From 845bd06665539af002b1bf74d2b7cb9e6cf11e0e Mon Sep 17 00:00:00 2001 From: The Fox in the Shell Date: Wed, 25 May 2016 02:46:09 +0200 Subject: profiles: Add nonewprivs where sensible --- etc/0ad.profile | 1 + etc/Mathematica.profile | 1 + etc/abrowser.profile | 1 + etc/atril.profile | 1 + etc/audacious.profile | 1 + etc/aweather.profile | 1 + etc/bitlbee.profile | 1 + etc/cherrytree.profile | 1 + etc/clementine.profile | 1 + etc/cmus.profile | 1 + etc/conkeror.profile | 1 + etc/cyberfox.profile | 1 + etc/deadbeef.profile | 1 + etc/default.profile | 1 + etc/deluge.profile | 1 + etc/dillo.profile | 1 + etc/dnsmasq.profile | 1 + etc/dropbox.profile | 1 + etc/empathy.profile | 1 + etc/epiphany.profile | 2 +- etc/evince.profile | 1 + etc/fbreader.profile | 1 + etc/filezilla.profile | 1 + etc/firefox.profile | 1 + etc/flashpeak-slimjet.profile | 1 + etc/gnome-mplayer.profile | 1 + etc/google-play-music-desktop-player.profile | 1 + etc/gpredict.profile | 1 + etc/gwenview.profile | 1 + etc/hedgewars.profile | 1 + etc/hexchat.profile | 1 + etc/kmail.profile | 1 + etc/mcabber.profile | 1 + etc/mupen64plus.profile | 1 + etc/netsurf.profile | 1 + etc/okular.profile | 1 + etc/palemoon.profile | 1 + etc/parole.profile | 1 + etc/pidgin.profile | 1 + etc/polari.profile | 1 + etc/qbittorrent.profile | 1 + etc/qtox.profile | 1 + etc/quassel.profile | 1 + etc/quiterss.profile | 1 + etc/qutebrowser.profile | 1 + etc/rhythmbox.profile | 1 + etc/rtorrent.profile | 1 + etc/seamonkey.profile | 1 + etc/skype.profile | 1 + etc/spotify.profile | 1 + etc/ssh.profile | 1 + etc/steam.profile | 1 + etc/stellarium.profile | 1 + etc/telegram.profile | 1 + etc/totem.profile | 1 + etc/transmission-gtk.profile | 1 + etc/transmission-qt.profile | 1 + etc/uget-gtk.profile | 1 + etc/vivaldi.profile | 1 + etc/vlc.profile | 1 + etc/warzone2100.profile | 1 + etc/weechat.profile | 1 + etc/wesnoth.profile | 1 + etc/wine.profile | 1 + etc/xchat.profile | 1 + etc/xplayer.profile | 1 + etc/xreader.profile | 1 + etc/xviewer.profile | 1 + 68 files changed, 68 insertions(+), 1 deletion(-) diff --git a/etc/0ad.profile b/etc/0ad.profile index f8a3ce23d..e6540fb5d 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile @@ -12,6 +12,7 @@ protocol unix,inet,inet6,netlink netfilter tracelog noroot +nonewprivs # Whitelists noblacklist ~/.cache/0ad diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile index 05131df43..75dbebcf0 100644 --- a/etc/Mathematica.profile +++ b/etc/Mathematica.profile @@ -16,4 +16,5 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp +nonewprivs noroot diff --git a/etc/abrowser.profile b/etc/abrowser.profile index 949635258..6a06ce76b 100644 --- a/etc/abrowser.profile +++ b/etc/abrowser.profile @@ -11,6 +11,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/atril.profile b/etc/atril.profile index d1a7b25f8..c20a8c7b3 100644 --- a/etc/atril.profile +++ b/etc/atril.profile @@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot tracelog netfilter diff --git a/etc/audacious.profile b/etc/audacious.profile index 290faa260..0a1598dee 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/aweather.profile b/etc/aweather.profile index d7f510a7e..dd508e736 100644 --- a/etc/aweather.profile +++ b/etc/aweather.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc # Call these options caps.drop all netfilter +nonewprivs noroot protocol unix,inet,inet6,netlink seccomp diff --git a/etc/bitlbee.profile b/etc/bitlbee.profile index fb84c260a..b7ccd132e 100644 --- a/etc/bitlbee.profile +++ b/etc/bitlbee.profile @@ -9,3 +9,4 @@ private private-dev seccomp netfilter +nonewprivs diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 1f69f61c6..b3a34fc9a 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -19,6 +19,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot include /etc/firejail/whitelist-common.inc nosound diff --git a/etc/clementine.profile b/etc/clementine.profile index c6271e6e3..fb9dca2a9 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile @@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/cmus.profile b/etc/cmus.profile index 72b43a70f..16b9c112d 100644 --- a/etc/cmus.profile +++ b/etc/cmus.profile @@ -10,6 +10,7 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot private-bin cmus diff --git a/etc/conkeror.profile b/etc/conkeror.profile index 007eef663..0a7966e4b 100644 --- a/etc/conkeror.profile +++ b/etc/conkeror.profile @@ -7,6 +7,7 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot whitelist ~/.conkeror.mozdev.org diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile index cef9ad464..c5fb25e9a 100644 --- a/etc/cyberfox.profile +++ b/etc/cyberfox.profile @@ -11,6 +11,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 2810e5323..9225ca16e 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile @@ -9,4 +9,5 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/default.profile b/etc/default.profile index f2c7d4114..d836a9f5d 100644 --- a/etc/default.profile +++ b/etc/default.profile @@ -11,5 +11,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot diff --git a/etc/deluge.profile b/etc/deluge.profile index 4043f58f5..f7a2b98e4 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -9,5 +9,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot nosound diff --git a/etc/dillo.profile b/etc/dillo.profile index 49c33fb7a..392000ade 100644 --- a/etc/dillo.profile +++ b/etc/dillo.profile @@ -11,6 +11,7 @@ seccomp protocol unix,inet,inet6 netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index 474bc5aca..4459c40dd 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -11,3 +11,4 @@ protocol unix,inet,inet6,netlink netfilter private private-dev +nonewprivs diff --git a/etc/dropbox.profile b/etc/dropbox.profile index a0a944dce..568ab230a 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile @@ -6,4 +6,5 @@ include /etc/firejail/disable-passwdmgr.inc caps seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/empathy.profile b/etc/empathy.profile index 789bdda08..c08398e84 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -7,3 +7,4 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs diff --git a/etc/epiphany.profile b/etc/epiphany.profile index 95a673bf9..7783a05fd 100644 --- a/etc/epiphany.profile +++ b/etc/epiphany.profile @@ -23,4 +23,4 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter - +nonewprivs diff --git a/etc/evince.profile b/etc/evince.profile index c390dcaf3..3c883d43c 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot nosound diff --git a/etc/fbreader.profile b/etc/fbreader.profile index cfbae1c74..7764a48c9 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile @@ -10,5 +10,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot nosound diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 8542de284..1ab08b568 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter nosound diff --git a/etc/firefox.profile b/etc/firefox.profile index 1ea94a2c7..6796ef7c4 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -11,6 +11,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile index 94c672acf..77a95aa17 100644 --- a/etc/flashpeak-slimjet.profile +++ b/etc/flashpeak-slimjet.profile @@ -18,6 +18,7 @@ caps.drop all seccomp protocol unix,inet,inet6,netlink netfilter +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index ec3698ac8..010b19613 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile @@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile index 7fe43f1f6..fe2f79901 100644 --- a/etc/google-play-music-desktop-player.profile +++ b/etc/google-play-music-desktop-player.profile @@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6,netlink +nonewprivs noroot netfilter diff --git a/etc/gpredict.profile b/etc/gpredict.profile index f53cb1b4f..ba9fce37b 100644 --- a/etc/gpredict.profile +++ b/etc/gpredict.