528ece7c..4a9232344 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -41,7 +41,7 @@ disable-mnt | |||
41 | private-bin jumpnbump | 41 | private-bin jumpnbump |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc ld.so.preload | 44 | private-etc alternatives,ld.so.cache,ld.so.preload |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 5253a78b0..6ad50cf14 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -42,7 +42,7 @@ disable-mnt | |||
42 | private-bin kalgebra,kalgebramobile | 42 | private-bin kalgebra,kalgebramobile |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc fonts,ld.so.preload,machine-id | 45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index d88631005..277db1c24 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | # private-bin kazam,python* | 49 | # private-bin kazam,python* |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,machine-id,pulse,selinux,X11,xdg | 52 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,X11,xdg |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-system none | 55 | dbus-system none |
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index 616b87d7e..5e2d6d8df 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -41,7 +41,7 @@ tracelog | |||
41 | 41 | ||
42 | private-bin keepassx,keepassx2 | 42 | private-bin keepassx,keepassx2 |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,fonts,ld.so.preload,machine-id | 44 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | dbus-user none | 47 | dbus-user none |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 8b35a8946..5563aa410 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | 37 | ||
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
41 | private-tmp | 41 | private-tmp |
42 | private-opt none | 42 | private-opt none |
43 | private-srv none | 43 | private-srv none |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index 964175274..46164403b 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin bash,klavaro,sh,tclsh,tclsh* | 45 | private-bin bash,klavaro,sh,tclsh,tclsh* |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,ld.so.preload | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
49 | private-tmp | 49 | private-tmp |
50 | private-opt none | 50 | private-opt none |
51 | private-srv none | 51 | private-srv none |
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 78eb2e8f5..44da8acca 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin ktouch | 46 | private-bin ktouch |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,kde5rc,ld.so.preload,machine-id | 49 | private-etc alternatives,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user none | 52 | dbus-user none |
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index ad6b2f5fe..718cbbf40 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -68,7 +68,7 @@ tracelog | |||
68 | private-bin kube,sink_synchronizer | 68 | private-bin kube,sink_synchronizer |
69 | private-cache | 69 | private-cache |
70 | private-dev | 70 | private-dev |
71 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg | 71 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gcrypt,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg |
72 | private-tmp | 72 | private-tmp |
73 | writable-run-user | 73 | writable-run-user |
74 | 74 | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index dac3eaee3..84f5dc50d 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin sh | 51 | private-bin sh |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 54 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
55 | # Add the next line to your links-common.local to allow external media players. | 55 | # Add the next line to your links-common.local to allow external media players. |
56 | # private-etc alsa,asound.conf,machine-id,openal,pulse | 56 | # private-etc alsa,asound.conf,machine-id,openal,pulse |
57 | private-tmp | 57 | private-tmp |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index a590c5fb7..fde338ff0 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -37,6 +37,6 @@ seccomp | |||
37 | shell none | 37 | shell none |
38 | 38 | ||
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 40 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index 3213f3674..ae2f2d434 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -32,7 +32,7 @@ apparmor | |||
32 | machine-id | 32 | machine-id |
33 | 33 | ||
34 | # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex | 34 | # private-bin atril,dvilualatex,env,latex,lua*,luatex,lyx,lyxclient,okular,pdf2latex,pdflatex,pdftex,perl*,python*,qpdf,qpdfview,sh,tex2lyx,texmf,xelatex |
35 | private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg | 35 | private-etc alternatives,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,lyx,machine-id,mime.types,passwd,texmf,X11,xdg |
36 | 36 | ||
37 | # Redirect | 37 | # Redirect |
38 | include latex-common.profile | 38 | include latex-common.profile |
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index ca7165a5d..89ca53af6 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile | |||
@@ -33,5 +33,5 @@ shell none | |||
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin awk,bash,dig,sh,Viber | 35 | private-bin awk,bash,dig,sh,Viber |
36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 | 36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 |
37 | private-tmp | 37 | private-tmp |
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index b7cba2421..47165dd3d 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin magicor,python2* | 45 | private-bin magicor,python2* |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc ld.so.preload,machine-id | 48 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index b6038cc91..9c5959091 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile | |||
@@ -58,7 +58,7 @@ disable-mnt | |||
58 | #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim | 58 | #private-bin apropos,bash,cat,catman,col,gpreconv,groff,grotty,gunzip,gzip,less,man,most,nroff,preconv,sed,sh,tbl,tr,troff,whatis,which,xtotroff,zcat,zsoelim |
59 | private-cache | 59 | private-cache |
60 | private-dev | 60 | private-dev |
61 | private-etc alternatives,fonts,groff,ld.so.preload,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg | 61 | private-etc alternatives,fonts,groff,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,man_db.conf,manpath.config,selinux,sysless,xdg |
62 | #private-tmp | 62 | #private-tmp |
63 | 63 | ||
64 | dbus-user none | 64 | dbus-user none |
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index dc2088a18..764d040ab 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile | |||
@@ -36,6 +36,6 @@ tracelog | |||
36 | 36 | ||
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | private-etc alternatives,fonts,ld.so.preload | 39 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index cb14c6584..2be6b9af1 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | 42 | ||
43 | disable-mnt | 43 | disable-mnt |
44 | private-bin mate-calc,mate-calculator | 44 | private-bin mate-calc,mate-calculator |
45 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload | 45 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload |
46 | private-dev | 46 | private-dev |
47 | private-opt none | 47 | private-opt none |
48 | private-tmp | 48 | private-tmp |
diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile index 97793abd5..e16b0fc6c 100644 --- a/etc/profile-m-z/mate-color-select.profile +++ b/etc/profile-m-z/mate-color-select.profile | |||
@@ -33,7 +33,7 @@ shell none | |||
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin mate-color-select | 35 | private-bin mate-color-select |
36 | private-etc alternatives,fonts,ld.so.preload | 36 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
37 | private-dev | 37 | private-dev |
38 | private-lib | 38 | private-lib |
39 | private-tmp | 39 | private-tmp |
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index cb0002af6..469416304 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile | |||
@@ -37,7 +37,7 @@ shell none | |||
37 | 37 | ||
