From e4f0f91ebdafaa3d9e073ee90f2aea5692ec5045 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Tue, 20 Dec 2022 01:04:13 +0100 Subject: add restrict-namespaces to (almost) all profiles --- etc/profile-a-l/0ad.profile | 2 ++ etc/profile-a-l/2048-qt.profile | 2 ++ etc/profile-a-l/Cryptocat.profile | 2 ++ etc/profile-a-l/Fritzing.profile | 1 + etc/profile-a-l/JDownloader.profile | 2 ++ etc/profile-a-l/abiword.profile | 2 ++ etc/profile-a-l/agetpkg.profile | 1 + etc/profile-a-l/akonadi_control.profile | 1 + etc/profile-a-l/akregator.profile | 1 + etc/profile-a-l/alacarte.profile | 1 + etc/profile-a-l/alienarena.profile | 2 ++ etc/profile-a-l/alpine.profile | 1 + etc/profile-a-l/amarok.profile | 2 ++ etc/profile-a-l/amule.profile | 1 + etc/profile-a-l/android-studio.profile | 1 + etc/profile-a-l/anki.profile | 2 ++ etc/profile-a-l/anydesk.profile | 2 ++ etc/profile-a-l/aosp.profile | 2 ++ etc/profile-a-l/apktool.profile | 2 ++ etc/profile-a-l/apostrophe.profile | 2 ++ etc/profile-a-l/arch-audit.profile | 1 + etc/profile-a-l/archaudit-report.profile | 1 + etc/profile-a-l/archiver-common.profile | 1 + etc/profile-a-l/ardour5.profile | 2 ++ etc/profile-a-l/arduino.profile | 1 + etc/profile-a-l/aria2c.profile | 1 + etc/profile-a-l/ark.profile | 2 ++ etc/profile-a-l/arm.profile | 1 + etc/profile-a-l/artha.profile | 1 + etc/profile-a-l/assogiate.profile | 1 + etc/profile-a-l/asunder.profile | 1 + etc/profile-a-l/atril.profile | 1 + etc/profile-a-l/audacious.profile | 2 ++ etc/profile-a-l/audacity.profile | 2 ++ etc/profile-a-l/audio-recorder.profile | 1 + etc/profile-a-l/authenticator-rs.profile | 2 ++ etc/profile-a-l/authenticator.profile | 1 + etc/profile-a-l/autokey-common.profile | 1 + etc/profile-a-l/avidemux.profile | 2 ++ etc/profile-a-l/aweather.profile | 2 ++ etc/profile-a-l/awesome.profile | 1 + etc/profile-a-l/ballbuster.profile | 2 ++ etc/profile-a-l/baloo_file.profile | 2 ++ etc/profile-a-l/balsa.profile | 1 + etc/profile-a-l/baobab.profile | 1 + etc/profile-a-l/barrier.profile | 1 + etc/profile-a-l/basilisk.profile | 3 +++ etc/profile-a-l/bcompare.profile | 2 ++ etc/profile-a-l/bibletime.profile | 2 ++ etc/profile-a-l/bijiben.profile | 1 + etc/profile-a-l/bitcoin-qt.profile | 1 + etc/profile-a-l/bitlbee.profile | 1 + etc/profile-a-l/blackbox.profile | 1 + etc/profile-a-l/bleachbit.profile | 1 + etc/profile-a-l/blender.profile | 2 ++ etc/profile-a-l/bless.profile | 2 ++ etc/profile-a-l/blobby.profile | 1 + etc/profile-a-l/blobwars.profile | 2 ++ etc/profile-a-l/bluefish.profile | 2 ++ etc/profile-a-l/brackets.profile | 2 ++ etc/profile-a-l/brasero.profile | 2 ++ etc/profile-a-l/build-systems-common.profile | 2 ++ etc/profile-a-l/bzflag.profile | 2 ++ etc/profile-a-l/calibre.profile | 2 ++ etc/profile-a-l/calligra.profile | 1 + etc/profile-a-l/cameramonitor.profile | 1 + etc/profile-a-l/cantata.profile | 2 ++ etc/profile-a-l/catfish.profile | 2 ++ etc/profile-a-l/cawbird.profile | 2 ++ etc/profile-a-l/celluloid.profile | 1 + etc/profile-a-l/chafa.profile | 1 + etc/profile-a-l/checkbashisms.profile | 1 + etc/profile-a-l/cheese.profile | 2 ++ etc/profile-a-l/cherrytree.profile | 1 + etc/profile-a-l/chromium-common-hardened.inc.profile | 2 ++ etc/profile-a-l/cin.profile | 2 ++ etc/profile-a-l/clamav.profile | 1 + etc/profile-a-l/clamtk.profile | 2 ++ etc/profile-a-l/clawsker.profile | 1 + etc/profile-a-l/clementine.profile | 2 ++ etc/profile-a-l/clion.profile | 1 + etc/profile-a-l/clipgrab.profile | 2 ++ etc/profile-a-l/clipit.profile | 2 +- etc/profile-a-l/cmus.profile | 2 ++ etc/profile-a-l/cointop.profile | 1 + etc/profile-a-l/colorful.profile | 2 ++ etc/profile-a-l/com.github.bleakgrey.tootle.profile | 2 ++ etc/profile-a-l/com.github.dahenson.agenda.profile | 1 + etc/profile-a-l/com.github.johnfactotum.Foliate.profile | 1 + etc/profile-a-l/com.github.phase1geo.minder.profile | 2 ++ etc/profile-a-l/com.github.tchx84.Flatseal.profile | 1 + etc/profile-a-l/conkeror.profile | 2 ++ etc/profile-a-l/conky.profile | 1 + etc/profile-a-l/corebird.profile | 1 + etc/profile-a-l/cower.profile | 1 + etc/profile-a-l/coyim.profile | 1 + etc/profile-a-l/crawl.profile | 2 ++ etc/profile-a-l/crow.profile | 1 + etc/profile-a-l/curl.profile | 2 ++ etc/profile-a-l/d-feet.profile | 1 + etc/profile-a-l/darktable.profile | 1 + etc/profile-a-l/dbus-send.profile | 1 + etc/profile-a-l/dconf-editor.profile | 2 ++ etc/profile-a-l/dconf.profile | 1 + etc/profile-a-l/ddgtk.profile | 1 + etc/profile-a-l/deadbeef.profile | 1 + etc/profile-a-l/default.profile | 2 +- etc/profile-a-l/deluge.profile | 2 ++ etc/profile-a-l/desktopeditors.profile | 2 ++ etc/profile-a-l/devhelp.profile | 1 + etc/profile-a-l/devilspie.profile | 1 + etc/profile-a-l/dex2jar.profile | 2 ++ etc/profile-a-l/dia.profile | 2 ++ etc/profile-a-l/dig.profile | 1 + etc/profile-a-l/digikam.profile | 2 ++ etc/profile-a-l/dillo.profile | 1 + etc/profile-a-l/dino.profile | 2 ++ etc/profile-a-l/display.profile | 2 ++ etc/profile-a-l/dnscrypt-proxy.profile | 1 + etc/profile-a-l/dnsmasq.profile | 2 ++ etc/profile-a-l/dolphin-emu.profile | 2 ++ etc/profile-a-l/dooble.profile | 1 + etc/profile-a-l/dosbox.profile | 2 ++ etc/profile-a-l/dragon.profile | 1 + etc/profile-a-l/drawio.profile | 1 + etc/profile-a-l/drill.profile | 1 + etc/profile-a-l/dropbox.profile | 1 + etc/profile-a-l/easystroke.profile | 1 + etc/profile-a-l/electrum.profile | 2 ++ etc/profile-a-l/emacs.profile | 1 + etc/profile-a-l/email-common.profile | 1 + etc/profile-a-l/empathy.profile | 2 ++ etc/profile-a-l/enchant.profile | 1 + etc/profile-a-l/engrampa.profile | 2 ++ etc/profile-a-l/enpass.profile | 1 + etc/profile-a-l/eo-common.profile | 2 ++ etc/profile-a-l/ephemeral.profile | 2 ++ etc/profile-a-l/epiphany.profile | 2 ++ etc/profile-a-l/equalx.profile | 1 + etc/profile-a-l/etr.profile | 2 ++ etc/profile-a-l/evince.profile | 2 ++ etc/profile-a-l/evolution.profile | 2 ++ etc/profile-a-l/exiftool.profile | 1 + etc/profile-a-l/falkon.profile | 2 ++ etc/profile-a-l/fbreader.profile | 2 ++ etc/profile-a-l/fdns.profile | 1 + etc/profile-a-l/feedreader.profile | 2 ++ etc/profile-a-l/feh.profile | 2 ++ etc/profile-a-l/ferdi.profile | 2 ++ etc/profile-a-l/fetchmail.profile | 2 ++ etc/profile-a-l/ffmpeg.profile | 1 + etc/profile-a-l/file-manager-common.profile | 2 ++ etc/profile-a-l/file-roller.profile | 2 ++ etc/profile-a-l/file.profile | 1 + etc/profile-a-l/filezilla.profile | 2 ++ etc/profile-a-l/firefox-common.profile | 2 ++ etc/profile-a-l/flameshot.profile | 2 ++ etc/profile-a-l/flowblade.profile | 1 + etc/profile-a-l/fluxbox.profile | 1 + etc/profile-a-l/font-manager.profile | 1 + etc/profile-a-l/fontforge.profile | 1 + etc/profile-a-l/fractal.profile | 2 ++ etc/profile-a-l/franz.profile | 2 ++ etc/profile-a-l/freecad.profile | 2 ++ etc/profile-a-l/freeciv.profile | 2 ++ etc/profile-a-l/freecol.profile | 2 ++ etc/profile-a-l/freemind.profile | 2 ++ etc/profile-a-l/freshclam.profile | 1 + etc/profile-a-l/frogatto.profile | 2 ++ etc/profile-a-l/frozen-bubble.profile | 2 ++ etc/profile-a-l/ftp.profile | 1 + etc/profile-a-l/funnyboat.profile | 1 + etc/profile-a-l/gajim.profile | 1 + etc/profile-a-l/galculator.profile | 1 + etc/profile-a-l/gapplication.profile | 1 + etc/profile-a-l/gcloud.profile | 2 ++ etc/profile-a-l/gconf.profile | 1 + etc/profile-a-l/gdu.profile | 1 + etc/profile-a-l/geany.profile | 2 ++ etc/profile-a-l/geary.profile | 1 + etc/profile-a-l/gedit.profile | 2 ++ etc/profile-a-l/geekbench.profile | 1 + etc/profile-a-l/geeqie.profile | 2 ++ etc/profile-a-l/gfeeds.profile | 2 ++ etc/profile-a-l/gget.profile | 1 + etc/profile-a-l/ghostwriter.profile | 2 ++ etc/profile-a-l/gimp.profile | 2 ++ etc/profile-a-l/gist.profile | 1 + etc/profile-a-l/git-cola.profile | 2 ++ etc/profile-a-l/git.profile | 1 + etc/profile-a-l/gitg.profile | 2 ++ etc/profile-a-l/gitter.profile | 1 + etc/profile-a-l/gjs.profile | 2 ++ etc/profile-a-l/gl-117.profile | 2 ++ etc/profile-a-l/glaxium.profile | 2 ++ etc/profile-a-l/globaltime.profile | 1 + etc/profile-a-l/gmpc.profile | 1 + etc/profile-a-l/gnome-books.profile | 1 + etc/profile-a-l/gnome-builder.profile | 1 + etc/profile-a-l/gnome-calculator.profile | 2 ++ etc/profile-a-l/gnome-calendar.profile | 1 + etc/profile-a-l/gnome-characters.profile | 1 + etc/profile-a-l/gnome-chess.profile | 2 ++ etc/profile-a-l/gnome-clocks.profile | 1 + etc/profile-a-l/gnome-contacts.profile | 1 + etc/profile-a-l/gnome-documents.profile | 1 + etc/profile-a-l/gnome-font-viewer.profile | 1 + etc/profile-a-l/gnome-hexgl.profile | 1 + etc/profile-a-l/gnome-keyring.profile | 1 + etc/profile-a-l/gnome-latex.profile | 2 ++ etc/profile-a-l/gnome-logs.profile | 1 + etc/profile-a-l/gnome-maps.profile | 2 ++ etc/profile-a-l/gnome-mplayer.profile | 1 + etc/profile-a-l/gnome-music.profile | 1 + etc/profile-a-l/gnome-nettool.profile | 2 ++ etc/profile-a-l/gnome-passwordsafe.profile | 2 ++ etc/profile-a-l/gnome-photos.profile | 1 + etc/profile-a-l/gnome-pie.profile | 1 + etc/profile-a-l/gnome-pomodoro.profile | 1 + etc/profile-a-l/gnome-recipes.profile | 1 + etc/profile-a-l/gnome-ring.profile | 1 + etc/profile-a-l/gnome-schedule.profile | 1 - etc/profile-a-l/gnome-screenshot.profile | 2 ++ etc/profile-a-l/gnome-sound-recorder.profile | 2 ++ etc/profile-a-l/gnome-system-log.profile | 1 + etc/profile-a-l/gnome-todo.profile | 1 + etc/profile-a-l/gnome-twitch.profile | 1 + etc/profile-a-l/gnome-weather.profile | 1 + etc/profile-a-l/gnome_games-common.profile | 2 ++ etc/profile-a-l/gnote.profile | 2 ++ etc/profile-a-l/gnubik.profile | 2 ++ etc/profile-a-l/godot.profile | 2 ++ etc/profile-a-l/goldendict.profile | 2 ++ etc/profile-a-l/goobox.profile | 2 ++ etc/profile-a-l/google-earth.profile | 1 + etc/profile-a-l/google-play-music-desktop-player.profile | 2 ++ etc/profile-a-l/googler-common.profile | 2 ++ etc/profile-a-l/gpa.profile | 2 ++ etc/profile-a-l/gpg-agent.profile | 2 ++ etc/profile-a-l/gpg.profile | 1 + etc/profile-a-l/gpicview.profile | 1 + etc/profile-a-l/gpredict.profile | 1 + etc/profile-a-l/gradio.profile | 2 ++ etc/profile-a-l/gramps.profile | 2 ++ etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | 2 ++ etc/profile-a-l/gthumb.profile | 2 ++ etc/profile-a-l/gtk-update-icon-cache.profile | 1 + etc/profile-a-l/guayadeque.profile | 1 + etc/profile-a-l/gucharmap.profile | 1 + etc/profile-a-l/guvcview.profile | 2 ++ etc/profile-a-l/gwenview.profile | 1 + etc/profile-a-l/handbrake.profile | 2 ++ etc/profile-a-l/hashcat.profile | 2 ++ etc/profile-a-l/hasher-common.profile | 1 + etc/profile-a-l/hedgewars.profile | 2 ++ etc/profile-a-l/hexchat.profile | 1 + etc/profile-a-l/highlight.profile | 2 ++ etc/profile-a-l/homebank.profile | 1 + etc/profile-a-l/host.profile | 1 + etc/profile-a-l/hugin.profile | 2 ++ etc/profile-a-l/hyperrogue.profile | 2 ++ etc/profile-a-l/i2prouter.profile | 2 ++ etc/profile-a-l/i3.profile | 1 + etc/profile-a-l/iagno.profile | 2 ++ etc/profile-a-l/idea.sh.profile | 1 + etc/profile-a-l/imagej.profile | 2 ++ etc/profile-a-l/img2txt.profile | 1 + etc/profile-a-l/impressive.profile | 1 + etc/profile-a-l/imv.profile | 1 + etc/profile-a-l/inkscape.profile | 1 + etc/profile-a-l/io.github.lainsce.Notejot.profile | 2 ++ etc/profile-a-l/ipcalc.profile | 1 + etc/profile-a-l/itch.profile | 1 + etc/profile-a-l/jami-gnome.profile | 1 + etc/profile-a-l/jd-gui.profile | 2 ++ etc/profile-a-l/jerry.profile | 1 + etc/profile-a-l/jitsi.profile | 2 ++ etc/profile-a-l/jumpnbump.profile | 2 ++ etc/profile-a-l/k3b.profile | 2 ++ etc/profile-a-l/kaffeine.profile | 1 + etc/profile-a-l/kalgebra.profile | 2 ++ etc/profile-a-l/kate.profile | 1 + etc/profile-a-l/kazam.profile | 2 ++ etc/profile-a-l/kcalc.profile | 1 + etc/profile-a-l/kdeinit4.profile | 1 + etc/profile-a-l/kdenlive.profile | 2 ++ etc/profile-a-l/kdiff3.profile | 2 ++ etc/profile-a-l/keepass.profile | 1 + etc/profile-a-l/keepassx.profile | 1 + etc/profile-a-l/keepassxc.profile | 2 ++ etc/profile-a-l/kfind.profile | 2 ++ etc/profile-a-l/kget.profile | 1 + etc/profile-a-l/kid3.profile | 1 + etc/profile-a-l/kino.profile | 1 + etc/profile-a-l/kiwix-desktop.profile | 2 ++ etc/profile-a-l/klatexformula.profile | 2 ++ etc/profile-a-l/klavaro.profile | 2 ++ etc/profile-a-l/kmail.profile | 2 ++ etc/profile-a-l/kmplayer.profile | 1 + etc/profile-a-l/kodi.profile | 2 ++ etc/profile-a-l/konversation.profile | 1 + etc/profile-a-l/kopete.profile | 1 + etc/profile-a-l/krita.profile | 2 ++ etc/profile-a-l/krunner.profile | 2 ++ etc/profile-a-l/ktorrent.profile | 1 + etc/profile-a-l/ktouch.profile | 2 ++ etc/profile-a-l/kube.profile | 1 + etc/profile-a-l/kwin_x11.profile | 2 ++ etc/profile-a-l/kwrite.profile | 1 + etc/profile-a-l/latex-common.profile | 2 ++ etc/profile-a-l/leafpad.profile | 1 + etc/profile-a-l/less.profile | 1 + etc/profile-a-l/librecad.profile | 1 + etc/profile-a-l/libreoffice.profile | 1 + etc/profile-a-l/lifeograph.profile | 2 ++ etc/profile-a-l/liferea.profile | 2 ++ etc/profile-a-l/lincity-ng.profile | 2 ++ etc/profile-a-l/links-common.profile | 1 + etc/profile-a-l/linphone.profile | 1 + etc/profile-a-l/lmms.profile | 2 ++ etc/profile-a-l/lollypop.profile | 1 + etc/profile-a-l/lugaru.profile | 2 ++ etc/profile-a-l/luminance-hdr.profile | 1 + etc/profile-a-l/lutris.profile | 2 ++ etc/profile-a-l/lximage-qt.profile | 1 + etc/profile-a-l/lxmusic.profile | 1 + etc/profile-a-l/lynx.profile | 2 ++ etc/profile-m-z/Maelstrom.profile | 2 ++ etc/profile-m-z/Mathematica.profile | 2 ++ etc/profile-m-z/PCSX2.profile | 2 ++ etc/profile-m-z/QMediathekView.profile | 1 + etc/profile-m-z/QOwnNotes.profile | 1 + etc/profile-m-z/Viber.profile | 2 ++ etc/profile-m-z/XMind.profile | 1 + etc/profile-m-z/Xephyr.profile | 2 ++ etc/profile-m-z/Xvfb.profile | 2 ++ etc/profile-m-z/ZeGrapher.profile | 2 ++ etc/profile-m-z/macrofusion.profile | 2 ++ etc/profile-m-z/magicor.profile | 2 ++ etc/profile-m-z/makepkg.profile | 1 + etc/profile-m-z/man.profile | 1 + etc/profile-m-z/manaplus.profile | 2 ++ etc/profile-m-z/marker.profile | 2 ++ etc/profile-m-z/masterpdfeditor.profile | 1 + etc/profile-m-z/mate-calc.profile | 1 + etc/profile-m-z/mate-color-select.profile | 1 + etc/profile-m-z/mate-dictionary.profile | 1 + etc/profile-m-z/mcabber.profile | 2 ++ etc/profile-m-z/mcomix.profile | 1 + etc/profile-m-z/mdr.profile | 1 + etc/profile-m-z/mediainfo.profile | 1 + etc/profile-m-z/mediathekview.profile | 1 + etc/profile-m-z/megaglest.profile | 2 ++ etc/profile-m-z/meld.profile | 1 + etc/profile-m-z/mendeleydesktop.profile | 2 ++ etc/profile-m-z/menulibre.profile | 1 + etc/profile-m-z/meteo-qt.profile | 1 + etc/profile-m-z/midori.profile | 2 ++ etc/profile-m-z/mindless.profile | 1 + etc/profile-m-z/minecraft-launcher.profile | 2 ++ etc/profile-m-z/minetest.profile | 2 ++ etc/profile-m-z/minitube.profile | 2 ++ etc/profile-m-z/mirage.profile | 2 ++ etc/profile-m-z/mirrormagic.profile | 2 ++ etc/profile-m-z/mocp.profile | 1 + etc/profile-m-z/mousepad.profile | 2 ++ etc/profile-m-z/mp3splt-gtk.profile | 2 ++ etc/profile-m-z/mp3splt.profile | 5 +++-- etc/profile-m-z/mpDris2.profile | 1 + etc/profile-m-z/mpd.profile | 1 + etc/profile-m-z/mpg123.profile | 1 + etc/profile-m-z/mplayer.profile | 2 ++ etc/profile-m-z/mpsyt.profile | 1 + etc/profile-m-z/mpv.profile | 2 ++ etc/profile-m-z/mrrescue.profile | 2 ++ etc/profile-m-z/ms-office.profile | 2 ++ etc/profile-m-z/mtpaint.profile | 2 ++ etc/profile-m-z/multimc5.profile | 1 + etc/profile-m-z/mumble.profile | 1 + etc/profile-m-z/mupdf.profile | 1 + etc/profile-m-z/mupen64plus.profile | 2 ++ etc/profile-m-z/musescore.profile | 2 ++ etc/profile-m-z/musictube.profile | 2 ++ etc/profile-m-z/musixmatch.profile | 1 + etc/profile-m-z/mutt.profile | 1 + etc/profile-m-z/mypaint.profile | 2 ++ etc/profile-m-z/nano.profile | 1 + etc/profile-m-z/natron.profile | 2 ++ etc/profile-m-z/ncdu.profile | 1 + etc/profile-m-z/neochat.profile | 2 ++ etc/profile-m-z/neomutt.profile | 1 + etc/profile-m-z/netactview.profile | 1 + etc/profile-m-z/nethack-vultures.profile | 2 ++ etc/profile-m-z/nethack.profile | 1 + etc/profile-m-z/netsurf.profile | 2 ++ etc/profile-m-z/neverball.profile | 2 ++ etc/profile-m-z/newsboat.profile | 1 + etc/profile-m-z/newsflash.profile | 2 ++ etc/profile-m-z/nextcloud.profile | 2 ++ etc/profile-m-z/nheko.profile | 2 ++ etc/profile-m-z/nicotine.profile | 2 ++ etc/profile-m-z/nitroshare.profile | 1 + etc/profile-m-z/nodejs-common.profile | 1 + etc/profile-m-z/nomacs.profile | 2 ++ etc/profile-m-z/notify-send.profile | 1 + etc/profile-m-z/nslookup.profile | 1 + etc/profile-m-z/nvim.profile | 1 + etc/profile-m-z/nylas.profile | 2 ++ etc/profile-m-z/nyx.profile | 2 ++ etc/profile-m-z/obs.profile | 1 + etc/profile-m-z/ocenaudio.profile | 2 ++ etc/profile-m-z/odt2txt.profile | 1 + etc/profile-m-z/okular.profile | 1 + etc/profile-m-z/onboard.profile | 2 ++ etc/profile-m-z/onionshare-gui.profile | 1 + etc/profile-m-z/open-invaders.profile | 2 ++ etc/profile-m-z/openarena.profile | 2 ++ etc/profile-m-z/openbox.profile | 1 + etc/profile-m-z/opencity.profile | 2 ++ etc/profile-m-z/openclonk.profile | 2 ++ etc/profile-m-z/openmw.profile | 2 ++ etc/profile-m-z/openshot.profile | 2 ++ etc/profile-m-z/openstego.profile | 2 ++ etc/profile-m-z/openttd.profile | 2 ++ etc/profile-m-z/orage.profile | 1 + etc/profile-m-z/ostrichriders.profile | 2 ++ etc/profile-m-z/otter-browser.profile | 2 ++ etc/profile-m-z/palemoon.profile | 3 +++ etc/profile-m-z/pandoc.profile | 1 + etc/profile-m-z/parole.profile | 2 ++ etc/profile-m-z/patch.profile | 1 + etc/profile-m-z/pavucontrol.profile | 1 + etc/profile-m-z/pcsxr.profile | 2 ++ etc/profile-m-z/pdfchain.profile | 1 + etc/profile-m-z/pdfmod.profile | 2 ++ etc/profile-m-z/pdfsam.profile | 2 ++ etc/profile-m-z/pdftotext.profile | 2 ++ etc/profile-m-z/peek.profile | 1 + etc/profile-m-z/penguin-command.profile | 2 ++ etc/profile-m-z/photoflare.profile | 2 ++ etc/profile-m-z/picard.profile | 1 + etc/profile-m-z/pidgin.profile | 2 ++ etc/profile-m-z/pinball.profile | 2 ++ etc/profile-m-z/ping-hardened.inc.profile | 1 + etc/profile-m-z/ping.profile | 1 + etc/profile-m-z/pingus.profile | 2 ++ etc/profile-m-z/pinta.profile | 2 ++ etc/profile-m-z/pioneer.profile | 2 ++ etc/profile-m-z/pithos.profile | 1 + etc/profile-m-z/pitivi.profile | 1 + etc/profile-m-z/pix.profile | 2 ++ etc/profile-m-z/pkglog.profile | 1 + etc/profile-m-z/pluma.profile | 1 + etc/profile-m-z/plv.profile | 1 + etc/profile-m-z/pngquant.profile | 1 + etc/profile-m-z/polari.profile | 1 + etc/profile-m-z/ppsspp.profile | 2 ++ etc/profile-m-z/pragha.profile | 1 + etc/profile-m-z/profanity.profile | 1 + etc/profile-m-z/psi-plus.profile | 2 ++ etc/profile-m-z/psi.profile | 2 ++ etc/profile-m-z/pybitmessage.profile | 1 + etc/profile-m-z/qbittorrent.profile | 1 + etc/profile-m-z/qcomicbook.profile | 1 + etc/profile-m-z/qemu-launcher.profile | 1 + etc/profile-m-z/qemu-system-x86_64.profile | 1 + etc/profile-m-z/qgis.profile | 2 ++ etc/profile-m-z/qlipper.profile | 1 + etc/profile-m-z/qmmp.profile | 2 ++ etc/profile-m-z/qnapi.profile | 2 ++ etc/profile-m-z/qpdfview.profile | 2 ++ etc/profile-m-z/qrencode.profile | 1 + etc/profile-m-z/qtox.profile | 1 + etc/profile-m-z/quassel.profile | 2 ++ etc/profile-m-z/quaternion.profile | 2 ++ etc/profile-m-z/quiterss.profile | 1 + etc/profile-m-z/quodlibet.profile | 2 ++ etc/profile-m-z/qutebrowser.profile | 4 +++- etc/profile-m-z/raincat.profile | 1 + etc/profile-m-z/rambox.profile | 4 +++- etc/profile-m-z/redeclipse.profile | 2 ++ etc/profile-m-z/rednotebook.profile | 2 ++ etc/profile-m-z/redshift.profile | 1 + etc/profile-m-z/regextester.profile | 1 + etc/profile-m-z/remmina.profile | 1 + etc/profile-m-z/retroarch.profile | 2 ++ etc/profile-m-z/rhythmbox.profile | 2 ++ etc/profile-m-z/ricochet.profile | 1 + etc/profile-m-z/ripperx.profile | 2 ++ etc/profile-m-z/ristretto.profile | 1 + etc/profile-m-z/rpcs3.profile | 2 ++ etc/profile-m-z/rsync-download_only.profile | 1 + etc/profile-m-z/rtin.profile | 1 + etc/profile-m-z/rtorrent.profile | 2 ++ etc/profile-m-z/rtv.profile | 2 ++ etc/profile-m-z/sayonara.profile | 1 + etc/profile-m-z/scallion.profile | 2 ++ etc/profile-m-z/scorched3d.profile | 2 ++ etc/profile-m-z/scorchwentbonkers.profile | 2 ++ etc/profile-m-z/scribus.profile | 2 ++ etc/profile-m-z/sdat2img.profile | 2 ++ etc/profile-m-z/seafile-applet.profile | 2 ++ etc/profile-m-z/seahorse-adventures.profile | 2 ++ etc/profile-m-z/seahorse.profile | 2 ++ etc/profile-m-z/seamonkey.profile | 2 ++ etc/profile-m-z/server.profile | 8 ++++---- etc/profile-m-z/servo.profile | 2 ++ etc/profile-m-z/shellcheck.profile | 2 ++ etc/profile-m-z/shortwave.profile | 2 ++ etc/profile-m-z/shotcut.profile | 2 ++ etc/profile-m-z/shotwell.profile | 2 ++ etc/profile-m-z/signal-cli.profile | 2 ++ etc/profile-m-z/silentarmy.profile | 1 + etc/profile-m-z/simple-scan.profile | 2 ++ etc/profile-m-z/simplescreenrecorder.profile | 2 ++ etc/profile-m-z/simutrans.profile | 2 ++ etc/profile-m-z/skanlite.profile | 2 ++ etc/profile-m-z/slashem.profile | 1 + etc/profile-m-z/smplayer.profile | 2 ++ etc/profile-m-z/smtube.profile | 1 + etc/profile-m-z/smuxi-frontend-gnome.profile | 2 ++ etc/profile-m-z/softmaker-common.profile | 2 ++ etc/profile-m-z/sol.profile | 1 + etc/profile-m-z/songrec.profile | 2 ++ etc/profile-m-z/sound-juicer.profile | 2 ++ etc/profile-m-z/soundconverter.profile | 1 + etc/profile-m-z/spectacle.profile | 2 ++ etc/profile-m-z/spectral.profile | 2 ++ etc/profile-m-z/spectre-meltdown-checker.profile | 1 + etc/profile-m-z/spotify.profile | 2 ++ etc/profile-m-z/sqlitebrowser.profile | 1 + etc/profile-m-z/ssh-agent.profile | 2 ++ etc/profile-m-z/ssh.profile | 1 + etc/profile-m-z/standardnotes-desktop.profile | 2 ++ etc/profile-m-z/steam.profile | 5 +++-- etc/profile-m-z/stellarium.profile | 1 + etc/profile-m-z/strawberry.profile | 2 ++ etc/profile-m-z/strings.profile | 1 + etc/profile-m-z/subdownloader.profile | 1 + etc/profile-m-z/supertux2.profile | 2 ++ etc/profile-m-z/supertuxkart.profile | 2 ++ etc/profile-m-z/surf.profile | 1 + etc/profile-m-z/sushi.profile | 1 + etc/profile-m-z/sway.profile | 2 ++ etc/profile-m-z/synfigstudio.profile | 2 ++ etc/profile-m-z/sysprof.profile | 1 + etc/profile-m-z/tcpdump.profile | 1 + etc/profile-m-z/teamspeak3.profile | 1 + etc/profile-m-z/teeworlds.profile | 2 ++ etc/profile-m-z/telegram.profile | 2 ++ etc/profile-m-z/telnet.profile | 1 + etc/profile-m-z/terasology.profile | 2 ++ etc/profile-m-z/tilp.profile | 1 + etc/profile-m-z/tin.profile | 1 + etc/profile-m-z/tmux.profile | 2 ++ etc/profile-m-z/tor.profile | 2 ++ etc/profile-m-z/torbrowser-launcher.profile | 2 ++ etc/profile-m-z/torcs.profile | 2 ++ etc/profile-m-z/totem.profile | 2 ++ etc/profile-m-z/tracker.profile | 2 ++ etc/profile-m-z/transgui.profile | 1 + etc/profile-m-z/transmission-common.profile | 1 + etc/profile-m-z/tremulous.profile | 2 ++ etc/profile-m-z/trojita.profile | 1 + etc/profile-m-z/truecraft.profile | 1 + etc/profile-m-z/tuxguitar.profile | 2 ++ etc/profile-m-z/tvbrowser.profile | 2 ++ etc/profile-m-z/udiskie.profile | 2 ++ etc/profile-m-z/uefitool.profile | 2 ++ etc/profile-m-z/uget-gtk.profile | 2 ++ etc/profile-m-z/unbound.profile | 1 + etc/profile-m-z/unf.profile | 1 + etc/profile-m-z/unknown-horizons.profile | 1 + etc/profile-m-z/utox.profile | 1 + etc/profile-m-z/uudeview.profile | 2 ++ etc/profile-m-z/uzbl-browser.profile | 2 ++ etc/profile-m-z/viewnior.profile | 1 + etc/profile-m-z/viking.profile | 1 + etc/profile-m-z/vim.profile | 2 ++ etc/profile-m-z/vlc.profile | 2 ++ etc/profile-m-z/vmware-view.profile | 2 ++ etc/profile-m-z/vym.profile | 1 + etc/profile-m-z/w3m.profile | 1 + etc/profile-m-z/warmux.profile | 2 ++ etc/profile-m-z/warsow.profile | 2 ++ etc/profile-m-z/warzone2100.profile | 2 ++ etc/profile-m-z/webstorm.profile | 2 ++ etc/profile-m-z/webui-aria2.profile | 2 ++ etc/profile-m-z/weechat.profile | 2 ++ etc/profile-m-z/wesnoth.profile | 2 ++ etc/profile-m-z/wget.profile | 1 + etc/profile-m-z/whois.profile | 1 + etc/profile-m-z/widelands.profile | 2 ++ etc/profile-m-z/wine.profile | 2 ++ etc/profile-m-z/wireshark.profile | 2 ++ etc/profile-m-z/wordwarvi.profile | 2 ++ etc/profile-m-z/wps.profile | 2 ++ etc/profile-m-z/x-terminal-emulator.profile | 1 + etc/profile-m-z/x2goclient.profile | 1 + etc/profile-m-z/xbill.profile | 1 + etc/profile-m-z/xcalc.profile | 2 ++ etc/profile-m-z/xchat.profile | 2 ++ etc/profile-m-z/xed.profile | 1 + etc/profile-m-z/xfburn.profile | 2 ++ etc/profile-m-z/xfce4-dict.profile | 1 + etc/profile-m-z/xfce4-mixer.profile | 1 + etc/profile-m-z/xfce4-notes.profile | 1 + etc/profile-m-z/xfce4-screenshooter.profile | 1 + etc/profile-m-z/xiphos.profile | 2 ++ etc/profile-m-z/xmms.profile | 2 ++ etc/profile-m-z/xmr-stak.profile | 1 + etc/profile-m-z/xonotic.profile | 1 + etc/profile-m-z/xournal.profile | 2 ++ etc/profile-m-z/xpdf.profile | 1 + etc/profile-m-z/xplayer.profile | 2 ++ etc/profile-m-z/xpra.profile | 2 ++ etc/profile-m-z/xreader.profile | 1 + etc/profile-m-z/xviewer.profile | 1 + etc/profile-m-z/yelp.profile | 2 ++ etc/profile-m-z/youtube-dl-gui.profile | 2 ++ etc/profile-m-z/youtube-dl.profile | 1 + etc/profile-m-z/youtube-viewers-common.profile | 2 ++ etc/profile-m-z/zaproxy.profile | 1 + etc/profile-m-z/zart.profile | 2 ++ etc/profile-m-z/zathura.profile | 1 + etc/profile-m-z/zeal.profile | 1 + etc/profile-m-z/zim.profile | 2 ++ etc/profile-m-z/zulip.profile | 2 ++ 628 files changed, 967 insertions(+), 13 deletions(-) diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 04f58abb9..48a2afdf2 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 7913fdea9..1cd207996 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile @@ -40,3 +40,5 @@ seccomp disable-mnt private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index af026fc86..4a850f1bd 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile @@ -28,3 +28,5 @@ seccomp private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 09149350d..462bfa517 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile @@ -36,3 +36,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index 8d56c0d95..b229c151d 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index ce3d0630f..eb7a5254f 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile @@ -46,3 +46,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index ee9420d62..96c56d85d 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 2f58d9146..184036f24 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile @@ -55,3 +55,4 @@ tracelog private-dev # private-tmp - breaks programs that depend on akonadi +# restrict-namespaces diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 8e6935fb8..d88a1fcad 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile @@ -49,3 +49,4 @@ private-dev private-tmp deterministic-shutdown +# restrict-namespaces diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 5dc306147..9612ffdd2 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile @@ -62,3 +62,4 @@ read-write ${HOME}/.config/menus read-write ${HOME}/.gnome/apps read-write ${HOME}/.local/share/applications read-write ${HOME}/.local/share/flatpak/exports +restrict-namespaces diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index ee6be4bc9..0f7407f05 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index e00aef423..4e994c025 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile @@ -100,3 +100,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME}/.signature +restrict-namespaces diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index 7211f0cf7..3171d738e 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile @@ -44,3 +44,5 @@ dbus-user.talk org.freedesktop.Notifications #dbus-user.own org.kde.klauncher #dbus-user.talk org.kde.knotify dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index bce22fbfd..ccf7231bd 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile @@ -40,3 +40,4 @@ private-bin amule private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index add75c849..3dfa0f95a 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile @@ -40,3 +40,4 @@ private-cache # noexec /tmp breaks 'Android Profiler' #noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index 45d000012..466f60bda 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fd92f63db..4c2dcf0e6 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile @@ -33,3 +33,5 @@ disable-mnt private-bin anydesk private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index 0d3131f8c..80ee71831 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile @@ -40,3 +40,5 @@ protocol unix,inet,inet6 #seccomp private-tmp + +#restrict-namespaces diff --git a/etc/profile-a-l/apktool.profile b/etc/profile-a-l/apktool.profile index e03ff3084..9f1940a4d 100644 --- a/etc/profile-a-l/apktool.profile +++ b/etc/profile-a-l/apktool.profile @@ -35,3 +35,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index ca4dec918..dab91fe7d 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile @@ -69,3 +69,5 @@ dbus-user filter dbus-user.own org.gnome.gitlab.somas.Apostrophe dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index 7db947be8..766c2c96d 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 6ad75d68c..3e3f77576 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile @@ -36,3 +36,4 @@ private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman, private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index b82563099..b0f83aa32 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index c93cecf9f..341fe1ed8 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index bb0bc3513..85ea76939 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile @@ -33,3 +33,4 @@ seccomp private-cache private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index f108a6291..17eb2451c 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 53697a367..272e06219 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile @@ -44,3 +44,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 556a354e7..db388eee1 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile @@ -45,3 +45,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index b83b6bb10..b1347b0d9 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile @@ -65,3 +65,4 @@ dbus-user.talk org.freedesktop.Notifications dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 26eddf1b6..f28f77748 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute read-write ${HOME}/.local/share/mime +restrict-namespaces diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index 445aa3985..c09ad7936 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile @@ -45,3 +45,4 @@ dbus-system none # mdwe is disabled due to breaking hardware accelerated decoding # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 8ec6f433e..f24aff108 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile @@ -49,3 +49,4 @@ private-tmp # webkit gtk killed by memory-deny-write-execute #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index fe23049f4..b31f3f1b2 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile @@ -42,3 +42,5 @@ private-tmp # dbus needed for MPRIS # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index 2831fec72..078e3bf26 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile @@ -44,3 +44,5 @@ private-tmp # problems on Fedora 27 # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 6c8a90c0b..74dba7411 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile @@ -51,3 +51,4 @@ dbus-user.talk ca.desrt.dconf dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 8e898b5ee..73a2e1806 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile @@ -52,3 +52,5 @@ private-tmp dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 5f26a39f5..02c1d8768 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile @@ -46,3 +46,4 @@ private-tmp # dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index ee63f0ead..834eac11a 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile @@ -39,3 +39,4 @@ private-dev private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 4cb556f6e..8707dca5b 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index 0a80a2203..e2646095c 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile @@ -37,3 +37,5 @@ tracelog private-bin aweather private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 5d1bf5071..ee9280fe8 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile @@ -17,3 +17,4 @@ protocol unix,inet,inet6 seccomp read-only ${HOME}/.config/awesome/autorun.sh +restrict-namespaces diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 05637d247..b60b5715c 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index 24bb53981..084b7c702 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile @@ -52,3 +52,5 @@ private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kb private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index c78caad77..661356ff6 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile @@ -79,3 +79,4 @@ dbus-user.talk org.gnome.keyring.SystemPrompter dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-a-l/baobab.profile b/etc/profile-a-l/baobab.profile index 40f50e991..31ef66a58 100644 --- a/etc/profile-a-l/baobab.profile +++ b/etc/profile-a-l/baobab.profile @@ -41,3 +41,4 @@ private-tmp # dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index dbd3d38f1..a78d202a2 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile @@ -42,3 +42,4 @@ private-cache private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 8dc3847a0..a962bfe02 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile @@ -22,5 +22,8 @@ ignore seccomp #private-etc basilisk #private-opt basilisk +restrict-namespaces +ignore restrict-namespaces + # Redirect include firefox-common.profile diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index b43c670b6..d566b94e8 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index bc1cb18ac..85a1a58c7 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index e6675e0d3..b6b52601e 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile @@ -60,3 +60,4 @@ dbus-user.talk org.freedesktop.Tracker1 dbus-system none env WEBKIT_FORCE_SANDBOX=0 +restrict-namespaces diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 390d002ed..9fc01a2fd 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile @@ -47,3 +47,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index 773fa7500..988a1479e 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile @@ -38,3 +38,4 @@ private-dev private-tmp read-write /var/lib/bitlbee +restrict-namespaces diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 233f9a96f..753254ffc 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile @@ -16,3 +16,4 @@ noroot protocol unix,inet,inet6 seccomp +restrict-namespaces diff --git a/etc/profile-a-l/bleachbit.profile b/etc/profile-a-l/bleachbit.profile index a352ab8d8..45ae345c3 100644 --- a/etc/profile-a-l/bleachbit.profile +++ b/etc/profile-a-l/bleachbit.profile @@ -40,3 +40,4 @@ dbus-system none # memory-deny-write-execute breaks some systems, see issue #1850 # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 8ee852ab5..cd8fac61f 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile @@ -37,3 +37,5 @@ protocol unix,inet,inet6,netlink seccomp !mbind private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 0e38889c0..9badb4357 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 3bd8c79d0..6e7a87e5f 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 9dfbd8f8e..e6926ee29 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/bluefish.profile b/etc/profile-a-l/bluefish.profile index ac949d561..d24f76262 100644 --- a/etc/profile-a-l/bluefish.profile +++ b/etc/profile-a-l/bluefish.profile @@ -37,3 +37,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0ab28fffe..a483c2b0a 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile @@ -31,3 +31,5 @@ seccomp !chroot,!ioperm private-cache private-dev + +# restrict-namespaces diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index f80ad9f20..12d7062ab 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile @@ -33,3 +33,5 @@ tracelog private-cache # private-dev # private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile index bd6719b62..cf5f462ae 100644 --- a/etc/profile-a-l/build-systems-common.profile +++ b/etc/profile-a-l/build-systems-common.