From e4f0f91ebdafaa3d9e073ee90f2aea5692ec5045 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Tue, 20 Dec 2022 01:04:13 +0100 Subject: add restrict-namespaces to (almost) all profiles --- etc/profile-a-l/0ad.profile | 2 ++ etc/profile-a-l/2048-qt.profile | 2 ++ etc/profile-a-l/Cryptocat.profile | 2 ++ etc/profile-a-l/Fritzing.profile | 1 + etc/profile-a-l/JDownloader.profile | 2 ++ etc/profile-a-l/abiword.profile | 2 ++ etc/profile-a-l/agetpkg.profile | 1 + etc/profile-a-l/akonadi_control.profile | 1 + etc/profile-a-l/akregator.profile | 1 + etc/profile-a-l/alacarte.profile | 1 + etc/profile-a-l/alienarena.profile | 2 ++ etc/profile-a-l/alpine.profile | 1 + etc/profile-a-l/amarok.profile | 2 ++ etc/profile-a-l/amule.profile | 1 + etc/profile-a-l/android-studio.profile | 1 + etc/profile-a-l/anki.profile | 2 ++ etc/profile-a-l/anydesk.profile | 2 ++ etc/profile-a-l/aosp.profile | 2 ++ etc/profile-a-l/apktool.profile | 2 ++ etc/profile-a-l/apostrophe.profile | 2 ++ etc/profile-a-l/arch-audit.profile | 1 + etc/profile-a-l/archaudit-report.profile | 1 + etc/profile-a-l/archiver-common.profile | 1 + etc/profile-a-l/ardour5.profile | 2 ++ etc/profile-a-l/arduino.profile | 1 + etc/profile-a-l/aria2c.profile | 1 + etc/profile-a-l/ark.profile | 2 ++ etc/profile-a-l/arm.profile | 1 + etc/profile-a-l/artha.profile | 1 + etc/profile-a-l/assogiate.profile | 1 + etc/profile-a-l/asunder.profile | 1 + etc/profile-a-l/atril.profile | 1 + etc/profile-a-l/audacious.profile | 2 ++ etc/profile-a-l/audacity.profile | 2 ++ etc/profile-a-l/audio-recorder.profile | 1 + etc/profile-a-l/authenticator-rs.profile | 2 ++ etc/profile-a-l/authenticator.profile | 1 + etc/profile-a-l/autokey-common.profile | 1 + etc/profile-a-l/avidemux.profile | 2 ++ etc/profile-a-l/aweather.profile | 2 ++ etc/profile-a-l/awesome.profile | 1 + etc/profile-a-l/ballbuster.profile | 2 ++ etc/profile-a-l/baloo_file.profile | 2 ++ etc/profile-a-l/balsa.profile | 1 + etc/profile-a-l/baobab.profile | 1 + etc/profile-a-l/barrier.profile | 1 + etc/profile-a-l/basilisk.profile | 3 +++ etc/profile-a-l/bcompare.profile | 2 ++ etc/profile-a-l/bibletime.profile | 2 ++ etc/profile-a-l/bijiben.profile | 1 + etc/profile-a-l/bitcoin-qt.profile | 1 + etc/profile-a-l/bitlbee.profile | 1 + etc/profile-a-l/blackbox.profile | 1 + etc/profile-a-l/bleachbit.profile | 1 + etc/profile-a-l/blender.profile | 2 ++ etc/profile-a-l/bless.profile | 2 ++ etc/profile-a-l/blobby.profile | 1 + etc/profile-a-l/blobwars.profile | 2 ++ etc/profile-a-l/bluefish.profile | 2 ++ etc/profile-a-l/brackets.profile | 2 ++ etc/profile-a-l/brasero.profile | 2 ++ etc/profile-a-l/build-systems-common.profile | 2 ++ etc/profile-a-l/bzflag.profile | 2 ++ etc/profile-a-l/calibre.profile | 2 ++ etc/profile-a-l/calligra.profile | 1 + etc/profile-a-l/cameramonitor.profile | 1 + etc/profile-a-l/cantata.profile | 2 ++ etc/profile-a-l/catfish.profile | 2 ++ etc/profile-a-l/cawbird.profile | 2 ++ etc/profile-a-l/celluloid.profile | 1 + etc/profile-a-l/chafa.profile | 1 + etc/profile-a-l/checkbashisms.profile | 1 + etc/profile-a-l/cheese.profile | 2 ++ etc/profile-a-l/cherrytree.profile | 1 + etc/profile-a-l/chromium-common-hardened.inc.profile | 2 ++ etc/profile-a-l/cin.profile | 2 ++ etc/profile-a-l/clamav.profile | 1 + etc/profile-a-l/clamtk.profile | 2 ++ etc/profile-a-l/clawsker.profile | 1 + etc/profile-a-l/clementine.profile | 2 ++ etc/profile-a-l/clion.profile | 1 + etc/profile-a-l/clipgrab.profile | 2 ++ etc/profile-a-l/clipit.profile | 2 +- etc/profile-a-l/cmus.profile | 2 ++ etc/profile-a-l/cointop.profile | 1 + etc/profile-a-l/colorful.profile | 2 ++ etc/profile-a-l/com.github.bleakgrey.tootle.profile | 2 ++ etc/profile-a-l/com.github.dahenson.agenda.profile | 1 + etc/profile-a-l/com.github.johnfactotum.Foliate.profile | 1 + etc/profile-a-l/com.github.phase1geo.minder.profile | 2 ++ etc/profile-a-l/com.github.tchx84.Flatseal.profile | 1 + etc/profile-a-l/conkeror.profile | 2 ++ etc/profile-a-l/conky.profile | 1 + etc/profile-a-l/corebird.profile | 1 + etc/profile-a-l/cower.profile | 1 + etc/profile-a-l/coyim.profile | 1 + etc/profile-a-l/crawl.profile | 2 ++ etc/profile-a-l/crow.profile | 1 + etc/profile-a-l/curl.profile | 2 ++ etc/profile-a-l/d-feet.profile | 1 + etc/profile-a-l/darktable.profile | 1 + etc/profile-a-l/dbus-send.profile | 1 + etc/profile-a-l/dconf-editor.profile | 2 ++ etc/profile-a-l/dconf.profile | 1 + etc/profile-a-l/ddgtk.profile | 1 + etc/profile-a-l/deadbeef.profile | 1 + etc/profile-a-l/default.profile | 2 +- etc/profile-a-l/deluge.profile | 2 ++ etc/profile-a-l/desktopeditors.profile | 2 ++ etc/profile-a-l/devhelp.profile | 1 + etc/profile-a-l/devilspie.profile | 1 + etc/profile-a-l/dex2jar.profile | 2 ++ etc/profile-a-l/dia.profile | 2 ++ etc/profile-a-l/dig.profile | 1 + etc/profile-a-l/digikam.profile | 2 ++ etc/profile-a-l/dillo.profile | 1 + etc/profile-a-l/dino.profile | 2 ++ etc/profile-a-l/display.profile | 2 ++ etc/profile-a-l/dnscrypt-proxy.profile | 1 + etc/profile-a-l/dnsmasq.profile | 2 ++ etc/profile-a-l/dolphin-emu.profile | 2 ++ etc/profile-a-l/dooble.profile | 1 + etc/profile-a-l/dosbox.profile | 2 ++ etc/profile-a-l/dragon.profile | 1 + etc/profile-a-l/drawio.profile | 1 + etc/profile-a-l/drill.profile | 1 + etc/profile-a-l/dropbox.profile | 1 + etc/profile-a-l/easystroke.profile | 1 + etc/profile-a-l/electrum.profile | 2 ++ etc/profile-a-l/emacs.profile | 1 + etc/profile-a-l/email-common.profile | 1 + etc/profile-a-l/empathy.profile | 2 ++ etc/profile-a-l/enchant.profile | 1 + etc/profile-a-l/engrampa.profile | 2 ++ etc/profile-a-l/enpass.profile | 1 + etc/profile-a-l/eo-common.profile | 2 ++ etc/profile-a-l/ephemeral.profile | 2 ++ etc/profile-a-l/epiphany.profile | 2 ++ etc/profile-a-l/equalx.profile | 1 + etc/profile-a-l/etr.profile | 2 ++ etc/profile-a-l/evince.profile | 2 ++ etc/profile-a-l/evolution.profile | 2 ++ etc/profile-a-l/exiftool.profile | 1 + etc/profile-a-l/falkon.profile | 2 ++ etc/profile-a-l/fbreader.profile | 2 ++ etc/profile-a-l/fdns.profile | 1 + etc/profile-a-l/feedreader.profile | 2 ++ etc/profile-a-l/feh.profile | 2 ++ etc/profile-a-l/ferdi.profile | 2 ++ etc/profile-a-l/fetchmail.profile | 2 ++ etc/profile-a-l/ffmpeg.profile | 1 + etc/profile-a-l/file-manager-common.profile | 2 ++ etc/profile-a-l/file-roller.profile | 2 ++ etc/profile-a-l/file.profile | 1 + etc/profile-a-l/filezilla.profile | 2 ++ etc/profile-a-l/firefox-common.profile | 2 ++ etc/profile-a-l/flameshot.profile | 2 ++ etc/profile-a-l/flowblade.profile | 1 + etc/profile-a-l/fluxbox.profile | 1 + etc/profile-a-l/font-manager.profile | 1 + etc/profile-a-l/fontforge.profile | 1 + etc/profile-a-l/fractal.profile | 2 ++ etc/profile-a-l/franz.profile | 2 ++ etc/profile-a-l/freecad.profile | 2 ++ etc/profile-a-l/freeciv.profile | 2 ++ etc/profile-a-l/freecol.profile | 2 ++ etc/profile-a-l/freemind.profile | 2 ++ etc/profile-a-l/freshclam.profile | 1 + etc/profile-a-l/frogatto.profile | 2 ++ etc/profile-a-l/frozen-bubble.profile | 2 ++ etc/profile-a-l/ftp.profile | 1 + etc/profile-a-l/funnyboat.profile | 1 + etc/profile-a-l/gajim.profile | 1 + etc/profile-a-l/galculator.profile | 1 + etc/profile-a-l/gapplication.profile | 1 + etc/profile-a-l/gcloud.profile | 2 ++ etc/profile-a-l/gconf.profile | 1 + etc/profile-a-l/gdu.profile | 1 + etc/profile-a-l/geany.profile | 2 ++ etc/profile-a-l/geary.profile | 1 + etc/profile-a-l/gedit.profile | 2 ++ etc/profile-a-l/geekbench.profile | 1 + etc/profile-a-l/geeqie.profile | 2 ++ etc/profile-a-l/gfeeds.profile | 2 ++ etc/profile-a-l/gget.profile | 1 + etc/profile-a-l/ghostwriter.profile | 2 ++ etc/profile-a-l/gimp.profile | 2 ++ etc/profile-a-l/gist.profile | 1 + etc/profile-a-l/git-cola.profile | 2 ++ etc/profile-a-l/git.profile | 1 + etc/profile-a-l/gitg.profile | 2 ++ etc/profile-a-l/gitter.profile | 1 + etc/profile-a-l/gjs.profile | 2 ++ etc/profile-a-l/gl-117.profile | 2 ++ etc/profile-a-l/glaxium.profile | 2 ++ etc/profile-a-l/globaltime.profile | 1 + etc/profile-a-l/gmpc.profile | 1 + etc/profile-a-l/gnome-books.profile | 1 + etc/profile-a-l/gnome-builder.profile | 1 + etc/profile-a-l/gnome-calculator.profile | 2 ++ etc/profile-a-l/gnome-calendar.profile | 1 + etc/profile-a-l/gnome-characters.profile | 1 + etc/profile-a-l/gnome-chess.profile | 2 ++ etc/profile-a-l/gnome-clocks.profile | 1 + etc/profile-a-l/gnome-contacts.profile | 1 + etc/profile-a-l/gnome-documents.profile | 1 + etc/profile-a-l/gnome-font-viewer.profile | 1 + etc/profile-a-l/gnome-hexgl.profile | 1 + etc/profile-a-l/gnome-keyring.profile | 1 + etc/profile-a-l/gnome-latex.profile | 2 ++ etc/profile-a-l/gnome-logs.profile | 1 + etc/profile-a-l/gnome-maps.profile | 2 ++ etc/profile-a-l/gnome-mplayer.profile | 1 + etc/profile-a-l/gnome-music.profile | 1 + etc/profile-a-l/gnome-nettool.profile | 2 ++ etc/profile-a-l/gnome-passwordsafe.profile | 2 ++ etc/profile-a-l/gnome-photos.profile | 1 + etc/profile-a-l/gnome-pie.profile | 1 + etc/profile-a-l/gnome-pomodoro.profile | 1 + etc/profile-a-l/gnome-recipes.profile | 1 + etc/profile-a-l/gnome-ring.profile | 1 + etc/profile-a-l/gnome-schedule.profile | 1 - etc/profile-a-l/gnome-screenshot.profile | 2 ++ etc/profile-a-l/gnome-sound-recorder.profile | 2 ++ etc/profile-a-l/gnome-system-log.profile | 1 + etc/profile-a-l/gnome-todo.profile | 1 + etc/profile-a-l/gnome-twitch.profile | 1 + etc/profile-a-l/gnome-weather.profile | 1 + etc/profile-a-l/gnome_games-common.profile | 2 ++ etc/profile-a-l/gnote.profile | 2 ++ etc/profile-a-l/gnubik.profile | 2 ++ etc/profile-a-l/godot.profile | 2 ++ etc/profile-a-l/goldendict.profile | 2 ++ etc/profile-a-l/goobox.profile | 