38 | disable-mnt | 38 | disable-mnt |
39 | private-bin mate-dictionary | 39 | private-bin mate-dictionary |
40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,resolv.conf,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
41 | private-opt mate-dictionary | 41 | private-opt mate-dictionary |
42 | private-dev | 42 | private-dev |
43 | private-tmp | 43 | private-tmp |
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 87083f1e3..4c4a6aa76 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile | |||
@@ -31,4 +31,4 @@ shell none | |||
31 | 31 | ||
32 | private-bin mcabber | 32 | private-bin mcabber |
33 | private-dev | 33 | private-dev |
34 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,pki,ssl | 34 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl |
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 618a1fd3a..bcfd59cbb 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin mdr | 45 | private-bin mdr |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc ld.so.preload | 48 | private-etc alternatives,ld.so.cache,ld.so.preload |
49 | private-lib | 49 | private-lib |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 9403321e2..9bfbaf745 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile | |||
@@ -42,7 +42,7 @@ x11 none | |||
42 | private-bin mediainfo | 42 | private-bin mediainfo |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ld.so.preload | 45 | private-etc alternatives,ld.so.cache,ld.so.preload |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index f9f7db3cb..ed0758a49 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | disable-mnt | 52 | disable-mnt |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg | 55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,locale.alias,locale.conf,mime.types,nsswitch.conf,passwd,pki,selinux,X11,xdg |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index bcc7b232b..16ace7ce4 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile | |||
@@ -42,7 +42,7 @@ private | |||
42 | private-bin mindless | 42 | private-bin mindless |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc fonts,ld.so.preload | 45 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 133a17350..be846ce63 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -44,7 +44,7 @@ private | |||
44 | private-bin mirrormagic | 44 | private-bin mirrormagic |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc ld.so.preload,machine-id | 47 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index 79f603f92..313d78030 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | private-bin mocp | 42 | private-bin mocp |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl | 45 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 445691f6a..fe3c78b55 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile | |||
@@ -37,7 +37,7 @@ tracelog | |||
37 | private-bin mp3splt-gtk | 37 | private-bin mp3splt-gtk |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,ld.so.preload,machine-id,openal,pulse | 40 | private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pulse |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index 4d6109250..c89c72ce4 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile | |||
@@ -44,7 +44,7 @@ disable-mnt | |||
44 | private-bin flacsplt,mp3splt,mp3wrap,oggsplt | 44 | private-bin flacsplt,mp3splt,mp3wrap,oggsplt |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ld.so.preload | 47 | private-etc alternatives,ld.so.cache,ld.so.preload |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | memory-deny-write-execute | 50 | memory-deny-write-execute |
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index 597390914..18a839363 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile | |||
@@ -49,7 +49,7 @@ shell none | |||
49 | private-bin mpDris2,notify-send,python* | 49 | private-bin mpDris2,notify-send,python* |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,hosts,ld.so.preload,nsswitch.conf | 52 | private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf |
53 | private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* | 53 | private-lib libdbus-1.so.*,libdbus-glib-1.so.*,libgirepository-1.0.so.*,libnotify.so.*,libpython*,python2*,python3* |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index 74402a8de..efb11465b 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -74,7 +74,7 @@ seccomp.block-secondary | |||
74 | shell none | 74 | shell none |
75 | tracelog | 75 | tracelog |
76 | 76 | ||
77 | private-bin env,mpv,python*,waf,youtube-dl | 77 | private-bin env,mpv,python*,waf,youtube-dl,yt-dlp |
78 | # private-cache causes slow OSD, see #2838 | 78 | # private-cache causes slow OSD, see #2838 |
79 | #private-cache | 79 | #private-cache |
80 | private-dev | 80 | private-dev |
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index 5b5902563..3fe88ec7f 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -52,7 +52,7 @@ disable-mnt | |||
52 | private-bin love,mrrescue,sh | 52 | private-bin love,mrrescue,sh |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc ld.so.preload,machine-id | 55 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 7b4a305e9..e15b14db7 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile | |||
@@ -35,7 +35,7 @@ tracelog | |||
35 | 35 | ||
36 | disable-mnt | 36 | disable-mnt |
37 | private-bin bash,env,fonts,jak,ms-office,python*,sh | 37 | private-bin bash,env,fonts,jak,ms-office,python*,sh |
38 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,pki,resolv.conf,ssl | 38 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
39 | private-dev | 39 | private-dev |
40 | private-tmp | 40 | private-tmp |
41 | 41 | ||
diff --git a/etc/profile-m-z/mupdf-x11-curl.profile b/etc/profile-m-z/mupdf-x11-curl.profile index b95ab2194..006f64ba8 100644 --- a/etc/profile-m-z/mupdf-x11-curl.profile +++ b/etc/profile-m-z/mupdf-x11-curl.profile | |||
@@ -12,7 +12,7 @@ ignore net none | |||
12 | netfilter | 12 | netfilter |
13 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
14 | 14 | ||
15 | private-etc ca-certificates,crypto-policies,hosts,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 15 | private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include mupdf.profile | 18 | include mupdf.profile |
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index aab2ac19d..796d7fbb0 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile | |||
@@ -33,5 +33,5 @@ seccomp !chroot | |||
33 | 33 | ||
34 | disable-mnt | 34 | disable-mnt |
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.preload,machine-id,pki,pulse,ssl | 36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl |
37 | 37 | ||
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index fb923051f..d10c55549 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -134,7 +134,7 @@ tracelog | |||
134 | # disable-mnt | 134 | # disable-mnt |
135 | private-cache | 135 | private-cache |
136 | private-dev | 136 | private-dev |
137 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg | 137 | private-etc alternatives,ca-certificates,crypto-policies,fonts,gai.conf,gcrypt,gnupg,gnutls,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,terminfo,xdg |
138 | private-tmp | 138 | private-tmp |
139 | writable-run-user | 139 | writable-run-user |
140 | writable-var | 140 | writable-var |
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index bf01aaa0e..74301df06 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | 43 | ||
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload | 46 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 23a30bf97..f7c1f0ff7 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -49,7 +49,7 @@ private-dev | |||
49 | # Add the next lines to your nano.local if you want to edit files in /etc directly. | 49 | # Add the next lines to your nano.local if you want to edit files in /etc directly. |
50 | #ignore private-etc | 50 | #ignore private-etc |
51 | #writable-etc | 51 | #writable-etc |
52 | private-etc alternatives,ld.so.preload,nanorc | 52 | private-etc alternatives,ld.so.cache,ld.so.preload,nanorc |