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index 5bfe3751b..b28f982fc 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index acfc1ba0a..b347941d7 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile @@ -35,3 +35,5 @@ seccomp !chroot private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index 6fccf2122..c2972f902 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile @@ -37,3 +37,4 @@ private-dev # noexec ${HOME} noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index fb3a6df7e..b2248ad06 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile @@ -52,3 +52,4 @@ private-tmp # dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index f2d9c282d..7cb56efee 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile @@ -37,3 +37,5 @@ seccomp # private-etc alternatives,drirc,fonts,gcrypt,hosts,kde5rc,mpd.conf,passwd,samba,ssl,xdg private-bin cantata,mpd,perl private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index d076c3ca0..e2df341e9 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile @@ -46,3 +46,5 @@ tracelog dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index e9affe09e..e4e32b265 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile @@ -43,3 +43,5 @@ private-tmp # dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 48522c002..0c4335e8f 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile @@ -64,3 +64,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.config/celluloid +restrict-namespaces diff --git a/etc/profile-a-l/chafa.profile b/etc/profile-a-l/chafa.profile index b042ac189..72f79681d 100644 --- a/etc/profile-a-l/chafa.profile +++ b/etc/profile-a-l/chafa.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 835b884ad..3baa80d50 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index 1e498259c..8aed77c04 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile @@ -58,3 +58,5 @@ dbus-user filter dbus-user.own org.gnome.Cheese dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index fe0c7cfe8..528d6203e 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile @@ -40,3 +40,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 19addd285..c3944bd65 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile @@ -7,3 +7,5 @@ nonewprivs noroot protocol unix,inet,inet6,netlink seccomp !chroot + +#restrict-namespaces diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index 3e62d7ba2..0930c9361 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile @@ -34,3 +34,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index f5f665215..ddd0eb1f9 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile @@ -37,3 +37,4 @@ dbus-system none read-only ${HOME} memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/clamtk.profile b/etc/profile-a-l/clamtk.profile index 842416171..9fc73ee55 100644 --- a/etc/profile-a-l/clamtk.profile +++ b/etc/profile-a-l/clamtk.profile @@ -27,3 +27,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 268cf01b4..4f4e8e7bf 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index b1509f391..ee01fa653 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile @@ -38,3 +38,5 @@ private-tmp dbus-system none # dbus-user none + +restrict-namespaces diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index a8d57d63d..652809f1b 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile @@ -40,3 +40,4 @@ private-dev # private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index 4086f46ba..3f3748e1a 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile @@ -48,3 +48,5 @@ private-tmp # 'dbus-user none' breaks tray menu - add 'dbus-user none' to your clipgrab.local if you don't need it. # dbus-user none # dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index 0356547cd..504bce0b1 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile @@ -59,5 +59,5 @@ dbus-user none dbus-system none #memory-deny-write-execute -restrict-namespaces read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index fa5693901..ad6332f78 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile @@ -27,3 +27,5 @@ seccomp private-bin cmus private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl + +restrict-namespaces diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile index b4f73458c..c341c4ea2 100644 --- a/etc/profile-a-l/cointop.profile +++ b/etc/profile-a-l/cointop.profile @@ -60,3 +60,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index 79ab5e7b1..442d50259 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 7024ddb28..990b6bc5a 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile @@ -52,3 +52,5 @@ private-tmp # dbus-user.own com.github.bleakgrey.tootle # dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index 05768977d..5f2a1c3e6 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile @@ -63,3 +63,4 @@ read-only ${HOME} read-write ${HOME}/.cache/agenda read-write ${HOME}/.config/agenda read-write ${HOME}/.local/share/agenda +restrict-namespaces diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index 06c6e5f84..21f37494b 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile @@ -60,3 +60,4 @@ private-tmp read-only ${HOME} read-write ${HOME}/.cache/com.github.johnfactotum.Foliate read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate +restrict-namespaces diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 667f9805c..07a6a6813 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile @@ -58,3 +58,5 @@ dbus-user filter dbus-user.own com.github.phase1geo.minder dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile index 20236c161..fd4494e92 100644 --- a/etc/profile-a-l/com.github.tchx84.Flatseal.profile +++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile @@ -62,3 +62,4 @@ dbus-user.talk org.gnome.Software dbus-system none read-write ${HOME}/.local/share/flatpak/overrides +restrict-namespaces diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 38edf0d21..6486990f5 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile @@ -34,3 +34,5 @@ protocol unix,inet,inet6 seccomp disable-mnt + +restrict-namespaces diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index 49a0a40ff..39e6d3cf9 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile @@ -43,3 +43,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 41b9f79a1..1774669f1 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile @@ -35,3 +35,4 @@ private-bin corebird private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 2245903a4..e896f3537 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile @@ -46,3 +46,4 @@ private-tmp memory-deny-write-execute read-only ${HOME}/.config/cower/config +restrict-namespaces diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 24a149c5f..793de8ab4 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile @@ -46,3 +46,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index 7928dd93c..7df7b4480 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index ba0dfb1a6..842191f3f 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile @@ -43,3 +43,4 @@ private-opt none private-tmp private-srv none +restrict-namespaces diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 3fa6ab764..3e5878574 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index a3a16fa0c..63d89ec36 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile @@ -53,3 +53,4 @@ private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 20d5657eb..f871b80aa 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile @@ -41,3 +41,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 95f24a0ad..b259c7e93 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile @@ -56,3 +56,4 @@ private-tmp memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 110c9f58e..876e637b2 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile @@ -50,3 +50,5 @@ dbus-user filter dbus-user.own ca.desrt.dconf-editor dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index 56583838e..5136445da 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile @@ -50,3 +50,4 @@ private-lib private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index be1f2eece..8ea5d178e 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index 205424a62..4eb89503a 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile @@ -32,3 +32,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile index 397a89bee..a10bbab5b 100644 --- a/etc/profile-a-l/default.profile +++ b/etc/profile-a-l/default.profile @@ -60,4 +60,4 @@ seccomp # deterministic-shutdown # memory-deny-write-execute # read-only ${HOME} -# restrict-namespaces +restrict-namespaces diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index d8a27da62..ebc751e1a 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile @@ -43,3 +43,5 @@ seccomp private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 2b03f0ea0..71579905e 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 42318527c..ef31fc3eb 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile @@ -50,3 +50,4 @@ private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 4b4bfbc5f..0579547af 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile @@ -56,3 +56,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/dex2jar.profile b/etc/profile-a-l/dex2jar.profile index 0908c16f1..b71387b2f 100644 --- a/etc/profile-a-l/dex2jar.profile +++ b/etc/profile-a-l/dex2jar.profile @@ -39,3 +39,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 30db25ee9..efcdb7ce4 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index a6de5e05e..048b92800 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index c1f0e3a14..05f0dfba8 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile @@ -43,3 +43,5 @@ private-tmp # dbus-user none # dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 19b99b5fd..c7cecf23e 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile @@ -37,3 +37,4 @@ private-dev private-tmp deterministic-shutdown +restrict-namespaces diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index 6802c7eed..1f7134ff2 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile @@ -53,3 +53,5 @@ dbus-user.talk org.freedesktop.Notifications dbus-system filter # Integration with systemd-logind or elogind dbus-system.talk org.freedesktop.login1 + +restrict-namespaces diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 6e8e30bfe..15f6e441d 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index 0efebd9a6..0d52805b7 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile @@ -51,3 +51,4 @@ dbus-system none # mdwe can break modules/plugins memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 13efd2fa8..40ccab8c7 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile @@ -40,3 +40,5 @@ private private-dev private-tmp writable-var + +restrict-namespaces diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index b8a29beb7..acaf2e021 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile @@ -60,3 +60,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 427d70e97..6e8d32848 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile @@ -38,3 +38,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 845277396..1edbb7ca0 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 14c5e7155..742385855 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile @@ -39,3 +39,4 @@ private-bin dragon private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index b533ad590..9d9fa291b 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - breaks on Arch +# restrict-namespaces diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index ffbd06cb6..bd6fb6dcc 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index 5d83485d2..4fdf1bbfe 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile @@ -46,3 +46,4 @@ private-dev private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 9db24f5a3..920eb7697 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile @@ -53,3 +53,4 @@ private-tmp # dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad3a38bfa..78a996f71 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile @@ -51,3 +51,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 7e9be653d..5b44f4ccd 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile @@ -30,3 +30,4 @@ seccomp read-write ${HOME}/.emacs read-write ${HOME}/.emacs.d +restrict-namespaces diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 89c44bf76..86fb27514 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -81,3 +81,4 @@ dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini read-only ${HOME}/.signature +restrict-namespaces diff --git a/etc/profile-a-l/empathy.profile b/etc/profile-a-l/empathy.profile index 5ca640d30..9a128d7af 100644 --- a/etc/profile-a-l/empathy.profile +++ b/etc/profile-a-l/empathy.profile @@ -24,3 +24,5 @@ seccomp private-cache private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index d9abe52b0..37a6c088b 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile @@ -55,3 +55,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/engrampa.profile b/etc/profile-a-l/engrampa.profile index 37eb21546..1118c3bf0 100644 --- a/etc/profile-a-l/engrampa.profile +++ b/etc/profile-a-l/engrampa.profile @@ -38,3 +38,5 @@ private-dev dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index 2d3367255..45a1125b4 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile @@ -59,3 +59,4 @@ private-opt Enpass private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index f25f2a291..83abb551e 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile @@ -49,3 +49,5 @@ private-dev private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 37b7fdf11..adda53660 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile @@ -61,3 +61,5 @@ private-tmp # breaks preferences # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index 225811226..a8d00d045 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile @@ -34,3 +34,5 @@ nonewprivs notv protocol unix,inet,inet6 seccomp + +restrict-namespaces diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 60d50a7fa..2fe0a4af4 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile @@ -60,3 +60,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index 8fa6cd3b4..7d27f12c9 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index eec9f86db..95115d484 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile @@ -64,3 +64,5 @@ dbus-user.talk ca.desrt.dconf dbus-user.talk org.gtk.vfs.Daemon dbus-user.talk org.gtk.vfs.Metadata dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 6f959df6e..517bb6206 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile @@ -43,3 +43,5 @@ seccomp private-dev private-tmp writable-var + +restrict-namespaces diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index dd5e32f49..45331487c 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 321cb0145..2daf1ff15 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile @@ -53,3 +53,5 @@ private-tmp # dbus-user filter # dbus-user.own org.kde.Falkon dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 5679f7cc1..434371aee 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile @@ -36,3 +36,5 @@ seccomp private-bin fbreader,FBReader private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index ee775566e..248cb5b49 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile @@ -47,3 +47,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so. private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 83de90908..6aa24cc86 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile @@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.secrets #dbus-user.talk org.freedesktop.Notifications #dbus-user.talk org.gnome.OnlineAccounts dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index 9b0262f5b..be5ab8627 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index e11baa536..3a044542f 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile @@ -44,3 +44,5 @@ seccomp !chroot disable-mnt private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index cb01fc5dd..ea90239e0 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile @@ -31,3 +31,5 @@ seccomp #private-bin bash,chmod,fetchmail,procmail private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 42de048d7..160f26f78 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - it breaks old versions of ffmpeg +restrict-namespaces diff --git a/etc/profile-a-l/file-manager-common.profile b/etc/profile-a-l/file-manager-common.profile index 9ab7e36d3..bf8475758 100644 --- a/etc/profile-a-l/file-manager-common.profile +++ b/etc/profile-a-l/file-manager-common.profile @@ -49,3 +49,5 @@ private-dev #dbus-user none #dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 06744cdd3..ef4e0e117 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile @@ -46,3 +46,5 @@ private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg # private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index bcb2abc8b..a5fd05bc7 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile @@ -44,3 +44,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index 273e6180c..e80a875f1 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile @@ -41,3 +41,5 @@ seccomp private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 491ce2eeb..13313cb67 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile @@ -68,3 +68,5 @@ blacklist ${PATH}/wget2 # Gnome connector, KDE connect and power management on KDE Plasma. dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index d5034ef8e..0984055a3 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile @@ -65,3 +65,5 @@ dbus-user.talk org.kde.KWin ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher ?ALLOW_TRAY: dbus-user.own org.kde.* dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index 4bb1b2a71..740dc153f 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile @@ -35,3 +35,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 1210f365c..2ae87be48 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile @@ -16,3 +16,4 @@ noroot protocol unix,inet,inet6 seccomp +restrict-namespaces diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index fcd4afa44..88ae56c82 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile @@ -54,3 +54,4 @@ private-dev private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index f18250fdb..756ca4fae 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile @@ -38,3 +38,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 796081ece..a614d7d9f 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile @@ -55,3 +55,5 @@ dbus-user.talk ca.desrt.dconf dbus-user.talk org.freedesktop.Notifications dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 4a2e13d89..e21789d73 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile @@ -44,3 +44,5 @@ seccomp !chroot disable-mnt private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index e0330b52a..53315c249 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 1690f6eb9..0788acce1 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 3092e830a..f1b2ffcb7 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index c3f32de03..ae5843f7f 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile @@ -50,3 +50,5 @@ private-srv none dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freshclam.profile b/etc/profile-a-l/freshclam.profile index ab6877de8..133d66f0d 100644 --- a/etc/profile-a-l/freshclam.profile +++ b/etc/profile-a-l/freshclam.profile @@ -33,3 +33,4 @@ writable-var writable-var-log memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index 521d50b3b..067fe3caa 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index bb60d98a5..86a8a8fc6 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile index 15b68eb08..f448ab932 100644 --- a/etc/profile-a-l/ftp.profile +++ b/etc/profile-a-l/ftp.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute noexec ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index ee4226852..8ca349d1c 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 3d4d4b4e7..d4d578dd4 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile @@ -75,4 +75,5 @@ dbus-system.talk org.freedesktop.login1 # Add the next line to your gajim.local to enable location plugin support. #dbus-system.talk org.freedesktop.GeoClue2 +restrict-namespaces join-or-start gajim diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 95afc8020..0fba8ac07 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 6fac9affc..106e0eda6 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile @@ -70,3 +70,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 60fac668e..313b34a53 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 33441ac0e..5b434342b 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile @@ -58,3 +58,4 @@ private-lib GConf,libpython*,python2* private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile index 783183bea..4eb94edf4 100644 --- a/etc/profile-a-l/gdu.profile +++ b/etc/profile-a-l/gdu.profile @@ -37,6 +37,7 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces # gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features. # Depending on workflow and use case the sandbox can be hardened by adding the diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 021abefb3..ec1d68e0d 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile @@ -32,3 +32,5 @@ seccomp private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index cc2119f2a..ad9b45b57 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -91,3 +91,4 @@ dbus-user.talk org.gnome.evolution.dataserver.Sources5 dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 28a79b646..dbb3ab971 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile @@ -49,3 +49,5 @@ private-tmp # makes settings immutable # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index 19ac4e026..cda47a7e9 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile @@ -55,3 +55,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.geekbench5 +restrict-namespaces diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index 268c3b334..95adc6840 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile @@ -34,3 +34,5 @@ seccomp # private-bin geeqie private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 7b42fadd1..d3d49433b 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile @@ -67,3 +67,5 @@ dbus-user filter dbus-user.own org.gabmus.gfeeds dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index b40c96e5b..02c4f9509 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index e908e5cd9..9c719ddb1 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile @@ -56,3 +56,5 @@ private-tmp dbus-user filter dbus-system none + +#restrict-namespaces diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 400c8c54f..083b85a91 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index ffd1b1f13..d315619b7 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile @@ -58,3 +58,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 6c6a0bfd4..2f7068d68 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile @@ -84,3 +84,5 @@ read-only ${HOME}/.git-credentials # Add 'ignore read-only ${HOME}/.ssh' to your git-cola.local if you need to allow hosts. read-only ${HOME}/.ssh + +restrict-namespaces diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index 76636cc03..78d6cb2a1 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile @@ -65,3 +65,4 @@ private-cache private-dev memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 4c4ddd2d2..85f08d52e 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile @@ -61,3 +61,5 @@ dbus-user.talk ca.desrt.dconf # Add the next line to your gitg.local if you need keyring access. #dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 012bc6159..0f9ed9592 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile @@ -41,3 +41,4 @@ private-opt Gitter private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index 9bdbd0e37..bd332a6d5 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile @@ -42,3 +42,5 @@ tracelog private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index 311d7f127..92ba70113 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index 162d292f8..d61b566d8 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 5e823a5a8..46553d457 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile @@ -34,3 +34,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index edd2cd9ee..d4e4caebe 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile @@ -51,3 +51,4 @@ writable-run-user # dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 0c19faab3..812923b2d 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile @@ -43,3 +43,4 @@ tracelog private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index fe3a392b4..e171224c0 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile @@ -37,3 +37,4 @@ seccomp private-dev read-write ${HOME}/.bash_history +restrict-namespaces diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile index 11fdb9828..3926146ff 100644 --- a/etc/profile-a-l/gnome-calculator.profile +++ b/etc/profile-a-l/gnome-calculator.profile @@ -52,3 +52,5 @@ dbus-user filter dbus-user.own org.gnome.Calculator dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index 482992778..b0d3f1d34 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile @@ -60,3 +60,4 @@ dbus-system filter #dbus-system.talk org.freedesktop.GeoClue2 read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index af5b61fe6..2e11f335b 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile @@ -56,3 +56,4 @@ private-tmp # dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 815ede80b..78bd54b64 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile @@ -51,3 +51,5 @@ private-cache private-dev private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index cc8f3fea0..8af9870bf 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile @@ -44,3 +44,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index f96f750dd..2326115c3 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile @@ -38,3 +38,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 24fa9721a..c8af97a61 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile @@ -41,3 +41,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-font-viewer.profile b/etc/profile-a-l/gnome-font-viewer.profile index 294729152..17d266537 100644 --- a/etc/profile-a-l/gnome-font-viewer.profile +++ b/etc/profile-a-l/gnome-font-viewer.profile @@ -35,3 +35,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index f734f23bd..f0493c645 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile @@ -49,3 +49,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.cache/mesa_shader_cache +restrict-namespaces diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 5f9679cc7..45b6fd880 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile @@ -59,3 +59,4 @@ private-tmp dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 105996b38..43e0a1ec1 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile @@ -50,3 +50,5 @@ private-dev private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index f93d9ca24..b619b0f27 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile @@ -51,3 +51,4 @@ dbus-system none # Add 'ignore read-only ${HOME}' to your gnome-logs.local if you export logs to a file under your ${HOME}. read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 2f5e033ad..d14b2a5a1 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile @@ -73,3 +73,5 @@ dbus-user.own org.gnome.Maps dbus-system filter #dbus-system.talk org.freedesktop.NetworkManager dbus-system.talk org.freedesktop.GeoClue2 + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 444f6ed34..052e9ba9c 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile @@ -31,3 +31,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 8c2ff90ea..ec033dbf0 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile @@ -44,3 +44,4 @@ private-dev private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index abf3dd759..ce4e5edd8 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index bd39ab0c9..0d7fb2de8 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile @@ -59,3 +59,5 @@ dbus-user filter dbus-user.own org.gnome.PasswordSafe dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 5c848d0af..1d0291aa2 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile @@ -40,3 +40,4 @@ tracelog private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 0086edab0..6d90773aa 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile @@ -38,3 +38,4 @@ private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.s private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index e4120743a..fb019227f 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile @@ -56,3 +56,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.local/share/gnome-pomodoro +restrict-namespaces diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 483783195..75f3199e2 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile @@ -50,3 +50,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 44c608e8c..8f2ab7fd6 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile @@ -30,3 +30,4 @@ disable-mnt # private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 415d8eb04..b71d77621 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile @@ -61,4 +61,3 @@ disable-mnt private-cache private-dev writable-var - diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 95e1309ad..74238a109 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile @@ -48,3 +48,5 @@ dbus-user filter dbus-user.own org.gnome.Screenshot dbus-user.talk org.gnome.Shell.Screenshot dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 0faf17c2f..d07bd80a7 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile @@ -41,3 +41,5 @@ private-cache private-dev private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index ae2f79e35..4c74c0a61 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile @@ -53,3 +53,4 @@ writable-var-log memory-deny-write-execute # Add 'ignore read-only ${HOME}' to your gnome-system-log.local if you export logs to a file under your ${HOME}. read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 097a4d5aa..ae7ea83d8 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile @@ -61,3 +61,4 @@ dbus-system none #dbus-system.talk org.freedesktop.login1 read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index 3b9e44f66..dfeeff950 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile @@ -37,3 +37,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index ddffb8942..147b84a19 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile @@ -46,3 +46,4 @@ private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index bd20bb2bc..c9145d78e 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile @@ -46,3 +46,5 @@ private-tmp dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index 9df2f06a4..d7944ae24 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile @@ -57,3 +57,5 @@ dbus-user filter dbus-user.own org.gnome.Gnote dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index bc69f4729..bdbcf9baf 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 57ad9bedc..36a2cae07 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile index c1119dcb0..327648cd1 100644 --- a/etc/profile-a-l/goldendict.profile +++ b/etc/profile-a-l/goldendict.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 1eaa68c1d..8807a239d 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile @@ -32,3 +32,5 @@ tracelog private-dev # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl # private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 71e41b289..4af6ce36b 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile @@ -39,3 +39,4 @@ private-bin bash,dirname,google-earth,grep,ls,sed,sh private-dev private-opt google +restrict-namespaces diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index b84ae83b7..c2a7d89fd 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile @@ -39,3 +39,5 @@ seccomp disable-mnt private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 74cfd5b89..da7c24581 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 40c3b434d..e05cdf424 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile @@ -30,3 +30,5 @@ tracelog # private-bin gpa,gpg private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 78546f547..848960f5f 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile @@ -49,3 +49,5 @@ tracelog # private-bin gpg-agent,gpg private-cache private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index bc4fb060b..250c9c396 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile @@ -51,3 +51,4 @@ private-dev # installing/upgrading archlinux-keyring extremely slow. read-write /etc/pacman.d/gnupg read-write /usr/share/pacman/keyrings +restrict-namespaces diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 937ef14fe..1012f5774 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 628205015..53a6f94e2 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile @@ -38,3 +38,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 8ff0d92bb..368482fa3 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile @@ -52,3 +52,5 @@ dbus-user.own de.haeckerfelix.gradio dbus-user.own org.mpris.MediaPlayer2.gradio dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index 6d9c54967..5073e79c9 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index ab0915cd6..02a49134c 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index b9e3d8e25..9654f0ffc 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile @@ -34,3 +34,5 @@ private-bin gthumb private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index 793fb0440..5fd92fd4f 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 594c99863..35ce2816b 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile @@ -32,3 +32,4 @@ private-bin guayadeque private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile index 774652fd5..68b78ec62 100644 --- a/etc/profile-a-l/gucharmap.profile +++ b/etc/profile-a-l/gucharmap.profile @@ -51,3 +51,4 @@ private-tmp # dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index e8f64e4e0..db307e940 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 93af4d1f8..8f7f74e0d 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile @@ -52,3 +52,4 @@ private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.prel # dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 1f13232f2..488665154 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index 8d665ce68..e5b0a06af 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile @@ -43,3 +43,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index a1a491ca1..fd8246aae 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile @@ -56,3 +56,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index 9c6f162c6..2de09ea93 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile @@ -35,3 +35,5 @@ tracelog disable-mnt private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index c730187a9..df7f8f3a3 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile @@ -55,3 +55,4 @@ private-dev private-tmp # memory-deny-write-execute - breaks python +restrict-namespaces diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 04a603794..d77f49ce0 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index cf06b397f..91b73e8e9 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 22a3ecf51..09af8f0f5 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index d4587a303..c4085cf9c 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 8fd80564a..13dc06ecc 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index c131381c8..757af67b0 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile @@ -69,3 +69,5 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index e96b1843c..a0c3f2d97 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile @@ -16,3 +16,4 @@ noroot protocol unix,inet,inet6 seccomp +restrict-namespaces diff --git a/etc/profile-a-l/iagno.profile b/etc/profile-a-l/iagno.profile index 727dabb77..e16f3f1d5 100644 --- a/etc/profile-a-l/iagno.profile +++ b/etc/profile-a-l/iagno.profile @@ -37,3 +37,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 0d976222f..31f65962f 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile @@ -39,3 +39,4 @@ private-dev # private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 29aeb006b..60e97b24c 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile @@ -38,3 +38,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index 889e4ba65..ee341423a 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index 7306de4b3..d9a256c11 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile @@ -54,3 +54,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.cache/mesa_shader_cache +restrict-namespaces diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile index 43085bb9b..94333a610 100644 --- a/etc/profile-a-l/imv.profile +++ b/etc/profile-a-l/imv.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index d461add95..1034c225f 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile @@ -60,3 +60,4 @@ dbus-user none dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile index 483772a1e..cb2f30350 100644 --- a/etc/profile-a-l/io.github.lainsce.Notejot.profile +++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile @@ -57,3 +57,5 @@ dbus-user filter dbus-user.own io.github.lainsce.Notejot dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index cdf78ea94..983c31bcb 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile @@ -59,3 +59,4 @@ dbus-system none # memory-deny-write-execute # read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index 85ea915c7..1c4ddebdb 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile @@ -39,3 +39,4 @@ private-dev private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index fc1f7e42c..5fe484029 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile @@ -39,3 +39,4 @@ private-dev private-tmp env QT_QPA_PLATFORM=xcb +restrict-namespaces diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 628a646c2..e34b3e676 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index f55305a08..3136b412e 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile @@ -40,3 +40,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 23f7b720d..c0bda1cbf 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile @@ -28,3 +28,5 @@ tracelog disable-mnt private-cache private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index dee252281..66d63283a 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index a98f09d7d..81d4f3458 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile @@ -35,3 +35,5 @@ novideo private-dev # private-tmp + +# restrict-namespaces - breaks privileged helpers diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index 8dba3b4e9..73417bf11 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile @@ -40,3 +40,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 6331e3990..bde52f30e 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index dc6e58c99..152f73d5d 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile @@ -60,4 +60,5 @@ private-tmp # dbus-user none # dbus-system none +restrict-namespaces join-or-start kate diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 61802383d..c01000af1 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile @@ -52,3 +52,5 @@ private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cach private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index 6e1de1abd..ea56f2d39 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile @@ -67,3 +67,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kdeinit4.profile b/etc/profile-a-l/kdeinit4.profile index 8b02142c3..2f426e191 100644 --- a/etc/profile-a-l/kdeinit4.profile +++ b/etc/profile-a-l/kdeinit4.profile @@ -34,3 +34,4 @@ private-bin kbuildsycoca4,kded4,kdeinit4,knotify4 private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index 872e6d9aa..d4933d816 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile @@ -38,3 +38,5 @@ private-dev # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 947e35750..e0b3eadfd 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile @@ -55,3 +55,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index db3bbd76f..648ed95cf 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile @@ -43,3 +43,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index c8b895fc2..935fe3933 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile @@ -47,3 +47,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 827951071..80374690c 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile @@ -106,5 +106,7 @@ dbus-user.talk org.xfce.ScreenSaver dbus-system filter dbus-system.talk org.freedesktop.login1 +restrict-namespaces + # Mutex is stored in /tmp by default, which is broken by private-tmp. join-or-start keepassxc diff --git a/etc/profile-a-l/kfind.profile b/etc/profile-a-l/kfind.profile index dee84482f..c70030a38 100644 --- a/etc/profile-a-l/kfind.profile +++ b/etc/profile-a-l/kfind.profile @@ -44,3 +44,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 9b6646725..dd45c1889 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile @@ -41,3 +41,4 @@ private-dev private-tmp # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 637b00c35..424fb006e 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile @@ -45,3 +45,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 2df907376..a4c8486e1 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile @@ -34,3 +34,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 1c50ad2ea..5a028aeea 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c7b5123d2..0c2d171b9 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index 4b8c9e414..0785b904d 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile @@ -51,3 +51,5 @@ private-srv none dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 1bbc141e8..9724f4963 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile @@ -62,3 +62,5 @@ private-dev # private-tmp - interrupts connection to akonadi, breaks opening of email attachments # writable-run-user is needed for signing and encrypting emails writable-run-user + +# restrict-namespaces diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index 135e8f3ad..992b312ee 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile @@ -38,3 +38,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b78d9c474..474a10a31 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile @@ -51,3 +51,5 @@ tracelog private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 875d0ef76..e4781fea3 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile @@ -43,3 +43,4 @@ private-dev private-tmp # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 9e75b03eb..91030f453 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile @@ -37,3 +37,4 @@ private-dev private-tmp writable-var +restrict-namespaces diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 70d721e9f..a04376430 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile @@ -48,3 +48,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 96eb6978d..27feccf40 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile @@ -35,3 +35,5 @@ protocol unix,inet,inet6 seccomp # private-cache + +restrict-namespaces diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index cb06dd38f..da267b962 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile @@ -67,3 +67,4 @@ private-tmp deterministic-shutdown # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 086a4500a..68ef6111a 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile @@ -50,3 +50,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 176c78515..0cdfe4f10 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile @@ -78,3 +78,4 @@ dbus-user.talk org.freedesktop.Notifications dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index c3b2a1205..7ecf26d8e 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile @@ -44,3 +44,5 @@ private-bin kwin_x11 private-dev private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 1883d7c86..18a024c7e 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile @@ -52,4 +52,5 @@ private-tmp # dbus-user none # dbus-system none +restrict-namespaces join-or-start kwrite diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index f6c28fafa..f1e1a897b 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile @@ -38,3 +38,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index ce62b8d5c..27b27a20b 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile @@ -38,3 +38,4 @@ private-dev private-lib private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 24d6261fb..6efe23ade 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile @@ -48,3 +48,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} read-write ${HOME}/.lesshst +restrict-namespaces diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index 00447c6c1..40ec7b9c6 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile @@ -47,3 +47,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index e25eaa2e9..518928876 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile @@ -54,4 +54,5 @@ private-tmp dbus-system none +restrict-namespaces join-or-start libreoffice diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile index 280669b24..025156d2d 100644 --- a/etc/profile-a-l/lifeograph.profile +++ b/etc/profile-a-l/lifeograph.profile @@ -54,3 +54,5 @@ private-tmp dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 75aac74d1..b0e9015ee 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile @@ -59,3 +59,5 @@ dbus-user.talk ca.desrt.dconf # Add the next line to your liferea.local if you use the 'Libsecret Support' plugin. #dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 79eca0a6f..d81e21636 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 4eec03855..22a4a2a2a 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile @@ -59,3 +59,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index e375f0c13..2273ed560 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile @@ -47,3 +47,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index b4582c4f5..35fca733a 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile @@ -37,3 +37,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index 3108900ef..78b78662b 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile @@ -39,3 +39,4 @@ private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 2b61f4d48..f6436d93d 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index b7280b61c..4a8352831 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile @@ -36,3 +36,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80cecd056..2658c5373 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile @@ -80,3 +80,5 @@ dbus-user filter dbus-user.own net.lutris.Lutris dbus-user.talk com.feralinteractive.GameMode dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index d8485ba65..589f1cf6b 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile @@ -35,3 +35,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index a5fc967be..1ecf3c9d7 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile @@ -37,3 +37,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index 02a9f8d82..caf8de104 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile @@ -39,3 +39,5 @@ private-cache private-dev # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile index 930d49db2..23b44dbf5 100644 --- a/etc/profile-m-z/Maelstrom.profile +++ b/etc/profile-m-z/Maelstrom.profile @@ -43,3 +43,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile index 6286f066e..08283bd33 100644 --- a/etc/profile-m-z/Mathematica.profile +++ b/etc/profile-m-z/Mathematica.profile @@ -27,3 +27,5 @@ nonewprivs noroot notv seccomp + +restrict-namespaces diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index cc52f053f..902fc9a6a 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index cf597c215..1e9af5769 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 6bf69d055..6140de60f 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile @@ -52,3 +52,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hosts,ld.so.cache,ld.so.preload,machine-id,nsswitch.conf,pki,pulse,resolv.conf,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index e13337b7c..2ea185ec0 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile @@ -34,3 +34,5 @@ disable-mnt private-bin awk,bash,dig,sh,Viber private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,mailcap,nsswitch.conf,pki,proxychains.conf,pulse,resolv.conf,ssl,X11 private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile index 53cecd4b1..97b9d2898 100644 --- a/etc/profile-m-z/XMind.profile +++ b/etc/profile-m-z/XMind.profile @@ -35,3 +35,4 @@ private-bin cp,sh,XMind private-tmp private-dev +restrict-namespaces diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index bda639232..2fc1d1b8a 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile @@ -40,3 +40,5 @@ private private-dev # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,nsswitch.conf,resolv.conf #private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index 223370f30..8bf79f554 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile @@ -44,3 +44,5 @@ private private-dev private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.preload,nsswitch.conf,resolv.conf private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile index 89024f976..6ddc24bf6 100644 --- a/etc/profile-m-z/ZeGrapher.profile +++ b/etc/profile-m-z/ZeGrapher.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile index e8fba41c3..24158d062 100644 --- a/etc/profile-m-z/macrofusion.profile +++ b/etc/profile-m-z/macrofusion.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index 76fc6e6da..e5d994b57 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 4ec6ef82e..e9d245a6d 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile @@ -58,3 +58,4 @@ private-cache private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index b8d221dc3..0e3f9e6e2 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile @@ -65,3 +65,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} #read-only /tmp # breaks mandoc (see #4927) +restrict-namespaces diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile index ede669c08..5ee4d0cb5 100644 --- a/etc/profile-m-z/manaplus.profile +++ b/etc/profile-m-z/manaplus.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index fe0077f3d..7066f4229 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile @@ -60,3 +60,5 @@ dbus-user filter dbus-user.own com.github.fabiocolacio.marker dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index a78927cc5..176506ff2 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile @@ -38,3 +38,4 @@ private-dev private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index 00f0bd9a3..e3a5c6ab6 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mate-color-select.profile b/etc/profile-m-z/mate-color-select.profile index a59f5e139..337c2d6e5 100644 --- a/etc/profile-m-z/mate-color-select.profile +++ b/etc/profile-m-z/mate-color-select.profile @@ -38,3 +38,4 @@ private-lib private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index 3720c824e..e80b220b7 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile @@ -42,3 +42,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 1df04c117..1ebe9aaba 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile @@ -31,3 +31,5 @@ seccomp private-bin mcabber private-dev private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,pki,ssl + +restrict-namespaces diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index e654cc16e..a3ff768b7 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile @@ -70,3 +70,4 @@ read-write ${HOME}/.local/share/mcomix read-write ${HOME}/.local/share # used by mcomix <= 1.2, tip, make a symbolic link to .cache/thumbnails read-write ${HOME}/.thumbnails +restrict-namespaces diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 63b07d474..e1025a1fb 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 35d59d439..12d692b72 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index f0ef7d010..19ce6fcd1 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile @@ -51,3 +51,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile index a28a66786..73fd65bcd 100644 --- a/etc/profile-m-z/megaglest.profile +++ b/etc/profile-m-z/megaglest.