From 019fa047d61bee012252c5c28a7a7796caa6dfaf Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Thu, 13 Jun 2019 19:49:13 +0200 Subject: automatically fixed all private-{bin,etc} lines --- etc/QMediathekView.profile | 2 +- etc/QOwnNotes.profile | 4 ++-- etc/Viber.profile | 4 ++-- etc/XMind.profile | 2 +- etc/Xvfb.profile | 2 +- etc/akregator.profile | 2 +- etc/anki.profile | 2 +- etc/apktool.profile | 2 +- etc/archaudit-report.profile | 2 +- etc/aria2c.profile | 2 +- etc/ark.profile | 2 +- etc/arm.profile | 4 ++-- etc/artha.profile | 2 +- etc/atool.profile | 2 +- etc/bitwarden.profile | 2 +- etc/bsdtar.profile | 4 ++-- etc/bzflag.profile | 2 +- etc/celluloid.profile | 4 ++-- etc/cheese.profile | 2 +- etc/cmus.profile | 2 +- etc/crow.profile | 2 +- etc/deluge.profile | 2 +- etc/dex2jar.profile | 2 +- etc/dig.profile | 2 +- etc/discord-common.profile | 4 ++-- etc/electrum.profile | 2 +- etc/enpass.profile | 2 +- etc/ffmpeg.profile | 2 +- etc/file.profile | 2 +- etc/filezilla.profile | 2 +- etc/flameshot.profile | 2 +- etc/freeciv.profile | 2 +- etc/freemind.profile | 2 +- etc/gajim.profile | 2 +- etc/gcloud.profile | 2 +- etc/geekbench.profile | 2 +- etc/ghostwriter.profile | 2 +- etc/gitg.profile | 2 +- etc/gitter.profile | 2 +- etc/gnome-chess.profile | 2 +- etc/gnome-clocks.profile | 2 +- etc/gnome-music.profile | 4 ++-- etc/gnome-recipes.profile | 2 +- etc/godot.profile | 2 +- etc/google-earth.profile | 2 +- etc/gpredict.profile | 2 +- etc/gradio.profile | 2 +- etc/gwenview.profile | 2 +- etc/hugin.profile | 2 +- etc/imagej.profile | 2 +- etc/jd-gui.profile | 2 +- etc/kdeinit4.profile | 2 +- etc/kdenlive.profile | 2 +- etc/kid3.profile | 2 +- etc/konversation.profile | 2 +- etc/ktorrent.profile | 2 +- etc/kwrite.profile | 2 +- etc/lollypop.profile | 2 +- etc/macrofusion.profile | 2 +- etc/mate-dictionary.profile | 2 +- etc/mcabber.profile | 2 +- etc/mendeleydesktop.profile | 2 +- etc/mp3splt-gtk.profile | 2 +- etc/mpsyt.profile | 2 +- etc/mpv.profile | 2 +- etc/ms-office.profile | 4 ++-- etc/musixmatch.profile | 2 +- etc/mypaint.profile | 2 +- etc/nomacs.profile | 2 +- etc/nyx.profile | 2 +- etc/okular.profile | 2 +- etc/openclonk.profile | 2 +- etc/parole.profile | 4 ++-- etc/pdfsam.profile | 2 +- etc/pioneer.profile | 2 +- etc/pithos.profile | 2 +- etc/ppsspp.profile | 2 +- etc/pragha.profile | 2 +- etc/pybitmessage.profile | 4 ++-- etc/qbittorrent.profile | 2 +- etc/qgis.profile | 2 +- etc/qmmp.profile | 2 +- etc/qtox.profile | 2 +- etc/sdat2img.profile | 2 +- etc/silentarmy.profile | 2 +- etc/slack.profile | 4 ++-- etc/smplayer.profile | 2 +- etc/spotify.profile | 4 ++-- etc/standardnotes-desktop.profile | 2 +- etc/start-tor-browser.profile | 4 ++-- etc/steam.profile | 2 +- etc/supertuxkart.profile | 2 +- etc/surf.profile | 4 ++-- etc/tar.profile | 4 ++-- etc/teams-for-linux.profile | 4 ++-- etc/terasology.profile | 2 +- etc/tor.profile | 4 ++-- etc/torbrowser-launcher.profile | 2 +- etc/tremulous.profile | 2 +- etc/unrar.profile | 2 +- etc/unzip.profile | 2 +- etc/utox.profile | 2 +- etc/vlc.profile | 2 +- etc/w3m.profile | 2 +- etc/whois.profile | 2 +- etc/wire-desktop.profile | 4 ++-- etc/xfce4-mixer.profile | 2 +- etc/xiphos.profile | 2 +- etc/xonotic.profile | 2 +- etc/youtube-dl.profile | 4 ++-- etc/zart.profile | 2 +- 111 files changed, 130 insertions(+), 130 deletions(-) diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile index 7cc50da15..b750a135e 100644 --- a/etc/QMediathekView.profile +++ b/etc/QMediathekView.profile @@ -45,7 +45,7 @@ shell none tracelog disable-mnt -private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer +private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer private-cache private-dev # private-etc alternatives diff --git a/etc/QOwnNotes.profile b/etc/QOwnNotes.profile index 27ba00857..c774f3a60 100644 --- a/etc/QOwnNotes.profile +++ b/etc/QOwnNotes.profile @@ -47,8 +47,8 @@ shell none tracelog disable-mnt -private-bin QOwnNotes,gio +private-bin gio,QOwnNotes private-dev -private-etc alternatives,fonts,ld.so.cache,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,nsswitch.conf,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/Viber.profile b/etc/Viber.profile index 40358aa87..ecc500769 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile @@ -32,8 +32,8 @@ seccomp shell none disable-mnt -private-bin sh,bash,dig,awk,Viber -private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf +private-bin awk,bash,dig,sh,Viber +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 private-tmp env QTWEBENGINE_DISABLE_SANDBOX=1 diff --git a/etc/XMind.profile b/etc/XMind.profile index a5b0a864e..7e7c0c3cd 100644 --- a/etc/XMind.profile +++ b/etc/XMind.profile @@ -32,7 +32,7 @@ seccomp shell none disable-mnt -private-bin XMind,sh,cp +private-bin cp,sh,XMind private-tmp private-dev diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 3580f8336..259077d86 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile @@ -40,5 +40,5 @@ private # private-bin Xvfb,sh,xkbcomp # private-bin Xvfb,sh,xkbcomp,strace,bash,cat,ls private-dev -private-etc alternatives,ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname +private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf private-tmp diff --git a/etc/akregator.profile b/etc/akregator.profile index 2f35c55c0..466eff22d 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile @@ -40,7 +40,7 @@ seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@res shell none disable-mnt -private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper +private-bin akregator,akregatorstorageexporter,dbus-launch,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kshell4,kshell5 private-dev private-tmp diff --git a/etc/anki.profile b/etc/anki.profile index d50c720f7..c349376ff 100644 --- a/etc/anki.profile +++ b/etc/anki.profile @@ -50,5 +50,5 @@ disable-mnt private-bin