53 | # Add the next line to your nano.local if you want to edit files in /var directly. | 53 | # Add the next line to your nano.local if you want to edit files in /var directly. |
54 | #writable-var | 54 | #writable-var |
55 | 55 | ||
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 1e59a1490..f31cf9dcb 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -137,7 +137,7 @@ tracelog | |||
137 | # disable-mnt | 137 | # disable-mnt |
138 | private-cache | 138 | private-cache |
139 | private-dev | 139 | private-dev |
140 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg | 140 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gcrypt,gnupg,hostname,hosts,hosts.conf,ld.so.cache,ld.so.preload,mail,mailname,Mutt,Muttrc,Muttrc.d,neomuttrc,neomuttrc.d,nntpserver,nsswitch.conf,passwd,pki,resolv.conf,ssl,xdg |
141 | private-tmp | 141 | private-tmp |
142 | writable-run-user | 142 | writable-run-user |
143 | writable-var | 143 | writable-var |
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 57f026a0b..d6ac8d5bc 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin netactview,netactview_polkit | 45 | private-bin netactview,netactview_polkit |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,ld.so.preload | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
49 | private-lib | 49 | private-lib |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index 34c6110cf..cf72bf802 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin gzip,lynx,newsboat,sh,w3m | 53 | private-bin gzip,lynx,newsboat,sh,w3m |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo | 56 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,lynx.cfg,lynx.lss,pki,resolv.conf,ssl,terminfo |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 56cedec03..9966a0e1b 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile | |||
@@ -51,7 +51,7 @@ disable-mnt | |||
51 | private-bin com.gitlab.newsflash,newsflash | 51 | private-bin com.gitlab.newsflash,newsflash |
52 | private-cache | 52 | private-cache |
53 | private-dev | 53 | private-dev |
54 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pango,pki,resolv.conf,ssl,X11 | 54 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,nsswitch.conf,pango,pki,resolv.conf,ssl,X11 |
55 | private-tmp | 55 | private-tmp |
56 | 56 | ||
57 | dbus-user none | 57 | dbus-user none |
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 0bed12b1f..7ffb09e56 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -41,5 +41,5 @@ tracelog | |||
41 | #private-bin nomacs | 41 | #private-bin nomacs |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl | 44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl |
45 | private-tmp | 45 | private-tmp |
diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile new file mode 100644 index 000000000..560ee9db3 --- /dev/null +++ b/etc/profile-m-z/noprofile.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This is the weakest possible firejail profile. | ||
2 | # If a program still fail with this profile, it is incompatible with firejail. | ||
3 | # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72) | ||
4 | # | ||
5 | # Usage: | ||
6 | # 1. download | ||
7 | # 2. firejail --profile=noprofile.profile /path/to/program | ||
8 | |||
9 | # Keep in mind that even with this profile some things are done | ||
10 | # which can break the program. | ||
11 | # - some env-vars are cleared | ||
12 | # - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes' | ||
13 | # - a new private pid-namespace is created | ||
14 | # - a minimal hardcoded blacklist is applied | ||
15 | # - ... | ||
16 | |||
17 | noblacklist /sys/fs | ||
18 | noblacklist /sys/module | ||
19 | |||
20 | allow-debuggers | ||
21 | allusers | ||
22 | keep-config-pulse | ||
23 | keep-dev-shm | ||
24 | keep-var-tmp | ||
25 | writable-etc | ||
26 | writable-run-user | ||
27 | writable-var | ||
28 | writable-var-log | ||
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 8e51d8e78..9f23c099d 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -49,7 +49,7 @@ private | |||
49 | private-bin notify-send | 49 | private-bin notify-send |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc ld.so.preload | 52 | private-etc alternatives,ld.so.cache,ld.so.preload |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user filter | 55 | dbus-user filter |
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index 9e3093ea7..9f4a6ec46 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile | |||
@@ -18,7 +18,7 @@ whitelist ${HOME}/.config/nuclear | |||
18 | no3d | 18 | no3d |
19 | 19 | ||
20 | # private-bin nuclear | 20 | # private-bin nuclear |
21 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
22 | private-opt nuclear | 22 | private-opt nuclear |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index 9b431d76d..653591482 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin nyx,python* | 45 | private-bin nyx,python* |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,ld.so.preload,passwd,tor | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,passwd,tor |
49 | private-opt none | 49 | private-opt none |
50 | private-srv none | 50 | private-srv none |
51 | private-tmp | 51 | private-tmp |
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 7d2374ccf..de62f4114 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile | |||
@@ -38,7 +38,7 @@ x11 none | |||
38 | private-bin odt2txt | 38 | private-bin odt2txt |
39 | private-cache | 39 | private-cache |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,ld.so.preload | 41 | private-etc alternatives,ld.so.cache,ld.so.preload |
42 | private-tmp | 42 | private-tmp |
43 | 43 | ||
44 | dbus-user none | 44 | dbus-user none |
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index e70e5e81e..e05e58cad 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-cache | 50 | private-cache |
51 | private-bin onboard,python*,tput | 51 | private-bin onboard,python*,tput |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.preload,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg | 53 | private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,selinux,X11,xdg |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-system none | 56 | dbus-system none |
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index de334defd..c3ac097a0 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity | 43 | private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc drirc,ld.so.preload,machine-id,openal,passwd,selinux,udev,xdg | 46 | private-etc alternatives,drirc,ld.so.cache,ld.so.preload,machine-id,openal,passwd,selinux,udev,xdg |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile new file mode 100644 index 000000000..f6622b38d --- /dev/null +++ b/etc/profile-m-z/openstego.profile | |||
@@ -0,0 +1,58 @@ | |||
1 | # Firejail profile for OpenStego | ||
2 | # Description: Steganography application that provides data hiding and watermarking functionality | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include openstego.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/openstego.ini | ||
10 | |||
11 | # Allow java (blacklisted by disable-devel.inc) | ||
12 | include allow-java.inc | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-proc.inc | ||
19 | include disable-programs.inc | ||
20 | |||
21 | mkfile ${HOME}/openstego.ini | ||
22 | whitelist ${HOME}/openstego.ini | ||
23 | whitelist ${HOME}/.java | ||
24 | whitelist ${PICTURES} | ||
25 | whitelist ${DOCUMENTS} | ||
26 | whitelist ${DESKTOP} | ||
27 | whitelist /usr/share/java | ||
28 | include whitelist-common.inc | ||
29 | include whitelist-run-common.inc | ||
30 | include whitelist-runuser-common.inc | ||
31 | include whitelist-usr-share-common.inc | ||
32 | include whitelist-var-common.inc | ||
33 | |||
34 | caps.drop all | ||
35 | machine-id | ||
36 | net none | ||
37 | no3d | ||
38 | nogroups | ||
39 | noinput | ||
40 | nonewprivs | ||
41 | noroot | ||
42 | nosound | ||
43 | notv | ||
44 | nou2f | ||
45 | novideo | ||
46 | seccomp | ||
47 | seccomp.block-secondary | ||
48 | shell none | ||
49 | tracelog | ||
50 | |||
