aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/Fritzing.profile35
-rw-r--r--etc/Viber.profile4
-rw-r--r--etc/disable-programs.inc5
-rw-r--r--etc/discord-canary.profile23
-rw-r--r--etc/evince.profile2
-rw-r--r--etc/firefox-developer-edition.profile10
-rw-r--r--etc/firefox.profile2
-rw-r--r--etc/ideaIC.profile10
-rw-r--r--etc/kwin_x11.profile3
-rw-r--r--etc/lollypop.profile2
-rw-r--r--etc/minetest.profile2
-rw-r--r--etc/okular.profile5
-rw-r--r--etc/onionshare-gui.profile35
-rw-r--r--etc/pitivi.profile33
-rw-r--r--etc/pycharm-community.profile32
-rw-r--r--etc/pycharm-professional.profile7
-rw-r--r--etc/quiterss.profile2
-rw-r--r--etc/slack.profile2
-rw-r--r--etc/steam.profile2
-rw-r--r--etc/surf.profile2
-rw-r--r--etc/terasology.profile2
-rw-r--r--etc/torbrowser-launcher.profile2
-rw-r--r--etc/transmission-qt.profile3
-rw-r--r--etc/w3m.profile2
-rw-r--r--etc/xonotic.profile2
25 files changed, 208 insertions, 21 deletions
diff --git a/etc/Fritzing.profile b/etc/Fritzing.profile
new file mode 100644
index 000000000..0c4ad0647
--- /dev/null
+++ b/etc/Fritzing.profile
@@ -0,0 +1,35 @@
1# Firejail profile for fritzing
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/Fritzing.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.config/Fritzing
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15include /etc/firejail/whitelist-var-common.inc
16
17caps.drop all
18ipc-namespace
19netfilter
20nodvd
21nogroups
22nonewprivs
23noroot
24nosound
25notv
26novideo
27protocol unix,inet,inet6
28seccomp
29shell none
30
31private-dev
32private-tmp
33
34noexec ${HOME}
35noexec /tmp
diff --git a/etc/Viber.profile b/etc/Viber.profile
index f5843bfd4..eb244efca 100644
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@@ -31,8 +31,10 @@ shell none
31 31
32disable-mnt 32disable-mnt
33private-bin sh,bash,dig,awk,Viber 33private-bin sh,bash,dig,awk,Viber
34private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf 34private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies
35private-tmp 35private-tmp
36 36
37noexec ${HOME} 37noexec ${HOME}
38noexec /tmp 38noexec /tmp
39
40env QTWEBENGINE_DISABLE_SANDBOX=1
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 74e7e45a7..8cfcaa838 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -3,6 +3,7 @@
3include /etc/firejail/disable-programs.local 3include /etc/firejail/disable-programs.local
4 4
5blacklist ${HOME}/Monero/wallets 5blacklist ${HOME}/Monero/wallets
6blacklist ${HOME}/snap
6blacklist ${HOME}/.*coin 7blacklist ${HOME}/.*coin
7blacklist ${HOME}/.8pecxstudios 8blacklist ${HOME}/.8pecxstudios
8blacklist ${HOME}/.AndroidStudio* 9blacklist ${HOME}/.AndroidStudio*
@@ -13,6 +14,7 @@ blacklist ${HOME}/.IdeaIC*
13blacklist ${HOME}/.LuminanceHDR 14blacklist ${HOME}/.LuminanceHDR
14blacklist ${HOME}/.Mathematica 15blacklist ${HOME}/.Mathematica
15blacklist ${HOME}/.Natron 16blacklist ${HOME}/.Natron
17blacklist ${HOME}/.PyCharm*
16blacklist ${HOME}/.Skype 18blacklist ${HOME}/.Skype
17blacklist ${HOME}/.Steam 19blacklist ${HOME}/.Steam
18blacklist ${HOME}/.Steampath 20blacklist ${HOME}/.Steampath
@@ -41,6 +43,7 @@ blacklist ${HOME}/.config/Clementine
41blacklist ${HOME}/.config/Cryptocat 43blacklist ${HOME}/.config/Cryptocat
42blacklist ${HOME}/.config/Franz 44blacklist ${HOME}/.config/Franz
43blacklist ${HOME}/.config/FreeCAD 45blacklist ${HOME}/.config/FreeCAD
46blacklist ${HOME}/.config/Fritzing
