3 files changed, 56 insertions, 72 deletions
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
index 75338eb6d..e11134616 100644
--- a/etc/profile-a-l/d-feet.profile
+++ b/etc/profile-a-l/d-feet.profile
@@ -12,45 +12,16 @@ noblacklist ${HOME}/.config/d-feet
 include allow-python2.inc
 include allow-python3.inc
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
 mkdir ${HOME}/.config/d-feet
 whitelist ${HOME}/.config/d-feet
 whitelist /usr/share/d-feet
-include whitelist-common.inc
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-apparmor
+# breaks on Ubuntu
-caps.drop all
+ignore net none
-ipc-namespace
-#net none # breaks on Ubuntu
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-disable-mnt
 private-bin d-feet,python*
-private-cache
-private-dev
-private-etc dbus-1
-private-tmp
 #memory-deny-write-execute # breaks on Arch (see issue #1803)
-restrict-namespaces
+# Redirect
+include dbus-debug-common.profile
diff --git a/etc/profile-a-l/d-spy.profile b/etc/profile-a-l/d-spy.profile
index 9ff429ecb..2c9ef52cb 100644
--- a/etc/profile-a-l/d-spy.profile
+++ b/etc/profile-a-l/d-spy.profile
@@ -6,43 +6,7 @@ include d-spy.local
 # Persistent global definitions
 include globals.local
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-proc.inc
-include disable-programs.inc
-include disable-shell.inc
-include disable-xdg.inc
-include whitelist-common.inc
-include whitelist-runuser-common.inc
-include whitelist-usr-share-common.inc
-include whitelist-var-common.inc
-apparmor
-caps.drop all
-ipc-namespace
-net none
-no3d
-nodvd
-nogroups
-noinput
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-disable-mnt
 private-bin d-spy
-private-cache
-private-dev
-private-etc dbus-1
-private-tmp
-read-only ${HOME}
+# Redirect
-restrict-namespaces
+include dbus-debug-common.profile
diff --git a/etc/profile-a-l/dbus-debug-common.profile b/etc/profile-a-l/dbus-debug-common.profile
new file mode 100644
index 000000000..0ef060f3a
--- /dev/null
+++ b/etc/profile-a-l/dbus-debug-common.profile
@@ -0,0 +1,49 @@
+# Firejail profile for dbus-debug-common
+# This file is overwritten after every install/update
+# Persistent local customizations
+include dbus-debug-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+seccomp.block-secondary
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc dbus-1
+private-tmp
+read-only ${HOME}
+restrict-namespaces

diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index 75338eb6d..e11134616 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile
@@ -12,45 +12,16 @@ noblacklist ${HOME}/.config/d-feet
12	include allow-python2.inc	12	include allow-python2.inc
13	include allow-python3.inc	13	include allow-python3.inc
14		14
15	include disable-common.inc
16	include disable-devel.inc
17	include disable-exec.inc
18	include disable-interpreters.inc
19	include disable-programs.inc
20	include disable-shell.inc
21	include disable-xdg.inc
22
23	mkdir ${HOME}/.config/d-feet	15	mkdir ${HOME}/.config/d-feet
24	whitelist ${HOME}/.config/d-feet	16	whitelist ${HOME}/.config/d-feet
25	whitelist /usr/share/d-feet	17	whitelist /usr/share/d-feet
26	include whitelist-common.inc
27	include whitelist-runuser-common.inc
28	include whitelist-usr-share-common.inc
29	include whitelist-var-common.inc
30		18
31	apparmor	19	# breaks on Ubuntu
32	caps.drop all	20	ignore net none
33	ipc-namespace
34	#net none # breaks on Ubuntu
35	no3d
36	nodvd
37	nogroups
38	noinput
39	nonewprivs
40	noroot
41	nosound
42	notv
43	nou2f
44	novideo
45	protocol unix
46	seccomp
47		21
48	disable-mnt
49	private-bin d-feet,python*	22	private-bin d-feet,python*
50	private-cache
51	private-dev
52	private-etc dbus-1
53	private-tmp
54		23
55	#memory-deny-write-execute # breaks on Arch (see issue #1803)	24	#memory-deny-write-execute # breaks on Arch (see issue #1803)
56	restrict-namespaces	25
		26	# Redirect
		27	include dbus-debug-common.profile


diff --git a/etc/profile-a-l/d-spy.profile b/etc/profile-a-l/d-spy.profile index 9ff429ecb..2c9ef52cb 100644 --- a/etc/profile-a-l/d-spy.profile +++ b/etc/profile-a-l/d-spy.profile
@@ -6,43 +6,7 @@ include d-spy.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	include disable-common.inc
10	include disable-devel.inc
11	include disable-exec.inc
12	include disable-interpreters.inc
13	include disable-proc.inc
14	include disable-programs.inc
15	include disable-shell.inc
16	include disable-xdg.inc
17
18	include whitelist-common.inc
19	include whitelist-runuser-common.inc
20	include whitelist-usr-share-common.inc
21	include whitelist-var-common.inc
22
23	apparmor
24	caps.drop all
25	ipc-namespace
26	net none
27	no3d
28	nodvd
29	nogroups
30	noinput
31	nonewprivs
32	noroot
33	nosound
34	notv
35	nou2f
36	novideo
37	protocol unix
38	seccomp
39
40	disable-mnt
41	private-bin d-spy	9	private-bin d-spy
42	private-cache
43	private-dev
44	private-etc dbus-1
45	private-tmp
46		10
47	read-only ${HOME}	11	# Redirect
48	restrict-namespaces	12	include dbus-debug-common.profile


diff --git a/etc/profile-a-l/dbus-debug-common.profile b/etc/profile-a-l/dbus-debug-common.profile new file mode 100644 index 000000000..0ef060f3a --- /dev/null +++ b/etc/profile-a-l/dbus-debug-common.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for dbus-debug-common
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include dbus-debug-common.local
		5	# Persistent global definitions
		6	# added by caller profile
		7	#include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-proc.inc
		14	include disable-programs.inc
		15	include disable-shell.inc
		16	include disable-xdg.inc
		17
		18	include whitelist-common.inc
		19	include whitelist-runuser-common.inc
		20	include whitelist-usr-share-common.inc
		21	include whitelist-var-common.inc
		22
		23	apparmor
		24	caps.drop all
		25	ipc-namespace
		26	net none
		27	no3d
		28	nodvd
		29	nogroups
		30	noinput
		31	nonewprivs
		32	noroot
		33	nosound
		34	notv
		35	nou2f
		36	novideo
		37	protocol unix
		38	seccomp
		39	seccomp.block-secondary
		40	tracelog
		41
		42	disable-mnt
		43	private-cache
		44	private-dev
		45	private-etc dbus-1
		46	private-tmp
		47
		48	read-only ${HOME}
		49	restrict-namespaces