anki,python* private-cache private-dev -private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,Trolltech.conf,ssl +private-etc alternatives,ca-certificates,fonts,gtk-2.0,hostname,hosts,machine-id,pki,resolv.conf,ssl,Trolltech.conf private-tmp diff --git a/etc/apktool.profile b/etc/apktool.profile index acddf010b..aeeb845ea 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile @@ -31,6 +31,6 @@ protocol unix seccomp shell none -private-bin apktool,bash,java,dirname,basename,expr,sh +private-bin apktool,basename,bash,dirname,expr,java,sh private-cache private-dev diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 2f1715da1..bfd110bf2 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile @@ -36,7 +36,7 @@ shell none disable-mnt private -private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds +private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds #private-dev private-tmp diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 68c83e573..583250983 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile @@ -37,7 +37,7 @@ shell none private-bin aria2c,gzip private-cache private-dev -private-etc alternatives,ca-certificates,ssl,resolv.conf +private-etc alternatives,ca-certificates,resolv.conf,ssl private-lib libreadline.so.* private-tmp diff --git a/etc/ark.profile b/etc/ark.profile index 9214e96ff..ee0899b1d 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -34,7 +34,7 @@ protocol unix seccomp shell none -private-bin ark,unrar,rar,unzip,zip,zipinfo,7z,p7zip,unar,lsar,lrzip,lzop,lz4,bash,sh,tclsh +private-bin 7z,ark,bash,lrzip,lsar,lz4,lzop,p7zip,rar,sh,tclsh,unar,unrar,unzip,zip,zipinfo #private-etc alternatives,smb.conf,samba,mtab,fonts,drirc,kde5rc,passwd,group,xdg private-dev diff --git a/etc/arm.profile b/etc/arm.profile index dd3fa190a..51dad94d1 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -41,8 +41,8 @@ shell none tracelog disable-mnt -private-bin arm,tor,sh,bash,python*,ps,lsof,ldconfig +private-bin arm,bash,ldconfig,lsof,ps,python*,sh,tor private-dev -private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor private-tmp diff --git a/etc/artha.profile b/etc/artha.profile index 8ef5124de..2660c4e10 100644 --- a/etc/artha.profile +++ b/etc/artha.profile @@ -38,7 +38,7 @@ disable-mnt private-bin artha,enchant,notify-send private-cache private-dev -private-etc alternatives,machine-id,fonts +private-etc alternatives,fonts,machine-id private-lib libnotify.so.* private-tmp diff --git a/etc/atool.profile b/etc/atool.profile index 3df32baac..7bcfdb935 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -45,7 +45,7 @@ tracelog private-cache private-dev # without login.defs atool complains and uses UID/GID 1000 by default -private-etc alternatives,passwd,group,login.defs +private-etc alternatives,group,login.defs,passwd private-tmp memory-deny-write-execute diff --git a/etc/bitwarden.profile b/etc/bitwarden.profile index 609543e14..550830157 100644 --- a/etc/bitwarden.profile +++ b/etc/bitwarden.profile @@ -47,7 +47,7 @@ private-bin bitwarden private-cache ?HAS_APPIMAGE: ignore private-dev private-dev -private-etc alternatives,ca-certificates,crypto-policies,hosts,nsswitch.conf,fonts,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl private-opt Bitwarden private-tmp diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index f964438bc..1f7a02c2b 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile @@ -37,9 +37,9 @@ shell none tracelog # support compressed archives -private-bin sh,bash,bsdcat,bsdcpio,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive +private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz private-cache private-dev -private-etc alternatives,passwd,group,localtime +private-etc alternatives,group,localtime,passwd memory-deny-write-execute diff --git a/etc/bzflag.profile b/etc/bzflag.profile index 94cd40899..86ab73e0b 100644 --- a/etc/bzflag.profile +++ b/etc/bzflag.profile @@ -38,7 +38,7 @@ shell none tracelog disable-mnt -private-bin bzflag,bzflag-wrapper,bzfs,bzadmin +private-bin bzadmin,bzflag,bzflag-wrapper,bzfs private-cache private-dev private-tmp diff --git a/etc/celluloid.profile b/etc/celluloid.profile index 190a49588..89543d6cc 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile @@ -38,9 +38,9 @@ seccomp shell none tracelog -private-bin celluloid,gnome-mpv,youtube-dl,python*,env +private-bin celluloid,env,gnome-mpv,python*,youtube-dl private-cache -private-etc alternatives,ca-certificates,ssl,pki,pkcs11,hosts,machine-id,localtime,libva.conf,drirc,fonts,gtk-3.0,dconf,crypto-policies,xdg,selinux,resolv.conf +private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,libva.conf,localtime,machine-id,pkcs11,pki,resolv.conf,selinux,ssl,xdg private-dev private-tmp diff --git a/etc/cheese.profile b/etc/cheese.profile index e95a27da5..633928260 100644 --- a/etc/cheese.profile +++ b/etc/cheese.profile @@ -41,5 +41,5 @@ tracelog disable-mnt private-bin cheese private-cache -private-etc alternatives,fonts,drirc,clutter-1.0,gtk-3.0,dconf +private-etc alternatives,clutter-1.0,dconf,drirc,fonts,gtk-3.0 private-tmp diff --git a/etc/cmus.profile b/etc/cmus.profile index e602c4e2a..7e12a06de 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -27,4 +27,4 @@ seccomp shell none private-bin cmus -private-etc alternatives,group,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,machine-id,pki,pulse,ssl diff --git a/etc/crow.profile b/etc/crow.profile index 8aa70a09c..755b6e9f8 100644 --- a/etc/crow.profile +++ b/etc/crow.profile @@ -38,7 +38,7 @@ shell none disable-mnt private-bin crow private-dev -private-etc alternatives,ca-certificates,ssl,machine-id,dconf,nsswitch.conf,resolv.conf,fonts,asound.conf,pulse,pki,crypto-policies +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl private-opt none private-tmp private-srv none diff --git a/etc/deluge.profile b/etc/deluge.profile index e86255d22..8f4f9fbe9 