2 ++ etc/profile-a-l/google-earth.profile | 1 + etc/profile-a-l/google-play-music-desktop-player.profile | 2 ++ etc/profile-a-l/googler-common.profile | 2 ++ etc/profile-a-l/gpa.profile | 2 ++ etc/profile-a-l/gpg-agent.profile | 2 ++ etc/profile-a-l/gpg.profile | 1 + etc/profile-a-l/gpicview.profile | 1 + etc/profile-a-l/gpredict.profile | 1 + etc/profile-a-l/gradio.profile | 2 ++ etc/profile-a-l/gramps.profile | 2 ++ etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | 2 ++ etc/profile-a-l/gthumb.profile | 2 ++ etc/profile-a-l/gtk-update-icon-cache.profile | 1 + etc/profile-a-l/guayadeque.profile | 1 + etc/profile-a-l/gucharmap.profile | 1 + etc/profile-a-l/guvcview.profile | 2 ++ etc/profile-a-l/gwenview.profile | 1 + etc/profile-a-l/handbrake.profile | 2 ++ etc/profile-a-l/hashcat.profile | 2 ++ etc/profile-a-l/hasher-common.profile | 1 + etc/profile-a-l/hedgewars.profile | 2 ++ etc/profile-a-l/hexchat.profile | 1 + etc/profile-a-l/highlight.profile | 2 ++ etc/profile-a-l/homebank.profile | 1 + etc/profile-a-l/host.profile | 1 + etc/profile-a-l/hugin.profile | 2 ++ etc/profile-a-l/hyperrogue.profile | 2 ++ etc/profile-a-l/i2prouter.profile | 2 ++ etc/profile-a-l/i3.profile | 1 + etc/profile-a-l/iagno.profile | 2 ++ etc/profile-a-l/idea.sh.profile | 1 + etc/profile-a-l/imagej.profile | 2 ++ etc/profile-a-l/img2txt.profile | 1 + etc/profile-a-l/impressive.profile | 1 + etc/profile-a-l/imv.profile | 1 + etc/profile-a-l/inkscape.profile | 1 + etc/profile-a-l/io.github.lainsce.Notejot.profile | 2 ++ etc/profile-a-l/ipcalc.profile | 1 + etc/profile-a-l/itch.profile | 1 + etc/profile-a-l/jami-gnome.profile | 1 + etc/profile-a-l/jd-gui.profile | 2 ++ etc/profile-a-l/jerry.profile | 1 + etc/profile-a-l/jitsi.profile | 2 ++ etc/profile-a-l/jumpnbump.profile | 2 ++ etc/profile-a-l/k3b.profile | 2 ++ etc/profile-a-l/kaffeine.profile | 1 + etc/profile-a-l/kalgebra.profile | 2 ++ etc/profile-a-l/kate.profile | 1 + etc/profile-a-l/kazam.profile | 2 ++ etc/profile-a-l/kcalc.profile | 1 + etc/profile-a-l/kdeinit4.profile | 1 + etc/profile-a-l/kdenlive.profile | 2 ++ etc/profile-a-l/kdiff3.profile | 2 ++ etc/profile-a-l/keepass.profile | 1 + etc/profile-a-l/keepassx.profile | 1 + etc/profile-a-l/keepassxc.profile | 2 ++ etc/profile-a-l/kfind.profile | 2 ++ etc/profile-a-l/kget.profile | 1 + etc/profile-a-l/kid3.profile | 1 + etc/profile-a-l/kino.profile | 1 + etc/profile-a-l/kiwix-desktop.profile | 2 ++ etc/profile-a-l/klatexformula.profile | 2 ++ etc/profile-a-l/klavaro.profile | 2 ++ etc/profile-a-l/kmail.profile | 2 ++ etc/profile-a-l/kmplayer.profile | 1 + etc/profile-a-l/kodi.profile | 2 ++ etc/profile-a-l/konversation.profile | 1 + etc/profile-a-l/kopete.profile | 1 + etc/profile-a-l/krita.profile | 2 ++ etc/profile-a-l/krunner.profile | 2 ++ etc/profile-a-l/ktorrent.profile | 1 + etc/profile-a-l/ktouch.profile | 2 ++ etc/profile-a-l/kube.profile | 1 + etc/profile-a-l/kwin_x11.profile | 2 ++ etc/profile-a-l/kwrite.profile | 1 + etc/profile-a-l/latex-common.profile | 2 ++ etc/profile-a-l/leafpad.profile | 1 + etc/profile-a-l/less.profile | 1 + etc/profile-a-l/librecad.profile | 1 + etc/profile-a-l/libreoffice.profile | 1 + etc/profile-a-l/lifeograph.profile | 2 ++ etc/profile-a-l/liferea.profile | 2 ++ etc/profile-a-l/lincity-ng.profile | 2 ++ etc/profile-a-l/links-common.profile | 1 + etc/profile-a-l/linphone.profile | 1 + etc/profile-a-l/lmms.profile | 2 ++ etc/profile-a-l/lollypop.profile | 1 + etc/profile-a-l/lugaru.profile | 2 ++ etc/profile-a-l/luminance-hdr.profile | 1 + etc/profile-a-l/lutris.profile | 2 ++ etc/profile-a-l/lximage-qt.profile | 1 + etc/profile-a-l/lxmusic.profile | 1 + etc/profile-a-l/lynx.profile | 2 ++ 327 files changed, 487 insertions(+), 3 deletions(-) (limited to 'etc/profile-a-l') diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 04f58abb9..48a2afdf2 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 7913fdea9..1cd207996 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile @@ -40,3 +40,5 @@ seccomp disable-mnt private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index af026fc86..4a850f1bd 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile @@ -28,3 +28,5 @@ seccomp private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 09149350d..462bfa517 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile @@ -36,3 +36,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index 8d56c0d95..b229c151d 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index ce3d0630f..eb7a5254f 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile @@ -46,3 +46,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index ee9420d62..96c56d85d 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 2f58d9146..184036f24 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile @@ -55,3 +55,4 @@ tracelog private-dev # private-tmp - breaks programs that depend on akonadi +# restrict-namespaces diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 8e6935fb8..d88a1fcad 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile @@ -49,3 +49,4 @@ private-dev private-tmp deterministic-shutdown +# restrict-namespaces diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 5dc306147..9612ffdd2 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile @@ -62,3 +62,4 @@ read-write ${HOME}/.config/menus read-write ${HOME}/.gnome/apps read-write ${HOME}/.local/share/applications read-write ${HOME}/.local/share/flatpak/exports +restrict-namespaces diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index ee6be4bc9..0f7407f05 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index e00aef423..4e994c025 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile @@ -100,3 +100,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME}/.signature +restrict-namespaces diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index 7211f0cf7..3171d738e 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile @@ -44,3 +44,5 @@ dbus-user.talk org.freedesktop.Notifications #dbus-user.own org.kde.klauncher #dbus-user.talk org.kde.knotify dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index bce22fbfd..ccf7231bd 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile @@ -40,3 +40,4 @@ private-bin amule private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index add75c849..3dfa0f95a 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile @@ -40,3 +40,4 @@ private-cache # noexec /tmp breaks 'Android Profiler' #noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index 45d000012..466f60bda 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fd92f63db..4c2dcf0e6 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile @@ -33,3 +33,5 @@ disable-mnt private-bin anydesk private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index 0d3131f8c..80ee71831 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile @@ -40,3 +40,5 @@ protocol unix,inet,inet6 #seccomp private-tmp + +#restrict-namespaces diff --git a/etc/profile-a-l/apktool.profile b/etc/profile-a-l/apktool.profile index e03ff3084..9f1940a4d 100644 --- a/etc/profile-a-l/apktool.profile +++ b/etc/profile-a-l/apktool.profile @@ -35,3 +35,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index ca4dec918..dab91fe7d 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile @@ -69,3 +69,5 @@ dbus-user filter dbus-user.own org.gnome.gitlab.somas.Apostrophe dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index 7db947be8..766c2c96d 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 6ad75d68c..3e3f77576 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile @@ -36,3 +36,4 @@ private-bin arch-audit,archaudit-report,bash,cat,comm,cut,date,fold,grep,pacman, private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index b82563099..b0f83aa32 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index c93cecf9f..341fe1ed8 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index bb0bc3513..85ea76939 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile @@ -33,3 +33,4 @@ seccomp private-cache private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index f108a6291..17eb2451c 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 53697a367..272e06219 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile @@ -44,3 +44,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 556a354e7..db388eee1 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile @@ -45,3 +45,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,ld.so.cache,ld.so.preload,passwd,pki,ssl,tor private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index b83b6bb10..b1347b0d9 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile @@ -65,3 +65,4 @@ dbus-user.talk org.freedesktop.Notifications dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 26eddf1b6..f28f77748 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute read-write ${HOME}/.local/share/mime +restrict-namespaces diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index 445aa3985..c09ad7936 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile @@ -45,3 +45,4 @@ dbus-system none # mdwe is disabled due to breaking hardware accelerated decoding # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 8ec6f433e..f24aff108 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile @@ -49,3 +49,4 @@ private-tmp # webkit gtk killed by memory-deny-write-execute #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index fe23049f4..b31f3f1b2 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile @@ -42,3 +42,5 @@ private-tmp # dbus needed for MPRIS # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index 2831fec72..078e3bf26 