51 | disable-mnt | ||
52 | private-bin bash,dirname,openstego,readlink,sh | ||
53 | private-cache | ||
54 | private-dev | ||
55 | private-tmp | ||
56 | |||
57 | dbus-user none | ||
58 | dbus-system none | ||
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index 460f60beb..c016b5103 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile | |||
@@ -50,7 +50,7 @@ x11 none | |||
50 | disable-mnt | 50 | disable-mnt |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc alternatives,ld.so.preload,texlive,texmf | 53 | private-etc alternatives,ld.so.cache,ld.so.preload,texlive,texmf |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index a4737d388..3d380542f 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile | |||
@@ -27,4 +27,4 @@ shell none | |||
27 | 27 | ||
28 | private-bin dbus-launch,parole | 28 | private-bin dbus-launch,parole |
29 | private-cache | 29 | private-cache |
30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.preload,machine-id,passwd,pki,pulse,ssl | 30 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl |
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index 76f1c9704..d64aab200 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile | |||
@@ -45,7 +45,7 @@ disable-mnt | |||
45 | private-bin pavucontrol | 45 | private-bin pavucontrol |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,asound.conf,avahi,fonts,ld.so.preload,machine-id,pulse | 48 | private-etc alternatives,asound.conf,avahi,fonts,ld.so.cache,ld.so.preload,machine-id,pulse |
49 | private-lib | 49 | private-lib |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 400fc3d77..41ec98a39 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile | |||
@@ -34,7 +34,7 @@ shell none | |||
34 | 34 | ||
35 | private-bin pdfchain,pdftk,sh | 35 | private-bin pdfchain,pdftk,sh |
36 | private-dev | 36 | private-dev |
37 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.preload,xdg | 37 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
40 | dbus-user none | 40 | dbus-user none |
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index b1c2dfb1c..9d2f2b95f 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile | |||
@@ -48,7 +48,7 @@ x11 none | |||
48 | private-bin pdftotext | 48 | private-bin pdftotext |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc alternatives,ld.so.preload | 51 | private-etc alternatives,ld.so.cache,ld.so.preload |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index e216742a4..f5c295b5d 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -48,7 +48,7 @@ tracelog | |||
48 | disable-mnt | 48 | disable-mnt |
49 | private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh | 49 | private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh |
50 | private-dev | 50 | private-dev |
51 | private-etc dconf,firejail,fonts,gtk-3.0,ld.so.preload,login.defs,pango,passwd,X11 | 51 | private-etc alternatives,dconf,firejail,fonts,gtk-3.0,ld.so.cache,ld.so.preload,login.defs,pango,passwd,X11 |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user filter | 54 | dbus-user filter |
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index c0d0ae4df..80efedec7 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin photoflare | 43 | private-bin photoflare |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.preload,locale,locale.alias,locale.conf,mime.types,X11 | 46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,locale,locale.alias,locale.conf,mime.types,X11 |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index fb50e66ca..69c78740d 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -50,7 +50,7 @@ disable-mnt | |||
50 | private-bin pingus,pingus.bin,sh | 50 | private-bin pingus,pingus.bin,sh |
51 | private-cache | 51 | private-cache |
52 | private-dev | 52 | private-dev |
53 | private-etc ld.so.preload,machine-id | 53 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
56 | dbus-user none | 56 | dbus-user none |
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 23e21f347..69b954f53 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile | |||
@@ -44,7 +44,7 @@ private | |||
44 | private-bin pkglog,python* | 44 | private-bin pkglog,python* |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ld.so.preload | 47 | private-etc alternatives,ld.so.cache,ld.so.preload |
48 | private-opt none | 48 | private-opt none |
49 | private-tmp | 49 | private-tmp |
50 | writable-var-log | 50 | writable-var-log |
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index a6b0768f1..38ccf72e8 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin plv | 46 | private-bin plv |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,fonts,ld.so.preload | 49 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
50 | private-opt none | 50 | private-opt none |
51 | private-tmp | 51 | private-tmp |
52 | writable-var-log | 52 | writable-var-log |
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 534cc5943..6b989202f 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -47,7 +47,7 @@ x11 none | |||
47 | private-bin pngquant | 47 | private-bin pngquant |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ld.so.preload | 50 | private-etc alternatives,ld.so.cache,ld.so.preload |
51 | private-tmp | 51 | private-tmp |
52 | 52 | ||
53 | dbus-user none | 53 | dbus-user none |
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index c9793433e..fd595c27a 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile | |||
@@ -33,6 +33,6 @@ seccomp | |||
33 | shell none | 33 | shell none |
34 | 34 | ||
35 | private-dev | 35 | private-dev |
36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg | 36 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg |
37 | private-tmp | 37 | private-tmp |
38 | 38 | ||
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index af0ca5d8f..25a248425 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile | |||
@@ -44,7 +44,7 @@ shell none | |||
44 | private-bin profanity | 44 | private-bin profanity |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl | 47 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,localtime,mime.types,nsswitch.conf,pki,resolv.conf,ssl |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 4ebd556d6..555e1e41b 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile | |||
@@ -52,7 +52,7 @@ tracelog | |||
52 | disable-mnt | 52 | disable-mnt |
53 | private-cache | 53 | private-cache |
54 | private-dev | 54 | private-dev |
55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf | 55 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf |
56 | private-tmp | 56 | private-tmp |
57 | 57 | ||
58 | dbus-user none | 58 | dbus-user none |
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index 89cb5baa8..4a3ce366e 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile | |||
@@ -47,7 +47,7 @@ tracelog | |||
47 | private-bin 7z,qnapi | 47 | private-bin 7z,qnapi |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,fonts,ld.so.preload | 50 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
51 | private-opt none | 51 | private-opt none |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 2d9fefe40..dd3f24875 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
@@ -47,7 +47,7 @@ disable-mnt | |||
47 | private-bin qrencode | 47 | private-bin qrencode |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc ld.so.preload | 50 | private-etc alternatives,ld.so.cache,ld.so.preload |
51 | private-lib libpcre* | 51 | private-lib libpcre* |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 6b9144791..f1ce313e7 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin regextester | 43 | private-bin regextester |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.preload | 46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
