3 files changed, 10 insertions, 7 deletions
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 4b3eb1ac7..18fcc59c6 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -23,20 +23,22 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-apparmor
+# Ubuntu 18.04 uses its own apparmor profile
+# uncomment the next line if you are not on Ubuntu
+#apparmor
 caps.drop all
 machine-id
 netfilter
 nodbus
 nodvd
 nogroups
-nonewprivs
+#nonewprivs - fix for Ubuntu 18.04/Debian 10
 noroot
 notv
-protocol unix,inet,inet6
+#protocol unix,inet,inet6  - fix for Ubuntu 18.04/Debian 10
-seccomp
+#seccomp  - fix for Ubuntu 18.04/Debian 10
 shell none
-tracelog
+#tracelog - problems reported by Ubuntu 18.04 apparmor profile in /var/log/syslog
 private-dev
 private-tmp
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 38ccb886f..57e1ce5f0 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -8,7 +8,8 @@ include /etc/firejail/globals.local
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-interpreters.inc
+# rhythmbox is using Python
+#include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 6b0bee7bd..9ccbb7310 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -17,7 +17,7 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-var-common.inc
-apparmor
+#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
 caps.drop all
 netfilter
 # nodbus - problems with KDE

diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 4b3eb1ac7..18fcc59c6 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile
@@ -23,20 +23,22 @@ include /etc/firejail/disable-programs.inc
23		23
24	include /etc/firejail/whitelist-var-common.inc	24	include /etc/firejail/whitelist-var-common.inc
25		25
26	apparmor	26	# Ubuntu 18.04 uses its own apparmor profile
		27	# uncomment the next line if you are not on Ubuntu
		28	#apparmor
27	caps.drop all	29	caps.drop all
28	machine-id	30	machine-id
29	netfilter	31	netfilter
30	nodbus	32	nodbus
31	nodvd	33	nodvd
32	nogroups	34	nogroups
33	nonewprivs	35	#nonewprivs - fix for Ubuntu 18.04/Debian 10
34	noroot	36	noroot
35	notv	37	notv
36	protocol unix,inet,inet6	38	#protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10
37	seccomp	39	#seccomp - fix for Ubuntu 18.04/Debian 10
38	shell none	40	shell none
39	tracelog	41	#tracelog - problems reported by Ubuntu 18.04 apparmor profile in /var/log/syslog
40		42
41	private-dev	43	private-dev
42	private-tmp	44	private-tmp


diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 38ccb886f..57e1ce5f0 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile
@@ -8,7 +8,8 @@ include /etc/firejail/globals.local
8		8
9	include /etc/firejail/disable-common.inc	9	include /etc/firejail/disable-common.inc
10	include /etc/firejail/disable-devel.inc	10	include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-interpreters.inc	11	# rhythmbox is using Python
		12	#include /etc/firejail/disable-interpreters.inc
12	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	14	include /etc/firejail/disable-programs.inc
14		15


diff --git a/etc/vlc.profile b/etc/vlc.profile index 6b0bee7bd..9ccbb7310 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile
@@ -17,7 +17,7 @@ include /etc/firejail/disable-programs.inc
17		17
18	include /etc/firejail/whitelist-var-common.inc	18	include /etc/firejail/whitelist-var-common.inc
19		19
20	apparmor	20	#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
21	caps.drop all	21	caps.drop all
22	netfilter	22	netfilter
23	# nodbus - problems with KDE	23	# nodbus - problems with KDE