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile @@ -44,3 +44,5 @@ private-tmp # problems on Fedora 27 # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 6c8a90c0b..74dba7411 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile @@ -51,3 +51,4 @@ dbus-user.talk ca.desrt.dconf dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 8e898b5ee..73a2e1806 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile @@ -52,3 +52,5 @@ private-tmp dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 5f26a39f5..02c1d8768 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile @@ -46,3 +46,4 @@ private-tmp # dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index ee63f0ead..834eac11a 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile @@ -39,3 +39,4 @@ private-dev private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 4cb556f6e..8707dca5b 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index 0a80a2203..e2646095c 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile @@ -37,3 +37,5 @@ tracelog private-bin aweather private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 5d1bf5071..ee9280fe8 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile @@ -17,3 +17,4 @@ protocol unix,inet,inet6 seccomp read-only ${HOME}/.config/awesome/autorun.sh +restrict-namespaces diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 05637d247..b60b5715c 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index 24bb53981..084b7c702 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile @@ -52,3 +52,5 @@ private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kb private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index c78caad77..661356ff6 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile @@ -79,3 +79,4 @@ dbus-user.talk org.gnome.keyring.SystemPrompter dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-a-l/baobab.profile b/etc/profile-a-l/baobab.profile index 40f50e991..31ef66a58 100644 --- a/etc/profile-a-l/baobab.profile +++ b/etc/profile-a-l/baobab.profile @@ -41,3 +41,4 @@ private-tmp # dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index dbd3d38f1..a78d202a2 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile @@ -42,3 +42,4 @@ private-cache private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 8dc3847a0..a962bfe02 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile @@ -22,5 +22,8 @@ ignore seccomp #private-etc basilisk #private-opt basilisk +restrict-namespaces +ignore restrict-namespaces + # Redirect include firefox-common.profile diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index b43c670b6..d566b94e8 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index bc1cb18ac..85a1a58c7 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile @@ -56,3 +56,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index e6675e0d3..b6b52601e 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile @@ -60,3 +60,4 @@ dbus-user.talk org.freedesktop.Tracker1 dbus-system none env WEBKIT_FORCE_SANDBOX=0 +restrict-namespaces diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 390d002ed..9fc01a2fd 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile @@ -47,3 +47,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index 773fa7500..988a1479e 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile @@ -38,3 +38,4 @@ private-dev private-tmp read-write /var/lib/bitlbee +restrict-namespaces diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 233f9a96f..753254ffc 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile @@ -16,3 +16,4 @@ noroot protocol unix,inet,inet6 seccomp +restrict-namespaces diff --git a/etc/profile-a-l/bleachbit.profile b/etc/profile-a-l/bleachbit.profile index a352ab8d8..45ae345c3 100644 --- a/etc/profile-a-l/bleachbit.profile +++ b/etc/profile-a-l/bleachbit.profile @@ -40,3 +40,4 @@ dbus-system none # memory-deny-write-execute breaks some systems, see issue #1850 # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 8ee852ab5..cd8fac61f 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile @@ -37,3 +37,5 @@ protocol unix,inet,inet6,netlink seccomp !mbind private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 0e38889c0..9badb4357 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile @@ -39,3 +39,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 3bd8c79d0..6e7a87e5f 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 9dfbd8f8e..e6926ee29 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/bluefish.profile b/etc/profile-a-l/bluefish.profile index ac949d561..d24f76262 100644 --- a/etc/profile-a-l/bluefish.profile +++ b/etc/profile-a-l/bluefish.profile @@ -37,3 +37,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0ab28fffe..a483c2b0a 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile @@ -31,3 +31,5 @@ seccomp !chroot,!ioperm private-cache private-dev + +# restrict-namespaces diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index f80ad9f20..12d7062ab 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile @@ -33,3 +33,5 @@ tracelog private-cache # private-dev # private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile index bd6719b62..cf5f462ae 100644 --- a/etc/profile-a-l/build-systems-common.profile +++ b/etc/profile-a-l/build-systems-common.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index 5bfe3751b..b28f982fc 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index acfc1ba0a..b347941d7 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile @@ -35,3 +35,5 @@ seccomp !chroot private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index 6fccf2122..c2972f902 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile @@ -37,3 +37,4 @@ private-dev # noexec ${HOME} noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index fb3a6df7e..b2248ad06 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile @@ -52,3 +52,4 @@ private-tmp # dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index f2d9c282d..7cb56efee 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile @@ -37,3 +37,5 @@ seccomp # private-etc alternatives,drirc,fonts,gcrypt,hosts,kde5rc,mpd.conf,passwd,samba,ssl,xdg private-bin cantata,mpd,perl private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index d076c3ca0..e2df341e9 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile @@ -46,3 +46,5 @@ tracelog dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index e9affe09e..e4e32b265 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile @@ -43,3 +43,5 @@ private-tmp # dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 48522c002..0c4335e8f 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile @@ -64,3 +64,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.config/celluloid +restrict-namespaces diff --git a/etc/profile-a-l/chafa.profile b/etc/profile-a-l/chafa.profile index b042ac189..72f79681d 100644 --- a/etc/profile-a-l/chafa.profile +++ b/etc/profile-a-l/chafa.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 835b884ad..3baa80d50 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index 1e498259c..8aed77c04 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile @@ -58,3 +58,5 @@ dbus-user filter dbus-user.own org.gnome.Cheese dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index fe0c7cfe8..528d6203e 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile @@ -40,3 +40,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 19addd285..c3944bd65 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile @@ -7,3 +7,5 @@ nonewprivs noroot protocol unix,inet,inet6,netlink seccomp !chroot + +#restrict-namespaces diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index 3e62d7ba2..0930c9361 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile @@ -34,3 +34,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index f5f665215..ddd0eb1f9 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile @@ -37,3 +37,4 @@ dbus-system none read-only ${HOME} memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/clamtk.profile b/etc/profile-a-l/clamtk.profile index 842416171..9fc73ee55 100644 --- a/etc/profile-a-l/clamtk.profile +++ b/etc/profile-a-l/clamtk.profile @@ -27,3 +27,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 268cf01b4..4f4e8e7bf 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index b1509f391..ee01fa653 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile @@ -38,3 +38,5 @@ private-tmp dbus-system none # dbus-user none + +restrict-namespaces diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index a8d57d63d..652809f1b 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile @@ -40,3 +40,4 @@ private-dev # private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index 4086f46ba..3f3748e1a 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile @@ -48,3 +48,5 @@ private-tmp # 'dbus-user none' breaks tray menu - add 'dbus-user none' to your clipgrab.local if you don't need it. # dbus-user none # dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index 0356547cd..504bce0b1 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile @@ -59,5 +59,5 @@ dbus-user none dbus-system none #memory-deny-write-execute -restrict-namespaces read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index fa5693901..ad6332f78 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile @@ -27,3 +27,5 @@ seccomp private-bin cmus private-etc alternatives,asound.conf,ca-certificates,crypto-policies,group,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl + +restrict-namespaces diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile index b4f73458c..c341c4ea2 100644 --- a/etc/profile-a-l/cointop.profile +++ b/etc/profile-a-l/cointop.profile @@ -60,3 +60,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index 79ab5e7b1..442d50259 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 7024ddb28..990b6bc5a 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile @@ -52,3 +52,5 @@ private-tmp # dbus-user.own com.github.bleakgrey.tootle # dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index 05768977d..5f2a1c3e6 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile @@ -63,3 +63,4 @@ read-only ${HOME} read-write ${HOME}/.cache/agenda read-write ${HOME}/.config/agenda read-write ${HOME}/.local/share/agenda +restrict-namespaces diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index 06c6e5f84..21f37494b 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile @@ -60,3 +60,4 @@ private-tmp read-only ${HOME} read-write ${HOME}/.cache/com.github.johnfactotum.Foliate read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate +restrict-namespaces diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 667f9805c..07a6a6813 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile @@ -58,3 +58,5 @@ dbus-user filter dbus-user.own com.github.phase1geo.minder dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/com.github.tchx84.Flatseal.profile b/etc/profile-a-l/com.github.tchx84.Flatseal.profile index 20236c161..fd4494e92 100644 --- a/etc/profile-a-l/com.github.tchx84.Flatseal.profile +++ b/etc/profile-a-l/com.github.tchx84.Flatseal.profile @@ -62,3 +62,4 @@ dbus-user.talk org.gnome.Software dbus-system none read-write ${HOME}/.local/share/flatpak/overrides +restrict-namespaces diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 38edf0d21..6486990f5 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile @@ -34,3 +34,5 @@ protocol unix,inet,inet6 seccomp disable-mnt + +restrict-namespaces diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index 49a0a40ff..39e6d3cf9 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile @@ -43,3 +43,4 @@ private-dev private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 41b9f79a1..1774669f1 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile @@ -35,3 +35,4 @@ private-bin corebird private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 2245903a4..e896f3537 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile @@ -46,3 +46,4 @@ private-tmp memory-deny-write-execute read-only ${HOME}/.config/cower/config +restrict-namespaces diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 24a149c5f..793de8ab4 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile @@ -46,3 +46,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index 7928dd93c..7df7b4480 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index ba0dfb1a6..842191f3f 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile @@ -43,3 +43,4 @@ private-opt none private-tmp private-srv none +restrict-namespaces diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 3fa6ab764..3e5878574 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index a3a16fa0c..63d89ec36 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile @@ -53,3 +53,4 @@ private-etc alternatives,dbus-1,fonts,ld.so.cache,ld.so.preload,machine-id private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 20d5657eb..f871b80aa 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile @@ -41,3 +41,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 95f24a0ad..b259c7e93 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile @@ -56,3 +56,4 @@ private-tmp memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 110c9f58e..876e637b2 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile @@ -50,3 +50,5 @@ dbus-user filter dbus-user.own ca.desrt.dconf-editor dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index 56583838e..5136445da 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile @@ -50,3 +50,4 @@ private-lib private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index be1f2eece..8ea5d178e 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index 205424a62..4eb89503a 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile @@ -32,3 +32,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile index 397a89bee..a10bbab5b 100644 --- a/etc/profile-a-l/default.profile +++ b/etc/profile-a-l/default.profile @@ -60,4 +60,4 @@ seccomp # deterministic-shutdown # memory-deny-write-execute # read-only ${HOME} -# restrict-namespaces +restrict-namespaces diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index d8a27da62..ebc751e1a 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile @@ -43,3 +43,5 @@ seccomp private-bin deluge,deluge-console,deluge-gtk,deluge-web,deluged,python*,sh,uname private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 2b03f0ea0..71579905e 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 42318527c..ef31fc3eb 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile @@ -50,3 +50,4 @@ private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 4b4bfbc5f..0579547af 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile @@ -56,3 +56,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/dex2jar.profile b/etc/profile-a-l/dex2jar.profile index 0908c16f1..b71387b2f 100644 --- a/etc/profile-a-l/dex2jar.profile +++ b/etc/profile-a-l/dex2jar.profile @@ -39,3 +39,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 30db25ee9..efcdb7ce4 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile @@ -54,3 +54,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index a6de5e05e..048b92800 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index c1f0e3a14..05f0dfba8 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile @@ -43,3 +43,5 @@ private-tmp # dbus-user none # dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 19b99b5fd..c7cecf23e 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile @@ -37,3 +37,4 @@ private-dev private-tmp deterministic-shutdown +restrict-namespaces diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index 6802c7eed..1f7134ff2 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile @@ -53,3 +53,5 @@ dbus-user.talk org.freedesktop.Notifications dbus-system filter # Integration with systemd-logind or elogind dbus-system.talk org.freedesktop.login1 + +restrict-namespaces diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 6e8e30bfe..15f6e441d 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index 0efebd9a6..0d52805b7 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile @@ -51,3 +51,4 @@ dbus-system none # mdwe can break modules/plugins memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 13efd2fa8..40ccab8c7 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile @@ -40,3 +40,5 @@ private private-dev private-tmp writable-var + +restrict-namespaces diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index b8a29beb7..acaf2e021 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile @@ -60,3 +60,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 427d70e97..6e8d32848 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile @@ -38,3 +38,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 845277396..1edbb7ca0 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 14c5e7155..742385855 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile @@ -39,3 +39,4 @@ private-bin dragon private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index b533ad590..9d9fa291b 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile @@ -51,3 +51,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - breaks on Arch +# restrict-namespaces diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index ffbd06cb6..bd6fb6dcc 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index 5d83485d2..4fdf1bbfe 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile @@ -46,3 +46,4 @@ private-dev private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 9db24f5a3..920eb7697 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile @@ -53,3 +53,4 @@ private-tmp # dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad3a38bfa..78a996f71 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile @@ -51,3 +51,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 7e9be653d..5b44f4ccd 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile @@ -30,3 +30,4 @@ seccomp read-write ${HOME}/.emacs read-write ${HOME}/.emacs.d +restrict-namespaces diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 89c44bf76..86fb27514 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile @@ -81,3 +81,4 @@ dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini read-only ${HOME}/.signature +restrict-namespaces diff --git a/etc/profile-a-l/empathy.profile b/etc/profile-a-l/empathy.profile index 5ca640d30..9a128d7af 100644 --- a/etc/profile-a-l/empathy.profile +++ b/etc/profile-a-l/empathy.profile @@ -24,3 +24,5 @@ seccomp private-cache private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index d9abe52b0..37a6c088b 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile @@ -55,3 +55,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/engrampa.profile b/etc/profile-a-l/engrampa.profile index 37eb21546..1118c3bf0 100644 --- a/etc/profile-a-l/engrampa.profile +++ b/etc/profile-a-l/engrampa.profile @@ -38,3 +38,5 @@ private-dev dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index 2d3367255..45a1125b4 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile @@ -59,3 +59,4 @@ private-opt Enpass private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index f25f2a291..83abb551e 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile @@ -49,3 +49,5 @@ private-dev private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload private-lib eog,eom,gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.