47 | private-lib libgranite.so.* | 47 | private-lib libgranite.so.* |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index e49f10b7b..e44e55a12 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin rsync | 49 | private-bin rsync |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 52 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index d256b2efe..70b5d844a 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin scorchwentbonkers | 43 | private-bin scorchwentbonkers |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alsa,asound.conf,ld.so.preload,machine-id,pulse | 46 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index cb3378597..72d6d5cf7 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -48,7 +48,7 @@ private | |||
48 | private-bin bash,dash,python*,seahorse-adventures,sh | 48 | private-bin bash,dash,python*,seahorse-adventures,sh |
49 | private-cache | 49 | private-cache |
50 | private-dev | 50 | private-dev |
51 | private-etc ld.so.preload,machine-id | 51 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
54 | dbus-user none | 54 | dbus-user none |
diff --git a/etc/profile-m-z/seahorse-tool.profile b/etc/profile-m-z/seahorse-tool.profile index f08b852db..9ef174606 100644 --- a/etc/profile-m-z/seahorse-tool.profile +++ b/etc/profile-m-z/seahorse-tool.profile | |||
@@ -8,7 +8,7 @@ include seahorse-tool.local | |||
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | # private-etc workaround for: #2877 | 10 | # private-etc workaround for: #2877 |
11 | private-etc firejail,ld.so.preload,login.defs,passwd | 11 | private-etc alternatives,firejail,ld.so.cache,ld.so.preload,login.defs,passwd |
12 | private-tmp | 12 | private-tmp |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 94a27da87..7382e4712 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -60,7 +60,7 @@ tracelog | |||
60 | disable-mnt | 60 | disable-mnt |
61 | private-cache | 61 | private-cache |
62 | private-dev | 62 | private-dev |
63 | private-etc ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11 | 63 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gconf,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssh,ssl,X11 |
64 | writable-run-user | 64 | writable-run-user |
65 | 65 | ||
66 | dbus-user filter | 66 | dbus-user filter |
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index 304a1cda2..3b569eeaf 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile | |||
@@ -49,7 +49,7 @@ tracelog | |||
49 | private-bin shotwell | 49 | private-bin shotwell |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,fonts,ld.so.preload,machine-id | 52 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
53 | private-opt none | 53 | private-opt none |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index 47468a531..099e6a2ad 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free | 43 | private-bin freeoffice-planmaker,freeoffice-presentations,freeoffice-textmaker,planmaker18,planmaker18free,presentations18,presentations18free,sh,textmaker18,textmaker18free |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl | 46 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,SoftMaker,ssl |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 21a77a0d1..deaf37f52 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile | |||
@@ -42,7 +42,7 @@ shell none | |||
42 | private-bin sqlitebrowser | 42 | private-bin sqlitebrowser |
43 | private-cache | 43 | private-cache |
44 | private-dev | 44 | private-dev |
45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.preload,machine-id,passwd,pki,ssl | 45 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,ssl |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # breaks proxy creation | 48 | # breaks proxy creation |
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index 50ecc3432..32e43f079 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile | |||
@@ -43,7 +43,7 @@ disable-mnt | |||
43 | private-bin strawberry,strawberry-tagreader | 43 | private-bin strawberry,strawberry-tagreader |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 46 | private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-system none | 49 | dbus-system none |
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index 65cb678d0..a9f22085b 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | 44 | ||
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc alternatives,fonts,ld.so.preload | 47 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index d48065c4b..464fa1b08 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile | |||
@@ -44,7 +44,7 @@ tracelog | |||
44 | disable-mnt | 44 | disable-mnt |
45 | # private-bin supertux2 | 45 | # private-bin supertux2 |
46 | private-cache | 46 | private-cache |
47 | private-etc ld.so.preload,machine-id | 47 | private-etc alternatives,ld.so.cache,ld.so.preload,machine-id |
48 | private-dev | 48 | private-dev |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 5b5b4aae5..473472251 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -54,7 +54,7 @@ private-bin supertuxkart | |||
54 | private-cache | 54 | private-cache |
55 | # Add the next line to your supertuxkart.local if you do not need controller support. | 55 | # Add the next line to your supertuxkart.local if you do not need controller support. |
56 | #private-dev | 56 | #private-dev |
57 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,ld.so.preload,machine-id,openal,pki,resolv.conf,ssl | 57 | private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,ld.so.cache,ld.so.preload,machine-id,openal,pki,resolv.conf,ssl |
58 | private-tmp | 58 | private-tmp |
59 | private-opt none | 59 | private-opt none |
60 | private-srv none | 60 | private-srv none |
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index cfecb6f62..c04f00cab 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile | |||
@@ -34,6 +34,6 @@ tracelog | |||
34 | disable-mnt | 34 | disable-mnt |
35 | private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop | 35 | private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop |
36 | private-dev | 36 | private-dev |
37 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl | 37 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl |
38 | private-tmp | 38 | private-tmp |
39 | 39 | ||
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 388805f31..0817adda8 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -14,7 +14,7 @@ ignore include disable-shell.inc | |||
14 | # all capabilities this is automatically read-only. | 14 | # all capabilities this is automatically read-only. |
15 | noblacklist /var/lib/pacman | 15 | noblacklist /var/lib/pacman |
16 | 16 | ||
17 | private-etc alternatives,group,ld.so.preload,localtime,login.defs,passwd | 17 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,login.defs,passwd |
18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* | 18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* |
19 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 19 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
20 | writable-var | 20 | writable-var |
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index 310c440b1..ee19bcd00 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile | |||
@@ -20,7 +20,7 @@ mkdir ${HOME}/.config/teams-for-linux | |||
20 | whitelist ${HOME}/.config/teams-for-linux | 20 | whitelist ${HOME}/.config/teams-for-linux |
21 | 21 | ||
22 | private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh | 22 | private-bin bash,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh |
23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,resolv.conf,ssl | 23 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,resolv.conf,ssl |
24 | 24 | ||
25 | # Redirect | 25 | # Redirect |
26 | include electron.profile | 26 | include electron.profile |
diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile new file mode 100644 index 000000000..0b0510460 --- /dev/null +++ b/etc/profile-m-z/telnet.profile | |||
@@ -0,0 +1,54 @@ | |||
1 | # Firejail profile for ftp | ||
2 | # Description: standard File Access Protocol utility | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include telnet.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${PATH}/telnet | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-proc.inc | ||
17 | include disable-programs.inc | ||
18 | #include disable-shell.inc | ||
19 | include disable-write-mnt.inc | ||
