From def6f1ee2435a4ce4712fdd709ea9d14253547f0 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Fri, 22 Sep 2017 08:30:40 -0400
Subject: Fixup merge of #1565

---
 etc/7z.profile           |  1 -
 etc/atom.profile         |  6 +++---
 etc/calligra.profile     |  2 +-
 etc/cinelerra.profile    | 31 +++----------------------------
 etc/dia.profile          |  3 +--
 etc/evince.profile       |  1 -
 etc/hugin.profile        |  3 +--
 etc/inox.profile         |  4 ++--
 etc/libreoffice.profile  |  1 -
 etc/openshot-qt.profile  | 31 +++----------------------------
 etc/scribus.profile      |  2 +-
 etc/synfigstudio.profile |  3 +--
 etc/tar.profile          |  1 -
 etc/unrar.profile        |  1 -
 etc/unzip.profile        |  1 -
 15 files changed, 16 insertions(+), 75 deletions(-)

diff --git a/etc/7z.profile b/etc/7z.profile
index 53900bae6..ea67bbe19 100644
--- a/etc/7z.profile
+++ b/etc/7z.profile
@@ -17,7 +17,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 
 private-dev
 
diff --git a/etc/atom.profile b/etc/atom.profile
index 6fb6048b6..34fb3a9b1 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -5,8 +5,6 @@ include /etc/firejail/atom.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noexec ${HOME}
-noexec /tmp
 noblacklist ~/.atom
 noblacklist ~/.config/Atom
 
@@ -25,8 +23,10 @@ notv
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
-net none
 shell none
 
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/calligra.profile b/etc/calligra.profile
index 8c7e49121..d2b76d22c 100644
--- a/etc/calligra.profile
+++ b/etc/calligra.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
 
 caps.drop all
 ipc-namespace
+net none
 nodvd
 nogroups
 nonewprivs
@@ -21,7 +22,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 
 private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch
 private-dev
diff --git a/etc/cinelerra.profile b/etc/cinelerra.profile
index bd75a66a9..e6a1941b5 100644
--- a/etc/cinelerra.profile
+++ b/etc/cinelerra.profile
@@ -1,31 +1,6 @@
-# Firejail profile for cin
+# Firejail profile alias for cin
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/cin.local
-# Persistent global definitions
-include /etc/firejail/globals.local
 
-noblacklist ${HOME}/.bcast
 
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-
-caps.drop all
-ipc-namespace
-net none
-nodvd
-nogroups
-nonewprivs
-notv
-noroot
-protocol unix
-seccomp
-shell none
-
-private-bin cinelerra
-private-dev
-
-noexec ${HOME}
-noexec /tmp
+# Redirect
+include /etc/firejail/cin.profile
diff --git a/etc/dia.profile b/etc/dia.profile
index 6915318c0..800c3bbf1 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-netfilter
+net none
 no3d
 nodvd
 nogroups
@@ -25,7 +25,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 
 disable-mnt
 #private-bin dia
diff --git a/etc/evince.profile b/etc/evince.profile
index 5e7596352..f503b9a8e 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -28,7 +28,6 @@ protocol unix
 seccomp
 shell none
 tracelog
-net none
 
 private-bin evince,evince-previewer,evince-thumbnailer
 private-dev
diff --git a/etc/hugin.profile b/etc/hugin.profile
index dd7e326c6..64b6e0c69 100644
--- a/etc/hugin.profile
+++ b/etc/hugin.profile
@@ -13,7 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-netfilter
+net none
 nodvd
 nogroups
 nonewprivs
@@ -24,7 +24,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 
 private-bin PTBatcherGUI,calibrate_lens_gui,hugin,hugin_stitch_project,align_image_stack,autooptimiser,celeste_standalone,checkpto,cpclean,cpfind,deghosting_mask,fulla,geocpset,hugin_executor,hugin_hdrmerge,hugin_lensdb,icpfind,linefind,nona,pano_modify,pano_trafo,pto_gen,pto_lensstack,pto_mask,pto_merge,pto_move,pto_template,pto_var,tca_correct,verdandi,vig_optimize,enblend
 private-dev
diff --git a/etc/inox.profile b/etc/inox.profile
index ec8d12387..de4d6205b 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -21,10 +21,10 @@ whitelist ~/.config/inox
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
 
+caps.keep sys_chroot,sys_admin
 netfilter
 nodvd
-notv
 nogroups
 noroot
+notv
 shell none
-caps.keep sys_chroot,sys_admin
\ No newline at end of file
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 9acdc3789..8d05a557c 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -27,7 +27,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
-net none
 
 private-dev
 
diff --git a/etc/openshot-qt.profile b/etc/openshot-qt.profile
index 02f4665d6..cbd1f8fe8 100644
--- a/etc/openshot-qt.profile
+++ b/etc/openshot-qt.profile
@@ -1,31 +1,6 @@
-# Firejail profile for openshot
+# Firejail profile alias for openshot
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/openshot.local
-# Persistent global definitions
-include /etc/firejail/globals.local
 
-noblacklist ${HOME}/.openshot
-noblacklist ${HOME}/.openshot_qt
 
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-
-caps.drop all
-netfilter
-nodvd
-nogroups
-nonewprivs
-noroot
-notv
-protocol unix,inet,inet6,netlink
-seccomp
-shell none
-
-private-dev
-private-tmp
-
-noexec ${HOME}
-noexec /tmp
+# Redirect
+include /etc/firejail/openshot.profile
diff --git a/etc/scribus.profile b/etc/scribus.profile
index a6e86a7d6..38f1e5b3c 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -27,6 +27,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
+net none
 nodvd
 nogroups
 nonewprivs
@@ -36,7 +37,6 @@ notv
 novideo
 protocol unix
 seccomp
-net none
 tracelog
 
 #private-bin scribus,gs
diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile
index 1758659f2..2617c0e51 100644
--- a/etc/synfigstudio.profile
+++ b/etc/synfigstudio.profile
@@ -14,7 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-netfilter
+net none
 nodvd
 nogroups
 nonewprivs
@@ -25,7 +25,6 @@ novideo
 protocol unix
 seccomp
 shell none
-net none
 
 #private-bin synfigstudio,synfig,ffmpeg
 private-dev
diff --git a/etc/tar.profile b/etc/tar.profile
index 6ac530b15..f14894c25 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -18,7 +18,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 
 # support compressed archives
 private-bin sh,bash,dash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
diff --git a/etc/unrar.profile b/etc/unrar.profile
index 881572521..12559a721 100644
--- a/etc/unrar.profile
+++ b/etc/unrar.profile
@@ -18,7 +18,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 
 private-bin unrar
 private-dev
diff --git a/etc/unzip.profile b/etc/unzip.profile
index f913385fb..9828fa9b4 100644
--- a/etc/unzip.profile
+++ b/etc/unzip.profile
@@ -18,7 +18,6 @@ notv
 novideo
 shell none
 tracelog
-caps.drop all
 
 private-bin unzip
 private-dev
-- 
cgit v1.2.3-70-g09d2