44blacklist ${HOME}/.config/Gitter 47blacklist ${HOME}/.config/Gitter
45blacklist ${HOME}/.config/Google 48blacklist ${HOME}/.config/Google
46blacklist ${HOME}/.config/Google Play Music Desktop Player 49blacklist ${HOME}/.config/Google Play Music Desktop Player
@@ -155,6 +158,7 @@ blacklist ${HOME}/.config/netsurf
155blacklist ${HOME}/.config/nheko 158blacklist ${HOME}/.config/nheko
156blacklist ${HOME}/.config/okularpartrc 159blacklist ${HOME}/.config/okularpartrc
157blacklist ${HOME}/.config/okularrc 160blacklist ${HOME}/.config/okularrc
161blacklist ${HOME}/.config/onionshare
158blacklist ${HOME}/.config/opera 162blacklist ${HOME}/.config/opera
159blacklist ${HOME}/.config/opera-beta 163blacklist ${HOME}/.config/opera-beta
160blacklist ${HOME}/.config/orage 164blacklist ${HOME}/.config/orage
@@ -162,6 +166,7 @@ blacklist ${HOME}/.config/org.kde.gwenviewrc
162blacklist ${HOME}/.config/pcmanfm 166blacklist ${HOME}/.config/pcmanfm
163blacklist ${HOME}/.config/pdfmod 167blacklist ${HOME}/.config/pdfmod
164blacklist ${HOME}/.config/Pinta 168blacklist ${HOME}/.config/Pinta
169blacklist ${HOME}/.config/pitivi
165blacklist ${HOME}/.config/pix 170blacklist ${HOME}/.config/pix
166blacklist ${HOME}/.config/pluma 171blacklist ${HOME}/.config/pluma
167blacklist ${HOME}/.config/psi+ 172blacklist ${HOME}/.config/psi+
diff --git a/etc/discord-canary.profile b/etc/discord-canary.profile
new file mode 100644
index 000000000..391af668e
--- /dev/null
+++ b/etc/discord-canary.profile
@@ -0,0 +1,23 @@
1# Firejail profile for discord-canary
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/discord-canary.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8include /etc/firejail/disable-common.inc
9include /etc/firejail/disable-passwdmgr.inc
10include /etc/firejail/disable-programs.inc
11
12whitelist ${DOWNLOADS}
13whitelist ${HOME}/.config/discordcanary
14
15caps.drop all
16netfilter
17nodvd
18nogroups
19nonewprivs
20noroot
21notv
22protocol unix,inet,inet6,netlink
23seccomp
diff --git a/etc/evince.profile b/etc/evince.profile
index 679aac08a..bbf0505cf 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -36,7 +36,7 @@ tracelog
36private-bin evince,evince-previewer,evince-thumbnailer 36private-bin evince,evince-previewer,evince-thumbnailer
37private-dev 37private-dev
38private-etc fonts 38private-etc fonts
39private-lib 39#private-lib - seems to be breaking on Gnome Shell 3.26.2, Mutter WM, issue 1711
40private-tmp 40private-tmp
41 41
42memory-deny-write-execute 42memory-deny-write-execute
diff --git a/etc/firefox-developer-edition.profile b/etc/firefox-developer-edition.profile
new file mode 100644
index 000000000..696f95b56
--- /dev/null
+++ b/etc/firefox-developer-edition.profile
@@ -0,0 +1,10 @@
1# Firejail profile for firefox-developer-edition
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/firefox-developer-edition.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/firefox.profile
diff --git a/etc/firefox.profile b/etc/firefox.profile
index be7fdb12c..079cb1536 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -88,7 +88,7 @@ disable-mnt
88# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash 88# private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash
89private-dev 89private-dev
90# private-etc below works fine on most distributions. There are some problems on CentOS. 90# private-etc below works fine on most distributions. There are some problems on CentOS.
91# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse 91# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies
92private-tmp 92private-tmp
93 93
94noexec ${HOME} 94noexec ${HOME}
diff --git a/etc/ideaIC.profile b/etc/ideaIC.profile
new file mode 100644
index 000000000..f7a69fa94
--- /dev/null
+++ b/etc/ideaIC.profile
@@ -0,0 +1,10 @@
1# Firejail profile for ideaIC
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/ideaIC.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9# Redirect
10include /etc/firejail/idea.sh.profile
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index 3ce4fe80d..91bb62efc 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -36,8 +36,5 @@ private-dev
36private-etc drirc,fonts,ld.so.cache,machine-id,xdg 36private-etc drirc,fonts,ld.so.cache,machine-id,xdg
37private-tmp 37private-tmp
38 38
39# disable QML disk caching as it conflicts with the noexec constraints below
40env QML_DISABLE_DISK_CACHE=1
41
42noexec ${HOME} 39noexec ${HOME}
43noexec /tmp 40noexec /tmp
diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index c0c762c02..f42489cd3 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -25,7 +25,7 @@ seccomp
25shell none 25shell none
26 26
27private-dev 27private-dev
28private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl 28private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id
29private-tmp 29private-tmp
30 30
31noexec ${HOME} 31noexec ${HOME}
diff --git a/etc/minetest.profile b/etc/minetest.profile
index aa4c2218d..c560ac47c 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -33,7 +33,7 @@ disable-mnt
33private-bin minetest 33private-bin minetest
34private-dev 34private-dev
35# private-etc needs to be updated, see #1702 35# private-etc needs to be updated, see #1702
36#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl 36#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
37private-tmp 37private-tmp
38 38
39noexec ${HOME} 39noexec ${HOME}
diff --git a/etc/okular.profile b/etc/okular.profile
index 59c93bdb0..31b773852 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -43,10 +43,7 @@ tracelog
43private-bin okular,kbuildsycoca4,kdeinit4,lpr 43private-bin okular,kbuildsycoca4,kdeinit4,lpr
44private-dev 44private-dev
45private-etc alternatives,cups,fonts,ld.so.cache,machine-id 45private-etc alternatives,cups,fonts,ld.so.cache,machine-id
46# private-tmp - on KDE we need access to the real /tmp for data exchange with thunderbird 46# private-tmp - on KDE we need access to the real /tmp for data exchange with email clients
47
48# disable QML disk caching as it conflicts with the noexec constraints below
49env QML_DISABLE_DISK_CACHE=1
50 47
51# memory-deny-write-execute 48# memory-deny-write-execute
52noexec ${HOME} 49noexec ${HOME}
diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile
new file mode 100644
index 000000000..7220f7e1c
--- /dev/null
+++ b/etc/onionshare-gui.profile
@@ -0,0 +1,35 @@
1# Firejail profile for onionshare-gui
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/onionshare-gui.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/.config/onionshare
9
10include /etc/firejail/disable-common.inc
11include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc
14
15caps.drop all
16ipc-namespace
17netfilter
18no3d
19nodvd
20nogroups
21nonewprivs
22noroot
23nosound
24notv
25novideo
26protocol unix,inet,inet6
27seccomp
28shell none
29
30private-dev
31private-tmp
32
33memory-deny-write-execute
34noexec ${HOME}
35noexec /tmp
diff --git a/etc/pitivi.profile b/etc/pitivi.profile
new file mode 100644
index 000000000..f2640ed66
--- /dev/null
+++ b/etc/pitivi.profile
@@ -0,0 +1,33 @@
1# Firejail profile for pitivi
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/pitivi.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8
9noblacklist ${HOME}/.config/pitivi
10
11include /etc/firejail/disable-common.inc
12include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc
15
16caps.drop all
17ipc-namespace
18netfilter
19nodvd
20nogroups
21nonewprivs
22noroot
23notv
24novideo
25protocol unix
26seccomp
27shell none
28
29private-dev
30private-tmp
31
32noexec ${HOME}
33noexec /tmp
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile
new file mode 100644
index 000000000..b5e508d06
--- /dev/null
+++ b/etc/pycharm-community.profile
@@ -0,0 +1,32 @@
1# Firejail profile for pycharm-community
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/pycharm-community.local
5# Persistent global definitions
6include /etc/firejail/globals.local
7
8noblacklist ${HOME}/snap
9noblacklist ${HOME}/.PyCharmCE*
10noblacklist ${HOME}/.java
11
12include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-devel.inc
14include /etc/firejail/disable-passwdmgr.inc
15include /etc/firejail/disable-programs.inc
16
17caps.drop all
18machine-id
19nodvd
20nogroups
21nosound
22notv
23novideo
24shell none
25tracelog
26
27# private-etc fonts,passwd - minimal required to run but will probably break
28# program!