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -39,6 +39,6 @@ seccomp shell none # deluge is using python on Debian -private-bin deluge,deluge-console,deluged,deluge-gtk,deluge-web,sh,python*,uname +private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname private-dev private-tmp diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index a6fed6c78..e5f37b06a 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -35,7 +35,7 @@ protocol unix seccomp shell none -private-bin dex2jar,java,sh,bash,expr,dirname,ls,uname,grep +private-bin bash,dex2jar,dirname,expr,grep,java,ls,sh,uname private-cache private-dev diff --git a/etc/dig.profile b/etc/dig.profile index 1843f6e46..9bc4ee0ca 100644 --- a/etc/dig.profile +++ b/etc/dig.profile @@ -42,7 +42,7 @@ shell none disable-mnt private -private-bin sh,bash,dig +private-bin bash,dig,sh private-cache private-dev # private-etc alternatives,resolv.conf diff --git a/etc/discord-common.profile b/etc/discord-common.profile index a791c7a06..82dd0475c 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile @@ -27,9 +27,9 @@ novideo protocol unix,inet,inet6,netlink seccomp -private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh +private-bin bash,cut,echo,egrep,grep,head,sed,sh,tr,xdg-mime,xdg-open,zsh private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,ld.so.cache,localtime,login.defs,password,pki,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,resolv.conf,ssl private-tmp noexec /tmp diff --git a/etc/electrum.profile b/etc/electrum.profile index ab554b21f..42438977f 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile @@ -46,6 +46,6 @@ disable-mnt private-bin electrum,python* private-cache private-dev -private-etc alternatives,fonts,dconf,ca-certificates,ssl,pki,crypto-policies,machine-id,resolv.conf +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,machine-id,pki,resolv.conf,ssl private-tmp diff --git a/etc/enpass.profile b/etc/enpass.profile index 4ac35bbd6..99d3eac85 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile @@ -53,7 +53,7 @@ seccomp shell none tracelog -private-bin dirname,Enpass,importer_enpass,sh,readlink +private-bin dirname,Enpass,importer_enpass,readlink,sh ?HAS_APPIMAGE: ignore private-dev private-dev private-opt Enpass diff --git a/etc/ffmpeg.profile b/etc/ffmpeg.profile index ee722bc54..9c1c5b7de 100644 --- a/etc/ffmpeg.profile +++ b/etc/ffmpeg.profile @@ -43,7 +43,7 @@ tracelog private-bin ffmpeg private-cache private-dev -private-etc alternatives,pki,pkcs11,hosts,ssl,ca-certificates,resolv.conf +private-etc alternatives,ca-certificates,hosts,pkcs11,pki,resolv.conf,ssl private-tmp # memory-deny-write-execute - it breaks old versions of ffmpeg diff --git a/etc/file.profile b/etc/file.profile index c304b4efe..2782960c8 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -38,7 +38,7 @@ x11 none #private-bin file private-cache private-dev -private-etc alternatives,magic.mgc,magic,localtime +private-etc alternatives,localtime,magic,magic.mgc private-lib libarchive.so.*,libfakeroot,libmagic.so.* memory-deny-write-execute diff --git a/etc/filezilla.profile b/etc/filezilla.profile index af535880d..d8d4c1746 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -33,6 +33,6 @@ seccomp shell none # private-bin breaks --join if the user has zsh set as $SHELL - adding zsh on private-bin -private-bin filezilla,uname,sh,bash,zsh,python*,lsb_release,fzputtygen,fzsftp +private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh private-dev private-tmp diff --git a/etc/flameshot.profile b/etc/flameshot.profile index cd3e07455..3aad9723b 100644 --- a/etc/flameshot.profile +++ b/etc/flameshot.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-bin flameshot private-cache -private-etc alternatives,fonts,ld.so.conf,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,pki,resolv.conf,ssl private-dev private-tmp diff --git a/etc/freeciv.profile b/etc/freeciv.profile index 4813379a7..fa115d325 100644 --- a/etc/freeciv.profile +++ b/etc/freeciv.profile @@ -38,7 +38,7 @@ shell none tracelog disable-mnt -private-bin freeciv-gtk3,freeciv-mp-gtk3,freeciv-server,freeciv-manual +private-bin freeciv-gtk3,freeciv-manual,freeciv-mp-gtk3,freeciv-server private-cache private-dev private-tmp diff --git a/etc/freemind.profile b/etc/freemind.profile index 7ab4ae129..ba945c0fb 100644 --- a/etc/freemind.profile +++ b/etc/freemind.profile @@ -42,7 +42,7 @@ shell none tracelog disable-mnt -private-bin freemind,java,bash,sed,sh,grep,mkdir,echo,cp,uname,which,lsb_release,rpm,dpkg,dirname,readlink +private-bin bash,cp,dirname,dpkg,echo,freemind,grep,java,lsb_release,mkdir,readlink,rpm,sed,sh,uname,which private-cache private-dev #private-etc alternatives,fonts,java diff --git a/etc/gajim.profile b/etc/gajim.profile index 75d2f0774..74ab9f8b7 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -46,7 +46,7 @@ shell none tracelog disable-mnt -private-bin python,python3,sh,gpg,gpg2,gajim,bash,zsh,paplay,gajim-history-manager +private-bin bash,gajim,gajim-history-manager,gpg,gpg2,paplay,python,python3,sh,zsh private-dev private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/gcloud.profile b/etc/gcloud.profile index a08aebf2c..7ca99f420 100644 --- a/etc/gcloud.profile +++ b/etc/gcloud.profile @@ -36,5 +36,5 @@ tracelog disable-mnt private-dev -private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache +private-etc alternatives,ca-certificates,crypto-policies,hosts,ld.so.cache,localtime,nsswitch.conf,pki,resolv.conf,ssl private-tmp diff --git a/etc/geekbench.profile b/etc/geekbench.profile index 764c68131..a4c33b46f 100644 --- a/etc/geekbench.profile +++ b/etc/geekbench.profile @@ -41,7 +41,7 @@ disable-mnt private-bin bash,geekbenc*,sh private-cache private-dev -private-etc alternatives,group,passwd,lsb-release +private-etc alternatives,group,lsb-release,passwd private-lib libstdc++.so.