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index dddc7f977..634694363 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile @@ -78,3 +78,4 @@ private-dev private-tmp read-only ${HOME}/.ssh +restrict-namespaces diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile index 4f9bcea71..f2626b0c1 100644 --- a/etc/profile-m-z/mendeleydesktop.profile +++ b/etc/profile-m-z/mendeleydesktop.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index 08b155a27..cd4938ec6 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile @@ -61,3 +61,4 @@ read-write ${HOME}/.config/menus read-write ${HOME}/.gnome/apps read-write ${HOME}/.local/share/applications read-write ${HOME}/.local/share/flatpak/exports +restrict-namespaces diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile index 47b4cf8c9..db87b21bc 100644 --- a/etc/profile-m-z/meteo-qt.profile +++ b/etc/profile-m-z/meteo-qt.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile index eb037f51b..d1655fabb 100644 --- a/etc/profile-m-z/midori.profile +++ b/etc/profile-m-z/midori.profile @@ -62,3 +62,5 @@ tracelog disable-mnt private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index 8f1cd0bc6..a26896b19 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 22684be39..e6bf86802 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index 3d7ede3dc..15474c96e 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile @@ -61,3 +61,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 385edbd7a..ce938c867 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 2b05bbfde..d36c0fc81 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 707ef34e9..34721b4a3 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index fdaf885bd..46320f8ea 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile @@ -50,3 +50,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} read-write ${HOME}/.moc +restrict-namespaces diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile index e87c82e30..8e597fa99 100644 --- a/etc/profile-m-z/mousepad.profile +++ b/etc/profile-m-z/mousepad.profile @@ -37,3 +37,5 @@ private-bin mousepad private-dev private-lib private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 0dd9f7b43..89cee657d 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index e1b26aaf0..77ad30d0c 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile @@ -46,7 +46,8 @@ private-dev private-etc alternatives,ld.so.cache,ld.so.preload private-tmp -memory-deny-write-execute - dbus-user none dbus-system none + +memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index ed8a7eee3..1d875c3c4 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile @@ -55,3 +55,4 @@ private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile index 604db8105..d1c4bd24f 100644 --- a/etc/profile-m-z/mpd.profile +++ b/etc/profile-m-z/mpd.profile @@ -41,3 +41,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index d03879836..12650dbc9 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile @@ -42,3 +42,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index ebb4b0e73..7d9ff39ad 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile @@ -37,3 +37,5 @@ seccomp private-bin mplayer private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index 9dcdd34a3..e73e3142c 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile @@ -68,3 +68,4 @@ private-tmp dbus-user none dbus-system none +restrict-namespaces diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index 4ea5740c2..c9706999a 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile @@ -86,3 +86,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index f4d8d7f6a..4f7ae09b9 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 7eb8efae6..d979e7401 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index 5467718e2..363c6fe4a 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 283840c17..73107680c 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile @@ -49,3 +49,4 @@ disable-mnt private-dev private-tmp +# restrict-namespaces diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index e2530efc7..ef09e6fca 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile @@ -42,3 +42,4 @@ private-bin mumble private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 1876dc5ca..954016c2c 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile @@ -44,3 +44,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile index 093767c27..f97c6f271 100644 --- a/etc/profile-m-z/mupen64plus.profile +++ b/etc/profile-m-z/mupen64plus.profile @@ -31,3 +31,5 @@ seccomp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile index fa4a37bf8..ca951f70c 100644 --- a/etc/profile-m-z/musescore.profile +++ b/etc/profile-m-z/musescore.profile @@ -39,3 +39,5 @@ tracelog # private-bin musescore,mscore private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 9f83bb428..01b8d20b3 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 796d7fbb0..d2032dcf6 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile @@ -35,3 +35,4 @@ disable-mnt private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,machine-id,pki,pulse,ssl +# restrict-namespaces diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 6c6341d40..52d30669f 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -146,3 +146,4 @@ read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature read-only ${HOME}/.w3m +restrict-namespaces diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index 41519bbb1..18117965e 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index e8cee2538..a20eb3828 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile index 2c7e36a35..b979e1aee 100644 --- a/etc/profile-m-z/natron.profile +++ b/etc/profile-m-z/natron.profile @@ -34,3 +34,5 @@ private-bin natron,Natron,NatronRenderer dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile index 010f823d0..09687199b 100644 --- a/etc/profile-m-z/ncdu.profile +++ b/etc/profile-m-z/ncdu.profile @@ -35,3 +35,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index a50fdd072..fde1d4d2c 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile @@ -62,3 +62,5 @@ dbus-user.talk org.freedesktop.Notifications ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher dbus-user.talk org.kde.kwalletd5 dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 9000b7972..c255a85c9 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -129,3 +129,4 @@ read-only ${HOME}/.elinks read-only ${HOME}/.nanorc read-only ${HOME}/.signature read-only ${HOME}/.w3m +restrict-namespaces diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 60fc2fa65..4d5265397 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile index d130d5b3a..c07bb7107 100644 --- a/etc/profile-m-z/nethack-vultures.profile +++ b/etc/profile-m-z/nethack-vultures.profile @@ -42,3 +42,5 @@ writable-var dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile index 9cb7457e5..a43889349 100644 --- a/etc/profile-m-z/nethack.profile +++ b/etc/profile-m-z/nethack.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +#restrict-namespaces diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile index 0ddb7bbbe..467ce5829 100644 --- a/etc/profile-m-z/netsurf.profile +++ b/etc/profile-m-z/netsurf.profile @@ -32,3 +32,5 @@ seccomp tracelog disable-mnt + +restrict-namespaces diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index b9a25b66c..68b0ce2ea 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index 10f9240b7..b80a0a151 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile @@ -59,3 +59,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 4da14beae..59f16bb10 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile @@ -57,3 +57,5 @@ dbus-user none #dbus-user.own com.gitlab.newsflash #dbus-user.talk org.freedesktop.Notifications dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 95f9f5d14..c26942c81 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile @@ -69,3 +69,5 @@ dbus-user filter dbus-user.talk org.freedesktop.secrets ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 662584892..4e4c7bfe7 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile @@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.secrets # Add the next line to your nheko.local to enable notification support. #dbus-user.talk org.freedesktop.Notifications dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile index 22c8b1782..568899eea 100644 --- a/etc/profile-m-z/nicotine.profile +++ b/etc/profile-m-z/nicotine.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index b4da229c4..cefe9fa79 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile @@ -49,3 +49,4 @@ private-tmp # dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 2ba125a02..f185a04ee 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile @@ -100,3 +100,4 @@ dbus-system none # Add the next line to your nodejs-common.local if you prefer to disable gatsby telemetry. #env GATSBY_TELEMETRY_DISABLED=1 +restrict-namespaces diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 733de1096..ac8336331 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile @@ -42,3 +42,5 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,login.defs,machine-id,pki,resolv.conf,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 7e9290513..11d6bd795 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile @@ -57,3 +57,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index 160385d70..37d9f593c 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index 1f8334d08..6f415d60a 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile @@ -51,3 +51,4 @@ read-write ${HOME}/.local/share/nvim read-write ${HOME}/.local/state/nvim read-write ${HOME}/.vim read-write ${HOME}/.vimrc +restrict-namespaces diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile index a86ef478a..8acf09e90 100644 --- a/etc/profile-m-z/nylas.profile +++ b/etc/profile-m-z/nylas.profile @@ -35,3 +35,5 @@ protocol unix,inet,inet6,netlink seccomp private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index f58f4fd1c..4f767f046 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile index 91abdc032..82e7a4137 100644 --- a/etc/profile-m-z/obs.profile +++ b/etc/profile-m-z/obs.profile @@ -40,3 +40,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 0ce3aa088..87c665cba 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 38751aa25..25da2139f 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index 265ed1490..568b6566e 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile @@ -69,4 +69,5 @@ private-etc alternatives,cups,fonts,kde4rc,kde5rc,ld.so.cache,ld.so.preload,mach # memory-deny-write-execute +restrict-namespaces join-or-start okular diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index e9d6ac028..913b499d3 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile @@ -53,3 +53,5 @@ private-etc alternatives,dbus-1,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.pr private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index db923056a..47ac9fc05 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile @@ -65,3 +65,4 @@ dbus-user.talk org.freedesktop.secrets dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index 730ed271d..f6b070ab3 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 87366547f..053f54b48 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index b49fd9932..6a256593c 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile @@ -18,3 +18,4 @@ seccomp read-only ${HOME}/.config/openbox/autostart read-only ${HOME}/.config/openbox/environment +restrict-namespaces diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile index 3001a355d..a7d147ec9 100644 --- a/etc/profile-m-z/opencity.profile +++ b/etc/profile-m-z/opencity.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile index 5f05480d8..3449ac686 100644 --- a/etc/profile-m-z/openclonk.profile +++ b/etc/profile-m-z/openclonk.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 8fe18f12b..be97552ab 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile index e867eccc3..0082be581 100644 --- a/etc/profile-m-z/openshot.profile +++ b/etc/profile-m-z/openshot.profile @@ -46,3 +46,5 @@ private-tmp dbus-user filter dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openstego.profile b/etc/profile-m-z/openstego.profile index 05b1d222d..fd8f70531 100644 --- a/etc/profile-m-z/openstego.profile +++ b/etc/profile-m-z/openstego.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile index 19ba69b14..6e5c09eda 100644 --- a/etc/profile-m-z/openttd.profile +++ b/etc/profile-m-z/openttd.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile index 250e07004..fa16c05e2 100644 --- a/etc/profile-m-z/orage.profile +++ b/etc/profile-m-z/orage.profile @@ -36,3 +36,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index a2c3e7d1d..f12838b72 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 7af611cc4..028c6fe90 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile @@ -56,3 +56,5 @@ private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts private-tmp dbus-system none + +# restrict-namespaces diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index acb2ce176..24701b657 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile @@ -22,5 +22,8 @@ ignore seccomp #private-etc palemoon #private-opt palemoon +restrict-namespaces +ignore restrict-namespaces + # Redirect include firefox-common.profile diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index aac1fc5b6..2610ae67a 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index ca54d7ad4..fb629669a 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile @@ -27,3 +27,5 @@ seccomp private-bin dbus-launch,parole private-cache private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,machine-id,passwd,pki,pulse,ssl + +restrict-namespaces diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 573410630..5a0f69f79 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index d21157325..88cfd3352 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile @@ -53,3 +53,4 @@ dbus-system none # mdwe is broken under Wayland, but works under Xorg. #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index 9a1e7d420..784d82736 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 0441c9e04..2e38dde3b 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile @@ -40,3 +40,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile index 463deca4c..81115b2e3 100644 --- a/etc/profile-m-z/pdfmod.profile +++ b/etc/profile-m-z/pdfmod.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile index 3e56a9c1d..34f8387af 100644 --- a/etc/profile-m-z/pdfsam.profile +++ b/etc/profile-m-z/pdfsam.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index 482181c86..7ece10835 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index 9809a488f..24a1bc979 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile @@ -59,3 +59,4 @@ dbus-user.talk org.gnome.Shell.Screencast dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile index e79e5cbc8..c740f5576 100644 --- a/etc/profile-m-z/penguin-command.profile +++ b/etc/profile-m-z/penguin-command.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 9f8e094fb..dcb52c846 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile index 2350f83a2..b007e3ca9 100644 --- a/etc/profile-m-z/picard.profile +++ b/etc/profile-m-z/picard.profile @@ -40,3 +40,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index 904c17e09..2dc49a28d 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile @@ -45,3 +45,5 @@ tracelog private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 440ee7800..3664e1469 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ping-hardened.inc.profile b/etc/profile-m-z/ping-hardened.inc.profile index eda53654a..e3288d2b1 100644 --- a/etc/profile-m-z/ping-hardened.inc.profile +++ b/etc/profile-m-z/ping-hardened.inc.profile @@ -9,3 +9,4 @@ protocol unix,inet,inet6 seccomp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index dcb2134c7..2a7967de7 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile @@ -68,3 +68,4 @@ dbus-user none dbus-system none read-only ${HOME} +#restrict-namespaces diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index 14ac487ab..419dd5d1a 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile index d5a1b1141..e084a7933 100644 --- a/etc/profile-m-z/pinta.profile +++ b/etc/profile-m-z/pinta.profile @@ -38,3 +38,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile index cf79adc6f..dc447def2 100644 --- a/etc/profile-m-z/pioneer.profile +++ b/etc/profile-m-z/pioneer.