29private-dev
30private-tmp
31
32noexec /tmp
diff --git a/etc/pycharm-professional.profile b/etc/pycharm-professional.profile
new file mode 100644
index 000000000..b28082dc4
--- /dev/null
+++ b/etc/pycharm-professional.profile
@@ -0,0 +1,7 @@
1# Firejail profilen alias for pycharm-professional
2# This file is overwritten after every install/update
3
4noblacklist ${HOME}/.PyCharm*
5
6# Redirect
7include /etc/firejail/pycharm-community.profile
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index 0d02cacae..94c64f2dd 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -44,7 +44,7 @@ tracelog
44disable-mnt 44disable-mnt
45private-bin quiterss 45private-bin quiterss
46private-dev 46private-dev
47# private-etc X11,ssl 47# private-etc X11,ssl,pki,ca-certificates,crypto-policies
48 48
49noexec ${HOME} 49noexec ${HOME}
50noexec /tmp 50noexec /tmp
diff --git a/etc/slack.profile b/etc/slack.profile
index faf875cf1..da1f86638 100644
--- a/etc/slack.profile
+++ b/etc/slack.profile
@@ -36,5 +36,5 @@ shell none
36disable-mnt 36disable-mnt
37private-bin slack 37private-bin slack
38private-dev 38private-dev
39private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime 39private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies
40private-tmp 40private-tmp
diff --git a/etc/steam.profile b/etc/steam.profile
index a683bcc19..1e0fd57d1 100644
--- a/etc/steam.profile
+++ b/etc/steam.profile
@@ -47,5 +47,5 @@ shell none
47# private-dev should be commented for controllers 47# private-dev should be commented for controllers
48private-dev 48private-dev
49# private-etc breaks some games 49# private-etc breaks some games
50#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,services 50#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies
51private-tmp 51private-tmp
diff --git a/etc/surf.profile b/etc/surf.profile
index 7dcbc280e..b91c09885 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -29,7 +29,7 @@ tracelog
29disable-mnt 29disable-mnt
30private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop 30private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop
31private-dev 31private-dev
32private-etc passwd,group,hosts,resolv.conf,fonts,ssl 32private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies
33private-tmp 33private-tmp
34 34
35noexec ${HOME} 35noexec ${HOME}
diff --git a/etc/terasology.profile b/etc/terasology.profile
index 02a7baeb7..3d27134c4 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -37,7 +37,7 @@ shell none
37 37
38disable-mnt 38disable-mnt
39private-dev 39private-dev
40private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk 40private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies
41private-tmp 41private-tmp
42 42
43noexec ${HOME} 43noexec ${HOME}
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 51a5d7735..b802478a2 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -33,7 +33,7 @@ tracelog
33disable-mnt 33disable-mnt
34private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher 34private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher
35private-dev 35private-dev
36private-etc fonts 36private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies
37private-tmp 37private-tmp
38 38
39noexec /tmp 39noexec /tmp
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 0fe124631..b5a41622d 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -40,4 +40,5 @@ private-dev
40# private-lib - problems on Arch 40# private-lib - problems on Arch
41private-tmp 41private-tmp
42 42
43memory-deny-write-execute 43# memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0
44
diff --git a/etc/w3m.profile b/etc/w3m.profile
index 2d56aa660..d35ed9ae0 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -31,5 +31,5 @@ tracelog
31 31
32# private-bin w3m 32# private-bin w3m
33private-dev 33private-dev
34private-etc resolv.conf,ssl 34private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies
35private-tmp 35private-tmp
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index b3d45dc71..d17d2b612 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -32,7 +32,7 @@ disable-mnt
32private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl 32private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl
33private-dev 33private-dev
34# private-etc breaks audio on some distros 34# private-etc breaks audio on some distros
35#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl 35#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies
36private-tmp 36private-tmp
37 37
38noexec ${HOME} 38noexec ${HOME}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-15 13:29:03 +0000