* private-opt none private-tmp diff --git a/etc/ghostwriter.profile b/etc/ghostwriter.profile index 76011df19..48c02f195 100644 --- a/etc/ghostwriter.profile +++ b/etc/ghostwriter.profile @@ -49,7 +49,7 @@ tracelog #private-bin ghostwriter,pandoc private-cache private-dev -private-etc alternatives,cups,crypto-policies,localtime,drirc,fonts,gtk-3.0,dconf,machine-id +private-etc alternatives,crypto-policies,cups,dconf,drirc,fonts,gtk-3.0,localtime,machine-id # Breaks Translation #private-lib private-tmp diff --git a/etc/gitg.profile b/etc/gitg.profile index 656d5cfd8..f6f51ef6f 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile @@ -35,7 +35,7 @@ protocol unix,inet,inet6 seccomp shell none -private-bin gitg,git,ssh +private-bin git,gitg,ssh private-cache private-dev private-tmp diff --git a/etc/gitter.profile b/etc/gitter.profile index 7d0831bc4..017b1765a 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-bin bash,env,gitter -private-etc alternatives,fonts,pulse,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,pulse,resolv.conf,ssl private-opt Gitter private-dev private-tmp diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile index 04409a5e4..e657293ac 100644 --- a/etc/gnome-chess.profile +++ b/etc/gnome-chess.profile @@ -37,7 +37,7 @@ shell none tracelog disable-mnt -private-bin fairymax,gnome-chess,hoichess,gnuchess +private-bin fairymax,gnome-chess,gnuchess,hoichess private-cache private-dev private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0 diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index cb73a9477..2beee83e0 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile @@ -37,6 +37,6 @@ disable-mnt private-bin gnome-clocks,gsound-play private-cache private-dev -private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf +private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,localtime,machine-id,pkcs11,pki,ssl private-tmp diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index f843452c9..ad3fa1753 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -37,8 +37,8 @@ seccomp shell none tracelog -private-bin gnome-music,python*,env,gio-launch-desktop,yelp +private-bin env,gio-launch-desktop,gnome-music,python*,yelp private-dev -private-etc alternatives,fonts,machine-id,pulse,asound.conf +private-etc alternatives,asound.conf,fonts,machine-id,pulse private-tmp diff --git a/etc/gnome-recipes.profile b/etc/gnome-recipes.profile index 1a897a5d8..567fa262c 100644 --- a/etc/gnome-recipes.profile +++ b/etc/gnome-recipes.profile @@ -43,7 +43,7 @@ shell none disable-mnt private-bin gnome-recipes,tar private-dev -private-etc alternatives,ca-certificates,fonts,ssl,crypto-policies,pki +private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* private-tmp diff --git a/etc/godot.profile b/etc/godot.profile index 596b825eb..f2b365455 100644 --- a/etc/godot.profile +++ b/etc/godot.profile @@ -39,5 +39,5 @@ disable-mnt private-bin godot private-cache private-dev -private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl,fonts,alsa,asound.conf,machine-id,openal,pulse,alternatives,drirc +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,machine-id,nsswitch.conf,openal,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/google-earth.profile b/etc/google-earth.profile index a29e0d563..447a895d7 100644 --- a/etc/google-earth.profile +++ b/etc/google-earth.profile @@ -45,7 +45,7 @@ seccomp shell none disable-mnt -private-bin google-earth,sh,bash,grep,sed,ls,dirname +private-bin bash,dirname,google-earth,grep,ls,sed,sh private-dev private-opt google diff --git a/etc/gpredict.profile b/etc/gpredict.profile index e6d37ee27..c1f1b53a0 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -35,6 +35,6 @@ tracelog private-bin gpredict private-dev -private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl private-tmp diff --git a/etc/gradio.profile b/etc/gradio.profile index 75c793f61..82e2504b9 100644 --- a/etc/gradio.profile +++ b/etc/gradio.profile @@ -35,6 +35,6 @@ protocol unix,inet,inet6 seccomp shell none -private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp diff --git a/etc/gwenview.profile b/etc/gwenview.profile index d4af3ed1a..489be3931 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -43,7 +43,7 @@ seccomp shell none # tracelog -private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 +private-bin gimp*,gwenview,kbuildsycoca4,kdeinit4 private-dev private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg diff --git a/etc/hugin.profile b/etc/hugin.profile index 3d8921120..07a697c05 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -33,7 +33,7 @@ protocol unix seccomp shell none -private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend +private-bin align_image_stack,autooptimiser,calibrate_lens_gui,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,enblend,fulla,geocpset,hugin,hugin_executor,hugin_hdrmerge,hugin_lensdb,hugin_stitch_project,icpfind,linefind,nona,pano_modify,pano_trafo,PTBatcherGUI,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize private-cache private-dev private-tmp diff --git a/etc/imagej.profile b/etc/imagej.profile index be656bafa..00ee115ed 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile @@ -34,7 +34,7 @@ protocol unix seccomp shell none -private-bin imagej,bash,grep,sort,tail,tr,cut,whoami,hostname,uname,mkdir,ls,touch,free,awk,update-java-alternatives,basename,xprop,rm,ln +private-bin awk,basename,bash,cut,free,grep,hostname,imagej,ln,ls,mkdir,rm,sort,tail,touch,tr,uname,update-java-alternatives,whoami,xprop private-dev private-tmp diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 8442c6ed7..74fadb4a9 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -37,7 +37,7 @@ protocol unix seccomp shell none -private-bin jd-gui,sh,bash +private-bin bash,jd-gui,sh private-cache private-dev private-tmp diff --git a/etc/kdeinit4.profile b/etc/kdeinit4.profile index f786c78d5..082045c62 