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc # Call these options caps.drop all netfilter +nonewprivs noroot protocol unix,inet,inet6,netlink seccomp diff --git a/etc/gwenview.profile b/etc/gwenview.profile index d61c57adc..87523d825 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix +nonewprivs noroot nogroups private-dev diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile index 5ab7cfe72..c5d863bd5 100644 --- a/etc/hedgewars.profile +++ b/etc/hedgewars.profile @@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +nonewprivs noroot private-dev seccomp diff --git a/etc/hexchat.profile b/etc/hexchat.profile index b77555e55..3eb350660 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/kmail.profile b/etc/kmail.profile index a7079661b..a47945bc6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -10,5 +10,6 @@ caps.drop all seccomp protocol unix,inet,inet6,netlink netfilter +nonewprivs noroot tracelog diff --git a/etc/mcabber.profile b/etc/mcabber.profile index 1d753d7c3..1536194b2 100644 --- a/etc/mcabber.profile +++ b/etc/mcabber.profile @@ -11,6 +11,7 @@ caps.drop all seccomp protocol inet,inet6 netfilter +nonewprivs noroot private-bin mcabber diff --git a/etc/mupen64plus.profile b/etc/mupen64plus.profile index 7b38b411a..c9a99bede 100644 --- a/etc/mupen64plus.profile +++ b/etc/mupen64plus.profile @@ -16,6 +16,7 @@ mkdir ${HOME}/.config mkdir ${HOME}/.config/mupen64plus whitelist ${HOME}/.config/mupen64plus/ +nonewprivs noroot caps.drop all seccomp diff --git a/etc/netsurf.profile b/etc/netsurf.profile index 26b621126..e01cace7f 100644 --- a/etc/netsurf.profile +++ b/etc/netsurf.profile @@ -11,6 +11,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/okular.profile b/etc/okular.profile index 7929a8796..5179da787 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix +nonewprivs noroot nogroups private-dev diff --git a/etc/palemoon.profile b/etc/palemoon.profile index fc4ea453b..4db9b7adc 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile @@ -16,6 +16,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/parole.profile b/etc/parole.profile index 0c9a72143..c0be0453b 100644 --- a/etc/parole.profile +++ b/etc/parole.profile @@ -11,5 +11,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot shell none diff --git a/etc/pidgin.profile b/etc/pidgin.profile index fd497f082..767da5f55 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile @@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/polari.profile b/etc/polari.profile index 0bc46f3f7..7910f4e9b 100644 --- a/etc/polari.profile +++ b/etc/polari.profile @@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 8bdc745fb..858fdda4d 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -8,5 +8,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot nosound diff --git a/etc/qtox.profile b/etc/qtox.profile index 80acc3873..ca34e932a 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile @@ -12,4 +12,5 @@ include /etc/firejail/whitelist-common.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/quassel.profile b/etc/quassel.profile index 72004da7f..e68315c1c 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile @@ -6,5 +6,6 @@ include /etc/firejail/disable-devel.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/quiterss.profile b/etc/quiterss.profile index 411d37dbd..5ad7ead1a 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -20,6 +20,7 @@ seccomp protocol unix,inet,inet6 netfilter tracelog +nonewprivs noroot nogroups shell none diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 934a374de..09d10b0bb 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -11,6 +11,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 782cd3832..ee0832863 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile @@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/rtorrent.profile b/etc/rtorrent.profile index ae0430830..9ae2206c1 100644 --- a/etc/rtorrent.profile +++ b/etc/rtorrent.profile @@ -8,5 +8,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot nosound diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index a10d5b0ec..886af0f67 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile @@ -10,6 +10,7 @@ seccomp protocol unix,inet,inet6,netlink netfilter tracelog +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/skype.profile b/etc/skype.profile index 26feac1a4..4c4a34980 100644 --- a/etc/skype.profile +++ b/etc/skype.profile @@ -6,6 +6,7 @@ include /etc/firejail/disable-devel.inc caps.drop all netfilter +nonewprivs noroot seccomp protocol unix,inet,inet6 diff --git a/etc/spotify.profile b/etc/spotify.profile index fd4586dd5..1ee379dea 