* private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 37b7fdf11..adda53660 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile @@ -61,3 +61,5 @@ private-tmp # breaks preferences # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index 225811226..a8d00d045 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile @@ -34,3 +34,5 @@ nonewprivs notv protocol unix,inet,inet6 seccomp + +restrict-namespaces diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 60d50a7fa..2fe0a4af4 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile @@ -60,3 +60,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index 8fa6cd3b4..7d27f12c9 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile @@ -53,3 +53,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index eec9f86db..95115d484 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile @@ -64,3 +64,5 @@ dbus-user.talk ca.desrt.dconf dbus-user.talk org.gtk.vfs.Daemon dbus-user.talk org.gtk.vfs.Metadata dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 6f959df6e..517bb6206 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile @@ -43,3 +43,5 @@ seccomp private-dev private-tmp writable-var + +restrict-namespaces diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index dd5e32f49..45331487c 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 321cb0145..2daf1ff15 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile @@ -53,3 +53,5 @@ private-tmp # dbus-user filter # dbus-user.own org.kde.Falkon dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 5679f7cc1..434371aee 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile @@ -36,3 +36,5 @@ seccomp private-bin fbreader,FBReader private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index ee775566e..248cb5b49 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile @@ -47,3 +47,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so. private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 83de90908..6aa24cc86 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile @@ -56,3 +56,5 @@ dbus-user.talk org.freedesktop.secrets #dbus-user.talk org.freedesktop.Notifications #dbus-user.talk org.gnome.OnlineAccounts dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile index 9b0262f5b..be5ab8627 100644 --- a/etc/profile-a-l/feh.profile +++ b/etc/profile-a-l/feh.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index e11baa536..3a044542f 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile @@ -44,3 +44,5 @@ seccomp !chroot disable-mnt private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index cb01fc5dd..ea90239e0 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile @@ -31,3 +31,5 @@ seccomp #private-bin bash,chmod,fetchmail,procmail private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 42de048d7..160f26f78 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none # memory-deny-write-execute - it breaks old versions of ffmpeg +restrict-namespaces diff --git a/etc/profile-a-l/file-manager-common.profile b/etc/profile-a-l/file-manager-common.profile index 9ab7e36d3..bf8475758 100644 --- a/etc/profile-a-l/file-manager-common.profile +++ b/etc/profile-a-l/file-manager-common.profile @@ -49,3 +49,5 @@ private-dev #dbus-user none #dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 06744cdd3..ef4e0e117 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile @@ -46,3 +46,5 @@ private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.preload,xdg # private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index bcb2abc8b..a5fd05bc7 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile @@ -44,3 +44,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index 273e6180c..e80a875f1 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile @@ -41,3 +41,5 @@ seccomp private-bin bash,filezilla,fzputtygen,fzsftp,lsb_release,python*,sh,uname,zsh private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 491ce2eeb..13313cb67 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile @@ -68,3 +68,5 @@ blacklist ${PATH}/wget2 # Gnome connector, KDE connect and power management on KDE Plasma. dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index d5034ef8e..0984055a3 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile @@ -65,3 +65,5 @@ dbus-user.talk org.kde.KWin ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher ?ALLOW_TRAY: dbus-user.own org.kde.* dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index 4bb1b2a71..740dc153f 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile @@ -35,3 +35,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 1210f365c..2ae87be48 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile @@ -16,3 +16,4 @@ noroot protocol unix,inet,inet6 seccomp +restrict-namespaces diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index fcd4afa44..88ae56c82 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile @@ -54,3 +54,4 @@ private-dev private-tmp #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index f18250fdb..756ca4fae 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile @@ -38,3 +38,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 796081ece..a614d7d9f 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile @@ -55,3 +55,5 @@ dbus-user.talk ca.desrt.dconf dbus-user.talk org.freedesktop.Notifications dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 4a2e13d89..e21789d73 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile @@ -44,3 +44,5 @@ seccomp !chroot disable-mnt private-dev private-tmp + +# restrict-namespaces diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index e0330b52a..53315c249 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 1690f6eb9..0788acce1 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 3092e830a..f1b2ffcb7 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index c3f32de03..ae5843f7f 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile @@ -50,3 +50,5 @@ private-srv none dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/freshclam.profile b/etc/profile-a-l/freshclam.profile index ab6877de8..133d66f0d 100644 --- a/etc/profile-a-l/freshclam.profile +++ b/etc/profile-a-l/freshclam.profile @@ -33,3 +33,4 @@ writable-var writable-var-log memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index 521d50b3b..067fe3caa 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index bb60d98a5..86a8a8fc6 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile index 15b68eb08..f448ab932 100644 --- a/etc/profile-a-l/ftp.profile +++ b/etc/profile-a-l/ftp.profile @@ -51,3 +51,4 @@ dbus-system none memory-deny-write-execute noexec ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index ee4226852..8ca349d1c 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile @@ -52,3 +52,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 3d4d4b4e7..d4d578dd4 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile @@ -75,4 +75,5 @@ dbus-system.talk org.freedesktop.login1 # Add the next line to your gajim.local to enable location plugin support. #dbus-system.talk org.freedesktop.GeoClue2 +restrict-namespaces join-or-start gajim diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 95afc8020..0fba8ac07 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none #memory-deny-write-execute - breaks on Arch (see issue #1803) +restrict-namespaces diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 6fac9affc..106e0eda6 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile @@ -70,3 +70,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 60fac668e..313b34a53 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile @@ -40,3 +40,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 33441ac0e..5b434342b 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile @@ -58,3 +58,4 @@ private-lib GConf,libpython*,python2* private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile index 783183bea..4eb94edf4 100644 --- a/etc/profile-a-l/gdu.profile +++ b/etc/profile-a-l/gdu.profile @@ -37,6 +37,7 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces # gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features. # Depending on workflow and use case the sandbox can be hardened by adding the diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 021abefb3..ec1d68e0d 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile @@ -32,3 +32,5 @@ seccomp private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index cc2119f2a..ad9b45b57 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile @@ -91,3 +91,4 @@ dbus-user.talk org.gnome.evolution.dataserver.Sources5 dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 28a79b646..dbb3ab971 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile @@ -49,3 +49,5 @@ private-tmp # makes settings immutable # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/geekbench.profile b/etc/profile-a-l/geekbench.profile index 19ac4e026..cda47a7e9 100644 --- a/etc/profile-a-l/geekbench.profile +++ b/etc/profile-a-l/geekbench.profile @@ -55,3 +55,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.geekbench5 +restrict-namespaces diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index 268c3b334..95adc6840 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile @@ -34,3 +34,5 @@ seccomp # private-bin geeqie private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 7b42fadd1..d3d49433b 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile @@ -67,3 +67,5 @@ dbus-user filter dbus-user.own org.gabmus.gfeeds dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index b40c96e5b..02c4f9509 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index