100644 --- a/etc/kdeinit4.profile +++ b/etc/kdeinit4.profile @@ -30,7 +30,7 @@ protocol unix,inet,inet6,netlink seccomp shell none -private-bin kdeinit4,kbuildsycoca4,kded4,knotify4 +private-bin kbuildsycoca4,kded4,kdeinit4,knotify4 private-dev private-tmp diff --git a/etc/kdenlive.profile b/etc/kdenlive.profile index 82c8c6793..710c86e9a 100644 --- a/etc/kdenlive.profile +++ b/etc/kdenlive.profile @@ -33,6 +33,6 @@ protocol unix,netlink seccomp shell none -private-bin kdenlive,kdenlive_render,dbus-launch,melt,ffmpeg,ffplay,ffprobe,dvdauthor,genisoimage,vlc,xine,kdeinit5,kshell5,kdeinit5_shutdown,kdeinit5_wrapper,kdeinit4,kshell4,kdeinit4_shutdown,kdeinit4_wrapper,mlt-melt +private-bin dbus-launch,dvdauthor,ffmpeg,ffplay,ffprobe,genisoimage,kdeinit4,kdeinit4_shutdown,kdeinit4_wrapper,kdeinit5,kdeinit5_shutdown,kdeinit5_wrapper,kdenlive,kdenlive_render,kshell4,kshell5,melt,mlt-melt,vlc,xine private-dev # private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,passwd,pulse,xdg,X11 diff --git a/etc/kid3.profile b/etc/kid3.profile index 3171e94fe..e138bdec4 100644 --- a/etc/kid3.profile +++ b/etc/kid3.profile @@ -37,7 +37,7 @@ tracelog private-cache private-dev -private-etc alternatives,drirc,fonts,kde5rc,gtk-3.0,dconf,machine-id,ca-certificates,ssl,pki,hostname,hosts,resolv.conf,pulse,,crypto-policies +private-etc ,alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl private-tmp private-opt none private-srv none diff --git a/etc/konversation.profile b/etc/konversation.profile index 19174459c..dd3e9617f 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -34,7 +34,7 @@ seccomp shell none tracelog -private-bin konversation,kbuildsycoca4 +private-bin kbuildsycoca4,konversation private-cache private-dev private-tmp diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index f30a1b7e6..2eb46a7e8 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile @@ -52,7 +52,7 @@ protocol unix,inet,inet6,netlink seccomp shell none -private-bin ktorrent,kbuildsycoca4,kdeinit4 +private-bin kbuildsycoca4,kdeinit4,ktorrent private-dev # private-lib - problems on Arch private-tmp diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 9b0640eab..31ac19039 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -43,7 +43,7 @@ seccomp shell none tracelog -private-bin kwrite,kbuildsycoca4,kdeinit4 +private-bin kbuildsycoca4,kdeinit4,kwrite private-dev private-etc alternatives,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,pulse,xdg private-tmp diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 6667815b9..1ce83822d 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -37,6 +37,6 @@ seccomp shell none private-dev -private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index f7a059f50..94d90780b 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile @@ -36,7 +36,7 @@ protocol unix seccomp shell none -private-bin python*,macrofusion,env,enfuse,exiftool,align_image_stack +private-bin align_image_stack,enfuse,env,exiftool,macrofusion,python* private-cache private-dev private-tmp diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index d1dc76260..49a776766 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -35,7 +35,7 @@ shell none disable-mnt private-bin mate-dictionary -private-etc alternatives,fonts,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssl private-opt mate-dictionary private-dev private-tmp diff --git a/etc/mcabber.profile b/etc/mcabber.profile index c65a25edc..134a6ae63 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -30,4 +30,4 @@ shell none private-bin mcabber private-dev -private-etc alternatives,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,pki,ssl diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index ed6cc3ae0..1f02ff5c0 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile @@ -43,7 +43,7 @@ shell none tracelog disable-mnt -private-bin mendeleydesktop,python*,env,gconftool-2,which,sh,ln,cat,update-desktop-database +private-bin cat,env,gconftool-2,ln,mendeleydesktop,python*,sh,update-desktop-database,which private-dev private-tmp diff --git a/etc/mp3splt-gtk.profile b/etc/mp3splt-gtk.profile index d14006112..e0936476b 100644 --- a/etc/mp3splt-gtk.profile +++ b/etc/mp3splt-gtk.profile @@ -37,5 +37,5 @@ tracelog private-bin mp3splt-gtk private-cache private-dev -private-etc alsa,alternatives,asound.conf,fonts,gtk-3.0,dconf,machine-id,openal,pulse +private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-3.0,machine-id,openal,pulse private-tmp diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 775e137bc..d87241070 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile @@ -50,7 +50,7 @@ seccomp shell none tracelog -private-bin mpsyt,mplayer,mpv,youtube-dl,python*,env,ffmpeg +private-bin env,ffmpeg,mplayer,mpsyt,mpv,python*,youtube-dl private-dev private-tmp diff --git a/etc/mpv.profile b/etc/mpv.profile index aa2335516..5aa9e7e74 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile @@ -40,6 +40,6 @@ seccomp shell none tracelog -private-bin mpv,youtube-dl,python*,env +private-bin env,mpv,python*,youtube-dl private-cache private-dev diff --git a/etc/ms-office.profile b/etc/ms-office.profile index 25b097d72..3bc674134 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile @@ -35,8 +35,8 @@ shell none tracelog disable-mnt -private-bin bash,fonts,env,jak,ms-office,python*,sh -private-etc alternatives,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-bin bash,env,fonts,jak,ms-office,python*,sh +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl private-dev private-tmp diff --git a/etc/musixmatch.profile b/etc/musixmatch.profile index 727269a61..a6b85a8e4 100644 --- a/etc/musixmatch.profile +++ b/etc/musixmatch.profile @@ -32,5 +32,5 @@ seccomp disable-mnt private-dev -private-etc alternatives,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,machine-id,pki,pulse,ssl diff --git a/etc/mypaint.profile