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile @@ -26,5 +26,6 @@ caps.drop all seccomp protocol unix,inet,inet6,netlink netfilter +nonewprivs noroot diff --git a/etc/ssh.profile b/etc/ssh.profile index 7b282bde6..0c4621f66 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -9,4 +9,5 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot diff --git a/etc/steam.profile b/etc/steam.profile index 4c96e8258..ae5e93829 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all netfilter +nonewprivs noroot seccomp protocol unix,inet,inet6 diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 7cb74eeaa..148ec949d 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc # Call these options caps.drop all netfilter +nonewprivs noroot protocol unix,inet,inet6,netlink seccomp diff --git a/etc/telegram.profile b/etc/telegram.profile index df6b6a270..62a0fa404 100644 --- a/etc/telegram.profile +++ b/etc/telegram.profile @@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/totem.profile b/etc/totem.profile index d23167b03..f2bce5dee 100644 --- a/etc/totem.profile +++ b/etc/totem.profile @@ -10,5 +10,6 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index d61d36a8c..e27873f88 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile @@ -11,6 +11,7 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot tracelog nosound diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 3db7a5452..2caa923d8 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile @@ -11,6 +11,7 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot tracelog nosound diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile index ef5aa7d4a..86e7be6fd 100644 --- a/etc/uget-gtk.profile +++ b/etc/uget-gtk.profile @@ -9,6 +9,7 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot whitelist ${DOWNLOADS} diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 449d9a168..2049d2bd9 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -6,6 +6,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc netfilter +nonewprivs whitelist ${DOWNLOADS} mkdir ~/.config diff --git a/etc/vlc.profile b/etc/vlc.profile index 061ae6f78..d26034748 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile @@ -9,5 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot netfilter diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index 7588da657..ceeaca012 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile @@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc # Call these options caps.drop all netfilter +nonewprivs noroot protocol unix,inet,inet6,netlink seccomp diff --git a/etc/weechat.profile b/etc/weechat.profile index 280a5f9d8..11b5bd10f 100644 --- a/etc/weechat.profile +++ b/etc/weechat.profile @@ -7,5 +7,6 @@ caps.drop all seccomp protocol unix,inet,inet6 netfilter +nonewprivs noroot netfilter diff --git a/etc/wesnoth.profile b/etc/wesnoth.profile index 340ba0db5..61a87d994 100644 --- a/etc/wesnoth.profile +++ b/etc/wesnoth.profile @@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot private-dev diff --git a/etc/wine.profile b/etc/wine.profile index ea6db8511..18e5346af 100644 --- a/etc/wine.profile +++ b/etc/wine.profile @@ -9,5 +9,6 @@ include /etc/firejail/disable-devel.inc caps.drop all netfilter +nonewprivs noroot seccomp diff --git a/etc/xchat.profile b/etc/xchat.profile index fcea4245e..f4b273693 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile @@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 67a46a7da..fb0e3c910 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -10,6 +10,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot tracelog netfilter diff --git a/etc/xreader.profile b/etc/xreader.profile index 7b72d41a6..4b7ed41be 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile @@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all seccomp protocol unix,inet,inet6 +nonewprivs noroot tracelog netfilter diff --git a/etc/xviewer.profile b/etc/xviewer.profile index 33e1e3c68..a0c91f0f3 100644 --- a/etc/xviewer.profile +++ b/etc/xviewer.profile @@ -9,5 +9,6 @@ caps.drop all seccomp protocol unix,inet,inet6 noroot +nonewprivs tracelog netfilter -- cgit v1.2.3-54-g00ecf