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pithos.profile b/etc/profile-m-z/pithos.profile index 9db4459e1..714ebd86d 100644 --- a/etc/profile-m-z/pithos.profile +++ b/etc/profile-m-z/pithos.profile @@ -40,3 +40,4 @@ private-bin env,pithos,python* private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile index 773454c53..5ad20aafc 100644 --- a/etc/profile-m-z/pitivi.profile +++ b/etc/profile-m-z/pitivi.profile @@ -39,3 +39,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile index fb426681e..49bd8c318 100644 --- a/etc/profile-m-z/pix.profile +++ b/etc/profile-m-z/pix.profile @@ -34,3 +34,5 @@ private-bin pix private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 2af311269..88173edca 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile @@ -56,3 +56,4 @@ read-only ${HOME} read-only /var/log/apt/history.log read-only /var/log/dnf.rpm.log read-only /var/log/pacman.log +restrict-namespaces diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile index 0e4a06b44..efcdaa661 100644 --- a/etc/profile-m-z/pluma.profile +++ b/etc/profile-m-z/pluma.profile @@ -48,4 +48,5 @@ private-tmp # dbus-user none # dbus-system none +restrict-namespaces join-or-start pluma diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 2140d1a21..62927f9f7 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile @@ -57,3 +57,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.config/PacmanLogViewer read-only /var/log/pacman.log +restrict-namespaces diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index ad30c5703..8e2c39b83 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile index 068fd3412..dd730bf76 100644 --- a/etc/profile-m-z/polari.profile +++ b/etc/profile-m-z/polari.profile @@ -49,3 +49,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index bf5d9a9c3..58528c372 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index 9faa1fcd6..73b377712 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile @@ -35,3 +35,4 @@ private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 13f48b048..ddc6524a5 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile index 8f8b2fff4..af117c3b5 100644 --- a/etc/profile-m-z/psi-plus.profile +++ b/etc/profile-m-z/psi-plus.profile @@ -42,3 +42,5 @@ seccomp !chroot disable-mnt private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index 943b8d3ac..be06c5d89 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile @@ -75,3 +75,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 358cc36da..ba71ab29d 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile @@ -43,3 +43,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,gtk-2.0,hosts,ld.so.cache,ld.so.preload,localtime,pki,pki,PyBitmessage,PyBitmessage.conf,resolv.conf,selinux,sni-qt.conf,ssl,system-fips,Trolltech.conf,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 2a0f4288f..9605da3ac 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile @@ -63,3 +63,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - problems on Arch, see #1690 on GitHub repo +restrict-namespaces diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index f24916630..71374a8c8 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile @@ -64,3 +64,4 @@ read-write ${HOME}/.config/PawelStolowski read-write ${HOME}/.local/share/PawelStolowski #to allow ${HOME}/.local/share/recently-used.xbel read-write ${HOME}/.local/share +restrict-namespaces diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile index 034a2b7c1..8484d3705 100644 --- a/etc/profile-m-z/qemu-launcher.profile +++ b/etc/profile-m-z/qemu-launcher.profile @@ -25,3 +25,4 @@ private-cache private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-m-z/qemu-system-x86_64.profile b/etc/profile-m-z/qemu-system-x86_64.profile index e565e0165..495c469f7 100644 --- a/etc/profile-m-z/qemu-system-x86_64.profile +++ b/etc/profile-m-z/qemu-system-x86_64.profile @@ -24,3 +24,4 @@ private-cache private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 2f8c42548..d4b71f972 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile index d0a14b079..f183f6e0e 100644 --- a/etc/profile-m-z/qlipper.profile +++ b/etc/profile-m-z/qlipper.profile @@ -35,3 +35,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile index a3fd56186..ecd62a7d1 100644 --- a/etc/profile-m-z/qmmp.profile +++ b/etc/profile-m-z/qmmp.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index f6576ae2f..037cc96ec 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile index 17142a47f..4caa0917f 100644 --- a/etc/profile-m-z/qpdfview.profile +++ b/etc/profile-m-z/qpdfview.profile @@ -43,3 +43,5 @@ private-tmp # needs D-Bus when started from a file manager # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index e7566cbe4..09b70756b 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index c0d737f00..f95720d71 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/quassel.profile b/etc/profile-m-z/quassel.profile index c65089e20..4589c9e4a 100644 --- a/etc/profile-m-z/quassel.profile +++ b/etc/profile-m-z/quassel.profile @@ -24,3 +24,5 @@ seccomp !chroot private-cache private-tmp + +# restrict-namespaces diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index 686562646..ad45a26d5 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile index 761eb7215..a59f01f85 100644 --- a/etc/profile-m-z/quiterss.profile +++ b/etc/profile-m-z/quiterss.profile @@ -52,3 +52,4 @@ private-bin quiterss private-dev # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,X11 +restrict-namespaces diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 345e85cdf..ea49684e3 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile @@ -63,3 +63,5 @@ private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf, private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index 3bdfb2cec..b83a0ce2d 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile @@ -48,7 +48,7 @@ notv protocol unix,inet,inet6,netlink # blacklisting of chroot system calls breaks qt webengine seccomp !chroot,!name_to_handle_at -# tracelog +#tracelog disable-mnt private-cache @@ -65,3 +65,5 @@ dbus-user.talk org.freedesktop.Notifications # with the above lines (might depend on the portal implementation). #ignore noroot dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/raincat.profile b/etc/profile-m-z/raincat.profile index 3042d5e3f..e320d82f7 100644 --- a/etc/profile-m-z/raincat.profile +++ b/etc/profile-m-z/raincat.profile @@ -46,3 +46,4 @@ private-tmp dbus-user none dbus-system none +restrict-namespaces diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile index a14d7862b..38a093337 100644 --- a/etc/profile-m-z/rambox.profile +++ b/etc/profile-m-z/rambox.profile @@ -35,4 +35,6 @@ protocol unix,inet,inet6,netlink # electron-based application, needing chroot #seccomp seccomp !chroot -# tracelog +#tracelog + +#restrict-namespaces diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index e738d8cb3..774b46b28 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile index 7ee79d4c5..1295ce00d 100644 --- a/etc/profile-m-z/rednotebook.profile +++ b/etc/profile-m-z/rednotebook.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile index e5564a532..cfc68a697 100644 --- a/etc/profile-m-z/redshift.profile +++ b/etc/profile-m-z/redshift.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 82653c209..571381f57 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile @@ -52,3 +52,4 @@ dbus-system none # never write anything read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index 79630f09c..208f57710 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile @@ -42,3 +42,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/retroarch.profile b/etc/profile-m-z/retroarch.profile index cb5544f5f..91486dc23 100644 --- a/etc/profile-m-z/retroarch.profile +++ b/etc/profile-m-z/retroarch.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index b4eabf7ee..dccd93429 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile @@ -63,3 +63,5 @@ dbus-user.talk org.freedesktop.Notifications dbus-user.talk org.gnome.SettingsDaemon.MediaKeys dbus-system filter dbus-system.talk org.freedesktop.Avahi + +restrict-namespaces diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile index a05c1f310..d5cb77fff 100644 --- a/etc/profile-m-z/ricochet.profile +++ b/etc/profile-m-z/ricochet.profile @@ -39,3 +39,4 @@ private-bin ricochet,tor private-dev #private-etc alternatives,alternatives,ca-certificates,crypto-policies,fonts,pki,ssl,tor,X11 +restrict-namespaces diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile index 5740fcfc4..33878e999 100644 --- a/etc/profile-m-z/ripperx.profile +++ b/etc/profile-m-z/ripperx.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile index 6dcf2121b..4562616d2 100644 --- a/etc/profile-m-z/ristretto.profile +++ b/etc/profile-m-z/ristretto.profile @@ -39,3 +39,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/rpcs3.profile b/etc/profile-m-z/rpcs3.profile index afd9da70a..186e31b46 100644 --- a/etc/profile-m-z/rpcs3.profile +++ b/etc/profile-m-z/rpcs3.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index a3cb0122c..91b18678f 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile @@ -55,3 +55,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/rtin.profile b/etc/profile-m-z/rtin.profile index cd84ce05e..87aa69bcb 100644 --- a/etc/profile-m-z/rtin.profile +++ b/etc/profile-m-z/rtin.profile @@ -5,4 +5,5 @@ # Persistent local customizations include rtin.local +# Redirect include tin.profile diff --git a/etc/profile-m-z/rtorrent.profile b/etc/profile-m-z/rtorrent.profile index 8c52e3161..a1c735645 100644 --- a/etc/profile-m-z/rtorrent.profile +++ b/etc/profile-m-z/rtorrent.profile @@ -31,3 +31,5 @@ private-bin rtorrent private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index c4047ebd4..565925e7a 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile @@ -62,3 +62,5 @@ private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,host dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile index c299dd13a..f7ef54f5c 100644 --- a/etc/profile-m-z/sayonara.profile +++ b/etc/profile-m-z/sayonara.profile @@ -33,3 +33,4 @@ private-bin sayonara private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile index f8f9c681c..8f5c00f4a 100644 --- a/etc/profile-m-z/scallion.profile +++ b/etc/profile-m-z/scallion.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index 838286665..a1a0176b9 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 316bad98a..6dfb50c5a 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile index b9d1e59aa..34cf783fe 100644 --- a/etc/profile-m-z/scribus.profile +++ b/etc/profile-m-z/scribus.profile @@ -61,3 +61,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sdat2img.profile b/etc/profile-m-z/sdat2img.profile index a353bc495..c0f9e8aa5 100644 --- a/etc/profile-m-z/sdat2img.profile +++ b/etc/profile-m-z/sdat2img.profile @@ -41,3 +41,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seafile-applet.profile b/etc/profile-m-z/seafile-applet.profile index 00ae021fd..184a06958 100644 --- a/etc/profile-m-z/seafile-applet.profile +++ b/etc/profile-m-z/seafile-applet.profile @@ -59,3 +59,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 45b12f2c8..7ff252ec7 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index af7abc1d9..0b7232cc4 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile @@ -67,3 +67,5 @@ dbus-user.own org.gnome.seahorse dbus-user.own org.gnome.seahorse.Application dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index 5210a594c..c2dbbc2c6 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile @@ -57,3 +57,5 @@ tracelog disable-mnt # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl writable-run-user + +restrict-namespaces diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 8d8a1dac6..5b71fe6c3 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile @@ -83,6 +83,9 @@ private-dev # private-lib # private-opt none private-tmp +# writable-run-user +# writable-var +# writable-var-log dbus-user none # dbus-system none @@ -90,7 +93,4 @@ dbus-user none # deterministic-shutdown # memory-deny-write-execute # read-only ${HOME} -# restrict-namespaces -# writable-run-user -# writable-var -# writable-var-log +restrict-namespaces diff --git a/etc/profile-m-z/servo.profile b/etc/profile-m-z/servo.profile index 6eeba9eb6..65fef339e 100644 --- a/etc/profile-m-z/servo.profile +++ b/etc/profile-m-z/servo.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index 49c4646ed..cf6b37db6 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index 22cb272c5..cd2a9f13e 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile @@ -47,3 +47,5 @@ private-cache private-dev private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,gconf,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl,X11,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile index e2cbce2f5..ec0380ce7 100644 --- a/etc/profile-m-z/shotcut.profile +++ b/etc/profile-m-z/shotcut.profile @@ -35,3 +35,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index 44898a2e9..d33a97ffc 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile @@ -57,3 +57,5 @@ dbus-user.own org.gnome.Shotwell dbus-user.talk ca.desrt.dconf dbus-user.talk org.gtk.vfs.UDisks2VolumeMonitor dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index b70275d0d..d2b604df5 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile @@ -48,3 +48,5 @@ private-dev # Does not work with all Java configurations. You will notice immediately, so you might want to give it a try #private-etc alternatives,ca-certificates,crypto-policies,dbus-1,host.conf,hostname,hosts,java-10-openjdk,java-7-openjdk,java-8-openjdk,java-9-openjdk,java.conf,machine-id,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/silentarmy.profile b/etc/profile-m-z/silentarmy.profile index 74a51208c..96e4cf283 100644 --- a/etc/profile-m-z/silentarmy.profile +++ b/etc/profile-m-z/silentarmy.profile @@ -37,3 +37,4 @@ private-dev private-opt none private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile index 4d13a3ad3..14846cf58 100644 --- a/etc/profile-m-z/simple-scan.profile +++ b/etc/profile-m-z/simple-scan.profile @@ -38,3 +38,5 @@ tracelog # private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl # private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile index a68de8f40..6ee9ea6ba 100644 --- a/etc/profile-m-z/simplescreenrecorder.profile +++ b/etc/profile-m-z/simplescreenrecorder.profile @@ -36,3 +36,5 @@ tracelog private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index 733ea6413..6ba735556 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile index 1e60fb083..6b73b2289 100644 --- a/etc/profile-m-z/skanlite.profile +++ b/etc/profile-m-z/skanlite.profile @@ -33,3 +33,5 @@ seccomp !ioperm # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile index 8ec692657..3ad182b9e 100644 --- a/etc/profile-m-z/slashem.profile +++ b/etc/profile-m-z/slashem.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +#restrict-namespaces diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile index 00770798e..0ab398ebd 100644 --- a/etc/profile-m-z/smplayer.profile +++ b/etc/profile-m-z/smplayer.profile @@ -52,3 +52,5 @@ private-tmp # problems with KDE # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index a3a519511..b617444af 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile @@ -45,3 +45,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index 9c93845f5..ffed9d44c 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index ff8ba38b4..b4658b7af 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sol.profile b/etc/profile-m-z/sol.profile index 833b905fe..e2be4e9e0 100644 --- a/etc/profile-m-z/sol.profile +++ b/etc/profile-m-z/sol.profile @@ -44,3 +44,4 @@ dbus-user none dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/songrec.profile b/etc/profile-m-z/songrec.profile index 2e26fbb52..9261c1e3f 100644 --- a/etc/profile-m-z/songrec.profile +++ b/etc/profile-m-z/songrec.profile @@ -51,3 +51,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile index f8b87065b..f5ac6c739 100644 --- a/etc/profile-m-z/sound-juicer.profile +++ b/etc/profile-m-z/sound-juicer.profile @@ -40,3 +40,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile index d32ba87fc..843080cc8 100644 --- a/etc/profile-m-z/soundconverter.profile +++ b/etc/profile-m-z/soundconverter.profile @@ -47,3 +47,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 7637eb868..5a1314315 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile @@ -65,3 +65,5 @@ dbus-user.talk org.freedesktop.FileManager1 #dbus-user.talk org.kde.JobViewServer #dbus-user.talk org.kde.kglobalaccel dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index f83fe9a17..4bc23fc04 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile @@ -53,3 +53,5 @@ dbus-user filter # Add the next line to your spectral.local to enable notification support. #dbus-user.talk org.freedesktop.Notifications dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 8c089a5af..d21f49e61 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index bfa3a805a..721e39cd4 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile @@ -53,3 +53,5 @@ private-tmp # dbus needed for MPRIS # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 0808685d1..b6eee5293 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile @@ -49,3 +49,4 @@ private-tmp # dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 35bcdca7c..76755def4 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile @@ -33,3 +33,5 @@ writable-run-user dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index c68b82b54..a7956a76e 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile @@ -51,3 +51,4 @@ dbus-system none deterministic-shutdown memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 7a59274bf..868c724d2 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile @@ -42,3 +42,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostnam dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 5e5a8e9bb..f807afdc7 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile @@ -178,7 +178,8 @@ private-dev private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,dbus-1,drirc,fonts,group,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,lsb-release,machine-id,mime.types,nvidia,os-release,passwd,pki,pulse,resolv.conf,services,ssl,vulkan private-tmp -# dbus-user none -# dbus-system none +#dbus-user none +#dbus-system none read-only ${HOME}/.config/MangoHud +#restrict-namespaces diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile index ecb5201e0..c83ff40f8 100644 --- a/etc/profile-m-z/stellarium.profile +++ b/etc/profile-m-z/stellarium.profile @@ -43,3 +43,4 @@ private-bin stellarium private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index a6723e9de..e9d2ca430 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile @@ -46,3 +46,5 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,host.conf,hostnam private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile index 506a38145..8c14ca51f 100644 --- a/etc/profile-m-z/strings.profile +++ b/etc/profile-m-z/strings.profile @@ -54,3 +54,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index b222b5be2..896d4bc3e 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index b082cc761..1f532d76c 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 7616217ff..b4eb70fcb 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile @@ -60,3 +60,5 @@ private-srv none dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 78432bf43..3508e11b0 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile @@ -36,3 +36,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,ld.so.cache,ld.so.preload,machine-id,passwd,pki,resolv.conf,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/sushi.profile b/etc/profile-m-z/sushi.profile index 46f5348fd..7b6a87b31 100644 --- a/etc/profile-m-z/sushi.profile +++ b/etc/profile-m-z/sushi.profile @@ -45,3 +45,4 @@ read-only /media read-only /run/mount read-only /run/media read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/sway.profile b/etc/profile-m-z/sway.profile index 046d1b4be..f71905150 100644 --- a/etc/profile-m-z/sway.profile +++ b/etc/profile-m-z/sway.profile @@ -17,3 +17,5 @@ netfilter noroot protocol unix,inet,inet6 seccomp + +restrict-namespaces diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile index 4c290aa01..a2bb7d8e5 100644 --- a/etc/profile-m-z/synfigstudio.profile +++ b/etc/profile-m-z/synfigstudio.