b/etc/mypaint.profile index 19643e749..d75651d78 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile @@ -44,6 +44,6 @@ tracelog private-cache private-dev -private-etc alternatives,fonts,gtk-3.0,dconf +private-etc alternatives,dconf,fonts,gtk-3.0 private-tmp diff --git a/etc/nomacs.profile b/etc/nomacs.profile index fd154b1c4..7a7ff504a 100644 --- a/etc/nomacs.profile +++ b/etc/nomacs.profile @@ -41,7 +41,7 @@ tracelog #private-bin nomacs private-cache private-dev -private-etc alternatives,hosts,ca-certificates,ssl,pki,crypto-policies,resolv.conf,drirc,fonts,gtk-3.0,dconf,machine-id,login.defs +private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,login.defs,machine-id,pki,resolv.conf,ssl private-tmp memory-deny-write-execute diff --git a/etc/nyx.profile b/etc/nyx.profile index 1ea33ac4d..c4475c75c 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile @@ -45,7 +45,7 @@ disable-mnt private-bin nyx,python* private-cache private-dev -private-etc alternatives,passwd,tor,fonts +private-etc alternatives,fonts,passwd,tor private-opt none private-srv none private-tmp diff --git a/etc/okular.profile b/etc/okular.profile index 48e45ca3f..99357934d 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -47,7 +47,7 @@ seccomp shell none tracelog -private-bin okular,kbuildsycoca4,kdeinit4,lpr +private-bin kbuildsycoca4,kdeinit4,lpr,okular private-dev private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,machine-id,xdg # private-tmp - on KDE we need access to the real /tmp for data exchange with email clients diff --git a/etc/openclonk.profile b/etc/openclonk.profile index 02663c2f4..da60006b3 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile @@ -38,7 +38,7 @@ shell none tracelog disable-mnt -private-bin openclonk,c4group +private-bin c4group,openclonk private-cache private-dev private-tmp diff --git a/etc/parole.profile b/etc/parole.profile index 69ed5a2ca..e7a0694ed 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -25,6 +25,6 @@ protocol unix,inet,inet6 seccomp shell none -private-bin parole,dbus-launch +private-bin dbus-launch,parole private-cache -private-etc alternatives,passwd,group,fonts,machine-id,pulse,asound.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,pulse,ssl diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index bd3592f48..adff2af3e 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -37,7 +37,7 @@ protocol unix seccomp shell none -private-bin pdfsam,sh,bash,java,archlinux-java,grep,awk,dirname,uname,which,sort,find,readlink,expr,ls,java-config +private-bin archlinux-java,awk,bash,dirname,expr,find,grep,java,java-config,ls,pdfsam,readlink,sh,sort,uname,which private-cache private-dev private-tmp diff --git a/etc/pioneer.profile b/etc/pioneer.profile index a240aa5fc..c5b936617 100644 --- a/etc/pioneer.profile +++ b/etc/pioneer.profile @@ -38,7 +38,7 @@ shell none tracelog disable-mnt -private-bin pioneer,modelcompiler,savegamedump +private-bin modelcompiler,pioneer,savegamedump private-cache private-dev private-tmp diff --git a/etc/pithos.profile b/etc/pithos.profile index 62050eb55..ad56ce525 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -36,7 +36,7 @@ seccomp shell none disable-mnt -private-bin pithos,env,python* +private-bin env,pithos,python* private-dev private-tmp diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 480a03e49..116698312 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile @@ -38,7 +38,7 @@ shell none # private-dev is disabled to allow controller support #private-dev -private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl private-opt ppsspp private-tmp diff --git a/etc/pragha.profile b/etc/pragha.profile index 4e6840636..019c1a547 100644 --- a/etc/pragha.profile +++ b/etc/pragha.profile @@ -33,6 +33,6 @@ seccomp shell none private-dev -private-etc alternatives,asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 3bce425d9..034c144c7 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile @@ -39,8 +39,8 @@ seccomp shell none disable-mnt -private-bin pybitmessage,python*,sh,ldconfig,env,bash,stat +private-bin bash,env,ldconfig,pybitmessage,python*,sh,stat private-dev -private-etc alternatives,PyBitmessage,PyBitmessage.conf,Trolltech.conf,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,resolv.conf,selinux,sni-qt.conf,system-fips,xdg,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg private-tmp diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 82e237d54..d5198ef61 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -51,7 +51,7 @@ protocol unix,inet,inet6,netlink seccomp shell none -private-bin qbittorrent,python* +private-bin python*,qbittorrent private-dev # private-etc alternatives,X11,fonts,xdg,resolv.conf,ca-certificates,ssl,pki,crypto-policies # private-lib - problems on Arch diff --git a/etc/qgis.profile b/etc/qgis.profile index 70788b207..15ef4c22a 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile @@ -53,5 +53,5 @@ tracelog disable-mnt private-cache private-dev -private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl,QGIS,QGIS.conf,Trolltech.conf +private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,QGIS,QGIS.conf,resolv.conf,ssl,Trolltech.conf private-tmp diff --git a/etc/qmmp.profile b/etc/qmmp.profile index f786e73b7..b69bbdef1 100644 --- a/etc/qmmp.profile +++ b/etc/qmmp.profile @@ -31,7 +31,7 @@ seccomp shell none tracelog -private-bin qmmp,tar,unzip,bzip2,gzip +private-bin bzip2,gzip,qmmp,tar,unzip private-dev private-tmp diff --git a/etc/qtox.profile b/etc/qtox.profile index 0ca5a5ef0..4a731b45a 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -42,7 +42,7 @@ disable-mnt private-bin qtox private-cache private-dev -private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl private-tmp memory-deny-write-execute diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 176842c44..a367acad5 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -36,7 +36,7 @@ protocol unix seccomp shell none -private-bin sdat2img,env,python* +private-bin env,python*,sdat2img private-cache private-dev diff --git a/etc/silentarmy.profile b/etc/silentarmy.profile index 7aeb2909b..cfc33d074 100644 --- a/etc/silentarmy.profile +++ b/etc/silentarmy.profile @@ -32,7 +32,7 @@ shell none disable-mnt private -private-bin silentarmy,sa-solver,python* +private-bin python*,sa-solver,silentarmy private-dev private-opt none private-tmp diff --git a/etc/slack.profile b/etc/slack.profile index 53baf5f40..5c10ef0ba 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -33,7 +33,7 @@ seccomp shell none disable-mnt -private-bin slack,locale +private-bin locale,slack private-dev -private-etc alternatives,asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies,machine-id +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,passwd,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 0363a2475..9b824604a 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -37,7 +37,7 @@ protocol unix,inet,inet6,netlink seccomp shell none -private-bin smplayer,smtube,mplayer,mpv,youtube-dl,python*,env +private-bin env,mplayer,mpv,python*,smplayer,smtube,youtube-dl private-dev private-tmp diff --git a/etc/spotify.profile b/etc/spotify.profile index 2d5c4a48f..09ed69afe 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -42,9 +42,9 @@ shell none tracelog disable-mnt -private-bin spotify,bash,sh,zenity +private-bin bash,sh,spotify,zenity private-dev -private-etc alternatives,fonts,group,ld.so.cache,machine-id,pulse,resolv.conf,hosts,nsswitch.conf,host.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,host.conf,hosts,ld.so.cache,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl private-opt spotify private-srv none private-tmp diff --git a/etc/standardnotes-desktop.profile b/etc/standardnotes-desktop.profile index 5458120ef..297392b9a 100644 --- a/etc/standardnotes-desktop.profile +++ b/etc/standardnotes-desktop.profile @@ -39,5 +39,5 @@ seccomp disable-mnt private-dev private-tmp -private-etc alternatives,ca-certificates,fonts,host.conf,hostname,hosts,resolv.conf,ssl,pki,crypto-policies,xdg +private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,pki,resolv.conf,ssl,xdg diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 8acf77349..0145f3de6 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile @@ -34,7 +34,7 @@ shell none #tracelog disable-mnt -private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf +private-bin bash,cp,dirname,env,getconf,gpg,grep,id,ln,mkdir,readlink,rm,sed,sh,tail,test private-dev -private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/steam.profile b/etc/steam.profile index 5ab600bfb..df7bfba85 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -69,5 +69,5 @@ shell none # private-dev should be commented for controllers private-dev # private-etc breaks a small selection of games on some systems, comment to support those -private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies,alternatives,bumblebee,nvidia,os-release +private-etc alternatives,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl private-tmp diff --git a/etc/supertuxkart.profile b/etc/supertuxkart.profile index 60d80ecd4..2cd5ec3ad 100644 --- a/etc/supertuxkart.profile +++ b/etc/supertuxkart.profile @@ -47,7 +47,7 @@ disable-mnt private-bin supertuxkart private-cache private-dev -private-etc alternatives,resolv.conf,ca-certificates,ssl,hosts,machine-id,xdg,openal,crypto-policies,pki,drirc,system-fips,selinux +private-etc alternatives,ca-certificates,crypto-policies,drirc,hosts,machine-id,openal,pki,resolv.conf,selinux,ssl,system-fips,xdg private-tmp private-opt none private-srv none diff --git a/etc/surf.profile b/etc/surf.profile index 5f116fd0c..d4c6d9afc 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -32,8 +32,8 @@ shell none tracelog disable-mnt -private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop +private-bin bash,curl,dmenu,ls,printf,sed,sh,sleep,st,stterm,surf,xargs,xprop private-dev -private-etc alternatives,passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,passwd,pki,resolv.conf,ssl private-tmp diff --git a/etc/tar.profile b/etc/tar.profile index b6a874217..71f7414bc 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -38,10 +38,10 @@ shell none tracelog # support compressed archives -private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop +private-bin bash,bzip2,compress,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz private-cache private-dev -private-etc alternatives,passwd,group,localtime +private-etc alternatives,group,localtime,passwd private-lib libfakeroot memory-deny-write-execute diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index 51a76bad4..d9e874be2 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile @@ -35,8 +35,8 @@ seccomp shell none disable-mnt -private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux +private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh private-cache private-dev -private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf +private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl private-tmp diff --git a/etc/terasology.profile b/etc/terasology.profile index 2a7212395..7b273c23d 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -44,5 +44,5 @@ shell none disable-mnt private-dev -private-etc alternatives,asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,java-7-openjdk,java-8-openjdk,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/tor.profile b/etc/tor.profile index e80fbadb0..4aebe0a1e 100644 --- a/etc/tor.profile +++ b/etc/tor.profile @@ -44,9 +44,9 @@ writable-var disable-mnt private -private-bin tor,bash +private-bin bash,tor private-cache private-dev -private-etc alternatives,tor,passwd,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor private-tmp diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index