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | apparmor | ||
24 | caps.drop all | ||
25 | ipc-namespace | ||
26 | machine-id | ||
27 | netfilter | ||
28 | no3d | ||
29 | nodvd | ||
30 | nogroups | ||
31 | noinput | ||
32 | nonewprivs | ||
33 | noroot | ||
34 | nosound | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | protocol inet,inet6 | ||
39 | seccomp | ||
40 | shell none | ||
41 | tracelog | ||
42 | |||
43 | #disable-mnt | ||
44 | #private-bin PROGRAMS | ||
45 | private-cache | ||
46 | private-dev | ||
47 | #private-etc FILES | ||
48 | private-tmp | ||
49 | |||
50 | dbus-user none | ||
51 | dbus-system none | ||
52 | |||
53 | memory-deny-write-execute | ||
54 | noexec ${HOME} | ||
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index 07212a452..d2db44b1c 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile | |||
@@ -30,6 +30,6 @@ tracelog | |||
30 | disable-mnt | 30 | disable-mnt |
31 | private-bin tilp | 31 | private-bin tilp |
32 | private-cache | 32 | private-cache |
33 | private-etc alternatives,fonts,ld.so.preload | 33 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
34 | private-tmp | 34 | private-tmp |
35 | 35 | ||
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index a43e53aae..1d4ee9370 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -58,7 +58,7 @@ disable-mnt | |||
58 | private-bin rtin,tin | 58 | private-bin rtin,tin |
59 | private-cache | 59 | private-cache |
60 | private-dev | 60 | private-dev |
61 | private-etc ld.so.preload,passwd,resolv.conf,terminfo,tin | 61 | private-etc alternatives,ld.so.cache,ld.so.preload,passwd,resolv.conf,terminfo,tin |
62 | private-lib terminfo | 62 | private-lib terminfo |
63 | private-tmp | 63 | private-tmp |
64 | 64 | ||
diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile index 312123f59..d8cd8eb44 100644 --- a/etc/profile-m-z/tor.profile +++ b/etc/profile-m-z/tor.profile | |||
@@ -46,6 +46,6 @@ private | |||
46 | private-bin bash,tor | 46 | private-bin bash,tor |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,passwd,pki,ssl,tor | 49 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor |
50 | private-tmp | 50 | private-tmp |
51 | writable-var | 51 | writable-var |
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index 0e23b7843..4acb8e7e8 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | private-bin geoiplookup,geoiplookup6,transgui | 45 | private-bin geoiplookup,geoiplookup6,transgui |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alternatives,fonts,ld.so.preload | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
49 | private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* | 49 | private-lib libgdk_pixbuf-2.0.so.*,libGeoIP.so*,libgthread-2.0.so.*,libgtk-x11-2.0.so.*,libX11.so.* |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
diff --git a/etc/profile-m-z/transmission-cli.profile b/etc/profile-m-z/transmission-cli.profile index b3fab083c..8a1711e97 100644 --- a/etc/profile-m-z/transmission-cli.profile +++ b/etc/profile-m-z/transmission-cli.profile | |||
@@ -8,7 +8,7 @@ include transmission-cli.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin transmission-cli | 10 | private-bin transmission-cli |
11 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 11 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include transmission-common.profile | 14 | include transmission-common.profile |
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 9d91b8b81..5d28f2f10 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile | |||
@@ -17,7 +17,7 @@ caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | |||
17 | protocol packet | 17 | protocol packet |
18 | 18 | ||
19 | private-bin transmission-daemon | 19 | private-bin transmission-daemon |
20 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
21 | 21 | ||
22 | read-write /var/lib/transmission | 22 | read-write /var/lib/transmission |
23 | writable-var-log | 23 | writable-var-log |
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile index 20d54500f..6a0f1bde3 100644 --- a/etc/profile-m-z/transmission-remote-gtk.profile +++ b/etc/profile-m-z/transmission-remote-gtk.profile | |||
@@ -12,7 +12,7 @@ noblacklist ${HOME}/.config/transmission-remote-gtk | |||
12 | mkdir ${HOME}/.config/transmission-remote-gtk | 12 | mkdir ${HOME}/.config/transmission-remote-gtk |
13 | whitelist ${HOME}/.config/transmission-remote-gtk | 13 | whitelist ${HOME}/.config/transmission-remote-gtk |
14 | 14 | ||
15 | private-etc fonts,hostname,hosts,ld.so.preload,resolv.conf | 15 | private-etc alternatives,fonts,hostname,hosts,ld.so.cache,ld.so.preload,resolv.conf |
16 | # Problems with private-lib (see issue #2889) | 16 | # Problems with private-lib (see issue #2889) |
17 | ignore private-lib | 17 | ignore private-lib |
18 | 18 | ||
diff --git a/etc/profile-m-z/transmission-remote.profile b/etc/profile-m-z/transmission-remote.profile index ad4ad2172..565433d99 100644 --- a/etc/profile-m-z/transmission-remote.profile +++ b/etc/profile-m-z/transmission-remote.profile | |||
@@ -8,7 +8,7 @@ include transmission-remote.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin transmission-remote | 10 | private-bin transmission-remote |
11 | private-etc alternatives,hosts,ld.so.preload,nsswitch.conf | 11 | private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include transmission-common.profile | 14 | include transmission-common.profile |
diff --git a/etc/profile-m-z/transmission-show.profile b/etc/profile-m-z/transmission-show.profile index 822a368da..0a5826ec4 100644 --- a/etc/profile-m-z/transmission-show.profile +++ b/etc/profile-m-z/transmission-show.profile | |||
@@ -8,7 +8,7 @@ include transmission-show.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin transmission-show | 10 | private-bin transmission-show |
11 | private-etc alternatives,hosts,ld.so.preload,nsswitch.conf | 11 | private-etc alternatives,hosts,ld.so.cache,ld.so.preload,nsswitch.conf |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include transmission-common.profile | 14 | include transmission-common.profile |
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index 1959aee1e..60a192ac1 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -54,7 +54,7 @@ tracelog | |||
54 | private-bin trojita | 54 | private-bin trojita |
55 | private-cache | 55 | private-cache |
56 | private-dev | 56 | private-dev |
57 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg | 57 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,ld.so.preload,pki,resolv.conf,selinux,ssl,xdg |
58 | private-tmp | 58 | private-tmp |
59 | 59 | ||
60 | dbus-user filter | 60 | dbus-user filter |
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index bd2f1bcf9..987a2b719 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile | |||
@@ -18,7 +18,7 @@ mkdir ${HOME}/.config/Twitch | |||
18 | whitelist ${HOME}/.config/Twitch | 18 | whitelist ${HOME}/.config/Twitch |
19 | 19 | ||
20 | private-bin electron,electron[0-9],electron[0-9][0-9],twitch | 20 | private-bin electron,electron[0-9],electron[0-9][0-9],twitch |
21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
22 | private-opt Twitch | 22 | private-opt Twitch |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 685e74e25..1b82ad881 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile | |||
@@ -49,7 +49,7 @@ private-bin unf | |||
49 | private-cache | 49 | private-cache |
50 | ?HAS_APPIMAGE: ignore private-dev | 50 | ?HAS_APPIMAGE: ignore private-dev |
51 | private-dev | 51 | private-dev |
52 | private-etc alternatives,ld.so.preload | 52 | private-etc alternatives,ld.so.cache,ld.so.preload |
53 | private-lib gcc/*/*/libgcc_s.so.* | 53 | private-lib gcc/*/*/libgcc_s.so.* |
54 | private-tmp | 54 | private-tmp |
55 | 55 | ||
diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile index 761ee91c5..443d1f415 100644 --- a/etc/profile-m-z/unrar.profile +++ b/etc/profile-m-z/unrar.profile | |||
@@ -8,7 +8,7 @@ include unrar.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | private-bin unrar | 10 | private-bin unrar |