e908e5cd9..9c719ddb1 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile @@ -56,3 +56,5 @@ private-tmp dbus-user filter dbus-system none + +#restrict-namespaces diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index 400c8c54f..083b85a91 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile @@ -63,3 +63,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index ffd1b1f13..d315619b7 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile @@ -58,3 +58,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 6c6a0bfd4..2f7068d68 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile @@ -84,3 +84,5 @@ read-only ${HOME}/.git-credentials # Add 'ignore read-only ${HOME}/.ssh' to your git-cola.local if you need to allow hosts. read-only ${HOME}/.ssh + +restrict-namespaces diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index 76636cc03..78d6cb2a1 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile @@ -65,3 +65,4 @@ private-cache private-dev memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 4c4ddd2d2..85f08d52e 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile @@ -61,3 +61,5 @@ dbus-user.talk ca.desrt.dconf # Add the next line to your gitg.local if you need keyring access. #dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 012bc6159..0f9ed9592 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile @@ -41,3 +41,4 @@ private-opt Gitter private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index 9bdbd0e37..bd332a6d5 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile @@ -42,3 +42,5 @@ tracelog private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index 311d7f127..92ba70113 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index 162d292f8..d61b566d8 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 5e823a5a8..46553d457 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile @@ -34,3 +34,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index edd2cd9ee..d4e4caebe 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile @@ -51,3 +51,4 @@ writable-run-user # dbus-system none # memory-deny-write-execute - breaks on Arch +restrict-namespaces diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 0c19faab3..812923b2d 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile @@ -43,3 +43,4 @@ tracelog private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index fe3a392b4..e171224c0 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile @@ -37,3 +37,4 @@ seccomp private-dev read-write ${HOME}/.bash_history +restrict-namespaces diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile index 11fdb9828..3926146ff 100644 --- a/etc/profile-a-l/gnome-calculator.profile +++ b/etc/profile-a-l/gnome-calculator.profile @@ -52,3 +52,5 @@ dbus-user filter dbus-user.own org.gnome.Calculator dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index 482992778..b0d3f1d34 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile @@ -60,3 +60,4 @@ dbus-system filter #dbus-system.talk org.freedesktop.GeoClue2 read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index af5b61fe6..2e11f335b 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile @@ -56,3 +56,4 @@ private-tmp # dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 815ede80b..78bd54b64 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile @@ -51,3 +51,5 @@ private-cache private-dev private-etc alternatives,dconf,fonts,gnome-chess,gtk-3.0,ld.so.cache,ld.so.preload private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index cc8f3fea0..8af9870bf 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile @@ -44,3 +44,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,pkcs11,pki,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index f96f750dd..2326115c3 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile @@ -38,3 +38,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 24fa9721a..c8af97a61 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile @@ -41,3 +41,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-font-viewer.profile b/etc/profile-a-l/gnome-font-viewer.profile index 294729152..17d266537 100644 --- a/etc/profile-a-l/gnome-font-viewer.profile +++ b/etc/profile-a-l/gnome-font-viewer.profile @@ -35,3 +35,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index f734f23bd..f0493c645 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile @@ -49,3 +49,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.cache/mesa_shader_cache +restrict-namespaces diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 5f9679cc7..45b6fd880 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile @@ -59,3 +59,4 @@ private-tmp dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 105996b38..43e0a1ec1 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile @@ -50,3 +50,5 @@ private-dev private-etc alternatives,dconf,fonts,gtk-3.0,latexmk.conf,ld.so.cache,ld.so.preload,login.defs,passwd,texlive dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index f93d9ca24..b619b0f27 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile @@ -51,3 +51,4 @@ dbus-system none # Add 'ignore read-only ${HOME}' to your gnome-logs.local if you export logs to a file under your ${HOME}. read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 2f5e033ad..d14b2a5a1 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile @@ -73,3 +73,5 @@ dbus-user.own org.gnome.Maps dbus-system filter #dbus-system.talk org.freedesktop.NetworkManager dbus-system.talk org.freedesktop.GeoClue2 + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 444f6ed34..052e9ba9c 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile @@ -31,3 +31,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 8c2ff90ea..ec033dbf0 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile @@ -44,3 +44,4 @@ private-dev private-etc alternatives,asound.conf,dconf,fonts,fonts,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,pulse,selinux,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index abf3dd759..ce4e5edd8 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +#restrict-namespaces diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index bd39ab0c9..0d7fb2de8 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile @@ -59,3 +59,5 @@ dbus-user filter dbus-user.own org.gnome.PasswordSafe dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 5c848d0af..1d0291aa2 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile @@ -40,3 +40,4 @@ tracelog private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 0086edab0..6d90773aa 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile @@ -38,3 +38,4 @@ private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.s private-tmp memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index e4120743a..fb019227f 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile @@ -56,3 +56,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.local/share/gnome-pomodoro +restrict-namespaces diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 483783195..75f3199e2 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile @@ -50,3 +50,4 @@ private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so private-lib gdk-pixbuf-2.0,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,libgnutls.so.*,libjpeg.so.*,libp11-kit.so.*,libproxy.so.*,librsvg-2.so.* private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 44c608e8c..8f2ab7fd6 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile @@ -30,3 +30,4 @@ disable-mnt # private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 415d8eb04..b71d77621 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile @@ -61,4 +61,3 @@ disable-mnt private-cache private-dev writable-var - diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 95e1309ad..74238a109 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile @@ -48,3 +48,5 @@ dbus-user filter dbus-user.own org.gnome.Screenshot dbus-user.talk org.gnome.Shell.Screenshot dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 0faf17c2f..d07bd80a7 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile @@ -41,3 +41,5 @@ private-cache private-dev private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.preload,machine-id,openal,pango,pulse,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index ae2f79e35..4c74c0a61 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile @@ -53,3 +53,4 @@ writable-var-log memory-deny-write-execute # Add 'ignore read-only ${HOME}' to your gnome-system-log.local if you export logs to a file under your ${HOME}. read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 097a4d5aa..ae7ea83d8 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile @@ -61,3 +61,4 @@ dbus-system none #dbus-system.talk org.freedesktop.login1 read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index 3b9e44f66..dfeeff950 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile @@ -37,3 +37,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index ddffb8942..147b84a19 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile @@ -46,3 +46,4 @@ private-dev # private-etc alternatives,ca-certificates,crypto-policies,fonts,pki,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gnome_games-common.profile b/etc/profile-a-l/gnome_games-common.profile index bd20bb2bc..c9145d78e 100644 --- a/etc/profile-a-l/gnome_games-common.profile +++ b/etc/profile-a-l/gnome_games-common.profile @@ -46,3 +46,5 @@ private-tmp dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index 9df2f06a4..d7944ae24 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile @@ -57,3 +57,5 @@ dbus-user filter dbus-user.own org.gnome.Gnote dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index bc69f4729..bdbcf9baf 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile @@ -47,3 +47,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 57ad9bedc..36a2cae07 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/goldendict.profile b/etc/profile-a-l/goldendict.profile index c1119dcb0..327648cd1 100644 --- a/etc/profile-a-l/goldendict.profile +++ b/etc/profile-a-l/goldendict.profile @@ -55,3 +55,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 1eaa68c1d..8807a239d 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile @@ -32,3 +32,5 @@ tracelog private-dev # private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl # private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 71e41b289..4af6ce36b 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile @@ -39,3 +39,4 @@ private-bin bash,dirname,google-earth,grep,ls,sed,sh private-dev private-opt google +restrict-namespaces diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index b84ae83b7..c2a7d89fd 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile @@ -39,3 +39,5 @@ seccomp disable-mnt private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 74cfd5b89..da7c24581 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile @@ -58,3 +58,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 40c3b434d..e05cdf424 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile @@ -30,3 +30,5 @@ tracelog # private-bin gpa,gpg private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 78546f547..848960f5f 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile @@ -49,3 +49,5 @@ tracelog # private-bin gpg-agent,gpg private-cache private-dev + +restrict-namespaces diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index bc4fb060b..250c9c396 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile @@ -51,3 +51,4 @@ private-dev # installing/upgrading archlinux-keyring extremely slow. read-write /etc/pacman.d/gnupg read-write /usr/share/pacman/keyrings +restrict-namespaces diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 937ef14fe..1012f5774 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile @@ -48,3 +48,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 628205015..53a6f94e2 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile @@ -38,3 +38,4 @@ private-dev private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,pki,resolv.conf,ssl private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 8ff0d92bb..368482fa3 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile @@ -52,3 +52,5 @@ dbus-user.own de.haeckerfelix.gradio dbus-user.own org.mpris.MediaPlayer2.gradio dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index 6d9c54967..5073e79c9 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index ab0915cd6..02a49134c 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile @@ -44,3 +44,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index b9e3d8e25..9654f0ffc 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile @@ -34,3 +34,5 @@ private-bin gthumb private-cache private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index 793fb0440..5fd92fd4f 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile @@ -53,3 +53,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 594c99863..35ce2816b 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile @@ -32,3 +32,4 @@ private-bin guayadeque private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/gucharmap.profile b/etc/profile-a-l/gucharmap.profile index 774652fd5..68b78ec62 100644 --- a/etc/profile-a-l/gucharmap.profile +++ b/etc/profile-a-l/gucharmap.profile @@ -51,3 +51,4 @@ private-tmp # dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index e8f64e4e0..db307e940 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile @@ -52,3 +52,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 93af4d1f8..8f7f74e0d 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile @@ -52,3 +52,4 @@ private-etc alternatives,fonts,gimp,gtk-2.0,kde4rc,kde5rc,ld.so.cache,ld.so.prel # dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 1f13232f2..488665154 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile @@ -36,3 +36,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index 8d665ce68..e5b0a06af 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile @@ -43,3 +43,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index a1a491ca1..fd8246aae 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile @@ -56,3 +56,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index 9c6f162c6..2de09ea93 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile @@ -35,3 +35,5 @@ tracelog disable-mnt private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index c730187a9..df7f8f3a3 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile @@ -55,3 +55,4 @@ private-dev private-tmp # memory-deny-write-execute - breaks python +restrict-namespaces diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 04a603794..d77f49ce0 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index cf06b397f..91b73e8e9 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile @@ -56,3 +56,4 @@ dbus-user none dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 22a3ecf51..09af8f0f5 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile @@ -49,3 +49,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index d4587a303..c4085cf9c 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 8fd80564a..13dc06ecc 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index c131381c8..757af67b0 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile @@ -69,3 +69,5 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,dconf,group,hostname,hosts,i2p,java-10-openjdk,java-11-openjdk,java-12-openjdk,java-13-openjdk,java-8-openjdk,java-9-openjdk,java-openjdk,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,resolv.conf,ssl private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index e96b1843c..a0c3f2d97 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile @@ -16,3 +16,4 @@ noroot protocol unix,inet,inet6 seccomp +restrict-namespaces diff --git a/etc/profile-a-l/iagno.profile b/etc/profile-a-l/iagno.profile index 727dabb77..e16f3f1d5 100644 --- a/etc/profile-a-l/iagno.profile +++ b/etc/profile-a-l/iagno.profile @@ -37,3 +37,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 0d976222f..31f65962f 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile @@ -39,3 +39,4 @@ private-dev # private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 29aeb006b..60e97b24c 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile @@ -38,3 +38,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index 889e4ba65..ee341423a 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile @@ -50,3 +50,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index 7306de4b3..d9a256c11 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile @@ -54,3 +54,4 @@ dbus-system none read-only ${HOME} read-write ${HOME}/.cache/mesa_shader_cache +restrict-namespaces diff --git a/etc/profile-a-l/imv.profile b/etc/profile-a-l/imv.profile index 43085bb9b..94333a610 100644 --- a/etc/profile-a-l/imv.profile +++ b/etc/profile-a-l/imv.profile @@ -54,3 +54,4 @@ dbus-user none dbus-system none read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index d461add95..1034c225f 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile @@ -60,3 +60,4 @@ dbus-user none dbus-system none # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/io.github.lainsce.Notejot.profile b/etc/profile-a-l/io.github.lainsce.Notejot.profile index 483772a1e..cb2f30350 100644 --- a/etc/profile-a-l/io.github.lainsce.Notejot.profile +++ b/etc/profile-a-l/io.github.lainsce.Notejot.profile @@ -57,3 +57,5 @@ dbus-user filter dbus-user.own io.github.lainsce.Notejot dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/ipcalc.profile b/etc/profile-a-l/ipcalc.profile index cdf78ea94..983c31bcb 100644 --- a/etc/profile-a-l/ipcalc.profile +++ b/etc/profile-a-l/ipcalc.profile @@ -59,3 +59,4 @@ dbus-system none # memory-deny-write-execute # read-only ${HOME} +restrict-namespaces diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index 85ea915c7..1c4ddebdb 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile @@ -39,3 +39,4 @@ private-dev private-tmp noexec /tmp +restrict-namespaces diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index fc1f7e42c..5fe484029 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile @@ -39,3 +39,4 @@ private-dev private-tmp env QT_QPA_PLATFORM=xcb +restrict-namespaces diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 628a646c2..e34b3e676 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile @@ -41,3 +41,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index f55305a08..3136b412e 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile @@ -40,3 +40,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 23f7b720d..c0bda1cbf 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile @@ -28,3 +28,5 @@ tracelog disable-mnt private-cache private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index dee252281..66d63283a 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index a98f09d7d..81d4f3458 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile @@ -35,3 +35,5 @@ novideo private-dev # private-tmp + +# restrict-namespaces - breaks privileged helpers diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index 8dba3b4e9..73417bf11 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile @@ -40,3 +40,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 6331e3990..bde52f30e 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile @@ -46,3 +46,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index dc6e58c99..152f73d5d 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile @@ -60,4 +60,5 @@ private-tmp # dbus-user none # dbus-system none +restrict-namespaces join-or-start kate diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 61802383d..c01000af1 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile @@ -52,3 +52,5 @@ private-etc alsa,alternatives,asound.conf,dconf,fonts,gtk-2.0,gtk-3.0,ld.so.cach private-tmp dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index 6e1de1abd..ea56f2d39 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile @@ -67,3 +67,4 @@ dbus-user none dbus-system none #memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kdeinit4.profile b/etc/profile-a-l/kdeinit4.profile index 8b02142c3..2f426e191 100644 --- a/etc/profile-a-l/kdeinit4.profile +++ b/etc/profile-a-l/kdeinit4.profile @@ -34,3 +34,4 @@ private-bin kbuildsycoca4,kded4,kdeinit4,knotify4 private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index 872e6d9aa..d4933d816 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile @@ -38,3 +38,5 @@ private-dev # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 947e35750..e0b3eadfd 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile @@ -55,3 +55,5 @@ private-dev dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index db3bbd76f..648ed95cf 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile @@ -43,3 +43,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index c8b895fc2..935fe3933 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile @@ -47,3 +47,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 827951071..80374690c 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile @@ -106,5 +106,7 @@ dbus-user.talk org.xfce.ScreenSaver dbus-system filter dbus-system.talk org.freedesktop.login1 +restrict-namespaces + # Mutex is stored in /tmp by default, which is broken by private-tmp. join-or-start keepassxc diff --git a/etc/profile-a-l/kfind.profile b/etc/profile-a-l/kfind.profile index dee84482f..c70030a38 100644 --- a/etc/profile-a-l/kfind.profile +++ b/etc/profile-a-l/kfind.profile @@ -44,3 +44,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 9b6646725..dd45c1889 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile @@ -41,3 +41,4 @@ private-dev private-tmp # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 637b00c35..424fb006e 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile @@ -45,3 +45,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 2df907376..a4c8486e1 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile @@ -34,3 +34,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 1c50ad2ea..5a028aeea 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile @@ -48,3 +48,5 @@ private-tmp dbus-user none dbus-system none + +# restrict-namespaces diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c7b5123d2..0c2d171b9 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile @@ -42,3 +42,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index 4b8c9e414..0785b904d 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile @@ -51,3 +51,5 @@ private-srv none dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 1bbc141e8..9724f4963 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile @@ -62,3 +62,5 @@ private-dev # private-tmp - interrupts connection to akonadi, breaks opening of email attachments # writable-run-user is needed for signing and encrypting emails writable-run-user + +# restrict-namespaces diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index 135e8f3ad..992b312ee 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile @@ -38,3 +38,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b78d9c474..474a10a31 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile @@ -51,3 +51,5 @@ tracelog private-dev private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 875d0ef76..e4781fea3 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile @@ -43,3 +43,4 @@ private-dev private-tmp # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 9e75b03eb..91030f453 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile @@ -37,3 +37,4 @@ private-dev private-tmp writable-var +restrict-namespaces diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 70d721e9f..a04376430 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile @@ -48,3 +48,5 @@ private-tmp # dbus-user none # dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 96eb6978d..27feccf40 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile @@ -35,3 +35,5 @@ protocol unix,inet,inet6 seccomp # private-cache + +restrict-namespaces diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index cb06dd38f..da267b962 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile @@ -67,3 +67,4 @@ private-tmp deterministic-shutdown # memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 086a4500a..68ef6111a 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile @@ -50,3 +50,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 176c78515..0cdfe4f10 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile @@ -78,3 +78,4 @@ dbus-user.talk org.freedesktop.Notifications dbus-system none read-only ${HOME}/.mozilla/firefox/profiles.ini +restrict-namespaces diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index c3b2a1205..7ecf26d8e 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile @@ -44,3 +44,5 @@ private-bin kwin_x11 private-dev private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,ld.so.preload,machine-id,xdg private-tmp + +restrict-namespaces diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 1883d7c86..18a024c7e 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile @@ -52,4 +52,5 @@ private-tmp # dbus-user none # dbus-system none +restrict-namespaces join-or-start kwrite diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index f6c28fafa..f1e1a897b 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile @@ -38,3 +38,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index ce62b8d5c..27b27a20b 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile @@ -38,3 +38,4 @@ private-dev private-lib private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 24d6261fb..6efe23ade 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile @@ -48,3 +48,4 @@ dbus-system none memory-deny-write-execute read-only ${HOME} read-write ${HOME}/.lesshst +restrict-namespaces diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index 00447c6c1..40ec7b9c6 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile @@ -47,3 +47,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index e25eaa2e9..518928876 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile @@ -54,4 +54,5 @@ private-tmp dbus-system none +restrict-namespaces join-or-start libreoffice diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile index 280669b24..025156d2d 100644 --- a/etc/profile-a-l/lifeograph.profile +++ b/etc/profile-a-l/lifeograph.profile @@ -54,3 +54,5 @@ private-tmp dbus-user filter dbus-user.talk ca.desrt.dconf dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 75aac74d1..b0e9015ee 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile @@ -59,3 +59,5 @@ dbus-user.talk ca.desrt.dconf # Add the next line to your liferea.local if you use the 'Libsecret Support' plugin. #dbus-user.talk org.freedesktop.secrets dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 79eca0a6f..d81e21636 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile @@ -45,3 +45,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 4eec03855..22a4a2a2a 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile @@ -59,3 +59,4 @@ dbus-user none dbus-system none memory-deny-write-execute +restrict-namespaces diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index e375f0c13..2273ed560 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile @@ -47,3 +47,4 @@ disable-mnt private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index b4582c4f5..35fca733a 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile @@ -37,3 +37,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index 3108900ef..78b78662b 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile @@ -39,3 +39,4 @@ private-dev private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl,xdg private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 2b61f4d48..f6436d93d 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile @@ -49,3 +49,5 @@ private-tmp dbus-user none dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index b7280b61c..4a8352831 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile @@ -36,3 +36,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80cecd056..2658c5373 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile @@ -80,3 +80,5 @@ dbus-user filter dbus-user.own net.lutris.Lutris dbus-user.talk com.feralinteractive.GameMode dbus-system none + +restrict-namespaces diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index d8485ba65..589f1cf6b 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile @@ -35,3 +35,4 @@ private-cache private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index a5fc967be..1ecf3c9d7 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile @@ -37,3 +37,4 @@ seccomp private-dev private-tmp +restrict-namespaces diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index 02a9f8d82..caf8de104 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile @@ -39,3 +39,5 @@ private-cache private-dev # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl private-tmp + +restrict-namespaces -- cgit v1.2.3-54-g00ecf