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index a0a2ec7bc..cef029401 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile @@ -74,3 +74,4 @@ dbus-user.own org.gnome.Sysprof3 dbus-user.talk ca.desrt.dconf # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index 57301a54d..bc8444efd 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile @@ -44,3 +44,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile index 31df5b97c..41da4ee13 100644 --- a/etc/profile-m-z/teamspeak3.profile +++ b/etc/profile-m-z/teamspeak3.profile @@ -39,3 +39,4 @@ disable-mnt private-dev private-tmp +# restrict-namespaces diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile index a253f9a76..f01cc1c74 100644 --- a/etc/profile-m-z/teeworlds.profile +++ b/etc/profile-m-z/teeworlds.profile @@ -43,3 +43,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index bdae44ad0..886d303c8 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile @@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.Notifications dbus-user.talk org.gnome.Mutter.IdleMonitor dbus-user.talk org.freedesktop.ScreenSaver dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile index 527c3c99f..13a47c958 100644 --- a/etc/profile-m-z/telnet.profile +++ b/etc/profile-m-z/telnet.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute noexec ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index 4af30acc0..9249e33c8 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index 3dad84480..f49738f2b 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile @@ -32,3 +32,4 @@ private-cache private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index 0ca9cc1ce..3cbf90660 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile @@ -65,3 +65,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index bb710edc3..a855ff839 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile @@ -42,3 +42,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/tor.profile b/etc/profile-m-z/tor.profile index ba7672068..275b170ff 100644 --- a/etc/profile-m-z/tor.profile +++ b/etc/profile-m-z/tor.profile @@ -48,3 +48,5 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor private-tmp writable-var + +restrict-namespaces diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 9d66c5fa4..fab792826 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile index dfc20fc00..f83a74e9c 100644 --- a/etc/profile-m-z/torcs.profile +++ b/etc/profile-m-z/torcs.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index 9ecc1e5ea..e21d37040 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile @@ -57,3 +57,5 @@ private-tmp # makes settings immutable # dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index 6d7751953..f30b0aef6 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile @@ -36,3 +36,5 @@ tracelog # private-bin tracker # private-dev # private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index 6dcdf64b6..9937b7c11 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 78df412d7..0a9029c97 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index 4bcc0affe..21c09067e 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile @@ -50,3 +50,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index eb3ae356a..63e964355 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile @@ -61,3 +61,4 @@ dbus-user.talk org.freedesktop.secrets dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile index 58f600259..f02532936 100644 --- a/etc/profile-m-z/truecraft.profile +++ b/etc/profile-m-z/truecraft.profile @@ -36,3 +36,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile index 807d43281..ab2b359e4 100644 --- a/etc/profile-m-z/tuxguitar.profile +++ b/etc/profile-m-z/tuxguitar.profile @@ -43,3 +43,5 @@ tracelog private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile index 6c1dcc603..518dc95c7 100644 --- a/etc/profile-m-z/tvbrowser.profile +++ b/etc/profile-m-z/tvbrowser.profile @@ -50,3 +50,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/udiskie.profile b/etc/profile-m-z/udiskie.profile index e9a2745bf..7e3c7ac5a 100644 --- a/etc/profile-m-z/udiskie.profile +++ b/etc/profile-m-z/udiskie.profile @@ -42,3 +42,5 @@ private-cache private-dev private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile index 3629f66f8..3d8f59df6 100644 --- a/etc/profile-m-z/uefitool.profile +++ b/etc/profile-m-z/uefitool.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile index 948f61801..d8840fad3 100644 --- a/etc/profile-m-z/uget-gtk.profile +++ b/etc/profile-m-z/uget-gtk.profile @@ -36,3 +36,5 @@ seccomp private-bin uget-gtk private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index d18c9fe94..63d84688c 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 70c54a6bd..6ec6ea609 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile index 755d087ea..3e2b28dec 100644 --- a/etc/profile-m-z/unknown-horizons.profile +++ b/etc/profile-m-z/unknown-horizons.profile @@ -41,3 +41,4 @@ private-tmp # doesn't work - maybe all Tcl/Tk programs have this problem # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index bb53917cf..f85e52273 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile @@ -46,3 +46,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 7ac23bcb9..29d88832c 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile @@ -44,3 +44,5 @@ private-etc alternatives,ld.so.cache,ld.so.preload dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index dcdae279f..dfda684e3 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile @@ -39,3 +39,5 @@ notv protocol unix,inet,inet6 seccomp tracelog + +restrict-namespaces diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index 6d7fa94e7..cdf615a02 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issues #1803 and #1808) +restrict-namespaces diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile index 65f1e2619..6ec74edd8 100644 --- a/etc/profile-m-z/viking.profile +++ b/etc/profile-m-z/viking.profile @@ -34,3 +34,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile index a6e05a32a..6847f1f5e 100644 --- a/etc/profile-m-z/vim.profile +++ b/etc/profile-m-z/vim.profile @@ -32,3 +32,5 @@ protocol unix,inet,inet6 seccomp private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index b9b40e348..34e580085 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile @@ -53,3 +53,5 @@ dbus-user.talk org.freedesktop.ScreenSaver ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher dbus-user.talk org.mpris.MediaPlayer2.Player dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index 1703c95e1..ba4136413 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile index dbfbcca8a..be1ef153b 100644 --- a/etc/profile-m-z/vym.profile +++ b/etc/profile-m-z/vym.profile @@ -33,3 +33,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index f5744e52c..fab5315aa 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile @@ -68,3 +68,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 6b32a1613..37a8f78bb 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index 0e3b88a02..c7f1d4c50 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 3e2c9b929..50c776412 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile @@ -47,3 +47,5 @@ disable-mnt private-bin bash,dash,sh,warzone2100,which private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index ec6a0d7ab..6e5a63911 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile @@ -42,3 +42,5 @@ seccomp private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile index 057e75372..b42d4c380 100644 --- a/etc/profile-m-z/webui-aria2.profile +++ b/etc/profile-m-z/webui-aria2.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile index 07babd502..b190bf5ff 100644 --- a/etc/profile-m-z/weechat.profile +++ b/etc/profile-m-z/weechat.profile @@ -28,3 +28,5 @@ seccomp # no private-bin support for various reasons: # Plugins loaded: alias, aspell, charset, exec, fifo, guile, irc, # logger, lua, perl, python, relay, ruby, script, tcl, trigger, xferloading plugins + +restrict-namespaces diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile index 345b26a2c..b6f29cfbf 100644 --- a/etc/profile-m-z/wesnoth.profile +++ b/etc/profile-m-z/wesnoth.profile @@ -36,3 +36,5 @@ seccomp private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 1258b6fce..5e1823593 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile @@ -61,3 +61,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 4891af458..d8c72ac8b 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile index 99a3fae8c..30a471fac 100644 --- a/etc/profile-m-z/widelands.profile +++ b/etc/profile-m-z/widelands.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index f30fc971f..1e2b164b9 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile @@ -40,3 +40,5 @@ notv seccomp private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index 0a13c25aa..5823a2ad7 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 8f9c44d7d..ccc2e8dd0 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index 1287faa2c..7f85e1ede 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-m-z/x-terminal-emulator.profile b/etc/profile-m-z/x-terminal-emulator.profile index 141d167a8..4b88e8118 100644 --- a/etc/profile-m-z/x-terminal-emulator.profile +++ b/etc/profile-m-z/x-terminal-emulator.profile @@ -21,3 +21,4 @@ dbus-user none dbus-system none noexec /tmp +restrict-namespaces diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index b8bbba072..6dd374aac 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 72e6d04a0..1b44b63e0 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-m-z/xcalc.profile b/etc/profile-m-z/xcalc.profile index fef5613ad..3d808ce1f 100644 --- a/etc/profile-m-z/xcalc.profile +++ b/etc/profile-m-z/xcalc.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile index a94444aab..4061e26a4 100644 --- a/etc/profile-m-z/xchat.profile +++ b/etc/profile-m-z/xchat.profile @@ -21,3 +21,5 @@ protocol unix,inet,inet6 seccomp # private-bin requires perl, python*, etc. + +restrict-namespaces diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile index f117e96ab..dda803bd5 100644 --- a/etc/profile-m-z/xed.profile +++ b/etc/profile-m-z/xed.profile @@ -51,3 +51,4 @@ private-tmp # xed uses python plugins, memory-deny-write-execute breaks python # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile index 930d2755b..141fda909 100644 --- a/etc/profile-m-z/xfburn.profile +++ b/etc/profile-m-z/xfburn.profile @@ -28,3 +28,5 @@ tracelog # private-bin xfburn # private-dev # private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile index 7afe69814..633a9967c 100644 --- a/etc/profile-m-z/xfce4-dict.profile +++ b/etc/profile-m-z/xfce4-dict.profile @@ -37,3 +37,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 006e1859b..95eb2046e 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile @@ -54,3 +54,4 @@ dbus-user.talk org.xfce.Xfconf dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile index 4ab8f34f4..f7d890eef 100644 --- a/etc/profile-m-z/xfce4-notes.profile +++ b/etc/profile-m-z/xfce4-notes.profile @@ -39,3 +39,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index ca4d77d73..575acc9b2 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none # memory-deny-write-execute -- see #3790 +restrict-namespaces diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index c755632ca..371db722c 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile @@ -48,3 +48,5 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssli,sword,sword.conf private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile index e255ad927..ef8fd1d7f 100644 --- a/etc/profile-m-z/xmms.profile +++ b/etc/profile-m-z/xmms.profile @@ -29,3 +29,5 @@ seccomp private-bin xmms private-dev + +restrict-namespaces diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index 64b6bcaeb..ad1ba8ca3 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile @@ -43,3 +43,4 @@ private-opt cuda private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 3c5ef1ac0..9128c330b 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile @@ -53,3 +53,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.xonotic +restrict-namespaces diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index 71942edab..a17464a2a 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile index 33803a741..fdfb3bf59 100644 --- a/etc/profile-m-z/xpdf.profile +++ b/etc/profile-m-z/xpdf.profile @@ -42,3 +42,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index 1087d7cd0..a673d6aa3 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile @@ -47,3 +47,5 @@ private-tmp # makes settings immutable # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile index c10ea4a63..05c12b9a2 100644 --- a/etc/profile-m-z/xpra.profile +++ b/etc/profile-m-z/xpra.profile @@ -51,3 +51,5 @@ disable-mnt private-dev # private-etc alternatives,gai.conf,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,machine-id,nsswitch.conf,resolv.conf,X11,xpra private-tmp + +restrict-namespaces diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index ec966fc5c..ff5dc619b 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile @@ -42,3 +42,4 @@ private-etc alternatives,fonts,ld.so.cache,ld.so.preload private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile index e7fa7051e..6c31df4a9 100644 --- a/etc/profile-m-z/xviewer.profile +++ b/etc/profile-m-z/xviewer.profile @@ -46,3 +46,4 @@ private-tmp # dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index ae0ccced6..6ea7fdfbd 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile @@ -74,3 +74,5 @@ read-write ${HOME}/.cache # your yelp.local if you need PDF printing support. #noblacklist ${DOCUMENTS} #whitelist ${DOCUMENTS} + +restrict-namespaces diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index 48e18060f..c846893ef 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 19e176877..4f2cc9523 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile @@ -64,3 +64,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 28c219377..f66e2938b 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile @@ -67,3 +67,5 @@ dbus-user filter dbus-user.talk org.mozilla.* dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile index 0caca9792..96324ebda 100644 --- a/etc/profile-m-z/zaproxy.profile +++ b/etc/profile-m-z/zaproxy.profile @@ -44,3 +44,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile index cd94a3fbd..5816ea5e3 100644 --- a/etc/profile-m-z/zart.profile +++ b/etc/profile-m-z/zart.profile @@ -35,3 +35,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index 12b090d35..1daf89c84 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile @@ -59,3 +59,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.config/zathura read-write ${HOME}/.local/share/zathura +restrict-namespaces diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 84f6d52dd..453f40e73 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile @@ -69,3 +69,4 @@ dbus-user.talk org.mozilla.* dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile index 7350ed5a6..a9e5aa5c3 100644 --- a/etc/profile-m-z/zim.profile +++ b/etc/profile-m-z/zim.profile @@ -68,3 +68,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index 5f7d83a7c..b69de3be1 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile @@ -45,3 +45,5 @@ private-cache private-dev private-etc alternatives,asound.conf,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp + +restrict-namespaces -- cgit v1.2.3-70-g09d2