11 | private-etc alternatives,group,ld.so.preload,localtime,passwd | 11 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd |
12 | private-tmp | 12 | private-tmp |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 981826b16..97df693ba 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | # GNOME Shell integration (chrome-gnome-shell) | 10 | # GNOME Shell integration (chrome-gnome-shell) |
11 | noblacklist ${HOME}/.local/share/gnome-shell | 11 | noblacklist ${HOME}/.local/share/gnome-shell |
12 | 12 | ||
13 | private-etc alternatives,group,ld.so.preload,localtime,passwd | 13 | private-etc alternatives,group,ld.so.cache,ld.so.preload,localtime,passwd |
14 | 14 | ||
15 | # Redirect | 15 | # Redirect |
16 | include archiver-common.profile | 16 | include archiver-common.profile |
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 3b38f16e0..426766e17 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile | |||
@@ -41,7 +41,7 @@ x11 none | |||
41 | private-bin uudeview | 41 | private-bin uudeview |
42 | private-cache | 42 | private-cache |
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ld.so.preload | 44 | private-etc alternatives,ld.so.cache,ld.so.preload |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |
47 | dbus-system none | 47 | dbus-system none |
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index ed2f0103b..585a8eddb 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin viewnior | 43 | private-bin viewnior |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,ld.so.preload,machine-id | 46 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
47 | private-tmp | 47 | private-tmp |
48 | 48 | ||
49 | dbus-user none | 49 | dbus-user none |
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index a6d3eaafd..227ad83cc 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile | |||
@@ -45,7 +45,7 @@ tracelog | |||
45 | #disable-mnt | 45 | #disable-mnt |
46 | #private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami | 46 | #private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami |
47 | private-cache | 47 | private-cache |
48 | private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl | 48 | private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index b2b019ff4..278a66149 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -7,6 +7,7 @@ include vmware-view.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vmware | 9 | noblacklist ${HOME}/.vmware |
10 | noblacklist /usr/lib/vmware | ||
10 | 11 | ||
11 | noblacklist /sbin | 12 | noblacklist /sbin |
12 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index 8e25daee0..57fbbae96 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/vmware | 9 | noblacklist ${HOME}/.cache/vmware |
10 | noblacklist ${HOME}/.vmware | 10 | noblacklist ${HOME}/.vmware |
11 | noblacklist /usr/lib/vmware | ||
11 | 12 | ||
12 | include disable-common.inc | 13 | include disable-common.inc |
13 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -38,6 +39,6 @@ tracelog | |||
38 | #disable-mnt | 39 | #disable-mnt |
39 | # Add the next line to your vmware.local to enable private-bin. | 40 | # Add the next line to your vmware.local to enable private-bin. |
40 | #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* | 41 | #private-bin env,bash,sh,ovftool,vmafossexec,vmaf_*,vmnet-*,vmplayer,vmrest,vmrun,vmss2core,vmstat,vmware,vmware-* |
41 | private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix | 42 | private-etc alsa,alternatives,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl,vmware,vmware-installer,vmware-vix |
42 | dbus-user none | 43 | dbus-user none |
43 | dbus-system none | 44 | dbus-system none |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index d2e30e824..c9e209142 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -62,7 +62,7 @@ disable-mnt | |||
62 | private-bin perl,sh,w3m | 62 | private-bin perl,sh,w3m |
63 | private-cache | 63 | private-cache |
64 | private-dev | 64 | private-dev |
65 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,mailcap,nsswitch.conf,pki,resolv.conf,ssl | 65 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,mailcap,nsswitch.conf,pki,resolv.conf,ssl |
66 | private-tmp | 66 | private-tmp |
67 | 67 | ||
68 | dbus-user none | 68 | dbus-user none |
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index fc59b7239..0a6f19b1e 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile | |||
@@ -49,7 +49,7 @@ disable-mnt | |||
49 | private-bin warmux | 49 | private-bin warmux |
50 | private-cache | 50 | private-cache |
51 | private-dev | 51 | private-dev |
52 | private-etc ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.preload,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl | 52 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl |
53 | private-tmp | 53 | private-tmp |
54 | 54 | ||
55 | dbus-user none | 55 | dbus-user none |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index ae3944561..92ebebdae 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
@@ -21,7 +21,7 @@ whitelist ${HOME}/.config/Whalebird | |||
21 | no3d | 21 | no3d |
22 | 22 | ||
23 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird | 23 | private-bin electron,electron[0-9],electron[0-9][0-9],whalebird |
24 | private-etc fonts,ld.so.preload,machine-id | 24 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload,machine-id |
25 | 25 | ||
26 | # Redirect | 26 | # Redirect |
27 | include electron.profile | 27 | include electron.profile |
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 0650e41ad..afff6f587 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -47,7 +47,7 @@ private | |||
47 | private-bin bash,sh,whois | 47 | private-bin bash,sh,whois |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,hosts,jwhois.conf,ld.so.preload,resolv.conf,services,whois.conf | 50 | private-etc alternatives,hosts,jwhois.conf,ld.so.cache,ld.so.preload,resolv.conf,services,whois.conf |
51 | private-lib gconv | 51 | private-lib gconv |
52 | private-tmp | 52 | private-tmp |
53 | 53 | ||
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile index eebad4a19..d8742cd71 100644 --- a/etc/profile-m-z/wire-desktop.profile +++ b/etc/profile-m-z/wire-desktop.profile | |||
@@ -26,7 +26,7 @@ mkdir ${HOME}/.config/Wire | |||
26 | whitelist ${HOME}/.config/Wire | 26 | whitelist ${HOME}/.config/Wire |
27 | 27 | ||
28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop | 28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop |
29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,machine-id,pki,resolv.conf,ssl | 29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,machine-id,pki,resolv.conf,ssl |
30 | 30 | ||
31 | # Redirect | 31 | # Redirect |
32 | include electron.profile | 32 | include electron.profile |
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 374290ed0..3147c2ac3 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -45,7 +45,7 @@ private | |||
45 | private-bin wordwarvi | 45 | private-bin wordwarvi |
46 | private-cache | 46 | private-cache |
47 | private-dev | 47 | private-dev |
48 | private-etc alsa,asound.conf,ld.so.preload,machine-id,pulse | 48 | private-etc alsa,alternatives,asound.conf,ld.so.cache,ld.so.preload,machine-id,pulse |
49 | private-tmp | 49 | private-tmp |
50 | 50 | ||
51 | dbus-user none | 51 | dbus-user none |
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 8382e4d76..bb119996c 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -44,7 +44,7 @@ private | |||
44 | private-bin xbill | 44 | private-bin xbill |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc ld.so.preload | 47 | private-etc alternatives,ld.so.cache,ld.so.preload |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user none | 50 | dbus-user none |
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 21857dbe6..386ef2bd6 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile | |||
@@ -46,7 +46,7 @@ disable-mnt | |||