ff4a85871..33e87e6a7 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -50,5 +50,5 @@ shell none disable-mnt private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz private-dev -private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hostname,hosts,ld.so.cache,machine-id,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/tremulous.profile b/etc/tremulous.profile index a56ac2c07..e148298ae 100644 --- a/etc/tremulous.profile +++ b/etc/tremulous.profile @@ -38,7 +38,7 @@ shell none tracelog disable-mnt -private-bin tremulous,tremulous-wrapper,tremded +private-bin tremded,tremulous,tremulous-wrapper private-cache private-dev private-tmp diff --git a/etc/unrar.profile b/etc/unrar.profile index 5b55f30d2..a2e101a58 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -38,5 +38,5 @@ tracelog private-bin unrar private-dev -private-etc alternatives,passwd,group,localtime +private-etc alternatives,group,localtime,passwd private-tmp diff --git a/etc/unzip.profile b/etc/unzip.profile index 79b41f9d8..875fa6f98 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -42,4 +42,4 @@ tracelog private-bin unzip private-cache private-dev -private-etc alternatives,passwd,group,localtime +private-etc alternatives,group,localtime,passwd diff --git a/etc/utox.profile b/etc/utox.profile index 9216a6a05..454e3260b 100644 --- a/etc/utox.profile +++ b/etc/utox.profile @@ -41,7 +41,7 @@ disable-mnt private-bin utox private-cache private-dev -private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse,openal +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,openal,pki,pulse,resolv.conf,ssl private-tmp memory-deny-write-execute diff --git a/etc/vlc.profile b/etc/vlc.profile index 64ac7a4f0..572758f28 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -34,7 +34,7 @@ protocol unix,inet,inet6,netlink seccomp shell none -private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc +private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc private-dev private-tmp diff --git a/etc/w3m.profile b/etc/w3m.profile index d577932e3..9b6cc8238 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -36,5 +36,5 @@ tracelog # private-bin w3m private-cache private-dev -private-etc alternatives,resolv.conf,ssl,pki,ca-certificates,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl private-tmp diff --git a/etc/whois.profile b/etc/whois.profile index cc2494f95..f101ee637 100644 --- a/etc/whois.profile +++ b/etc/whois.profile @@ -36,7 +36,7 @@ shell none disable-mnt private -private-bin sh,bash,whois +private-bin bash,sh,whois private-cache private-dev # private-etc alternatives,hosts,services,whois.conf diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index 7c545d08f..f41453bf3 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile @@ -34,7 +34,7 @@ shell none # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop" disable-mnt -private-bin wire-desktop,bash,sh,env,electron +private-bin bash,electron,env,sh,wire-desktop private-dev -private-etc alternatives,fonts,machine-id,resolv.conf,ca-certificates,ssl,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl private-tmp diff --git a/etc/xfce4-mixer.profile b/etc/xfce4-mixer.profile index 952625ef8..e6bbb4259 100644 --- a/etc/xfce4-mixer.profile +++ b/etc/xfce4-mixer.profile @@ -42,7 +42,7 @@ disable-mnt private-bin xfce4-mixer,xfconf-query private-cache private-dev -private-etc alternatives,asound.conf,fonts,pulse,machine-id +private-etc alternatives,asound.conf,fonts,machine-id,pulse private-tmp memory-deny-write-execute diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 043e513bd..7114f0469 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile @@ -46,5 +46,5 @@ disable-mnt private-bin xiphos private-cache private-dev -private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies +private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,resolv.conf,ssli,sword,sword.conf private-tmp diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 09c0639f8..f4f828eda 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -37,6 +37,6 @@ shell none disable-mnt private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl private-dev -private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id +private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl private-tmp diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index c88d63c01..190c972c0 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -49,10 +49,10 @@ shell none tracelog disable-mnt -private-bin youtube-dl,python*,ffmpeg,env +private-bin env,ffmpeg,python*,youtube-dl private-cache private-dev -private-etc alternatives,ssl,pki,ca-certificates,hostname,hosts,resolv.conf,youtube-dl.conf,crypto-policies,mime.types +private-etc alternatives,ca-certificates,crypto-policies,hostname,hosts,mime.types,pki,resolv.conf,ssl,youtube-dl.conf private-tmp # memory-deny-write-execute - breaks on Arch diff --git a/etc/zart.profile b/etc/zart.profile index f380e93f0..347bed8b6 100644 --- a/etc/zart.profile +++ b/etc/zart.profile @@ -31,6 +31,6 @@ protocol unix seccomp shell none -private-bin zart,ffmpeg,melt,ffprobe,ffplay +private-bin ffmpeg,ffplay,ffprobe,melt,zart private-dev -- cgit v1.2.3-54-g00ecf From a6c7ae231968e0cb4a1ac32dd82ebdd7db92b9f8 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Fri, 14 Jun 2019 07:19:04 +0000 Subject: remove starting comma in kid3.profile --- etc/kid3.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/kid3.profile b/etc/kid3.profile index e138bdec4..01064feb5 100644 --- a/etc/kid3.profile +++ b/etc/kid3.profile @@ -37,7 +37,7 @@ tracelog private-cache private-dev -private-etc ,alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl +private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hostname,hosts,kde5rc,machine-id,pki,pulse,resolv.conf,ssl private-tmp private-opt none private-srv none -- cgit v1.2.3-54-g00ecf