From 4efa2d8ee13bc2b7e802f628d8b953a4fcfd9eec Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 15 Jan 2018 19:26:11 -0500 Subject: Add crypto-policies to private-etc in all profiles with private-etc *ssl* Seems to be necessary under Fedora like pki This also fixes an issue with no audio in Lollypop on Fedora --- etc/Viber.profile | 2 +- etc/firefox.profile | 2 +- etc/lollypop.profile | 2 +- etc/minetest.profile | 2 +- etc/quiterss.profile | 2 +- etc/slack.profile | 2 +- etc/steam.profile | 2 +- etc/surf.profile | 2 +- etc/terasology.profile | 2 +- etc/torbrowser-launcher.profile | 2 +- etc/w3m.profile | 2 +- etc/xonotic.profile | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/etc/Viber.profile b/etc/Viber.profile index 6700e3afc..a58ae95f6 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile @@ -31,7 +31,7 @@ shell none disable-mnt private-bin sh,bash,dig,awk,Viber -private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates +private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/firefox.profile b/etc/firefox.profile index ffb22295f..079cb1536 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -88,7 +88,7 @@ disable-mnt # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash private-dev # private-etc below works fine on most distributions. There are some problems on CentOS. -# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki +# private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/lollypop.profile b/etc/lollypop.profile index defbc0ac4..f42489cd3 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -25,7 +25,7 @@ seccomp shell none private-dev -private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki +private-etc asound.conf,ca-certificates,fonts,host.conf,hostname,hosts,pulse,resolv.conf,ssl,pki,crypto-policies,gtk-3.0,xdg,machine-id private-tmp noexec ${HOME} diff --git a/etc/minetest.profile b/etc/minetest.profile index 38aea8bcb..c560ac47c 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile @@ -33,7 +33,7 @@ disable-mnt private-bin minetest private-dev # private-etc needs to be updated, see #1702 -#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki +#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/quiterss.profile b/etc/quiterss.profile index a2c6a3ef3..94c64f2dd 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -44,7 +44,7 @@ tracelog disable-mnt private-bin quiterss private-dev -# private-etc X11,ssl,pki,ca-certificates +# private-etc X11,ssl,pki,ca-certificates,crypto-policies noexec ${HOME} noexec /tmp diff --git a/etc/slack.profile b/etc/slack.profile index 3861d44b5..da1f86638 100644 --- a/etc/slack.profile +++ b/etc/slack.profile @@ -36,5 +36,5 @@ shell none disable-mnt private-bin slack private-dev -private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki +private-etc asound.conf,ca-certificates,fonts,group,passwd,pulse,resolv.conf,ssl,ld.so.conf,ld.so.cache,localtime,pki,crypto-policies private-tmp diff --git a/etc/steam.profile b/etc/steam.profile index add320616..1e0fd57d1 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -47,5 +47,5 @@ shell none # private-dev should be commented for controllers private-dev # private-etc breaks some games -#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services +#private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,pki,services,crypto-policies private-tmp diff --git a/etc/surf.profile b/etc/surf.profile index 1630fc391..b91c09885 100644 --- a/etc/surf.profile +++ b/etc/surf.profile @@ -29,7 +29,7 @@ tracelog disable-mnt private-bin ls,surf,sh,bash,curl,dmenu,printf,sed,sleep,st,stterm,xargs,xprop private-dev -private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates +private-etc passwd,group,hosts,resolv.conf,fonts,ssl,pki,ca-certificates,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/terasology.profile b/etc/terasology.profile index 88de342c5..3d27134c4 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -37,7 +37,7 @@ shell none disable-mnt private-dev -private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki +private-etc asound.conf,ca-certificates,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,lsb-release,machine-id,mime.types,passwd,pulse,resolv.conf,ssl,java-8-openjdk,java-7-openjdk,pki,crypto-policies private-tmp noexec ${HOME} diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 49b083919..b802478a2 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -33,7 +33,7 @@ tracelog disable-mnt private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,test,tor-browser-en,torbrowser-launcher private-dev -private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates +private-etc fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies private-tmp noexec /tmp diff --git a/etc/w3m.profile b/etc/w3m.profile index 97d20becb..d35ed9ae0 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -31,5 +31,5 @@ tracelog # private-bin w3m private-dev -private-etc resolv.conf,ssl,pki,ca-certificates +private-etc resolv.conf,ssl,pki,ca-certificates,crypto-policies private-tmp diff --git a/etc/xonotic.profile b/etc/xonotic.profile index d2c804448..d17d2b612 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile @@ -32,7 +32,7 @@ disable-mnt private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl private-dev # private-etc breaks audio on some distros -#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki +#private-etc asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies private-tmp noexec ${HOME} -- cgit v1.2.3-70-g09d2