46 | private-bin xfce4-mixer,xfconf-query | 46 | private-bin xfce4-mixer,xfconf-query |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc alternatives,asound.conf,fonts,ld.so.preload,machine-id,pulse | 49 | private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id,pulse |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index ad3058ce2..d74ed5754 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile | |||
@@ -42,7 +42,7 @@ tracelog | |||
42 | disable-mnt | 42 | disable-mnt |
43 | private-bin xfce4-screenshooter,xfconf-query | 43 | private-bin xfce4-screenshooter,xfconf-query |
44 | private-dev | 44 | private-dev |
45 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.preload,pki,resolv.conf,ssl | 45 | private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl |
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | dbus-user none | 48 | dbus-user none |
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index 9b7a006d2..c7fd0799b 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile | |||
@@ -47,5 +47,5 @@ disable-mnt | |||
47 | private-bin xiphos | 47 | private-bin xiphos |
48 | private-cache | 48 | private-cache |
49 | private-dev | 49 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf | 50 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf |
51 | private-tmp | 51 | private-tmp |
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile index 1c9310986..404baf607 100644 --- a/etc/profile-m-z/xlinks.profile +++ b/etc/profile-m-z/xlinks.profile | |||
@@ -14,7 +14,7 @@ include whitelist-common.inc | |||
14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' | 14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' |
15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line | 15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line |
16 | private-bin xlinks | 16 | private-bin xlinks |
17 | private-etc fonts,ld.so.preload | 17 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include links.profile | 20 | include links.profile |
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2 index bbf660e29..d7edd3543 100644 --- a/etc/profile-m-z/xlinks2 +++ b/etc/profile-m-z/xlinks2 | |||
@@ -14,7 +14,7 @@ include whitelist-common.inc | |||
14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' | 14 | # if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' |
15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line | 15 | # to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line |
16 | private-bin xlinks2 | 16 | private-bin xlinks2 |
17 | private-etc fonts,ld.so.preload | 17 | private-etc alternatives,fonts,ld.so.cache,ld.so.preload |
18 | 18 | ||
19 | # Redirect | 19 | # Redirect |
20 | include links2.profile | 20 | include links2.profile |
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index 2a9fbf171..e541436a4 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile | |||
@@ -38,7 +38,7 @@ disable-mnt | |||
38 | private ${HOME}/.xmr-stak | 38 | private ${HOME}/.xmr-stak |
39 | private-bin xmr-stak | 39 | private-bin xmr-stak |
40 | private-dev | 40 | private-dev |
41 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl | 41 | private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,nsswitch.conf,pki,resolv.conf,ssl |
42 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend | 42 | #private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend |
43 | private-opt cuda | 43 | private-opt cuda |
44 | private-tmp | 44 | private-tmp |
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index fe7395078..a0e77b4e7 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile | |||
@@ -43,7 +43,7 @@ tracelog | |||
43 | private-bin xournal | 43 | private-bin xournal |
44 | private-cache | 44 | private-cache |
45 | private-dev | 45 | private-dev |
46 | private-etc alternatives,fonts,group,ld.so.preload,machine-id,passwd | 46 | private-etc alternatives,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd |
47 | # TODO should use private-lib | 47 | # TODO should use private-lib |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index c5e44c6b4..31a51b2c4 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -56,7 +56,7 @@ disable-mnt | |||
56 | private-bin groff,man,tbl,troff,yelp | 56 | private-bin groff,man,tbl,troff,yelp |
57 | private-cache | 57 | private-cache |
58 | private-dev | 58 | private-dev |
59 | private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,groff,gtk-3.0,ld.so.preload,machine-id,man_db.conf,openal,os-release,pulse,sgml,xml | 59 | private-etc alsa,alternatives,asound.conf,crypto-policies,cups,dconf,drirc,fonts,gcrypt,groff,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,man_db.conf,openal,os-release,pulse,sgml,xml |
60 | private-tmp | 60 | private-tmp |
61 | 61 | ||
62 | dbus-user filter | 62 | dbus-user filter |
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 3224f8fc6..80d551038 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -53,7 +53,7 @@ disable-mnt | |||
53 | private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,which,xterm,youtube-dl,yt-dlp | 53 | private-bin bash,ffmpeg,ffprobe,firefox,mpv,perl,python*,sh,smplayer,stty,wget,which,xterm,youtube-dl,yt-dlp |
54 | private-cache | 54 | private-cache |
55 | private-dev | 55 | private-dev |
56 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | 56 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg |
57 | private-tmp | 57 | private-tmp |
58 | 58 | ||
59 | dbus-user none | 59 | dbus-user none |
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index c7dbec968..5c4d697da 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile | |||
@@ -17,7 +17,7 @@ mkdir ${HOME}/.config/Youtube | |||
17 | whitelist ${HOME}/.config/Youtube | 17 | whitelist ${HOME}/.config/Youtube |
18 | 18 | ||
19 | private-bin electron,electron[0-9],electron[0-9][0-9],youtube | 19 | private-bin electron,electron[0-9],electron[0-9][0-9],youtube |
20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
21 | private-opt Youtube | 21 | private-opt Youtube |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index 35ecf059d..2b5ffeaaf 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | |||
14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 | 14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 |
15 | 15 | ||
16 | private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier | 16 | private-bin electron,electron[0-9],electron[0-9][0-9],youtubemusic-nativefier |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
18 | private-opt youtubemusic-nativefier | 18 | private-opt youtubemusic-nativefier |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index bfb24b488..32e873aa5 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile | |||
@@ -12,8 +12,8 @@ noblacklist ${HOME}/.cache/yt-dlp | |||
12 | noblacklist ${HOME}/.config/yt-dlp | 12 | noblacklist ${HOME}/.config/yt-dlp |
13 | noblacklist ${HOME}/yt-dlp.conf | 13 | noblacklist ${HOME}/yt-dlp.conf |
14 | 14 | ||
15 | private-bin yt-dlp | 15 | private-bin ffprobe,yt-dlp |
16 | private-etc ld.so.preload,yt-dlp.conf | 16 | private-etc alternatives,ld.so.cache,ld.so.preload,yt-dlp.conf |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include youtube-dl.profile | 19 | include youtube-dl.profile |
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index 84f2f3cb2..59b6e2543 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile | |||
@@ -14,7 +14,7 @@ mkdir ${HOME}/.config/youtube-music-desktop-app | |||
14 | whitelist ${HOME}/.config/youtube-music-desktop-app | 14 | whitelist ${HOME}/.config/youtube-music-desktop-app |
15 | 15 | ||
16 | # private-bin env,ytmdesktop | 16 | # private-bin env,ytmdesktop |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
18 | # private-opt | 18 | # private-opt |
19 | 19 | ||
20 | # Redirect | 20 | # Redirect |
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index c1c94d74f..8acfdd651 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile | |||
@@ -44,5 +44,5 @@ disable-mnt | |||
44 | private-bin locale,zulip | 44 | private-bin locale,zulip |
45 | private-cache | 45 | private-cache |
46 | private-dev | 46 | private-dev |
47 | private-etc asound.conf,fonts,ld.so.preload,machine-id | 47 | private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id |
48 | private-tmp | 48 | private-tmp |